diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-07-12 14:07:37 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-07-17 10:29:26 +0000 |
| commit | ec02ee4181c49b61fce1c8fb99292dbb8139cc90 (patch) | |
| tree | 25cde714b2b71eb639d1cd53f5a22e9ba76e14ef /chromium/net | |
| parent | bb09965444b5bb20b096a291445170876225268d (diff) | |
| download | qtwebengine-chromium-ec02ee4181c49b61fce1c8fb99292dbb8139cc90.tar.gz | |
BASELINE: Update Chromium to 59.0.3071.134
Change-Id: Id02ef6fb2204c5fd21668a1c3e6911c83b17585a
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Diffstat (limited to 'chromium/net')
1144 files changed, 42050 insertions, 22246 deletions
diff --git a/chromium/net/BUILD.gn b/chromium/net/BUILD.gn index af14d0fbd7d..de32d2d0b06 100644 --- a/chromium/net/BUILD.gn +++ b/chromium/net/BUILD.gn @@ -37,6 +37,12 @@ posix_avoid_mmap = is_android && current_cpu != "x86" use_v8_in_net = !is_ios && !is_proto_quic enable_built_in_dns = !is_ios && !is_proto_quic +# True if certificates are represented with DER byte buffers. This can be true +# in addition to use_openssl_certs or use_nss_certs, in that case byte certs +# are used internally but OpenSSL or NSS are used for certificate verification. +# TODO(mattm): crbug.com/671420: Implement and enable this for all platforms. +use_byte_certs = is_mac || is_android + buildflag_header("features") { header = "net_features.h" flags = [ @@ -45,6 +51,7 @@ buildflag_header("features") { "DISABLE_FTP_SUPPORT=$disable_ftp_support", "ENABLE_MDNS=$enable_mdns", "ENABLE_WEBSOCKETS=$enable_websockets", + "USE_BYTE_CERTS=$use_byte_certs", ] } @@ -99,8 +106,6 @@ component("net") { "base/address_family.h", "base/address_list.cc", "base/address_list.h", - "base/arena.cc", - "base/arena.h", "base/auth.cc", "base/auth.h", "base/completion_callback.h", @@ -118,7 +123,6 @@ component("net") { "base/ip_address.h", "base/ip_endpoint.cc", "base/ip_endpoint.h", - "base/linked_hash_map.h", "base/load_timing_info.cc", "base/load_timing_info.h", "base/lookup_string_in_fixed_set.cc", @@ -135,10 +139,12 @@ component("net") { "base/network_interfaces.cc", "base/network_interfaces.h", "base/network_interfaces_posix.cc", + "base/network_interfaces_posix.h", "base/parse_number.cc", "base/parse_number.h", "base/port_util.cc", "base/port_util.h", + "base/privacy_mode.h", "base/rand_callback.h", "base/registry_controlled_domains/registry_controlled_domain.cc", "base/registry_controlled_domains/registry_controlled_domain.h", @@ -156,6 +162,7 @@ component("net") { "cert/cert_database_openssl.cc", "cert/cert_status_flags.cc", "cert/cert_status_flags.h", + "cert/cert_status_flags_list.h", "cert/cert_verifier.cc", "cert/cert_verifier.h", "cert/cert_verify_result.cc", @@ -178,8 +185,6 @@ component("net") { "cert/internal/cert_error_id.h", "cert/internal/cert_error_params.cc", "cert/internal/cert_error_params.h", - "cert/internal/cert_error_scoper.cc", - "cert/internal/cert_error_scoper.h", "cert/internal/cert_errors.cc", "cert/internal/cert_errors.h", "cert/internal/cert_issuer_source.h", @@ -275,21 +280,26 @@ component("net") { "http/http_response_info.h", "http/http_security_headers.cc", "http/http_security_headers.h", + "http/http_status_code_list", "http/http_util.cc", "http/http_util.h", "http/http_vary_data.cc", "http/http_vary_data.h", "http/transport_security_state.cc", "http/transport_security_state.h", + "http/transport_security_state_source.h", "log/net_log.cc", "log/net_log.h", "log/net_log_capture_mode.cc", "log/net_log_capture_mode.h", "log/net_log_entry.cc", "log/net_log_entry.h", + "log/net_log_event_type.h", "log/net_log_event_type_list.h", + "log/net_log_parameters_callback.h", "log/net_log_source.cc", "log/net_log_source.h", + "log/net_log_source_type.h", "log/net_log_source_type_list.h", "log/net_log_with_source.cc", "log/net_log_with_source.h", @@ -298,6 +308,7 @@ component("net") { "socket/connection_attempts.h", "socket/next_proto.cc", "socket/next_proto.h", + "socket/socket.cc", "socket/socket.h", "socket/socket_bio_adapter.cc", "socket/socket_bio_adapter.h", @@ -308,8 +319,6 @@ component("net") { "socket/ssl_client_socket_impl.cc", "socket/ssl_client_socket_impl.h", "socket/ssl_socket.h", - "spdy/spdy_header_block.cc", - "spdy/spdy_header_block.h", "ssl/channel_id_service.cc", "ssl/channel_id_service.h", "ssl/channel_id_store.cc", @@ -390,6 +399,8 @@ component("net") { "android/traffic_stats.h", "base/address_tracker_linux.cc", "base/address_tracker_linux.h", + "base/arena.cc", + "base/arena.h", "base/backoff_entry.cc", "base/backoff_entry.h", "base/backoff_entry_serializer.cc", @@ -397,9 +408,6 @@ component("net") { "base/cache_type.h", "base/chunked_upload_data_stream.cc", "base/chunked_upload_data_stream.h", - "base/crypto_module.h", - "base/crypto_module_nss.cc", - "base/crypto_module_openssl.cc", "base/data_url.cc", "base/data_url.h", "base/elements_upload_data_stream.cc", @@ -424,6 +432,7 @@ component("net") { "base/ip_pattern.h", "base/layered_network_delegate.cc", "base/layered_network_delegate.h", + "base/linked_hash_map.h", "base/load_flags.h", "base/load_flags_list.h", "base/load_states.h", @@ -456,8 +465,11 @@ component("net") { "base/network_delegate_impl.cc", "base/network_delegate_impl.h", "base/network_interfaces_linux.cc", + "base/network_interfaces_linux.h", "base/network_interfaces_mac.cc", + "base/network_interfaces_mac.h", "base/network_interfaces_win.cc", + "base/network_interfaces_win.h", "base/network_throttle_manager.h", "base/network_throttle_manager_impl.cc", "base/network_throttle_manager_impl.h", @@ -512,6 +524,8 @@ component("net") { "cert/cert_verify_proc.h", "cert/cert_verify_proc_android.cc", "cert/cert_verify_proc_android.h", + "cert/cert_verify_proc_builtin.cc", + "cert/cert_verify_proc_builtin.h", "cert/cert_verify_proc_ios.cc", "cert/cert_verify_proc_ios.h", "cert/cert_verify_proc_mac.cc", @@ -578,12 +592,16 @@ component("net") { "cert/test_root_certs_win.cc", "cert/x509_cert_types_mac.cc", "cert/x509_cert_types_win.cc", + "cert/x509_certificate_bytes.cc", "cert/x509_certificate_ios.cc", + "cert/x509_certificate_known_roots_win.h", "cert/x509_certificate_mac.cc", "cert/x509_certificate_nss.cc", "cert/x509_certificate_win.cc", "cert/x509_util_android.cc", "cert/x509_util_android.h", + "cert/x509_util_ios.cc", + "cert/x509_util_ios.h", "cert/x509_util_mac.cc", "cert/x509_util_mac.h", "cert/x509_util_nss.cc", @@ -782,7 +800,6 @@ component("net") { "http/http_auth_controller.h", "http/http_auth_filter.cc", "http/http_auth_filter.h", - "http/http_auth_filter_win.h", "http/http_auth_gssapi_posix.cc", "http/http_auth_gssapi_posix.h", "http/http_auth_handler.cc", @@ -1201,8 +1218,6 @@ component("net") { "quic/core/frames/quic_mtu_discovery_frame.h", "quic/core/frames/quic_padding_frame.cc", "quic/core/frames/quic_padding_frame.h", - "quic/core/frames/quic_path_close_frame.cc", - "quic/core/frames/quic_path_close_frame.h", "quic/core/frames/quic_ping_frame.h", "quic/core/frames/quic_rst_stream_frame.cc", "quic/core/frames/quic_rst_stream_frame.h", @@ -1264,10 +1279,6 @@ component("net") { "quic/core/quic_headers_stream.cc", "quic/core/quic_headers_stream.h", "quic/core/quic_iovector.h", - "quic/core/quic_multipath_received_packet_manager.cc", - "quic/core/quic_multipath_received_packet_manager.h", - "quic/core/quic_multipath_transmissions_map.cc", - "quic/core/quic_multipath_transmissions_map.h", "quic/core/quic_one_block_arena.h", "quic/core/quic_packet_creator.cc", "quic/core/quic_packet_creator.h", @@ -1329,6 +1340,7 @@ component("net") { "quic/platform/api/quic_clock.h", "quic/platform/api/quic_containers.h", "quic/platform/api/quic_endian.h", + "quic/platform/api/quic_estimate_memory_usage.h", "quic/platform/api/quic_export.h", "quic/platform/api/quic_flag_utils.h", "quic/platform/api/quic_hostname_utils.cc", @@ -1347,6 +1359,7 @@ component("net") { "quic/platform/api/quic_socket_address.h", "quic/platform/api/quic_stack_trace.h", "quic/platform/api/quic_str_cat.h", + "quic/platform/api/quic_string_piece.h", "quic/platform/api/quic_text_utils.h", "quic/platform/api/quic_url.cc", "quic/platform/api/quic_url.h", @@ -1358,6 +1371,7 @@ component("net") { "quic/platform/impl/quic_chromium_clock.h", "quic/platform/impl/quic_containers_impl.h", "quic/platform/impl/quic_endian_impl.h", + "quic/platform/impl/quic_estimate_memory_usage_impl.h", "quic/platform/impl/quic_export_impl.h", "quic/platform/impl/quic_flag_utils_impl.h", "quic/platform/impl/quic_hostname_utils_impl.cc", @@ -1375,6 +1389,7 @@ component("net") { "quic/platform/impl/quic_socket_address_impl.h", "quic/platform/impl/quic_stack_trace_impl.h", "quic/platform/impl/quic_str_cat_impl.h", + "quic/platform/impl/quic_string_piece_impl.h", "quic/platform/impl/quic_text_utils_impl.h", "quic/platform/impl/quic_url_impl.cc", "quic/platform/impl/quic_url_impl.h", @@ -1394,6 +1409,36 @@ component("net") { "quic/quartc/quartc_stream.h", "quic/quartc/quartc_stream_interface.h", "quic/quartc/quartc_task_runner_interface.h", + "reporting/reporting_browsing_data_remover.cc", + "reporting/reporting_browsing_data_remover.h", + "reporting/reporting_cache.cc", + "reporting/reporting_cache.h", + "reporting/reporting_client.cc", + "reporting/reporting_client.h", + "reporting/reporting_context.cc", + "reporting/reporting_context.h", + "reporting/reporting_delegate.cc", + "reporting/reporting_delegate.h", + "reporting/reporting_delivery_agent.cc", + "reporting/reporting_delivery_agent.h", + "reporting/reporting_endpoint_manager.cc", + "reporting/reporting_endpoint_manager.h", + "reporting/reporting_garbage_collector.cc", + "reporting/reporting_garbage_collector.h", + "reporting/reporting_header_parser.cc", + "reporting/reporting_header_parser.h", + "reporting/reporting_observer.cc", + "reporting/reporting_observer.h", + "reporting/reporting_persister.cc", + "reporting/reporting_persister.h", + "reporting/reporting_policy.cc", + "reporting/reporting_policy.h", + "reporting/reporting_report.cc", + "reporting/reporting_report.h", + "reporting/reporting_service.cc", + "reporting/reporting_service.h", + "reporting/reporting_uploader.cc", + "reporting/reporting_uploader.h", "sdch/sdch_owner.cc", "sdch/sdch_owner.h", "socket/client_socket_factory.cc", @@ -1416,6 +1461,8 @@ component("net") { "socket/socket_descriptor.h", "socket/socket_net_log_params.cc", "socket/socket_net_log_params.h", + "socket/socket_options.cc", + "socket/socket_options.h", "socket/socket_posix.cc", "socket/socket_posix.h", "socket/socks5_client_socket.cc", @@ -1435,7 +1482,6 @@ component("net") { "socket/tcp_client_socket.h", "socket/tcp_server_socket.cc", "socket/tcp_server_socket.h", - "socket/tcp_socket.cc", "socket/tcp_socket.h", "socket/tcp_socket_posix.cc", "socket/tcp_socket_posix.h", @@ -1476,8 +1522,6 @@ component("net") { "spdy/hpack/hpack_constants.h", "spdy/hpack/hpack_decoder.cc", "spdy/hpack/hpack_decoder.h", - "spdy/hpack/hpack_decoder2.cc", - "spdy/hpack/hpack_decoder2.h", "spdy/hpack/hpack_decoder3.cc", "spdy/hpack/hpack_decoder3.h", "spdy/hpack/hpack_decoder_interface.h", @@ -1501,13 +1545,18 @@ component("net") { "spdy/http2_frame_decoder_adapter.h", "spdy/http2_priority_dependencies.cc", "spdy/http2_priority_dependencies.h", - "spdy/http2_write_scheduler.h", "spdy/multiplexed_http_stream.cc", "spdy/multiplexed_http_stream.h", "spdy/multiplexed_session.cc", "spdy/multiplexed_session.h", "spdy/platform/api/spdy_estimate_memory_usage.h", + "spdy/platform/api/spdy_string.h", + "spdy/platform/api/spdy_string_piece.h", + "spdy/platform/api/spdy_string_utils.h", "spdy/platform/impl/spdy_estimate_memory_usage_impl.h", + "spdy/platform/impl/spdy_string_impl.h", + "spdy/platform/impl/spdy_string_piece_impl.h", + "spdy/platform/impl/spdy_string_utils_impl.h", "spdy/priority_write_scheduler.h", "spdy/server_push_delegate.h", "spdy/spdy_alt_svc_wire_format.cc", @@ -1528,6 +1577,8 @@ component("net") { "spdy/spdy_framer.h", "spdy/spdy_framer_decoder_adapter.cc", "spdy/spdy_framer_decoder_adapter.h", + "spdy/spdy_header_block.cc", + "spdy/spdy_header_block.h", "spdy/spdy_header_indexing.cc", "spdy/spdy_header_indexing.h", "spdy/spdy_headers_handler_interface.h", @@ -1535,6 +1586,8 @@ component("net") { "spdy/spdy_http_stream.h", "spdy/spdy_http_utils.cc", "spdy/spdy_http_utils.h", + "spdy/spdy_log_util.cc", + "spdy/spdy_log_util.h", "spdy/spdy_pinnable_buffer_piece.cc", "spdy/spdy_pinnable_buffer_piece.h", "spdy/spdy_prefixed_buffer_reader.cc", @@ -1570,7 +1623,9 @@ component("net") { "ssl/ssl_key_logger.h", "ssl/ssl_platform_key.h", "ssl/ssl_platform_key_android.cc", + "ssl/ssl_platform_key_android.h", "ssl/ssl_platform_key_mac.cc", + "ssl/ssl_platform_key_mac.h", "ssl/ssl_platform_key_nss.cc", "ssl/ssl_platform_key_util.cc", "ssl/ssl_platform_key_util.h", @@ -1691,9 +1746,28 @@ component("net") { ] } + if (use_byte_certs) { + if (is_ios) { + sources -= [ "cert/x509_certificate_ios.cc" ] + } + if (is_mac) { + sources -= [ "cert/x509_certificate_mac.cc" ] + } + if (use_nss_certs) { + sources -= [ "cert/x509_certificate_nss.cc" ] + } + if (use_openssl_certs) { + sources -= [ "cert/x509_certificate_openssl.cc" ] + } + if (is_win) { + sources -= [ "cert/x509_certificate_win.cc" ] + } + } else { + sources -= [ "cert/x509_certificate_bytes.cc" ] + } + if (!use_openssl_certs) { sources -= [ - "base/crypto_module_openssl.cc", "cert/cert_database_openssl.cc", "cert/cert_verify_proc_openssl.cc", "cert/cert_verify_proc_openssl.h", @@ -1726,7 +1800,6 @@ component("net") { if (!use_nss_certs) { sources -= [ - "base/crypto_module_nss.cc", "cert/cert_database_nss.cc", "cert/internal/cert_issuer_source_nss.cc", "cert/internal/cert_issuer_source_nss.h", @@ -1812,12 +1885,15 @@ component("net") { "base/mac/url_conversions.h", "base/mac/url_conversions.mm", "base/network_change_notifier_mac.cc", + "base/network_change_notifier_mac.h", "base/network_config_watcher_mac.cc", + "base/network_config_watcher_mac.h", "base/network_interfaces_mac.cc", "base/network_interfaces_mac.h", "base/platform_mime_util_mac.mm", "cert/test_root_certs_mac.cc", "proxy/proxy_resolver_mac.cc", + "proxy/proxy_resolver_mac.h", "proxy/proxy_server_mac.cc", ] @@ -1966,6 +2042,7 @@ component("net") { "websockets/websocket_deflater.h", "websockets/websocket_errors.cc", "websockets/websocket_errors.h", + "websockets/websocket_event_interface.h", "websockets/websocket_extension.cc", "websockets/websocket_extension.h", "websockets/websocket_extension_parser.cc", @@ -2019,7 +2096,10 @@ component("net") { # Brotli support. if (!disable_brotli_filter) { - sources += [ "filter/brotli_source_stream.cc" ] + sources += [ + "filter/brotli_source_stream.cc", + "filter/brotli_source_stream.h", + ] deps += [ "//third_party/brotli:dec" ] } else { sources += [ "filter/brotli_source_stream_disabled.cc" ] @@ -2029,7 +2109,6 @@ component("net") { grit("net_resources") { source = "base/net_resources.grd" - use_qualified_include = true outputs = [ "grit/net_resources.h", "net_resources.pak", @@ -2389,6 +2468,7 @@ static_library("test_support") { "test/embedded_test_server/default_handlers.h", "test/embedded_test_server/embedded_test_server.cc", "test/embedded_test_server/embedded_test_server.h", + "test/embedded_test_server/embedded_test_server_connection_listener.h", "test/embedded_test_server/http_connection.cc", "test/embedded_test_server/http_connection.h", "test/embedded_test_server/http_request.cc", @@ -2664,6 +2744,7 @@ if (!is_ios && !is_android) { testonly = true sources = [ "tools/gdig/file_net_log.cc", + "tools/gdig/file_net_log.h", "tools/gdig/gdig.cc", ] deps = [ @@ -3194,11 +3275,16 @@ bundle_data("net_unittests_bundle_data") { "data/parse_certificate_unittest/extensions_real.pem", "data/parse_certificate_unittest/key_usage.pem", "data/parse_certificate_unittest/policies.pem", + "data/parse_certificate_unittest/serial_37_bytes.pem", + "data/parse_certificate_unittest/serial_negative.pem", + "data/parse_certificate_unittest/serial_zero_padded.pem", + "data/parse_certificate_unittest/serial_zero_padded_21_bytes.pem", "data/parse_certificate_unittest/subject_alt_name.pem", + "data/parse_certificate_unittest/subject_t61string.pem", + "data/parse_certificate_unittest/subject_t61string_1-32.pem", + "data/parse_certificate_unittest/subject_t61string_126-160.pem", + "data/parse_certificate_unittest/subject_t61string_actual.pem", "data/parse_certificate_unittest/tbs_explicit_v1.pem", - "data/parse_certificate_unittest/tbs_negative_serial_number.pem", - "data/parse_certificate_unittest/tbs_serial_number_21_octets_leading_0.pem", - "data/parse_certificate_unittest/tbs_serial_number_26_octets.pem", "data/parse_certificate_unittest/tbs_v1.pem", "data/parse_certificate_unittest/tbs_v1_extensions.pem", "data/parse_certificate_unittest/tbs_v2_extensions.pem", @@ -3304,6 +3390,7 @@ bundle_data("net_unittests_bundle_data") { "data/url_request_unittest/with-headers.html.mock-http-headers", "data/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued.pem", "data/verify_certificate_chain_unittest/constrained-non-self-signed-root.pem", + "data/verify_certificate_chain_unittest/constrained-root-bad-eku.pem", "data/verify_certificate_chain_unittest/constrained-root-basic-constraints-ca-false.pem", "data/verify_certificate_chain_unittest/constrained-root-lacks-basic-constraints.pem", "data/verify_certificate_chain_unittest/expired-constrained-root.pem", @@ -3316,6 +3403,9 @@ bundle_data("net_unittests_bundle_data") { "data/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical.pem", "data/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints.pem", "data/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage.pem", + "data/verify_certificate_chain_unittest/intermediate-restricts-eku-fail.pem", + "data/verify_certificate_chain_unittest/intermediate-restricts-eku-ok.pem", + "data/verify_certificate_chain_unittest/intermediate-sets-eku-any.pem", "data/verify_certificate_chain_unittest/intermediate-signed-with-md5.pem", "data/verify_certificate_chain_unittest/intermediate-unknown-critical-extension.pem", "data/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension.pem", @@ -3329,13 +3419,17 @@ bundle_data("net_unittests_bundle_data") { "data/verify_certificate_chain_unittest/target-and-intermediate.pem", "data/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca.pem", "data/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca.pem", + "data/verify_certificate_chain_unittest/target-lacks-eku.pem", "data/verify_certificate_chain_unittest/target-not-end-entity.pem", + "data/verify_certificate_chain_unittest/target-restricts-eku-fail.pem", + "data/verify_certificate_chain_unittest/target-sets-eku-any.pem", "data/verify_certificate_chain_unittest/target-signed-by-512bit-rsa.pem", "data/verify_certificate_chain_unittest/target-signed-using-ecdsa.pem", "data/verify_certificate_chain_unittest/target-signed-with-md5.pem", "data/verify_certificate_chain_unittest/target-unknown-critical-extension.pem", "data/verify_certificate_chain_unittest/target-wrong-signature.pem", "data/verify_certificate_chain_unittest/unconstrained-non-self-signed-root.pem", + "data/verify_certificate_chain_unittest/unconstrained-root-bad-eku.pem", "data/verify_certificate_chain_unittest/unconstrained-root-basic-constraints-ca-false.pem", "data/verify_certificate_chain_unittest/unconstrained-root-lacks-basic-constraints.pem", "data/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0.pem", @@ -4074,6 +4168,8 @@ test("net_unittests") { "base/lookup_string_in_fixed_set_unittest.cc", "base/mime_sniffer_unittest.cc", "base/mime_util_unittest.cc", + "base/mock_network_change_notifier.cc", + "base/mock_network_change_notifier.h", "base/network_activity_monitor_unittest.cc", "base/network_change_notifier_unittest.cc", "base/network_change_notifier_win_unittest.cc", @@ -4277,12 +4373,6 @@ test("net_unittests") { "http2/decoder/decode_http2_structures_test.cc", "http2/decoder/frame_decoder_state_test_util.cc", "http2/decoder/frame_decoder_state_test_util.h", - "http2/decoder/frame_parts.cc", - "http2/decoder/frame_parts.h", - "http2/decoder/frame_parts_collector.cc", - "http2/decoder/frame_parts_collector.h", - "http2/decoder/frame_parts_collector_listener.cc", - "http2/decoder/frame_parts_collector_listener.h", "http2/decoder/http2_frame_decoder_listener_test_util.cc", "http2/decoder/http2_frame_decoder_listener_test_util.h", "http2/decoder/http2_frame_decoder_test.cc", @@ -4333,6 +4423,12 @@ test("net_unittests") { "http2/http2_structures_test.cc", "http2/http2_structures_test_util.cc", "http2/http2_structures_test_util.h", + "http2/test_tools/frame_parts.cc", + "http2/test_tools/frame_parts.h", + "http2/test_tools/frame_parts_collector.cc", + "http2/test_tools/frame_parts_collector.h", + "http2/test_tools/frame_parts_collector_listener.cc", + "http2/test_tools/frame_parts_collector_listener.h", "http2/tools/failure.cc", "http2/tools/failure.h", "http2/tools/http2_frame_builder.cc", @@ -4350,6 +4446,7 @@ test("net_unittests") { "log/trace_net_log_observer_unittest.cc", "log/write_to_file_net_log_observer_unittest.cc", "nqe/effective_connection_type_unittest.cc", + "nqe/event_creator_unittest.cc", "nqe/network_qualities_prefs_manager_unittest.cc", "nqe/network_quality_estimator_unittest.cc", "nqe/network_quality_store_unittest.cc", @@ -4386,8 +4483,6 @@ test("net_unittests") { "quic/chromium/crypto_test_utils_chromium.cc", "quic/chromium/mock_crypto_client_stream_factory.cc", "quic/chromium/mock_crypto_client_stream_factory.h", - "quic/chromium/mock_network_change_notifier.cc", - "quic/chromium/mock_network_change_notifier.h", "quic/chromium/mock_quic_data.cc", "quic/chromium/mock_quic_data.h", "quic/chromium/network_connection_unittest.cc", @@ -4404,10 +4499,14 @@ test("net_unittests") { "quic/chromium/quic_http_stream_test.cc", "quic/chromium/quic_http_utils_test.cc", "quic/chromium/quic_network_transaction_unittest.cc", + "quic/chromium/quic_stream_factory_peer.cc", + "quic/chromium/quic_stream_factory_peer.h", "quic/chromium/quic_stream_factory_test.cc", "quic/chromium/quic_test_packet_maker.cc", "quic/chromium/quic_test_packet_maker.h", "quic/chromium/quic_utils_chromium_test.cc", + "quic/chromium/test_task_runner.cc", + "quic/chromium/test_task_runner.h", "quic/core/congestion_control/bandwidth_sampler_test.cc", "quic/core/congestion_control/bbr_sender_test.cc", "quic/core/congestion_control/cubic_bytes_test.cc", @@ -4487,7 +4586,7 @@ test("net_unittests") { "quic/core/quic_versions_test.cc", "quic/core/quic_write_blocked_list_test.cc", "quic/core/spdy_utils_test.cc", - "quic/platform/api/quic_estimate_memory_usage.h", + "quic/platform/api/quic_endian_test.cc", "quic/platform/api/quic_hostname_utils_test.cc", "quic/platform/api/quic_lru_cache_test.cc", "quic/platform/api/quic_reference_counted_test.cc", @@ -4495,7 +4594,6 @@ test("net_unittests") { "quic/platform/api/quic_text_utils_test.cc", "quic/platform/api/quic_url_test.cc", "quic/platform/impl/quic_chromium_clock_test.cc", - "quic/platform/impl/quic_estimate_memory_usage_impl.h", "quic/quartc/quartc_alarm_factory_test.cc", "quic/quartc/quartc_session_test.cc", "quic/quartc/quartc_stream_test.cc", @@ -4546,8 +4644,6 @@ test("net_unittests") { "quic/test_tools/quic_spdy_session_peer.h", "quic/test_tools/quic_spdy_stream_peer.cc", "quic/test_tools/quic_spdy_stream_peer.h", - "quic/test_tools/quic_stream_factory_peer.cc", - "quic/test_tools/quic_stream_factory_peer.h", "quic/test_tools/quic_stream_peer.cc", "quic/test_tools/quic_stream_peer.h", "quic/test_tools/quic_stream_sequencer_buffer_peer.cc", @@ -4587,8 +4683,17 @@ test("net_unittests") { "quic/test_tools/simulator/switch.h", "quic/test_tools/simulator/traffic_policer.cc", "quic/test_tools/simulator/traffic_policer.h", - "quic/test_tools/test_task_runner.cc", - "quic/test_tools/test_task_runner.h", + "reporting/reporting_browsing_data_remover_unittest.cc", + "reporting/reporting_cache_unittest.cc", + "reporting/reporting_delivery_agent_unittest.cc", + "reporting/reporting_endpoint_manager_unittest.cc", + "reporting/reporting_garbage_collector_unittest.cc", + "reporting/reporting_header_parser_unittest.cc", + "reporting/reporting_persister_unittest.cc", + "reporting/reporting_service_unittest.cc", + "reporting/reporting_test_util.cc", + "reporting/reporting_test_util.h", + "reporting/reporting_uploader_unittest.cc", "sdch/sdch_owner_unittest.cc", "socket/client_socket_pool_base_unittest.cc", "socket/mock_client_socket_pool_manager.cc", @@ -4619,7 +4724,6 @@ test("net_unittests") { "spdy/buffered_spdy_framer_unittest.cc", "spdy/fuzzing/hpack_fuzz_util_test.cc", "spdy/header_coalescer_test.cc", - "spdy/hpack/hpack_decoder2_test.cc", "spdy/hpack/hpack_decoder3_test.cc", "spdy/hpack/hpack_decoder_test.cc", "spdy/hpack/hpack_encoder_test.cc", @@ -4632,9 +4736,9 @@ test("net_unittests") { "spdy/hpack/hpack_round_trip_test.cc", "spdy/hpack/hpack_static_table_test.cc", "spdy/http2_priority_dependencies_unittest.cc", - "spdy/http2_write_scheduler_test.cc", "spdy/mock_spdy_framer_visitor.cc", "spdy/mock_spdy_framer_visitor.h", + "spdy/platform/api/spdy_string_utils_test.cc", "spdy/priority_write_scheduler_test.cc", "spdy/spdy_alt_svc_wire_format_test.cc", "spdy/spdy_buffer_unittest.cc", @@ -4648,6 +4752,7 @@ test("net_unittests") { "spdy/spdy_header_indexing_test.cc", "spdy/spdy_http_stream_unittest.cc", "spdy/spdy_http_utils_unittest.cc", + "spdy/spdy_log_util_unittest.cc", "spdy/spdy_network_transaction_unittest.cc", "spdy/spdy_no_op_visitor.cc", "spdy/spdy_no_op_visitor.h", @@ -4743,8 +4848,10 @@ test("net_unittests") { "//crypto:platform", "//crypto:test_support", "//net/base/registry_controlled_domains", + "//net/http:transport_security_state_unittest_data", "//testing/gmock", "//testing/gtest", + "//third_party/protobuf:protobuf_lite", "//third_party/zlib", "//url", "//url:url_features", @@ -5103,6 +5210,11 @@ test("net_unittests") { sources += [ "ssl/ssl_platform_key_chromecast_unittest.cc" ] sources -= [ "ssl/ssl_platform_key_nss_unittest.cc" ] } + + # Include transport_security_state_generator tests. + if (host_toolchain == current_toolchain) { + deps += [ "//net/tools/transport_security_state_generator:transport_security_state_generator_test_sources" ] + } } # !is_android && !is_win && !is_mac @@ -5116,7 +5228,6 @@ if (!is_ios && !is_proto_quic) { "cookies/cookie_monster_perftest.cc", "disk_cache/disk_cache_perftest.cc", "extras/sqlite/sqlite_persistent_cookie_store_perftest.cc", - "proxy/proxy_resolver_perftest.cc", "socket/udp_socket_perftest.cc", ] @@ -5139,12 +5250,6 @@ if (!is_ios && !is_proto_quic) { sources += [ "websockets/websocket_frame_perftest.cc" ] } - if (use_v8_in_net) { - deps += [ ":net_with_v8" ] - } else { - sources -= [ "proxy/proxy_resolver_perftest.cc" ] - } - # Some linker failures have been observed for this target on the Win64 # continuous builder, see crbug.com/659369. # TODO(sebmarchand): Remove this once we have some data. @@ -5686,36 +5791,3 @@ fuzzer_test("net_spdy_session_fuzzer") { dict = "data/fuzzer_dictionaries/net_spdy_session_fuzzer.dict" seed_corpus = "data/fuzzer_data/net_spdy_session_fuzzer/" } - -if (host_toolchain == current_toolchain && !is_proto_quic) { - executable("transport_security_state_generator") { - sources = [ - "tools/transport_security_state_generator/bit_writer.cc", - "tools/transport_security_state_generator/bit_writer.h", - "tools/transport_security_state_generator/cert_util.cc", - "tools/transport_security_state_generator/cert_util.h", - "tools/transport_security_state_generator/huffman/huffman_builder.cc", - "tools/transport_security_state_generator/huffman/huffman_builder.h", - "tools/transport_security_state_generator/pinset.cc", - "tools/transport_security_state_generator/pinset.h", - "tools/transport_security_state_generator/pinsets.cc", - "tools/transport_security_state_generator/pinsets.h", - "tools/transport_security_state_generator/preloaded_state_generator.cc", - "tools/transport_security_state_generator/preloaded_state_generator.h", - "tools/transport_security_state_generator/spki_hash.cc", - "tools/transport_security_state_generator/spki_hash.h", - "tools/transport_security_state_generator/transport_security_state_entry.cc", - "tools/transport_security_state_generator/transport_security_state_entry.h", - "tools/transport_security_state_generator/transport_security_state_generator.cc", - "tools/transport_security_state_generator/trie/trie_bit_buffer.cc", - "tools/transport_security_state_generator/trie/trie_bit_buffer.h", - "tools/transport_security_state_generator/trie/trie_writer.cc", - "tools/transport_security_state_generator/trie/trie_writer.h", - ] - deps = [ - "//base", - "//crypto", - "//third_party/boringssl", - ] - } -} diff --git a/chromium/net/OWNERS b/chromium/net/OWNERS index 589e980b4c6..321cc06271a 100644 --- a/chromium/net/OWNERS +++ b/chromium/net/OWNERS @@ -5,7 +5,9 @@ cbentzel@chromium.org davidben@chromium.org eroman@chromium.org gavinp@chromium.org +jkarlin@chromium.org jri@chromium.org +juliatuttle@chromium.org mattm@chromium.org mef@chromium.org mmenke@chromium.org @@ -13,14 +15,9 @@ pauljensen@chromium.org rch@chromium.org rdsmith@chromium.org rsleevi@chromium.org -juliatuttle@chromium.org xunjieli@chromium.org zhongyi@chromium.org -per-file *.isolate=maruel@chromium.org -per-file *.isolate=tandrii@chromium.org -per-file *.isolate=vadimsh@chromium.org - per-file BUILD.gn=bengr@chromium.org per-file net.gyp*=bengr@chromium.org diff --git a/chromium/net/android/BUILD.gn b/chromium/net/android/BUILD.gn index 1cf3789edbb..8ef0eb7bc91 100644 --- a/chromium/net/android/BUILD.gn +++ b/chromium/net/android/BUILD.gn @@ -58,7 +58,6 @@ android_library("net_java_test_support") { "//base:base_java", "//base:base_java_test_support", "//third_party/android_tools:android_support_annotations_java", - "//third_party/android_tools:legacy_http_javalib", ] srcjar_deps = [ ":embedded_test_server_aidl", @@ -126,7 +125,9 @@ android_library("net_javatests") { ":net_java_test_support", "//base:base_java", "//base:base_java_test_support", + "//third_party/android_support_test_runner:rules_java", "//third_party/android_support_test_runner:runner_java", + "//third_party/junit", ] } diff --git a/chromium/net/android/network_change_notifier_android.cc b/chromium/net/android/network_change_notifier_android.cc index e093a4f5cbe..cc98d5a339e 100644 --- a/chromium/net/android/network_change_notifier_android.cc +++ b/chromium/net/android/network_change_notifier_android.cc @@ -160,6 +160,11 @@ NetworkChangeNotifierAndroid::GetCurrentConnectionType() const { return delegate_->GetCurrentConnectionType(); } +NetworkChangeNotifier::ConnectionSubtype +NetworkChangeNotifierAndroid::GetCurrentConnectionSubtype() const { + return delegate_->GetCurrentConnectionSubtype(); +} + void NetworkChangeNotifierAndroid::GetCurrentMaxBandwidthAndConnectionType( double* max_bandwidth_mbps, ConnectionType* connection_type) const { diff --git a/chromium/net/android/network_change_notifier_android.h b/chromium/net/android/network_change_notifier_android.h index 41366b96dc8..80f978c3a1f 100644 --- a/chromium/net/android/network_change_notifier_android.h +++ b/chromium/net/android/network_change_notifier_android.h @@ -59,6 +59,8 @@ class NET_EXPORT_PRIVATE NetworkChangeNotifierAndroid void GetCurrentConnectedNetworks(NetworkList* network_list) const override; ConnectionType GetCurrentNetworkConnectionType( NetworkHandle network) const override; + NetworkChangeNotifier::ConnectionSubtype GetCurrentConnectionSubtype() + const override; NetworkHandle GetCurrentDefaultNetwork() const override; // NetworkChangeNotifierDelegateAndroid::Observer: diff --git a/chromium/net/base/address_tracker_linux.cc b/chromium/net/base/address_tracker_linux.cc index 1cbfec7c9af..a7c15b7ce79 100644 --- a/chromium/net/base/address_tracker_linux.cc +++ b/chromium/net/base/address_tracker_linux.cc @@ -98,7 +98,7 @@ bool GetAddress(const struct nlmsghdr* header, // static char* AddressTrackerLinux::GetInterfaceName(int interface_index, char* buf) { memset(buf, 0, IFNAMSIZ); - base::ScopedFD ioctl_socket(socket(AF_INET, SOCK_DGRAM, 0)); + base::ScopedFD ioctl_socket = GetSocketForIoctl(); if (!ioctl_socket.is_valid()) return buf; diff --git a/chromium/net/base/crypto_module.h b/chromium/net/base/crypto_module.h deleted file mode 100644 index 67e8a175b91..00000000000 --- a/chromium/net/base/crypto_module.h +++ /dev/null @@ -1,51 +0,0 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_BASE_CRYPTO_MODULE_H_ -#define NET_BASE_CRYPTO_MODULE_H_ - -#include <string> -#include <vector> - -#include "base/macros.h" -#include "base/memory/ref_counted.h" -#include "net/base/net_export.h" - -#if defined(USE_NSS_CERTS) -typedef struct PK11SlotInfoStr PK11SlotInfo; -#endif - -namespace net { - -class CryptoModule; - -class NET_EXPORT CryptoModule - : public base::RefCountedThreadSafe<CryptoModule> { - public: -#if defined(USE_NSS_CERTS) - typedef PK11SlotInfo* OSModuleHandle; -#else - typedef void* OSModuleHandle; -#endif - - OSModuleHandle os_module_handle() const { return module_handle_; } - - std::string GetTokenName() const; - - static CryptoModule* CreateFromHandle(OSModuleHandle handle); - - private: - friend class base::RefCountedThreadSafe<CryptoModule>; - - explicit CryptoModule(OSModuleHandle handle); - ~CryptoModule(); - - OSModuleHandle module_handle_; - - DISALLOW_COPY_AND_ASSIGN(CryptoModule); -}; - -} // namespace net - -#endif // NET_BASE_CRYPTO_MODULE_H_ diff --git a/chromium/net/base/crypto_module_nss.cc b/chromium/net/base/crypto_module_nss.cc deleted file mode 100644 index df52ae9cb4f..00000000000 --- a/chromium/net/base/crypto_module_nss.cc +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/base/crypto_module.h" - -#include <pk11pub.h> - -namespace net { - -std::string CryptoModule::GetTokenName() const { - return PK11_GetTokenName(module_handle_); -} - -// static -CryptoModule* CryptoModule::CreateFromHandle(OSModuleHandle handle) { - return new CryptoModule(handle); -} - -CryptoModule::CryptoModule(OSModuleHandle handle) : module_handle_(handle) { - PK11_ReferenceSlot(module_handle_); -} - -CryptoModule::~CryptoModule() { - PK11_FreeSlot(module_handle_); -} - -} // namespace net diff --git a/chromium/net/base/crypto_module_openssl.cc b/chromium/net/base/crypto_module_openssl.cc deleted file mode 100644 index 3ef050fc6b3..00000000000 --- a/chromium/net/base/crypto_module_openssl.cc +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "base/logging.h" -#include "net/base/crypto_module.h" - -namespace net { - -std::string CryptoModule::GetTokenName() const { - NOTIMPLEMENTED(); - return ""; -} - -// static -CryptoModule* CryptoModule::CreateFromHandle(OSModuleHandle handle) { - NOTIMPLEMENTED(); - return NULL; -} - -CryptoModule::CryptoModule(OSModuleHandle handle) : module_handle_(handle) { -} - -CryptoModule::~CryptoModule() { -} - -} // namespace net diff --git a/chromium/net/base/data_url.cc b/chromium/net/base/data_url.cc index 40911850ff3..00ea6946c79 100644 --- a/chromium/net/base/data_url.cc +++ b/chromium/net/base/data_url.cc @@ -9,6 +9,7 @@ #include "net/base/data_url.h" #include "base/base64.h" +#include "base/stl_util.h" #include "base/strings/string_split.h" #include "base/strings/string_util.h" #include "net/base/escape.h" @@ -72,6 +73,8 @@ bool DataURL::Parse(const GURL& url, std::string* mime_type, // specified in RFC2045. As specified in RFC2397, we use |charset| even if // |mime_type| is empty. mime_type->assign("text/plain"); + if (charset->empty()) + charset->assign("US-ASCII"); } else if (!ParseMimeTypeWithoutParameter(*mime_type, NULL, NULL)) { // Fallback to the default as recommended in RFC2045 when the mediatype // value is invalid. For this case, we don't respect |charset| but force it @@ -79,8 +82,6 @@ bool DataURL::Parse(const GURL& url, std::string* mime_type, mime_type->assign("text/plain"); charset->assign("US-ASCII"); } - if (charset->empty()) - charset->assign("US-ASCII"); // The caller may not be interested in receiving the data. if (!data) @@ -108,9 +109,7 @@ bool DataURL::Parse(const GURL& url, std::string* mime_type, // Strip whitespace. if (base64_encoded || !(mime_type->compare(0, 5, "text/") == 0 || mime_type->find("xml") != std::string::npos)) { - temp_data.erase(std::remove_if(temp_data.begin(), temp_data.end(), - base::IsAsciiWhitespace<wchar_t>), - temp_data.end()); + base::EraseIf(temp_data, base::IsAsciiWhitespace<wchar_t>); } if (!base64_encoded) { diff --git a/chromium/net/base/data_url_unittest.cc b/chromium/net/base/data_url_unittest.cc index 4bd02519883..1b2d036caa1 100644 --- a/chromium/net/base/data_url_unittest.cc +++ b/chromium/net/base/data_url_unittest.cc @@ -49,7 +49,7 @@ TEST(DataURLTest, Parse) { { "data:TeXt/HtMl,<b>x</b>", true, "text/html", - "US-ASCII", + "", "<b>x</b>" }, { "data:,foo", @@ -102,13 +102,13 @@ TEST(DataURLTest, Parse) { "%3C%2Fb%3E%3C%2Fbody%3E%3C%2Fhtml%3E", true, "text/html", - "US-ASCII", + "", "<html><body><b>hello world</b></body></html>" }, { "data:text/html,<html><body><b>hello world</b></body></html>", true, "text/html", - "US-ASCII", + "", "<html><body><b>hello world</b></body></html>" }, // the comma cannot be url-escaped! @@ -130,7 +130,7 @@ TEST(DataURLTest, Parse) { { "data:image/fractal,a b c d e f g", true, "image/fractal", - "US-ASCII", + "", "abcdefg" }, // Spaces should also be removed from anything base-64 encoded @@ -154,7 +154,7 @@ TEST(DataURLTest, Parse) { "%20", true, "text/javascript", - "US-ASCII", + "", "d4 = 'four';" }, // Only unescaped whitespace should be stripped in non-base64. @@ -162,7 +162,7 @@ TEST(DataURLTest, Parse) { { "data:img/png,A B %20 %0A C", true, "img/png", - "US-ASCII", + "", "AB \nC" }, { "data:text/plain;charset=utf-8;base64,SGVsbMO2", @@ -171,6 +171,13 @@ TEST(DataURLTest, Parse) { "utf-8", "Hell\xC3\xB6" }, + // no mimetype + { "data:;charset=utf-8;base64,SGVsbMO2", + true, + "text/plain", + "utf-8", + "Hell\xC3\xB6" }, + // Not sufficiently padded. { "data:;base64,aGVsbG8gd29ybGQ", true, diff --git a/chromium/net/base/load_flags_list.h b/chromium/net/base/load_flags_list.h index abb64595fe2..76ff4fecac5 100644 --- a/chromium/net/base/load_flags_list.h +++ b/chromium/net/base/load_flags_list.h @@ -80,15 +80,10 @@ LOAD_FLAG(MAYBE_USER_GESTURE, 1 << 15) // be honored, but that other forms of authority may be used. LOAD_FLAG(DO_NOT_USE_EMBEDDED_IDENTITY, 1 << 16) -// The creator of this URLRequest wishes to receive stale responses when allowed -// by the "Cache-Control: stale-while-revalidate" directive and is able to issue -// an async revalidation to update the cache. -LOAD_FLAG(SUPPORT_ASYNC_REVALIDATION, 1 << 17) - // Indicates that this request is not to be migrated to a new network when QUIC // connection migration is enabled. -LOAD_FLAG(DISABLE_CONNECTION_MIGRATION, 1 << 18) +LOAD_FLAG(DISABLE_CONNECTION_MIGRATION, 1 << 17) // Indicates that the cache should not check that the request matches the // response's vary header. -LOAD_FLAG(SKIP_VARY_CHECK, 1 << 19) +LOAD_FLAG(SKIP_VARY_CHECK, 1 << 18) diff --git a/chromium/net/base/mime_util.cc b/chromium/net/base/mime_util.cc index 4e94fa507e6..93aff23ad93 100644 --- a/chromium/net/base/mime_util.cc +++ b/chromium/net/base/mime_util.cc @@ -48,7 +48,7 @@ class MimeUtil : public PlatformMimeUtil { bool IsValidTopLevelMimeType(const std::string& type_string) const; private: - friend struct base::DefaultLazyInstanceTraits<MimeUtil>; + friend struct base::LazyInstanceTraitsBase<MimeUtil>; MimeUtil(); diff --git a/chromium/net/quic/chromium/mock_network_change_notifier.cc b/chromium/net/base/mock_network_change_notifier.cc index 86326e2107d..b01fda92cf0 100644 --- a/chromium/net/quic/chromium/mock_network_change_notifier.cc +++ b/chromium/net/base/mock_network_change_notifier.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/quic/chromium/mock_network_change_notifier.h" +#include "net/base/mock_network_change_notifier.h" #include "base/run_loop.h" diff --git a/chromium/net/quic/chromium/mock_network_change_notifier.h b/chromium/net/base/mock_network_change_notifier.h index 7a4511c92ab..e8d4269dd8c 100644 --- a/chromium/net/quic/chromium/mock_network_change_notifier.h +++ b/chromium/net/base/mock_network_change_notifier.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef NET_QUIC_CHROMIUM_MOCK_NETWORK_CHANGE_NOTIFIER_H_ -#define NET_QUIC_CHROMIUM_MOCK_NETWORK_CHANGE_NOTIFIER_H_ +#ifndef NET_BASE_MOCK_NETWORK_CHANGE_NOTIFIER_H_ +#define NET_BASE_MOCK_NETWORK_CHANGE_NOTIFIER_H_ #include "net/base/network_change_notifier.h" @@ -71,4 +71,4 @@ class ScopedMockNetworkChangeNotifier { } // namespace test } // namespace net -#endif // NET_QUIC_CHROMIUM_MOCK_NETWORK_CHANGE_NOTIFIER_H_ +#endif // NET_BASE_MOCK_NETWORK_CHANGE_NOTIFIER_H_ diff --git a/chromium/net/base/net_error_list.h b/chromium/net/base/net_error_list.h index 617a56d41f7..b9d713c835a 100644 --- a/chromium/net/base/net_error_list.h +++ b/chromium/net/base/net_error_list.h @@ -386,6 +386,24 @@ NET_ERROR(SSL_OBSOLETE_CIPHER, -172) // upgraded, the URLRequest is cancelled with this error code. NET_ERROR(WS_UPGRADE, -173) +// Socket ReadIfReady support is not implemented. This error should not be user +// visible, because the normal Read() method is used as a fallback. +NET_ERROR(READ_IF_READY_NOT_IMPLEMENTED, -174) + +// This error is emitted if TLS 1.3 is enabled, connecting with it failed, but +// retrying at a downgraded maximum version succeeded. This could mean: +// +// 1. This is a transient network error that will be resolved when the user +// reloads. +// +// 2. The user is behind a buggy network middlebox, firewall, or proxy which is +// interfering with TLS 1.3. +// +// 3. The server is buggy and does not implement TLS version negotiation +// correctly. TLS 1.3 was tweaked to avoid a common server bug here, so this +// is unlikely. +NET_ERROR(SSL_VERSION_INTERFERENCE, -175) + // Certificate error codes // // The values of certificate error codes must be consecutive. @@ -698,6 +716,10 @@ NET_ERROR(CONTENT_DECODING_INIT_FAILED, -371) // SpdyStream layer. NET_ERROR(SPDY_RST_STREAM_NO_ERROR_RECEIVED, -372) +// Received HTTP status code 421 Misdirected Request (RFC7540 Section 9.1.2). +// The client MAY retry the request over a different connection. +NET_ERROR(MISDIRECTED_REQUEST, -373) + // The cache does not have the requested entry. NET_ERROR(CACHE_MISS, -400) diff --git a/chromium/net/base/network_activity_monitor.h b/chromium/net/base/network_activity_monitor.h index 7f3dbedb046..6f17c21bb0a 100644 --- a/chromium/net/base/network_activity_monitor.h +++ b/chromium/net/base/network_activity_monitor.h @@ -51,7 +51,7 @@ class NET_EXPORT_PRIVATE NetworkActivityMonitor { NetworkActivityMonitor(); ~NetworkActivityMonitor(); - friend struct base::DefaultLazyInstanceTraits<NetworkActivityMonitor>; + friend struct base::LazyInstanceTraitsBase<NetworkActivityMonitor>; // Protects all the following members. mutable base::Lock lock_; diff --git a/chromium/net/base/network_change_notifier.cc b/chromium/net/base/network_change_notifier.cc index 0cfaaa38d25..bd47e3ce9d7 100644 --- a/chromium/net/base/network_change_notifier.cc +++ b/chromium/net/base/network_change_notifier.cc @@ -547,6 +547,14 @@ NetworkChangeNotifier::GetConnectionType() { } // static +NetworkChangeNotifier::ConnectionSubtype +NetworkChangeNotifier::GetConnectionSubtype() { + return g_network_change_notifier + ? g_network_change_notifier->GetCurrentConnectionSubtype() + : SUBTYPE_UNKNOWN; +} + +// static void NetworkChangeNotifier::GetMaxBandwidthAndConnectionType( double* max_bandwidth_mbps, ConnectionType* connection_type) { @@ -922,6 +930,12 @@ void NetworkChangeNotifier::NotifyObserversOfConnectionTypeChangeForTests( } // static +void NetworkChangeNotifier::NotifyObserversOfDNSChangeForTests() { + if (g_network_change_notifier) + g_network_change_notifier->NotifyObserversOfDNSChangeImpl(); +} + +// static void NetworkChangeNotifier::NotifyObserversOfNetworkChangeForTests( ConnectionType type) { if (g_network_change_notifier) @@ -985,6 +999,11 @@ NetworkChangeNotifier::GetAddressTrackerInternal() const { } #endif +NetworkChangeNotifier::ConnectionSubtype +NetworkChangeNotifier::GetCurrentConnectionSubtype() const { + return SUBTYPE_UNKNOWN; +} + void NetworkChangeNotifier::GetCurrentMaxBandwidthAndConnectionType( double* max_bandwidth_mbps, ConnectionType* connection_type) const { diff --git a/chromium/net/base/network_change_notifier.h b/chromium/net/base/network_change_notifier.h index 1cefe85ff6e..a758cc3acf3 100644 --- a/chromium/net/base/network_change_notifier.h +++ b/chromium/net/base/network_change_notifier.h @@ -270,12 +270,18 @@ class NET_EXPORT NetworkChangeNotifier { // value doesn't imply that the user will be able to connect to remote sites; // even if some link is up, it is uncertain whether a particular connection // attempt to a particular remote site will be successful. - // The returned value only describes the connection currently used by the - // device, and does not take into account other machines on the network. For - // example, if the device is connected using Wifi to a 3G gateway to access - // the internet, the connection type is CONNECTION_WIFI. + // The returned value only describes the first-hop connection, for example if + // the device is connected via WiFi to a 4G hotspot, the returned value will + // be CONNECTION_WIFI, not CONNECTION_4G. static ConnectionType GetConnectionType(); + // Returns the device's current default active network connection's subtype. + // The returned value only describes the first-hop connection, for example if + // the device is connected via WiFi to a 4G hotspot, the returned value will + // reflect WiFi, not 4G. This method may return SUBTYPE_UNKNOWN even if the + // connection type is known. + static ConnectionSubtype GetConnectionSubtype(); + // Sets |max_bandwidth_mbps| to a theoretical upper limit on download // bandwidth, potentially based on underlying connection type, signal // strength, or some other signal. If the network subtype is unknown then @@ -393,6 +399,7 @@ class NET_EXPORT NetworkChangeNotifier { static void NotifyObserversOfIPAddressChangeForTests(); static void NotifyObserversOfConnectionTypeChangeForTests( ConnectionType type); + static void NotifyObserversOfDNSChangeForTests(); static void NotifyObserversOfNetworkChangeForTests(ConnectionType type); static void NotifyObserversOfInitialDNSConfigReadForTests(); static void NotifyObserversOfMaxBandwidthChangeForTests( @@ -498,6 +505,7 @@ class NET_EXPORT NetworkChangeNotifier { // Implementations must be thread-safe. Implementations must also be // cheap as they are called often. virtual ConnectionType GetCurrentConnectionType() const = 0; + virtual ConnectionSubtype GetCurrentConnectionSubtype() const; virtual void GetCurrentMaxBandwidthAndConnectionType( double* max_bandwidth_mbps, ConnectionType* connection_type) const; diff --git a/chromium/net/base/network_change_notifier_unittest.cc b/chromium/net/base/network_change_notifier_unittest.cc index 674260789a6..c06d3588808 100644 --- a/chromium/net/base/network_change_notifier_unittest.cc +++ b/chromium/net/base/network_change_notifier_unittest.cc @@ -123,4 +123,9 @@ TEST(NetworkChangeNotifierTest, IgnoreVMInterfaces) { NetworkChangeNotifier::ConnectionTypeFromInterfaceList(list)); } +TEST(NetworkChangeNotifierTest, GetConnectionSubtype) { + // Call GetConnectionSubtype() and ensure that there is no crash. + NetworkChangeNotifier::GetConnectionSubtype(); +} + } // namespace net diff --git a/chromium/net/base/network_interfaces_linux.cc b/chromium/net/base/network_interfaces_linux.cc index 3c460be2871..1e506df6425 100644 --- a/chromium/net/base/network_interfaces_linux.cc +++ b/chromium/net/base/network_interfaces_linux.cc @@ -76,7 +76,7 @@ namespace internal { // or ethtool extensions. NetworkChangeNotifier::ConnectionType GetInterfaceConnectionType( const std::string& ifname) { - base::ScopedFD s(socket(AF_INET, SOCK_STREAM, 0)); + base::ScopedFD s = GetSocketForIoctl(); if (!s.is_valid()) return NetworkChangeNotifier::CONNECTION_UNKNOWN; @@ -101,7 +101,7 @@ NetworkChangeNotifier::ConnectionType GetInterfaceConnectionType( } std::string GetInterfaceSSID(const std::string& ifname) { - base::ScopedFD ioctl_socket(socket(AF_INET, SOCK_DGRAM, 0)); + base::ScopedFD ioctl_socket = GetSocketForIoctl(); if (!ioctl_socket.is_valid()) return ""; struct iwreq wreq = {}; @@ -201,6 +201,13 @@ std::string GetWifiSSIDFromInterfaceListInternal( return connected_ssid; } +base::ScopedFD GetSocketForIoctl() { + base::ScopedFD ioctl_socket(socket(AF_INET6, SOCK_DGRAM, 0)); + if (ioctl_socket.is_valid()) + return ioctl_socket; + return base::ScopedFD(socket(AF_INET, SOCK_DGRAM, 0)); +} + } // namespace internal bool GetNetworkList(NetworkInterfaceList* networks, int policy) { diff --git a/chromium/net/base/network_interfaces_linux.h b/chromium/net/base/network_interfaces_linux.h index 9dfea10fb3a..45ad11e9846 100644 --- a/chromium/net/base/network_interfaces_linux.h +++ b/chromium/net/base/network_interfaces_linux.h @@ -11,6 +11,7 @@ #include <string> #include <unordered_set> +#include "base/files/scoped_file.h" #include "net/base/address_tracker_linux.h" #include "net/base/net_export.h" #include "net/base/network_interfaces.h" @@ -38,6 +39,9 @@ NET_EXPORT std::string GetWifiSSIDFromInterfaceListInternal( const NetworkInterfaceList& interfaces, internal::GetInterfaceSSIDFunction get_interface_ssid); +// Returns a socket useful for performing ioctl()s. +base::ScopedFD GetSocketForIoctl(); + } // namespace internal } // namespace net diff --git a/chromium/net/base/network_throttle_manager.cc b/chromium/net/base/network_throttle_manager.cc deleted file mode 100644 index e416ed068e9..00000000000 --- a/chromium/net/base/network_throttle_manager.cc +++ /dev/null @@ -1,144 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/base/network_throttle_manager.h" - -#include "base/logging.h" -#include "net/base/priority_queue.h" - -namespace net { - -namespace { - -class NetworkThrottleManagerImpl : public NetworkThrottleManager { - public: - class ThrottleImpl : public NetworkThrottleManager::Throttle { - public: - using QueuePointer = PriorityQueue<ThrottleImpl*>::Pointer; - - // Caller must arrange that |*delegate| and |*throttler| outlive - // the ThrottleImpl class. - ThrottleImpl(bool throttled, - RequestPriority priority, - ThrottleDelegate* delegate, - NetworkThrottleManagerImpl* throttler); - - ~ThrottleImpl() override; - - // Throttle - bool IsThrottled() const override; - void SetPriority(RequestPriority priority) override; - - QueuePointer queue_pointer() const { return queue_pointer_; } - void set_queue_pointer(const QueuePointer& pointer) { - queue_pointer_ = pointer; - } - - // Note that this call calls the delegate, and hence - // may result in re-entrant calls into the throttler or - // ThrottleImpl. The throttler should not rely on - // any state other than its own existence being persistent - // across this call. - void NotifyUnthrottled(); - - private: - bool throttled_; - ThrottleDelegate* const delegate_; - PriorityQueue<ThrottleImpl*>::Pointer queue_pointer_; - - NetworkThrottleManagerImpl* const throttler_; - - DISALLOW_COPY_AND_ASSIGN(ThrottleImpl); - }; - - NetworkThrottleManagerImpl(); - ~NetworkThrottleManagerImpl() override; - - std::unique_ptr<Throttle> CreateThrottle(ThrottleDelegate* delegate, - RequestPriority priority, - bool ignore_limits) override; - - private: - void OnStreamPriorityChanged(ThrottleImpl* throttle, - RequestPriority new_priority); - void OnStreamDestroyed(ThrottleImpl* throttle); - - PriorityQueue<ThrottleImpl*> priority_queue_; - - DISALLOW_COPY_AND_ASSIGN(NetworkThrottleManagerImpl); -}; - -// Currently this is a null implementation that does no throttling; -// all entries are created in the unthrottled state, and no throttle state -// change notifications are transmitted. - -NetworkThrottleManagerImpl::ThrottleImpl::ThrottleImpl( - bool throttled, - RequestPriority priority, - NetworkThrottleManager::ThrottleDelegate* delegate, - NetworkThrottleManagerImpl* throttler) - : throttled_(throttled), delegate_(delegate), throttler_(throttler) { - DCHECK(delegate); -} - -NetworkThrottleManagerImpl::ThrottleImpl::~ThrottleImpl() { - throttler_->OnStreamDestroyed(this); -} - -void NetworkThrottleManagerImpl::ThrottleImpl::SetPriority( - RequestPriority priority) { - throttler_->OnStreamPriorityChanged(this, priority); -} - -bool NetworkThrottleManagerImpl::ThrottleImpl::IsThrottled() const { - return throttled_; -} - -void NetworkThrottleManagerImpl::ThrottleImpl::NotifyUnthrottled() { - // This methods should only be called once, and only if the - // current state is throttled. - DCHECK(throttled_); - throttled_ = false; - delegate_->OnThrottleStateChanged(); -} - -NetworkThrottleManagerImpl::NetworkThrottleManagerImpl() - : priority_queue_(MAXIMUM_PRIORITY + 1) {} - -NetworkThrottleManagerImpl::~NetworkThrottleManagerImpl() {} - -std::unique_ptr<NetworkThrottleManager::Throttle> -NetworkThrottleManagerImpl::CreateThrottle( - NetworkThrottleManager::ThrottleDelegate* delegate, - RequestPriority priority, - bool ignore_limits) { - std::unique_ptr<NetworkThrottleManagerImpl::ThrottleImpl> stream( - new ThrottleImpl(false, priority, delegate, this)); - - stream->set_queue_pointer(priority_queue_.Insert(stream.get(), priority)); - - return std::move(stream); -} - -void NetworkThrottleManagerImpl::OnStreamPriorityChanged( - NetworkThrottleManagerImpl::ThrottleImpl* stream, - RequestPriority new_priority) { - priority_queue_.Erase(stream->queue_pointer()); - stream->set_queue_pointer(priority_queue_.Insert(stream, new_priority)); -} - -void NetworkThrottleManagerImpl::OnStreamDestroyed(ThrottleImpl* stream) { - priority_queue_.Erase(stream->queue_pointer()); -} - -} // namespace - -// static -std::unique_ptr<NetworkThrottleManager> -NetworkThrottleManager::CreateThrottler() { - return std::unique_ptr<NetworkThrottleManager>( - new NetworkThrottleManagerImpl); -} - -} // namespace net diff --git a/chromium/net/base/network_throttle_manager_unittest.cc b/chromium/net/base/network_throttle_manager_unittest.cc deleted file mode 100644 index c39a7a894fd..00000000000 --- a/chromium/net/base/network_throttle_manager_unittest.cc +++ /dev/null @@ -1,51 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/base/network_throttle_manager.h" - -#include <memory> - -#include "net/base/request_priority.h" -#include "testing/gtest/include/gtest/gtest.h" - -namespace net { - -namespace { - -#include "testing/gtest/include/gtest/gtest.h" - -class NetworkThrottleManagerTest : public testing::Test, - NetworkThrottleManager::ThrottleDelegate { - public: - NetworkThrottleManagerTest() - : throttler_(NetworkThrottleManager::CreateThrottler()) {} - - protected: - std::unique_ptr<NetworkThrottleManager::Throttle> CreateThrottle( - net::RequestPriority priority, - bool expected_throttle_state) { - std::unique_ptr<NetworkThrottleManager::Throttle> throttle( - throttler_->CreateThrottle(this, priority, false)); - EXPECT_EQ(expected_throttle_state, throttle->IsThrottled()); - return throttle; - } - - private: - // NetworkThrottleManager::Delegate - void OnThrottleStateChanged() override { ADD_FAILURE(); } - - std::unique_ptr<NetworkThrottleManager> throttler_; -}; - -// Check to confirm that all created throttles start unthrottled for the -// current null implementation. -TEST_F(NetworkThrottleManagerTest, AllUnthrottled) { - for (int i = MINIMUM_PRIORITY; i <= MAXIMUM_PRIORITY; ++i) { - CreateThrottle(static_cast<RequestPriority>(i), false); - } -} - -} // namespace - -} // namespace net diff --git a/chromium/net/base/sdch_manager_unittest.cc b/chromium/net/base/sdch_manager_unittest.cc index 72913a3daf9..8deef54764f 100644 --- a/chromium/net/base/sdch_manager_unittest.cc +++ b/chromium/net/base/sdch_manager_unittest.cc @@ -672,11 +672,11 @@ TEST_P(SdchManagerMemoryDumpTest, DumpMemoryStats) { new base::trace_event::ProcessMemoryDump(nullptr, dump_args)); base::trace_event::MemoryAllocatorDump* parent = - pmd->CreateAllocatorDump("net/url_request_context_0x123"); + pmd->CreateAllocatorDump("net/url_request_context/main/0x123"); sdch_manager()->DumpMemoryStats(pmd.get(), parent->absolute_name()); const base::trace_event::MemoryAllocatorDump* sub_dump = - pmd->GetAllocatorDump("net/url_request_context_0x123/sdch_manager"); + pmd->GetAllocatorDump("net/url_request_context/main/0x123/sdch_manager"); ASSERT_NE(nullptr, sub_dump); const base::trace_event::MemoryAllocatorDump* dump = pmd->GetAllocatorDump( base::StringPrintf("net/sdch_manager_0x%" PRIxPTR, diff --git a/chromium/net/cert/cert_verify_proc.cc b/chromium/net/cert/cert_verify_proc.cc index da4968850ad..a2a8a9e61a2 100644 --- a/chromium/net/cert/cert_verify_proc.cc +++ b/chromium/net/cert/cert_verify_proc.cc @@ -833,7 +833,7 @@ bool CertVerifyProc::HasNameConstraintsViolation( kDomainsIndiaCCA, }, // Not a real certificate - just for testing. This is the SPKI hash of - // the keys used in net/data/ssl/certificates/name_constraint_*.crt. + // the keys used in net/data/ssl/certificates/name_constraint_*.pem. { {0x48, 0x49, 0x4a, 0xc5, 0x5a, 0x3e, 0xcd, 0xc5, 0x62, 0x9f, 0xef, 0x23, 0x14, 0xad, 0x05, 0xa9, 0x2a, 0x5c, 0x39, 0xc0}, diff --git a/chromium/net/cert/cert_verify_proc_android.cc b/chromium/net/cert/cert_verify_proc_android.cc index 430ae631630..31d68d7071a 100644 --- a/chromium/net/cert/cert_verify_proc_android.cc +++ b/chromium/net/cert/cert_verify_proc_android.cc @@ -300,14 +300,18 @@ bool VerifyFromAndroidTrustManager( scoped_refptr<X509Certificate> verified_cert = X509Certificate::CreateFromDERCertChain(verified_chain_pieces); if (verified_cert.get()) - verify_result->verified_cert = verified_cert; + verify_result->verified_cert = std::move(verified_cert); + else + verify_result->cert_status |= CERT_STATUS_INVALID; } // Extract the public key hashes. for (size_t i = 0; i < verified_chain.size(); i++) { base::StringPiece spki_bytes; - if (!asn1::ExtractSPKIFromDERCert(verified_chain[i], &spki_bytes)) + if (!asn1::ExtractSPKIFromDERCert(verified_chain[i], &spki_bytes)) { + verify_result->cert_status |= CERT_STATUS_INVALID; continue; + } HashValue sha1(HASH_VALUE_SHA1); base::SHA1HashBytes(reinterpret_cast<const uint8_t*>(spki_bytes.data()), diff --git a/chromium/net/cert/cert_verify_proc_builtin.cc b/chromium/net/cert/cert_verify_proc_builtin.cc new file mode 100644 index 00000000000..08a2feed63c --- /dev/null +++ b/chromium/net/cert/cert_verify_proc_builtin.cc @@ -0,0 +1,445 @@ +// Copyright (c) 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/cert/cert_verify_proc_builtin.h" + +#include <string> +#include <vector> + +#if defined(USE_NSS_CERTS) +#include <cert.h> +#include <pk11pub.h> +#endif + +#include "base/logging.h" +#include "base/memory/ptr_util.h" +#include "base/sha1.h" +#include "base/strings/string_piece.h" +#include "crypto/sha2.h" +#include "net/base/net_errors.h" +#include "net/cert/asn1_util.h" +#include "net/cert/cert_status_flags.h" +#include "net/cert/cert_verify_proc.h" +#include "net/cert/cert_verify_result.h" +#include "net/cert/internal/cert_errors.h" +#include "net/cert/internal/cert_issuer_source_static.h" +#include "net/cert/internal/parsed_certificate.h" +#include "net/cert/internal/path_builder.h" +#include "net/cert/internal/signature_policy.h" +#include "net/cert/internal/trust_store_collection.h" +#include "net/cert/internal/trust_store_in_memory.h" +#include "net/cert/internal/verify_certificate_chain.h" +#include "net/cert/x509_certificate.h" +#include "net/cert/x509_util.h" +#include "net/der/encode_values.h" + +#if defined(USE_NSS_CERTS) +#include "crypto/nss_util.h" +#include "net/cert/internal/cert_issuer_source_nss.h" +#include "net/cert/internal/trust_store_nss.h" +#include "net/cert/scoped_nss_types.h" +#endif + +namespace net { + +namespace { + +class CertVerifyProcBuiltin : public CertVerifyProc { + public: + CertVerifyProcBuiltin(); + + bool SupportsAdditionalTrustAnchors() const override; + bool SupportsOCSPStapling() const override; + + protected: + ~CertVerifyProcBuiltin() override; + + private: + int VerifyInternal(X509Certificate* cert, + const std::string& hostname, + const std::string& ocsp_response, + int flags, + CRLSet* crl_set, + const CertificateList& additional_trust_anchors, + CertVerifyResult* verify_result) override; +}; + +CertVerifyProcBuiltin::CertVerifyProcBuiltin() {} + +CertVerifyProcBuiltin::~CertVerifyProcBuiltin() {} + +bool CertVerifyProcBuiltin::SupportsAdditionalTrustAnchors() const { + return true; +} + +bool CertVerifyProcBuiltin::SupportsOCSPStapling() const { + // TODO(crbug.com/649017): Implement. + return false; +} + +scoped_refptr<ParsedCertificate> ParseCertificateFromOSHandle( + X509Certificate::OSCertHandle cert_handle, + CertErrors* errors) { + std::string cert_bytes; + if (!X509Certificate::GetDEREncoded(cert_handle, &cert_bytes)) + return nullptr; + return ParsedCertificate::Create(x509_util::CreateCryptoBuffer(cert_bytes), + {}, errors); +} + +void AddIntermediatesToIssuerSource(X509Certificate* x509_cert, + CertIssuerSourceStatic* intermediates) { + const X509Certificate::OSCertHandles& cert_handles = + x509_cert->GetIntermediateCertificates(); + CertErrors errors; + for (auto it = cert_handles.begin(); it != cert_handles.end(); ++it) { + scoped_refptr<ParsedCertificate> cert = + ParseCertificateFromOSHandle(*it, &errors); + if (cert) + intermediates->AddCert(std::move(cert)); + // TODO(crbug.com/634443): Surface these parsing errors? + } +} + +// The SystemTrustStore interface augments the TrustStore interface with some +// additional functionality: +// +// * Determine if a trust anchor was one of the known roots +// * Determine if a trust anchor was one of the "extra" ones that +// was specified during verification. +// +// Implementations of SystemTrustStore create an effective trust +// store that is the composition of: +// +// (1) System trust store +// (2) |additional_trust_anchors|. +// (3) Test certificates (if they are separate from system trust store) +class SystemTrustStore { + public: + virtual ~SystemTrustStore() {} + + virtual TrustStore* GetTrustStore() = 0; + + // TODO(eroman): Can this be exposed through the TrustStore + // interface instead? + virtual CertIssuerSource* GetCertIssuerSource() = 0; + + // IsKnownRoot returns true if the given trust anchor is a standard one (as + // opposed to a user-installed root) + virtual bool IsKnownRoot( + const scoped_refptr<TrustAnchor>& trust_anchor) const = 0; + + virtual bool IsAdditionalTrustAnchor( + const scoped_refptr<TrustAnchor>& trust_anchor) const = 0; +}; + +#if defined(USE_NSS_CERTS) +class SystemTrustStoreNSS : public SystemTrustStore { + public: + explicit SystemTrustStoreNSS(const CertificateList& additional_trust_anchors) + : trust_store_nss_(trustSSL) { + CertErrors errors; + + trust_store_.AddTrustStore(&additional_trust_store_); + for (const auto& x509_cert : additional_trust_anchors) { + scoped_refptr<ParsedCertificate> cert = + ParseCertificateFromOSHandle(x509_cert->os_cert_handle(), &errors); + if (cert) { + additional_trust_store_.AddTrustAnchor( + TrustAnchor::CreateFromCertificateNoConstraints(std::move(cert))); + } + // TODO(eroman): Surface parsing errors of additional trust anchor. + } + + trust_store_.AddTrustStore(&trust_store_nss_); + } + + TrustStore* GetTrustStore() override { return &trust_store_; } + + CertIssuerSource* GetCertIssuerSource() override { + return &cert_issuer_source_nss_; + } + + // IsKnownRoot returns true if the given trust anchor is a standard one (as + // opposed to a user-installed root) + bool IsKnownRoot( + const scoped_refptr<TrustAnchor>& trust_anchor) const override { + // TODO(eroman): Based on how the TrustAnchors are created by this + // integration, there will always be an associated certificate. However this + // contradicts the API for TrustAnchor that states it is optional. + DCHECK(trust_anchor->cert()); + + // TODO(eroman): The overall approach of IsKnownRoot() is inefficient -- it + // requires searching for the trust anchor by DER in NSS, however path + // building already had a handle to it. + SECItem der_cert; + der_cert.data = + const_cast<uint8_t*>(trust_anchor->cert()->der_cert().UnsafeData()); + der_cert.len = trust_anchor->cert()->der_cert().Length(); + der_cert.type = siDERCertBuffer; + ScopedCERTCertificate nss_cert( + CERT_FindCertByDERCert(CERT_GetDefaultCertDB(), &der_cert)); + if (!nss_cert) + return false; + + return IsKnownRoot(nss_cert.get()); + } + + bool IsAdditionalTrustAnchor( + const scoped_refptr<TrustAnchor>& trust_anchor) const override { + return additional_trust_store_.Contains(trust_anchor.get()); + } + + private: + // TODO(eroman): This function was copied verbatim from + // cert_verify_proc_nss.cc + // + // IsKnownRoot returns true if the given certificate is one that we believe + // is a standard (as opposed to user-installed) root. + bool IsKnownRoot(CERTCertificate* root) const { + if (!root || !root->slot) + return false; + + // This magic name is taken from + // http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ckfw/builtins/constants.c&rev=1.13&mark=86,89#79 + return 0 == strcmp(PK11_GetSlotName(root->slot), "NSS Builtin Objects"); + } + + TrustStoreCollection trust_store_; + TrustStoreInMemory additional_trust_store_; + + TrustStoreNSS trust_store_nss_; + CertIssuerSourceNSS cert_issuer_source_nss_; +}; +#endif + +std::unique_ptr<SystemTrustStore> CreateSystemTrustStore( + const CertificateList& additional_trust_anchors) { +#if defined(USE_NSS_CERTS) + return base::MakeUnique<SystemTrustStoreNSS>(additional_trust_anchors); +#else + // TODO(crbug.com/649017): Integrate with other system trust stores. + NOTIMPLEMENTED(); + return nullptr; +#endif +} + +// Appends the SHA1 and SHA256 hashes of |spki_bytes| to |*hashes|. +void AppendPublicKeyHashes(const der::Input& spki_bytes, + HashValueVector* hashes) { + HashValue sha1(HASH_VALUE_SHA1); + base::SHA1HashBytes(spki_bytes.UnsafeData(), spki_bytes.Length(), + sha1.data()); + hashes->push_back(sha1); + + HashValue sha256(HASH_VALUE_SHA256); + crypto::SHA256HashString(spki_bytes.AsStringPiece(), sha256.data(), + crypto::kSHA256Length); + hashes->push_back(sha256); +} + +// Appends the SubjectPublicKeyInfo hashes for all certificates (and trust +// anchor) in |partial_path| to |*hashes|. +void AppendPublicKeyHashes(const CertPathBuilder::ResultPath& partial_path, + HashValueVector* hashes) { + for (const scoped_refptr<ParsedCertificate>& cert : partial_path.path.certs) + AppendPublicKeyHashes(cert->tbs().spki_tlv, hashes); + + if (partial_path.path.trust_anchor) + AppendPublicKeyHashes(partial_path.path.trust_anchor->spki(), hashes); +} + +// Sets the bits on |cert_status| for all the errors present in |errors| (the +// errors for a particular path). +void MapPathBuilderErrorsToCertStatus(const CertPathErrors& errors, + CertStatus* cert_status) { + // If there were no errors, nothing to do. + if (!errors.ContainsHighSeverityErrors()) + return; + + if (errors.ContainsError(kRsaModulusTooSmall)) + *cert_status |= CERT_STATUS_WEAK_KEY; + + if (errors.ContainsError(kValidityFailedNotAfter) || + errors.ContainsError(kValidityFailedNotBefore)) { + *cert_status |= CERT_STATUS_DATE_INVALID; + } + + // IMPORTANT: If the path was invalid for a reason that was not + // explicity checked above, set a general error. This is important as + // |cert_status| is what ultimately indicates whether verification was + // successful or not (absense of errors implies success). + if (!IsCertStatusError(*cert_status)) + *cert_status |= CERT_STATUS_INVALID; +} + +X509Certificate::OSCertHandle CreateOSCertHandle( + const scoped_refptr<ParsedCertificate>& certificate) { + return X509Certificate::CreateOSCertHandleFromBytes( + reinterpret_cast<const char*>(certificate->der_cert().UnsafeData()), + certificate->der_cert().Length()); +} + +// Creates a X509Certificate (chain) to return as the verified result. +// +// * |target_cert|: The original X509Certificate that was passed in to +// VerifyInternal() +// * |path|: The result (possibly failed) from path building. +scoped_refptr<X509Certificate> CreateVerifiedCertChain( + X509Certificate* target_cert, + const CertPathBuilder::ResultPath& path) { + X509Certificate::OSCertHandles intermediates; + + // Skip the first certificate in the path as that is the target certificate + for (size_t i = 1; i < path.path.certs.size(); ++i) + intermediates.push_back(CreateOSCertHandle(path.path.certs[i])); + + if (path.path.trust_anchor) { + // TODO(eroman): This assumes that TrustAnchor::cert() cannot be null, + // which disagrees with the documentation. + intermediates.push_back(CreateOSCertHandle(path.path.trust_anchor->cert())); + } + + scoped_refptr<X509Certificate> result = X509Certificate::CreateFromHandle( + target_cert->os_cert_handle(), intermediates); + // |target_cert| was already successfully parsed, so this should never fail. + DCHECK(result); + + for (const X509Certificate::OSCertHandle handle : intermediates) + X509Certificate::FreeOSCertHandle(handle); + + return result; +} + +// TODO(crbug.com/649017): Make use of |flags|, |crl_set|, and |ocsp_response|. +// Also handle key usages, policies and EV. +// +// Any failure short-circuits from the function must set +// |verify_result->cert_status|. +void DoVerify(X509Certificate* input_cert, + const std::string& hostname, + const std::string& ocsp_response, + int flags, + CRLSet* crl_set, + const CertificateList& additional_trust_anchors, + CertVerifyResult* verify_result) { + CertErrors parsing_errors; + + // Parse the target certificate. + scoped_refptr<ParsedCertificate> target = ParseCertificateFromOSHandle( + input_cert->os_cert_handle(), &parsing_errors); + if (!target) { + // TODO(crbug.com/634443): Surface these parsing errors? + verify_result->cert_status |= CERT_STATUS_INVALID; + return; + } + + std::unique_ptr<SystemTrustStore> trust_store = + CreateSystemTrustStore(additional_trust_anchors); + + // TODO(eroman): The path building code in this file enforces its idea of weak + // keys, and separately cert_verify_proc.cc also checks the chains with its + // own policy. These policies should be aligned, to give path building the + // best chance of finding a good path. + // Another difference to resolve is the path building here does not check the + // target certificate's key strength, whereas cert_verify_proc.cc does. + SimpleSignaturePolicy signature_policy(1024); + + // Use the current time. + der::GeneralizedTime verification_time; + if (!der::EncodeTimeAsGeneralizedTime(base::Time::Now(), + &verification_time)) { + // This really shouldn't be possible unless Time::Now() returned + // something crazy. + verify_result->cert_status |= CERT_STATUS_DATE_INVALID; + return; + } + + // Initialize the path builder. + CertPathBuilder::Result result; + CertPathBuilder path_builder(target, trust_store->GetTrustStore(), + &signature_policy, verification_time, + KeyPurpose::SERVER_AUTH, &result); + + // Allow the path builder to discover intermediates from the trust store. + if (trust_store->GetCertIssuerSource()) + path_builder.AddCertIssuerSource(trust_store->GetCertIssuerSource()); + + // Allow the path builder to discover the explicitly provided intermediates in + // |input_cert|. + CertIssuerSourceStatic intermediates; + AddIntermediatesToIssuerSource(input_cert, &intermediates); + path_builder.AddCertIssuerSource(&intermediates); + + // TODO(crbug.com/649017): Allow the path builder to discover intermediates + // through AIA fetching. + + path_builder.Run(); + + if (result.best_result_index >= result.paths.size()) { + // TODO(crbug.com/634443): What errors to communicate? Maybe the path + // builder should always return some partial path (even if just containing + // the target), then there is a CertErrors to test. + verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID; + return; + } + + // Use the best path that was built. This could be a partial path, or it could + // be a valid complete path. + const CertPathBuilder::ResultPath& partial_path = + *result.paths[result.best_result_index].get(); + + if (partial_path.path.trust_anchor) { + verify_result->is_issued_by_known_root = + trust_store->IsKnownRoot(partial_path.path.trust_anchor); + + verify_result->is_issued_by_additional_trust_anchor = + trust_store->IsAdditionalTrustAnchor(partial_path.path.trust_anchor); + } else { + // TODO(eroman): This shouldn't be necessary -- partial_path.errors should + // contain an error if it didn't chain to trust anchor. + verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID; + } + + verify_result->verified_cert = + CreateVerifiedCertChain(input_cert, partial_path); + + AppendPublicKeyHashes(partial_path, &verify_result->public_key_hashes); + MapPathBuilderErrorsToCertStatus(partial_path.errors, + &verify_result->cert_status); + + // TODO(eroman): Is it possible that IsValid() fails but no errors were set in + // partial_path.errors? + CHECK(partial_path.IsValid() || + IsCertStatusError(verify_result->cert_status)); + + if (partial_path.errors.ContainsHighSeverityErrors()) { + LOG(ERROR) << "CertVerifyProcBuiltin for " << hostname << " failed:\n" + << partial_path.errors.ToDebugString(partial_path.path.certs); + } +} + +int CertVerifyProcBuiltin::VerifyInternal( + X509Certificate* input_cert, + const std::string& hostname, + const std::string& ocsp_response, + int flags, + CRLSet* crl_set, + const CertificateList& additional_trust_anchors, + CertVerifyResult* verify_result) { + DoVerify(input_cert, hostname, ocsp_response, flags, crl_set, + additional_trust_anchors, verify_result); + + return IsCertStatusError(verify_result->cert_status) + ? MapCertStatusToNetError(verify_result->cert_status) + : OK; +} + +} // namespace + +scoped_refptr<CertVerifyProc> CreateCertVerifyProcBuiltin() { + return scoped_refptr<CertVerifyProc>(new CertVerifyProcBuiltin()); +} + +} // namespace net diff --git a/chromium/net/cert/cert_verify_proc_builtin.h b/chromium/net/cert/cert_verify_proc_builtin.h new file mode 100644 index 00000000000..63bfc2cae73 --- /dev/null +++ b/chromium/net/cert/cert_verify_proc_builtin.h @@ -0,0 +1,22 @@ +// Copyright (c) 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_CERT_CERT_VERIFY_PROC_BUILTIN_H_ +#define NET_CERT_CERT_VERIFY_PROC_BUILTIN_H_ + +#include "base/memory/ref_counted.h" +#include "net/base/net_export.h" + +namespace net { + +class CertVerifyProc; + +// TODO(crbug.com/649017): This is not how other cert_verify_proc_*.h are +// implemented -- they expose the type in the header. Use a consistent style +// here too. +NET_EXPORT scoped_refptr<CertVerifyProc> CreateCertVerifyProcBuiltin(); + +} // namespace net + +#endif // NET_CERT_CERT_VERIFY_PROC_BUILTIN_H_ diff --git a/chromium/net/cert/cert_verify_proc_ios.cc b/chromium/net/cert/cert_verify_proc_ios.cc index 84ecd2aea84..527326e6bb8 100644 --- a/chromium/net/cert/cert_verify_proc_ios.cc +++ b/chromium/net/cert/cert_verify_proc_ios.cc @@ -116,12 +116,16 @@ void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) { } std::string der_bytes; - if (!X509Certificate::GetDEREncoded(chain_cert, &der_bytes)) + if (!X509Certificate::GetDEREncoded(chain_cert, &der_bytes)) { + verify_result->cert_status |= CERT_STATUS_INVALID; return; + } base::StringPiece spki_bytes; - if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) - continue; + if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) { + verify_result->cert_status |= CERT_STATUS_INVALID; + return; + } HashValue sha1(HASH_VALUE_SHA1); CC_SHA1(spki_bytes.data(), spki_bytes.size(), sha1.data()); @@ -139,11 +143,16 @@ void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) { } if (!verified_cert) { NOTREACHED(); + verify_result->cert_status |= CERT_STATUS_INVALID; return; } - verify_result->verified_cert = + scoped_refptr<X509Certificate> verified_cert_with_chain = X509Certificate::CreateFromHandle(verified_cert, verified_chain); + if (verified_cert_with_chain) + verify_result->verified_cert = std::move(verified_cert_with_chain); + else + verify_result->cert_status |= CERT_STATUS_INVALID; } } // namespace diff --git a/chromium/net/cert/cert_verify_proc_mac.cc b/chromium/net/cert/cert_verify_proc_mac.cc index c6a3f0e37a3..0ed65a6039c 100644 --- a/chromium/net/cert/cert_verify_proc_mac.cc +++ b/chromium/net/cert/cert_verify_proc_mac.cc @@ -197,17 +197,23 @@ void CopyCertChainToVerifyResult(CFArrayRef cert_chain, } if (!verified_cert) { NOTREACHED(); + verify_result->cert_status |= CERT_STATUS_INVALID; return; } - verify_result->verified_cert = - X509Certificate::CreateFromHandle(verified_cert, verified_chain); + scoped_refptr<X509Certificate> verified_cert_with_chain = + x509_util::CreateX509CertificateFromSecCertificate(verified_cert, + verified_chain); + if (verified_cert_with_chain) + verify_result->verified_cert = std::move(verified_cert_with_chain); + else + verify_result->cert_status |= CERT_STATUS_INVALID; } // Returns true if the certificate uses MD2, MD4, MD5, or SHA1, and false // otherwise. A return of false also includes the case where the signature // algorithm couldn't be conclusively labeled as weak. -bool CertUsesWeakHash(X509Certificate::OSCertHandle cert_handle) { +bool CertUsesWeakHash(SecCertificateRef cert_handle) { x509_util::CSSMCachedCertificate cached_cert; OSStatus status = cached_cert.Init(cert_handle); if (status) @@ -273,34 +279,14 @@ bool IsWeakChainBasedOnHashingAlgorithms( return !leaf_uses_weak_hash && intermediates_contain_weak_hash; } -using ExtensionsMap = std::map<net::der::Input, net::ParsedExtension>; - -// Helper that looks up an extension by OID given a map of extensions. -bool GetExtensionValue(const ExtensionsMap& extensions, - const net::der::Input& oid, - net::der::Input* value) { - auto it = extensions.find(oid); - if (it == extensions.end()) - return false; - *value = it->second.value; - return true; -} - // Checks if |*cert| has a Certificate Policies extension containing either // of |ev_policy_oid| or anyPolicy. bool HasPolicyOrAnyPolicy(const ParsedCertificate* cert, const der::Input& ev_policy_oid) { - der::Input extension_value; - if (!GetExtensionValue(cert->unparsed_extensions(), CertificatePoliciesOid(), - &extension_value)) { + if (!cert->has_policy_oids()) return false; - } - std::vector<der::Input> policies; - if (!ParseCertificatePoliciesExtension(extension_value, &policies)) - return false; - - for (const der::Input& policy_oid : policies) { + for (const der::Input& policy_oid : cert->policy_oids()) { if (policy_oid == ev_policy_oid || policy_oid == AnyPolicy()) return true; } @@ -324,18 +310,11 @@ void GetCandidateEVPolicy(const X509Certificate* cert_input, if (!cert) return; - der::Input extension_value; - if (!GetExtensionValue(cert->unparsed_extensions(), CertificatePoliciesOid(), - &extension_value)) { - return; - } - - std::vector<der::Input> policies; - if (!ParseCertificatePoliciesExtension(extension_value, &policies)) + if (!cert->has_policy_oids()) return; EVRootCAMetadata* metadata = EVRootCAMetadata::GetInstance(); - for (const der::Input& policy_oid : policies) { + for (const der::Input& policy_oid : cert->policy_oids()) { if (metadata->IsEVPolicyOID(policy_oid)) { *ev_policy_oid = policy_oid.AsString(); @@ -638,12 +617,12 @@ class OSXKnownRootHelper { return false; SecCertificateRef root_ref = reinterpret_cast<SecCertificateRef>( const_cast<void*>(CFArrayGetValueAtIndex(chain, n - 1))); - SHA256HashValue hash = X509Certificate::CalculateFingerprint256(root_ref); + SHA256HashValue hash = x509_util::CalculateFingerprint256(root_ref); return known_roots_.find(hash) != known_roots_.end(); } private: - friend struct base::DefaultLazyInstanceTraits<OSXKnownRootHelper>; + friend struct base::LazyInstanceTraitsBase<OSXKnownRootHelper>; OSXKnownRootHelper() { CFArrayRef cert_array = NULL; @@ -658,7 +637,7 @@ class OSXKnownRootHelper { for (CFIndex i = 0, size = CFArrayGetCount(cert_array); i < size; ++i) { SecCertificateRef cert = reinterpret_cast<SecCertificateRef>( const_cast<void*>(CFArrayGetValueAtIndex(cert_array, i))); - known_roots_.insert(X509Certificate::CalculateFingerprint256(cert)); + known_roots_.insert(x509_util::CalculateFingerprint256(cert)); } } @@ -804,7 +783,9 @@ int VerifyWithGivenFlags(X509Certificate* cert, } ScopedCFTypeRef<CFMutableArrayRef> cert_array( - cert->CreateOSCertChainForCert()); + x509_util::CreateSecCertificateArrayForX509Certificate(cert)); + if (!cert_array) + return ERR_CERT_INVALID; // Beginning with the certificate chain as supplied by the server, attempt // to verify the chain. If a failure is encountered, trim a certificate diff --git a/chromium/net/cert/cert_verify_proc_nss.cc b/chromium/net/cert/cert_verify_proc_nss.cc index 8357b78f249..48aca1dfd43 100644 --- a/chromium/net/cert/cert_verify_proc_nss.cc +++ b/chromium/net/cert/cert_verify_proc_nss.cc @@ -195,8 +195,13 @@ void GetCertChainInfo(CERTCertList* cert_list, if (root_cert) verified_chain.push_back(root_cert); - verify_result->verified_cert = + + scoped_refptr<X509Certificate> verified_cert_with_chain = X509Certificate::CreateFromHandle(verified_cert, verified_chain); + if (verified_cert_with_chain) + verify_result->verified_cert = std::move(verified_cert_with_chain); + else + verify_result->cert_status |= CERT_STATUS_INVALID; } // IsKnownRoot returns true if the given certificate is one that we believe diff --git a/chromium/net/cert/cert_verify_proc_openssl.cc b/chromium/net/cert/cert_verify_proc_openssl.cc index 13a19d8e163..20c0ad5b1d0 100644 --- a/chromium/net/cert/cert_verify_proc_openssl.cc +++ b/chromium/net/cert/cert_verify_proc_openssl.cc @@ -109,8 +109,12 @@ void GetCertChainInfo(X509_STORE_CTX* store_ctx, // Set verify_result->verified_cert and // verify_result->is_issued_by_known_root. if (verified_cert) { - verify_result->verified_cert = + scoped_refptr<X509Certificate> verified_cert_with_chain = X509Certificate::CreateFromHandle(verified_cert, verified_chain); + if (verified_cert_with_chain) + verify_result->verified_cert = std::move(verified_cert_with_chain); + else + verify_result->cert_status |= CERT_STATUS_INVALID; // For OpenSSL builds, only certificates used for unit tests are treated // as not issued by known roots. The only way to determine whether a diff --git a/chromium/net/cert/cert_verify_proc_unittest.cc b/chromium/net/cert/cert_verify_proc_unittest.cc index 93437474b33..fdb254d1bc5 100644 --- a/chromium/net/cert/cert_verify_proc_unittest.cc +++ b/chromium/net/cert/cert_verify_proc_unittest.cc @@ -21,6 +21,7 @@ #include "net/cert/asn1_util.h" #include "net/cert/cert_status_flags.h" #include "net/cert/cert_verifier.h" +#include "net/cert/cert_verify_proc_builtin.h" #include "net/cert/cert_verify_result.h" #include "net/cert/crl_set.h" #include "net/cert/crl_set_storage.h" @@ -48,6 +49,9 @@ #include "base/win/windows_version.h" #endif +// TODO(crbug.com/649017): Add tests that only certificates with +// serverAuth are accepted. + using net::test::IsError; using net::test::IsOk; @@ -113,6 +117,7 @@ enum CertVerifyProcType { CERT_VERIFY_PROC_IOS, CERT_VERIFY_PROC_MAC, CERT_VERIFY_PROC_WIN, + CERT_VERIFY_PROC_BUILTIN, }; // Returns the CertVerifyProcType corresponding to what @@ -162,6 +167,8 @@ std::string VerifyProcTypeToName( return "CertVerifyProcMac"; case CERT_VERIFY_PROC_WIN: return "CertVerifyProcWin"; + case CERT_VERIFY_PROC_BUILTIN: + return "CertVerifyProcBuiltin"; } return nullptr; @@ -170,13 +177,21 @@ std::string VerifyProcTypeToName( // The set of all CertVerifyProcTypes that tests should be // parameterized on. const std::vector<CertVerifyProcType> kAllCertVerifiers = { - GetDefaultCertVerifyProcType()}; + GetDefaultCertVerifyProcType() + +// TODO(crbug.com/649017): Enable this everywhere. Right now this is +// gated on having CertVerifyProcBuiltin understand the roots added +// via TestRootCerts. +#if defined(USE_NSS_CERTS) + , + CERT_VERIFY_PROC_BUILTIN +#endif +}; } // namespace // This fixture is for tests that apply to concrete implementations of -// CertVerifyProc. It will be run for all of the concrete -// CertVerifyProc types. +// CertVerifyProc. It will be run for all of the concrete CertVerifyProc types. // // It is called "Internal" as it tests the internal methods like // "VerifyInternal()". @@ -184,8 +199,14 @@ class CertVerifyProcInternalTest : public testing::TestWithParam<CertVerifyProcType> { protected: void SetUp() override { - EXPECT_EQ(verify_proc_type(), GetDefaultCertVerifyProcType()); - verify_proc_ = CertVerifyProc::CreateDefault(); + CertVerifyProcType type = verify_proc_type(); + if (type == CERT_VERIFY_PROC_BUILTIN) { + verify_proc_ = CreateCertVerifyProcBuiltin(); + } else if (type == GetDefaultCertVerifyProcType()) { + verify_proc_ = CertVerifyProc::CreateDefault(); + } else { + ADD_FAILURE() << "Unhandled CertVerifyProcType"; + } } int Verify(X509Certificate* cert, @@ -243,12 +264,14 @@ class CertVerifyProcInternalTest } bool SupportsCRLSet() const { + // TODO(crbug.com/649017): Return true for CERT_VERIFY_PROC_BUILTIN. return verify_proc_type() == CERT_VERIFY_PROC_NSS || verify_proc_type() == CERT_VERIFY_PROC_WIN || verify_proc_type() == CERT_VERIFY_PROC_MAC; } bool SupportsCRLSetsInPathBuilding() const { + // TODO(crbug.com/649017): Return true for CERT_VERIFY_PROC_BUILTIN. return verify_proc_type() == CERT_VERIFY_PROC_WIN || verify_proc_type() == CERT_VERIFY_PROC_NSS; } @@ -280,18 +303,11 @@ TEST_P(CertVerifyProcInternalTest, DISABLED_EVVerification) { return; } - CertificateList certs = - CreateCertificateListFromFile(GetTestCertsDirectory(), "comodo.chain.pem", - X509Certificate::FORMAT_PEM_CERT_SEQUENCE); - ASSERT_EQ(3U, certs.size()); - - X509Certificate::OSCertHandles intermediates; - intermediates.push_back(certs[1]->os_cert_handle()); - intermediates.push_back(certs[2]->os_cert_handle()); - - scoped_refptr<X509Certificate> comodo_chain = - X509Certificate::CreateFromHandle(certs[0]->os_cert_handle(), - intermediates); + scoped_refptr<X509Certificate> comodo_chain = CreateCertificateChainFromFile( + GetTestCertsDirectory(), "comodo.chain.pem", + X509Certificate::FORMAT_PEM_CERT_SEQUENCE); + ASSERT_TRUE(comodo_chain); + ASSERT_EQ(2U, comodo_chain->GetIntermediateCertificates().size()); scoped_refptr<CRLSet> crl_set(CRLSet::ForTesting(false, NULL, "")); CertVerifyResult verify_result; @@ -424,13 +440,10 @@ TEST_P(CertVerifyProcInternalTest, RejectExpiredCert) { ScopedTestRoot test_root( ImportCertFromFile(certs_dir, "root_ca_cert.pem").get()); - CertificateList certs = CreateCertificateListFromFile( + scoped_refptr<X509Certificate> cert = CreateCertificateChainFromFile( certs_dir, "expired_cert.pem", X509Certificate::FORMAT_AUTO); - ASSERT_EQ(1U, certs.size()); - - X509Certificate::OSCertHandles intermediates; - scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( - certs[0]->os_cert_handle(), intermediates); + ASSERT_TRUE(cert); + ASSERT_EQ(0U, cert->GetIntermediateCertificates().size()); int flags = 0; CertVerifyResult verify_result; @@ -498,6 +511,7 @@ TEST_P(CertVerifyProcInternalTest, RejectWeakKeys) { scoped_refptr<X509Certificate> cert_chain = X509Certificate::CreateFromHandle(ee_cert->os_cert_handle(), intermediates); + ASSERT_TRUE(cert_chain); CertVerifyResult verify_result; int error = Verify(cert_chain.get(), "127.0.0.1", 0, NULL, @@ -553,6 +567,7 @@ TEST_P(CertVerifyProcInternalTest, ExtraneousMD5RootCert) { intermediates.push_back(extra_cert->os_cert_handle()); scoped_refptr<X509Certificate> cert_chain = X509Certificate::CreateFromHandle( server_cert->os_cert_handle(), intermediates); + ASSERT_TRUE(cert_chain); CertVerifyResult verify_result; int flags = 0; @@ -587,6 +602,7 @@ TEST_P(CertVerifyProcInternalTest, GoogleDigiNotarTest) { intermediates.push_back(intermediate_cert->os_cert_handle()); scoped_refptr<X509Certificate> cert_chain = X509Certificate::CreateFromHandle( server_cert->os_cert_handle(), intermediates); + ASSERT_TRUE(cert_chain); CertVerifyResult verify_result; int flags = CertVerifier::VERIFY_REV_CHECKING_ENABLED; @@ -653,14 +669,11 @@ TEST_P(CertVerifyProcInternalTest, NameConstraintsOk) { ASSERT_EQ(1U, ca_cert_list.size()); ScopedTestRoot test_root(ca_cert_list[0].get()); - CertificateList cert_list = CreateCertificateListFromFile( + scoped_refptr<X509Certificate> leaf = CreateCertificateChainFromFile( GetTestCertsDirectory(), "name_constraint_good.pem", X509Certificate::FORMAT_AUTO); - ASSERT_EQ(1U, cert_list.size()); - - X509Certificate::OSCertHandles intermediates; - scoped_refptr<X509Certificate> leaf = X509Certificate::CreateFromHandle( - cert_list[0]->os_cert_handle(), intermediates); + ASSERT_TRUE(leaf); + ASSERT_EQ(0U, leaf->GetIntermediateCertificates().size()); int flags = 0; CertVerifyResult verify_result; @@ -693,13 +706,20 @@ class CertVerifyProcInspectSignatureAlgorithmsTest : public ::testing::Test { DigestAlgorithm tbs_algorithm; }; - // On iOS trying to import a certificate with mismatched signature will - // fail. Consequently the rest of the tests can't be performed. + // On some platforms trying to import a certificate with mismatched signature + // will fail. Consequently the rest of the tests can't be performed. WARN_UNUSED_RESULT bool SupportsImportingMismatchedAlgorithms() const { #if defined(OS_IOS) LOG(INFO) << "Skipping test on iOS because certs with mismatched " "algorithms cannot be imported"; return false; +#elif defined(OS_MACOSX) + if (base::mac::IsAtLeastOS10_12()) { + LOG(INFO) << "Skipping test on macOS >= 10.12 because certs with " + "mismatched algorithms cannot be imported"; + return false; + } + return true; #else return true; #endif @@ -1052,6 +1072,7 @@ TEST_P(CertVerifyProcInternalTest, NameConstraintsFailure) { X509Certificate::OSCertHandles intermediates; scoped_refptr<X509Certificate> leaf = X509Certificate::CreateFromHandle( cert_list[0]->os_cert_handle(), intermediates); + ASSERT_TRUE(leaf); int flags = 0; CertVerifyResult verify_result; @@ -1109,6 +1130,7 @@ TEST_P(CertVerifyProcInternalTest, DISABLED_TestKnownRoot) { scoped_refptr<X509Certificate> cert_chain = X509Certificate::CreateFromHandle( certs[0]->os_cert_handle(), intermediates); + ASSERT_TRUE(cert_chain); int flags = 0; CertVerifyResult verify_result; @@ -1180,6 +1202,11 @@ TEST_P(CertVerifyProcInternalTest, PublicKeyHashes) { // The Key Usage extension in this RSA SSL server certificate does not have // the keyEncipherment bit. TEST_P(CertVerifyProcInternalTest, InvalidKeyUsage) { + if (verify_proc_type() == CERT_VERIFY_PROC_BUILTIN) { + LOG(INFO) << "TODO(crbug.com/649017): Skipping test as not yet implemented " + "in builting verifier"; + return; + } base::FilePath certs_dir = GetTestCertsDirectory(); scoped_refptr<X509Certificate> server_cert = diff --git a/chromium/net/cert/cert_verify_proc_win.cc b/chromium/net/cert/cert_verify_proc_win.cc index 28867677b14..7f4d98d2334 100644 --- a/chromium/net/cert/cert_verify_proc_win.cc +++ b/chromium/net/cert/cert_verify_proc_win.cc @@ -369,8 +369,12 @@ void GetCertChainInfo(PCCERT_CHAIN_CONTEXT chain_context, // Add the root certificate, if present, as it was not added above. if (has_root_ca) verified_chain.push_back(element[num_elements]->pCertContext); - verify_result->verified_cert = - X509Certificate::CreateFromHandle(verified_cert, verified_chain); + scoped_refptr<X509Certificate> verified_cert_with_chain = + X509Certificate::CreateFromHandle(verified_cert, verified_chain); + if (verified_cert_with_chain) + verify_result->verified_cert = std::move(verified_cert_with_chain); + else + verify_result->cert_status |= CERT_STATUS_INVALID; } } @@ -662,7 +666,7 @@ class RevocationInjector { void SetCRLSet(CRLSet* crl_set) { thread_local_crlset.Set(crl_set); } private: - friend struct base::DefaultLazyInstanceTraits<RevocationInjector>; + friend struct base::LazyInstanceTraitsBase<RevocationInjector>; RevocationInjector() { const CRYPT_OID_FUNC_ENTRY kInterceptFunction[] = { diff --git a/chromium/net/cert/ct_known_logs_static-inc.h b/chromium/net/cert/ct_known_logs_static-inc.h index 08b42960037..c6b0864255a 100644 --- a/chromium/net/cert/ct_known_logs_static-inc.h +++ b/chromium/net/cert/ct_known_logs_static-inc.h @@ -64,26 +64,6 @@ const CTLogInfo kCTLogList[] = { "\x99\x08\x3d\x21\x14\x86", 91, "Symantec log", "https://ct.ws.symantec.com/", "symantec.ct.googleapis.com"}, - {"\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01" - "\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa2" - "\x5a\x48\x1f\x17\x52\x95\x35\xcb\xa3\x5b\x3a\x1f\x53\x82\x76\x94\xa3" - "\xff\x80\xf2\x1c\x37\x3c\xc0\xb1\xbd\xc1\x59\x8b\xab\x2d\x65\x93\xd7" - "\xf3\xe0\x04\xd5\x9a\x6f\xbf\xd6\x23\x76\x36\x4f\x23\x99\xcb\x54\x28" - "\xad\x8c\x15\x4b\x65\x59\x76\x41\x4a\x9c\xa6\xf7\xb3\x3b\x7e\xb1\xa5" - "\x49\xa4\x17\x51\x6c\x80\xdc\x2a\x90\x50\x4b\x88\x24\xe9\xa5\x12\x32" - "\x93\x04\x48\x90\x02\xfa\x5f\x0e\x30\x87\x8e\x55\x76\x05\xee\x2a\x4c" - "\xce\xa3\x6a\x69\x09\x6e\x25\xad\x82\x76\x0f\x84\x92\xfa\x38\xd6\x86" - "\x4e\x24\x8f\x9b\xb0\x72\xcb\x9e\xe2\x6b\x3f\xe1\x6d\xc9\x25\x75\x23" - "\x88\xa1\x18\x58\x06\x23\x33\x78\xda\x00\xd0\x38\x91\x67\xd2\xa6\x7d" - "\x27\x97\x67\x5a\xc1\xf3\x2f\x17\xe6\xea\xd2\x5b\xe8\x81\xcd\xfd\x92" - "\x68\xe7\xf3\x06\xf0\xe9\x72\x84\xee\x01\xa5\xb1\xd8\x33\xda\xce\x83" - "\xa5\xdb\xc7\xcf\xd6\x16\x7e\x90\x75\x18\xbf\x16\xdc\x32\x3b\x6d\x8d" - "\xab\x82\x17\x1f\x89\x20\x8d\x1d\x9a\xe6\x4d\x23\x08\xdf\x78\x6f\xc6" - "\x05\xbf\x5f\xae\x94\x97\xdb\x5f\x64\xd4\xee\x16\x8b\xa3\x84\x6c\x71" - "\x2b\xf1\xab\x7f\x5d\x0d\x32\xee\x04\xe2\x90\xec\x41\x9f\xfb\x39\xc1" - "\x02\x03\x01\x00\x01", - 294, "Venafi log", "https://ctlog.api.venafi.com/", - "venafi.ct.googleapis.com"}, {"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86" "\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xea\x95\x9e\x02\xff\xee\xf1" "\x33\x6d\x4b\x87\xbc\xcd\xfd\x19\x17\x62\xff\x94\xd3\xd0\x59\x07\x3f" @@ -163,7 +143,15 @@ const CTLogInfo kCTLogList[] = { "\x78\x35\x2d\x4a\xe7\x40\x99\x11\x95\x34\xd4\x2f\x7f\xf9\x5f\x35\x37" "\x02\x03\x01\x00\x01", 294, "PuChuangSiDa CT Log 1", "https://www.certificatetransparency.cn/ct/", - "puchuangsida1.ct.googleapis.com"}}; + "puchuangsida1.ct.googleapis.com"}, + {"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86" + "\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x8e\x27\x27\x7a\xb6\x55\x09" + "\x74\xeb\x6c\x4b\x94\x84\x65\xbc\xe4\x15\xf1\xea\x5a\xd8\x7c\x0e\x37" + "\xce\xba\x3f\x6c\x09\xda\xe7\x29\x96\xd3\x45\x50\x6f\xde\x1e\xb4\x1c" + "\xd2\x83\x88\xff\x29\x2f\xce\xa9\xff\xdf\x34\xde\x75\x0f\xc0\xcc\x18" + "\x0d\x94\x2e\xfc\x37\x01", + 91, "Venafi Gen2 CT log", "https://ctlog-gen2.api.venafi.com/", + "venafi2.ct.googleapis.com"}}; // Information related to previously-qualified, but now disqualified, CT // logs. @@ -196,6 +184,32 @@ const DisqualifiedCTLogInfo kDisqualifiedCTLogList[] = { base::TimeDelta::FromSeconds(1464566400), }, { + "\xac\x3b\x9a\xed\x7f\xa9\x67\x47\x57\x15\x9e\x6d\x7d\x57\x56\x72\xf9" + "\xd9\x81\x00\x94\x1e\x9b\xde\xff\xec\xa1\x31\x3b\x75\x78\x2d", + {"\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01" + "\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa2" + "\x5a\x48\x1f\x17\x52\x95\x35\xcb\xa3\x5b\x3a\x1f\x53\x82\x76\x94\xa3" + "\xff\x80\xf2\x1c\x37\x3c\xc0\xb1\xbd\xc1\x59\x8b\xab\x2d\x65\x93\xd7" + "\xf3\xe0\x04\xd5\x9a\x6f\xbf\xd6\x23\x76\x36\x4f\x23\x99\xcb\x54\x28" + "\xad\x8c\x15\x4b\x65\x59\x76\x41\x4a\x9c\xa6\xf7\xb3\x3b\x7e\xb1\xa5" + "\x49\xa4\x17\x51\x6c\x80\xdc\x2a\x90\x50\x4b\x88\x24\xe9\xa5\x12\x32" + "\x93\x04\x48\x90\x02\xfa\x5f\x0e\x30\x87\x8e\x55\x76\x05\xee\x2a\x4c" + "\xce\xa3\x6a\x69\x09\x6e\x25\xad\x82\x76\x0f\x84\x92\xfa\x38\xd6\x86" + "\x4e\x24\x8f\x9b\xb0\x72\xcb\x9e\xe2\x6b\x3f\xe1\x6d\xc9\x25\x75\x23" + "\x88\xa1\x18\x58\x06\x23\x33\x78\xda\x00\xd0\x38\x91\x67\xd2\xa6\x7d" + "\x27\x97\x67\x5a\xc1\xf3\x2f\x17\xe6\xea\xd2\x5b\xe8\x81\xcd\xfd\x92" + "\x68\xe7\xf3\x06\xf0\xe9\x72\x84\xee\x01\xa5\xb1\xd8\x33\xda\xce\x83" + "\xa5\xdb\xc7\xcf\xd6\x16\x7e\x90\x75\x18\xbf\x16\xdc\x32\x3b\x6d\x8d" + "\xab\x82\x17\x1f\x89\x20\x8d\x1d\x9a\xe6\x4d\x23\x08\xdf\x78\x6f\xc6" + "\x05\xbf\x5f\xae\x94\x97\xdb\x5f\x64\xd4\xee\x16\x8b\xa3\x84\x6c\x71" + "\x2b\xf1\xab\x7f\x5d\x0d\x32\xee\x04\xe2\x90\xec\x41\x9f\xfb\x39\xc1" + "\x02\x03\x01\x00\x01", + 294, "Venafi log", "https://ctlog.api.venafi.com/", + "venafi.ct.googleapis.com"}, + // 2017-02-28 18:42:26 UTC + base::TimeDelta::FromSeconds(1488307346), + }, + { "\xcd\xb5\x17\x9b\x7f\xc1\xc0\x46\xfe\xea\x31\x13\x6a\x3f\x8f\x00\x2e" "\x61\x82\xfa\xf8\x89\x6f\xec\xc8\xb2\xf5\xb5\xab\x60\x49\x00", {"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86" diff --git a/chromium/net/cert/ct_objects_extractor.cc b/chromium/net/cert/ct_objects_extractor.cc index 1a6e6e4772d..852bf827015 100644 --- a/chromium/net/cert/ct_objects_extractor.cc +++ b/chromium/net/cert/ct_objects_extractor.cc @@ -41,7 +41,9 @@ bool StringEqualToCBS(const std::string& value1, const CBS* value2) { bssl::UniquePtr<X509> OSCertHandleToOpenSSL( X509Certificate::OSCertHandle os_handle) { -#if defined(USE_OPENSSL_CERTS) +#if BUILDFLAG(USE_BYTE_CERTS) + return bssl::UniquePtr<X509>(X509_parse_from_buffer(os_handle)); +#elif defined(USE_OPENSSL_CERTS) return bssl::UniquePtr<X509>(X509Certificate::DupOSCertHandle(os_handle)); #else std::string der_encoded; diff --git a/chromium/net/cert/ct_objects_extractor_unittest.cc b/chromium/net/cert/ct_objects_extractor_unittest.cc index 8f8896938cd..107364511de 100644 --- a/chromium/net/cert/ct_objects_extractor_unittest.cc +++ b/chromium/net/cert/ct_objects_extractor_unittest.cc @@ -30,6 +30,7 @@ class CTObjectsExtractorTest : public ::testing::Test { std::string der_test_cert(ct::GetDerEncodedX509Cert()); test_cert_ = X509Certificate::CreateFromBytes(der_test_cert.data(), der_test_cert.length()); + ASSERT_TRUE(test_cert_); log_ = CTLogVerifier::Create(ct::GetTestPublicKey(), "testlog", "https://ct.example.com", "dns.example.com"); @@ -129,10 +130,12 @@ TEST_F(CTObjectsExtractorTest, ExtractSCTListFromOCSPResponse) { scoped_refptr<X509Certificate> subject_cert = X509Certificate::CreateFromBytes(der_subject_cert.data(), der_subject_cert.length()); + ASSERT_TRUE(subject_cert); std::string der_issuer_cert(ct::GetDerEncodedFakeOCSPResponseIssuerCert()); scoped_refptr<X509Certificate> issuer_cert = X509Certificate::CreateFromBytes(der_issuer_cert.data(), der_issuer_cert.length()); + ASSERT_TRUE(issuer_cert); std::string fake_sct_list = ct::GetFakeOCSPExtensionValue(); ASSERT_FALSE(fake_sct_list.empty()); @@ -151,6 +154,7 @@ TEST_F(CTObjectsExtractorTest, ExtractSCTListFromOCSPResponseMatchesSerial) { scoped_refptr<X509Certificate> issuer_cert = X509Certificate::CreateFromBytes(der_issuer_cert.data(), der_issuer_cert.length()); + ASSERT_TRUE(issuer_cert); std::string ocsp_response = ct::GetDerEncodedFakeOCSPResponse(); @@ -166,6 +170,7 @@ TEST_F(CTObjectsExtractorTest, ExtractSCTListFromOCSPResponseMatchesIssuer) { scoped_refptr<X509Certificate> subject_cert = X509Certificate::CreateFromBytes(der_subject_cert.data(), der_subject_cert.length()); + ASSERT_TRUE(subject_cert); std::string ocsp_response = ct::GetDerEncodedFakeOCSPResponse(); diff --git a/chromium/net/cert/ev_root_ca_metadata.h b/chromium/net/cert/ev_root_ca_metadata.h index 413f85dd92f..4fb5fc2f1a6 100644 --- a/chromium/net/cert/ev_root_ca_metadata.h +++ b/chromium/net/cert/ev_root_ca_metadata.h @@ -22,7 +22,7 @@ namespace base { template <typename T> -struct DefaultLazyInstanceTraits; +struct LazyInstanceTraitsBase; } // namespace base namespace net { @@ -71,7 +71,7 @@ class NET_EXPORT_PRIVATE EVRootCAMetadata { bool RemoveEVCA(const SHA1HashValue& fingerprint); private: - friend struct base::DefaultLazyInstanceTraits<EVRootCAMetadata>; + friend struct base::LazyInstanceTraitsBase<EVRootCAMetadata>; EVRootCAMetadata(); ~EVRootCAMetadata(); diff --git a/chromium/net/cert/internal/cert_error_scoper.cc b/chromium/net/cert/internal/cert_error_scoper.cc deleted file mode 100644 index c970f9acde6..00000000000 --- a/chromium/net/cert/internal/cert_error_scoper.cc +++ /dev/null @@ -1,54 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/cert/internal/cert_error_scoper.h" - -#include <memory> - -#include "base/logging.h" -#include "base/memory/ptr_util.h" -#include "net/cert/internal/cert_error_params.h" -#include "net/cert/internal/cert_errors.h" - -namespace net { - -CertErrorScoper::CertErrorScoper(CertErrors* parent_errors) { - DCHECK(parent_errors); - parent_errors_ = parent_errors; - parent_scoper_ = parent_errors->SetScoper(this); -} - -CertErrorScoper::~CertErrorScoper() { - CertErrorScoper* prev = parent_errors_->SetScoper(parent_scoper_); - DCHECK_EQ(prev, this); -} - -CertErrorNode* CertErrorScoper::LazyGetRootNode() { - if (!root_node_) { - // Create the node. - auto root_node = BuildRootNode(); - root_node_ = root_node.get(); - - // Attach it to the node hiearchy (ownership of this node is passed off - // to its parent, which is ultimately rooted in the CertErrors object). - if (parent_scoper_) { - parent_scoper_->LazyGetRootNode()->AddChild(std::move(root_node)); - } else { - parent_errors_->nodes_.push_back(std::move(root_node)); - } - } - - return root_node_; -} - -CertErrorScoperNoParams::CertErrorScoperNoParams(CertErrors* parent_errors, - CertErrorId id) - : CertErrorScoper(parent_errors), id_(id) {} - -std::unique_ptr<CertErrorNode> CertErrorScoperNoParams::BuildRootNode() { - return base::MakeUnique<CertErrorNode>(CertErrorNodeType::TYPE_CONTEXT, id_, - nullptr); -} - -} // namespace net diff --git a/chromium/net/cert/internal/cert_error_scoper.h b/chromium/net/cert/internal/cert_error_scoper.h deleted file mode 100644 index 141581270df..00000000000 --- a/chromium/net/cert/internal/cert_error_scoper.h +++ /dev/null @@ -1,59 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_CERT_INTERNAL_CERT_ERROR_SCOPER_H_ -#define NET_CERT_INTERNAL_CERT_ERROR_SCOPER_H_ - -#include <memory> - -#include "base/compiler_specific.h" -#include "base/macros.h" -#include "net/base/net_export.h" -#include "net/cert/internal/cert_error_id.h" - -namespace net { - -class CertErrors; -struct CertErrorNode; - -// CertErrorScoper is a base class for adding parent nodes into a CertErrors -// object. -class NET_EXPORT CertErrorScoper { - public: - explicit CertErrorScoper(CertErrors* parent_errors); - virtual ~CertErrorScoper(); - - // BuildRootNode() will be called at most once, to create the desired parent - // node. It may never be called if no errors are added to the CertErrors - // parent. - virtual std::unique_ptr<CertErrorNode> BuildRootNode() = 0; - - // Returns the parent node for this scoper (the one created by - // BuildRootNode()). - CertErrorNode* LazyGetRootNode(); - - private: - CertErrorScoper* parent_scoper_ = nullptr; - CertErrors* parent_errors_ = nullptr; - CertErrorNode* root_node_ = nullptr; - - DISALLOW_COPY_AND_ASSIGN(CertErrorScoper); -}; - -// Implementation of CertErrorScoper that creates a simple parent node with no -// parameters (just an ID). -class NET_EXPORT CertErrorScoperNoParams : public CertErrorScoper { - public: - CertErrorScoperNoParams(CertErrors* parent_errors, CertErrorId id); - std::unique_ptr<CertErrorNode> BuildRootNode() override; - - private: - CertErrorId id_; - - DISALLOW_COPY_AND_ASSIGN(CertErrorScoperNoParams); -}; - -} // namespace net - -#endif // NET_CERT_INTERNAL_CERT_ERROR_SCOPER_H_ diff --git a/chromium/net/cert/internal/cert_errors.cc b/chromium/net/cert/internal/cert_errors.cc index e66ab827fcf..be4814dc9c6 100644 --- a/chromium/net/cert/internal/cert_errors.cc +++ b/chromium/net/cert/internal/cert_errors.cc @@ -7,25 +7,15 @@ #include "base/logging.h" #include "base/memory/ptr_util.h" #include "base/strings/string_split.h" +#include "base/strings/stringprintf.h" #include "net/cert/internal/cert_error_params.h" -#include "net/cert/internal/cert_error_scoper.h" +#include "net/cert/internal/parse_name.h" +#include "net/cert/internal/parsed_certificate.h" namespace net { namespace { -// Helpers for pretty-printing CertErrors to a string. -void AppendNodeToDebugString(CertErrorNode* node, - const std::string& indentation, - std::string* out); - -void AppendChildrenToDebugString(const CertErrorNodes& children, - const std::string& indentation, - std::string* out) { - for (const auto& child : children) - AppendNodeToDebugString(child.get(), indentation, out); -} - void AppendLinesWithIndentation(const std::string& text, const std::string& indentation, std::string* out) { @@ -39,66 +29,54 @@ void AppendLinesWithIndentation(const std::string& text, } } -const char* CertErrorNodeTypeToString(CertErrorNodeType type) { - switch (type) { - case CertErrorNodeType::TYPE_CONTEXT: - return "[Context] "; - case CertErrorNodeType::TYPE_WARNING: - return "[Warning] "; - case CertErrorNodeType::TYPE_ERROR: - return "[Error] "; - } - return nullptr; -} - -void AppendNodeToDebugString(CertErrorNode* node, - const std::string& indentation, - std::string* out) { - std::string cur_indentation = indentation; +} // namespace - *out += cur_indentation; - *out += CertErrorNodeTypeToString(node->node_type); - *out += CertErrorIdToDebugString(node->id); - *out += +"\n"; +CertError::CertError() = default; - if (node->params) { - cur_indentation += " "; - AppendLinesWithIndentation(node->params->ToDebugString(), cur_indentation, - out); - } +CertError::CertError(Severity severity, + CertErrorId id, + std::unique_ptr<CertErrorParams> params) + : severity(severity), id(id), params(std::move(params)) {} - cur_indentation += " "; +CertError::CertError(CertError&& other) = default; - AppendChildrenToDebugString(node->children, cur_indentation, out); -} +CertError& CertError::operator=(CertError&&) = default; -} // namespace +CertError::~CertError() = default; -CertErrorNode::CertErrorNode(CertErrorNodeType node_type, - CertErrorId id, - std::unique_ptr<CertErrorParams> params) - : node_type(node_type), id(id), params(std::move(params)) {} +std::string CertError::ToDebugString() const { + std::string result; + switch (severity) { + case SEVERITY_WARNING: + result += "WARNING: "; + break; + case SEVERITY_HIGH: + result += "ERROR: "; + break; + } + result += CertErrorIdToDebugString(id); + result += +"\n"; -CertErrorNode::~CertErrorNode() = default; + if (params) + AppendLinesWithIndentation(params->ToDebugString(), " ", &result); -void CertErrorNode::AddChild(std::unique_ptr<CertErrorNode> child) { - DCHECK_EQ(CertErrorNodeType::TYPE_CONTEXT, node_type); - children.push_back(std::move(child)); + return result; } CertErrors::CertErrors() = default; - +CertErrors::CertErrors(CertErrors&& other) = default; +CertErrors& CertErrors::operator=(CertErrors&&) = default; CertErrors::~CertErrors() = default; -void CertErrors::Add(CertErrorNodeType node_type, +void CertErrors::Add(CertError::Severity severity, CertErrorId id, std::unique_ptr<CertErrorParams> params) { - AddNode(base::MakeUnique<CertErrorNode>(node_type, id, std::move(params))); + nodes_.push_back(CertError(severity, id, std::move(params))); } void CertErrors::AddError(CertErrorId id, std::unique_ptr<CertErrorParams> params) { - Add(CertErrorNodeType::TYPE_ERROR, id, std::move(params)); + Add(CertError::SEVERITY_HIGH, id, std::move(params)); } void CertErrors::AddError(CertErrorId id) { @@ -107,34 +85,124 @@ void CertErrors::AddError(CertErrorId id) { void CertErrors::AddWarning(CertErrorId id, std::unique_ptr<CertErrorParams> params) { - Add(CertErrorNodeType::TYPE_WARNING, id, std::move(params)); + Add(CertError::SEVERITY_WARNING, id, std::move(params)); } void CertErrors::AddWarning(CertErrorId id) { AddWarning(id, nullptr); } -bool CertErrors::empty() const { - return nodes_.empty(); -} - std::string CertErrors::ToDebugString() const { std::string result; - AppendChildrenToDebugString(nodes_, std::string(), &result); + for (const CertError& node : nodes_) + result += node.ToDebugString(); + return result; } -void CertErrors::AddNode(std::unique_ptr<CertErrorNode> node) { - if (current_scoper_) - current_scoper_->LazyGetRootNode()->AddChild(std::move(node)); - else - nodes_.push_back(std::move(node)); +bool CertErrors::ContainsError(CertErrorId id) const { + for (const CertError& node : nodes_) { + if (node.id == id) + return true; + } + return false; +} + +bool CertErrors::ContainsAnyErrorWithSeverity( + CertError::Severity severity) const { + for (const CertError& node : nodes_) { + if (node.severity == severity) + return true; + } + return false; +} + +CertPathErrors::CertPathErrors() = default; + +CertPathErrors::CertPathErrors(CertPathErrors&& other) = default; +CertPathErrors& CertPathErrors::operator=(CertPathErrors&&) = default; + +CertPathErrors::~CertPathErrors() = default; + +CertErrors* CertPathErrors::GetErrorsForCert(size_t cert_index) { + if (cert_index >= cert_errors_.size()) + cert_errors_.resize(cert_index + 1); + return &cert_errors_[cert_index]; +} + +CertErrors* CertPathErrors::GetOtherErrors() { + return &other_errors_; } -CertErrorScoper* CertErrors::SetScoper(CertErrorScoper* scoper) { - CertErrorScoper* prev = current_scoper_; - current_scoper_ = scoper; - return prev; +bool CertPathErrors::ContainsError(CertErrorId id) const { + for (const CertErrors& errors : cert_errors_) { + if (errors.ContainsError(id)) + return true; + } + + if (other_errors_.ContainsError(id)) + return true; + + return false; +} + +bool CertPathErrors::ContainsAnyErrorWithSeverity( + CertError::Severity severity) const { + for (const CertErrors& errors : cert_errors_) { + if (errors.ContainsAnyErrorWithSeverity(severity)) + return true; + } + + if (other_errors_.ContainsAnyErrorWithSeverity(severity)) + return true; + + return false; +} + +std::string CertPathErrors::ToDebugString( + const ParsedCertificateList& certs) const { + std::string result; + + for (size_t i = 0; i < cert_errors_.size(); ++i) { + // Pretty print the current CertErrors. If there were no errors/warnings, + // then continue. + const CertErrors& errors = cert_errors_[i]; + std::string cert_errors_string = errors.ToDebugString(); + if (cert_errors_string.empty()) + continue; + + // Add a header for the CertErrors that describes which certificate they + // apply to. + // + // TODO(eroman): Show the subject for trust anchor (which currently uses the + // bucket cert_errors_[certs.size()]). + std::string cert_name_debug_str; + if (i < certs.size() && certs[i]) { + RDNSequence subject; + if (ParseName(certs[i]->tbs().subject_tlv, &subject) && + ConvertToRFC2253(subject, &cert_name_debug_str)) { + cert_name_debug_str = " (" + cert_name_debug_str + ")"; + } + } + + result += + base::StringPrintf("----- Certificate i=%d%s -----\n", + static_cast<int>(i), cert_name_debug_str.c_str()); + + result += cert_errors_string; + result += "\n"; + } + + // Print any other errors that aren't associated with a particular certificate + // in the chain. + std::string other_errors = other_errors_.ToDebugString(); + if (!other_errors.empty()) { + result += "----- Other errors (not certificate specific) -----\n"; + result += other_errors; + result += "\n"; + } + + return result; } } // namespace net diff --git a/chromium/net/cert/internal/cert_errors.h b/chromium/net/cert/internal/cert_errors.h index cd713ed42ec..438417fd381 100644 --- a/chromium/net/cert/internal/cert_errors.h +++ b/chromium/net/cert/internal/cert_errors.h @@ -6,46 +6,29 @@ // Overview of error design // ---------------------------- // -// Certificate path validation/parsing may emit a sequence of -// errors/warnings/context. These are represented by a tree of CertErrorNodes. -// Each node is comprised of: +// Certificate path building/validation/parsing may emit a sequence of errors +// and warnings. +// +// Each individual error/warning entry (CertError) is comprised of: // // * A unique identifier. // -// This serves similarly to an error code, and is useful for querying if a -// particular error occurred. +// This serves similarly to an error code, and is used to query if a +// particular error/warning occurred. // // * [optional] A parameters object. // -// Nodes may attach a heap-allocated subclass of CertErrorParams, to carry -// extra information that is useful when reporting the error. For instance -// a parsing error may want to describe where in the DER the failure -// happened, or what the unexpected value was. -// -// * [optional] Child nodes. -// -// Error nodes are arranged in a tree. The parent/child hierarchy is used to -// group errors that share some common state. -// For instance during path processing it is useful to group the -// errors/warnings that happened while processing certificate "i" as -// children of a shared "context" node. The context node in this case -// doesn't describe a particular error, but rather some shared event and -// its parameters. -// -// ---------------------------- -// Using errors in other APIs -// ---------------------------- -// -// The top level object used in APIs is CertErrors. A pointer to a CertErrors -// object is typically given as an out-parameter for code that may generate -// errors. +// Nodes may attach a heap-allocated subclass of CertErrorParams to carry +// extra information that is used when reporting the error. For instance +// a parsing error may describe where in the DER the failure happened, or +// what the unexpected value was. // -// Note that CertErrors gives a non-hiearhical interface for emitting errors. -// In other words, it doesn't let you create parent/child relationships -// directly. +// A collection of errors is represented by the CertErrors object. This may be +// used to group errors that have a common context, such as all the +// errors/warnings that apply to a specific certificate. // -// To change the parent node for subsequently emitted errors in the CertErrors -// object, one constructs a CertErrorScoper on the stack. +// Lastly, CertPathErrors composes multiple CertErrors -- one for each +// certificate in the verified chain. // // ---------------------------- // Defining new errors @@ -70,92 +53,110 @@ #include "base/macros.h" #include "net/base/net_export.h" #include "net/cert/internal/cert_error_id.h" +#include "net/cert/internal/parsed_certificate.h" namespace net { class CertErrorParams; -class CertErrorScoper; - -// The type of a particular CertErrorNode. -enum class CertErrorNodeType { - // Note the TYPE_ prefix is to avoid compile errors. Because ERROR() is a - // commonly used macro name. - - // Node that represents a single error. - TYPE_ERROR, - - // Node that represents a single non-fatal error. - TYPE_WARNING, - - // Parent node for other errors/warnings. - TYPE_CONTEXT, -}; -struct CertErrorNode; -using CertErrorNodes = std::vector<std::unique_ptr<CertErrorNode>>; - -// CertErrorNode represents a node in the error tree. This could be an error, -// warning, or simply contextual parent node. See the error design overview for -// a better description of how this is used. -struct NET_EXPORT CertErrorNode { - CertErrorNode(CertErrorNodeType node_type, - CertErrorId id, - std::unique_ptr<CertErrorParams> params); - ~CertErrorNode(); - - void AddChild(std::unique_ptr<CertErrorNode> child); +// CertError represents either an error or a warning. +struct NET_EXPORT CertError { + enum Severity { + SEVERITY_HIGH, + SEVERITY_WARNING, + }; + + CertError(); + CertError(Severity severity, + CertErrorId id, + std::unique_ptr<CertErrorParams> params); + CertError(CertError&& other); + CertError& operator=(CertError&&); + ~CertError(); + + // Pretty-prints the error and its parameters. + std::string ToDebugString() const; - CertErrorNodeType node_type; + Severity severity; CertErrorId id; std::unique_ptr<CertErrorParams> params; - CertErrorNodes children; }; -// CertErrors is the main object for emitting errors and internally builds up -// the error tree. +// CertErrors is a collection of CertError, along with convenience methods to +// add and inspect errors. class NET_EXPORT CertErrors { public: CertErrors(); + CertErrors(CertErrors&& other); + CertErrors& operator=(CertErrors&&); ~CertErrors(); - // Adds a node to the current insertion point in the error tree. |params| may - // be null. - void Add(CertErrorNodeType node_type, + // Adds an error/warning. |params| may be null. + void Add(CertError::Severity severity, CertErrorId id, std::unique_ptr<CertErrorParams> params); + // Adds a high severity error. void AddError(CertErrorId id, std::unique_ptr<CertErrorParams> params); void AddError(CertErrorId id); + // Adds a low severity error. void AddWarning(CertErrorId id, std::unique_ptr<CertErrorParams> params); void AddWarning(CertErrorId id); - // Returns true if the tree is empty. Note that emptiness of the error tree - // is NOT equivalent to success for some call, and vice versa. (For instance - // consumers may forget to emit errors on failures, or some errors may be - // non-fatal warnings). - bool empty() const; - // Dumps a textual representation of the errors for debugging purposes. std::string ToDebugString() const; + // Returns true if the error |id| was added to this CertErrors (of any + // severity). + bool ContainsError(CertErrorId id) const; + + // Returns true if this contains any errors of the given severity level. + bool ContainsAnyErrorWithSeverity(CertError::Severity severity) const; + private: - // CertErrorScoper manipulates the CertErrors object. - friend class CertErrorScoper; + std::vector<CertError> nodes_; +}; + +// CertPathErrors is a collection of CertErrors, to group errors into different +// buckets for different certificates. The "index" should correspond with that +// of the certificate relative to its chain. +class NET_EXPORT CertPathErrors { + public: + CertPathErrors(); + CertPathErrors(CertPathErrors&& other); + CertPathErrors& operator=(CertPathErrors&&); + ~CertPathErrors(); - void AddNode(std::unique_ptr<CertErrorNode> node); + // Gets a bucket to put errors in for |cert_index|. This will lookup and + // return the existing error bucket if one exists, or create a new one for the + // specified index. It is expected that |cert_index| is the corresponding + // index in a certificate chain (with 0 being the target). + CertErrors* GetErrorsForCert(size_t cert_index); - // Used by CertErrorScoper to register itself as the top-level scoper. - // Returns the previously set scoper, or nullptr if there was none. - CertErrorScoper* SetScoper(CertErrorScoper* scoper); + // Returns a bucket to put errors that are not associated with a particular + // certificate. + CertErrors* GetOtherErrors(); - CertErrorNodes nodes_; + // Returns true if CertPathErrors contains the specified error (of any + // severity). + bool ContainsError(CertErrorId id) const; - // The top-most CertErrorScoper that is currently in scope (and which affects - // the parent node for newly added errors). - CertErrorScoper* current_scoper_ = nullptr; + // Returns true if this contains any errors of the given severity level. + bool ContainsAnyErrorWithSeverity(CertError::Severity severity) const; - DISALLOW_COPY_AND_ASSIGN(CertErrors); + // Shortcut for ContainsAnyErrorWithSeverity(CertError::SEVERITY_HIGH). + bool ContainsHighSeverityErrors() const { + return ContainsAnyErrorWithSeverity(CertError::SEVERITY_HIGH); + } + + // Pretty-prints all the errors in the CertPathErrors. If there were no + // errors/warnings, returns an empty string. + std::string ToDebugString(const ParsedCertificateList& certs) const; + + private: + std::vector<CertErrors> cert_errors_; + CertErrors other_errors_; }; } // namespace net diff --git a/chromium/net/cert/internal/parse_certificate_unittest.cc b/chromium/net/cert/internal/parse_certificate_unittest.cc index a54d895acba..6ddc768f68f 100644 --- a/chromium/net/cert/internal/parse_certificate_unittest.cc +++ b/chromium/net/cert/internal/parse_certificate_unittest.cc @@ -214,27 +214,6 @@ TEST(ParseTbsCertificateTest, Version3WithExtensions) { RunTbsCertificateTest("tbs_v3_extensions.pem"); } -// Tests parsing a TBSCertificate for v3 that contains no optional fields, and -// has a negative serial number. -// -// CAs are not supposed to include negative serial numbers, however RFC 5280 -// expects consumers to deal with it anyway). -TEST(ParseTbsCertificateTest, NegativeSerialNumber) { - RunTbsCertificateTest("tbs_negative_serial_number.pem"); -} - -// Tests parsing a TBSCertificate with a serial number that is 21 octets long -// (and the first byte is 0). -TEST(ParseTbCertificateTest, SerialNumber21OctetsLeading0) { - RunTbsCertificateTest("tbs_serial_number_21_octets_leading_0.pem"); -} - -// Tests parsing a TBSCertificate with a serial number that is 26 octets long -// (and does not contain a leading 0). -TEST(ParseTbsCertificateTest, SerialNumber26Octets) { - RunTbsCertificateTest("tbs_serial_number_26_octets.pem"); -} - // Tests parsing a TBSCertificate which lacks a version number (causing it to // default to v1). TEST(ParseTbsCertificateTest, Version1) { diff --git a/chromium/net/cert/internal/parse_name.cc b/chromium/net/cert/internal/parse_name.cc index bb9b64051ac..f3aa518f1c3 100644 --- a/chromium/net/cert/internal/parse_name.cc +++ b/chromium/net/cert/internal/parse_name.cc @@ -12,6 +12,10 @@ #include "base/sys_byteorder.h" #include "base/third_party/icu/icu_utf.h" +#if !defined(OS_NACL) +#include "net/base/net_string_util.h" +#endif + namespace net { namespace { @@ -134,6 +138,12 @@ der::Input TypeStateOrProvinceNameOid() { return der::Input(oid); } +der::Input TypeStreetAddressOid() { + // street (streetAddress): 2.5.4.9 (RFC 4519) + static const uint8_t oid[] = {0x55, 0x04, 0x09}; + return der::Input(oid); +} + der::Input TypeOrganizationNameOid() { // id-at-organizationName: 2.5.4.10 (RFC 5280) static const uint8_t oid[] = {0x55, 0x04, 0x0a}; @@ -176,6 +186,52 @@ der::Input TypeGenerationQualifierOid() { return der::Input(oid); } +der::Input TypeDomainComponentOid() { + // dc (domainComponent): 0.9.2342.19200300.100.1.25 (RFC 4519) + static const uint8_t oid[] = {0x09, 0x92, 0x26, 0x89, 0x93, + 0xF2, 0x2C, 0x64, 0x01, 0x19}; + return der::Input(oid); +} + +bool X509NameAttribute::ValueAsString(std::string* out) const { + switch (value_tag) { + case der::kTeletexString: +#if !defined(OS_NACL) + return ConvertToUtf8(value.AsString(), kCharsetLatin1, out); +#else +// For nacl, just fall through to treating like IA5String (ascii). +// (The nacl build does not include net_string_util and its deps, and a test of +// adding them increased nacl build size by 100KB.) +// TODO(mattm): Remove this behavioral difference. +#endif + case der::kIA5String: + for (char c : value.AsStringPiece()) { + if (static_cast<uint8_t>(c) > 127) + return false; + } + *out = value.AsString(); + return true; + case der::kPrintableString: + for (char c : value.AsStringPiece()) { + if (!(base::IsAsciiAlpha(c) || c == ' ' || (c >= '\'' && c <= ':') || + c == '=' || c == '?')) { + return false; + } + } + *out = value.AsString(); + return true; + case der::kUtf8String: + *out = value.AsString(); + return true; + case der::kUniversalString: + return ConvertUniversalStringValue(value, out); + case der::kBmpString: + return ConvertBmpStringValue(value, out); + default: + return false; + } +} + bool X509NameAttribute::ValueAsStringUnsafe(std::string* out) const { switch (value_tag) { case der::kIA5String: @@ -197,6 +253,7 @@ bool X509NameAttribute::ValueAsStringUnsafe(std::string* out) const { bool X509NameAttribute::AsRFC2253String(std::string* out) const { std::string type_string; std::string value_string; + // TODO(mattm): Add streetAddress and domainComponent here? if (type == TypeCommonNameOid()) { type_string = "CN"; } else if (type == TypeSurnameOid()) { diff --git a/chromium/net/cert/internal/parse_name.h b/chromium/net/cert/internal/parse_name.h index ce09bc82d4d..3a188c6d50a 100644 --- a/chromium/net/cert/internal/parse_name.h +++ b/chromium/net/cert/internal/parse_name.h @@ -20,6 +20,7 @@ NET_EXPORT der::Input TypeSerialNumberOid(); NET_EXPORT der::Input TypeCountryNameOid(); NET_EXPORT der::Input TypeLocalityNameOid(); NET_EXPORT der::Input TypeStateOrProvinceNameOid(); +NET_EXPORT der::Input TypeStreetAddressOid(); NET_EXPORT der::Input TypeOrganizationNameOid(); NET_EXPORT der::Input TypeOrganizationUnitNameOid(); NET_EXPORT der::Input TypeTitleOid(); @@ -27,6 +28,7 @@ NET_EXPORT der::Input TypeNameOid(); NET_EXPORT der::Input TypeGivenNameOid(); NET_EXPORT der::Input TypeInitialsOid(); NET_EXPORT der::Input TypeGenerationQualifierOid(); +NET_EXPORT der::Input TypeDomainComponentOid(); // X509NameAttribute contains a representation of a DER-encoded RFC 2253 // "AttributeTypeAndValue". @@ -42,9 +44,17 @@ struct NET_EXPORT X509NameAttribute { : type(in_type), value_tag(in_value_tag), value(in_value) {} // Attempts to convert the value represented by this struct into a + // UTF-8 string and store it in |out|, returning whether the conversion + // was successful. + bool ValueAsString(std::string* out) const WARN_UNUSED_RESULT; + + // Attempts to convert the value represented by this struct into a // std::string and store it in |out|, returning whether the conversion was // successful. Due to some encodings being incompatible, the caller must - // verify the attribute |type|. + // verify the attribute |value_tag|. + // + // Note: Don't use this function unless you know what you're doing. Use + // ValueAsString instead. // // Note: The conversion doesn't verify that the value corresponds to the // ASN.1 definition of the value type. diff --git a/chromium/net/cert/internal/parse_name_unittest.cc b/chromium/net/cert/internal/parse_name_unittest.cc index b1d768fda61..dab04212f6e 100644 --- a/chromium/net/cert/internal/parse_name_unittest.cc +++ b/chromium/net/cert/internal/parse_name_unittest.cc @@ -31,13 +31,92 @@ namespace { } } +TEST(ParseNameTest, IA5SafeStringValue) { + const uint8_t der[] = { + 0x46, 0x6f, 0x6f, 0x20, 0x62, 0x61, 0x72, + }; + X509NameAttribute value(der::Input(), der::kIA5String, der::Input(der)); + std::string result_unsafe; + ASSERT_TRUE(value.ValueAsStringUnsafe(&result_unsafe)); + ASSERT_EQ("Foo bar", result_unsafe); + std::string result; + ASSERT_TRUE(value.ValueAsString(&result)); + ASSERT_EQ("Foo bar", result); +} + +TEST(ParseNameTest, IA5UnsafeStringValue) { + const uint8_t der[] = { + 0x46, 0x6f, 0xFF, 0x20, 0x62, 0x61, 0x72, + }; + X509NameAttribute value(der::Input(), der::kIA5String, der::Input(der)); + std::string result_unsafe; + ASSERT_TRUE(value.ValueAsStringUnsafe(&result_unsafe)); + ASSERT_EQ("Fo\377 bar", result_unsafe); + std::string result; + ASSERT_FALSE(value.ValueAsString(&result)); +} + +TEST(ParseNameTest, PrintableSafeStringValue) { + const uint8_t der[] = { + 0x46, 0x6f, 0x6f, 0x20, 0x62, 0x61, 0x72, + }; + X509NameAttribute value(der::Input(), der::kPrintableString, der::Input(der)); + std::string result_unsafe; + ASSERT_TRUE(value.ValueAsStringUnsafe(&result_unsafe)); + ASSERT_EQ("Foo bar", result_unsafe); + std::string result; + ASSERT_TRUE(value.ValueAsString(&result)); + ASSERT_EQ("Foo bar", result); +} + +TEST(ParseNameTest, PrintableUnsafeStringValue) { + const uint8_t der[] = { + 0x46, 0x6f, 0x5f, 0x20, 0x62, 0x61, 0x72, + }; + X509NameAttribute value(der::Input(), der::kPrintableString, der::Input(der)); + std::string result_unsafe; + ASSERT_TRUE(value.ValueAsStringUnsafe(&result_unsafe)); + ASSERT_EQ("Fo_ bar", result_unsafe); + std::string result; + ASSERT_FALSE(value.ValueAsString(&result)); +} + +TEST(ParseNameTest, TeletexSafeStringValue) { + const uint8_t der[] = { + 0x46, 0x6f, 0x6f, 0x20, 0x62, 0x61, 0x72, + }; + X509NameAttribute value(der::Input(), der::kTeletexString, der::Input(der)); + std::string result_unsafe; + ASSERT_TRUE(value.ValueAsStringUnsafe(&result_unsafe)); + ASSERT_EQ("Foo bar", result_unsafe); + std::string result; + ASSERT_TRUE(value.ValueAsString(&result)); + ASSERT_EQ("Foo bar", result); +} + +TEST(ParseNameTest, TeletexLatin1StringValue) { + const uint8_t der[] = { + 0x46, 0x6f, 0xd6, 0x20, 0x62, 0x61, 0x72, + }; + X509NameAttribute value(der::Input(), der::kTeletexString, der::Input(der)); + std::string result_unsafe; + ASSERT_TRUE(value.ValueAsStringUnsafe(&result_unsafe)); + ASSERT_EQ("Fo\xd6 bar", result_unsafe); + std::string result; + ASSERT_TRUE(value.ValueAsString(&result)); + ASSERT_EQ("FoÖ bar", result); +} + TEST(ParseNameTest, ConvertBmpString) { const uint8_t der[] = { 0x00, 0x66, 0x00, 0x6f, 0x00, 0x6f, 0x00, 0x62, 0x00, 0x61, 0x00, 0x72, }; X509NameAttribute value(der::Input(), der::kBmpString, der::Input(der)); + std::string result_unsafe; + ASSERT_TRUE(value.ValueAsStringUnsafe(&result_unsafe)); + ASSERT_EQ("foobar", result_unsafe); std::string result; - ASSERT_TRUE(value.ValueAsStringUnsafe(&result)); + ASSERT_TRUE(value.ValueAsString(&result)); ASSERT_EQ("foobar", result); } @@ -47,6 +126,7 @@ TEST(ParseNameTest, ConvertInvalidBmpString) { X509NameAttribute value(der::Input(), der::kBmpString, der::Input(der)); std::string result; ASSERT_FALSE(value.ValueAsStringUnsafe(&result)); + ASSERT_FALSE(value.ValueAsString(&result)); } TEST(ParseNameTest, ConvertUniversalString) { @@ -54,8 +134,12 @@ TEST(ParseNameTest, ConvertUniversalString) { 0x00, 0x00, 0x00, 0x6f, 0x00, 0x00, 0x00, 0x62, 0x00, 0x00, 0x00, 0x61, 0x00, 0x00, 0x00, 0x72}; X509NameAttribute value(der::Input(), der::kUniversalString, der::Input(der)); + std::string result_unsafe; + ASSERT_TRUE(value.ValueAsStringUnsafe(&result_unsafe)); + ASSERT_EQ("foobar", result_unsafe); std::string result; - ASSERT_TRUE(value.ValueAsStringUnsafe(&result)); + ASSERT_TRUE(value.ValueAsString(&result)); + ASSERT_EQ("foobar", result); } // UniversalString must encode characters in pairs of 4 bytes. @@ -64,6 +148,7 @@ TEST(ParseNameTest, ConvertInvalidUniversalString) { X509NameAttribute value(der::Input(), der::kUniversalString, der::Input(der)); std::string result; ASSERT_FALSE(value.ValueAsStringUnsafe(&result)); + ASSERT_FALSE(value.ValueAsString(&result)); } TEST(ParseNameTest, EmptyName) { diff --git a/chromium/net/cert/internal/parsed_certificate.cc b/chromium/net/cert/internal/parsed_certificate.cc index 0c655079e3c..97a432aa6d2 100644 --- a/chromium/net/cert/internal/parsed_certificate.cc +++ b/chromium/net/cert/internal/parsed_certificate.cc @@ -4,6 +4,8 @@ #include "net/cert/internal/parsed_certificate.h" +#include "net/cert/internal/certificate_policies.h" +#include "net/cert/internal/extended_key_usage.h" #include "net/cert/internal/name_constraints.h" #include "net/cert/internal/signature_algorithm.h" #include "net/cert/internal/verify_name_match.h" @@ -22,6 +24,21 @@ WARN_UNUSED_RESULT bool GetSequenceValue(const der::Input& tlv, } // namespace +bool ParsedCertificate::GetExtension(const der::Input& extension_oid, + ParsedExtension* parsed_extension) const { + if (!tbs_.has_extensions) + return false; + + auto it = extensions_.find(extension_oid); + if (it == extensions_.end()) { + *parsed_extension = ParsedExtension(); + return false; + } + + *parsed_extension = it->second; + return true; +} + ParsedCertificate::ParsedCertificate() {} ParsedCertificate::~ParsedCertificate() {} @@ -102,37 +119,40 @@ scoped_refptr<ParsedCertificate> ParsedCertificate::CreateInternal( return nullptr; } - // Parse the standard X.509 extensions and remove them from - // |unparsed_extensions|. + // Parse the standard X.509 extensions. if (result->tbs_.has_extensions) { // ParseExtensions() ensures there are no duplicates, and maps the (unique) // OID to the extension value. - if (!ParseExtensions(result->tbs_.extensions_tlv, - &result->unparsed_extensions_)) { + if (!ParseExtensions(result->tbs_.extensions_tlv, &result->extensions_)) { return nullptr; } ParsedExtension extension; // Basic constraints. - if (ConsumeExtension(BasicConstraintsOid(), &result->unparsed_extensions_, - &extension)) { + if (result->GetExtension(BasicConstraintsOid(), &extension)) { result->has_basic_constraints_ = true; if (!ParseBasicConstraints(extension.value, &result->basic_constraints_)) return nullptr; } - // KeyUsage. - if (ConsumeExtension(KeyUsageOid(), &result->unparsed_extensions_, - &extension)) { + // Key Usage. + if (result->GetExtension(KeyUsageOid(), &extension)) { result->has_key_usage_ = true; if (!ParseKeyUsage(extension.value, &result->key_usage_)) return nullptr; } + // Extended Key Usage. + if (result->GetExtension(ExtKeyUsageOid(), &extension)) { + result->has_extended_key_usage_ = true; + if (!ParseEKUExtension(extension.value, &result->extended_key_usage_)) + return nullptr; + } + // Subject alternative name. - if (ConsumeExtension(SubjectAltNameOid(), &result->unparsed_extensions_, - &result->subject_alt_names_extension_)) { + if (result->GetExtension(SubjectAltNameOid(), + &result->subject_alt_names_extension_)) { // RFC 5280 section 4.2.1.6: // SubjectAltName ::= GeneralNames result->subject_alt_names_ = @@ -151,8 +171,7 @@ scoped_refptr<ParsedCertificate> ParsedCertificate::CreateInternal( } // Name constraints. - if (ConsumeExtension(NameConstraintsOid(), &result->unparsed_extensions_, - &extension)) { + if (result->GetExtension(NameConstraintsOid(), &extension)) { result->name_constraints_ = NameConstraints::Create(extension.value, extension.critical); if (!result->name_constraints_) @@ -160,9 +179,8 @@ scoped_refptr<ParsedCertificate> ParsedCertificate::CreateInternal( } // Authority information access. - if (ConsumeExtension(AuthorityInfoAccessOid(), - &result->unparsed_extensions_, - &result->authority_info_access_extension_)) { + if (result->GetExtension(AuthorityInfoAccessOid(), + &result->authority_info_access_extension_)) { result->has_authority_info_access_ = true; if (!ParseAuthorityInfoAccess( result->authority_info_access_extension_.value, @@ -170,10 +188,14 @@ scoped_refptr<ParsedCertificate> ParsedCertificate::CreateInternal( return nullptr; } - // NOTE: if additional extensions are consumed here, the verification code - // must be updated to process those extensions, since the - // VerifyNoUnconsumedCriticalExtensions uses the unparsed_extensions_ - // variable to tell which extensions were processed. + // Policies. + if (result->GetExtension(CertificatePoliciesOid(), &extension)) { + result->has_policy_oids_ = true; + if (!ParseCertificatePoliciesExtension(extension.value, + &result->policy_oids_)) { + return nullptr; + } + } } return result; diff --git a/chromium/net/cert/internal/parsed_certificate.h b/chromium/net/cert/internal/parsed_certificate.h index 06bd37890b9..9b561a03751 100644 --- a/chromium/net/cert/internal/parsed_certificate.h +++ b/chromium/net/cert/internal/parsed_certificate.h @@ -142,6 +142,16 @@ class NET_EXPORT ParsedCertificate return key_usage_; } + // Returns true if the certificate has a ExtendedKeyUsage extension. + bool has_extended_key_usage() const { return has_extended_key_usage_; } + + // Returns the ExtendedKeyUsage key purpose OIDs. Caller must check + // has_extended_key_usage() before accessing this. + const std::vector<der::Input>& extended_key_usage() const { + DCHECK(has_extended_key_usage_); + return extended_key_usage_; + } + // Returns true if the certificate has a SubjectAltName extension. bool has_subject_alt_names() const { return subject_alt_names_ != nullptr; } @@ -184,11 +194,24 @@ class NET_EXPORT ParsedCertificate // Returns any OCSP URIs from the AuthorityInfoAccess extension. const std::vector<base::StringPiece>& ocsp_uris() const { return ocsp_uris_; } - // Returns a map of unhandled extensions (excludes the ones above). - const ExtensionsMap& unparsed_extensions() const { - return unparsed_extensions_; + // Returns true if the certificate has a Policies extension. + bool has_policy_oids() const { return has_policy_oids_; } + + // Returns the policy OIDs. Caller must check has_policy_oids() before + // accessing this. + const std::vector<der::Input>& policy_oids() const { + DCHECK(has_policy_oids()); + return policy_oids_; } + // Returns a map of all the extensions in the certificate. + const ExtensionsMap& extensions() const { return extensions_; } + + // Gets the value for extension matching |extension_oid|. Returns false if the + // extension is not present. + bool GetExtension(const der::Input& extension_oid, + ParsedExtension* parsed_extension) const; + private: friend class base::RefCountedThreadSafe<ParsedCertificate>; ParsedCertificate(); @@ -232,6 +255,10 @@ class NET_EXPORT ParsedCertificate bool has_key_usage_ = false; der::BitString key_usage_; + // ExtendedKeyUsage extension. + bool has_extended_key_usage_ = false; + std::vector<der::Input> extended_key_usage_; + // Raw SubjectAltName extension. ParsedExtension subject_alt_names_extension_; // Parsed SubjectAltName extension. @@ -249,8 +276,12 @@ class NET_EXPORT ParsedCertificate std::vector<base::StringPiece> ca_issuers_uris_; std::vector<base::StringPiece> ocsp_uris_; - // The remaining extensions (excludes the standard ones above). - ExtensionsMap unparsed_extensions_; + // Policies extension. + bool has_policy_oids_ = false; + std::vector<der::Input> policy_oids_; + + // All of the extensions. + ExtensionsMap extensions_; DISALLOW_COPY_AND_ASSIGN(ParsedCertificate); }; diff --git a/chromium/net/cert/internal/parsed_certificate_unittest.cc b/chromium/net/cert/internal/parsed_certificate_unittest.cc index 5212caab8e1..1508378c194 100644 --- a/chromium/net/cert/internal/parsed_certificate_unittest.cc +++ b/chromium/net/cert/internal/parsed_certificate_unittest.cc @@ -24,7 +24,8 @@ std::string GetFilePath(const std::string& file_name) { // Returns nullptr if the certificate parsing failed, and verifies that any // errors match the ERRORS block in the .pem file. scoped_refptr<ParsedCertificate> ParseCertificateFromFile( - const std::string& file_name) { + const std::string& file_name, + const ParseCertificateOptions& options) { std::string data; std::string expected_errors; @@ -39,7 +40,7 @@ scoped_refptr<ParsedCertificate> ParseCertificateFromFile( scoped_refptr<ParsedCertificate> cert = ParsedCertificate::Create( bssl::UniquePtr<CRYPTO_BUFFER>(CRYPTO_BUFFER_new( reinterpret_cast<const uint8_t*>(data.data()), data.size(), nullptr)), - {}, &errors); + options, &errors); EXPECT_EQ(expected_errors, errors.ToDebugString()) << "Test file: " << test_file_path; @@ -63,14 +64,13 @@ der::Input DavidBenOid() { // Parses an Extension whose critical field is true (255). TEST(ParsedCertificateTest, ExtensionCritical) { scoped_refptr<ParsedCertificate> cert = - ParseCertificateFromFile("extension_critical.pem"); + ParseCertificateFromFile("extension_critical.pem", {}); ASSERT_TRUE(cert); const uint8_t kExpectedValue[] = {0x30, 0x00}; - auto it = cert->unparsed_extensions().find(DavidBenOid()); - ASSERT_NE(cert->unparsed_extensions().end(), it); - const auto& extension = it->second; + ParsedExtension extension; + ASSERT_TRUE(cert->GetExtension(DavidBenOid(), &extension)); EXPECT_TRUE(extension.critical); EXPECT_EQ(DavidBenOid(), extension.oid); @@ -80,14 +80,13 @@ TEST(ParsedCertificateTest, ExtensionCritical) { // Parses an Extension whose critical field is false (omitted). TEST(ParsedCertificateTest, ExtensionNotCritical) { scoped_refptr<ParsedCertificate> cert = - ParseCertificateFromFile("extension_not_critical.pem"); + ParseCertificateFromFile("extension_not_critical.pem", {}); ASSERT_TRUE(cert); const uint8_t kExpectedValue[] = {0x30, 0x00}; - auto it = cert->unparsed_extensions().find(DavidBenOid()); - ASSERT_NE(cert->unparsed_extensions().end(), it); - const auto& extension = it->second; + ParsedExtension extension; + ASSERT_TRUE(cert->GetExtension(DavidBenOid(), &extension)); EXPECT_FALSE(extension.critical); EXPECT_EQ(DavidBenOid(), extension.oid); @@ -98,55 +97,60 @@ TEST(ParsedCertificateTest, ExtensionNotCritical) { // however because critical has DEFAULT of false this is in fact invalid // DER-encoding. TEST(ParsedCertificateTest, ExtensionCritical0) { - ASSERT_FALSE(ParseCertificateFromFile("extension_critical_0.pem")); + ASSERT_FALSE(ParseCertificateFromFile("extension_critical_0.pem", {})); } // Parses an Extension whose critical field is 3. Under DER-encoding BOOLEAN // values must an octet of either all zero bits, or all 1 bits, so this is not // valid. TEST(ParsedCertificateTest, ExtensionCritical3) { - ASSERT_FALSE(ParseCertificateFromFile("extension_critical_3.pem")); + ASSERT_FALSE(ParseCertificateFromFile("extension_critical_3.pem", {})); } // Parses an Extensions that is an empty sequence. TEST(ParsedCertificateTest, ExtensionsEmptySequence) { - ASSERT_FALSE(ParseCertificateFromFile("extensions_empty_sequence.pem")); + ASSERT_FALSE(ParseCertificateFromFile("extensions_empty_sequence.pem", {})); } // Parses an Extensions that is not a sequence. TEST(ParsedCertificateTest, ExtensionsNotSequence) { - ASSERT_FALSE(ParseCertificateFromFile("extensions_not_sequence.pem")); + ASSERT_FALSE(ParseCertificateFromFile("extensions_not_sequence.pem", {})); } // Parses an Extensions that has data after the sequence. TEST(ParsedCertificateTest, ExtensionsDataAfterSequence) { - ASSERT_FALSE(ParseCertificateFromFile("extensions_data_after_sequence.pem")); + ASSERT_FALSE( + ParseCertificateFromFile("extensions_data_after_sequence.pem", {})); } // Parses an Extensions that contains duplicated key usages. TEST(ParsedCertificateTest, ExtensionsDuplicateKeyUsage) { - ASSERT_FALSE(ParseCertificateFromFile("extensions_duplicate_key_usage.pem")); + ASSERT_FALSE( + ParseCertificateFromFile("extensions_duplicate_key_usage.pem", {})); } // Parses an Extensions that contains an extended key usages. TEST(ParsedCertificateTest, ExtendedKeyUsage) { scoped_refptr<ParsedCertificate> cert = - ParseCertificateFromFile("extended_key_usage.pem"); + ParseCertificateFromFile("extended_key_usage.pem", {}); ASSERT_TRUE(cert); - const auto& extensions = cert->unparsed_extensions(); - ASSERT_EQ(3u, extensions.size()); + ASSERT_EQ(4u, cert->extensions().size()); + + ParsedExtension extension; + ASSERT_TRUE(cert->GetExtension(ExtKeyUsageOid(), &extension)); + + EXPECT_FALSE(extension.critical); + EXPECT_EQ(45u, extension.value.Length()); - auto iter = extensions.find(ExtKeyUsageOid()); - ASSERT_TRUE(iter != extensions.end()); - EXPECT_FALSE(iter->second.critical); - EXPECT_EQ(45u, iter->second.value.Length()); + EXPECT_TRUE(cert->has_extended_key_usage()); + EXPECT_EQ(4u, cert->extended_key_usage().size()); } // Parses an Extensions that contains a key usage. TEST(ParsedCertificateTest, KeyUsage) { scoped_refptr<ParsedCertificate> cert = - ParseCertificateFromFile("key_usage.pem"); + ParseCertificateFromFile("key_usage.pem", {}); ASSERT_TRUE(cert); ASSERT_TRUE(cert->has_key_usage()); @@ -163,22 +167,25 @@ TEST(ParsedCertificateTest, KeyUsage) { // Parses an Extensions that contains a policies extension. TEST(ParsedCertificateTest, Policies) { scoped_refptr<ParsedCertificate> cert = - ParseCertificateFromFile("policies.pem"); + ParseCertificateFromFile("policies.pem", {}); ASSERT_TRUE(cert); - const auto& extensions = cert->unparsed_extensions(); - ASSERT_EQ(3u, extensions.size()); + ASSERT_EQ(4u, cert->extensions().size()); - auto iter = extensions.find(CertificatePoliciesOid()); - ASSERT_TRUE(iter != extensions.end()); - EXPECT_FALSE(iter->second.critical); - EXPECT_EQ(95u, iter->second.value.Length()); + ParsedExtension extension; + ASSERT_TRUE(cert->GetExtension(CertificatePoliciesOid(), &extension)); + + EXPECT_FALSE(extension.critical); + EXPECT_EQ(95u, extension.value.Length()); + + EXPECT_TRUE(cert->has_policy_oids()); + EXPECT_EQ(2u, cert->policy_oids().size()); } // Parses an Extensions that contains a subjectaltname extension. TEST(ParsedCertificateTest, SubjectAltName) { scoped_refptr<ParsedCertificate> cert = - ParseCertificateFromFile("subject_alt_name.pem"); + ParseCertificateFromFile("subject_alt_name.pem", {}); ASSERT_TRUE(cert); ASSERT_TRUE(cert->has_subject_alt_names()); @@ -188,19 +195,20 @@ TEST(ParsedCertificateTest, SubjectAltName) { // real-world certificate. TEST(ParsedCertificateTest, ExtensionsReal) { scoped_refptr<ParsedCertificate> cert = - ParseCertificateFromFile("extensions_real.pem"); + ParseCertificateFromFile("extensions_real.pem", {}); ASSERT_TRUE(cert); - const auto& extensions = cert->unparsed_extensions(); - ASSERT_EQ(4u, extensions.size()); + ASSERT_EQ(7u, cert->extensions().size()); EXPECT_TRUE(cert->has_key_usage()); EXPECT_TRUE(cert->has_basic_constraints()); + EXPECT_TRUE(cert->has_policy_oids()); - auto iter = extensions.find(CertificatePoliciesOid()); - ASSERT_TRUE(iter != extensions.end()); - EXPECT_FALSE(iter->second.critical); - EXPECT_EQ(16u, iter->second.value.Length()); + ParsedExtension extension; + ASSERT_TRUE(cert->GetExtension(CertificatePoliciesOid(), &extension)); + + EXPECT_FALSE(extension.critical); + EXPECT_EQ(16u, extension.value.Length()); // TODO(eroman): Verify the other 4 extensions' values. } @@ -208,7 +216,7 @@ TEST(ParsedCertificateTest, ExtensionsReal) { // Parses a BasicConstraints with no CA or pathlen. TEST(ParsedCertificateTest, BasicConstraintsNotCa) { scoped_refptr<ParsedCertificate> cert = - ParseCertificateFromFile("basic_constraints_not_ca.pem"); + ParseCertificateFromFile("basic_constraints_not_ca.pem", {}); ASSERT_TRUE(cert); EXPECT_TRUE(cert->has_basic_constraints()); @@ -219,7 +227,7 @@ TEST(ParsedCertificateTest, BasicConstraintsNotCa) { // Parses a BasicConstraints with CA but no pathlen. TEST(ParsedCertificateTest, BasicConstraintsCaNoPath) { scoped_refptr<ParsedCertificate> cert = - ParseCertificateFromFile("basic_constraints_ca_no_path.pem"); + ParseCertificateFromFile("basic_constraints_ca_no_path.pem", {}); ASSERT_TRUE(cert); EXPECT_TRUE(cert->has_basic_constraints()); @@ -230,7 +238,7 @@ TEST(ParsedCertificateTest, BasicConstraintsCaNoPath) { // Parses a BasicConstraints with CA and pathlen of 9. TEST(ParsedCertificateTest, BasicConstraintsCaPath9) { scoped_refptr<ParsedCertificate> cert = - ParseCertificateFromFile("basic_constraints_ca_path_9.pem"); + ParseCertificateFromFile("basic_constraints_ca_path_9.pem", {}); ASSERT_TRUE(cert); EXPECT_TRUE(cert->has_basic_constraints()); @@ -242,7 +250,7 @@ TEST(ParsedCertificateTest, BasicConstraintsCaPath9) { // Parses a BasicConstraints with CA and pathlen of 255 (largest allowed size). TEST(ParsedCertificateTest, BasicConstraintsPathlen255) { scoped_refptr<ParsedCertificate> cert = - ParseCertificateFromFile("basic_constraints_pathlen_255.pem"); + ParseCertificateFromFile("basic_constraints_pathlen_255.pem", {}); ASSERT_TRUE(cert); EXPECT_TRUE(cert->has_basic_constraints()); @@ -253,26 +261,28 @@ TEST(ParsedCertificateTest, BasicConstraintsPathlen255) { // Parses a BasicConstraints with CA and pathlen of 256 (too large). TEST(ParsedCertificateTest, BasicConstraintsPathlen256) { - ASSERT_FALSE(ParseCertificateFromFile("basic_constraints_pathlen_256.pem")); + ASSERT_FALSE( + ParseCertificateFromFile("basic_constraints_pathlen_256.pem", {})); } // Parses a BasicConstraints with CA and a negative pathlen. TEST(ParsedCertificateTest, BasicConstraintsNegativePath) { - ASSERT_FALSE(ParseCertificateFromFile("basic_constraints_negative_path.pem")); + ASSERT_FALSE( + ParseCertificateFromFile("basic_constraints_negative_path.pem", {})); } // Parses a BasicConstraints with CA and pathlen that is very large (and // couldn't fit in a 64-bit integer). TEST(ParsedCertificateTest, BasicConstraintsPathTooLarge) { ASSERT_FALSE( - ParseCertificateFromFile("basic_constraints_path_too_large.pem")); + ParseCertificateFromFile("basic_constraints_path_too_large.pem", {})); } // Parses a BasicConstraints with CA explicitly set to false. This violates // DER-encoding rules, however is commonly used, so it is accepted. TEST(ParsedCertificateTest, BasicConstraintsCaFalse) { scoped_refptr<ParsedCertificate> cert = - ParseCertificateFromFile("basic_constraints_ca_false.pem"); + ParseCertificateFromFile("basic_constraints_ca_false.pem", {}); ASSERT_TRUE(cert); EXPECT_TRUE(cert->has_basic_constraints()); @@ -284,7 +294,7 @@ TEST(ParsedCertificateTest, BasicConstraintsCaFalse) { // the end. TEST(ParsedCertificateTest, BasicConstraintsUnconsumedData) { ASSERT_FALSE( - ParseCertificateFromFile("basic_constraints_unconsumed_data.pem")); + ParseCertificateFromFile("basic_constraints_unconsumed_data.pem", {})); } // Parses a BasicConstraints with CA omitted (false), but with a pathlen of 1. @@ -292,7 +302,7 @@ TEST(ParsedCertificateTest, BasicConstraintsUnconsumedData) { // BasicConstraints at a higher level. TEST(ParsedCertificateTest, BasicConstraintsPathLenButNotCa) { scoped_refptr<ParsedCertificate> cert = - ParseCertificateFromFile("basic_constraints_pathlen_not_ca.pem"); + ParseCertificateFromFile("basic_constraints_pathlen_not_ca.pem", {}); ASSERT_TRUE(cert); EXPECT_TRUE(cert->has_basic_constraints()); @@ -301,6 +311,70 @@ TEST(ParsedCertificateTest, BasicConstraintsPathLenButNotCa) { EXPECT_EQ(1u, cert->basic_constraints().path_len); } +// Tests a certificate with a serial number with a leading 0 padding byte in +// the encoding since it is not negative. +TEST(ParsedCertificateTest, SerialNumberZeroPadded) { + scoped_refptr<ParsedCertificate> cert = + ParseCertificateFromFile("serial_zero_padded.pem", {}); + ASSERT_TRUE(cert); + + static const uint8_t expected_serial[3] = {0x00, 0x80, 0x01}; + EXPECT_EQ(der::Input(expected_serial), cert->tbs().serial_number); +} + +// Tests a serial number where the MSB is >= 0x80, causing the encoded +// length to be 21 bytes long. This is an error, as RFC 5280 specifies a +// maximum of 20 bytes. +TEST(ParsedCertificateTest, SerialNumberZeroPadded21BytesLong) { + scoped_refptr<ParsedCertificate> cert = + ParseCertificateFromFile("serial_zero_padded_21_bytes.pem", {}); + ASSERT_FALSE(cert); + + // Try again with allow_invalid_serial_numbers=true. Parsing should succeed. + ParseCertificateOptions options; + options.allow_invalid_serial_numbers = true; + cert = ParseCertificateFromFile("serial_zero_padded_21_bytes.pem", options); + ASSERT_TRUE(cert); + + static const uint8_t expected_serial[21] = { + 0x00, 0x80, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, + 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13}; + EXPECT_EQ(der::Input(expected_serial), cert->tbs().serial_number); +} + +// Tests a serial number which is negative. CAs are not supposed to include +// negative serial numbers, however RFC 5280 expects consumers to deal with it +// anyway. +TEST(ParsedCertificateTest, SerialNumberNegative) { + scoped_refptr<ParsedCertificate> cert = + ParseCertificateFromFile("serial_negative.pem", {}); + ASSERT_TRUE(cert); + + static const uint8_t expected_serial[2] = {0x80, 0x01}; + EXPECT_EQ(der::Input(expected_serial), cert->tbs().serial_number); +} + +// Tests a serial number which is very long. RFC 5280 specifies a maximum of 20 +// bytes. +TEST(ParsedCertificateTest, SerialNumber37BytesLong) { + scoped_refptr<ParsedCertificate> cert = + ParseCertificateFromFile("serial_37_bytes.pem", {}); + ASSERT_FALSE(cert); + + // Try again with allow_invalid_serial_numbers=true. Parsing should succeed. + ParseCertificateOptions options; + options.allow_invalid_serial_numbers = true; + cert = ParseCertificateFromFile("serial_37_bytes.pem", options); + ASSERT_TRUE(cert); + + static const uint8_t expected_serial[37] = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, + 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25}; + EXPECT_EQ(der::Input(expected_serial), cert->tbs().serial_number); +} + } // namespace } // namespace net diff --git a/chromium/net/cert/internal/path_builder.cc b/chromium/net/cert/internal/path_builder.cc index bb4283eeed6..291bcf53606 100644 --- a/chromium/net/cert/internal/path_builder.cc +++ b/chromium/net/cert/internal/path_builder.cc @@ -459,6 +459,12 @@ void CertPathIter::DoBackTrack() { CertPathBuilder::ResultPath::ResultPath() = default; CertPathBuilder::ResultPath::~ResultPath() = default; + +bool CertPathBuilder::ResultPath::IsValid() const { + return !path.certs.empty() && path.trust_anchor && + !errors.ContainsHighSeverityErrors(); +} + CertPathBuilder::Result::Result() = default; CertPathBuilder::Result::~Result() = default; @@ -471,7 +477,7 @@ const CertPathBuilder::ResultPath* CertPathBuilder::Result::GetBestValidPath() return nullptr; const ResultPath* result_path = paths[best_result_index].get(); - if (result_path->valid) + if (result_path->IsValid()) return result_path; return nullptr; @@ -485,10 +491,12 @@ CertPathBuilder::CertPathBuilder(scoped_refptr<ParsedCertificate> cert, const TrustStore* trust_store, const SignaturePolicy* signature_policy, const der::GeneralizedTime& time, + KeyPurpose key_purpose, Result* result) : cert_path_iter_(new CertPathIter(std::move(cert), trust_store)), signature_policy_(signature_policy), time_(time), + key_purpose_(key_purpose), next_state_(STATE_NONE), out_result_(result) {} @@ -535,13 +543,13 @@ void CertPathBuilder::DoGetNextPathComplete() { // Verify the entire certificate chain. auto result_path = base::MakeUnique<ResultPath>(); - bool verify_result = - VerifyCertificateChain(next_path_.certs, next_path_.trust_anchor.get(), - signature_policy_, time_, &result_path->errors); + bool verify_result = VerifyCertificateChain( + next_path_.certs, next_path_.trust_anchor.get(), signature_policy_, time_, + key_purpose_, &result_path->errors); DVLOG(1) << "CertPathBuilder VerifyCertificateChain result = " - << result_path->valid; + << verify_result; result_path->path = next_path_; - result_path->valid = verify_result; + DCHECK_EQ(verify_result, !result_path->errors.ContainsHighSeverityErrors()); AddResultPath(std::move(result_path)); if (verify_result) { @@ -559,7 +567,7 @@ void CertPathBuilder::DoGetNextPathComplete() { void CertPathBuilder::AddResultPath(std::unique_ptr<ResultPath> result_path) { // TODO(mattm): set best_result_index based on number or severity of errors. - if (result_path->valid) + if (result_path->IsValid()) out_result_->best_result_index = out_result_->paths.size(); // TODO(mattm): add flag to only return a single path or all attempted paths? out_result_->paths.push_back(std::move(result_path)); diff --git a/chromium/net/cert/internal/path_builder.h b/chromium/net/cert/internal/path_builder.h index ee39ed67ee5..361e745602f 100644 --- a/chromium/net/cert/internal/path_builder.h +++ b/chromium/net/cert/internal/path_builder.h @@ -13,6 +13,7 @@ #include "net/cert/internal/cert_errors.h" #include "net/cert/internal/parsed_certificate.h" #include "net/cert/internal/trust_store.h" +#include "net/cert/internal/verify_certificate_chain.h" #include "net/der/input.h" #include "net/der/parse_values.h" @@ -32,6 +33,9 @@ class SignaturePolicy; // certs[0] is the target certificate // certs[i] was issued by certs[i+1] // certs.back() was issued by trust_anchor +// +// TODO(eroman): The current code doesn't allow for the target certificate to +// be the trust anchor. Should it? struct NET_EXPORT CertPath { CertPath(); ~CertPath(); @@ -44,7 +48,7 @@ struct NET_EXPORT CertPath { // Resets the path to empty path (same as if default constructed). void Clear(); - // Returns true if the path is empty. + // TODO(eroman): Can we remove this? Unclear on how this relates to validity. bool IsEmpty() const; }; @@ -61,19 +65,17 @@ class NET_EXPORT CertPathBuilder { ResultPath(); ~ResultPath(); + // Returns true if the candidate path is valid, false otherwise. + bool IsValid() const; + // The (possibly partial) certificate path. Consumers must always test - // |valid| before using |path|. When |!valid| path.trust_anchor may be - // nullptr, and the path may be otherwise incomplete/invalid. + // |errors.IsValid()| before using |path|. When invalid, + // |path.trust_anchor| may be null, and the path may be incomplete. CertPath path; - // The errors/warnings from this path. Note that the list of errors is - // independent of whether the path was |valid| (a valid path may - // contain errors/warnings, and vice versa an invalid path may not have - // logged any errors). - CertErrors errors; - - // True if |path| is a correct verified certificate chain. - bool valid = false; + // The errors/warnings from this path. Use |IsValid()| to determine if the + // path is valid. + CertPathErrors errors; }; // Provides the overall result of path building. This includes the paths that @@ -117,6 +119,7 @@ class NET_EXPORT CertPathBuilder { const TrustStore* trust_store, const SignaturePolicy* signature_policy, const der::GeneralizedTime& time, + KeyPurpose key_purpose, Result* result); ~CertPathBuilder(); @@ -151,6 +154,7 @@ class NET_EXPORT CertPathBuilder { std::unique_ptr<CertPathIter> cert_path_iter_; const SignaturePolicy* signature_policy_; const der::GeneralizedTime time_; + const KeyPurpose key_purpose_; // Stores the next complete path to attempt verification on. This is filled in // by |cert_path_iter_| during the STATE_GET_NEXT_PATH step, and thus should diff --git a/chromium/net/cert/internal/path_builder_pkits_unittest.cc b/chromium/net/cert/internal/path_builder_pkits_unittest.cc index 2d16ee9bf4e..a7b02e3c3b7 100644 --- a/chromium/net/cert/internal/path_builder_pkits_unittest.cc +++ b/chromium/net/cert/internal/path_builder_pkits_unittest.cc @@ -92,7 +92,8 @@ class PathBuilderPkitsTestDelegate { CertPathBuilder::Result result; CertPathBuilder path_builder(std::move(target_cert), &trust_store, - &signature_policy, time, &result); + &signature_policy, time, KeyPurpose::ANY_EKU, + &result); path_builder.AddCertIssuerSource(&cert_issuer_source); path_builder.Run(); diff --git a/chromium/net/cert/internal/path_builder_unittest.cc b/chromium/net/cert/internal/path_builder_unittest.cc index be5432b59d8..44471fa8767 100644 --- a/chromium/net/cert/internal/path_builder_unittest.cc +++ b/chromium/net/cert/internal/path_builder_unittest.cc @@ -160,7 +160,7 @@ TEST_F(PathBuilderMultiRootTest, TargetHasNameAndSpkiOfTrustAnchor) { CertPathBuilder::Result result; CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_, - &result); + KeyPurpose::ANY_EKU, &result); path_builder.Run(); @@ -180,7 +180,7 @@ TEST_F(PathBuilderMultiRootTest, TargetWithSameNameAsTrustAnchorFails) { CertPathBuilder::Result result; CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_, - &result); + KeyPurpose::ANY_EKU, &result); path_builder.Run(); @@ -210,7 +210,7 @@ TEST_F(PathBuilderMultiRootTest, SelfSignedTrustAnchorSupplementalCert) { CertPathBuilder::Result result; CertPathBuilder path_builder(b_by_c_, &trust_store, &signature_policy_, - expired_time, &result); + expired_time, KeyPurpose::ANY_EKU, &result); path_builder.AddCertIssuerSource(&sync_certs); path_builder.Run(); @@ -218,7 +218,7 @@ TEST_F(PathBuilderMultiRootTest, SelfSignedTrustAnchorSupplementalCert) { EXPECT_FALSE(result.HasValidPath()); ASSERT_EQ(2U, result.paths.size()); - EXPECT_FALSE(result.paths[0]->valid); + EXPECT_FALSE(result.paths[0]->IsValid()); const auto& path0 = result.paths[0]->path; ASSERT_EQ(2U, path0.certs.size()); EXPECT_EQ(b_by_c_, path0.certs[0]); @@ -243,7 +243,7 @@ TEST_F(PathBuilderMultiRootTest, TargetIsSelfSignedTrustAnchor) { CertPathBuilder::Result result; CertPathBuilder path_builder(e_by_e_, &trust_store, &signature_policy_, time_, - &result); + KeyPurpose::ANY_EKU, &result); path_builder.Run(); @@ -262,7 +262,7 @@ TEST_F(PathBuilderMultiRootTest, TargetDirectlySignedByTrustAnchor) { CertPathBuilder::Result result; CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_, - &result); + KeyPurpose::ANY_EKU, &result); path_builder.Run(); @@ -289,7 +289,7 @@ TEST_F(PathBuilderMultiRootTest, TriesSyncFirst) { CertPathBuilder::Result result; CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_, - &result); + KeyPurpose::ANY_EKU, &result); path_builder.AddCertIssuerSource(&async_certs); path_builder.AddCertIssuerSource(&sync_certs); @@ -317,7 +317,7 @@ TEST_F(PathBuilderMultiRootTest, TestAsyncSimultaneous) { CertPathBuilder::Result result; CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_, - &result); + KeyPurpose::ANY_EKU, &result); path_builder.AddCertIssuerSource(&async_certs1); path_builder.AddCertIssuerSource(&async_certs2); path_builder.AddCertIssuerSource(&sync_certs); @@ -344,7 +344,7 @@ TEST_F(PathBuilderMultiRootTest, TestLongChain) { CertPathBuilder::Result result; CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_, - &result); + KeyPurpose::ANY_EKU, &result); path_builder.AddCertIssuerSource(&sync_certs); path_builder.Run(); @@ -377,7 +377,7 @@ TEST_F(PathBuilderMultiRootTest, TestBacktracking) { CertPathBuilder::Result result; CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_, - &result); + KeyPurpose::ANY_EKU, &result); path_builder.AddCertIssuerSource(&sync_certs); path_builder.AddCertIssuerSource(&async_certs); @@ -416,7 +416,7 @@ TEST_F(PathBuilderMultiRootTest, TestCertIssuerOrdering) { CertPathBuilder::Result result; CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, - time_, &result); + time_, KeyPurpose::ANY_EKU, &result); path_builder.AddCertIssuerSource(&sync_certs); path_builder.Run(); @@ -439,12 +439,15 @@ class PathBuilderKeyRolloverTest : public ::testing::Test { void SetUp() override { ParsedCertificateList path; - bool unused_result; - std::string unused_errors; + VerifyCertChainTest test; ReadVerifyCertChainTestFromFile( "net/data/verify_certificate_chain_unittest/key-rollover-oldchain.pem", - &path, &oldroot_, &time_, &unused_result, &unused_errors); + &test); + path = test.chain; + oldroot_ = test.trust_anchor; + time_ = test.time; + ASSERT_EQ(2U, path.size()); target_ = path[0]; oldintermediate_ = path[1]; @@ -454,7 +457,9 @@ class PathBuilderKeyRolloverTest : public ::testing::Test { ReadVerifyCertChainTestFromFile( "net/data/verify_certificate_chain_unittest/" "key-rollover-longrolloverchain.pem", - &path, &oldroot_, &time_, &unused_result, &unused_errors); + &test); + path = test.chain; + ASSERT_EQ(4U, path.size()); newintermediate_ = path[1]; newroot_ = path[2]; @@ -500,7 +505,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverOnlyOldRootTrusted) { CertPathBuilder::Result result; CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, - &result); + KeyPurpose::ANY_EKU, &result); path_builder.AddCertIssuerSource(&sync_certs); path_builder.Run(); @@ -511,7 +516,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverOnlyOldRootTrusted) { // but it will fail since newintermediate is signed by newroot. ASSERT_EQ(2U, result.paths.size()); const auto& path0 = result.paths[0]->path; - EXPECT_FALSE(result.paths[0]->valid); + EXPECT_FALSE(result.paths[0]->IsValid()); ASSERT_EQ(2U, path0.certs.size()); EXPECT_EQ(target_, path0.certs[0]); EXPECT_EQ(newintermediate_, path0.certs[1]); @@ -522,7 +527,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverOnlyOldRootTrusted) { // which will succeed. const auto& path1 = result.paths[1]->path; EXPECT_EQ(1U, result.best_result_index); - EXPECT_TRUE(result.paths[1]->valid); + EXPECT_TRUE(result.paths[1]->IsValid()); ASSERT_EQ(3U, path1.certs.size()); EXPECT_EQ(target_, path1.certs[0]); EXPECT_EQ(newintermediate_, path1.certs[1]); @@ -548,7 +553,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverBothRootsTrusted) { CertPathBuilder::Result result; CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, - &result); + KeyPurpose::ANY_EKU, &result); path_builder.AddCertIssuerSource(&sync_certs); path_builder.Run(); @@ -561,7 +566,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverBothRootsTrusted) { // either will succeed. ASSERT_EQ(1U, result.paths.size()); const auto& path = result.paths[0]->path; - EXPECT_TRUE(result.paths[0]->valid); + EXPECT_TRUE(result.paths[0]->IsValid()); ASSERT_EQ(2U, path.certs.size()); EXPECT_EQ(target_, path.certs[0]); if (path.certs[1] != newintermediate_) { @@ -584,7 +589,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestAnchorsNoMatchAndNoIssuerSources) { CertPathBuilder::Result result; CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, - &result); + KeyPurpose::ANY_EKU, &result); path_builder.Run(); @@ -616,7 +621,8 @@ TEST_F(PathBuilderKeyRolloverTest, TestMultipleRootMatchesOnlyOneWorks) { CertPathBuilder::Result result; CertPathBuilder path_builder(target_, &trust_store_collection, - &signature_policy_, time_, &result); + &signature_policy_, time_, KeyPurpose::ANY_EKU, + &result); path_builder.AddCertIssuerSource(&sync_certs); path_builder.Run(); @@ -627,7 +633,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestMultipleRootMatchesOnlyOneWorks) { { // Path builder may first attempt: target <- oldintermediate <- newroot // but it will fail since oldintermediate is signed by oldroot. - EXPECT_FALSE(result.paths[0]->valid); + EXPECT_FALSE(result.paths[0]->IsValid()); const auto& path = result.paths[0]->path; ASSERT_EQ(2U, path.certs.size()); EXPECT_EQ(target_, path.certs[0]); @@ -639,7 +645,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestMultipleRootMatchesOnlyOneWorks) { // Path builder will next attempt: // target <- old intermediate <- oldroot // which should succeed. - EXPECT_TRUE(result.paths[result.best_result_index]->valid); + EXPECT_TRUE(result.paths[result.best_result_index]->IsValid()); const auto& path = result.paths[result.best_result_index]->path; ASSERT_EQ(2U, path.certs.size()); EXPECT_EQ(target_, path.certs[0]); @@ -666,7 +672,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverLongChain) { CertPathBuilder::Result result; CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, - &result); + KeyPurpose::ANY_EKU, &result); path_builder.AddCertIssuerSource(&sync_certs); path_builder.AddCertIssuerSource(&async_certs); @@ -677,7 +683,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverLongChain) { // Path builder will first attempt: target <- newintermediate <- oldroot // but it will fail since newintermediate is signed by newroot. - EXPECT_FALSE(result.paths[0]->valid); + EXPECT_FALSE(result.paths[0]->IsValid()); const auto& path0 = result.paths[0]->path; ASSERT_EQ(2U, path0.certs.size()); EXPECT_EQ(target_, path0.certs[0]); @@ -687,7 +693,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverLongChain) { // Path builder will next attempt: // target <- newintermediate <- newroot <- oldroot // but it will fail since newroot is self-signed. - EXPECT_FALSE(result.paths[1]->valid); + EXPECT_FALSE(result.paths[1]->IsValid()); const auto& path1 = result.paths[1]->path; ASSERT_EQ(3U, path1.certs.size()); EXPECT_EQ(target_, path1.certs[0]); @@ -702,7 +708,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverLongChain) { // Finally path builder will use: // target <- newintermediate <- newrootrollover <- oldroot EXPECT_EQ(2U, result.best_result_index); - EXPECT_TRUE(result.paths[2]->valid); + EXPECT_TRUE(result.paths[2]->IsValid()); const auto& path2 = result.paths[2]->path; ASSERT_EQ(3U, path2.certs.size()); EXPECT_EQ(target_, path2.certs[0]); @@ -723,7 +729,8 @@ TEST_F(PathBuilderKeyRolloverTest, TestEndEntityIsTrustRoot) { CertPathBuilder::Result result; // Newintermediate is also the target cert. CertPathBuilder path_builder(newintermediate_, &trust_store, - &signature_policy_, time_, &result); + &signature_policy_, time_, KeyPurpose::ANY_EKU, + &result); path_builder.Run(); @@ -747,7 +754,7 @@ TEST_F(PathBuilderKeyRolloverTest, CertPathBuilder::Result result; // Newroot is the target cert. CertPathBuilder path_builder(newroot_, &trust_store, &signature_policy_, - time_, &result); + time_, KeyPurpose::ANY_EKU, &result); path_builder.AddCertIssuerSource(&sync_certs); path_builder.Run(); @@ -768,7 +775,7 @@ TEST_F(PathBuilderKeyRolloverTest, CertPathBuilder::Result result; // Newroot is the target cert. CertPathBuilder path_builder(newroot_, &trust_store, &signature_policy_, - time_, &result); + time_, KeyPurpose::ANY_EKU, &result); path_builder.Run(); @@ -778,7 +785,7 @@ TEST_F(PathBuilderKeyRolloverTest, // Newroot has same name+SPKI as newrootrollover, thus the path is valid and // only contains newroot. - EXPECT_TRUE(best_result->valid); + EXPECT_TRUE(best_result->IsValid()); ASSERT_EQ(1U, best_result->path.certs.size()); EXPECT_EQ(newroot_, best_result->path.certs[0]); EXPECT_EQ(newrootrollover_, best_result->path.trust_anchor->cert()); @@ -816,7 +823,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediates) { CertPathBuilder::Result result; CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, - &result); + KeyPurpose::ANY_EKU, &result); path_builder.AddCertIssuerSource(&sync_certs1); path_builder.AddCertIssuerSource(&sync_certs2); path_builder.AddCertIssuerSource(&async_certs); @@ -828,7 +835,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediates) { // Path builder will first attempt: target <- oldintermediate <- newroot // but it will fail since oldintermediate is signed by oldroot. - EXPECT_FALSE(result.paths[0]->valid); + EXPECT_FALSE(result.paths[0]->IsValid()); const auto& path0 = result.paths[0]->path; ASSERT_EQ(2U, path0.certs.size()); @@ -841,7 +848,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediates) { // Path builder will next attempt: target <- newintermediate <- newroot // which will succeed. EXPECT_EQ(1U, result.best_result_index); - EXPECT_TRUE(result.paths[1]->valid); + EXPECT_TRUE(result.paths[1]->IsValid()); const auto& path1 = result.paths[1]->path; ASSERT_EQ(2U, path1.certs.size()); EXPECT_EQ(target_, path1.certs[0]); @@ -870,7 +877,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediateAndRoot) { CertPathBuilder::Result result; CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, - &result); + KeyPurpose::ANY_EKU, &result); path_builder.AddCertIssuerSource(&sync_certs); path_builder.Run(); @@ -881,7 +888,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediateAndRoot) { // Path builder attempt: target <- oldintermediate <- newroot // but it will fail since oldintermediate is signed by oldroot. - EXPECT_FALSE(result.paths[0]->valid); + EXPECT_FALSE(result.paths[0]->IsValid()); const auto& path = result.paths[0]->path; ASSERT_EQ(2U, path.certs.size()); EXPECT_EQ(target_, path.certs[0]); @@ -945,7 +952,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestMultipleAsyncIssuersFromSingleSource) { CertPathBuilder::Result result; CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, - &result); + KeyPurpose::ANY_EKU, &result); path_builder.AddCertIssuerSource(&cert_issuer_source); // Create the mock CertIssuerSource::Request... @@ -996,7 +1003,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestMultipleAsyncIssuersFromSingleSource) { // Path builder first attempts: target <- oldintermediate <- newroot // but it will fail since oldintermediate is signed by oldroot. - EXPECT_FALSE(result.paths[0]->valid); + EXPECT_FALSE(result.paths[0]->IsValid()); const auto& path0 = result.paths[0]->path; ASSERT_EQ(2U, path0.certs.size()); EXPECT_EQ(target_, path0.certs[0]); @@ -1005,7 +1012,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestMultipleAsyncIssuersFromSingleSource) { // After the second batch of async results, path builder will attempt: // target <- newintermediate <- newroot which will succeed. - EXPECT_TRUE(result.paths[1]->valid); + EXPECT_TRUE(result.paths[1]->IsValid()); const auto& path1 = result.paths[1]->path; ASSERT_EQ(2U, path1.certs.size()); EXPECT_EQ(target_, path1.certs[0]); @@ -1024,7 +1031,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateAsyncIntermediates) { CertPathBuilder::Result result; CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, - &result); + KeyPurpose::ANY_EKU, &result); path_builder.AddCertIssuerSource(&cert_issuer_source); // Create the mock CertIssuerSource::Request... @@ -1082,7 +1089,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateAsyncIntermediates) { // Path builder first attempts: target <- oldintermediate <- newroot // but it will fail since oldintermediate is signed by oldroot. - EXPECT_FALSE(result.paths[0]->valid); + EXPECT_FALSE(result.paths[0]->IsValid()); const auto& path0 = result.paths[0]->path; ASSERT_EQ(2U, path0.certs.size()); EXPECT_EQ(target_, path0.certs[0]); @@ -1093,7 +1100,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateAsyncIntermediates) { // After the third batch of async results, path builder will attempt: // target <- newintermediate <- newroot which will succeed. - EXPECT_TRUE(result.paths[1]->valid); + EXPECT_TRUE(result.paths[1]->IsValid()); const auto& path1 = result.paths[1]->path; ASSERT_EQ(2U, path1.certs.size()); EXPECT_EQ(target_, path1.certs[0]); diff --git a/chromium/net/cert/internal/path_builder_verify_certificate_chain_unittest.cc b/chromium/net/cert/internal/path_builder_verify_certificate_chain_unittest.cc index 003157b8dfa..43ba879a971 100644 --- a/chromium/net/cert/internal/path_builder_verify_certificate_chain_unittest.cc +++ b/chromium/net/cert/internal/path_builder_verify_certificate_chain_unittest.cc @@ -15,30 +15,27 @@ namespace { class PathBuilderDelegate { public: - static void Verify(const ParsedCertificateList& chain, - const scoped_refptr<TrustAnchor>& trust_anchor, - const der::GeneralizedTime& time, - bool expected_result, - const std::string& expected_errors, + static void Verify(const VerifyCertChainTest& test, const std::string& test_file_path) { SimpleSignaturePolicy signature_policy(1024); - ASSERT_FALSE(chain.empty()); + ASSERT_FALSE(test.chain.empty()); TrustStoreInMemory trust_store; - trust_store.AddTrustAnchor(trust_anchor); + trust_store.AddTrustAnchor(test.trust_anchor); CertIssuerSourceStatic intermediate_cert_issuer_source; - for (size_t i = 1; i < chain.size(); ++i) - intermediate_cert_issuer_source.AddCert(chain[i]); + for (size_t i = 1; i < test.chain.size(); ++i) + intermediate_cert_issuer_source.AddCert(test.chain[i]); CertPathBuilder::Result result; // First cert in the |chain| is the target. - CertPathBuilder path_builder(chain.front(), &trust_store, &signature_policy, - time, &result); + CertPathBuilder path_builder(test.chain.front(), &trust_store, + &signature_policy, test.time, test.key_purpose, + &result); path_builder.AddCertIssuerSource(&intermediate_cert_issuer_source); path_builder.Run(); - EXPECT_EQ(expected_result, result.HasValidPath()); + EXPECT_EQ(test.expected_result, result.HasValidPath()); } }; diff --git a/chromium/net/cert/internal/signature_policy.cc b/chromium/net/cert/internal/signature_policy.cc index b98cb7ae052..8f86b208f14 100644 --- a/chromium/net/cert/internal/signature_policy.cc +++ b/chromium/net/cert/internal/signature_policy.cc @@ -11,11 +11,12 @@ namespace net { +DEFINE_CERT_ERROR_ID(kRsaModulusTooSmall, "RSA modulus too small"); + namespace { DEFINE_CERT_ERROR_ID(kUnacceptableCurveForEcdsa, "Only P-256, P-384, P-521 are supported for ECDSA"); -DEFINE_CERT_ERROR_ID(kRsaModulusTooSmall, "RSA modulus too small"); bool IsModulusSizeGreaterOrEqual(size_t modulus_length_bits, size_t min_length_bits, diff --git a/chromium/net/cert/internal/signature_policy.h b/chromium/net/cert/internal/signature_policy.h index 86d6c32b19f..fbc94ad976f 100644 --- a/chromium/net/cert/internal/signature_policy.h +++ b/chromium/net/cert/internal/signature_policy.h @@ -9,6 +9,7 @@ #include "base/compiler_specific.h" #include "net/base/net_export.h" +#include "net/cert/internal/cert_errors.h" #include "net/cert/internal/signature_algorithm.h" namespace net { @@ -61,6 +62,9 @@ class NET_EXPORT SimpleSignaturePolicy : public SignaturePolicy { const size_t min_rsa_modulus_length_bits_; }; +// TODO(crbug.com/634443): Move exported errors to a central location? +extern CertErrorId kRsaModulusTooSmall; + } // namespace net #endif // NET_CERT_INTERNAL_SIGNATURE_POLICY_H_ diff --git a/chromium/net/cert/internal/test_helpers.cc b/chromium/net/cert/internal/test_helpers.cc index 24d4f329063..80948c2318d 100644 --- a/chromium/net/cert/internal/test_helpers.cc +++ b/chromium/net/cert/internal/test_helpers.cc @@ -102,15 +102,13 @@ der::Input SequenceValueFromString(const std::string* s) { return ::testing::AssertionSuccess(); } +VerifyCertChainTest::VerifyCertChainTest() = default; +VerifyCertChainTest::~VerifyCertChainTest() = default; + void ReadVerifyCertChainTestFromFile(const std::string& file_path_ascii, - ParsedCertificateList* chain, - scoped_refptr<TrustAnchor>* trust_anchor, - der::GeneralizedTime* time, - bool* verify_result, - std::string* expected_errors) { - chain->clear(); - *trust_anchor = nullptr; - expected_errors->clear(); + VerifyCertChainTest* test) { + // Reset all the out parameters to their defaults. + *test = {}; std::string file_data = ReadTestFileToString(file_path_ascii); @@ -124,6 +122,7 @@ void ReadVerifyCertChainTestFromFile(const std::string& file_path_ascii, const char kTimeHeader[] = "TIME"; const char kResultHeader[] = "VERIFY_RESULT"; const char kErrorsHeader[] = "ERRORS"; + const char kKeyPurpose[] = "KEY_PURPOSE"; pem_headers.push_back(kCertificateHeader); pem_headers.push_back(kTrustAnchorUnconstrained); @@ -131,10 +130,12 @@ void ReadVerifyCertChainTestFromFile(const std::string& file_path_ascii, pem_headers.push_back(kTimeHeader); pem_headers.push_back(kResultHeader); pem_headers.push_back(kErrorsHeader); + pem_headers.push_back(kKeyPurpose); bool has_time = false; bool has_result = false; bool has_errors = false; + bool has_key_purpose = false; PEMTokenizer pem_tokenizer(file_data, pem_headers); while (pem_tokenizer.GetNext()) { @@ -147,11 +148,11 @@ void ReadVerifyCertChainTestFromFile(const std::string& file_path_ascii, bssl::UniquePtr<CRYPTO_BUFFER>(CRYPTO_BUFFER_new( reinterpret_cast<const uint8_t*>(block_data.data()), block_data.size(), nullptr)), - {}, chain, &errors)) + {}, &test->chain, &errors)) << errors.ToDebugString(); } else if (block_type == kTrustAnchorUnconstrained || block_type == kTrustAnchorConstrained) { - ASSERT_FALSE(*trust_anchor) << "Duplicate trust anchor"; + ASSERT_FALSE(test->trust_anchor) << "Duplicate trust anchor"; CertErrors errors; scoped_refptr<ParsedCertificate> root = net::ParsedCertificate::Create( bssl::UniquePtr<CRYPTO_BUFFER>(CRYPTO_BUFFER_new( @@ -159,7 +160,7 @@ void ReadVerifyCertChainTestFromFile(const std::string& file_path_ascii, block_data.size(), nullptr)), {}, &errors); ASSERT_TRUE(root) << errors.ToDebugString(); - *trust_anchor = + test->trust_anchor = block_type == kTrustAnchorUnconstrained ? TrustAnchor::CreateFromCertificateNoConstraints(std::move(root)) : TrustAnchor::CreateFromCertificateWithConstraints( @@ -167,23 +168,37 @@ void ReadVerifyCertChainTestFromFile(const std::string& file_path_ascii, } else if (block_type == kTimeHeader) { ASSERT_FALSE(has_time) << "Duplicate " << kTimeHeader; has_time = true; - ASSERT_TRUE(der::ParseUTCTime(der::Input(&block_data), time)); + ASSERT_TRUE(der::ParseUTCTime(der::Input(&block_data), &test->time)); + } else if (block_type == kKeyPurpose) { + ASSERT_FALSE(has_key_purpose) << "Duplicate " << kKeyPurpose; + has_key_purpose = true; + + if (block_data == "anyExtendedKeyUsage") { + test->key_purpose = KeyPurpose::ANY_EKU; + } else if (block_data == "serverAuth") { + test->key_purpose = KeyPurpose::SERVER_AUTH; + } else if (block_data == "clientAuth") { + test->key_purpose = KeyPurpose::CLIENT_AUTH; + } else { + ADD_FAILURE() << "Unrecognized " << block_type << ": " << block_data; + } } else if (block_type == kResultHeader) { ASSERT_FALSE(has_result) << "Duplicate " << kResultHeader; ASSERT_TRUE(block_data == "SUCCESS" || block_data == "FAIL") << "Unrecognized result: " << block_data; has_result = true; - *verify_result = block_data == "SUCCESS"; + test->expected_result = block_data == "SUCCESS"; } else if (block_type == kErrorsHeader) { ASSERT_FALSE(has_errors) << "Duplicate " << kErrorsHeader; has_errors = true; - *expected_errors = block_data; + test->expected_errors = block_data; } } ASSERT_TRUE(has_time); ASSERT_TRUE(has_result); - ASSERT_TRUE(*trust_anchor); + ASSERT_TRUE(test->trust_anchor); + ASSERT_TRUE(has_key_purpose); } std::string ReadTestFileToString(const std::string& file_path_ascii) { diff --git a/chromium/net/cert/internal/test_helpers.h b/chromium/net/cert/internal/test_helpers.h index 0e4cd17a58d..25afc28886d 100644 --- a/chromium/net/cert/internal/test_helpers.h +++ b/chromium/net/cert/internal/test_helpers.h @@ -13,6 +13,7 @@ #include "net/cert/internal/parsed_certificate.h" #include "net/cert/internal/trust_store.h" +#include "net/cert/internal/verify_certificate_chain.h" #include "net/der/input.h" #include "testing/gtest/include/gtest/gtest.h" @@ -76,17 +77,36 @@ template <size_t N> return ReadTestDataFromPemFile(file_path_ascii, mappings, N); } -// Reads a test case from |file_path_ascii| (which is relative to //src). Test -// cases are comprised of a certificate chain, trust anchor, a timestamp to -// validate at, and the expected result of verification. +// Test cases are comprised of all the parameters to certificate +// verification, as well as the expected outputs. +struct VerifyCertChainTest { + VerifyCertChainTest(); + ~VerifyCertChainTest(); + + // The chain of certificates (with the zero-th being the target). + ParsedCertificateList chain; + + // The trust anchor to use when verifying the chain. + scoped_refptr<TrustAnchor> trust_anchor; + + // The time to use when verifying the chain. + der::GeneralizedTime time; + + // The Key Purpose to use when verifying the chain. + KeyPurpose key_purpose = KeyPurpose::ANY_EKU; + + // The expected result from verification. + bool expected_result = false; + + // The expected errors from verification (as a string). + std::string expected_errors; +}; + +// Reads a test case from |file_path_ascii| (which is relative to //src). // Generally |file_path_ascii| will start with: // net/data/verify_certificate_chain_unittest/ void ReadVerifyCertChainTestFromFile(const std::string& file_path_ascii, - ParsedCertificateList* chain, - scoped_refptr<TrustAnchor>* trust_anchor, - der::GeneralizedTime* time, - bool* verify_result, - std::string* expected_errors); + VerifyCertChainTest* test); // Reads a data file relative to the src root directory. std::string ReadTestFileToString(const std::string& file_path_ascii); diff --git a/chromium/net/cert/internal/trust_store.h b/chromium/net/cert/internal/trust_store.h index 6985301f35c..383e83a54d6 100644 --- a/chromium/net/cert/internal/trust_store.h +++ b/chromium/net/cert/internal/trust_store.h @@ -75,7 +75,7 @@ class NET_EXPORT TrustAnchor : public base::RefCountedThreadSafe<TrustAnchor> { // * Signature: No // * Validity (expiration): No // * Key usage: No - // * Extended key usage: No + // * Extended key usage: Yes (not part of RFC 5937) // * Basic constraints: Yes, but only the pathlen (CA=false is accepted) // * Name constraints: Yes // * Certificate policies: Not currently, TODO(crbug.com/634453) diff --git a/chromium/net/cert/internal/trust_store_collection_unittest.cc b/chromium/net/cert/internal/trust_store_collection_unittest.cc index c9cd85ccab8..198988e78c6 100644 --- a/chromium/net/cert/internal/trust_store_collection_unittest.cc +++ b/chromium/net/cert/internal/trust_store_collection_unittest.cc @@ -16,13 +16,14 @@ class TrustStoreCollectionTest : public testing::Test { public: void SetUp() override { ParsedCertificateList chain; - bool unused_verify_result; - der::GeneralizedTime unused_time; - std::string unused_errors; + VerifyCertChainTest test; ReadVerifyCertChainTestFromFile( "net/data/verify_certificate_chain_unittest/key-rollover-oldchain.pem", - &chain, &oldroot_, &unused_time, &unused_verify_result, &unused_errors); + &test); + chain = test.chain; + oldroot_ = test.trust_anchor; + ASSERT_EQ(2U, chain.size()); target_ = chain[0]; oldintermediate_ = chain[1]; @@ -30,12 +31,12 @@ class TrustStoreCollectionTest : public testing::Test { ASSERT_TRUE(oldintermediate_); ASSERT_TRUE(oldroot_); - scoped_refptr<TrustAnchor> unused_root; ReadVerifyCertChainTestFromFile( "net/data/verify_certificate_chain_unittest/" "key-rollover-longrolloverchain.pem", - &chain, &unused_root, &unused_time, &unused_verify_result, - &unused_errors); + &test); + chain = test.chain; + ASSERT_EQ(4U, chain.size()); newintermediate_ = chain[1]; newroot_ = TrustAnchor::CreateFromCertificateNoConstraints(chain[2]); diff --git a/chromium/net/cert/internal/trust_store_in_memory.cc b/chromium/net/cert/internal/trust_store_in_memory.cc index 3f94b6f0c49..a3e9e3eea07 100644 --- a/chromium/net/cert/internal/trust_store_in_memory.cc +++ b/chromium/net/cert/internal/trust_store_in_memory.cc @@ -27,4 +27,12 @@ void TrustStoreInMemory::FindTrustAnchorsForCert( matches->push_back(it->second); } +bool TrustStoreInMemory::Contains(const TrustAnchor* anchor) const { + for (const auto& it : anchors_) { + if (anchor == it.second.get()) + return true; + } + return false; +} + } // namespace net diff --git a/chromium/net/cert/internal/trust_store_in_memory.h b/chromium/net/cert/internal/trust_store_in_memory.h index 45b5123caf1..214d73e7a14 100644 --- a/chromium/net/cert/internal/trust_store_in_memory.h +++ b/chromium/net/cert/internal/trust_store_in_memory.h @@ -30,6 +30,11 @@ class NET_EXPORT TrustStoreInMemory : public TrustStore { void FindTrustAnchorsForCert(const scoped_refptr<ParsedCertificate>& cert, TrustAnchors* matches) const override; + // Returns true if the trust store contains the given TrustAnchor instance. + // Note that this considers only pointer equality and not a more + // broad notion of equivalence based on the object's content. + bool Contains(const TrustAnchor* anchor) const; + private: // Multimap from normalized subject -> TrustAnchor. std::unordered_multimap<base::StringPiece, diff --git a/chromium/net/cert/internal/trust_store_mac.cc b/chromium/net/cert/internal/trust_store_mac.cc index a088a32f4c5..ba31ffb1d59 100644 --- a/chromium/net/cert/internal/trust_store_mac.cc +++ b/chromium/net/cert/internal/trust_store_mac.cc @@ -16,8 +16,8 @@ #include "net/cert/internal/parse_name.h" #include "net/cert/internal/parsed_certificate.h" #include "net/cert/test_keychain_search_list_mac.h" -#include "net/cert/x509_certificate.h" #include "net/cert/x509_util.h" +#include "net/cert/x509_util_mac.h" namespace net { @@ -146,7 +146,7 @@ TrustStatus IsTrustSettingsTrustedForPolicy(CFArrayRef trust_settings, // |policy_oid|. TrustStatus IsSecCertificateTrustedForPolicy(SecCertificateRef cert_handle, const CFStringRef policy_oid) { - const bool is_self_signed = X509Certificate::IsSelfSigned(cert_handle); + const bool is_self_signed = x509_util::IsSelfSigned(cert_handle); // Evaluate trust domains in user, admin, system order. Admin settings can // override system ones, and user settings can override both admin and system. for (const auto& trust_domain : @@ -320,8 +320,8 @@ base::ScopedCFTypeRef<CFDataRef> TrustStoreMac::GetMacNormalizedIssuer( // There does not appear to be any public API to get the normalized version // of a Name without creating a SecCertificate. base::ScopedCFTypeRef<SecCertificateRef> cert_handle( - X509Certificate::CreateOSCertHandleFromBytes( - cert->der_cert().AsStringPiece().data(), cert->der_cert().Length())); + x509_util::CreateSecCertificateFromBytes(cert->der_cert().UnsafeData(), + cert->der_cert().Length())); if (!cert_handle) { LOG(ERROR) << "CreateOSCertHandleFromBytes"; return name_data; diff --git a/chromium/net/cert/internal/trust_store_mac_unittest.cc b/chromium/net/cert/internal/trust_store_mac_unittest.cc index 1d1bc4916d9..bba5995eb6c 100644 --- a/chromium/net/cert/internal/trust_store_mac_unittest.cc +++ b/chromium/net/cert/internal/trust_store_mac_unittest.cc @@ -18,6 +18,7 @@ #include "net/cert/test_keychain_search_list_mac.h" #include "net/cert/x509_certificate.h" #include "net/cert/x509_util.h" +#include "net/cert/x509_util_mac.h" #include "net/test/test_data_directory.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" @@ -263,9 +264,8 @@ TEST(TrustStoreMacTest, SystemCerts) { } base::ScopedCFTypeRef<SecCertificateRef> cert_handle( - X509Certificate::CreateOSCertHandleFromBytes( - cert->der_cert().AsStringPiece().data(), - cert->der_cert().Length())); + x509_util::CreateSecCertificateFromBytes(cert->der_cert().UnsafeData(), + cert->der_cert().Length())); if (!cert_handle) { ADD_FAILURE() << "CreateOSCertHandleFromBytes " << hash_text; continue; diff --git a/chromium/net/cert/internal/trust_store_nss_unittest.cc b/chromium/net/cert/internal/trust_store_nss_unittest.cc index f9d1f272d74..e83ba672865 100644 --- a/chromium/net/cert/internal/trust_store_nss_unittest.cc +++ b/chromium/net/cert/internal/trust_store_nss_unittest.cc @@ -24,14 +24,14 @@ class TrustStoreNSSTest : public testing::Test { void SetUp() override { ASSERT_TRUE(test_nssdb_.is_open()); + VerifyCertChainTest test; ParsedCertificateList chain; - bool unused_verify_result; - der::GeneralizedTime unused_time; - std::string unused_errors; - ReadVerifyCertChainTestFromFile( "net/data/verify_certificate_chain_unittest/key-rollover-oldchain.pem", - &chain, &oldroot_, &unused_time, &unused_verify_result, &unused_errors); + &test); + chain = test.chain; + oldroot_ = test.trust_anchor; + ASSERT_EQ(2U, chain.size()); target_ = chain[0]; oldintermediate_ = chain[1]; @@ -39,12 +39,12 @@ class TrustStoreNSSTest : public testing::Test { ASSERT_TRUE(oldintermediate_); ASSERT_TRUE(oldroot_); - scoped_refptr<TrustAnchor> unused_root; ReadVerifyCertChainTestFromFile( "net/data/verify_certificate_chain_unittest/" "key-rollover-longrolloverchain.pem", - &chain, &unused_root, &unused_time, &unused_verify_result, - &unused_errors); + &test); + chain = test.chain; + ASSERT_EQ(4U, chain.size()); newintermediate_ = chain[1]; newroot_ = TrustAnchor::CreateFromCertificateNoConstraints(chain[2]); diff --git a/chromium/net/cert/internal/verify_certificate_chain.cc b/chromium/net/cert/internal/verify_certificate_chain.cc index 041a6fc7842..5f2b7d81bd7 100644 --- a/chromium/net/cert/internal/verify_certificate_chain.cc +++ b/chromium/net/cert/internal/verify_certificate_chain.cc @@ -9,8 +9,8 @@ #include "base/logging.h" #include "base/memory/ptr_util.h" #include "net/cert/internal/cert_error_params.h" -#include "net/cert/internal/cert_error_scoper.h" #include "net/cert/internal/cert_errors.h" +#include "net/cert/internal/extended_key_usage.h" #include "net/cert/internal/name_constraints.h" #include "net/cert/internal/parse_certificate.h" #include "net/cert/internal/signature_algorithm.h" @@ -22,6 +22,9 @@ namespace net { +DEFINE_CERT_ERROR_ID(kValidityFailedNotAfter, "Time is after notAfter"); +DEFINE_CERT_ERROR_ID(kValidityFailedNotBefore, "Time is before notBefore"); + namespace { // ----------------------------------------------- @@ -50,51 +53,44 @@ DEFINE_CERT_ERROR_ID(kNotPermittedByNameConstraints, DEFINE_CERT_ERROR_ID(kSubjectDoesNotMatchIssuer, "subject does not match issuer"); DEFINE_CERT_ERROR_ID(kVerifySignedDataFailed, "VerifySignedData failed"); -DEFINE_CERT_ERROR_ID(kValidityFailedNotAfter, "Time is after notAfter"); -DEFINE_CERT_ERROR_ID(kValidityFailedNotBefore, "Time is before notBefore"); DEFINE_CERT_ERROR_ID(kSignatureAlgorithmsDifferentEncoding, "Certificate.signatureAlgorithm is encoded differently " "than TBSCertificate.signature"); +DEFINE_CERT_ERROR_ID(kEkuLacksServerAuth, + "The extended key usage does not include server auth"); +DEFINE_CERT_ERROR_ID(kEkuLacksClientAuth, + "The extended key usage does not include client auth"); -DEFINE_CERT_ERROR_ID(kContextTrustAnchor, "Processing Trust Anchor"); -DEFINE_CERT_ERROR_ID(kContextCertificate, "Processing Certificate"); - -// This class changes the error scope to indicate which certificate in the -// chain is currently being processed. -class CertErrorScoperForCert : public CertErrorScoper { - public: - CertErrorScoperForCert(CertErrors* parent_errors, size_t index) - : CertErrorScoper(parent_errors), index_(index) {} - - std::unique_ptr<CertErrorNode> BuildRootNode() override { - return base::MakeUnique<CertErrorNode>( - CertErrorNodeType::TYPE_CONTEXT, kContextCertificate, - CreateCertErrorParams1SizeT("index", index_)); - } - - private: - size_t index_; +bool IsHandledCriticalExtensionOid(const der::Input& oid) { + if (oid == BasicConstraintsOid()) + return true; + if (oid == KeyUsageOid()) + return true; + if (oid == ExtKeyUsageOid()) + return true; + if (oid == NameConstraintsOid()) + return true; + // TODO(eroman): SubjectAltName isn't actually used here, but rather is being + // checked by a higher layer. + if (oid == SubjectAltNameOid()) + return true; - DISALLOW_COPY_AND_ASSIGN(CertErrorScoperForCert); -}; + // TODO(eroman): Make this more complete. + return false; +} -// Returns true if the certificate does not contain any unconsumed _critical_ +// Adds errors to |errors| if the certificate contains unconsumed _critical_ // extensions. -WARN_UNUSED_RESULT bool VerifyNoUnconsumedCriticalExtensions( - const ParsedCertificate& cert, - CertErrors* errors) { - bool has_unconsumed_critical_extensions = false; - - for (const auto& entry : cert.unparsed_extensions()) { - if (entry.second.critical) { - has_unconsumed_critical_extensions = true; +void VerifyNoUnconsumedCriticalExtensions(const ParsedCertificate& cert, + CertErrors* errors) { + for (const auto& it : cert.extensions()) { + const ParsedExtension& extension = it.second; + if (extension.critical && !IsHandledCriticalExtensionOid(extension.oid)) { errors->AddError(kUnconsumedCriticalExtension, - CreateCertErrorParams2Der("oid", entry.second.oid, - "value", entry.second.value)); + CreateCertErrorParams2Der("oid", extension.oid, "value", + extension.value)); } } - - return !has_unconsumed_critical_extensions; } // Returns true if |cert| was self-issued. The definition of self-issuance @@ -112,30 +108,25 @@ WARN_UNUSED_RESULT bool IsSelfIssued(const ParsedCertificate& cert) { return cert.normalized_subject() == cert.normalized_issuer(); } -// Returns true if |cert| is valid at time |time|. +// Adds errors to |errors| if |cert| is not valid at time |time|. // // The certificate's validity requirements are described by RFC 5280 section // 4.1.2.5: // // The validity period for a certificate is the period of time from // notBefore through notAfter, inclusive. -WARN_UNUSED_RESULT bool VerifyTimeValidity(const ParsedCertificate& cert, - const der::GeneralizedTime time, - CertErrors* errors) { - if (time < cert.tbs().validity_not_before) { +void VerifyTimeValidity(const ParsedCertificate& cert, + const der::GeneralizedTime time, + CertErrors* errors) { + if (time < cert.tbs().validity_not_before) errors->AddError(kValidityFailedNotBefore); - return false; - } - if (cert.tbs().validity_not_after < time) { + if (cert.tbs().validity_not_after < time) errors->AddError(kValidityFailedNotAfter); - return false; - } - - return true; } -// Returns true if |cert| has internally consistent signature algorithms. +// Adds errors to |errors| if |cert| has internally inconsistent signature +// algorithms. // // X.509 certificates contain two different signature algorithms: // (1) The signatureAlgorithm field of Certificate @@ -154,16 +145,15 @@ WARN_UNUSED_RESULT bool VerifyTimeValidity(const ParsedCertificate& cert, // In practice however there are certificates which use different encodings for // specifying RSA with SHA1 (different OIDs). This is special-cased for // compatibility sake. -WARN_UNUSED_RESULT bool VerifySignatureAlgorithmsMatch( - const ParsedCertificate& cert, - CertErrors* errors) { +void VerifySignatureAlgorithmsMatch(const ParsedCertificate& cert, + CertErrors* errors) { const der::Input& alg1_tlv = cert.signature_algorithm_tlv(); const der::Input& alg2_tlv = cert.tbs().signature_algorithm_tlv; // Ensure that the two DER-encoded signature algorithms are byte-for-byte // equal. if (alg1_tlv == alg2_tlv) - return true; + return; // But make a compatibility concession if alternate encodings are used // TODO(eroman): Turn this warning into an error. @@ -173,20 +163,58 @@ WARN_UNUSED_RESULT bool VerifySignatureAlgorithmsMatch( kSignatureAlgorithmsDifferentEncoding, CreateCertErrorParams2Der("Certificate.algorithm", alg1_tlv, "TBSCertificate.signature", alg2_tlv)); - return true; + return; } errors->AddError( kSignatureAlgorithmMismatch, CreateCertErrorParams2Der("Certificate.algorithm", alg1_tlv, "TBSCertificate.signature", alg2_tlv)); +} - return false; +// Verify that |cert| can be used for |required_key_purpose|. +void VerifyExtendedKeyUsage(const ParsedCertificate& cert, + KeyPurpose required_key_purpose, + CertErrors* errors) { + switch (required_key_purpose) { + case KeyPurpose::ANY_EKU: + return; + case KeyPurpose::SERVER_AUTH: { + // TODO(eroman): Is it OK for the target certificate to omit the EKU? + if (!cert.has_extended_key_usage()) + return; + + for (const auto& key_purpose_oid : cert.extended_key_usage()) { + if (key_purpose_oid == AnyEKU()) + return; + if (key_purpose_oid == ServerAuth()) + return; + } + + errors->AddError(kEkuLacksServerAuth); + break; + } + case KeyPurpose::CLIENT_AUTH: { + // TODO(eroman): Is it OK for the target certificate to omit the EKU? + if (!cert.has_extended_key_usage()) + return; + + for (const auto& key_purpose_oid : cert.extended_key_usage()) { + if (key_purpose_oid == AnyEKU()) + return; + if (key_purpose_oid == ClientAuth()) + return; + } + + errors->AddError(kEkuLacksClientAuth); + break; + } + } } // This function corresponds to RFC 5280 section 6.1.3's "Basic Certificate // Processing" procedure. -WARN_UNUSED_RESULT bool BasicCertificateProcessing( +void BasicCertificateProcessing( const ParsedCertificate& cert, bool is_target_cert, const SignaturePolicy* signature_policy, @@ -198,8 +226,7 @@ WARN_UNUSED_RESULT bool BasicCertificateProcessing( // Check that the signature algorithms in Certificate vs TBSCertificate // match. This isn't part of RFC 5280 section 6.1.3, but is mandated by // sections 4.1.1.2 and 4.1.2.3. - if (!VerifySignatureAlgorithmsMatch(cert, errors)) - return false; + VerifySignatureAlgorithmsMatch(cert, errors); // Verify the digital signature using the previous certificate's key (RFC // 5280 section 6.1.3 step a.1). @@ -207,30 +234,25 @@ WARN_UNUSED_RESULT bool BasicCertificateProcessing( errors->AddError( kInvalidOrUnsupportedSignatureAlgorithm, CreateCertErrorParams1Der("algorithm", cert.signature_algorithm_tlv())); - return false; - } - - if (!VerifySignedData(cert.signature_algorithm(), cert.tbs_certificate_tlv(), - cert.signature_value(), working_spki, signature_policy, - errors)) { - errors->AddError(kVerifySignedDataFailed); - return false; + } else { + if (!VerifySignedData(cert.signature_algorithm(), + cert.tbs_certificate_tlv(), cert.signature_value(), + working_spki, signature_policy, errors)) { + errors->AddError(kVerifySignedDataFailed); + } } // Check the time range for the certificate's validity, ensuring it is valid // at |time|. // (RFC 5280 section 6.1.3 step a.2) - if (!VerifyTimeValidity(cert, time, errors)) - return false; + VerifyTimeValidity(cert, time, errors); // TODO(eroman): Check revocation (RFC 5280 section 6.1.3 step a.3) // Verify the certificate's issuer name matches the issuing certificate's // subject name. (RFC 5280 section 6.1.3 step a.4) - if (cert.normalized_issuer() != working_normalized_issuer_name) { + if (cert.normalized_issuer() != working_normalized_issuer_name) errors->AddError(kSubjectDoesNotMatchIssuer); - return false; - } // Name constraints (RFC 5280 section 6.1.3 step b & c) // If certificate i is self-issued and it is not the final certificate in the @@ -241,20 +263,17 @@ WARN_UNUSED_RESULT bool BasicCertificateProcessing( if (!nc->IsPermittedCert(cert.normalized_subject(), cert.subject_alt_names())) { errors->AddError(kNotPermittedByNameConstraints); - return false; } } } // TODO(eroman): Steps d-f are omitted, as policy constraints are not yet // implemented. - - return true; } // This function corresponds to RFC 5280 section 6.1.4's "Preparation for // Certificate i+1" procedure. |cert| is expected to be an intermediate. -WARN_UNUSED_RESULT bool PrepareForNextCertificate( +void PrepareForNextCertificate( const ParsedCertificate& cert, size_t* max_path_length_ptr, der::Input* working_spki, @@ -300,12 +319,8 @@ WARN_UNUSED_RESULT bool PrepareForNextCertificate( // can't contain a BasicConstraints extension. if (!cert.has_basic_constraints()) { errors->AddError(kMissingBasicConstraints); - return false; - } - - if (!cert.basic_constraints().is_ca) { + } else if (!cert.basic_constraints().is_ca) { errors->AddError(kBasicConstraintsIndicatesNotCa); - return false; } // From RFC 5280 section 6.1.4 step l: @@ -316,9 +331,9 @@ WARN_UNUSED_RESULT bool PrepareForNextCertificate( if (!IsSelfIssued(cert)) { if (*max_path_length_ptr == 0) { errors->AddError(kMaxPathLengthViolated); - return false; + } else { + --(*max_path_length_ptr); } - --(*max_path_length_ptr); } // From RFC 5280 section 6.1.4 step m: @@ -326,7 +341,7 @@ WARN_UNUSED_RESULT bool PrepareForNextCertificate( // If pathLenConstraint is present in the certificate and is // less than max_path_length, set max_path_length to the value // of pathLenConstraint. - if (cert.basic_constraints().has_path_len && + if (cert.has_basic_constraints() && cert.basic_constraints().has_path_len && cert.basic_constraints().path_len < *max_path_length_ptr) { *max_path_length_ptr = cert.basic_constraints().path_len; } @@ -338,7 +353,6 @@ WARN_UNUSED_RESULT bool PrepareForNextCertificate( if (cert.has_key_usage() && !cert.key_usage().AssertsBit(KEY_USAGE_BIT_KEY_CERT_SIGN)) { errors->AddError(kKeyCertSignBitNotSet); - return false; } // From RFC 5280 section 6.1.4 step o: @@ -347,15 +361,12 @@ WARN_UNUSED_RESULT bool PrepareForNextCertificate( // the certificate. Process any other recognized non-critical // extension present in the certificate that is relevant to path // processing. - if (!VerifyNoUnconsumedCriticalExtensions(cert, errors)) - return false; - - return true; + VerifyNoUnconsumedCriticalExtensions(cert, errors); } // Checks that if the target certificate has properties that only a CA should // have (keyCertSign, CA=true, pathLenConstraint), then its other properties -// are consistent with being a CA. +// are consistent with being a CA. If it does, adds errors to |errors|. // // This follows from some requirements in RFC 5280 section 4.2.1.9. In // particular: @@ -375,9 +386,8 @@ WARN_UNUSED_RESULT bool PrepareForNextCertificate( // TODO(eroman): I don't believe Firefox enforces the keyCertSign restriction // for compatibility reasons. Investigate if we need to similarly relax this // constraint. -WARN_UNUSED_RESULT bool VerifyTargetCertHasConsistentCaBits( - const ParsedCertificate& cert, - CertErrors* errors) { +void VerifyTargetCertHasConsistentCaBits(const ParsedCertificate& cert, + CertErrors* errors) { // Check if the certificate contains any property specific to CAs. bool has_ca_property = (cert.has_basic_constraints() && @@ -397,17 +407,12 @@ WARN_UNUSED_RESULT bool VerifyTargetCertHasConsistentCaBits( // TODO(eroman): Add DER for basic constraints and key usage. errors->AddError(kTargetCertInconsistentCaBits); } - - return success; } - - return true; } // This function corresponds with RFC 5280 section 6.1.5's "Wrap-Up Procedure". // It does processing for the final certificate (the target cert). -WARN_UNUSED_RESULT bool WrapUp(const ParsedCertificate& cert, - CertErrors* errors) { +void WrapUp(const ParsedCertificate& cert, CertErrors* errors) { // TODO(crbug.com/634452): Steps a-b are omitted as policy constraints are not // yet implemented. @@ -423,40 +428,38 @@ WARN_UNUSED_RESULT bool WrapUp(const ParsedCertificate& cert, // // Note that this is duplicated by PrepareForNextCertificate() so as to // directly match the procedures in RFC 5280's section 6.1. - if (!VerifyNoUnconsumedCriticalExtensions(cert, errors)) - return false; + VerifyNoUnconsumedCriticalExtensions(cert, errors); // TODO(eroman): Step g is omitted, as policy constraints are not yet // implemented. // The following check is NOT part of RFC 5280 6.1.5's "Wrap-Up Procedure", // however is implied by RFC 5280 section 4.2.1.9. - if (!VerifyTargetCertHasConsistentCaBits(cert, errors)) - return false; - - return true; + VerifyTargetCertHasConsistentCaBits(cert, errors); } // Initializes the path validation algorithm given anchor constraints. This // follows the description in RFC 5937 -WARN_UNUSED_RESULT bool ProcessTrustAnchorConstraints( +void ProcessTrustAnchorConstraints( const TrustAnchor& trust_anchor, + KeyPurpose required_key_purpose, size_t* max_path_length_ptr, std::vector<const NameConstraints*>* name_constraints_list, CertErrors* errors) { - // Set the trust anchor as the current context for any subsequent errors. - CertErrorScoperNoParams error_context(errors, kContextTrustAnchor); - // In RFC 5937 the enforcement of anchor constraints is governed by the input // enforceTrustAnchorConstraints to path validation. In our implementation // this is always on, and enforcement is controlled solely by whether or not // the trust anchor specified constraints. if (!trust_anchor.enforces_constraints()) - return true; + return; // Anchor constraints are encoded via the attached certificate. const ParsedCertificate& cert = *trust_anchor.cert(); + // This is not part of RFC 5937 nor RFC 5280, but matches the EKU handling + // done for intermediates (described in Web PKI's Baseline Requirements). + VerifyExtendedKeyUsage(cert, required_key_purpose, errors); + // The following enforcements follow from RFC 5937 (primarily section 3.2): // Initialize name constraints initial-permitted/excluded-subtrees. @@ -491,29 +494,26 @@ WARN_UNUSED_RESULT bool ProcessTrustAnchorConstraints( // Extensions may be marked critical or not critical. When trust anchor // constraints are enforced, clients MUST reject certification paths // containing a trust anchor with unrecognized critical extensions. - if (!VerifyNoUnconsumedCriticalExtensions(cert, errors)) - return false; - - return true; + VerifyNoUnconsumedCriticalExtensions(cert, errors); } -} // namespace - // This implementation is structured to mimic the description of certificate // path verification given by RFC 5280 section 6.1. -bool VerifyCertificateChain(const ParsedCertificateList& certs, - const TrustAnchor* trust_anchor, - const SignaturePolicy* signature_policy, - const der::GeneralizedTime& time, - CertErrors* errors) { +void VerifyCertificateChainNoReturnValue( + const ParsedCertificateList& certs, + const TrustAnchor* trust_anchor, + const SignaturePolicy* signature_policy, + const der::GeneralizedTime& time, + KeyPurpose required_key_purpose, + CertPathErrors* errors) { DCHECK(trust_anchor); DCHECK(signature_policy); DCHECK(errors); // An empty chain is necessarily invalid. if (certs.empty()) { - errors->AddError(kChainIsEmpty); - return false; + errors->GetOtherErrors()->AddError(kChainIsEmpty); + return; } // Will contain a NameConstraints for each previous cert in the chain which @@ -556,10 +556,13 @@ bool VerifyCertificateChain(const ParsedCertificateList& certs, size_t max_path_length = certs.size(); // Apply any trust anchor constraints per RFC 5937. - if (!ProcessTrustAnchorConstraints(*trust_anchor, &max_path_length, - &name_constraints_list, errors)) { - return false; - } + // + // TODO(eroman): Errors on the trust anchor are put into a certificate bucket + // GetErrorsForCert(certs.size()). This is a bit magical, and + // has some integration issues. + ProcessTrustAnchorConstraints(*trust_anchor, required_key_purpose, + &max_path_length, &name_constraints_list, + errors->GetErrorsForCert(certs.size())); // Iterate over all the certificates in the reverse direction: starting from // the certificate signed by trust anchor and progressing towards the target @@ -579,28 +582,33 @@ bool VerifyCertificateChain(const ParsedCertificateList& certs, const ParsedCertificate& cert = *certs[index_into_certs]; - // Set the current certificate as the context for any subsequent errors. - CertErrorScoperForCert error_context(errors, i); + // Output errors for the current certificate into an error bucket that is + // associated with that certificate. + CertErrors* cert_errors = errors->GetErrorsForCert(index_into_certs); // Per RFC 5280 section 6.1: // * Do basic processing for each certificate // * If it is the last certificate in the path (target certificate) // - Then run "Wrap up" // - Otherwise run "Prepare for Next cert" - if (!BasicCertificateProcessing( - cert, is_target_cert, signature_policy, time, working_spki, - working_normalized_issuer_name, name_constraints_list, errors)) { - return false; - } + BasicCertificateProcessing(cert, is_target_cert, signature_policy, time, + working_spki, working_normalized_issuer_name, + name_constraints_list, cert_errors); + + // The key purpose is checked not just for the end-entity certificate, but + // also interpreted as a constraint when it appears in intermediates. This + // goes beyond what RFC 5280 describes, but is the de-facto standard. See + // https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Frequently_Asked_Questions + VerifyExtendedKeyUsage(cert, required_key_purpose, cert_errors); + if (!is_target_cert) { - if (!PrepareForNextCertificate(cert, &max_path_length, &working_spki, - &working_normalized_issuer_name, - &name_constraints_list, errors)) { - return false; - } + PrepareForNextCertificate(cert, &max_path_length, &working_spki, + &working_normalized_issuer_name, + &name_constraints_list, cert_errors); } else { - if (!WrapUp(cert, errors)) - return false; + WrapUp(cert, cert_errors); + // TODO(eroman): Verify the Key Usage on target is consistent with + // key_purpose. } } @@ -608,8 +616,22 @@ bool VerifyCertificateChain(const ParsedCertificateList& certs, // // A certificate MUST NOT appear more than once in a prospective // certification path. +} + +} // namespace - return true; +bool VerifyCertificateChain(const ParsedCertificateList& certs, + const TrustAnchor* trust_anchor, + const SignaturePolicy* signature_policy, + const der::GeneralizedTime& time, + KeyPurpose required_key_purpose, + CertPathErrors* errors) { + // TODO(eroman): This function requires that |errors| is empty upon entry, + // which is not part of the API contract. + DCHECK(!errors->ContainsHighSeverityErrors()); + VerifyCertificateChainNoReturnValue(certs, trust_anchor, signature_policy, + time, required_key_purpose, errors); + return !errors->ContainsHighSeverityErrors(); } } // namespace net diff --git a/chromium/net/cert/internal/verify_certificate_chain.h b/chromium/net/cert/internal/verify_certificate_chain.h index 428bd7b0214..7abeede6dd4 100644 --- a/chromium/net/cert/internal/verify_certificate_chain.h +++ b/chromium/net/cert/internal/verify_certificate_chain.h @@ -23,6 +23,13 @@ struct GeneralizedTime; class SignaturePolicy; class TrustAnchor; +// The key purpose (extended key usage) to check for during verification. +enum class KeyPurpose { + ANY_EKU, + SERVER_AUTH, + CLIENT_AUTH, +}; + // VerifyCertificateChain() verifies a certificate path (chain) based on the // rules in RFC 5280. The caller is responsible for building the path and // finding the trust anchor. @@ -56,23 +63,31 @@ class TrustAnchor; // time: // The UTC time to use for expiration checks. // +// key_purpose: +// The key purpose that the target certificate needs to be valid for. +// // --------- // Outputs // --------- // // Returns true if the target certificate can be verified. +// TODO(eroman): This return value is redundant with the |errors| parameter. // // errors: // Must be non-null. The set of errors/warnings encountered while -// validating the path are appended to this structure. There is no -// guarantee that on success |errors| is empty, or conversely that -// on failure |errors| is non-empty. Consumers must only use the -// boolean return value to determine success/failure. +// validating the path are appended to this structure. If verification +// failed, then there is guaranteed to be at least 1 error written to +// |errors|. NET_EXPORT bool VerifyCertificateChain(const ParsedCertificateList& certs, const TrustAnchor* trust_anchor, const SignaturePolicy* signature_policy, const der::GeneralizedTime& time, - CertErrors* errors) WARN_UNUSED_RESULT; + KeyPurpose required_key_purpose, + CertPathErrors* errors); + +// TODO(crbug.com/634443): Move exported errors to a central location? +extern CertErrorId kValidityFailedNotAfter; +extern CertErrorId kValidityFailedNotBefore; } // namespace net diff --git a/chromium/net/cert/internal/verify_certificate_chain_pkits_unittest.cc b/chromium/net/cert/internal/verify_certificate_chain_pkits_unittest.cc index 52a5ff88a0d..97a81cc73b7 100644 --- a/chromium/net/cert/internal/verify_certificate_chain_pkits_unittest.cc +++ b/chromium/net/cert/internal/verify_certificate_chain_pkits_unittest.cc @@ -57,14 +57,15 @@ class VerifyCertificateChainPkitsTestDelegate { // PKITS lists chains from trust anchor to target, VerifyCertificateChain // takes them starting with the target and not including the trust anchor. std::vector<scoped_refptr<net::ParsedCertificate>> input_chain; - CertErrors errors; + CertErrors parsing_errors; for (auto i = cert_ders.rbegin(); i != cert_ders.rend(); ++i) { if (!net::ParsedCertificate::CreateAndAddToVector( bssl::UniquePtr<CRYPTO_BUFFER>( CRYPTO_BUFFER_new(reinterpret_cast<const uint8_t*>(i->data()), i->size(), nullptr)), - {}, &input_chain, &errors)) { - ADD_FAILURE() << "Cert failed to parse:\n" << errors.ToDebugString(); + {}, &input_chain, &parsing_errors)) { + ADD_FAILURE() << "Cert failed to parse:\n" + << parsing_errors.ToDebugString(); return false; } } @@ -78,13 +79,13 @@ class VerifyCertificateChainPkitsTestDelegate { // Run all tests at the time the PKITS was published. der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0}; + CertPathErrors path_errors; bool result = VerifyCertificateChain(input_chain, trust_anchor.get(), - &signature_policy, time, &errors); + &signature_policy, time, + KeyPurpose::ANY_EKU, &path_errors); // TODO(crbug.com/634443): Test errors on failure? - if (!result) - EXPECT_FALSE(errors.empty()); - + EXPECT_EQ(result, !path_errors.ContainsHighSeverityErrors()); return result; } }; diff --git a/chromium/net/cert/internal/verify_certificate_chain_typed_unittest.h b/chromium/net/cert/internal/verify_certificate_chain_typed_unittest.h index 8c64d916cc3..48e401869e3 100644 --- a/chromium/net/cert/internal/verify_certificate_chain_typed_unittest.h +++ b/chromium/net/cert/internal/verify_certificate_chain_typed_unittest.h @@ -8,6 +8,7 @@ #include "net/cert/internal/parsed_certificate.h" #include "net/cert/internal/test_helpers.h" #include "net/cert/internal/trust_store.h" +#include "net/cert/internal/verify_certificate_chain.h" #include "net/cert/pem_tokenizer.h" #include "net/der/input.h" #include "testing/gtest/include/gtest/gtest.h" @@ -18,20 +19,16 @@ template <typename TestDelegate> class VerifyCertificateChainTest : public ::testing::Test { public: void RunTest(const char* file_name) { - ParsedCertificateList chain; - scoped_refptr<TrustAnchor> trust_anchor; - der::GeneralizedTime time; - bool expected_result; - std::string expected_errors; + VerifyCertChainTest test; std::string path = std::string("net/data/verify_certificate_chain_unittest/") + file_name; - ReadVerifyCertChainTestFromFile(path, &chain, &trust_anchor, &time, - &expected_result, &expected_errors); + SCOPED_TRACE("Test file: " + path); - TestDelegate::Verify(chain, trust_anchor, time, expected_result, - expected_errors, path); + ReadVerifyCertChainTestFromFile(path, &test); + + TestDelegate::Verify(test, path); } }; @@ -43,60 +40,42 @@ class VerifyCertificateChainSingleRootTest TYPED_TEST_CASE_P(VerifyCertificateChainSingleRootTest); -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, TargetAndIntermediate) { +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, Simple) { this->RunTest("target-and-intermediate.pem"); } -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - IntermediateLacksBasicConstraints) { +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, BasicConstraintsCa) { this->RunTest("intermediate-lacks-basic-constraints.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - IntermediateBasicConstraintsCaFalse) { this->RunTest("intermediate-basic-constraints-ca-false.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - IntermediateBasicConstraintsNotCritical) { this->RunTest("intermediate-basic-constraints-not-critical.pem"); + this->RunTest("unconstrained-root-lacks-basic-constraints.pem"); + this->RunTest("constrained-root-lacks-basic-constraints.pem"); + this->RunTest("unconstrained-root-basic-constraints-ca-false.pem"); + this->RunTest("constrained-root-basic-constraints-ca-false.pem"); } -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - IntermediateLacksSigningKeyUsage) { - this->RunTest("intermediate-lacks-signing-key-usage.pem"); +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, BasicConstraintsPathlen) { + this->RunTest("violates-basic-constraints-pathlen-0.pem"); + this->RunTest("basic-constraints-pathlen-0-self-issued.pem"); + this->RunTest("target-has-pathlen-but-not-ca.pem"); + this->RunTest("violates-pathlen-1-constrained-root.pem"); + this->RunTest("violates-pathlen-1-unconstrained-root.pem"); } -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - IntermediateUnknownCriticalExtension) { +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, UnknownExtension) { this->RunTest("intermediate-unknown-critical-extension.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - IntermediateUnknownNonCriticalExtension) { this->RunTest("intermediate-unknown-non-critical-extension.pem"); + this->RunTest("target-unknown-critical-extension.pem"); } -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - ViolatesBasicConstraintsPathlen0) { - this->RunTest("violates-basic-constraints-pathlen-0.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - BasicConstraintsPathlen0SelfIssued) { - this->RunTest("basic-constraints-pathlen-0-self-issued.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, TargetSignedWithMd5) { +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, Md5) { this->RunTest("target-signed-with-md5.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, IntermediateSignedWithMd5) { this->RunTest("intermediate-signed-with-md5.pem"); } -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, TargetWrongSignature) { +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, WrongSignature) { this->RunTest("target-wrong-signature.pem"); + this->RunTest("incorrect-trust-anchor.pem"); } TYPED_TEST_P(VerifyCertificateChainSingleRootTest, TargetSignedBy512bitRsa) { @@ -107,23 +86,11 @@ TYPED_TEST_P(VerifyCertificateChainSingleRootTest, TargetSignedUsingEcdsa) { this->RunTest("target-signed-using-ecdsa.pem"); } -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ExpiredIntermediate) { - this->RunTest("expired-intermediate.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ExpiredTarget) { +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, Expired) { this->RunTest("expired-target.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ExpiredTargetNotBefore) { + this->RunTest("expired-intermediate.pem"); this->RunTest("expired-target-notBefore.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ExpiredUnconstrainedRoot) { this->RunTest("expired-unconstrained-root.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ExpiredConstrainedRoot) { this->RunTest("expired-constrained-root.pem"); } @@ -131,138 +98,60 @@ TYPED_TEST_P(VerifyCertificateChainSingleRootTest, TargetNotEndEntity) { this->RunTest("target-not-end-entity.pem"); } -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - TargetHasKeyCertSignButNotCa) { +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, KeyUsage) { + this->RunTest("intermediate-lacks-signing-key-usage.pem"); this->RunTest("target-has-keycertsign-but-not-ca.pem"); } -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, TargetHasPathlenButNotCa) { - this->RunTest("target-has-pathlen-but-not-ca.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - TargetUnknownCriticalExtension) { - this->RunTest("target-unknown-critical-extension.pem"); +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, ExtendedKeyUsage) { + this->RunTest("target-lacks-eku.pem"); + this->RunTest("target-restricts-eku-fail.pem"); + this->RunTest("intermediate-restricts-eku-fail.pem"); + this->RunTest("intermediate-restricts-eku-ok.pem"); + this->RunTest("intermediate-sets-eku-any.pem"); + this->RunTest("target-sets-eku-any.pem"); + this->RunTest("constrained-root-bad-eku.pem"); + this->RunTest("unconstrained-root-bad-eku.pem"); } TYPED_TEST_P(VerifyCertificateChainSingleRootTest, IssuerAndSubjectNotByteForByteEqual) { this->RunTest("issuer-and-subject-not-byte-for-byte-equal.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - IssuerAndSubjectNotByteForByteEqualAnchor) { this->RunTest("issuer-and-subject-not-byte-for-byte-equal-anchor.pem"); } -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - ViolatesPathlen1UnconstrainedRoot) { - this->RunTest("violates-pathlen-1-unconstrained-root.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - ViolatesPathlen1ConstrainedRoot) { - this->RunTest("violates-pathlen-1-constrained-root.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, NonSelfSignedRoot) { +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, TrustAnchorNotSelfSigned) { this->RunTest("non-self-signed-root.pem"); + this->RunTest("unconstrained-non-self-signed-root.pem"); + this->RunTest("constrained-non-self-signed-root.pem"); } -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, KeyRolloverOldChain) { +TYPED_TEST_P(VerifyCertificateChainSingleRootTest, KeyRollover) { this->RunTest("key-rollover-oldchain.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, KeyRolloverRolloverChain) { this->RunTest("key-rollover-rolloverchain.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - KeyRolloverLongRolloverChain) { this->RunTest("key-rollover-longrolloverchain.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, KeyRolloverNewChain) { this->RunTest("key-rollover-newchain.pem"); } -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, IncorrectTrustAnchor) { - this->RunTest("incorrect-trust-anchor.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - UnconstrainedRootLacksBasicConstraints) { - this->RunTest("unconstrained-root-lacks-basic-constraints.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - ConstrainedRootLacksBasicConstraints) { - this->RunTest("constrained-root-lacks-basic-constraints.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - UnconstrainedRootBasicConstraintsCaFalse) { - this->RunTest("unconstrained-root-basic-constraints-ca-false.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - ConstrainedRootBasicConstraintsCaFalse) { - this->RunTest("constrained-root-basic-constraints-ca-false.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - UnconstrainedNonSelfSignedRoot) { - this->RunTest("unconstrained-non-self-signed-root.pem"); -} - -TYPED_TEST_P(VerifyCertificateChainSingleRootTest, - ConstrainedNonSelfSignedRoot) { - this->RunTest("constrained-non-self-signed-root.pem"); -} - // TODO(eroman): Add test that invalid validity dates where the day or month // ordinal not in range, like "March 39, 2016" are rejected. REGISTER_TYPED_TEST_CASE_P(VerifyCertificateChainSingleRootTest, - TargetAndIntermediate, - IntermediateLacksBasicConstraints, - IntermediateBasicConstraintsCaFalse, - IntermediateBasicConstraintsNotCritical, - IntermediateLacksSigningKeyUsage, - IntermediateUnknownCriticalExtension, - IntermediateUnknownNonCriticalExtension, - ViolatesBasicConstraintsPathlen0, - BasicConstraintsPathlen0SelfIssued, - TargetSignedWithMd5, - IntermediateSignedWithMd5, - TargetWrongSignature, + Simple, + BasicConstraintsCa, + BasicConstraintsPathlen, + UnknownExtension, + Md5, + WrongSignature, TargetSignedBy512bitRsa, TargetSignedUsingEcdsa, - ExpiredIntermediate, - ExpiredTarget, - ExpiredTargetNotBefore, - ExpiredUnconstrainedRoot, - ExpiredConstrainedRoot, + Expired, TargetNotEndEntity, - TargetHasKeyCertSignButNotCa, - TargetHasPathlenButNotCa, - TargetUnknownCriticalExtension, + KeyUsage, + ExtendedKeyUsage, IssuerAndSubjectNotByteForByteEqual, - IssuerAndSubjectNotByteForByteEqualAnchor, - ViolatesPathlen1UnconstrainedRoot, - ViolatesPathlen1ConstrainedRoot, - NonSelfSignedRoot, - KeyRolloverOldChain, - KeyRolloverRolloverChain, - KeyRolloverLongRolloverChain, - KeyRolloverNewChain, - IncorrectTrustAnchor, - UnconstrainedRootLacksBasicConstraints, - ConstrainedRootLacksBasicConstraints, - UnconstrainedRootBasicConstraintsCaFalse, - ConstrainedRootBasicConstraintsCaFalse, - UnconstrainedNonSelfSignedRoot, - ConstrainedNonSelfSignedRoot); + TrustAnchorNotSelfSigned, + KeyRollover); } // namespace net diff --git a/chromium/net/cert/internal/verify_certificate_chain_unittest.cc b/chromium/net/cert/internal/verify_certificate_chain_unittest.cc index ec5f637a5a5..62d3b3b3bbe 100644 --- a/chromium/net/cert/internal/verify_certificate_chain_unittest.cc +++ b/chromium/net/cert/internal/verify_certificate_chain_unittest.cc @@ -14,24 +14,20 @@ namespace { class VerifyCertificateChainDelegate { public: - static void Verify(const ParsedCertificateList& chain, - const scoped_refptr<TrustAnchor>& trust_anchor, - const der::GeneralizedTime& time, - bool expected_result, - const std::string& expected_errors, + static void Verify(const VerifyCertChainTest& test, const std::string& test_file_path) { - ASSERT_TRUE(trust_anchor); + ASSERT_TRUE(test.trust_anchor); SimpleSignaturePolicy signature_policy(1024); - CertErrors errors; - bool result = VerifyCertificateChain(chain, trust_anchor.get(), - &signature_policy, time, &errors); - EXPECT_EQ(expected_result, result); - EXPECT_EQ(expected_errors, errors.ToDebugString()) << "Test file: " - << test_file_path; - if (!result) - EXPECT_FALSE(errors.empty()); + CertPathErrors errors; + bool result = VerifyCertificateChain(test.chain, test.trust_anchor.get(), + &signature_policy, test.time, + test.key_purpose, &errors); + EXPECT_EQ(test.expected_result, result); + EXPECT_EQ(test.expected_errors, errors.ToDebugString(test.chain)) + << "Test file: " << test_file_path; + EXPECT_EQ(result, !errors.ContainsHighSeverityErrors()); } }; diff --git a/chromium/net/cert/nss_cert_database.cc b/chromium/net/cert/nss_cert_database.cc index 7a580d6b28e..2b90e008f29 100644 --- a/chromium/net/cert/nss_cert_database.cc +++ b/chromium/net/cert/nss_cert_database.cc @@ -22,7 +22,6 @@ #include "base/task_runner_util.h" #include "base/threading/worker_pool.h" #include "crypto/scoped_nss_types.h" -#include "net/base/crypto_module.h" #include "net/base/net_errors.h" #include "net/cert/cert_database.h" #include "net/cert/x509_certificate.h" @@ -421,8 +420,13 @@ void NSSCertDatabase::ListCertsImpl(crypto::ScopedPK11Slot slot, CERTCertListNode* node; for (node = CERT_LIST_HEAD(cert_list); !CERT_LIST_END(node, cert_list); node = CERT_LIST_NEXT(node)) { - certs->push_back(X509Certificate::CreateFromHandle( - node->cert, X509Certificate::OSCertHandles())); + scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( + node->cert, X509Certificate::OSCertHandles()); + if (!cert) { + LOG(ERROR) << "X509Certificate::CreateFromHandle failed"; + continue; + } + certs->push_back(cert); } CERT_DestroyCertList(cert_list); } diff --git a/chromium/net/cert/nss_cert_database_chromeos.cc b/chromium/net/cert/nss_cert_database_chromeos.cc index 9f4f9161c9c..a3b0c4cb089 100644 --- a/chromium/net/cert/nss_cert_database_chromeos.cc +++ b/chromium/net/cert/nss_cert_database_chromeos.cc @@ -14,8 +14,8 @@ #include "base/bind.h" #include "base/callback.h" #include "base/location.h" +#include "base/stl_util.h" #include "base/task_runner.h" -#include "net/base/crypto_module.h" #include "net/cert/x509_certificate.h" namespace net { @@ -67,13 +67,9 @@ void NSSCertDatabaseChromeOS::ListModules( NSSCertDatabase::ListModules(modules, need_rw); size_t pre_size = modules->size(); - modules->erase( - std::remove_if( - modules->begin(), - modules->end(), - NSSProfileFilterChromeOS::ModuleNotAllowedForProfilePredicate( - profile_filter_)), - modules->end()); + base::EraseIf(*modules, + NSSProfileFilterChromeOS::ModuleNotAllowedForProfilePredicate( + profile_filter_)); DVLOG(1) << "filtered " << pre_size - modules->size() << " of " << pre_size << " modules"; } @@ -84,12 +80,9 @@ void NSSCertDatabaseChromeOS::ListCertsImpl( NSSCertDatabase::ListCertsImpl(crypto::ScopedPK11Slot(), certs); size_t pre_size = certs->size(); - certs->erase(std::remove_if( - certs->begin(), - certs->end(), - NSSProfileFilterChromeOS::CertNotAllowedForProfilePredicate( - profile_filter)), - certs->end()); + base::EraseIf(*certs, + NSSProfileFilterChromeOS::CertNotAllowedForProfilePredicate( + profile_filter)); DVLOG(1) << "filtered " << pre_size - certs->size() << " of " << pre_size << " certs"; } diff --git a/chromium/net/cert/nss_cert_database_unittest.cc b/chromium/net/cert/nss_cert_database_unittest.cc index 235ea44cc0d..2bcda9e35aa 100644 --- a/chromium/net/cert/nss_cert_database_unittest.cc +++ b/chromium/net/cert/nss_cert_database_unittest.cc @@ -22,7 +22,6 @@ #include "base/threading/thread_task_runner_handle.h" #include "crypto/scoped_nss_types.h" #include "crypto/scoped_test_nss_db.h" -#include "net/base/crypto_module.h" #include "net/base/hash_value.h" #include "net/base/net_errors.h" #include "net/cert/cert_status_flags.h" @@ -108,8 +107,13 @@ class CertDatabaseNSSTest : public testing::Test { for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); !CERT_LIST_END(node, cert_list); node = CERT_LIST_NEXT(node)) { - result.push_back(X509Certificate::CreateFromHandle( - node->cert, X509Certificate::OSCertHandles())); + scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( + node->cert, X509Certificate::OSCertHandles()); + if (!cert) { + ADD_FAILURE() << "X509Certificate::CreateFromHandle failed"; + continue; + } + result.push_back(cert); } CERT_DestroyCertList(cert_list); diff --git a/chromium/net/cert/nss_profile_filter_chromeos_unittest.cc b/chromium/net/cert/nss_profile_filter_chromeos_unittest.cc index 2de8039f5fe..2443ed33dde 100644 --- a/chromium/net/cert/nss_profile_filter_chromeos_unittest.cc +++ b/chromium/net/cert/nss_profile_filter_chromeos_unittest.cc @@ -46,8 +46,13 @@ CertificateList ListCertsInSlot(PK11SlotInfo* slot) { for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); !CERT_LIST_END(node, cert_list); node = CERT_LIST_NEXT(node)) { - result.push_back(X509Certificate::CreateFromHandle( - node->cert, X509Certificate::OSCertHandles())); + scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( + node->cert, X509Certificate::OSCertHandles()); + if (!cert) { + ADD_FAILURE() << "X509Certificate::CreateFromHandle failed"; + continue; + } + result.push_back(cert); } CERT_DestroyCertList(cert_list); diff --git a/chromium/net/cert/test_root_certs.h b/chromium/net/cert/test_root_certs.h index c403deac25f..6fa22c1ea00 100644 --- a/chromium/net/cert/test_root_certs.h +++ b/chromium/net/cert/test_root_certs.h @@ -67,7 +67,7 @@ class NET_EXPORT TestRootCerts { #if defined(USE_NSS_CERTS) bool Contains(CERTCertificate* cert) const; -#elif defined(OS_MACOSX) && !defined(USE_NSS_CERTS) +#elif defined(OS_MACOSX) CFArrayRef temporary_roots() const { return temporary_roots_; } // Modifies the root certificates of |trust_ref| to include the @@ -94,7 +94,7 @@ class NET_EXPORT TestRootCerts { #endif private: - friend struct base::DefaultLazyInstanceTraits<TestRootCerts>; + friend struct base::LazyInstanceTraitsBase<TestRootCerts>; TestRootCerts(); ~TestRootCerts(); diff --git a/chromium/net/cert/test_root_certs_mac.cc b/chromium/net/cert/test_root_certs_mac.cc index af1e9c18dbe..f3a51e1f59c 100644 --- a/chromium/net/cert/test_root_certs_mac.cc +++ b/chromium/net/cert/test_root_certs_mac.cc @@ -9,49 +9,25 @@ #include "base/logging.h" #include "net/cert/x509_certificate.h" -namespace net { - -namespace { - -typedef OSStatus (*SecTrustSetAnchorCertificatesOnlyFuncPtr)(SecTrustRef, - Boolean); - -Boolean OurSecCertificateEqual(const void* value1, const void* value2) { - if (CFGetTypeID(value1) != SecCertificateGetTypeID() || - CFGetTypeID(value2) != SecCertificateGetTypeID()) - return CFEqual(value1, value2); - return X509Certificate::IsSameOSCert( - reinterpret_cast<SecCertificateRef>(const_cast<void*>(value1)), - reinterpret_cast<SecCertificateRef>(const_cast<void*>(value2))); -} - -const void* RetainWrapper(CFAllocatorRef unused, const void* value) { - return CFRetain(value); -} - -void ReleaseWrapper(CFAllocatorRef unused, const void* value) { - CFRelease(value); -} +#if defined(OS_IOS) +#include "net/cert/x509_util_ios.h" +#else +#include "net/cert/x509_util_mac.h" +#endif -// CFEqual prior to 10.6 only performed pointer checks on SecCertificateRefs, -// rather than checking if they were the same (logical) certificate, so a -// custom structure is used for the array callbacks. -const CFArrayCallBacks kCertArrayCallbacks = { - 0, // version - RetainWrapper, - ReleaseWrapper, - CFCopyDescription, - OurSecCertificateEqual, -}; - -} // namespace +namespace net { bool TestRootCerts::Add(X509Certificate* certificate) { + base::ScopedCFTypeRef<SecCertificateRef> os_cert( + x509_util::CreateSecCertificateFromX509Certificate(certificate)); + if (!os_cert) + return false; + if (CFArrayContainsValue(temporary_roots_, CFRangeMake(0, CFArrayGetCount(temporary_roots_)), - certificate->os_cert_handle())) + os_cert.get())) return true; - CFArrayAppendValue(temporary_roots_, certificate->os_cert_handle()); + CFArrayAppendValue(temporary_roots_, os_cert.get()); return true; } @@ -80,8 +56,8 @@ void TestRootCerts::SetAllowSystemTrust(bool allow_system_trust) { TestRootCerts::~TestRootCerts() {} void TestRootCerts::Init() { - temporary_roots_.reset(CFArrayCreateMutable(kCFAllocatorDefault, 0, - &kCertArrayCallbacks)); + temporary_roots_.reset( + CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks)); allow_system_trust_ = true; } diff --git a/chromium/net/cert/test_root_certs_nss.cc b/chromium/net/cert/test_root_certs_nss.cc index afa37f13ea2..6f9cc8ad501 100644 --- a/chromium/net/cert/test_root_certs_nss.cc +++ b/chromium/net/cert/test_root_certs_nss.cc @@ -12,10 +12,6 @@ #include "crypto/nss_util.h" #include "net/cert/x509_certificate.h" -#if defined(OS_IOS) -#include "net/cert/x509_util_ios.h" -#endif - namespace net { @@ -30,12 +26,7 @@ TestRootCerts::TrustEntry::~TrustEntry() { } bool TestRootCerts::Add(X509Certificate* certificate) { -#if defined(OS_IOS) - x509_util_ios::NSSCertificate nss_certificate(certificate->os_cert_handle()); - CERTCertificate* cert_handle = nss_certificate.cert_handle(); -#else CERTCertificate* cert_handle = certificate->os_cert_handle(); -#endif // Preserve the original trust bits so that they can be restored when // the certificate is removed. CERTCertTrust original_trust; @@ -92,7 +83,6 @@ bool TestRootCerts::IsEmpty() const { return trust_cache_.empty(); } -#if defined(USE_NSS_CERTS) bool TestRootCerts::Contains(CERTCertificate* cert) const { for (const auto& item : trust_cache_) if (X509Certificate::IsSameOSCert(cert, item->certificate())) @@ -100,7 +90,6 @@ bool TestRootCerts::Contains(CERTCertificate* cert) const { return false; } -#endif TestRootCerts::~TestRootCerts() { Clear(); diff --git a/chromium/net/cert/test_root_certs_win.cc b/chromium/net/cert/test_root_certs_win.cc index 8535725cb4b..e13f173b832 100644 --- a/chromium/net/cert/test_root_certs_win.cc +++ b/chromium/net/cert/test_root_certs_win.cc @@ -41,7 +41,7 @@ struct CryptoAPIInjector { HCRYPTOIDFUNCADDR original_handle; private: - friend struct base::DefaultLazyInstanceTraits<CryptoAPIInjector>; + friend struct base::LazyInstanceTraitsBase<CryptoAPIInjector>; CryptoAPIInjector() : original_function(NULL), diff --git a/chromium/net/cert/x509_certificate.cc b/chromium/net/cert/x509_certificate.cc index 782f4a4c0fa..cf5d2f6222e 100644 --- a/chromium/net/cert/x509_certificate.cc +++ b/chromium/net/cert/x509_certificate.cc @@ -48,7 +48,7 @@ const char kCertificateHeader[] = "CERTIFICATE"; // The PEM block header used for PKCS#7 data const char kPKCS7Header[] = "PKCS7"; -#if !defined(USE_NSS_CERTS) +#if !defined(USE_NSS_CERTS) && !BUILDFLAG(USE_BYTE_CERTS) // A thread-safe cache for OS certificate handles. // // Within each of the supported underlying crypto libraries, a certificate @@ -102,7 +102,7 @@ class X509CertificateCache { // Obtain an instance of X509CertificateCache via a LazyInstance. X509CertificateCache() {} ~X509CertificateCache() {} - friend struct base::DefaultLazyInstanceTraits<X509CertificateCache>; + friend struct base::LazyInstanceTraitsBase<X509CertificateCache>; // You must acquire this lock before using any private data of this object // You must not block while holding this lock. @@ -189,19 +189,20 @@ void X509CertificateCache::Remove(X509Certificate::OSCertHandle cert_handle) { cache_.erase(pos); } } -#endif // !defined(USE_NSS_CERTS) +#endif // !defined(USE_NSS_CERTS) && !BUILDFLAG(USE_BYTE_CERTS) // See X509CertificateCache::InsertOrUpdate. NSS has a built-in cache, so there -// is no point in wrapping another cache around it. +// is no point in wrapping another cache around it. With USE_BYTE_CERTS, the +// CYRPTO_BUFFERs are deduped by a CRYPTO_BUFFER_POOL. void InsertOrUpdateCache(X509Certificate::OSCertHandle* cert_handle) { -#if !defined(USE_NSS_CERTS) +#if !defined(USE_NSS_CERTS) && !BUILDFLAG(USE_BYTE_CERTS) g_x509_certificate_cache.Pointer()->InsertOrUpdate(cert_handle); #endif } // See X509CertificateCache::Remove. void RemoveFromCache(X509Certificate::OSCertHandle cert_handle) { -#if !defined(USE_NSS_CERTS) +#if !defined(USE_NSS_CERTS) && !BUILDFLAG(USE_BYTE_CERTS) g_x509_certificate_cache.Pointer()->Remove(cert_handle); #endif } @@ -230,7 +231,11 @@ scoped_refptr<X509Certificate> X509Certificate::CreateFromHandle( OSCertHandle cert_handle, const OSCertHandles& intermediates) { DCHECK(cert_handle); - return new X509Certificate(cert_handle, intermediates); + scoped_refptr<X509Certificate> cert( + new X509Certificate(cert_handle, intermediates)); + if (!cert->os_cert_handle()) + return nullptr; // Initialize() failed. + return cert; } // static @@ -445,7 +450,10 @@ CertificateList X509Certificate::CreateCertificateListFromBytes( for (OSCertHandles::iterator it = certificates.begin(); it != certificates.end(); ++it) { - results.push_back(CreateFromHandle(*it, OSCertHandles())); + scoped_refptr<X509Certificate> cert = + CreateFromHandle(*it, OSCertHandles()); + if (cert) + results.push_back(std::move(cert)); FreeOSCertHandle(*it); } @@ -711,7 +719,12 @@ X509Certificate::X509Certificate(OSCertHandle cert_handle, intermediate_ca_certs_.push_back(intermediate); } // Platform-specific initialization. - Initialize(); + if (!Initialize() && cert_handle_) { + // Signal initialization failure by clearing cert_handle_. + RemoveFromCache(cert_handle_); + FreeOSCertHandle(cert_handle_); + cert_handle_ = nullptr; + } } X509Certificate::~X509Certificate() { diff --git a/chromium/net/cert/x509_certificate.h b/chromium/net/cert/x509_certificate.h index e11f1042b12..0cb93b5adb7 100644 --- a/chromium/net/cert/x509_certificate.h +++ b/chromium/net/cert/x509_certificate.h @@ -19,8 +19,11 @@ #include "net/base/net_export.h" #include "net/cert/cert_type.h" #include "net/cert/x509_cert_types.h" +#include "net/net_features.h" -#if defined(OS_WIN) +#if BUILDFLAG(USE_BYTE_CERTS) +#include "third_party/boringssl/src/include/openssl/base.h" +#elif defined(OS_WIN) #include <windows.h> #include "crypto/wincrypt_shim.h" #elif defined(OS_MACOSX) @@ -56,7 +59,11 @@ class NET_EXPORT X509Certificate // An OSCertHandle is a handle to a certificate object in the underlying // crypto library. We assume that OSCertHandle is a pointer type on all // platforms and that NULL represents an invalid OSCertHandle. -#if defined(OS_WIN) +#if BUILDFLAG(USE_BYTE_CERTS) + // TODO(mattm): Remove OSCertHandle type and clean up the interfaces once all + // platforms use the CRYPTO_BUFFER version. + typedef CRYPTO_BUFFER* OSCertHandle; +#elif defined(OS_WIN) typedef PCCERT_CONTEXT OSCertHandle; #elif defined(OS_MACOSX) typedef SecCertificateRef OSCertHandle; @@ -127,7 +134,11 @@ class NET_EXPORT X509Certificate }; // Create an X509Certificate from a handle to the certificate object in the - // underlying crypto library. + // underlying crypto library. Returns NULL on failure to parse or extract + // data from the the certificate. Note that this does not guarantee the + // certificate is fully parsed and validated, only that the members of this + // class, such as subject, issuer, expiry times, and serial number, could be + // successfully initialized from the certificate. static scoped_refptr<X509Certificate> CreateFromHandle( OSCertHandle cert_handle, const OSCertHandles& intermediates); @@ -220,10 +231,7 @@ class NET_EXPORT X509Certificate return intermediate_ca_certs_; } -#if defined(OS_MACOSX) - // Does this certificate's usage allow SSL client authentication? - bool SupportsSSLClientAuth() const; - +#if defined(OS_IOS) // Returns a new CFMutableArrayRef containing this certificate and its // intermediate certificates in the form expected by Security.framework // and Keychain Services, or NULL on failure. @@ -391,7 +399,7 @@ class NET_EXPORT X509Certificate ~X509Certificate(); // Common object initialization code. Called by the constructors only. - void Initialize(); + bool Initialize(); #if defined(USE_OPENSSL_CERTS) // Resets the store returned by cert_store() to default state. Used by diff --git a/chromium/net/cert/x509_certificate_bytes.cc b/chromium/net/cert/x509_certificate_bytes.cc new file mode 100644 index 00000000000..ef4e006713f --- /dev/null +++ b/chromium/net/cert/x509_certificate_bytes.cc @@ -0,0 +1,491 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/cert/x509_certificate.h" + +#include "base/numerics/safe_conversions.h" +#include "base/pickle.h" +#include "crypto/openssl_util.h" +#include "net/base/ip_address.h" +#include "net/cert/asn1_util.h" +#include "net/cert/internal/cert_errors.h" +#include "net/cert/internal/name_constraints.h" +#include "net/cert/internal/parse_name.h" +#include "net/cert/internal/parsed_certificate.h" +#include "net/cert/internal/signature_policy.h" +#include "net/cert/internal/verify_name_match.h" +#include "net/cert/internal/verify_signed_data.h" +#include "net/cert/x509_util.h" +#include "net/cert/x509_util_openssl.h" +#include "net/der/parser.h" +#include "third_party/boringssl/src/include/openssl/evp.h" +#include "third_party/boringssl/src/include/openssl/pool.h" +#include "third_party/boringssl/src/include/openssl/sha.h" + +namespace net { + +namespace { + +// Converts a GeneralizedTime struct to a base::Time, returning true on success +// or false if |generalized| was invalid or cannot be represented by +// base::Time. +bool GeneralizedTimeToBaseTime(const der::GeneralizedTime& generalized, + base::Time* result) { + base::Time::Exploded exploded = {0}; + exploded.year = generalized.year; + exploded.month = generalized.month; + exploded.day_of_month = generalized.day; + exploded.hour = generalized.hours; + exploded.minute = generalized.minutes; + exploded.second = generalized.seconds; + return base::Time::FromUTCExploded(exploded, result); +} + +ParseCertificateOptions DefaultParseCertificateOptions() { + ParseCertificateOptions options; + options.allow_invalid_serial_numbers = true; + return options; +} + +// Sets |value| to the Value from a DER Sequence Tag-Length-Value and return +// true, or return false if the TLV was not a valid DER Sequence. +WARN_UNUSED_RESULT bool GetSequenceValue(const der::Input& tlv, + der::Input* value) { + der::Parser parser(tlv); + return parser.ReadTag(der::kSequence, value) && !parser.HasMore(); +} + +// Normalize |cert|'s Issuer and store it in |out_normalized_issuer|, returning +// true on success or false if there was a parsing error. +bool GetNormalizedCertIssuer(CRYPTO_BUFFER* cert, + std::string* out_normalized_issuer) { + der::Input tbs_certificate_tlv; + der::Input signature_algorithm_tlv; + der::BitString signature_value; + if (!ParseCertificate( + der::Input(CRYPTO_BUFFER_data(cert), CRYPTO_BUFFER_len(cert)), + &tbs_certificate_tlv, &signature_algorithm_tlv, &signature_value, + nullptr)) { + return false; + } + ParsedTbsCertificate tbs; + if (!ParseTbsCertificate(tbs_certificate_tlv, + DefaultParseCertificateOptions(), &tbs, nullptr)) + return false; + + der::Input issuer_value; + if (!GetSequenceValue(tbs.issuer_tlv, &issuer_value)) + return false; + + return NormalizeName(issuer_value, out_normalized_issuer); +} + +// Fills |principal| from the DER encoded |name_tlv|, returning true on success +// or false if parsing failed or some of the values could not be converted to +// UTF-8. +bool ParsePrincipal(const der::Input& name_tlv, CertPrincipal* principal) { + RDNSequence rdns; + if (!ParseName(name_tlv, &rdns)) + return false; + + for (const RelativeDistinguishedName& rdn : rdns) { + for (const X509NameAttribute& name_attribute : rdn) { + if (name_attribute.type == TypeCommonNameOid()) { + if (principal->common_name.empty() && + !name_attribute.ValueAsString(&principal->common_name)) { + return false; + } + } else if (name_attribute.type == TypeLocalityNameOid()) { + if (principal->locality_name.empty() && + !name_attribute.ValueAsString(&principal->locality_name)) { + return false; + } + } else if (name_attribute.type == TypeStateOrProvinceNameOid()) { + if (principal->state_or_province_name.empty() && + !name_attribute.ValueAsString(&principal->state_or_province_name)) { + return false; + } + } else if (name_attribute.type == TypeCountryNameOid()) { + if (principal->country_name.empty() && + !name_attribute.ValueAsString(&principal->country_name)) { + return false; + } + } else if (name_attribute.type == TypeStreetAddressOid()) { + std::string s; + if (!name_attribute.ValueAsString(&s)) + return false; + principal->street_addresses.push_back(s); + } else if (name_attribute.type == TypeOrganizationNameOid()) { + std::string s; + if (!name_attribute.ValueAsString(&s)) + return false; + principal->organization_names.push_back(s); + } else if (name_attribute.type == TypeOrganizationUnitNameOid()) { + std::string s; + if (!name_attribute.ValueAsString(&s)) + return false; + principal->organization_unit_names.push_back(s); + } else if (name_attribute.type == TypeDomainComponentOid()) { + std::string s; + if (!name_attribute.ValueAsString(&s)) + return false; + principal->domain_components.push_back(s); + } + } + } + return true; +} + +// Parses certificates from a PKCS#7 SignedData structure, appending them to +// |handles|. +void CreateOSCertHandlesFromPKCS7Bytes( + const char* data, + size_t length, + X509Certificate::OSCertHandles* handles) { + crypto::EnsureOpenSSLInit(); + crypto::OpenSSLErrStackTracer err_cleaner(FROM_HERE); + + CBS der_data; + CBS_init(&der_data, reinterpret_cast<const uint8_t*>(data), length); + STACK_OF(X509)* certs = sk_X509_new_null(); + + if (PKCS7_get_certificates(certs, &der_data)) { + for (size_t i = 0; i < sk_X509_num(certs); ++i) { + base::StringPiece stringpiece; + x509_util::GetDER(sk_X509_value(certs, i), &stringpiece); + handles->push_back(x509_util::CreateCryptoBuffer(stringpiece).release()); + } + } + sk_X509_pop_free(certs, X509_free); +} + +} // namespace + +bool X509Certificate::Initialize() { + der::Input tbs_certificate_tlv; + der::Input signature_algorithm_tlv; + der::BitString signature_value; + + if (!ParseCertificate(der::Input(CRYPTO_BUFFER_data(cert_handle_), + CRYPTO_BUFFER_len(cert_handle_)), + &tbs_certificate_tlv, &signature_algorithm_tlv, + &signature_value, nullptr)) { + return false; + } + + ParsedTbsCertificate tbs; + if (!ParseTbsCertificate(tbs_certificate_tlv, + DefaultParseCertificateOptions(), &tbs, nullptr)) + return false; + + if (!ParsePrincipal(tbs.subject_tlv, &subject_) || + !ParsePrincipal(tbs.issuer_tlv, &issuer_)) { + return false; + } + + if (!GeneralizedTimeToBaseTime(tbs.validity_not_before, &valid_start_) || + !GeneralizedTimeToBaseTime(tbs.validity_not_after, &valid_expiry_)) { + return false; + } + serial_number_ = tbs.serial_number.AsString(); + return true; +} + +bool X509Certificate::GetSubjectAltName( + std::vector<std::string>* dns_names, + std::vector<std::string>* ip_addrs) const { + if (dns_names) + dns_names->clear(); + if (ip_addrs) + ip_addrs->clear(); + + der::Input tbs_certificate_tlv; + der::Input signature_algorithm_tlv; + der::BitString signature_value; + if (!ParseCertificate(der::Input(CRYPTO_BUFFER_data(cert_handle_), + CRYPTO_BUFFER_len(cert_handle_)), + &tbs_certificate_tlv, &signature_algorithm_tlv, + &signature_value, nullptr)) { + return false; + } + + ParsedTbsCertificate tbs; + if (!ParseTbsCertificate(tbs_certificate_tlv, + DefaultParseCertificateOptions(), &tbs, nullptr)) + return false; + if (!tbs.has_extensions) + return false; + + std::map<der::Input, ParsedExtension> extensions; + if (!ParseExtensions(tbs.extensions_tlv, &extensions)) + return false; + + ParsedExtension subject_alt_names_extension; + if (!ConsumeExtension(SubjectAltNameOid(), &extensions, + &subject_alt_names_extension)) { + return false; + } + + std::unique_ptr<GeneralNames> subject_alt_names = + GeneralNames::Create(subject_alt_names_extension.value); + if (!subject_alt_names) + return false; + + if (dns_names) + *dns_names = subject_alt_names->dns_names; + if (ip_addrs) { + for (const IPAddress& addr : subject_alt_names->ip_addresses) { + ip_addrs->push_back( + std::string(reinterpret_cast<const char*>(addr.bytes().data()), + addr.bytes().size())); + } + } + + return !subject_alt_names->dns_names.empty() || + !subject_alt_names->ip_addresses.empty(); +} + +bool X509Certificate::IsIssuedByEncoded( + const std::vector<std::string>& valid_issuers) { + std::vector<std::string> normalized_issuers; + for (const auto& raw_issuer : valid_issuers) { + der::Input issuer_value; + std::string normalized_issuer; + if (!GetSequenceValue(der::Input(&raw_issuer), &issuer_value) || + !NormalizeName(issuer_value, &normalized_issuer)) { + continue; + } + normalized_issuers.push_back(std::move(normalized_issuer)); + } + + std::string normalized_cert_issuer; + if (!GetNormalizedCertIssuer(cert_handle_, &normalized_cert_issuer)) + return false; + if (std::find(normalized_issuers.begin(), normalized_issuers.end(), + normalized_cert_issuer) != normalized_issuers.end()) + return true; + + for (CRYPTO_BUFFER* intermediate : intermediate_ca_certs_) { + if (!GetNormalizedCertIssuer(intermediate, &normalized_cert_issuer)) + return false; + if (std::find(normalized_issuers.begin(), normalized_issuers.end(), + normalized_cert_issuer) != normalized_issuers.end()) + return true; + } + return false; +} + +// static +bool X509Certificate::GetDEREncoded(X509Certificate::OSCertHandle cert_handle, + std::string* encoded) { + if (!cert_handle) + return false; + encoded->assign( + reinterpret_cast<const char*>(CRYPTO_BUFFER_data(cert_handle)), + CRYPTO_BUFFER_len(cert_handle)); + return true; +} + +// static +void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle, + size_t* size_bits, + PublicKeyType* type) { + *type = kPublicKeyTypeUnknown; + *size_bits = 0; + + base::StringPiece spki; + if (!asn1::ExtractSPKIFromDERCert( + base::StringPiece( + reinterpret_cast<const char*>(CRYPTO_BUFFER_data(cert_handle)), + CRYPTO_BUFFER_len(cert_handle)), + &spki)) { + return; + } + + bssl::UniquePtr<EVP_PKEY> pkey; + crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); + CBS cbs; + CBS_init(&cbs, reinterpret_cast<const uint8_t*>(spki.data()), spki.size()); + pkey.reset(EVP_parse_public_key(&cbs)); + if (!pkey) + return; + + switch (pkey->type) { + case EVP_PKEY_RSA: + *type = kPublicKeyTypeRSA; + break; + case EVP_PKEY_DSA: + *type = kPublicKeyTypeDSA; + break; + case EVP_PKEY_EC: + *type = kPublicKeyTypeECDSA; + break; + case EVP_PKEY_DH: + *type = kPublicKeyTypeDH; + break; + } + *size_bits = base::saturated_cast<size_t>(EVP_PKEY_bits(pkey.get())); +} + +// static +bool X509Certificate::IsSameOSCert(X509Certificate::OSCertHandle a, + X509Certificate::OSCertHandle b) { + DCHECK(a && b); + if (a == b) + return true; + return CRYPTO_BUFFER_len(a) == CRYPTO_BUFFER_len(b) && + memcmp(CRYPTO_BUFFER_data(a), CRYPTO_BUFFER_data(b), + CRYPTO_BUFFER_len(a)) == 0; +} + +// static +X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( + const char* data, + size_t length) { + der::Input tbs_certificate_tlv; + der::Input signature_algorithm_tlv; + der::BitString signature_value; + // Do a bare minimum of DER parsing here to make sure the input is not + // completely crazy. (This is required for at least + // CreateCertificateListFromBytes with FORMAT_AUTO, if not more.) + if (!ParseCertificate( + der::Input(reinterpret_cast<const uint8_t*>(data), length), + &tbs_certificate_tlv, &signature_algorithm_tlv, &signature_value, + nullptr)) { + return nullptr; + } + + return CRYPTO_BUFFER_new(reinterpret_cast<const uint8_t*>(data), length, + x509_util::GetBufferPool()); +} + +// static +X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes( + const char* data, + size_t length, + Format format) { + OSCertHandles results; + + switch (format) { + case FORMAT_SINGLE_CERTIFICATE: { + OSCertHandle handle = CreateOSCertHandleFromBytes(data, length); + if (handle) + results.push_back(handle); + break; + } + case FORMAT_PKCS7: { + CreateOSCertHandlesFromPKCS7Bytes(data, length, &results); + break; + } + default: { + NOTREACHED() << "Certificate format " << format << " unimplemented"; + break; + } + } + + return results; +} + +// static +X509Certificate::OSCertHandle X509Certificate::DupOSCertHandle( + OSCertHandle cert_handle) { + CRYPTO_BUFFER_up_ref(cert_handle); + return cert_handle; +} + +// static +void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { + CRYPTO_BUFFER_free(cert_handle); +} + +// static +SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { + SHA256HashValue sha256; + + SHA256(CRYPTO_BUFFER_data(cert), CRYPTO_BUFFER_len(cert), sha256.data); + return sha256; +} + +// static +SHA256HashValue X509Certificate::CalculateCAFingerprint256( + const OSCertHandles& intermediates) { + SHA256HashValue sha256; + memset(sha256.data, 0, sizeof(sha256.data)); + + SHA256_CTX sha256_ctx; + SHA256_Init(&sha256_ctx); + for (CRYPTO_BUFFER* cert : intermediates) { + SHA256_Update(&sha256_ctx, CRYPTO_BUFFER_data(cert), + CRYPTO_BUFFER_len(cert)); + } + SHA256_Final(sha256.data, &sha256_ctx); + + return sha256; +} + +// static +bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) { + der::Input tbs_certificate_tlv; + der::Input signature_algorithm_tlv; + der::BitString signature_value; + if (!ParseCertificate(der::Input(CRYPTO_BUFFER_data(cert_handle), + CRYPTO_BUFFER_len(cert_handle)), + &tbs_certificate_tlv, &signature_algorithm_tlv, + &signature_value, nullptr)) { + return false; + } + ParsedTbsCertificate tbs; + if (!ParseTbsCertificate(tbs_certificate_tlv, + DefaultParseCertificateOptions(), &tbs, nullptr)) { + return false; + } + + der::Input subject_value; + std::string normalized_subject; + if (!GetSequenceValue(tbs.subject_tlv, &subject_value) || + !NormalizeName(subject_value, &normalized_subject)) { + return false; + } + der::Input issuer_value; + std::string normalized_issuer; + if (!GetSequenceValue(tbs.issuer_tlv, &issuer_value) || + !NormalizeName(issuer_value, &normalized_issuer)) { + return false; + } + + if (normalized_subject != normalized_issuer) + return false; + + std::unique_ptr<SignatureAlgorithm> signature_algorithm = + SignatureAlgorithm::Create(signature_algorithm_tlv, nullptr /* errors */); + if (!signature_algorithm) + return false; + + SimpleSignaturePolicy signature_policy(1024); + CertErrors unused_errors; + return VerifySignedData(*signature_algorithm, tbs_certificate_tlv, + signature_value, tbs.spki_tlv, &signature_policy, + &unused_errors); +} + +// static +X509Certificate::OSCertHandle X509Certificate::ReadOSCertHandleFromPickle( + base::PickleIterator* pickle_iter) { + const char* data; + int length; + if (!pickle_iter->ReadData(&data, &length)) + return NULL; + + return CreateOSCertHandleFromBytes(data, length); +} + +// static +bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle, + base::Pickle* pickle) { + return pickle->WriteData( + reinterpret_cast<const char*>(CRYPTO_BUFFER_data(cert_handle)), + CRYPTO_BUFFER_len(cert_handle)); +} + +} // namespace net diff --git a/chromium/net/cert/x509_certificate_ios.cc b/chromium/net/cert/x509_certificate_ios.cc index 1ea686a266d..0c3f162b205 100644 --- a/chromium/net/cert/x509_certificate_ios.cc +++ b/chromium/net/cert/x509_certificate_ios.cc @@ -75,11 +75,11 @@ void ParsePrincipalValues(X509_NAME* name, } } -void ParsePrincipal(X509Certificate::OSCertHandle os_cert, +bool ParsePrincipal(X509Certificate::OSCertHandle os_cert, X509_NAME* x509_name, CertPrincipal* principal) { if (!x509_name) - return; + return false; ParsePrincipalValues(x509_name, NID_streetAddress, &principal->street_addresses); @@ -98,6 +98,7 @@ void ParsePrincipal(X509Certificate::OSCertHandle os_cert, &principal->state_or_province_name); x509_util::ParsePrincipalValueByNID(x509_name, NID_countryName, &principal->country_name); + return true; } bool ParseSubjectAltName(X509Certificate::OSCertHandle os_cert, @@ -165,31 +166,34 @@ void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { CFRelease(cert_handle); } -void X509Certificate::Initialize() { +bool X509Certificate::Initialize() { crypto::EnsureOpenSSLInit(); bssl::UniquePtr<X509> x509_cert = OSCertHandleToOpenSSL(cert_handle_); if (!x509_cert) - return; + return false; ASN1_INTEGER* serial_num = X509_get_serialNumber(x509_cert.get()); - if (serial_num) { - // ASN1_INTEGERS represent the decoded number, in a format internal to - // OpenSSL. Most notably, this may have leading zeroes stripped off for - // numbers whose first byte is >= 0x80. Thus, it is necessary to - // re-encoded the integer back into DER, which is what the interface - // of X509Certificate exposes, to ensure callers get the proper (DER) - // value. - int bytes_required = i2c_ASN1_INTEGER(serial_num, nullptr); - unsigned char* buffer = reinterpret_cast<unsigned char*>( - base::WriteInto(&serial_number_, bytes_required + 1)); - int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer); - DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size()); - } - - ParsePrincipal(cert_handle_, X509_get_subject_name(x509_cert.get()), - &subject_); - ParsePrincipal(cert_handle_, X509_get_issuer_name(x509_cert.get()), &issuer_); - x509_util::ParseDate(X509_get_notBefore(x509_cert.get()), &valid_start_); - x509_util::ParseDate(X509_get_notAfter(x509_cert.get()), &valid_expiry_); + if (!serial_num) + return false; + // ASN1_INTEGERS represent the decoded number, in a format internal to + // OpenSSL. Most notably, this may have leading zeroes stripped off for + // numbers whose first byte is >= 0x80. Thus, it is necessary to + // re-encoded the integer back into DER, which is what the interface + // of X509Certificate exposes, to ensure callers get the proper (DER) + // value. + int bytes_required = i2c_ASN1_INTEGER(serial_num, nullptr); + unsigned char* buffer = reinterpret_cast<unsigned char*>( + base::WriteInto(&serial_number_, bytes_required + 1)); + int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer); + DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size()); + + return ( + ParsePrincipal(cert_handle_, X509_get_subject_name(x509_cert.get()), + &subject_) && + ParsePrincipal(cert_handle_, X509_get_issuer_name(x509_cert.get()), + &issuer_) && + x509_util::ParseDate(X509_get_notBefore(x509_cert.get()), + &valid_start_) && + x509_util::ParseDate(X509_get_notAfter(x509_cert.get()), &valid_expiry_)); } // static @@ -362,10 +366,6 @@ void X509Certificate::GetPublicKeyInfo(OSCertHandle os_cert, *size_bits = EVP_PKEY_bits(key); } -bool X509Certificate::SupportsSSLClientAuth() const { - return false; -} - CFMutableArrayRef X509Certificate::CreateOSCertChainForCert() const { CFMutableArrayRef cert_list = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); diff --git a/chromium/net/cert/x509_certificate_mac.cc b/chromium/net/cert/x509_certificate_mac.cc index 3c0b6739aa4..73dbe464f02 100644 --- a/chromium/net/cert/x509_certificate_mac.cc +++ b/chromium/net/cert/x509_certificate_mac.cc @@ -35,16 +35,17 @@ namespace net { namespace { -void GetCertDistinguishedName( +bool GetCertDistinguishedName( const x509_util::CSSMCachedCertificate& cached_cert, const CSSM_OID* oid, CertPrincipal* result) { x509_util::CSSMFieldValue distinguished_name; OSStatus status = cached_cert.GetField(oid, &distinguished_name); if (status || !distinguished_name.field()) - return; + return false; result->ParseDistinguishedName(distinguished_name.field()->Data, distinguished_name.field()->Length); + return true; } bool IsCertIssuerInEncodedList(X509Certificate::OSCertHandle cert_handle, @@ -73,7 +74,7 @@ bool IsCertIssuerInEncodedList(X509Certificate::OSCertHandle cert_handle, return false; } -void GetCertDateForOID(const x509_util::CSSMCachedCertificate& cached_cert, +bool GetCertDateForOID(const x509_util::CSSMCachedCertificate& cached_cert, const CSSM_OID* oid, Time* result) { *result = Time(); @@ -81,14 +82,14 @@ void GetCertDateForOID(const x509_util::CSSMCachedCertificate& cached_cert, x509_util::CSSMFieldValue field; OSStatus status = cached_cert.GetField(oid, &field); if (status) - return; + return false; const CSSM_X509_TIME* x509_time = field.GetAs<CSSM_X509_TIME>(); if (x509_time->timeType != BER_TAG_UTC_TIME && x509_time->timeType != BER_TAG_GENERALIZED_TIME) { LOG(ERROR) << "Unsupported date/time format " << x509_time->timeType; - return; + return false; } base::StringPiece time_string( @@ -96,8 +97,11 @@ void GetCertDateForOID(const x509_util::CSSMCachedCertificate& cached_cert, x509_time->time.Length); CertDateFormat format = x509_time->timeType == BER_TAG_UTC_TIME ? CERT_DATE_FORMAT_UTC_TIME : CERT_DATE_FORMAT_GENERALIZED_TIME; - if (!ParseCertificateDate(time_string, format, result)) + if (!ParseCertificateDate(time_string, format, result)) { LOG(ERROR) << "Invalid certificate date/time " << time_string; + return false; + } + return true; } std::string GetCertSerialNumber( @@ -113,37 +117,6 @@ std::string GetCertSerialNumber( serial_number.field()->Length); } -// Returns true if |purpose| is listed as allowed in |usage|. This -// function also considers the "Any" purpose. If the attribute is -// present and empty, we return false. -bool ExtendedKeyUsageAllows(const CE_ExtendedKeyUsage* usage, - const CSSM_OID* purpose) { - for (unsigned p = 0; p < usage->numPurposes; ++p) { - if (CSSMOIDEqual(&usage->purposes[p], purpose)) - return true; - if (CSSMOIDEqual(&usage->purposes[p], &CSSMOID_ExtendedKeyUsageAny)) - return true; - } - return false; -} - -// Test that a given |cert_handle| is actually a valid X.509 certificate, and -// return true if it is. -// -// On OS X, SecCertificateCreateFromData() does not return any errors if -// called with invalid data, as long as data is present. The actual decoding -// of the certificate does not happen until an API that requires a CSSM -// handle is called. While SecCertificateGetCLHandle is the most likely -// candidate, as it performs the parsing, it does not check whether the -// parsing was actually successful. Instead, SecCertificateGetSubject is -// used (supported since 10.3), as a means to check that the certificate -// parsed as a valid X.509 certificate. -bool IsValidOSCertHandle(SecCertificateRef cert_handle) { - const CSSM_X509_NAME* sanity_check = NULL; - OSStatus status = SecCertificateGetSubject(cert_handle, &sanity_check); - return status == noErr && sanity_check; -} - // Parses |data| of length |length|, attempting to decode it as the specified // |format|. If |data| is in the specified format, any certificates contained // within are stored into |output|. @@ -192,7 +165,7 @@ void AddCertificatesFromBytes(const char* data, size_t length, // |input_format|, causing decode to succeed. On OS X 10.6, the data // is properly decoded as a PKCS#7, whether PEM or not, which avoids // the need to fallback to internal decoding. - if (IsValidOSCertHandle(cert)) { + if (x509_util::IsValidSecCertificate(cert)) { CFRetain(cert); output->push_back(cert); } @@ -202,19 +175,21 @@ void AddCertificatesFromBytes(const char* data, size_t length, } // namespace -void X509Certificate::Initialize() { +bool X509Certificate::Initialize() { x509_util::CSSMCachedCertificate cached_cert; - if (cached_cert.Init(cert_handle_) == CSSM_OK) { - GetCertDistinguishedName(cached_cert, &CSSMOID_X509V1SubjectNameStd, - &subject_); - GetCertDistinguishedName(cached_cert, &CSSMOID_X509V1IssuerNameStd, - &issuer_); - GetCertDateForOID(cached_cert, &CSSMOID_X509V1ValidityNotBefore, - &valid_start_); - GetCertDateForOID(cached_cert, &CSSMOID_X509V1ValidityNotAfter, - &valid_expiry_); - serial_number_ = GetCertSerialNumber(cached_cert); - } + if (cached_cert.Init(cert_handle_) != CSSM_OK) + return false; + serial_number_ = GetCertSerialNumber(cached_cert); + + return (!serial_number_.empty() && + GetCertDistinguishedName(cached_cert, &CSSMOID_X509V1SubjectNameStd, + &subject_) && + GetCertDistinguishedName(cached_cert, &CSSMOID_X509V1IssuerNameStd, + &issuer_) && + GetCertDateForOID(cached_cert, &CSSMOID_X509V1ValidityNotBefore, + &valid_start_) && + GetCertDateForOID(cached_cert, &CSSMOID_X509V1ValidityNotAfter, + &valid_expiry_)); } bool X509Certificate::IsIssuedByEncoded( @@ -299,37 +274,16 @@ bool X509Certificate::GetDEREncoded(X509Certificate::OSCertHandle cert_handle, bool X509Certificate::IsSameOSCert(X509Certificate::OSCertHandle a, X509Certificate::OSCertHandle b) { DCHECK(a && b); - if (a == b) - return true; - if (CFEqual(a, b)) - return true; - CSSM_DATA a_data, b_data; - return SecCertificateGetData(a, &a_data) == noErr && - SecCertificateGetData(b, &b_data) == noErr && - a_data.Length == b_data.Length && - memcmp(a_data.Data, b_data.Data, a_data.Length) == 0; + return CFEqual(a, b); } // static X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( const char* data, size_t length) { - CSSM_DATA cert_data; - cert_data.Data = const_cast<uint8_t*>(reinterpret_cast<const uint8_t*>(data)); - cert_data.Length = length; - - OSCertHandle cert_handle = NULL; - OSStatus status = SecCertificateCreateFromData(&cert_data, - CSSM_CERT_X_509v3, - CSSM_CERT_ENCODING_DER, - &cert_handle); - if (status != noErr) - return NULL; - if (!IsValidOSCertHandle(cert_handle)) { - CFRelease(cert_handle); - return NULL; - } - return cert_handle; + return x509_util::CreateSecCertificateFromBytes( + reinterpret_cast<const uint8_t*>(data), length) + .release(); } // static @@ -373,20 +327,7 @@ void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { // static SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) { - SHA256HashValue sha256; - memset(sha256.data, 0, sizeof(sha256.data)); - - CSSM_DATA cert_data; - OSStatus status = SecCertificateGetData(cert, &cert_data); - if (status) - return sha256; - - DCHECK(cert_data.Data); - DCHECK_NE(cert_data.Length, 0U); - - CC_SHA256(cert_data.Data, cert_data.Length, sha256.data); - - return sha256; + return x509_util::CalculateFingerprint256(cert); } // static @@ -411,56 +352,6 @@ SHA256HashValue X509Certificate::CalculateCAFingerprint256( return sha256; } -bool X509Certificate::SupportsSSLClientAuth() const { - x509_util::CSSMCachedCertificate cached_cert; - OSStatus status = cached_cert.Init(cert_handle_); - if (status) - return false; - - // RFC5280 says to take the intersection of the two extensions. - // - // Our underlying crypto libraries don't expose - // ClientCertificateType, so for now we will not support fixed - // Diffie-Hellman mechanisms. For rsa_sign, we need the - // digitalSignature bit. - // - // In particular, if a key has the nonRepudiation bit and not the - // digitalSignature one, we will not offer it to the user. - x509_util::CSSMFieldValue key_usage; - status = cached_cert.GetField(&CSSMOID_KeyUsage, &key_usage); - if (status == CSSM_OK && key_usage.field()) { - const CSSM_X509_EXTENSION* ext = key_usage.GetAs<CSSM_X509_EXTENSION>(); - const CE_KeyUsage* key_usage_value = - reinterpret_cast<const CE_KeyUsage*>(ext->value.parsedValue); - if (!((*key_usage_value) & CE_KU_DigitalSignature)) - return false; - } - - status = cached_cert.GetField(&CSSMOID_ExtendedKeyUsage, &key_usage); - if (status == CSSM_OK && key_usage.field()) { - const CSSM_X509_EXTENSION* ext = key_usage.GetAs<CSSM_X509_EXTENSION>(); - const CE_ExtendedKeyUsage* ext_key_usage = - reinterpret_cast<const CE_ExtendedKeyUsage*>(ext->value.parsedValue); - if (!ExtendedKeyUsageAllows(ext_key_usage, &CSSMOID_ClientAuth)) - return false; - } - return true; -} - -CFMutableArrayRef X509Certificate::CreateOSCertChainForCert() const { - CFMutableArrayRef cert_list = - CFArrayCreateMutable(kCFAllocatorDefault, 0, - &kCFTypeArrayCallBacks); - if (!cert_list) - return NULL; - - CFArrayAppendValue(cert_list, os_cert_handle()); - for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) - CFArrayAppendValue(cert_list, intermediate_ca_certs_[i]); - - return cert_list; -} - // static X509Certificate::OSCertHandle X509Certificate::ReadOSCertHandleFromPickle( base::PickleIterator* pickle_iter) { @@ -533,39 +424,7 @@ void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle, // static bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) { - x509_util::CSSMCachedCertificate cached_cert; - OSStatus status = cached_cert.Init(cert_handle); - if (status != noErr) - return false; - - x509_util::CSSMFieldValue subject; - status = cached_cert.GetField(&CSSMOID_X509V1SubjectNameStd, &subject); - if (status != CSSM_OK || !subject.field()) - return false; - - x509_util::CSSMFieldValue issuer; - status = cached_cert.GetField(&CSSMOID_X509V1IssuerNameStd, &issuer); - if (status != CSSM_OK || !issuer.field()) - return false; - - if (subject.field()->Length != issuer.field()->Length || - memcmp(subject.field()->Data, issuer.field()->Data, - issuer.field()->Length) != 0) { - return false; - } - - CSSM_CL_HANDLE cl_handle = CSSM_INVALID_HANDLE; - status = SecCertificateGetCLHandle(cert_handle, &cl_handle); - if (status) - return false; - CSSM_DATA cert_data; - status = SecCertificateGetData(cert_handle, &cert_data); - if (status) - return false; - - if (CSSM_CL_CertVerify(cl_handle, 0, &cert_data, &cert_data, NULL, 0)) - return false; - return true; + return x509_util::IsSelfSigned(cert_handle); } #pragma clang diagnostic pop // "-Wdeprecated-declarations" diff --git a/chromium/net/cert/x509_certificate_nss.cc b/chromium/net/cert/x509_certificate_nss.cc index baa0a5953c4..4f3339f6a62 100644 --- a/chromium/net/cert/x509_certificate_nss.cc +++ b/chromium/net/cert/x509_certificate_nss.cc @@ -26,14 +26,15 @@ namespace net { -void X509Certificate::Initialize() { - x509_util::ParsePrincipal(&cert_handle_->subject, &subject_); - x509_util::ParsePrincipal(&cert_handle_->issuer, &issuer_); - - x509_util::ParseDate(&cert_handle_->validity.notBefore, &valid_start_); - x509_util::ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_); - +bool X509Certificate::Initialize() { serial_number_ = x509_util::ParseSerialNumber(cert_handle_); + + return ( + !serial_number_.empty() && + x509_util::ParsePrincipal(&cert_handle_->subject, &subject_) && + x509_util::ParsePrincipal(&cert_handle_->issuer, &issuer_) && + x509_util::ParseDate(&cert_handle_->validity.notBefore, &valid_start_) && + x509_util::ParseDate(&cert_handle_->validity.notAfter, &valid_expiry_)); } std::string X509Certificate::GetDefaultNickname(CertType type) const { diff --git a/chromium/net/cert/x509_certificate_openssl.cc b/chromium/net/cert/x509_certificate_openssl.cc index 49e5ad7c979..1dd46e0c745 100644 --- a/chromium/net/cert/x509_certificate_openssl.cc +++ b/chromium/net/cert/x509_certificate_openssl.cc @@ -15,6 +15,7 @@ #include "crypto/openssl_util.h" #include "net/base/ip_address.h" #include "net/base/net_errors.h" +#include "net/cert/x509_util.h" #include "net/cert/x509_util_openssl.h" #include "third_party/boringssl/src/include/openssl/asn1.h" #include "third_party/boringssl/src/include/openssl/bytestring.h" @@ -67,11 +68,11 @@ void ParsePrincipalValues(X509_NAME* name, } } -void ParsePrincipal(X509Certificate::OSCertHandle cert, +bool ParsePrincipal(X509Certificate::OSCertHandle cert, X509_NAME* x509_name, CertPrincipal* principal) { if (!x509_name) - return; + return false; ParsePrincipalValues(x509_name, NID_streetAddress, &principal->street_addresses); @@ -90,6 +91,7 @@ void ParsePrincipal(X509Certificate::OSCertHandle cert, &principal->state_or_province_name); x509_util::ParsePrincipalValueByNID(x509_name, NID_countryName, &principal->country_name); + return true; } bool ParseSubjectAltName(X509Certificate::OSCertHandle cert, @@ -185,28 +187,31 @@ void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { X509_free(cert_handle); } -void X509Certificate::Initialize() { +bool X509Certificate::Initialize() { crypto::EnsureOpenSSLInit(); ASN1_INTEGER* serial_num = X509_get_serialNumber(cert_handle_); - if (serial_num) { - // ASN1_INTEGERS represent the decoded number, in a format internal to - // OpenSSL. Most notably, this may have leading zeroes stripped off for - // numbers whose first byte is >= 0x80. Thus, it is necessary to - // re-encoded the integer back into DER, which is what the interface - // of X509Certificate exposes, to ensure callers get the proper (DER) - // value. - int bytes_required = i2c_ASN1_INTEGER(serial_num, NULL); - unsigned char* buffer = reinterpret_cast<unsigned char*>( - base::WriteInto(&serial_number_, bytes_required + 1)); - int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer); - DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size()); - } - - ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_); - ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_); - x509_util::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_); - x509_util::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_); + if (!serial_num) + return false; + // ASN1_INTEGERS represent the decoded number, in a format internal to + // OpenSSL. Most notably, this may have leading zeroes stripped off for + // numbers whose first byte is >= 0x80. Thus, it is necessary to + // re-encoded the integer back into DER, which is what the interface + // of X509Certificate exposes, to ensure callers get the proper (DER) + // value. + int bytes_required = i2c_ASN1_INTEGER(serial_num, NULL); + unsigned char* buffer = reinterpret_cast<unsigned char*>( + base::WriteInto(&serial_number_, bytes_required + 1)); + int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer); + DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size()); + + return ( + ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), + &subject_) && + ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), + &issuer_) && + x509_util::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_) && + x509_util::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_)); } // static @@ -248,12 +253,9 @@ X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( const char* data, size_t length) { crypto::EnsureOpenSSLInit(); - const unsigned char* d2i_data = - reinterpret_cast<const unsigned char*>(data); - // Don't cache this data for x509_util::GetDER as this wire format - // may be not be identical from the i2d_X509 roundtrip. - X509* cert = d2i_X509(NULL, &d2i_data, base::checked_cast<long>(length)); - return cert; + bssl::UniquePtr<CRYPTO_BUFFER> buffer = x509_util::CreateCryptoBuffer( + reinterpret_cast<const uint8_t*>(data), length); + return X509_parse_from_buffer(buffer.get()); } // static diff --git a/chromium/net/cert/x509_certificate_unittest.cc b/chromium/net/cert/x509_certificate_unittest.cc index 62a2c2f150d..91bdefc43b5 100644 --- a/chromium/net/cert/x509_certificate_unittest.cc +++ b/chromium/net/cert/x509_certificate_unittest.cc @@ -22,6 +22,7 @@ #include "net/test/test_certificate_data.h" #include "net/test/test_data_directory.h" #include "testing/gtest/include/gtest/gtest.h" +#include "url/url_features.h" #if defined(USE_NSS_CERTS) #include <cert.h> @@ -267,10 +268,91 @@ TEST(X509CertificateTest, UnescapedSpecialCharacters) { EXPECT_EQ(0U, subject.domain_components.size()); } +TEST(X509CertificateTest, TeletexStringIsLatin1) { + base::FilePath certs_dir = + GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest"); + + scoped_refptr<X509Certificate> cert = + ImportCertFromFile(certs_dir, "subject_t61string.pem"); + ASSERT_TRUE(cert); + + const CertPrincipal& subject = cert->subject(); + EXPECT_EQ( + " !\"#$%&'()*+,-./" + "0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`" + "abcdefghijklmnopqrstuvwxyz{|}~" + " ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæç" + "èéêëìíîïðñòóôõö÷øùúûüýþÿ", + subject.organization_names[0]); +} + +TEST(X509CertificateTest, TeletexStringControlChars) { + base::FilePath certs_dir = + GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest"); + + scoped_refptr<X509Certificate> cert = + ImportCertFromFile(certs_dir, "subject_t61string_1-32.pem"); + ASSERT_TRUE(cert); + + const CertPrincipal& subject = cert->subject(); + EXPECT_EQ( + "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12" + "\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20", + subject.organization_names[0]); +} + +TEST(X509CertificateTest, TeletexStringIsLatin1OrCp1252) { + base::FilePath certs_dir = + GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest"); + + scoped_refptr<X509Certificate> cert = + ImportCertFromFile(certs_dir, "subject_t61string_126-160.pem"); + ASSERT_TRUE(cert); + + const CertPrincipal& subject = cert->subject(); +#if (defined(OS_MACOSX) && !defined(OS_IOS)) || \ + (BUILDFLAG(USE_BYTE_CERTS) && !BUILDFLAG(USE_PLATFORM_ICU_ALTERNATIVES)) + // Mac: TeletexString is decoded as CP1252. + // use_byte_certs: ICU ISO-8859-1 seems to be CP1252 actually. + // (but with use_platform_icu_alternatives it's not.) + EXPECT_EQ( + "~\x7F\xE2\x82\xAC\xC2\x81\xE2\x80\x9A\xC6\x92\xE2\x80\x9E\xE2\x80\xA6" + "\xE2\x80\xA0\xE2\x80\xA1\xCB\x86\xE2\x80\xB0\xC5\xA0\xE2\x80\xB9\xC5\x92" + "\xC2\x8D\xC5\xBD\xC2\x8F\xC2\x90\xE2\x80\x98\xE2\x80\x99\xE2\x80\x9C\xE2" + "\x80\x9D\xE2\x80\xA2\xE2\x80\x93\xE2\x80\x94\xCB\x9C\xE2\x84\xA2\xC5\xA1" + "\xE2\x80\xBA\xC5\x93\xC2\x9D\xC5\xBE\xC5\xB8\xC2\xA0", + subject.organization_names[0]); +#else + // NSS, Win, Android, iOS: TeletexString is decoded as latin1, so 127-160 get + // decoded to equivalent unicode control chars. + EXPECT_EQ( + "~\x7F\xC2\x80\xC2\x81\xC2\x82\xC2\x83\xC2\x84\xC2\x85\xC2\x86\xC2\x87" + "\xC2\x88\xC2\x89\xC2\x8A\xC2\x8B\xC2\x8C\xC2\x8D\xC2\x8E\xC2\x8F\xC2\x90" + "\xC2\x91\xC2\x92\xC2\x93\xC2\x94\xC2\x95\xC2\x96\xC2\x97\xC2\x98\xC2\x99" + "\xC2\x9A\xC2\x9B\xC2\x9C\xC2\x9D\xC2\x9E\xC2\x9F\xC2\xA0", + subject.organization_names[0]); +#endif +} + +TEST(X509CertificateTest, TeletexStringIsNotARealT61String) { + base::FilePath certs_dir = + GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest"); + + scoped_refptr<X509Certificate> cert = + ImportCertFromFile(certs_dir, "subject_t61string_actual.pem"); + ASSERT_TRUE(cert); + + const CertPrincipal& subject = cert->subject(); + // If TeletexStrings were actually parsed according to T.61, this would be + // "あ". (Probably. Not verified against a real implementation.) + EXPECT_EQ("\x1B$@$\"", subject.organization_names[0]); +} + TEST(X509CertificateTest, SerialNumbers) { scoped_refptr<X509Certificate> google_cert( X509Certificate::CreateFromBytes( reinterpret_cast<const char*>(google_der), sizeof(google_der))); + ASSERT_TRUE(google_cert); static const uint8_t google_serial[16] = { 0x01,0x2a,0x39,0x76,0x0d,0x3f,0x4f,0xc9, @@ -280,24 +362,79 @@ TEST(X509CertificateTest, SerialNumbers) { ASSERT_EQ(sizeof(google_serial), google_cert->serial_number().size()); EXPECT_TRUE(memcmp(google_cert->serial_number().data(), google_serial, sizeof(google_serial)) == 0); +} - // We also want to check a serial number where the first byte is >= 0x80 in - // case the underlying library tries to pad it. - scoped_refptr<X509Certificate> paypal_null_cert( - X509Certificate::CreateFromBytes( - reinterpret_cast<const char*>(paypal_null_der), - sizeof(paypal_null_der))); - - static const uint8_t paypal_null_serial[3] = {0x00, 0xf0, 0x9b}; - ASSERT_EQ(sizeof(paypal_null_serial), - paypal_null_cert->serial_number().size()); - EXPECT_TRUE(memcmp(paypal_null_cert->serial_number().data(), - paypal_null_serial, sizeof(paypal_null_serial)) == 0); +TEST(X509CertificateTest, SerialNumberZeroPadded) { + base::FilePath certs_dir = + GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest"); + scoped_refptr<X509Certificate> cert = + ImportCertFromFile(certs_dir, "serial_zero_padded.pem"); + ASSERT_TRUE(cert); + + // Check a serial number where the first byte is >= 0x80, the DER returned by + // serial() should contain the leading 0 padding byte. + static const uint8_t expected_serial[3] = {0x00, 0x80, 0x01}; + ASSERT_EQ(sizeof(expected_serial), cert->serial_number().size()); + EXPECT_TRUE(memcmp(cert->serial_number().data(), expected_serial, + sizeof(expected_serial)) == 0); +} + +TEST(X509CertificateTest, SerialNumberZeroPadded21BytesLong) { + base::FilePath certs_dir = + GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest"); + scoped_refptr<X509Certificate> cert = + ImportCertFromFile(certs_dir, "serial_zero_padded_21_bytes.pem"); + ASSERT_TRUE(cert); + + // Check a serial number where the first byte is >= 0x80, causing the encoded + // length to be 21 bytes long. This should be an error, but serial number + // parsing is currently permissive. + static const uint8_t expected_serial[21] = { + 0x00, 0x80, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, + 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13}; + ASSERT_EQ(sizeof(expected_serial), cert->serial_number().size()); + EXPECT_TRUE(memcmp(cert->serial_number().data(), expected_serial, + sizeof(expected_serial)) == 0); +} + +TEST(X509CertificateTest, SerialNumberNegative) { + base::FilePath certs_dir = + GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest"); + scoped_refptr<X509Certificate> cert = + ImportCertFromFile(certs_dir, "serial_negative.pem"); + ASSERT_TRUE(cert); + + // RFC 5280 does not allow serial numbers to be negative, but serial number + // parsing is currently permissive, so this does not cause an error. + static const uint8_t expected_serial[2] = {0x80, 0x01}; + ASSERT_EQ(sizeof(expected_serial), cert->serial_number().size()); + EXPECT_TRUE(memcmp(cert->serial_number().data(), expected_serial, + sizeof(expected_serial)) == 0); +} + +TEST(X509CertificateTest, SerialNumber37BytesLong) { + base::FilePath certs_dir = + GetTestNetDataDirectory().AppendASCII("parse_certificate_unittest"); + scoped_refptr<X509Certificate> cert = + ImportCertFromFile(certs_dir, "serial_37_bytes.pem"); + ASSERT_TRUE(cert); + + // Check a serial number which is very long. This should be an error, but + // serial number parsing is currently permissive. + static const uint8_t expected_serial[37] = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, + 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25}; + ASSERT_EQ(sizeof(expected_serial), cert->serial_number().size()); + EXPECT_TRUE(memcmp(cert->serial_number().data(), expected_serial, + sizeof(expected_serial)) == 0); } TEST(X509CertificateTest, SHA256FingerprintsCorrectly) { scoped_refptr<X509Certificate> google_cert(X509Certificate::CreateFromBytes( reinterpret_cast<const char*>(google_der), sizeof(google_der))); + ASSERT_TRUE(google_cert); const SHA256HashValue google_sha256_fingerprint = { {0x21, 0xaf, 0x58, 0x74, 0xea, 0x6b, 0xad, 0xbd, 0xe4, 0xb3, 0xb1, @@ -328,18 +465,21 @@ TEST(X509CertificateTest, CAFingerprints) { scoped_refptr<X509Certificate> cert_chain1 = X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), intermediates); + ASSERT_TRUE(cert_chain1); intermediates.clear(); intermediates.push_back(intermediate_cert2->os_cert_handle()); scoped_refptr<X509Certificate> cert_chain2 = X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), intermediates); + ASSERT_TRUE(cert_chain2); // No intermediate CA certicates. intermediates.clear(); scoped_refptr<X509Certificate> cert_chain3 = X509Certificate::CreateFromHandle(server_cert->os_cert_handle(), intermediates); + ASSERT_TRUE(cert_chain3); SHA256HashValue cert_chain1_ca_fingerprint_256 = { {0x51, 0x15, 0x30, 0x49, 0x97, 0x54, 0xf8, 0xb4, 0x17, 0x41, 0x6b, @@ -547,6 +687,7 @@ TEST(X509CertificateTest, Cache) { scoped_refptr<X509Certificate> cert1(X509Certificate::CreateFromHandle( google_cert_handle, X509Certificate::OSCertHandles())); X509Certificate::FreeOSCertHandle(google_cert_handle); + ASSERT_TRUE(cert1); // Add the same certificate, but as a new handle. google_cert_handle = X509Certificate::CreateOSCertHandleFromBytes( @@ -554,6 +695,7 @@ TEST(X509CertificateTest, Cache) { scoped_refptr<X509Certificate> cert2(X509Certificate::CreateFromHandle( google_cert_handle, X509Certificate::OSCertHandles())); X509Certificate::FreeOSCertHandle(google_cert_handle); + ASSERT_TRUE(cert2); // A new X509Certificate should be returned. EXPECT_NE(cert1.get(), cert2.get()); @@ -575,6 +717,7 @@ TEST(X509CertificateTest, Cache) { google_cert_handle, intermediates)); X509Certificate::FreeOSCertHandle(google_cert_handle); X509Certificate::FreeOSCertHandle(thawte_cert_handle); + ASSERT_TRUE(cert3); // Test that the new certificate, even with intermediates, results in the // same underlying handle being used. @@ -626,10 +769,12 @@ TEST(X509CertificateTest, IntermediateCertificates) { scoped_refptr<X509Certificate> webkit_cert( X509Certificate::CreateFromBytes( reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der))); + ASSERT_TRUE(webkit_cert); scoped_refptr<X509Certificate> thawte_cert( X509Certificate::CreateFromBytes( reinterpret_cast<const char*>(thawte_der), sizeof(thawte_der))); + ASSERT_TRUE(thawte_cert); X509Certificate::OSCertHandle google_handle; // Create object with no intermediates: @@ -638,6 +783,7 @@ TEST(X509CertificateTest, IntermediateCertificates) { X509Certificate::OSCertHandles intermediates1; scoped_refptr<X509Certificate> cert1; cert1 = X509Certificate::CreateFromHandle(google_handle, intermediates1); + ASSERT_TRUE(cert1); EXPECT_EQ(0u, cert1->GetIntermediateCertificates().size()); // Create object with 2 intermediates: @@ -646,6 +792,7 @@ TEST(X509CertificateTest, IntermediateCertificates) { intermediates2.push_back(thawte_cert->os_cert_handle()); scoped_refptr<X509Certificate> cert2; cert2 = X509Certificate::CreateFromHandle(google_handle, intermediates2); + ASSERT_TRUE(cert2); // Verify it has all the intermediates: const X509Certificate::OSCertHandles& cert2_intermediates = @@ -758,6 +905,7 @@ TEST(X509CertificateTest, IsIssuedByEncodedWithIntermediates) { scoped_refptr<X509Certificate> cert_chain = X509Certificate::CreateFromHandle(policy_chain[0]->os_cert_handle(), intermediates); + ASSERT_TRUE(cert_chain); std::vector<std::string> issuers; @@ -924,6 +1072,7 @@ TEST_P(X509CertificateParseTest, CanParseFormat) { // A cert is expected - make sure that one was parsed. ASSERT_LT(i, certs.size()); + ASSERT_TRUE(certs[i]); // Compare the parsed certificate with the expected certificate, by // comparing fingerprints. @@ -1181,16 +1330,13 @@ const struct PublicKeyInfoTestData { size_t expected_bits; X509Certificate::PublicKeyType expected_type; } kPublicKeyInfoTestData[] = { - {"768-rsa-ee-by-768-rsa-intermediate.pem", - 768, + {"768-rsa-ee-by-768-rsa-intermediate.pem", 768, X509Certificate::kPublicKeyTypeRSA}, - {"1024-rsa-ee-by-768-rsa-intermediate.pem", - 1024, + {"1024-rsa-ee-by-768-rsa-intermediate.pem", 1024, X509Certificate::kPublicKeyTypeRSA}, - {"prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem", - 256, + {"prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pem", 256, X509Certificate::kPublicKeyTypeECDSA}, -#if defined(OS_MACOSX) && !defined(OS_IOS) +#if defined(OS_MACOSX) && !defined(OS_IOS) && !BUILDFLAG(USE_BYTE_CERTS) // OS X has an key length limit of 4096 bits. This should manifest as an // unknown key. If a future version of OS X changes this, large_key.pem may // need to be renegerated with a larger key. See https://crbug.com/472291. diff --git a/chromium/net/cert/x509_certificate_win.cc b/chromium/net/cert/x509_certificate_win.cc index 3414734cc7e..05eec4e1b12 100644 --- a/chromium/net/cert/x509_certificate_win.cc +++ b/chromium/net/cert/x509_certificate_win.cc @@ -133,12 +133,14 @@ bool IsCertNameBlobInIssuerList( } // namespace -void X509Certificate::Initialize() { +bool X509Certificate::Initialize() { DCHECK(cert_handle_); - subject_.ParseDistinguishedName(cert_handle_->pCertInfo->Subject.pbData, - cert_handle_->pCertInfo->Subject.cbData); - issuer_.ParseDistinguishedName(cert_handle_->pCertInfo->Issuer.pbData, - cert_handle_->pCertInfo->Issuer.cbData); + if (!subject_.ParseDistinguishedName( + cert_handle_->pCertInfo->Subject.pbData, + cert_handle_->pCertInfo->Subject.cbData) || + !issuer_.ParseDistinguishedName(cert_handle_->pCertInfo->Issuer.pbData, + cert_handle_->pCertInfo->Issuer.cbData)) + return false; valid_start_ = Time::FromFileTime(cert_handle_->pCertInfo->NotBefore); valid_expiry_ = Time::FromFileTime(cert_handle_->pCertInfo->NotAfter); @@ -149,6 +151,8 @@ void X509Certificate::Initialize() { serial_bytes[i] = serial->pbData[serial->cbData - i - 1]; serial_number_ = std::string( reinterpret_cast<char*>(serial_bytes.get()), serial->cbData); + + return true; } bool X509Certificate::GetSubjectAltName( diff --git a/chromium/net/cert/x509_util.cc b/chromium/net/cert/x509_util.cc index a5d583d0eb1..4a1f755ef3a 100644 --- a/chromium/net/cert/x509_util.cc +++ b/chromium/net/cert/x509_util.cc @@ -30,7 +30,7 @@ bool GetCommonName(const der::Input& tlv, std::string* common_name) { for (const auto& rdn : rdn_sequence) { for (const auto& atv : rdn) { if (atv.type == TypeCommonNameOid()) { - return atv.ValueAsStringUnsafe(common_name); + return atv.ValueAsString(common_name); } } } diff --git a/chromium/net/cert/x509_util_ios.cc b/chromium/net/cert/x509_util_ios.cc new file mode 100644 index 00000000000..9bf41850efa --- /dev/null +++ b/chromium/net/cert/x509_util_ios.cc @@ -0,0 +1,22 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/cert/x509_util_ios.h" + +#include "net/cert/x509_certificate.h" + +namespace net { + +namespace x509_util { + +base::ScopedCFTypeRef<SecCertificateRef> +CreateSecCertificateFromX509Certificate(const X509Certificate* cert) { + return base::ScopedCFTypeRef<SecCertificateRef>( + reinterpret_cast<SecCertificateRef>( + const_cast<void*>(CFRetain(cert->os_cert_handle())))); +} + +} // namespace x509_util + +} // namespace net diff --git a/chromium/net/cert/x509_util_ios.h b/chromium/net/cert/x509_util_ios.h new file mode 100644 index 00000000000..bf3473ffcab --- /dev/null +++ b/chromium/net/cert/x509_util_ios.h @@ -0,0 +1,27 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_CERT_X509_UTIL_IOS_H_ +#define NET_CERT_X509_UTIL_IOS_H_ + +#include <Security/Security.h> + +#include "base/mac/scoped_cftyperef.h" +#include "net/base/net_export.h" + +namespace net { + +class X509Certificate; + +namespace x509_util { + +// Returns a SecCertificate representing |cert|, or NULL on failure. +NET_EXPORT base::ScopedCFTypeRef<SecCertificateRef> +CreateSecCertificateFromX509Certificate(const X509Certificate* cert); + +} // namespace x509_util + +} // namespace net + +#endif // NET_CERT_X509_UTIL_IOS_H_ diff --git a/chromium/net/cert/x509_util_mac.cc b/chromium/net/cert/x509_util_mac.cc index f2ce0f3b4b4..c8f6a2f4a8e 100644 --- a/chromium/net/cert/x509_util_mac.cc +++ b/chromium/net/cert/x509_util_mac.cc @@ -4,11 +4,14 @@ #include "net/cert/x509_util_mac.h" +#include <CommonCrypto/CommonDigest.h> + #include "base/logging.h" #include "base/mac/mac_util.h" -#include "base/mac/scoped_cftyperef.h" #include "base/strings/sys_string_conversions.h" +#include "net/cert/x509_certificate.h" #include "third_party/apple_apsl/cssmapplePriv.h" +#include "third_party/boringssl/src/include/openssl/pool.h" namespace net { @@ -52,6 +55,163 @@ OSStatus CreatePolicy(const CSSM_OID* policy_oid, } // namespace +bool IsValidSecCertificate(SecCertificateRef cert_handle) { + const CSSM_X509_NAME* sanity_check = NULL; + OSStatus status = SecCertificateGetSubject(cert_handle, &sanity_check); + return status == noErr && sanity_check; +} + +base::ScopedCFTypeRef<SecCertificateRef> CreateSecCertificateFromBytes( + const uint8_t* data, + size_t length) { + CSSM_DATA cert_data; + cert_data.Data = const_cast<uint8_t*>(data); + cert_data.Length = length; + + base::ScopedCFTypeRef<SecCertificateRef> cert_handle; + OSStatus status = SecCertificateCreateFromData(&cert_data, CSSM_CERT_X_509v3, + CSSM_CERT_ENCODING_DER, + cert_handle.InitializeInto()); + if (status != noErr) + return base::ScopedCFTypeRef<SecCertificateRef>(); + if (!IsValidSecCertificate(cert_handle.get())) + return base::ScopedCFTypeRef<SecCertificateRef>(); + return cert_handle; +} + +base::ScopedCFTypeRef<SecCertificateRef> +CreateSecCertificateFromX509Certificate(const X509Certificate* cert) { +#if BUILDFLAG(USE_BYTE_CERTS) + return CreateSecCertificateFromBytes( + CRYPTO_BUFFER_data(cert->os_cert_handle()), + CRYPTO_BUFFER_len(cert->os_cert_handle())); +#else + return base::ScopedCFTypeRef<SecCertificateRef>( + reinterpret_cast<SecCertificateRef>( + const_cast<void*>(CFRetain(cert->os_cert_handle())))); +#endif +} + +base::ScopedCFTypeRef<CFMutableArrayRef> +CreateSecCertificateArrayForX509Certificate(X509Certificate* cert) { + base::ScopedCFTypeRef<CFMutableArrayRef> cert_list( + CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks)); + if (!cert_list) + return base::ScopedCFTypeRef<CFMutableArrayRef>(); +#if BUILDFLAG(USE_BYTE_CERTS) + std::string bytes; + base::ScopedCFTypeRef<SecCertificateRef> sec_cert( + CreateSecCertificateFromBytes(CRYPTO_BUFFER_data(cert->os_cert_handle()), + CRYPTO_BUFFER_len(cert->os_cert_handle()))); + if (!sec_cert) + return base::ScopedCFTypeRef<CFMutableArrayRef>(); + CFArrayAppendValue(cert_list, sec_cert); + for (X509Certificate::OSCertHandle intermediate : + cert->GetIntermediateCertificates()) { + base::ScopedCFTypeRef<SecCertificateRef> sec_cert( + CreateSecCertificateFromBytes(CRYPTO_BUFFER_data(intermediate), + CRYPTO_BUFFER_len(intermediate))); + if (!sec_cert) + return base::ScopedCFTypeRef<CFMutableArrayRef>(); + CFArrayAppendValue(cert_list, sec_cert); + } +#else + X509Certificate::OSCertHandles intermediate_ca_certs = + cert->GetIntermediateCertificates(); + CFArrayAppendValue(cert_list, cert->os_cert_handle()); + for (size_t i = 0; i < intermediate_ca_certs.size(); ++i) + CFArrayAppendValue(cert_list, intermediate_ca_certs[i]); +#endif + return cert_list; +} + +scoped_refptr<X509Certificate> CreateX509CertificateFromSecCertificate( + SecCertificateRef sec_cert, + const std::vector<SecCertificateRef>& sec_chain) { +#if BUILDFLAG(USE_BYTE_CERTS) + CSSM_DATA der_data; + if (!sec_cert || SecCertificateGetData(sec_cert, &der_data) != noErr) + return nullptr; + bssl::UniquePtr<CRYPTO_BUFFER> cert_handle( + X509Certificate::CreateOSCertHandleFromBytes( + reinterpret_cast<const char*>(der_data.Data), der_data.Length)); + if (!cert_handle) + return nullptr; + std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates; + X509Certificate::OSCertHandles intermediates_raw; + for (const SecCertificateRef& sec_intermediate : sec_chain) { + if (!sec_intermediate || + SecCertificateGetData(sec_intermediate, &der_data) != noErr) { + return nullptr; + } + bssl::UniquePtr<CRYPTO_BUFFER> intermediate_cert_handle( + X509Certificate::CreateOSCertHandleFromBytes( + reinterpret_cast<const char*>(der_data.Data), der_data.Length)); + if (!intermediate_cert_handle) + return nullptr; + intermediates_raw.push_back(intermediate_cert_handle.get()); + intermediates.push_back(std::move(intermediate_cert_handle)); + } + scoped_refptr<X509Certificate> result( + X509Certificate::CreateFromHandle(cert_handle.get(), intermediates_raw)); + return result; +#else + return X509Certificate::CreateFromHandle(sec_cert, sec_chain); +#endif +} + +bool IsSelfSigned(SecCertificateRef cert_handle) { + CSSMCachedCertificate cached_cert; + OSStatus status = cached_cert.Init(cert_handle); + if (status != noErr) + return false; + + CSSMFieldValue subject; + status = cached_cert.GetField(&CSSMOID_X509V1SubjectNameStd, &subject); + if (status != CSSM_OK || !subject.field()) + return false; + + CSSMFieldValue issuer; + status = cached_cert.GetField(&CSSMOID_X509V1IssuerNameStd, &issuer); + if (status != CSSM_OK || !issuer.field()) + return false; + + if (subject.field()->Length != issuer.field()->Length || + memcmp(subject.field()->Data, issuer.field()->Data, + issuer.field()->Length) != 0) { + return false; + } + + CSSM_CL_HANDLE cl_handle = CSSM_INVALID_HANDLE; + status = SecCertificateGetCLHandle(cert_handle, &cl_handle); + if (status) + return false; + CSSM_DATA cert_data; + status = SecCertificateGetData(cert_handle, &cert_data); + if (status) + return false; + + if (CSSM_CL_CertVerify(cl_handle, 0, &cert_data, &cert_data, NULL, 0)) + return false; + return true; +} + +SHA256HashValue CalculateFingerprint256(SecCertificateRef cert) { + SHA256HashValue sha256; + memset(sha256.data, 0, sizeof(sha256.data)); + + CSSM_DATA cert_data; + OSStatus status = SecCertificateGetData(cert, &cert_data); + if (status) + return sha256; + + DCHECK(cert_data.Data); + DCHECK_NE(cert_data.Length, 0U); + + CC_SHA256(cert_data.Data, cert_data.Length, sha256.data); + + return sha256; +} OSStatus CreateSSLClientPolicy(SecPolicyRef* policy) { *policy = SecPolicyCreateSSL(false /* server */, nullptr); diff --git a/chromium/net/cert/x509_util_mac.h b/chromium/net/cert/x509_util_mac.h index 6b320a8cd6c..1700a6cce4f 100644 --- a/chromium/net/cert/x509_util_mac.h +++ b/chromium/net/cert/x509_util_mac.h @@ -10,18 +10,67 @@ #include <string> +#include "base/mac/scoped_cftyperef.h" #include "base/macros.h" +#include "base/memory/ref_counted.h" +#include "net/base/hash_value.h" #include "net/base/net_export.h" namespace net { +class X509Certificate; + namespace x509_util { +// Tests that a given |cert_handle| is actually a valid X.509 certificate, and +// returns true if it is. +// +// On OS X, SecCertificateCreateFromData() does not return any errors if +// called with invalid data, as long as data is present. The actual decoding +// of the certificate does not happen until an API that requires a CSSM +// handle is called. While SecCertificateGetCLHandle is the most likely +// candidate, as it performs the parsing, it does not check whether the +// parsing was actually successful. Instead, SecCertificateGetSubject is +// used (supported since 10.3), as a means to check that the certificate +// parsed as a valid X.509 certificate. +NET_EXPORT bool IsValidSecCertificate(SecCertificateRef cert_handle); + +// Creates a SecCertificate handle from the DER-encoded representation. +// Returns NULL on failure. +NET_EXPORT base::ScopedCFTypeRef<SecCertificateRef> +CreateSecCertificateFromBytes(const uint8_t* data, size_t length); + +// Returns a SecCertificate representing |cert|, or NULL on failure. +NET_EXPORT base::ScopedCFTypeRef<SecCertificateRef> +CreateSecCertificateFromX509Certificate(const X509Certificate* cert); + +// Returns a new CFMutableArrayRef containing this certificate and its +// intermediate certificates in the form expected by Security.framework +// and Keychain Services, or NULL on failure. +// The first item in the array will be this certificate, followed by its +// intermediates, if any. +NET_EXPORT base::ScopedCFTypeRef<CFMutableArrayRef> +CreateSecCertificateArrayForX509Certificate(X509Certificate* cert); + +// Creates an X509Certificate representing |sec_cert| with intermediates +// |sec_chain|. +NET_EXPORT scoped_refptr<X509Certificate> +CreateX509CertificateFromSecCertificate( + SecCertificateRef sec_cert, + const std::vector<SecCertificateRef>& sec_chain); + +// Returns true if the certificate is self-signed. +NET_EXPORT bool IsSelfSigned(SecCertificateRef cert_handle); + +// Calculates the SHA-256 fingerprint of the certificate. Returns an empty +// (all zero) fingerprint on failure. +NET_EXPORT SHA256HashValue CalculateFingerprint256(SecCertificateRef cert); + // Creates a security policy for certificates used as client certificates // in SSL. // If a policy is successfully created, it will be stored in // |*policy| and ownership transferred to the caller. -OSStatus NET_EXPORT CreateSSLClientPolicy(SecPolicyRef* policy); +NET_EXPORT OSStatus CreateSSLClientPolicy(SecPolicyRef* policy); // Create an SSL server policy. While certificate name validation will be // performed by SecTrustEvaluate(), it has the following limitations: @@ -32,13 +81,13 @@ OSStatus NET_EXPORT CreateSSLClientPolicy(SecPolicyRef* policy); // system trust preferences, such as those created by Safari. Preferences // created by Keychain Access do not share this requirement. // On success, stores the resultant policy in |*policy| and returns noErr. -OSStatus NET_EXPORT CreateSSLServerPolicy(const std::string& hostname, +NET_EXPORT OSStatus CreateSSLServerPolicy(const std::string& hostname, SecPolicyRef* policy); // Creates a security policy for basic X.509 validation. If the policy is // successfully created, it will be stored in |*policy| and ownership // transferred to the caller. -OSStatus NET_EXPORT CreateBasicX509Policy(SecPolicyRef* policy); +NET_EXPORT OSStatus CreateBasicX509Policy(SecPolicyRef* policy); // Creates security policies to control revocation checking (OCSP and CRL). // If |enable_revocation_checking| is true, revocation checking will be @@ -47,7 +96,7 @@ OSStatus NET_EXPORT CreateBasicX509Policy(SecPolicyRef* policy); // the network or the local cache, if possible. // If the policies are successfully created, they will be appended to // |policies|. -OSStatus NET_EXPORT CreateRevocationPolicies(bool enable_revocation_checking, +NET_EXPORT OSStatus CreateRevocationPolicies(bool enable_revocation_checking, CFMutableArrayRef policies); // CSSM functions are deprecated as of OSX 10.7, but have no replacement. diff --git a/chromium/net/cert/x509_util_nss.cc b/chromium/net/cert/x509_util_nss.cc index 2988417673b..1175bd8054d 100644 --- a/chromium/net/cert/x509_util_nss.cc +++ b/chromium/net/cert/x509_util_nss.cc @@ -89,7 +89,7 @@ CERTName* CreateCertNameFromEncoded(PLArenaPool* arena, namespace x509_util { -void ParsePrincipal(CERTName* name, CertPrincipal* principal) { +bool ParsePrincipal(CERTName* name, CertPrincipal* principal) { // Starting in NSS 3.15, CERTGetNameFunc takes a const CERTName* argument. #if NSS_VMINOR >= 15 typedef char* (*CERTGetNameFunc)(const CERTName* name); @@ -120,7 +120,7 @@ void ParsePrincipal(CERTName* name, CertPrincipal* principal) { if (kOIDs[oid] == tag) { SECItem* decode_item = CERT_DecodeAVAValue(&avas[pair]->value); if (!decode_item) - break; + return false; // TODO(wtc): Pass decode_item to CERT_RFC1485_EscapeAndQuote. std::string value(reinterpret_cast<char*>(decode_item->data), decode_item->len); @@ -145,13 +145,17 @@ void ParsePrincipal(CERTName* name, CertPrincipal* principal) { PORT_Free(value); } } + + return true; } -void ParseDate(const SECItem* der_date, base::Time* result) { +bool ParseDate(const SECItem* der_date, base::Time* result) { PRTime prtime; SECStatus rv = DER_DecodeTimeChoice(&prtime, der_date); - DCHECK_EQ(SECSuccess, rv); + if (rv != SECSuccess) + return false; *result = crypto::PRTimeToBaseTime(prtime); + return true; } std::string ParseSerialNumber(const CERTCertificate* certificate) { diff --git a/chromium/net/cert/x509_util_nss.h b/chromium/net/cert/x509_util_nss.h index 41561b437a1..b5dfe795dfb 100644 --- a/chromium/net/cert/x509_util_nss.h +++ b/chromium/net/cert/x509_util_nss.h @@ -28,14 +28,13 @@ namespace net { namespace x509_util { -#if defined(USE_NSS_CERTS) // Parses the Principal attribute from |name| and outputs the result in -// |principal|. -void ParsePrincipal(CERTName* name, - CertPrincipal* principal); +// |principal|. Returns true on success. +bool ParsePrincipal(CERTName* name, CertPrincipal* principal); // Parses the date from |der_date| and outputs the result in |result|. -void ParseDate(const SECItem* der_date, base::Time* result); +// Returns true on success. +bool ParseDate(const SECItem* der_date, base::Time* result); // Parses the serial number from |certificate|. std::string ParseSerialNumber(const CERTCertificate* certificate); @@ -127,7 +126,6 @@ bool IsCertificateIssuedBy(const std::vector<CERTCertificate*>& cert_chain, std::string GetUniqueNicknameForSlot(const std::string& nickname, const SECItem* subject, PK11SlotInfo* slot); -#endif // defined(USE_NSS_CERTS) } // namespace x509_util diff --git a/chromium/net/cert/x509_util_openssl.cc b/chromium/net/cert/x509_util_openssl.cc index 72f93f26983..44dee713951 100644 --- a/chromium/net/cert/x509_util_openssl.cc +++ b/chromium/net/cert/x509_util_openssl.cc @@ -363,16 +363,15 @@ bool GetTLSServerEndPointChannelBinding(const X509Certificate& certificate, if (!digest_evp_md) return false; - std::vector<uint8_t> digest(EVP_MAX_MD_SIZE); - unsigned int out_size = digest.size(); + uint8_t digest[EVP_MAX_MD_SIZE]; + unsigned int out_size; if (!EVP_Digest(der_encoded_certificate.data(), - der_encoded_certificate.size(), digest.data(), &out_size, + der_encoded_certificate.size(), digest, &out_size, digest_evp_md, nullptr)) return false; - digest.resize(out_size); token->assign(kChannelBindingPrefix); - token->append(digest.begin(), digest.end()); + token->append(digest, digest + out_size); return true; } diff --git a/chromium/net/cert/x509_util_unittest.cc b/chromium/net/cert/x509_util_unittest.cc index 51097796fd4..2872051d104 100644 --- a/chromium/net/cert/x509_util_unittest.cc +++ b/chromium/net/cert/x509_util_unittest.cc @@ -282,6 +282,7 @@ TEST(X509UtilTest, CreateChannelBindings_SHA1) { scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromBytes( reinterpret_cast<const char*>(kCertificateDataDER), sizeof(kCertificateDataDER)); + ASSERT_TRUE(cert); std::string channel_bindings; ASSERT_TRUE( @@ -390,6 +391,7 @@ TEST(X509UtilTest, CreateChannelBindings_SHA256) { scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromBytes( reinterpret_cast<const char*>(kCertificateDataDER), sizeof(kCertificateDataDER)); + ASSERT_TRUE(cert); std::string channel_bindings; ASSERT_TRUE( @@ -506,6 +508,7 @@ TEST(X509UtilTest, CreateChannelBindings_SHA384) { scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromBytes( reinterpret_cast<const char*>(kCertificateDataDER), sizeof(kCertificateDataDER)); + ASSERT_TRUE(cert); std::string channel_bindings; ASSERT_TRUE( @@ -617,6 +620,7 @@ TEST(X509UtilTest, CreateChannelBindings_SHA512) { scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromBytes( reinterpret_cast<const char*>(kCertificateDataDER), sizeof(kCertificateDataDER)); + ASSERT_TRUE(cert); std::string channel_bindings; ASSERT_TRUE( @@ -717,6 +721,7 @@ TEST(X509UtilTest, CreateChannelBindings_Unsupported_MD4) { scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromBytes( reinterpret_cast<const char*>(kCertificateDataDER), sizeof(kCertificateDataDER)); + ASSERT_TRUE(cert); std::string channel_bindings; ASSERT_FALSE( diff --git a/chromium/net/cert_net/cert_net_fetcher_impl.cc b/chromium/net/cert_net/cert_net_fetcher_impl.cc index 50cc66c4592..d2b28190c3f 100644 --- a/chromium/net/cert_net/cert_net_fetcher_impl.cc +++ b/chromium/net/cert_net/cert_net_fetcher_impl.cc @@ -259,7 +259,7 @@ class RequestCore : public base::RefCountedThreadSafe<RequestCore> { // there is no work that will be done on the network thread (e.g. when the // network thread has been shutdown before the request begins). See comment in // SignalImmediateError. - Error error_; + Error error_ = OK; std::vector<uint8_t> bytes_; // Indicates when |error_| and |bytes_| have been written to. diff --git a/chromium/net/cert_net/nss_ocsp.cc b/chromium/net/cert_net/nss_ocsp.cc index d2e250e68f3..19fb32d3ac3 100644 --- a/chromium/net/cert_net/nss_ocsp.cc +++ b/chromium/net/cert_net/nss_ocsp.cc @@ -106,7 +106,7 @@ class OCSPIOLoop { } private: - friend struct base::DefaultLazyInstanceTraits<OCSPIOLoop>; + friend struct base::LazyInstanceTraitsBase<OCSPIOLoop>; OCSPIOLoop(); @@ -164,7 +164,7 @@ char* GetAlternateOCSPAIAInfo(CERTCertificate *cert); class OCSPNSSInitialization { private: - friend struct base::DefaultLazyInstanceTraits<OCSPNSSInitialization>; + friend struct base::LazyInstanceTraitsBase<OCSPNSSInitialization>; OCSPNSSInitialization(); // This class is only instantiated as a leaky LazyInstance, so its destructor diff --git a/chromium/net/data/cert_issuer_source_aia_unittest/generate-certs.py b/chromium/net/data/cert_issuer_source_aia_unittest/generate-certs.py index bda53fd2bda..ac94613db75 100755 --- a/chromium/net/data/cert_issuer_source_aia_unittest/generate-certs.py +++ b/chromium/net/data/cert_issuer_source_aia_unittest/generate-certs.py @@ -12,22 +12,30 @@ import common common.set_default_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2021_UTC) +# Generate the keys -- the same key is used for all intermediates and end entity +# certificates. +root_key = common.get_or_generate_rsa_key(2048, common.create_key_path('root')) +i_key = common.get_or_generate_rsa_key(2048, common.create_key_path('i')) +target_key = common.get_or_generate_rsa_key(2048, + common.create_key_path('target')) # Self-signed root certificate. root = common.create_self_signed_root_certificate('Root') +root.set_key(root_key) common.write_string_to_file(root.get_cert_pem(), 'root.pem') # Intermediate certificates. All have the same subject and key. i_base = common.create_intermediate_certificate('I', root) +i_base.set_key(i_key) common.write_string_to_file(i_base.get_cert_pem(), 'i.pem') i2 = common.create_intermediate_certificate('I', root) -i2.set_key(i_base.get_key()) +i2.set_key(i_key) common.write_string_to_file(i2.get_cert_pem(), 'i2.pem') i3 = common.create_intermediate_certificate('I', root) -i3.set_key(i_base.get_key()) +i3.set_key(i_key) common.write_string_to_file(i3.get_cert_pem(), 'i3.pem') @@ -35,23 +43,23 @@ common.write_string_to_file(i3.get_cert_pem(), 'i3.pem') # files so the target certs will have the desired Authority Information Access # values. These ones aren't saved to files. i_no_aia = common.create_intermediate_certificate('I', root) -i_no_aia.set_key(i_base.get_key()) +i_no_aia.set_key(i_key) section = i_no_aia.config.get_section('signing_ca_ext') section.set_property('authorityInfoAccess', None) i_two_aia = common.create_intermediate_certificate('I', root) -i_two_aia.set_key(i_base.get_key()) +i_two_aia.set_key(i_key) section = i_two_aia.config.get_section('issuer_info') section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo') i_three_aia = common.create_intermediate_certificate('I', root) -i_three_aia.set_key(i_base.get_key()) +i_three_aia.set_key(i_key) section = i_three_aia.config.get_section('issuer_info') section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo') section.set_property('caIssuers;URI.2', 'http://url-for-aia3/I3.foo') i_six_aia = common.create_intermediate_certificate('I', root) -i_six_aia.set_key(i_base.get_key()) +i_six_aia.set_key(i_key) section = i_six_aia.config.get_section('issuer_info') section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo') section.set_property('caIssuers;URI.2', 'http://url-for-aia3/I3.foo') @@ -60,23 +68,23 @@ section.set_property('caIssuers;URI.4', 'http://url-for-aia5/I5.foo') section.set_property('caIssuers;URI.5', 'http://url-for-aia6/I6.foo') i_file_aia = common.create_intermediate_certificate('I', root) -i_file_aia.set_key(i_base.get_key()) +i_file_aia.set_key(i_key) section = i_file_aia.config.get_section('issuer_info') section.set_property('caIssuers;URI.0', 'file:///dev/null') i_invalid_url_aia = common.create_intermediate_certificate('I', root) -i_invalid_url_aia.set_key(i_base.get_key()) +i_invalid_url_aia.set_key(i_key) section = i_invalid_url_aia.config.get_section('issuer_info') section.set_property('caIssuers;URI.0', 'foobar') i_file_and_http_aia = common.create_intermediate_certificate('I', root) -i_file_and_http_aia.set_key(i_base.get_key()) +i_file_and_http_aia.set_key(i_key) section = i_file_and_http_aia.config.get_section('issuer_info') section.set_property('caIssuers;URI.0', 'file:///dev/null') section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo') i_invalid_and_http_aia = common.create_intermediate_certificate('I', root) -i_invalid_and_http_aia.set_key(i_base.get_key()) +i_invalid_and_http_aia.set_key(i_key) section = i_invalid_and_http_aia.config.get_section('issuer_info') section.set_property('caIssuers;URI.0', 'foobar') section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo') @@ -85,39 +93,48 @@ section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo') # target certs target = common.create_end_entity_certificate('target', i_base) +target.set_key(target_key) target.get_extensions().set_property('subjectAltName', 'DNS:target') common.write_string_to_file(target.get_cert_pem(), 'target_one_aia.pem') target = common.create_end_entity_certificate('target', i_no_aia) +target.set_key(target_key) target.get_extensions().set_property('subjectAltName', 'DNS:target') common.write_string_to_file(target.get_cert_pem(), 'target_no_aia.pem') target = common.create_end_entity_certificate('target', i_two_aia) +target.set_key(target_key) target.get_extensions().set_property('subjectAltName', 'DNS:target') common.write_string_to_file(target.get_cert_pem(), 'target_two_aia.pem') target = common.create_end_entity_certificate('target', i_three_aia) +target.set_key(target_key) target.get_extensions().set_property('subjectAltName', 'DNS:target') common.write_string_to_file(target.get_cert_pem(), 'target_three_aia.pem') target = common.create_end_entity_certificate('target', i_six_aia) +target.set_key(target_key) target.get_extensions().set_property('subjectAltName', 'DNS:target') common.write_string_to_file(target.get_cert_pem(), 'target_six_aia.pem') target = common.create_end_entity_certificate('target', i_file_aia) +target.set_key(target_key) target.get_extensions().set_property('subjectAltName', 'DNS:target') common.write_string_to_file(target.get_cert_pem(), 'target_file_aia.pem') target = common.create_end_entity_certificate('target', i_invalid_url_aia) +target.set_key(target_key) target.get_extensions().set_property('subjectAltName', 'DNS:target') common.write_string_to_file(target.get_cert_pem(), 'target_invalid_url_aia.pem') target = common.create_end_entity_certificate('target', i_file_and_http_aia) +target.set_key(target_key) target.get_extensions().set_property('subjectAltName', 'DNS:target') common.write_string_to_file(target.get_cert_pem(), 'target_file_and_http_aia.pem') target = common.create_end_entity_certificate('target', i_invalid_and_http_aia) +target.set_key(target_key) target.get_extensions().set_property('subjectAltName', 'DNS:target') common.write_string_to_file(target.get_cert_pem(), 'target_invalid_and_http_aia.pem') diff --git a/chromium/net/data/cert_issuer_source_aia_unittest/i.pem b/chromium/net/data/cert_issuer_source_aia_unittest/i.pem index c86a72b9a82..4b19ac8a006 100644 --- a/chromium/net/data/cert_issuer_source_aia_unittest/i.pem +++ b/chromium/net/data/cert_issuer_source_aia_unittest/i.pem @@ -12,30 +12,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ad:aa:76:dc:52:a2:4a:fd:8a:eb:22:f7:e2:32: - 88:2d:69:bb:cf:74:55:2d:db:bd:9a:00:41:8f:ea: - 28:b3:4a:ad:00:fc:fd:8b:46:32:13:8c:a8:a7:3b: - 00:53:60:37:cd:4c:3d:99:02:01:86:3f:f4:1a:b9: - 31:91:97:55:b5:5c:73:e5:45:80:63:fd:6f:c5:1d: - 16:c4:58:3d:33:eb:ce:2f:5d:bc:a1:fb:3d:13:d5: - d2:34:10:ba:a5:80:49:3e:bb:e4:64:0a:73:84:8b: - a6:3f:de:f4:46:c4:93:30:6c:d4:88:8f:a6:f0:e9: - 7b:c5:f2:e9:18:e0:3d:db:2e:81:5c:af:26:cb:14: - f5:9d:51:8f:f5:b6:dc:e6:13:91:77:c8:02:cd:34: - 67:29:7f:4d:77:ff:68:10:9f:29:b6:6b:0a:85:17: - 45:65:18:bb:f4:ec:aa:ad:ea:6a:95:be:eb:3c:98: - 4d:79:3a:20:83:92:49:b0:75:a2:85:dd:0b:78:ee: - 91:f4:1a:59:2b:96:ca:08:a7:d8:49:de:37:95:15: - b7:1b:e7:b7:a2:e7:29:65:33:ca:ca:33:b1:93:ce: - a1:b6:23:52:9a:2b:cd:c1:92:24:f1:98:bc:ae:cc: - 87:26:e0:63:c5:3e:97:48:71:da:5a:a8:b7:89:d6: - 7c:e3 + 00:b6:4f:5b:1d:65:ac:41:64:6c:e6:3c:08:1d:7f: + 19:0b:4d:af:b9:b8:df:80:0f:3d:73:86:ac:41:5f: + 06:aa:fe:f5:64:ce:40:54:52:0c:0b:58:41:0c:f5: + 4c:9d:70:21:ac:c0:28:fa:ea:f3:ee:f8:fe:83:b4: + c0:58:2d:3d:9d:14:c1:56:cc:e6:73:08:81:df:48: + f2:36:f7:82:31:b2:39:76:57:94:f0:72:9f:24:59: + 16:15:0b:62:27:f0:5e:e4:c0:eb:68:1b:c5:5a:c1: + 94:d8:f3:73:3e:eb:f6:d2:3a:53:71:60:27:e6:62: + d4:dd:e5:2a:cf:0f:21:0f:17:af:5d:ac:37:8b:4d: + f8:34:75:65:23:06:c4:6f:7e:64:71:3d:9c:26:d4: + 92:a2:5b:e5:2e:c5:1b:1f:11:56:8d:ab:55:57:b8: + bb:17:aa:b5:74:61:07:d0:66:8b:10:be:d6:21:fd: + 8b:37:1d:65:86:fc:26:11:91:2b:c9:18:fa:bc:b4: + 54:3d:87:6f:ab:3a:62:11:79:e3:d7:a8:2d:f2:50: + f2:31:2a:cb:12:80:f7:b8:08:0c:e9:01:7e:69:c7: + 0f:64:79:b6:f6:02:1c:b3:bd:72:4b:08:b2:e0:97: + 4f:e5:8e:7c:82:d1:a4:b1:bd:c5:de:c5:63:f1:63: + 97:65 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 84:BA:05:06:4E:33:9D:11:AA:7A:F1:77:1F:A4:69:7E:4C:2D:D4:3F + 0F:21:17:94:40:B1:A6:7C:59:FA:1C:C5:38:CF:62:E8:84:8B:1C:2C X509v3 Authority Key Identifier: - keyid:98:1F:DC:C5:E8:30:8D:5A:BA:9B:0C:EF:AD:CC:B8:AE:D4:F1:D1:63 + keyid:2F:98:67:67:BF:DA:3E:E8:0B:40:70:66:C5:B6:3B:23:73:22:20:B2 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -50,39 +50,39 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 54:74:10:33:68:ad:a0:f3:5e:42:ee:63:3c:33:7b:01:4f:aa: - 8e:78:ec:91:51:c7:e0:31:4d:15:22:3f:88:70:f6:3a:8d:60: - 72:e6:92:81:7b:34:40:d6:07:6a:a4:a1:42:84:cb:b3:a8:eb: - 0b:07:6b:06:aa:60:70:4a:86:46:f7:0e:1e:95:c4:5b:ff:4e: - c9:86:15:ac:d7:44:ff:d6:7d:37:e7:f2:b9:da:7c:c9:b1:a8: - 95:41:73:f9:be:b5:f6:8f:a8:d3:5b:05:6d:bd:55:69:dc:0e: - 4f:c4:b3:45:ac:40:4f:f4:4d:3c:ff:be:9b:47:aa:c8:5f:47: - 53:91:09:c7:2b:92:4d:4a:15:3f:49:04:40:17:e4:13:ab:26: - 60:bb:ba:fc:e6:a0:02:d3:7e:af:9d:37:ae:20:ed:c7:be:1d: - 9c:b6:94:13:73:27:45:2b:eb:0d:b9:64:09:78:97:d8:2f:36: - fc:79:a8:76:02:5f:e7:2c:60:af:8f:4d:dc:2a:47:54:65:f1: - c3:23:5e:fe:a1:4c:3e:2c:77:b1:f6:a0:32:3d:70:c0:cb:ab: - af:d7:cc:a5:19:2f:67:81:f1:19:0a:9c:06:4e:1e:a2:05:96: - ee:cb:fa:7a:b2:31:c0:54:a3:6c:66:7a:73:b2:76:85:9d:f2: - c5:bc:8d:f4 + 91:e0:50:d1:d6:6d:98:f0:dd:ba:5f:55:1e:2d:4d:5a:96:0d: + ca:dc:24:01:b4:d8:ea:d4:aa:a5:82:b1:78:04:1f:36:b2:6c: + e4:9d:0c:d5:79:3d:d5:34:c3:06:ac:ff:d5:b9:ea:e6:db:dd: + 7d:76:cf:f0:19:3b:65:d4:d3:15:bc:e6:74:c4:ce:fe:d6:21: + 95:3a:38:fe:eb:6a:7c:b0:24:1e:ca:4e:b0:48:9b:df:b8:cf: + b5:3b:59:ef:a4:6a:c2:8b:64:ff:c3:1e:7d:69:79:3d:65:36: + e6:29:d0:af:26:2f:70:e3:4a:7c:a5:b8:c1:48:05:e3:76:d2: + 04:62:d4:76:23:91:fc:b5:bb:fb:ff:3b:3c:df:96:e1:dc:79: + fd:5c:78:2a:ae:2e:b2:79:8c:34:75:51:71:a7:b1:2d:58:50: + a2:37:92:30:39:3c:18:4e:87:d4:98:24:76:23:76:d1:4c:0e: + f0:d3:bf:ce:bf:ba:3f:2f:c9:dd:59:51:15:14:4b:8b:94:40: + 19:12:e3:39:52:24:91:cd:5e:b1:ea:c4:6c:14:d3:67:d3:d8: + fd:ec:42:ef:62:3c:d3:db:9a:8f:f2:4d:9a:36:cc:66:33:a2: + e1:df:6a:9f:59:2a:e7:01:9d:d3:db:5c:b9:f3:cb:b7:29:cc: + fe:1c:72:17 -----BEGIN CERTIFICATE----- MIIDYjCCAkqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTIxMDEwMTEyMDAwMFowDDEKMAgGA1UEAwwBSTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK2qdtxSokr9iusi9+IyiC1p -u890VS3bvZoAQY/qKLNKrQD8/YtGMhOMqKc7AFNgN81MPZkCAYY/9Bq5MZGXVbVc -c+VFgGP9b8UdFsRYPTPrzi9dvKH7PRPV0jQQuqWAST675GQKc4SLpj/e9EbEkzBs -1IiPpvDpe8Xy6RjgPdsugVyvJssU9Z1Rj/W23OYTkXfIAs00Zyl/TXf/aBCfKbZr -CoUXRWUYu/Tsqq3qapW+6zyYTXk6IIOSSbB1ooXdC3jukfQaWSuWygin2EneN5UV -txvnt6LnKWUzysozsZPOobYjUporzcGSJPGYvK7MhybgY8U+l0hx2lqot4nWfOMC -AwEAAaOByzCByDAdBgNVHQ4EFgQUhLoFBk4znRGqevF3H6Rpfkwt1D8wHwYDVR0j -BBgwFoAUmB/cxegwjVq6mwzvrcy4rtTx0WMwNwYIKwYBBQUHAQEEKzApMCcGCCsG +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALZPWx1lrEFkbOY8CB1/GQtN +r7m434APPXOGrEFfBqr+9WTOQFRSDAtYQQz1TJ1wIazAKPrq8+74/oO0wFgtPZ0U +wVbM5nMIgd9I8jb3gjGyOXZXlPBynyRZFhULYifwXuTA62gbxVrBlNjzcz7r9tI6 +U3FgJ+Zi1N3lKs8PIQ8Xr12sN4tN+DR1ZSMGxG9+ZHE9nCbUkqJb5S7FGx8RVo2r +VVe4uxeqtXRhB9BmixC+1iH9izcdZYb8JhGRK8kY+ry0VD2Hb6s6YhF549eoLfJQ +8jEqyxKA97gIDOkBfmnHD2R5tvYCHLO9cksIsuCXT+WOfILRpLG9xd7FY/Fjl2UC +AwEAAaOByzCByDAdBgNVHQ4EFgQUDyEXlECxpnxZ+hzFOM9i6ISLHCwwHwYDVR0j +BBgwFoAUL5hnZ7/aPugLQHBmxbY7I3MiILIwNwYIKwYBBQUHAQEEKzApMCcGCCsG AQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAh oB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIB -BjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBUdBAzaK2g815C -7mM8M3sBT6qOeOyRUcfgMU0VIj+IcPY6jWBy5pKBezRA1gdqpKFChMuzqOsLB2sG -qmBwSoZG9w4elcRb/07JhhWs10T/1n035/K52nzJsaiVQXP5vrX2j6jTWwVtvVVp -3A5PxLNFrEBP9E08/76bR6rIX0dTkQnHK5JNShU/SQRAF+QTqyZgu7r85qAC036v -nTeuIO3Hvh2ctpQTcydFK+sNuWQJeJfYLzb8eah2Al/nLGCvj03cKkdUZfHDI17+ -oUw+LHex9qAyPXDAy6uv18ylGS9ngfEZCpwGTh6iBZbuy/p6sjHAVKNsZnpzsnaF -nfLFvI30 +BjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCR4FDR1m2Y8N26 +X1UeLU1alg3K3CQBtNjq1KqlgrF4BB82smzknQzVeT3VNMMGrP/Vuerm2919ds/w +GTtl1NMVvOZ0xM7+1iGVOjj+62p8sCQeyk6wSJvfuM+1O1nvpGrCi2T/wx59aXk9 +ZTbmKdCvJi9w40p8pbjBSAXjdtIEYtR2I5H8tbv7/zs835bh3Hn9XHgqri6yeYw0 +dVFxp7EtWFCiN5IwOTwYTofUmCR2I3bRTA7w07/Ov7o/L8ndWVEVFEuLlEAZEuM5 +UiSRzV6x6sRsFNNn09j97ELvYjzT25qP8k2aNsxmM6Lh32qfWSrnAZ3T21y588u3 +Kcz+HHIX -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_aia_unittest/i2.pem b/chromium/net/data/cert_issuer_source_aia_unittest/i2.pem index fde840a5a20..33ac23cc590 100644 --- a/chromium/net/data/cert_issuer_source_aia_unittest/i2.pem +++ b/chromium/net/data/cert_issuer_source_aia_unittest/i2.pem @@ -12,30 +12,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ad:aa:76:dc:52:a2:4a:fd:8a:eb:22:f7:e2:32: - 88:2d:69:bb:cf:74:55:2d:db:bd:9a:00:41:8f:ea: - 28:b3:4a:ad:00:fc:fd:8b:46:32:13:8c:a8:a7:3b: - 00:53:60:37:cd:4c:3d:99:02:01:86:3f:f4:1a:b9: - 31:91:97:55:b5:5c:73:e5:45:80:63:fd:6f:c5:1d: - 16:c4:58:3d:33:eb:ce:2f:5d:bc:a1:fb:3d:13:d5: - d2:34:10:ba:a5:80:49:3e:bb:e4:64:0a:73:84:8b: - a6:3f:de:f4:46:c4:93:30:6c:d4:88:8f:a6:f0:e9: - 7b:c5:f2:e9:18:e0:3d:db:2e:81:5c:af:26:cb:14: - f5:9d:51:8f:f5:b6:dc:e6:13:91:77:c8:02:cd:34: - 67:29:7f:4d:77:ff:68:10:9f:29:b6:6b:0a:85:17: - 45:65:18:bb:f4:ec:aa:ad:ea:6a:95:be:eb:3c:98: - 4d:79:3a:20:83:92:49:b0:75:a2:85:dd:0b:78:ee: - 91:f4:1a:59:2b:96:ca:08:a7:d8:49:de:37:95:15: - b7:1b:e7:b7:a2:e7:29:65:33:ca:ca:33:b1:93:ce: - a1:b6:23:52:9a:2b:cd:c1:92:24:f1:98:bc:ae:cc: - 87:26:e0:63:c5:3e:97:48:71:da:5a:a8:b7:89:d6: - 7c:e3 + 00:b6:4f:5b:1d:65:ac:41:64:6c:e6:3c:08:1d:7f: + 19:0b:4d:af:b9:b8:df:80:0f:3d:73:86:ac:41:5f: + 06:aa:fe:f5:64:ce:40:54:52:0c:0b:58:41:0c:f5: + 4c:9d:70:21:ac:c0:28:fa:ea:f3:ee:f8:fe:83:b4: + c0:58:2d:3d:9d:14:c1:56:cc:e6:73:08:81:df:48: + f2:36:f7:82:31:b2:39:76:57:94:f0:72:9f:24:59: + 16:15:0b:62:27:f0:5e:e4:c0:eb:68:1b:c5:5a:c1: + 94:d8:f3:73:3e:eb:f6:d2:3a:53:71:60:27:e6:62: + d4:dd:e5:2a:cf:0f:21:0f:17:af:5d:ac:37:8b:4d: + f8:34:75:65:23:06:c4:6f:7e:64:71:3d:9c:26:d4: + 92:a2:5b:e5:2e:c5:1b:1f:11:56:8d:ab:55:57:b8: + bb:17:aa:b5:74:61:07:d0:66:8b:10:be:d6:21:fd: + 8b:37:1d:65:86:fc:26:11:91:2b:c9:18:fa:bc:b4: + 54:3d:87:6f:ab:3a:62:11:79:e3:d7:a8:2d:f2:50: + f2:31:2a:cb:12:80:f7:b8:08:0c:e9:01:7e:69:c7: + 0f:64:79:b6:f6:02:1c:b3:bd:72:4b:08:b2:e0:97: + 4f:e5:8e:7c:82:d1:a4:b1:bd:c5:de:c5:63:f1:63: + 97:65 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 84:BA:05:06:4E:33:9D:11:AA:7A:F1:77:1F:A4:69:7E:4C:2D:D4:3F + 0F:21:17:94:40:B1:A6:7C:59:FA:1C:C5:38:CF:62:E8:84:8B:1C:2C X509v3 Authority Key Identifier: - keyid:98:1F:DC:C5:E8:30:8D:5A:BA:9B:0C:EF:AD:CC:B8:AE:D4:F1:D1:63 + keyid:2F:98:67:67:BF:DA:3E:E8:0B:40:70:66:C5:B6:3B:23:73:22:20:B2 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -50,39 +50,39 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - c9:b8:08:55:cd:6e:99:8f:1e:03:b6:00:7b:5f:65:63:6b:1d: - f1:27:84:0b:de:63:91:d2:bd:8a:28:ea:b0:f3:d6:a0:f6:11: - 89:1b:a3:77:1f:f6:da:64:fd:36:24:9f:db:1c:b9:a1:f9:f1: - 3f:ac:44:ed:08:4b:a2:7f:af:29:a7:01:7d:b9:88:ca:87:49: - a9:f1:9a:1d:3c:2e:ec:6b:a4:75:3e:29:29:2d:59:10:eb:39: - 3a:9c:66:05:34:e9:c4:e9:37:0d:0f:74:be:f0:05:8c:0e:48: - e8:2d:c8:fa:81:01:11:b3:48:b3:5d:ba:a5:d6:30:bc:85:78: - 70:a4:24:fd:36:ac:32:bf:17:5e:72:0a:1f:51:11:ba:c9:f2: - 53:39:a1:4d:17:2e:de:f7:a4:33:ba:ce:d7:3c:f5:c0:bd:16: - 22:48:f4:4e:a1:61:a6:62:b1:28:96:e5:9e:29:8f:b6:d3:53: - 5a:3a:16:dc:3c:31:20:53:72:3d:cd:7a:e4:aa:0a:8d:83:0f: - 68:74:1b:d5:22:87:31:a3:01:fc:18:7e:f5:35:cd:68:c8:ae: - 71:e0:50:89:7d:96:e3:dd:df:62:a0:71:f1:56:5f:f6:79:11: - 6f:28:a6:84:1f:63:a1:29:3e:c3:ef:1a:08:18:f8:95:6b:d7: - b6:a5:60:f5 + 97:21:ab:45:76:05:d5:65:55:e9:4f:e3:ce:f2:95:0f:7d:94: + 38:99:43:90:96:c2:f8:b4:dc:d4:cf:4c:f5:2d:6b:e6:61:85: + 41:f9:57:b9:f0:20:dd:a8:45:04:ba:91:0b:f3:5e:d7:db:2e: + 8d:01:c8:22:dd:fd:6f:83:ab:d9:e2:03:06:98:18:ac:b1:39: + 20:3a:fa:33:15:86:27:9e:47:1e:23:7e:1a:13:b1:8c:9d:09: + e1:b5:d2:24:30:b2:46:06:71:97:16:f3:1a:56:29:5b:66:ce: + 41:fb:6f:62:b4:d5:1f:d4:ee:ca:42:e0:5f:f5:71:9d:c0:8c: + bf:79:05:1d:c4:d9:62:50:d9:9f:88:23:f1:bf:d7:eb:5e:ad: + 82:3c:54:35:d4:bf:57:ac:ef:aa:46:9e:08:6a:2a:ac:25:b6: + 42:43:ca:02:06:cc:cf:9a:3f:83:6f:a2:57:bb:ce:c3:a6:fb: + 02:dd:87:ca:eb:25:5d:b9:3b:52:36:80:8d:eb:c5:8f:91:ed: + 83:60:a5:bc:7d:76:dc:e0:2a:3a:9f:93:4c:88:af:c1:ff:3b: + 95:39:aa:14:45:aa:89:10:1d:20:5d:1c:42:ad:5b:d6:9b:f9: + d5:50:73:1f:41:9a:ca:bd:5c:4f:c2:9d:ae:0e:3a:4f:8a:60: + a2:17:8e:2a -----BEGIN CERTIFICATE----- MIIDYjCCAkqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTIxMDEwMTEyMDAwMFowDDEKMAgGA1UEAwwBSTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK2qdtxSokr9iusi9+IyiC1p -u890VS3bvZoAQY/qKLNKrQD8/YtGMhOMqKc7AFNgN81MPZkCAYY/9Bq5MZGXVbVc -c+VFgGP9b8UdFsRYPTPrzi9dvKH7PRPV0jQQuqWAST675GQKc4SLpj/e9EbEkzBs -1IiPpvDpe8Xy6RjgPdsugVyvJssU9Z1Rj/W23OYTkXfIAs00Zyl/TXf/aBCfKbZr -CoUXRWUYu/Tsqq3qapW+6zyYTXk6IIOSSbB1ooXdC3jukfQaWSuWygin2EneN5UV -txvnt6LnKWUzysozsZPOobYjUporzcGSJPGYvK7MhybgY8U+l0hx2lqot4nWfOMC -AwEAAaOByzCByDAdBgNVHQ4EFgQUhLoFBk4znRGqevF3H6Rpfkwt1D8wHwYDVR0j -BBgwFoAUmB/cxegwjVq6mwzvrcy4rtTx0WMwNwYIKwYBBQUHAQEEKzApMCcGCCsG +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALZPWx1lrEFkbOY8CB1/GQtN +r7m434APPXOGrEFfBqr+9WTOQFRSDAtYQQz1TJ1wIazAKPrq8+74/oO0wFgtPZ0U +wVbM5nMIgd9I8jb3gjGyOXZXlPBynyRZFhULYifwXuTA62gbxVrBlNjzcz7r9tI6 +U3FgJ+Zi1N3lKs8PIQ8Xr12sN4tN+DR1ZSMGxG9+ZHE9nCbUkqJb5S7FGx8RVo2r +VVe4uxeqtXRhB9BmixC+1iH9izcdZYb8JhGRK8kY+ry0VD2Hb6s6YhF549eoLfJQ +8jEqyxKA97gIDOkBfmnHD2R5tvYCHLO9cksIsuCXT+WOfILRpLG9xd7FY/Fjl2UC +AwEAAaOByzCByDAdBgNVHQ4EFgQUDyEXlECxpnxZ+hzFOM9i6ISLHCwwHwYDVR0j +BBgwFoAUL5hnZ7/aPugLQHBmxbY7I3MiILIwNwYIKwYBBQUHAQEEKzApMCcGCCsG AQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAh oB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIB -BjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDJuAhVzW6Zjx4D -tgB7X2Vjax3xJ4QL3mOR0r2KKOqw89ag9hGJG6N3H/baZP02JJ/bHLmh+fE/rETt -CEuif68ppwF9uYjKh0mp8ZodPC7sa6R1PikpLVkQ6zk6nGYFNOnE6TcND3S+8AWM -DkjoLcj6gQERs0izXbql1jC8hXhwpCT9NqwyvxdecgofURG6yfJTOaFNFy7e96Qz -us7XPPXAvRYiSPROoWGmYrEoluWeKY+201NaOhbcPDEgU3I9zXrkqgqNgw9odBvV -IocxowH8GH71Nc1oyK5x4FCJfZbj3d9ioHHxVl/2eRFvKKaEH2OhKT7D7xoIGPiV -a9e2pWD1 +BjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCXIatFdgXVZVXp +T+PO8pUPfZQ4mUOQlsL4tNzUz0z1LWvmYYVB+Ve58CDdqEUEupEL817X2y6NAcgi +3f1vg6vZ4gMGmBissTkgOvozFYYnnkceI34aE7GMnQnhtdIkMLJGBnGXFvMaVilb +Zs5B+29itNUf1O7KQuBf9XGdwIy/eQUdxNliUNmfiCPxv9frXq2CPFQ11L9XrO+q +Rp4IaiqsJbZCQ8oCBszPmj+Db6JXu87DpvsC3YfK6yVduTtSNoCN68WPke2DYKW8 +fXbc4Co6n5NMiK/B/zuVOaoURaqJEB0gXRxCrVvWm/nVUHMfQZrKvVxPwp2uDjpP +imCiF44q -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_aia_unittest/i3.pem b/chromium/net/data/cert_issuer_source_aia_unittest/i3.pem index 76bd34da609..9280e464693 100644 --- a/chromium/net/data/cert_issuer_source_aia_unittest/i3.pem +++ b/chromium/net/data/cert_issuer_source_aia_unittest/i3.pem @@ -12,30 +12,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ad:aa:76:dc:52:a2:4a:fd:8a:eb:22:f7:e2:32: - 88:2d:69:bb:cf:74:55:2d:db:bd:9a:00:41:8f:ea: - 28:b3:4a:ad:00:fc:fd:8b:46:32:13:8c:a8:a7:3b: - 00:53:60:37:cd:4c:3d:99:02:01:86:3f:f4:1a:b9: - 31:91:97:55:b5:5c:73:e5:45:80:63:fd:6f:c5:1d: - 16:c4:58:3d:33:eb:ce:2f:5d:bc:a1:fb:3d:13:d5: - d2:34:10:ba:a5:80:49:3e:bb:e4:64:0a:73:84:8b: - a6:3f:de:f4:46:c4:93:30:6c:d4:88:8f:a6:f0:e9: - 7b:c5:f2:e9:18:e0:3d:db:2e:81:5c:af:26:cb:14: - f5:9d:51:8f:f5:b6:dc:e6:13:91:77:c8:02:cd:34: - 67:29:7f:4d:77:ff:68:10:9f:29:b6:6b:0a:85:17: - 45:65:18:bb:f4:ec:aa:ad:ea:6a:95:be:eb:3c:98: - 4d:79:3a:20:83:92:49:b0:75:a2:85:dd:0b:78:ee: - 91:f4:1a:59:2b:96:ca:08:a7:d8:49:de:37:95:15: - b7:1b:e7:b7:a2:e7:29:65:33:ca:ca:33:b1:93:ce: - a1:b6:23:52:9a:2b:cd:c1:92:24:f1:98:bc:ae:cc: - 87:26:e0:63:c5:3e:97:48:71:da:5a:a8:b7:89:d6: - 7c:e3 + 00:b6:4f:5b:1d:65:ac:41:64:6c:e6:3c:08:1d:7f: + 19:0b:4d:af:b9:b8:df:80:0f:3d:73:86:ac:41:5f: + 06:aa:fe:f5:64:ce:40:54:52:0c:0b:58:41:0c:f5: + 4c:9d:70:21:ac:c0:28:fa:ea:f3:ee:f8:fe:83:b4: + c0:58:2d:3d:9d:14:c1:56:cc:e6:73:08:81:df:48: + f2:36:f7:82:31:b2:39:76:57:94:f0:72:9f:24:59: + 16:15:0b:62:27:f0:5e:e4:c0:eb:68:1b:c5:5a:c1: + 94:d8:f3:73:3e:eb:f6:d2:3a:53:71:60:27:e6:62: + d4:dd:e5:2a:cf:0f:21:0f:17:af:5d:ac:37:8b:4d: + f8:34:75:65:23:06:c4:6f:7e:64:71:3d:9c:26:d4: + 92:a2:5b:e5:2e:c5:1b:1f:11:56:8d:ab:55:57:b8: + bb:17:aa:b5:74:61:07:d0:66:8b:10:be:d6:21:fd: + 8b:37:1d:65:86:fc:26:11:91:2b:c9:18:fa:bc:b4: + 54:3d:87:6f:ab:3a:62:11:79:e3:d7:a8:2d:f2:50: + f2:31:2a:cb:12:80:f7:b8:08:0c:e9:01:7e:69:c7: + 0f:64:79:b6:f6:02:1c:b3:bd:72:4b:08:b2:e0:97: + 4f:e5:8e:7c:82:d1:a4:b1:bd:c5:de:c5:63:f1:63: + 97:65 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 84:BA:05:06:4E:33:9D:11:AA:7A:F1:77:1F:A4:69:7E:4C:2D:D4:3F + 0F:21:17:94:40:B1:A6:7C:59:FA:1C:C5:38:CF:62:E8:84:8B:1C:2C X509v3 Authority Key Identifier: - keyid:98:1F:DC:C5:E8:30:8D:5A:BA:9B:0C:EF:AD:CC:B8:AE:D4:F1:D1:63 + keyid:2F:98:67:67:BF:DA:3E:E8:0B:40:70:66:C5:B6:3B:23:73:22:20:B2 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -50,39 +50,39 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 5e:ed:e2:76:4f:f0:ad:00:c5:37:64:c6:b2:ad:de:8f:90:68: - de:96:60:f4:ef:bb:09:0b:df:c8:98:f0:ad:27:79:51:b5:c3: - 2d:01:f5:fc:3c:4e:a7:4a:b2:c5:b4:b0:52:c3:e7:e1:18:41: - 4f:34:62:e5:79:b0:86:f8:83:4f:e9:b2:11:67:16:5d:9d:2c: - d5:f6:d0:ca:61:d5:44:67:12:24:0f:8e:37:f1:db:77:4c:a2: - ad:1c:8a:1f:54:e7:13:7d:f0:b8:e7:c7:21:46:be:7b:5a:f5: - 23:53:cc:fa:09:cf:b7:a9:29:aa:84:94:69:3e:7b:7b:a3:5d: - f6:8f:5e:42:78:36:9c:34:b0:5f:50:d6:0c:53:ff:22:1b:b8: - 90:5d:ec:eb:1d:2e:28:16:f3:3c:fe:da:a9:77:0b:e1:d0:a7: - 1a:d2:54:e8:3c:a3:3b:79:b8:5c:30:ec:b4:1f:f1:f1:ff:d6: - cc:b8:18:ae:6c:ce:94:4d:fe:00:fc:9f:4e:11:6a:ec:de:33: - 67:3a:e6:46:40:de:0e:18:6c:6f:79:f7:fc:93:07:f4:90:8b: - 5e:44:27:8f:fe:1f:e2:91:4c:56:7d:27:df:f2:fc:2f:9a:96: - 71:8b:40:9a:73:d6:73:41:74:2e:40:c6:eb:17:9c:23:0a:05: - 9a:9c:47:37 + c3:51:08:91:4e:ad:57:ed:ef:ea:ca:84:88:0a:c5:93:64:79: + b1:0a:dd:81:fb:3b:d3:91:67:89:6e:da:ae:ec:00:99:ce:43: + 79:c5:4f:25:2b:d2:e6:ea:e1:b1:5a:00:ec:fe:28:3a:00:51: + 80:41:9c:f5:c9:f7:83:bb:51:dd:c4:df:a2:89:6d:16:1b:08: + 6d:92:03:4e:94:ea:9c:ba:6b:a6:a4:1b:43:90:a1:ee:aa:61: + 87:b1:03:d4:06:1f:bf:c3:74:f3:1a:04:d3:a9:da:ba:3c:f6: + e2:47:99:ca:68:b5:16:00:33:a3:01:cc:7b:fc:e5:61:03:5c: + f1:94:ec:00:f4:dc:62:a6:2e:6e:54:c7:03:a1:6e:db:70:12: + 19:dd:70:4f:05:e3:05:6b:f7:99:46:30:87:68:5d:d4:c8:c1: + 72:75:48:88:30:e8:50:ce:24:75:74:4d:71:0e:06:35:8b:b8: + 00:4c:8f:63:d1:0b:ec:f1:40:41:5f:c7:d6:67:de:3e:2d:d0: + a1:02:ea:c6:32:bb:be:a5:9b:5b:3e:10:79:cc:36:20:3c:39: + 75:5a:08:a3:63:2b:73:1c:5e:d4:76:f8:d1:41:2b:86:d0:e0: + f3:0e:81:3b:c6:cb:8b:78:ad:e5:cc:3a:d7:92:e6:2a:36:08: + 17:50:2b:7e -----BEGIN CERTIFICATE----- MIIDYjCCAkqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTIxMDEwMTEyMDAwMFowDDEKMAgGA1UEAwwBSTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK2qdtxSokr9iusi9+IyiC1p -u890VS3bvZoAQY/qKLNKrQD8/YtGMhOMqKc7AFNgN81MPZkCAYY/9Bq5MZGXVbVc -c+VFgGP9b8UdFsRYPTPrzi9dvKH7PRPV0jQQuqWAST675GQKc4SLpj/e9EbEkzBs -1IiPpvDpe8Xy6RjgPdsugVyvJssU9Z1Rj/W23OYTkXfIAs00Zyl/TXf/aBCfKbZr -CoUXRWUYu/Tsqq3qapW+6zyYTXk6IIOSSbB1ooXdC3jukfQaWSuWygin2EneN5UV -txvnt6LnKWUzysozsZPOobYjUporzcGSJPGYvK7MhybgY8U+l0hx2lqot4nWfOMC -AwEAAaOByzCByDAdBgNVHQ4EFgQUhLoFBk4znRGqevF3H6Rpfkwt1D8wHwYDVR0j -BBgwFoAUmB/cxegwjVq6mwzvrcy4rtTx0WMwNwYIKwYBBQUHAQEEKzApMCcGCCsG +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALZPWx1lrEFkbOY8CB1/GQtN +r7m434APPXOGrEFfBqr+9WTOQFRSDAtYQQz1TJ1wIazAKPrq8+74/oO0wFgtPZ0U +wVbM5nMIgd9I8jb3gjGyOXZXlPBynyRZFhULYifwXuTA62gbxVrBlNjzcz7r9tI6 +U3FgJ+Zi1N3lKs8PIQ8Xr12sN4tN+DR1ZSMGxG9+ZHE9nCbUkqJb5S7FGx8RVo2r +VVe4uxeqtXRhB9BmixC+1iH9izcdZYb8JhGRK8kY+ry0VD2Hb6s6YhF549eoLfJQ +8jEqyxKA97gIDOkBfmnHD2R5tvYCHLO9cksIsuCXT+WOfILRpLG9xd7FY/Fjl2UC +AwEAAaOByzCByDAdBgNVHQ4EFgQUDyEXlECxpnxZ+hzFOM9i6ISLHCwwHwYDVR0j +BBgwFoAUL5hnZ7/aPugLQHBmxbY7I3MiILIwNwYIKwYBBQUHAQEEKzApMCcGCCsG AQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAh oB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIB -BjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBe7eJ2T/CtAMU3 -ZMayrd6PkGjelmD077sJC9/ImPCtJ3lRtcMtAfX8PE6nSrLFtLBSw+fhGEFPNGLl -ebCG+INP6bIRZxZdnSzV9tDKYdVEZxIkD4438dt3TKKtHIofVOcTffC458chRr57 -WvUjU8z6Cc+3qSmqhJRpPnt7o132j15CeDacNLBfUNYMU/8iG7iQXezrHS4oFvM8 -/tqpdwvh0Kca0lToPKM7ebhcMOy0H/Hx/9bMuBiubM6UTf4A/J9OEWrs3jNnOuZG -QN4OGGxveff8kwf0kIteRCeP/h/ikUxWfSff8vwvmpZxi0Cac9ZzQXQuQMbrF5wj -CgWanEc3 +BjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDDUQiRTq1X7e/q +yoSICsWTZHmxCt2B+zvTkWeJbtqu7ACZzkN5xU8lK9Lm6uGxWgDs/ig6AFGAQZz1 +yfeDu1HdxN+iiW0WGwhtkgNOlOqcumumpBtDkKHuqmGHsQPUBh+/w3TzGgTTqdq6 +PPbiR5nKaLUWADOjAcx7/OVhA1zxlOwA9Nxipi5uVMcDoW7bcBIZ3XBPBeMFa/eZ +RjCHaF3UyMFydUiIMOhQziR1dE1xDgY1i7gATI9j0Qvs8UBBX8fWZ94+LdChAurG +Mru+pZtbPhB5zDYgPDl1WgijYytzHF7UdvjRQSuG0ODzDoE7xsuLeK3lzDrXkuYq +NggXUCt+ -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_aia_unittest/keys/i.key b/chromium/net/data/cert_issuer_source_aia_unittest/keys/i.key new file mode 100644 index 00000000000..77e7379e380 --- /dev/null +++ b/chromium/net/data/cert_issuer_source_aia_unittest/keys/i.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAtk9bHWWsQWRs5jwIHX8ZC02vubjfgA89c4asQV8Gqv71ZM5A +VFIMC1hBDPVMnXAhrMAo+urz7vj+g7TAWC09nRTBVszmcwiB30jyNveCMbI5dleU +8HKfJFkWFQtiJ/Be5MDraBvFWsGU2PNzPuv20jpTcWAn5mLU3eUqzw8hDxevXaw3 +i034NHVlIwbEb35kcT2cJtSSolvlLsUbHxFWjatVV7i7F6q1dGEH0GaLEL7WIf2L +Nx1lhvwmEZEryRj6vLRUPYdvqzpiEXnj16gt8lDyMSrLEoD3uAgM6QF+accPZHm2 +9gIcs71ySwiy4JdP5Y58gtGksb3F3sVj8WOXZQIDAQABAoIBAEVRCt20iLgcTOOF +M7izWHxZv1SoHCJ+qOjB7cC1Nr3RTtBTM1ZcE8REfAdHRSgfOE6MiYhNyQ21kl/V +W8Sq/uA4wgIUyhI2y9pvy9hmZxQqJXr/dduuWR/i12iM+XciB5KGX3soA/Or4sJS +XiEwapooHw3ed407SqBLv+kWYYVw4Q380Hz5PQ3eZp6R7IE50CiWevcTksPEc6FL +BaCgFHy/R4lxX5ekUzWfTalWojuHbgqDIBekrTdPvO1neztJAY9Qz93/HQc5/foh +7djEO8drLeUj2E2+p2duvP2z4q8Wnel+H89vFoQb0YBXDEDYKlxw1etuu/ndxt5B +E0B+LAkCgYEA68BqAPSxcG3YBwCV5P6TD8sqFxfmuGOgG85l5TbmvOm5v758gi/W +pzuFofukgr2cC0IRpYSOdXYvYArdZs2beH58ssrZl5xQjhXWd9djLiRUvagDN3UB +mkRkktVHyaYhhpPITbQj5Le/RH8FgmiaH8oTQQSABvLsgCENdPCEJA8CgYEAxffl +AV9siAgVlePjmTLCl2x0bQW9KCWh9vlHaEBrpEvG91XKEiSL92+CAOAJEbvZUcTZ +O+gOTV8Yoc9X5UEkvD66J/alGc5yG0f5EEp3IRhQ2NRXFoGgGxUuRSm5AOcjn58n +ImTUml+fr3hL9kzVzoWDofCjRxH+8RXjUHGPiUsCgYEA1KHZej85AzSvkbE/gSjz +r10I+4c9O7XvpOTGFrUr69vLA1xlpG5NZsxSvUTgnmMyKR1QGT+z1dHg7PkftCdi +QI2lHwXCt/Hu3hhoNfL4q5dtLxoovI42AdQJ+j2P4BqNRnpoQV1mulXYl4kRiQub +Z2y1bQEIEDxufypQntaH+JUCgYBqR9u6EPDDVxO/lMjrxkSR5rfaj+otU4bQgKPF +ZFBltAjtYDFL7DL4c/TnY197Fc5mB7hYYQzMnPEsbZRSj9aY+VQXgGLCqAK6grlD +9bZfHh7JSbY3bv/1ijl9CBk6UtzdJSRtYpSBDDU+jua5JCbk6OjyV65QyWiFJasT +1OOqYQKBgQCti9dDOMWvNKYEkXarzlR4MzjamntLRm8vzNArfxZCa1eyyNMxes4H +ZrV4aVGNxF0q0YhjjXWi4OkP5fsykJjllRYUkhVHEvtZPvpzDMdk1fMQeDO2HId0 +64ju2PbPXkgNIeT9tFOs9Ye34LBf7RzxW+A9P0HBXdhsmU6wLOh6Uw== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/cert_issuer_source_aia_unittest/keys/root.key b/chromium/net/data/cert_issuer_source_aia_unittest/keys/root.key new file mode 100644 index 00000000000..d8f183bf1b5 --- /dev/null +++ b/chromium/net/data/cert_issuer_source_aia_unittest/keys/root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAzqW09YBsCRsuKyCCw+pNtpQ2z+MfoARvJJs7EmR/680YF4wR +dibB/2ILgIDm635jzMdhvZlwxSm+e/bDWwNKDg4SuKQ1V9Erm8jTcAWonlOEZhoj +M/v28tfFhg2GO3yi+oxJIZHFc9pP3iuL9IPW/nDBtZJHhsMjXc9XOczwYCWcHRob +RaTY9StIJOhKgYxfB6jf4+J9wiWr7r+9lHRnnGRczuzlkgnUH2IAcoEJUQbOqglz +ou0k08JBY2YNr+4IjcPseaVMjgMMyYfAQopUiSHypVF5cyE4ujMN0VmiTtrC3xJr +h6B1YJGOHFEBJreRRNmbjBd+nKqBxw8qqmCB6wIDAQABAoIBAFSaFOb5x8FGpnUz +nzW0ZFKehX5A3z608gfLobia+qBAXF+vkaqMnZn/uvPGUkQRf6xj6IkmG7wspfa8 +hShqxVPRwSpk2A327eKeqqnPN0Ryrt7aTpVGz8iGPDDwsocCNPtcmcgrlOokc9Ri +ga7+lvOemD/M/omWtJEAhRZ959+Eab+uc3weKkbxXYp/c2txv0YeYX9M4llAU9xk +eIMGUCwhH204MdRZt2/OzUEUmg71sRarXV9ytd7jBbENphTF8HavsIY7y7DrRz2i +6rQqXF9tWD7zQpQVOiv9gFwlT95w7z17p6YdrV2WXac3oKSmJOv6qvuzBG5VSaoT +azbQv/kCgYEA8cqXL9CkuQwouOjg7oZbIuDDWl8hGQvls4+tkazZOLB7p4U5rYGk +L0TLyC4rAcaZCREZgp3Xcfh9ghb4KNZ3+BNa0IDIFZDztdZpbPx/KlAbBp0N4lLi +BDWAZFdlxT2MoY9zn80yjLLL7njOAQZa+wE8uf6M4ANt2IZSBHyKqk0CgYEA2sps +X093/x21n8ou5hnFMW3M8ALPZzrAbB5NWNHpQc8Sm5mGf7kKyP2tU/dXBTn17xRA +w701yF3BSueaqPSO2aOPcZ1cZlWtzGSl0RBkj5S68GFYbFvo7mD/cj7nvI20jGXB +w1f9WMQtYcIqOI9bQ8xe671JIKHdaU3lOCvoiRcCgYEA70OeoD5DAqq5kWFBVEe3 +36ezKLaCNhrDzxAandEBk0tw0bDQBpYHNo9JaGnnPPadcY9uQwaWr71J1XWNVDwG +s4HTmAgX9t9di08FPEgQPnrOg5jeqFuENM4Moz6pAqmJhEZEEJopr3kuvGjm0bTM +Sx5KTXNLTFGYXW9tserb/PECgYEAnUbcJpuS0BKESExn8ELgLQsYQgRTIYrrXg1e +XpXuzr7TSoVPWSskpJ0u5ugrZvdmYim18L9oFRPIalcZJ5E9yxe3et262VmH6SEE +zcex8kDhLQFdNe/P/uQ9XNv5a+KVwkM3yXvMA+5qDRctkKEE4zTbmyzjj5CsABHd +z8ZIj5sCgYAMtKyEI0wolSUfVJI+GTDTCosefecQhf3nTxmI+RgxbFrzW75DvVGL +waa1mPKgiJ1cKxZIHwcAOF0VlfrS2XDKrqYVXJ5vgED24GXDvMskQanI4lQ4B4h0 +W7GZuJFKwY7VU5jfd49O9z0ruC2hVkf6dE2vs03NqzWB/soAa1sfqw== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/cert_issuer_source_aia_unittest/keys/target.key b/chromium/net/data/cert_issuer_source_aia_unittest/keys/target.key new file mode 100644 index 00000000000..8d87ca2c4ca --- /dev/null +++ b/chromium/net/data/cert_issuer_source_aia_unittest/keys/target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAzCIIWMIEit0mEJ6SEC6cwW/FCFJxlVM4tcvQv0ZUN4vck4z0 +AXMcWwOd58A2va8z0SqXtqwkjpOd0Y4B/ZYviTNx5hjhtQT7rKwF118EuYOv8tPe +TepYAmo5nPLXjSW9tg7rfHEbAKt37zh1V3eyW6zCXes8ngpDLbyLS/Bug7Xvmx01 +IiWwNxFpnkJjrQra8qdMdvgwCseCV0OqBwjtqKAtRmNrqpHG69Wk7c0nSE/08AZf +lXwmzLK8cxXkNJ4WINKvJxPhDeKImxA0rudVEAAAbBlveFKuN23jJkppWUCy1/Es +K0YuldQOC+cGmzIBvi/aEvSsFewIEQ1KThw8tQIDAQABAoIBACIJyrqCH5/IIIDE +8DYij6DxsjkhBi+QIPSvd69tWr2oZK914XocZ64FfF8YfghDHrDSGVoseiwMEVTQ +CSTv1h1aprNnkrtMiWrRhGfVQERu4PfsvDThzqsYa2LwW2D92hRxiHLHqWkDLoyF +LYvYObVvqTlf8EuqCmml9tRC0yrC7yosdxd/I4Yn0eykF2woMkwQuuzxRJoyq036 +Drdiq2106sV50iK8oAypJ6WsFm01YmgQY/BZA9+1gKn5LCLM82mnfAtiL5LxO4IS +14Lahm1iuT6R9Q2z9ddUlz8A3MkrqJQV31g4dX8uJetcEr7+zXrv1dNUop3AbqZO +92l5QkECgYEA9vh/9vy9WLGUqV+Z5m3XrKrHhtqkdI8HE6Mtne3DxqL9CUUni1yq +PegRXGLO/mgkLq18YxAVmmWG2vqfXWNi/oya460vbcJIZeoT3YgMHDP/Y9zQ5aaR +lh7wf7mUvdgAauDbAX0B5wNIlQOchAUHLR3yahbYU4CpJoGfO8yNq78CgYEA05iY +tx6D0fZqkgmrBIzLxHuHJr4mV+Nn2ML0BDGZy5BPvQ++gk5O61/Bjwk3+Q5fIiZc +uilEV1l1Vg0I79xDMUlfxEmVG3fPxUjTQsc69TT+lQh2Ll85U81IMp0+85wKRDkX +NfhMNEcfB/1f60arebErbaln63SUrO2Ql92/BIsCgYBGZdVMGQT8GDpxATBET8Ev +lcqkNQS1uONihJwHLXQl1eXc05qPDg308YapV/z65cKSj58qObZ+uTv0hYYRv7fD +KV8pUP95AO1UJ6Ib/qC9FVFSLOpa290Z9p3FOqgcaUrNLGUhCnoVWIlC+LGPrEM8 +aBHmjbaCLuWIdWBnUkp7zwKBgCHjTpIFURdPX8IDyl/wLLJLFloeGgX5ZahRkMMb +LoZrllmxK9GyuPD5ZQaDc3Nv2cyeWDt4YHmc2i3t6ICBxkEefzfwkPDVP3FZOHx5 +a/fZhOxZbpP+rC+/sNBqXqqlUv+aJR1/prS4rz+YVMRZjRzwQwRNHVeYVDdd1Mp9 +uRoBAoGBAMtvlKA2GSnCcS+NrnZeWSr40C4nZH3g23rYezYj42unrSz4wgKYMWhf +iCA3mNU0jdmLDPGVqrlGEquG0a9geOBbSzJv/MvqgAlivOKPZXxtbZjddEWoP0ga +PmJU6q8HaX1RKF5InoXW+FvpguWOPZ+po58+F1VLXCE5s3cdfk8D +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/cert_issuer_source_aia_unittest/root.pem b/chromium/net/data/cert_issuer_source_aia_unittest/root.pem index 864402e18ba..378abaf22f6 100644 --- a/chromium/net/data/cert_issuer_source_aia_unittest/root.pem +++ b/chromium/net/data/cert_issuer_source_aia_unittest/root.pem @@ -12,30 +12,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:e0:76:77:42:80:12:21:1a:78:ca:6b:2d:b4:92: - 2a:2e:5d:8b:15:4b:d2:6a:55:6c:7d:a2:ec:db:ba: - c5:54:63:17:bd:a6:a2:6d:a8:46:9a:e1:40:d8:38: - 97:b7:05:df:41:d5:8d:32:0c:76:71:e6:a2:b6:ff: - 17:37:ef:66:e4:c5:05:15:de:a1:c8:d9:68:48:d2: - 92:fb:5a:3e:5d:89:d1:3f:8a:15:a4:37:82:18:fd: - 79:58:8a:47:39:15:57:d5:de:45:66:21:af:80:7b: - 21:53:be:0b:94:03:e1:4e:a3:32:28:6f:76:9c:ab: - 0f:74:df:54:f8:eb:f4:87:c9:a0:0f:21:75:b4:4c: - e7:73:7d:53:78:e5:88:95:90:62:28:47:08:a9:73: - 55:dc:ab:b5:d0:f4:c0:cb:68:b7:e4:d7:3f:62:ef: - 89:c5:27:e0:1d:5f:a8:88:f2:a1:dd:15:8a:62:ae: - 7b:7f:46:da:2f:a6:ef:37:6a:fe:8a:db:e4:91:db: - ec:e4:e8:c0:7c:bb:96:ff:43:e6:02:9e:e4:07:d6: - ca:b9:6d:a0:ba:d9:f9:70:c5:d8:15:10:d8:a1:61: - b7:d4:44:04:67:e5:d2:b9:80:d1:86:c4:e5:40:c5: - 02:c5:83:16:7d:7b:db:af:95:66:9b:fb:42:9c:c8: - 51:5b + 00:ce:a5:b4:f5:80:6c:09:1b:2e:2b:20:82:c3:ea: + 4d:b6:94:36:cf:e3:1f:a0:04:6f:24:9b:3b:12:64: + 7f:eb:cd:18:17:8c:11:76:26:c1:ff:62:0b:80:80: + e6:eb:7e:63:cc:c7:61:bd:99:70:c5:29:be:7b:f6: + c3:5b:03:4a:0e:0e:12:b8:a4:35:57:d1:2b:9b:c8: + d3:70:05:a8:9e:53:84:66:1a:23:33:fb:f6:f2:d7: + c5:86:0d:86:3b:7c:a2:fa:8c:49:21:91:c5:73:da: + 4f:de:2b:8b:f4:83:d6:fe:70:c1:b5:92:47:86:c3: + 23:5d:cf:57:39:cc:f0:60:25:9c:1d:1a:1b:45:a4: + d8:f5:2b:48:24:e8:4a:81:8c:5f:07:a8:df:e3:e2: + 7d:c2:25:ab:ee:bf:bd:94:74:67:9c:64:5c:ce:ec: + e5:92:09:d4:1f:62:00:72:81:09:51:06:ce:aa:09: + 73:a2:ed:24:d3:c2:41:63:66:0d:af:ee:08:8d:c3: + ec:79:a5:4c:8e:03:0c:c9:87:c0:42:8a:54:89:21: + f2:a5:51:79:73:21:38:ba:33:0d:d1:59:a2:4e:da: + c2:df:12:6b:87:a0:75:60:91:8e:1c:51:01:26:b7: + 91:44:d9:9b:8c:17:7e:9c:aa:81:c7:0f:2a:aa:60: + 81:eb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 98:1F:DC:C5:E8:30:8D:5A:BA:9B:0C:EF:AD:CC:B8:AE:D4:F1:D1:63 + 2F:98:67:67:BF:DA:3E:E8:0B:40:70:66:C5:B6:3B:23:73:22:20:B2 X509v3 Authority Key Identifier: - keyid:98:1F:DC:C5:E8:30:8D:5A:BA:9B:0C:EF:AD:CC:B8:AE:D4:F1:D1:63 + keyid:2F:98:67:67:BF:DA:3E:E8:0B:40:70:66:C5:B6:3B:23:73:22:20:B2 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -50,39 +50,39 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - bf:ee:de:10:57:08:17:93:3a:c7:4e:74:db:d8:6d:7e:b5:f2: - 1f:45:3c:5b:70:b1:0f:a4:d2:da:29:4a:49:a5:8d:7e:28:7e: - 04:9d:a6:a0:6d:47:5d:05:4e:f6:b6:3a:73:66:05:d6:bd:52: - 6d:1e:2e:3f:f1:37:e2:c0:95:c5:25:ca:dd:4c:32:bb:f4:22: - 3b:41:4d:0b:31:9c:1a:eb:84:95:90:4e:4e:2f:8a:2d:22:43: - 41:37:56:4a:0f:d8:6f:ff:54:2b:af:5b:f0:ac:3c:36:39:a3: - 8f:02:7d:ff:45:25:a0:b9:57:61:15:f3:3a:67:49:da:b8:f4: - e5:7d:12:89:08:42:67:14:be:6a:a0:10:27:10:f0:21:78:1d: - cf:07:d0:50:7a:0e:7a:a2:00:5a:c1:dc:b9:d5:2a:ba:bb:7a: - 99:5c:57:d1:14:1b:10:c9:51:9d:82:7b:fe:05:7e:87:fe:05: - 55:52:3d:88:6a:44:bd:8c:61:f0:0c:5c:de:f6:85:1d:41:a9: - 10:fa:89:3c:8c:69:f6:99:69:69:b9:18:a5:40:7d:7e:52:04: - f8:92:91:be:02:7a:25:42:c8:e4:d3:dd:da:60:82:f2:f3:2c: - 9f:d9:cb:4c:13:a2:ea:a1:39:b0:35:37:3a:4d:e1:89:9f:24: - f3:b2:30:1f + 6f:58:36:3c:fb:05:f8:02:de:79:e3:ef:01:60:63:71:2f:0d: + cf:3b:c6:bf:07:31:f7:eb:bd:6b:12:cb:a8:14:54:82:a1:5b: + bf:47:d6:79:fc:1d:95:e6:29:44:04:f5:02:0d:f8:48:ec:2c: + 49:d1:a6:d0:c2:fd:47:09:f1:a8:84:5b:8f:7f:f3:f7:95:18: + 3d:ee:69:5e:65:d1:b2:f4:ab:f8:8b:15:f9:c5:54:56:37:60: + 95:96:14:24:b9:2b:8e:10:7f:20:f3:3f:2f:5a:3a:61:2d:46: + bc:3b:e4:8c:18:8f:62:15:88:cd:f8:12:40:54:4c:b1:5e:96: + 00:c4:58:e1:3a:48:a3:1d:d5:7a:83:4f:e2:e7:00:a2:dc:c0: + 40:b5:68:61:6f:60:3e:8c:4a:37:e2:bf:68:aa:4c:97:f6:4c: + fe:b1:1b:d9:cb:10:b4:71:bd:f7:7a:82:64:85:39:b2:8e:87: + eb:a9:6b:d9:04:87:3f:2c:2d:fe:de:15:28:65:f2:ad:da:ec: + 10:ad:a0:a0:32:3d:f2:e9:b9:2e:8e:f0:84:d1:4d:7d:a7:d4: + 1d:55:74:dc:5d:a8:88:7c:cf:70:1a:cb:fb:b5:1e:bc:95:cd: + 19:dd:2c:1a:f7:62:4e:72:c3:9b:4f:20:91:57:27:44:5d:17: + bf:6f:62:11 -----BEGIN CERTIFICATE----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTIxMDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOB2d0KAEiEaeMprLbSS -Ki5dixVL0mpVbH2i7Nu6xVRjF72mom2oRprhQNg4l7cF30HVjTIMdnHmorb/Fzfv -ZuTFBRXeocjZaEjSkvtaPl2J0T+KFaQ3ghj9eViKRzkVV9XeRWYhr4B7IVO+C5QD -4U6jMihvdpyrD3TfVPjr9IfJoA8hdbRM53N9U3jliJWQYihHCKlzVdyrtdD0wMto -t+TXP2LvicUn4B1fqIjyod0VimKue39G2i+m7zdq/orb5JHb7OTowHy7lv9D5gKe -5AfWyrltoLrZ+XDF2BUQ2KFht9REBGfl0rmA0YbE5UDFAsWDFn1726+VZpv7QpzI -UVsCAwEAAaOByzCByDAdBgNVHQ4EFgQUmB/cxegwjVq6mwzvrcy4rtTx0WMwHwYD -VR0jBBgwFoAUmB/cxegwjVq6mwzvrcy4rtTx0WMwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6ltPWAbAkbLisggsPq +TbaUNs/jH6AEbySbOxJkf+vNGBeMEXYmwf9iC4CA5ut+Y8zHYb2ZcMUpvnv2w1sD +Sg4OErikNVfRK5vI03AFqJ5ThGYaIzP79vLXxYYNhjt8ovqMSSGRxXPaT94ri/SD +1v5wwbWSR4bDI13PVznM8GAlnB0aG0Wk2PUrSCToSoGMXweo3+PifcIlq+6/vZR0 +Z5xkXM7s5ZIJ1B9iAHKBCVEGzqoJc6LtJNPCQWNmDa/uCI3D7HmlTI4DDMmHwEKK +VIkh8qVReXMhOLozDdFZok7awt8Sa4egdWCRjhxRASa3kUTZm4wXfpyqgccPKqpg +gesCAwEAAaOByzCByDAdBgNVHQ4EFgQUL5hnZ7/aPugLQHBmxbY7I3MiILIwHwYD +VR0jBBgwFoAUL5hnZ7/aPugLQHBmxbY7I3MiILIwNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC/7t4QVwgX -kzrHTnTb2G1+tfIfRTxbcLEPpNLaKUpJpY1+KH4EnaagbUddBU72tjpzZgXWvVJt -Hi4/8TfiwJXFJcrdTDK79CI7QU0LMZwa64SVkE5OL4otIkNBN1ZKD9hv/1Qrr1vw -rDw2OaOPAn3/RSWguVdhFfM6Z0nauPTlfRKJCEJnFL5qoBAnEPAheB3PB9BQeg56 -ogBawdy51Sq6u3qZXFfRFBsQyVGdgnv+BX6H/gVVUj2IakS9jGHwDFze9oUdQakQ -+ok8jGn2mWlpuRilQH1+UgT4kpG+AnolQsjk093aYILy8yyf2ctME6LqoTmwNTc6 -TeGJnyTzsjAf +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBvWDY8+wX4 +At554+8BYGNxLw3PO8a/BzH3671rEsuoFFSCoVu/R9Z5/B2V5ilEBPUCDfhI7CxJ +0abQwv1HCfGohFuPf/P3lRg97mleZdGy9Kv4ixX5xVRWN2CVlhQkuSuOEH8g8z8v +WjphLUa8O+SMGI9iFYjN+BJAVEyxXpYAxFjhOkijHdV6g0/i5wCi3MBAtWhhb2A+ +jEo34r9oqkyX9kz+sRvZyxC0cb33eoJkhTmyjofrqWvZBIc/LC3+3hUoZfKt2uwQ +raCgMj3y6bkujvCE0U19p9QdVXTcXaiIfM9wGsv7tR68lc0Z3Swa92JOcsObTyCR +VydEXRe/b2IR -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_aia_unittest/target_file_aia.pem b/chromium/net/data/cert_issuer_source_aia_unittest/target_file_aia.pem index 980aa12c2b8..15e016049f9 100644 --- a/chromium/net/data/cert_issuer_source_aia_unittest/target_file_aia.pem +++ b/chromium/net/data/cert_issuer_source_aia_unittest/target_file_aia.pem @@ -12,30 +12,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c2:b8:d6:fd:7b:fb:c3:a4:78:0a:f0:bc:2a:2d: - 2f:64:dc:94:cd:83:39:63:b6:17:f8:cb:8a:56:b7: - 7b:81:99:73:2e:ae:83:d0:94:1b:6c:12:95:1c:d3: - 73:c6:b9:e8:ed:68:8f:e7:84:f5:b6:8c:c0:aa:75: - 1d:7e:d2:96:d8:27:1e:50:65:9c:5b:88:7d:b8:a4: - ea:3b:9b:ab:68:54:41:97:52:15:b9:be:fa:5e:35: - 4a:8c:ae:bf:67:e4:85:79:4a:e4:14:4a:3b:90:6b: - 76:43:34:e3:6c:09:1f:56:ce:1b:a2:3d:fa:ce:2b: - 7b:fe:12:1f:04:2f:7e:99:ab:7d:a4:34:0a:59:c4: - 7a:fa:f8:af:2f:c3:ee:71:12:44:22:17:b7:d7:b4: - 72:9e:9b:90:3f:a0:14:aa:aa:d4:3d:a4:bf:aa:bc: - 92:6e:bc:97:89:db:8a:cf:45:8a:b9:3e:6b:b7:60: - c0:3f:dc:1c:24:e9:04:01:8d:f5:bb:0f:80:60:c5: - d5:6d:94:43:55:bc:15:6b:c7:f9:ff:e4:d4:b0:2f: - ad:2f:8f:3d:be:84:12:36:59:8b:1d:06:ce:f2:47: - a7:d3:4e:48:0c:f4:42:bf:2f:ae:f3:12:dc:14:21: - 4c:35:2f:49:cf:7a:30:17:27:21:89:20:21:20:f1: - 0a:95 + 00:cc:22:08:58:c2:04:8a:dd:26:10:9e:92:10:2e: + 9c:c1:6f:c5:08:52:71:95:53:38:b5:cb:d0:bf:46: + 54:37:8b:dc:93:8c:f4:01:73:1c:5b:03:9d:e7:c0: + 36:bd:af:33:d1:2a:97:b6:ac:24:8e:93:9d:d1:8e: + 01:fd:96:2f:89:33:71:e6:18:e1:b5:04:fb:ac:ac: + 05:d7:5f:04:b9:83:af:f2:d3:de:4d:ea:58:02:6a: + 39:9c:f2:d7:8d:25:bd:b6:0e:eb:7c:71:1b:00:ab: + 77:ef:38:75:57:77:b2:5b:ac:c2:5d:eb:3c:9e:0a: + 43:2d:bc:8b:4b:f0:6e:83:b5:ef:9b:1d:35:22:25: + b0:37:11:69:9e:42:63:ad:0a:da:f2:a7:4c:76:f8: + 30:0a:c7:82:57:43:aa:07:08:ed:a8:a0:2d:46:63: + 6b:aa:91:c6:eb:d5:a4:ed:cd:27:48:4f:f4:f0:06: + 5f:95:7c:26:cc:b2:bc:73:15:e4:34:9e:16:20:d2: + af:27:13:e1:0d:e2:88:9b:10:34:ae:e7:55:10:00: + 00:6c:19:6f:78:52:ae:37:6d:e3:26:4a:69:59:40: + b2:d7:f1:2c:2b:46:2e:95:d4:0e:0b:e7:06:9b:32: + 01:be:2f:da:12:f4:ac:15:ec:08:11:0d:4a:4e:1c: + 3c:b5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - FF:42:DD:71:AA:35:67:90:AF:8A:A5:37:2C:D0:81:00:CD:0D:C4:F9 + 55:00:E2:BF:82:AB:DE:38:48:85:52:B3:20:D5:26:55:69:0E:47:33 X509v3 Authority Key Identifier: - keyid:84:BA:05:06:4E:33:9D:11:AA:7A:F1:77:1F:A4:69:7E:4C:2D:D4:3F + keyid:0F:21:17:94:40:B1:A6:7C:59:FA:1C:C5:38:CF:62:E8:84:8B:1C:2C Authority Information Access: CA Issuers - URI:file:///dev/null @@ -52,39 +52,39 @@ Certificate: X509v3 Subject Alternative Name: DNS:target Signature Algorithm: sha256WithRSAEncryption - 83:37:89:c7:c3:ff:da:25:ef:02:0e:61:c7:a0:4d:8c:f3:f5: - c0:17:3f:12:42:ab:77:b4:e2:a5:38:e4:4f:79:5a:ca:a0:dc: - e8:99:3a:46:06:96:ea:49:24:52:5a:f8:9c:00:a7:65:c6:2a: - e7:89:b5:e4:7f:a7:22:b9:8b:09:6f:bc:5b:30:fe:6d:6e:32: - d6:3c:dd:9d:96:2c:9b:71:a3:2a:0f:ad:a1:ab:33:8f:e9:1f: - 97:cd:fd:bc:7b:13:c6:d5:9d:40:4f:35:94:3a:0e:c0:a3:87: - 7b:fa:4e:f4:e0:d7:6c:03:df:96:90:90:5d:f4:69:2e:ad:f0: - ce:26:13:a8:8a:69:9d:4c:98:91:06:f1:aa:2b:f8:29:9c:c3: - d7:97:58:6f:6f:29:76:45:68:9d:1c:9d:af:5a:1a:51:ba:df: - 13:81:1a:45:f4:f8:74:37:c9:67:3b:91:86:b8:da:ec:c7:38: - 77:75:12:5e:5e:22:a3:e7:ed:74:5a:2a:35:4a:ea:0c:7f:40: - 15:fd:b3:82:ab:b9:0f:f3:da:87:31:22:d5:8d:73:25:a9:dd: - f3:1f:03:b0:e4:e5:dc:4a:2f:fd:71:11:79:ee:b8:50:a5:0f: - cc:ba:07:90:15:3f:c9:a6:e9:32:ac:fe:77:e9:74:5e:a0:de: - f6:24:1a:d4 + 2e:2d:06:a8:37:b1:af:64:ff:12:28:ce:32:6e:64:40:28:55: + 8c:a5:e4:8d:5f:93:1d:55:c1:b0:e1:d0:34:bc:35:f4:6b:f3: + f5:a7:c1:0e:b4:f2:a5:30:88:18:50:66:32:1c:7f:57:87:4f: + 1b:8c:31:52:36:6e:d0:3f:1e:b9:76:a4:82:9e:97:18:f4:12: + 04:e4:e7:ef:1d:e4:1d:a9:9e:d2:c5:ea:4e:c4:01:ee:37:73: + 9d:e9:e1:44:a8:c3:c9:a5:68:7d:d1:00:06:7b:28:cc:63:ad: + 67:aa:d2:3e:fa:50:da:54:e8:0a:78:97:70:ca:a0:be:5c:f0: + 0e:98:86:4f:60:bd:6c:1f:8a:12:95:46:b4:e6:38:62:28:1f: + cb:f1:cd:82:4b:39:d5:7e:ba:41:0a:ca:e4:e5:cb:19:eb:fe: + 3e:25:80:69:de:3a:cf:ab:dc:6a:d4:70:3d:c5:a8:45:9e:66: + 23:b0:80:d8:53:64:c5:f3:bc:ef:d8:70:71:3c:25:0b:0d:33: + 7a:32:5b:2d:48:27:b3:93:81:56:f4:87:9d:f5:4b:68:35:5c: + a7:3c:70:a5:a8:c4:64:43:6d:65:c7:07:d9:c7:2d:20:e4:55: + a7:8a:00:84:96:70:0a:3b:84:3c:68:6a:bd:f4:55:e6:c8:80: + 17:dc:97:09 -----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIBBjANBgkqhkiG9w0BAQsFADAMMQowCAYDVQQDDAFJMB4X DTE1MDEwMTEyMDAwMFoXDTIxMDEwMTEyMDAwMFowETEPMA0GA1UEAwwGdGFyZ2V0 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrjW/Xv7w6R4CvC8Ki0v -ZNyUzYM5Y7YX+MuKVrd7gZlzLq6D0JQbbBKVHNNzxrno7WiP54T1tozAqnUdftKW -2CceUGWcW4h9uKTqO5uraFRBl1IVub76XjVKjK6/Z+SFeUrkFEo7kGt2QzTjbAkf -Vs4boj36zit7/hIfBC9+mat9pDQKWcR6+vivL8PucRJEIhe317RynpuQP6AUqqrU -PaS/qrySbryXiduKz0WKuT5rt2DAP9wcJOkEAY31uw+AYMXVbZRDVbwVa8f5/+TU -sC+tL489voQSNlmLHQbO8ken005IDPRCvy+u8xLcFCFMNS9Jz3owFychiSAhIPEK -lQIDAQABo4HeMIHbMB0GA1UdDgQWBBT/Qt1xqjVnkK+KpTcs0IEAzQ3E+TAfBgNV -HSMEGDAWgBSEugUGTjOdEap68XcfpGl+TC3UPzAsBggrBgEFBQcBAQQgMB4wHAYI +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCIIWMIEit0mEJ6SEC6c +wW/FCFJxlVM4tcvQv0ZUN4vck4z0AXMcWwOd58A2va8z0SqXtqwkjpOd0Y4B/ZYv +iTNx5hjhtQT7rKwF118EuYOv8tPeTepYAmo5nPLXjSW9tg7rfHEbAKt37zh1V3ey +W6zCXes8ngpDLbyLS/Bug7Xvmx01IiWwNxFpnkJjrQra8qdMdvgwCseCV0OqBwjt +qKAtRmNrqpHG69Wk7c0nSE/08AZflXwmzLK8cxXkNJ4WINKvJxPhDeKImxA0rudV +EAAAbBlveFKuN23jJkppWUCy1/EsK0YuldQOC+cGmzIBvi/aEvSsFewIEQ1KThw8 +tQIDAQABo4HeMIHbMB0GA1UdDgQWBBRVAOK/gqveOEiFUrMg1SZVaQ5HMzAfBgNV +HSMEGDAWgBQPIReUQLGmfFn6HMU4z2LohIscLDAsBggrBgEFBQcBAQQgMB4wHAYI KwYBBQUHMAKGEGZpbGU6Ly8vZGV2L251bGwwKQYDVR0fBCIwIDAeoBygGoYYaHR0 cDovL3VybC1mb3ItY3JsL0kuY3JsMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU BggrBgEFBQcDAQYIKwYBBQUHAwIwEQYDVR0RBAowCIIGdGFyZ2V0MA0GCSqGSIb3 -DQEBCwUAA4IBAQCDN4nHw//aJe8CDmHHoE2M8/XAFz8SQqt3tOKlOORPeVrKoNzo -mTpGBpbqSSRSWvicAKdlxirnibXkf6ciuYsJb7xbMP5tbjLWPN2dliybcaMqD62h -qzOP6R+Xzf28exPG1Z1ATzWUOg7Ao4d7+k704NdsA9+WkJBd9GkurfDOJhOoimmd -TJiRBvGqK/gpnMPXl1hvbyl2RWidHJ2vWhpRut8TgRpF9Ph0N8lnO5GGuNrsxzh3 -dRJeXiKj5+10Wio1SuoMf0AV/bOCq7kP89qHMSLVjXMlqd3zHwOw5OXcSi/9cRF5 -7rhQpQ/MugeQFT/JpukyrP536XReoN72JBrU +DQEBCwUAA4IBAQAuLQaoN7GvZP8SKM4ybmRAKFWMpeSNX5MdVcGw4dA0vDX0a/P1 +p8EOtPKlMIgYUGYyHH9Xh08bjDFSNm7QPx65dqSCnpcY9BIE5OfvHeQdqZ7SxepO +xAHuN3Od6eFEqMPJpWh90QAGeyjMY61nqtI++lDaVOgKeJdwyqC+XPAOmIZPYL1s +H4oSlUa05jhiKB/L8c2CSznVfrpBCsrk5csZ6/4+JYBp3jrPq9xq1HA9xahFnmYj +sIDYU2TF87zv2HBxPCULDTN6MlstSCezk4FW9Ied9UtoNVynPHClqMRkQ21lxwfZ +xy0g5FWnigCElnAKO4Q8aGq99FXmyIAX3JcJ -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_aia_unittest/target_file_and_http_aia.pem b/chromium/net/data/cert_issuer_source_aia_unittest/target_file_and_http_aia.pem index 7b6be73c8e1..fc8331c3401 100644 --- a/chromium/net/data/cert_issuer_source_aia_unittest/target_file_and_http_aia.pem +++ b/chromium/net/data/cert_issuer_source_aia_unittest/target_file_and_http_aia.pem @@ -12,30 +12,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b2:4e:8e:4e:eb:87:1c:99:f2:14:5d:b0:e0:b6: - 83:01:1a:a7:39:0b:7d:35:ef:d7:4f:b2:76:84:46: - b9:10:fb:5a:ed:08:ed:2a:32:41:72:cb:3b:2b:25: - 2d:e6:44:1b:04:71:c6:58:73:8d:1b:a8:1f:dd:56: - 0f:c7:4c:1d:03:91:01:fa:a9:43:ed:95:a9:f0:8e: - 28:b2:ed:f2:78:84:cc:9a:d2:d6:5e:9e:44:be:70: - 29:29:d0:44:80:93:ee:37:72:8c:52:aa:3a:76:5b: - 74:46:09:39:22:51:c7:92:70:d7:b1:2c:1f:74:db: - e6:77:f4:b2:84:1c:d8:c1:ff:75:48:fb:6a:a4:43: - c1:cb:02:07:f9:d3:1a:46:52:c7:9a:60:f6:ed:5a: - 1f:36:81:fe:a0:56:f9:bd:dd:3a:4a:a7:a0:13:06: - c6:9c:d3:f4:92:e1:0f:fe:2d:41:70:05:7d:2b:e0: - 8b:5e:f7:5e:fc:4d:50:0d:36:bf:36:35:6e:ed:66: - c5:0e:b8:73:98:8e:7d:a1:80:1f:cd:37:c9:44:6d: - f2:1b:29:06:f0:51:90:55:2e:a0:ef:43:41:e5:fb: - f8:5b:16:d6:a6:70:2a:24:9b:3a:a2:d1:85:f3:31: - 7f:dc:56:ef:28:cd:cc:e3:ca:2a:e1:ed:78:cc:56: - 57:69 + 00:cc:22:08:58:c2:04:8a:dd:26:10:9e:92:10:2e: + 9c:c1:6f:c5:08:52:71:95:53:38:b5:cb:d0:bf:46: + 54:37:8b:dc:93:8c:f4:01:73:1c:5b:03:9d:e7:c0: + 36:bd:af:33:d1:2a:97:b6:ac:24:8e:93:9d:d1:8e: + 01:fd:96:2f:89:33:71:e6:18:e1:b5:04:fb:ac:ac: + 05:d7:5f:04:b9:83:af:f2:d3:de:4d:ea:58:02:6a: + 39:9c:f2:d7:8d:25:bd:b6:0e:eb:7c:71:1b:00:ab: + 77:ef:38:75:57:77:b2:5b:ac:c2:5d:eb:3c:9e:0a: + 43:2d:bc:8b:4b:f0:6e:83:b5:ef:9b:1d:35:22:25: + b0:37:11:69:9e:42:63:ad:0a:da:f2:a7:4c:76:f8: + 30:0a:c7:82:57:43:aa:07:08:ed:a8:a0:2d:46:63: + 6b:aa:91:c6:eb:d5:a4:ed:cd:27:48:4f:f4:f0:06: + 5f:95:7c:26:cc:b2:bc:73:15:e4:34:9e:16:20:d2: + af:27:13:e1:0d:e2:88:9b:10:34:ae:e7:55:10:00: + 00:6c:19:6f:78:52:ae:37:6d:e3:26:4a:69:59:40: + b2:d7:f1:2c:2b:46:2e:95:d4:0e:0b:e7:06:9b:32: + 01:be:2f:da:12:f4:ac:15:ec:08:11:0d:4a:4e:1c: + 3c:b5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - B5:51:F6:D3:5D:24:43:E0:10:85:9D:4C:5F:DA:EB:69:00:3B:B8:FE + 55:00:E2:BF:82:AB:DE:38:48:85:52:B3:20:D5:26:55:69:0E:47:33 X509v3 Authority Key Identifier: - keyid:84:BA:05:06:4E:33:9D:11:AA:7A:F1:77:1F:A4:69:7E:4C:2D:D4:3F + keyid:0F:21:17:94:40:B1:A6:7C:59:FA:1C:C5:38:CF:62:E8:84:8B:1C:2C Authority Information Access: CA Issuers - URI:file:///dev/null @@ -53,40 +53,40 @@ Certificate: X509v3 Subject Alternative Name: DNS:target Signature Algorithm: sha256WithRSAEncryption - 34:75:8e:0a:28:46:43:e1:8f:d3:23:62:85:bc:e9:ea:2f:d2: - 27:de:4b:03:6b:36:02:e0:aa:2a:33:4e:3c:5c:51:38:9e:9b: - 9a:d9:0c:b3:73:75:c0:e4:d9:f1:cc:5c:fa:39:7a:a7:4b:1c: - 88:51:72:6e:f6:c1:d8:75:64:2a:a1:16:99:1c:cb:c1:7f:be: - be:0b:62:25:13:96:3f:56:41:7e:cd:e2:05:fd:f8:06:fc:3d: - 9f:b3:92:b2:7a:87:e0:b5:d5:50:8e:95:c3:3d:bf:78:28:01: - 37:28:e7:d7:d5:67:99:4b:0d:23:93:04:7f:1b:11:c7:22:08: - c2:67:06:9b:bf:b0:d8:e2:c4:72:85:39:23:f4:46:77:20:ce: - 72:f3:17:07:d9:e4:1d:53:0f:ea:c6:10:be:23:b7:25:06:c5: - bb:52:f7:f0:df:35:b0:37:9e:d2:94:26:85:e6:8a:ab:dc:e7: - 6c:13:a5:7a:ad:01:c4:c3:7b:d7:24:39:2f:55:f4:92:52:2b: - 74:46:d9:af:2a:01:40:5b:94:75:bc:c2:d1:d3:7e:4d:fd:36: - 50:e5:8f:f3:54:17:3c:d8:b4:2c:e3:be:d9:0d:a3:e9:39:a9: - 8a:26:dc:80:ab:fe:ce:f2:5c:29:4b:ea:98:55:44:25:93:36: - 31:6e:24:d5 + 20:9c:97:da:0f:c5:f2:28:2c:86:94:e8:14:94:cb:dd:f7:c4: + eb:c6:53:40:72:4a:98:e1:ef:2b:b6:40:83:3c:99:60:f5:5f: + 99:5c:65:3e:87:1b:5f:8c:73:60:7f:78:bc:b0:45:ad:5e:ad: + e4:be:6b:1a:98:bc:41:82:20:1c:17:f8:0c:bf:ae:c9:68:b2: + e5:16:14:61:34:15:48:23:80:d7:5c:dc:71:4f:5e:09:a8:9c: + e1:0e:6c:be:a9:04:bc:9c:1c:8b:93:92:33:58:b7:0d:3e:01: + 30:60:3e:9c:b8:0c:9e:cc:b6:24:fb:c1:9c:45:d3:c1:54:e3: + 0f:b7:45:ed:ee:9b:4e:69:c4:44:4f:69:4a:2e:73:61:20:f2: + 0b:9a:28:cc:0b:68:1e:9c:83:05:f9:64:94:df:8e:39:87:3e: + af:ec:e4:52:45:f4:37:49:bc:03:e2:c3:b4:e4:34:fb:d2:cf: + e8:89:ae:d2:a8:9a:79:7a:85:54:9f:73:85:fb:95:54:35:c4: + a0:5d:2e:23:5e:6d:ac:16:32:4f:49:c6:78:7f:ed:83:3d:48: + 98:dc:9b:e7:8f:53:18:42:55:66:d1:ed:1a:2b:95:50:81:21: + 6d:97:de:3b:52:ed:cb:7d:89:16:7e:09:0c:ba:d9:c3:10:b5: + d9:26:8f:a5 -----BEGIN CERTIFICATE----- MIIDoTCCAomgAwIBAgIBCDANBgkqhkiG9w0BAQsFADAMMQowCAYDVQQDDAFJMB4X DTE1MDEwMTEyMDAwMFoXDTIxMDEwMTEyMDAwMFowETEPMA0GA1UEAwwGdGFyZ2V0 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsk6OTuuHHJnyFF2w4LaD -ARqnOQt9Ne/XT7J2hEa5EPta7QjtKjJBcss7KyUt5kQbBHHGWHONG6gf3VYPx0wd -A5EB+qlD7ZWp8I4osu3yeITMmtLWXp5EvnApKdBEgJPuN3KMUqo6dlt0Rgk5IlHH -knDXsSwfdNvmd/SyhBzYwf91SPtqpEPBywIH+dMaRlLHmmD27VofNoH+oFb5vd06 -SqegEwbGnNP0kuEP/i1BcAV9K+CLXvde/E1QDTa/NjVu7WbFDrhzmI59oYAfzTfJ -RG3yGykG8FGQVS6g70NB5fv4WxbWpnAqJJs6otGF8zF/3FbvKM3M48oq4e14zFZX -aQIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFLVR9tNdJEPgEIWdTF/a62kAO7j+MB8G -A1UdIwQYMBaAFIS6BQZOM50Rqnrxdx+kaX5MLdQ/MFQGCCsGAQUFBwEBBEgwRjAc +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCIIWMIEit0mEJ6SEC6c +wW/FCFJxlVM4tcvQv0ZUN4vck4z0AXMcWwOd58A2va8z0SqXtqwkjpOd0Y4B/ZYv +iTNx5hjhtQT7rKwF118EuYOv8tPeTepYAmo5nPLXjSW9tg7rfHEbAKt37zh1V3ey +W6zCXes8ngpDLbyLS/Bug7Xvmx01IiWwNxFpnkJjrQra8qdMdvgwCseCV0OqBwjt +qKAtRmNrqpHG69Wk7c0nSE/08AZflXwmzLK8cxXkNJ4WINKvJxPhDeKImxA0rudV +EAAAbBlveFKuN23jJkppWUCy1/EsK0YuldQOC+cGmzIBvi/aEvSsFewIEQ1KThw8 +tQIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFUA4r+Cq944SIVSsyDVJlVpDkczMB8G +A1UdIwQYMBaAFA8hF5RAsaZ8WfocxTjPYuiEixwsMFQGCCsGAQUFBwEBBEgwRjAc BggrBgEFBQcwAoYQZmlsZTovLy9kZXYvbnVsbDAmBggrBgEFBQcwAoYaaHR0cDov L3VybC1mb3ItYWlhMi9JMi5mb28wKQYDVR0fBCIwIDAeoBygGoYYaHR0cDovL3Vy bC1mb3ItY3JsL0kuY3JsMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF BQcDAQYIKwYBBQUHAwIwEQYDVR0RBAowCIIGdGFyZ2V0MA0GCSqGSIb3DQEBCwUA -A4IBAQA0dY4KKEZD4Y/TI2KFvOnqL9In3ksDazYC4KoqM048XFE4npua2Qyzc3XA -5NnxzFz6OXqnSxyIUXJu9sHYdWQqoRaZHMvBf76+C2IlE5Y/VkF+zeIF/fgG/D2f -s5KyeofgtdVQjpXDPb94KAE3KOfX1WeZSw0jkwR/GxHHIgjCZwabv7DY4sRyhTkj -9EZ3IM5y8xcH2eQdUw/qxhC+I7clBsW7Uvfw3zWwN57SlCaF5oqr3OdsE6V6rQHE -w3vXJDkvVfSSUit0RtmvKgFAW5R1vMLR035N/TZQ5Y/zVBc82LQs477ZDaPpOamK -JtyAq/7O8lwpS+qYVUQlkzYxbiTV +A4IBAQAgnJfaD8XyKCyGlOgUlMvd98TrxlNAckqY4e8rtkCDPJlg9V+ZXGU+hxtf +jHNgf3i8sEWtXq3kvmsamLxBgiAcF/gMv67JaLLlFhRhNBVII4DXXNxxT14JqJzh +Dmy+qQS8nByLk5IzWLcNPgEwYD6cuAyezLYk+8GcRdPBVOMPt0Xt7ptOacRET2lK +LnNhIPILmijMC2genIMF+WSU3445hz6v7ORSRfQ3SbwD4sO05DT70s/oia7SqJp5 +eoVUn3OF+5VUNcSgXS4jXm2sFjJPScZ4f+2DPUiY3Jvnj1MYQlVm0e0aK5VQgSFt +l947Uu3LfYkWfgkMutnDELXZJo+l -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_aia_unittest/target_invalid_and_http_aia.pem b/chromium/net/data/cert_issuer_source_aia_unittest/target_invalid_and_http_aia.pem index b7669e01ca6..9fcfa30ad00 100644 --- a/chromium/net/data/cert_issuer_source_aia_unittest/target_invalid_and_http_aia.pem +++ b/chromium/net/data/cert_issuer_source_aia_unittest/target_invalid_and_http_aia.pem @@ -12,30 +12,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:9d:3f:f0:25:34:e1:e0:c3:a7:5a:2b:72:6d:e1: - 35:3a:99:eb:b4:12:7b:aa:2b:bc:a6:df:82:01:b1: - e9:8a:39:3a:b1:c5:0f:07:94:0a:97:c9:b0:4e:11: - 11:35:02:65:96:36:65:dc:6f:26:00:1e:1e:38:15: - 7c:ca:08:2b:66:89:a0:c3:38:ff:03:d5:e3:9d:c0: - 98:55:fb:45:d7:57:17:84:6c:6a:af:72:4f:1d:28: - 0c:95:77:35:dd:b1:42:66:96:bd:f9:ec:6e:d6:c3: - c2:23:1d:c4:55:43:ae:b2:12:29:22:7b:33:5a:55: - 8f:d1:24:ce:e3:e1:b9:42:e4:18:ab:64:48:75:f7: - 4d:9e:cf:a0:b9:29:32:71:8c:2b:32:d6:5a:f3:c2: - 8d:25:2c:a6:db:d5:fe:b1:46:20:ed:92:be:3a:0f: - 93:e7:45:ba:36:80:33:36:0c:df:bd:d0:c9:82:db: - 51:96:33:f7:78:9e:b0:7b:4f:04:31:aa:2a:a8:1b: - 90:4f:dd:58:16:33:3a:09:4d:1e:c8:18:9f:62:bf: - 21:4d:89:eb:a6:0e:25:3b:ae:f0:78:1f:9a:de:bc: - 17:06:73:16:7f:49:3b:4c:b3:a8:9e:a3:8d:79:d6: - de:6b:24:67:75:d3:f0:15:d0:91:a0:9c:ff:d7:fa: - 09:41 + 00:cc:22:08:58:c2:04:8a:dd:26:10:9e:92:10:2e: + 9c:c1:6f:c5:08:52:71:95:53:38:b5:cb:d0:bf:46: + 54:37:8b:dc:93:8c:f4:01:73:1c:5b:03:9d:e7:c0: + 36:bd:af:33:d1:2a:97:b6:ac:24:8e:93:9d:d1:8e: + 01:fd:96:2f:89:33:71:e6:18:e1:b5:04:fb:ac:ac: + 05:d7:5f:04:b9:83:af:f2:d3:de:4d:ea:58:02:6a: + 39:9c:f2:d7:8d:25:bd:b6:0e:eb:7c:71:1b:00:ab: + 77:ef:38:75:57:77:b2:5b:ac:c2:5d:eb:3c:9e:0a: + 43:2d:bc:8b:4b:f0:6e:83:b5:ef:9b:1d:35:22:25: + b0:37:11:69:9e:42:63:ad:0a:da:f2:a7:4c:76:f8: + 30:0a:c7:82:57:43:aa:07:08:ed:a8:a0:2d:46:63: + 6b:aa:91:c6:eb:d5:a4:ed:cd:27:48:4f:f4:f0:06: + 5f:95:7c:26:cc:b2:bc:73:15:e4:34:9e:16:20:d2: + af:27:13:e1:0d:e2:88:9b:10:34:ae:e7:55:10:00: + 00:6c:19:6f:78:52:ae:37:6d:e3:26:4a:69:59:40: + b2:d7:f1:2c:2b:46:2e:95:d4:0e:0b:e7:06:9b:32: + 01:be:2f:da:12:f4:ac:15:ec:08:11:0d:4a:4e:1c: + 3c:b5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 6E:CC:5D:F5:E6:D9:A6:B7:8C:4B:CB:A4:A7:C5:70:66:DA:FA:0E:E6 + 55:00:E2:BF:82:AB:DE:38:48:85:52:B3:20:D5:26:55:69:0E:47:33 X509v3 Authority Key Identifier: - keyid:84:BA:05:06:4E:33:9D:11:AA:7A:F1:77:1F:A4:69:7E:4C:2D:D4:3F + keyid:0F:21:17:94:40:B1:A6:7C:59:FA:1C:C5:38:CF:62:E8:84:8B:1C:2C Authority Information Access: CA Issuers - URI:foobar @@ -53,40 +53,40 @@ Certificate: X509v3 Subject Alternative Name: DNS:target Signature Algorithm: sha256WithRSAEncryption - 58:8b:4c:19:cb:8f:e1:77:47:86:03:f4:27:e8:2c:ff:e6:b3: - 34:df:9c:97:90:d9:a2:f4:a6:ca:be:aa:0b:5a:03:84:c6:d2: - c0:ce:31:c5:8b:30:3a:48:9a:21:42:61:b6:21:96:90:b1:f7: - 6e:8a:02:d5:fd:ba:2e:4e:22:12:0d:ad:b1:8d:4a:4b:16:ea: - 86:8c:04:65:fd:9c:55:09:17:f2:cb:f3:b6:94:bc:c5:fb:8e: - f3:8c:d9:48:95:7f:b8:3d:50:f0:eb:20:fd:93:89:c6:21:09: - 39:26:e2:68:d2:34:3f:27:d0:25:5f:b6:e4:7a:ff:8c:da:3c: - 38:7c:f7:51:97:ad:83:3a:69:98:8b:8a:df:f8:ba:e7:0b:a2: - f6:eb:5d:c7:db:7d:8e:00:3c:ae:18:2b:66:77:50:9b:8c:d5: - 2e:ef:15:e0:eb:da:de:78:78:73:d0:ba:bb:d8:2e:0a:03:f3: - 05:7b:3b:bc:09:a1:4d:3c:f7:29:63:e1:f5:6b:2f:3c:45:a9: - 9f:5b:6d:13:82:e6:e1:f1:c1:56:b3:bf:dd:ac:ef:ab:d1:f9: - de:dc:32:ce:50:2d:8c:b6:30:f9:13:f8:1f:a2:2e:ea:43:8c: - 50:d8:d2:b1:a8:af:0a:c4:ef:4c:2f:61:3c:8c:af:34:a2:80: - d5:fe:21:2b + a1:23:f5:5d:1c:5f:b2:e1:7d:0a:7d:54:c5:1d:ca:ff:3a:53: + d6:33:4e:a7:65:37:0c:ec:f3:b0:d1:53:4b:4c:96:a0:a1:52: + 4a:07:ee:23:fc:2f:44:0e:0f:07:a1:b0:c8:eb:61:69:b1:39: + 8e:0d:6b:bd:b7:0a:d5:12:a0:af:5a:7a:20:21:14:d2:bd:2f: + 08:8b:00:c1:e9:9d:35:64:ea:7c:8f:e8:4c:09:b1:54:0d:c6: + 02:37:55:1c:42:4d:38:cb:7f:b6:d2:46:74:5c:ca:e8:3c:b1: + 0b:3f:69:44:00:32:c6:73:3e:9f:2e:c1:2a:93:33:30:50:7e: + e6:ad:57:cb:f9:bb:5b:7a:7f:f7:7b:2f:8c:f6:b0:cb:7c:59: + be:42:4e:74:05:0e:60:95:4f:4c:87:e5:48:a1:2b:70:4c:1e: + 58:f8:26:a2:0f:1f:ee:b4:98:eb:25:b4:ae:72:0d:9e:61:3a: + e3:c3:b7:b4:81:fb:b4:30:ea:ff:4c:ae:17:58:ab:57:5e:df: + de:10:47:bc:66:c4:c9:2c:56:64:5f:cb:85:e5:5b:97:f2:e6: + 9b:b8:5d:ae:14:e5:de:3a:74:1b:33:56:cf:76:3b:42:96:5d: + fb:e8:b7:c3:ab:0a:46:1e:da:e3:07:b4:69:6a:90:74:3f:37: + 48:b5:a9:a3 -----BEGIN CERTIFICATE----- MIIDlTCCAn2gAwIBAgIBCTANBgkqhkiG9w0BAQsFADAMMQowCAYDVQQDDAFJMB4X DTE1MDEwMTEyMDAwMFoXDTIxMDEwMTEyMDAwMFowETEPMA0GA1UEAwwGdGFyZ2V0 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnT/wJTTh4MOnWitybeE1 -OpnrtBJ7qiu8pt+CAbHpijk6scUPB5QKl8mwThERNQJlljZl3G8mAB4eOBV8yggr -Zomgwzj/A9XjncCYVftF11cXhGxqr3JPHSgMlXc13bFCZpa9+exu1sPCIx3EVUOu -shIpInszWlWP0STO4+G5QuQYq2RIdfdNns+guSkycYwrMtZa88KNJSym29X+sUYg -7ZK+Og+T50W6NoAzNgzfvdDJgttRljP3eJ6we08EMaoqqBuQT91YFjM6CU0eyBif -Yr8hTYnrpg4lO67weB+a3rwXBnMWf0k7TLOonqONedbeayRnddPwFdCRoJz/1/oJ -QQIDAQABo4H8MIH5MB0GA1UdDgQWBBRuzF315tmmt4xLy6SnxXBm2voO5jAfBgNV -HSMEGDAWgBSEugUGTjOdEap68XcfpGl+TC3UPzBKBggrBgEFBQcBAQQ+MDwwEgYI +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCIIWMIEit0mEJ6SEC6c +wW/FCFJxlVM4tcvQv0ZUN4vck4z0AXMcWwOd58A2va8z0SqXtqwkjpOd0Y4B/ZYv +iTNx5hjhtQT7rKwF118EuYOv8tPeTepYAmo5nPLXjSW9tg7rfHEbAKt37zh1V3ey +W6zCXes8ngpDLbyLS/Bug7Xvmx01IiWwNxFpnkJjrQra8qdMdvgwCseCV0OqBwjt +qKAtRmNrqpHG69Wk7c0nSE/08AZflXwmzLK8cxXkNJ4WINKvJxPhDeKImxA0rudV +EAAAbBlveFKuN23jJkppWUCy1/EsK0YuldQOC+cGmzIBvi/aEvSsFewIEQ1KThw8 +tQIDAQABo4H8MIH5MB0GA1UdDgQWBBRVAOK/gqveOEiFUrMg1SZVaQ5HMzAfBgNV +HSMEGDAWgBQPIReUQLGmfFn6HMU4z2LohIscLDBKBggrBgEFBQcBAQQ+MDwwEgYI KwYBBQUHMAKGBmZvb2JhcjAmBggrBgEFBQcwAoYaaHR0cDovL3VybC1mb3ItYWlh Mi9JMi5mb28wKQYDVR0fBCIwIDAeoBygGoYYaHR0cDovL3VybC1mb3ItY3JsL0ku Y3JsMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH -AwIwEQYDVR0RBAowCIIGdGFyZ2V0MA0GCSqGSIb3DQEBCwUAA4IBAQBYi0wZy4/h -d0eGA/Qn6Cz/5rM035yXkNmi9KbKvqoLWgOExtLAzjHFizA6SJohQmG2IZaQsfdu -igLV/bouTiISDa2xjUpLFuqGjARl/ZxVCRfyy/O2lLzF+47zjNlIlX+4PVDw6yD9 -k4nGIQk5JuJo0jQ/J9AlX7bkev+M2jw4fPdRl62DOmmYi4rf+LrnC6L2613H232O -ADyuGCtmd1CbjNUu7xXg69reeHhz0Lq72C4KA/MFezu8CaFNPPcpY+H1ay88Ramf -W20Tgubh8cFWs7/drO+r0fne3DLOUC2MtjD5E/gfoi7qQ4xQ2NKxqK8KxO9ML2E8 -jK80ooDV/iEr +AwIwEQYDVR0RBAowCIIGdGFyZ2V0MA0GCSqGSIb3DQEBCwUAA4IBAQChI/VdHF+y +4X0KfVTFHcr/OlPWM06nZTcM7POw0VNLTJagoVJKB+4j/C9EDg8HobDI62FpsTmO +DWu9twrVEqCvWnogIRTSvS8IiwDB6Z01ZOp8j+hMCbFUDcYCN1UcQk04y3+20kZ0 +XMroPLELP2lEADLGcz6fLsEqkzMwUH7mrVfL+btben/3ey+M9rDLfFm+Qk50BQ5g +lU9Mh+VIoStwTB5Y+CaiDx/utJjrJbSucg2eYTrjw7e0gfu0MOr/TK4XWKtXXt/e +EEe8ZsTJLFZkX8uF5VuX8uabuF2uFOXeOnQbM1bPdjtCll376LfDqwpGHtrjB7Rp +apB0PzdItamj -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_aia_unittest/target_invalid_url_aia.pem b/chromium/net/data/cert_issuer_source_aia_unittest/target_invalid_url_aia.pem index 8b7b1a72d22..b2642d00af5 100644 --- a/chromium/net/data/cert_issuer_source_aia_unittest/target_invalid_url_aia.pem +++ b/chromium/net/data/cert_issuer_source_aia_unittest/target_invalid_url_aia.pem @@ -12,30 +12,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:d8:3c:a7:4c:90:77:93:ce:72:3b:a5:61:af:f1: - fd:2f:72:2e:3f:37:2c:7d:94:45:c7:c9:7e:b4:26: - 65:2b:d3:42:fb:89:bb:b0:a1:68:e8:4f:4d:c3:dd: - b8:3c:ad:ec:0d:1b:f9:e9:ba:99:f5:74:26:11:2e: - 62:e1:e9:4a:d9:07:e3:82:dc:44:66:53:83:bd:aa: - 08:4c:9c:14:fa:3f:80:ba:b0:10:48:2d:59:73:cb: - 22:65:42:1c:68:c4:9d:fb:94:75:5f:84:11:61:7c: - 10:08:a8:48:04:99:75:8a:d2:5e:89:16:0c:04:62: - e2:ae:23:7c:b1:cb:ce:f8:eb:a5:a4:32:66:83:0d: - 9e:a7:7c:40:5f:41:c9:e6:63:d0:a6:8b:94:4b:aa: - 25:38:db:46:d9:16:14:dd:a0:29:16:99:a8:f4:0a: - 87:58:71:3d:b4:a7:e3:d1:10:0e:96:b2:70:fb:59: - 09:22:e8:19:9f:c2:1d:11:c6:26:dc:1c:3d:4d:52: - 13:c8:3e:38:c8:7e:90:0f:9b:d0:60:03:6b:19:f6: - 71:6a:22:a1:1f:00:c5:63:19:36:a3:db:da:6c:b2: - b8:fe:a9:1c:37:19:00:ce:03:60:58:6e:da:cd:31: - 7e:ee:69:06:12:36:c4:11:66:53:a2:14:9b:75:af: - eb:2f + 00:cc:22:08:58:c2:04:8a:dd:26:10:9e:92:10:2e: + 9c:c1:6f:c5:08:52:71:95:53:38:b5:cb:d0:bf:46: + 54:37:8b:dc:93:8c:f4:01:73:1c:5b:03:9d:e7:c0: + 36:bd:af:33:d1:2a:97:b6:ac:24:8e:93:9d:d1:8e: + 01:fd:96:2f:89:33:71:e6:18:e1:b5:04:fb:ac:ac: + 05:d7:5f:04:b9:83:af:f2:d3:de:4d:ea:58:02:6a: + 39:9c:f2:d7:8d:25:bd:b6:0e:eb:7c:71:1b:00:ab: + 77:ef:38:75:57:77:b2:5b:ac:c2:5d:eb:3c:9e:0a: + 43:2d:bc:8b:4b:f0:6e:83:b5:ef:9b:1d:35:22:25: + b0:37:11:69:9e:42:63:ad:0a:da:f2:a7:4c:76:f8: + 30:0a:c7:82:57:43:aa:07:08:ed:a8:a0:2d:46:63: + 6b:aa:91:c6:eb:d5:a4:ed:cd:27:48:4f:f4:f0:06: + 5f:95:7c:26:cc:b2:bc:73:15:e4:34:9e:16:20:d2: + af:27:13:e1:0d:e2:88:9b:10:34:ae:e7:55:10:00: + 00:6c:19:6f:78:52:ae:37:6d:e3:26:4a:69:59:40: + b2:d7:f1:2c:2b:46:2e:95:d4:0e:0b:e7:06:9b:32: + 01:be:2f:da:12:f4:ac:15:ec:08:11:0d:4a:4e:1c: + 3c:b5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 43:35:C7:A5:6B:23:40:8A:30:33:E2:B1:4E:51:18:C8:EC:3A:79:F3 + 55:00:E2:BF:82:AB:DE:38:48:85:52:B3:20:D5:26:55:69:0E:47:33 X509v3 Authority Key Identifier: - keyid:84:BA:05:06:4E:33:9D:11:AA:7A:F1:77:1F:A4:69:7E:4C:2D:D4:3F + keyid:0F:21:17:94:40:B1:A6:7C:59:FA:1C:C5:38:CF:62:E8:84:8B:1C:2C Authority Information Access: CA Issuers - URI:foobar @@ -52,39 +52,39 @@ Certificate: X509v3 Subject Alternative Name: DNS:target Signature Algorithm: sha256WithRSAEncryption - 1b:31:59:4e:06:a8:af:82:35:d2:5f:30:33:ed:8c:58:79:ef: - 80:fd:b4:e8:ac:45:2a:ed:b8:cf:a7:37:7e:c7:f6:d3:ea:8d: - f1:eb:38:87:16:5e:d8:62:0b:56:a1:37:74:18:c3:85:bd:79: - c6:9c:06:57:4a:60:3a:d3:17:db:60:4b:f2:19:ff:54:38:04: - 7a:2b:f1:b6:f7:47:d1:71:51:22:cf:de:b2:14:9b:e4:66:f2: - cf:be:98:10:77:1d:8e:f5:7b:51:fe:ca:33:0d:8d:24:d4:be: - 8f:96:3d:67:0e:ad:b0:3c:28:13:58:05:fd:23:9c:0f:fe:1b: - d6:8a:42:e6:c7:ad:c5:66:ca:4a:16:6e:d3:3c:4c:f5:a6:76: - 7e:68:51:38:af:1c:75:9c:ac:f1:14:5e:11:47:b0:ea:e8:8c: - 00:2d:00:7e:be:e8:30:e1:16:47:3e:93:6b:e5:30:19:2e:98: - 56:d0:7f:0f:48:6f:82:59:e5:38:e5:96:15:36:75:94:a1:e8: - ce:22:91:0f:32:f1:6c:a2:ed:c4:72:14:51:90:3d:3b:73:cd: - 12:02:1d:a0:b3:fe:14:e5:ac:b5:b1:3c:18:99:5d:de:2e:fc: - 3c:e4:9a:1f:ff:65:96:6b:48:2b:dd:d8:c2:d7:a8:5c:85:91: - f8:1f:22:a4 + b2:9c:6a:97:12:d5:35:7c:19:48:32:77:02:1d:99:d9:7a:ee: + 9a:3e:cd:8c:8f:b9:12:bc:75:fc:72:de:dd:28:bc:ad:b4:17: + 6f:7d:1c:5c:17:77:0b:a7:d4:fc:2e:2f:d5:ce:d3:5d:8d:27: + 66:03:5f:2f:b0:ef:b9:74:f2:cf:8c:05:d9:5e:e3:8e:ff:95: + 3c:f5:94:18:df:b2:26:05:87:ed:fc:4d:ba:05:a7:0b:fc:1d: + 8f:80:de:6f:be:06:67:f2:6f:03:dc:34:9d:2c:1e:91:c4:d7: + bf:9d:f0:0f:ea:82:39:f2:2d:97:9d:91:02:a7:7b:77:c3:c5: + 03:f9:53:06:36:50:08:90:5d:f6:11:8c:77:a2:99:46:28:b4: + 4d:27:a2:ba:55:07:15:8e:cb:88:d5:c3:75:ba:77:be:28:f3: + 87:62:44:86:4d:bb:4a:1f:2e:9f:b2:da:e3:6c:da:d0:0a:28: + 78:ae:a2:73:83:e1:72:c5:3a:62:cc:18:a8:02:4c:7e:64:fd: + 1f:08:8c:94:3e:d0:c0:f1:d6:3c:d7:30:da:75:e2:78:50:bb: + 8b:bb:dc:07:3c:9b:10:81:d1:15:e8:14:49:5d:ff:7e:71:55: + c2:23:19:f6:cb:5f:03:04:50:8f:c2:4d:cd:94:3c:e4:1d:90: + ca:8c:66:80 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADAMMQowCAYDVQQDDAFJMB4X DTE1MDEwMTEyMDAwMFoXDTIxMDEwMTEyMDAwMFowETEPMA0GA1UEAwwGdGFyZ2V0 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DynTJB3k85yO6Vhr/H9 -L3IuPzcsfZRFx8l+tCZlK9NC+4m7sKFo6E9Nw924PK3sDRv56bqZ9XQmES5i4elK -2QfjgtxEZlODvaoITJwU+j+AurAQSC1Zc8siZUIcaMSd+5R1X4QRYXwQCKhIBJl1 -itJeiRYMBGLiriN8scvO+OulpDJmgw2ep3xAX0HJ5mPQpouUS6olONtG2RYU3aAp -Fpmo9AqHWHE9tKfj0RAOlrJw+1kJIugZn8IdEcYm3Bw9TVITyD44yH6QD5vQYANr -GfZxaiKhHwDFYxk2o9vabLK4/qkcNxkAzgNgWG7azTF+7mkGEjbEEWZTohSbda/r -LwIDAQABo4HUMIHRMB0GA1UdDgQWBBRDNcelayNAijAz4rFOURjI7Dp58zAfBgNV -HSMEGDAWgBSEugUGTjOdEap68XcfpGl+TC3UPzAiBggrBgEFBQcBAQQWMBQwEgYI +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCIIWMIEit0mEJ6SEC6c +wW/FCFJxlVM4tcvQv0ZUN4vck4z0AXMcWwOd58A2va8z0SqXtqwkjpOd0Y4B/ZYv +iTNx5hjhtQT7rKwF118EuYOv8tPeTepYAmo5nPLXjSW9tg7rfHEbAKt37zh1V3ey +W6zCXes8ngpDLbyLS/Bug7Xvmx01IiWwNxFpnkJjrQra8qdMdvgwCseCV0OqBwjt +qKAtRmNrqpHG69Wk7c0nSE/08AZflXwmzLK8cxXkNJ4WINKvJxPhDeKImxA0rudV +EAAAbBlveFKuN23jJkppWUCy1/EsK0YuldQOC+cGmzIBvi/aEvSsFewIEQ1KThw8 +tQIDAQABo4HUMIHRMB0GA1UdDgQWBBRVAOK/gqveOEiFUrMg1SZVaQ5HMzAfBgNV +HSMEGDAWgBQPIReUQLGmfFn6HMU4z2LohIscLDAiBggrBgEFBQcBAQQWMBQwEgYI KwYBBQUHMAKGBmZvb2JhcjApBgNVHR8EIjAgMB6gHKAahhhodHRwOi8vdXJsLWZv ci1jcmwvSS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB BggrBgEFBQcDAjARBgNVHREECjAIggZ0YXJnZXQwDQYJKoZIhvcNAQELBQADggEB -ABsxWU4GqK+CNdJfMDPtjFh574D9tOisRSrtuM+nN37H9tPqjfHrOIcWXthiC1ah -N3QYw4W9ecacBldKYDrTF9tgS/IZ/1Q4BHor8bb3R9FxUSLP3rIUm+Rm8s++mBB3 -HY71e1H+yjMNjSTUvo+WPWcOrbA8KBNYBf0jnA/+G9aKQubHrcVmykoWbtM8TPWm -dn5oUTivHHWcrPEUXhFHsOrojAAtAH6+6DDhFkc+k2vlMBkumFbQfw9Ib4JZ5Tjl -lhU2dZSh6M4ikQ8y8Wyi7cRyFFGQPTtzzRICHaCz/hTlrLWxPBiZXd4u/Dzkmh// -ZZZrSCvd2MLXqFyFkfgfIqQ= +ALKcapcS1TV8GUgydwIdmdl67po+zYyPuRK8dfxy3t0ovK20F299HFwXdwun1Pwu +L9XO012NJ2YDXy+w77l08s+MBdle447/lTz1lBjfsiYFh+38TboFpwv8HY+A3m++ +BmfybwPcNJ0sHpHE17+d8A/qgjnyLZedkQKne3fDxQP5UwY2UAiQXfYRjHeimUYo +tE0norpVBxWOy4jVw3W6d74o84diRIZNu0ofLp+y2uNs2tAKKHiuonOD4XLFOmLM +GKgCTH5k/R8IjJQ+0MDx1jzXMNp14nhQu4u73Ac8mxCB0RXoFEld/35xVcIjGfbL +XwMEUI/CTc2UPOQdkMqMZoA= -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_aia_unittest/target_no_aia.pem b/chromium/net/data/cert_issuer_source_aia_unittest/target_no_aia.pem index a98b38cb8b8..157bdef5094 100644 --- a/chromium/net/data/cert_issuer_source_aia_unittest/target_no_aia.pem +++ b/chromium/net/data/cert_issuer_source_aia_unittest/target_no_aia.pem @@ -12,30 +12,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:bc:7b:d4:48:5a:3b:ab:be:72:da:b4:1d:81:4d: - 42:5b:82:82:c2:10:11:36:b9:59:00:88:18:bd:99: - a2:f0:40:cb:ae:bb:99:81:66:a3:45:ee:cd:da:f1: - 83:91:1b:5a:65:33:86:6e:ed:15:eb:54:a9:20:17: - 2b:1e:13:fe:69:a0:6c:72:a5:ca:be:2f:d3:d5:14: - 2a:91:d5:08:bd:6b:26:e8:a4:a8:19:97:b3:1f:28: - 6f:59:54:dc:65:61:34:05:fe:67:80:d3:63:9d:a5: - e7:a2:e0:aa:12:e6:d0:77:ff:72:27:84:23:fa:18: - 00:85:e3:fc:66:0b:99:31:0e:a2:fd:c8:ca:cc:64: - da:14:27:b3:9e:cf:a6:10:0a:5a:29:1a:29:b8:6a: - b5:a1:fe:89:ae:51:e7:f2:5b:ab:7f:c6:37:51:44: - 81:30:3a:35:e2:28:a8:7f:4b:7a:c8:a3:c9:13:11: - 23:de:4a:4b:52:41:cb:64:81:13:1b:d2:ac:cd:c5: - a0:96:b6:a2:c7:f7:55:06:cb:fd:64:be:e1:22:b3: - a0:bd:77:46:be:1e:eb:ea:cd:de:af:a5:89:13:82: - 55:12:b8:c4:6b:01:33:69:32:21:18:c3:1c:01:1b: - 09:2b:a4:cb:80:23:15:3b:26:ea:c3:01:59:8c:a2: - 35:c3 + 00:cc:22:08:58:c2:04:8a:dd:26:10:9e:92:10:2e: + 9c:c1:6f:c5:08:52:71:95:53:38:b5:cb:d0:bf:46: + 54:37:8b:dc:93:8c:f4:01:73:1c:5b:03:9d:e7:c0: + 36:bd:af:33:d1:2a:97:b6:ac:24:8e:93:9d:d1:8e: + 01:fd:96:2f:89:33:71:e6:18:e1:b5:04:fb:ac:ac: + 05:d7:5f:04:b9:83:af:f2:d3:de:4d:ea:58:02:6a: + 39:9c:f2:d7:8d:25:bd:b6:0e:eb:7c:71:1b:00:ab: + 77:ef:38:75:57:77:b2:5b:ac:c2:5d:eb:3c:9e:0a: + 43:2d:bc:8b:4b:f0:6e:83:b5:ef:9b:1d:35:22:25: + b0:37:11:69:9e:42:63:ad:0a:da:f2:a7:4c:76:f8: + 30:0a:c7:82:57:43:aa:07:08:ed:a8:a0:2d:46:63: + 6b:aa:91:c6:eb:d5:a4:ed:cd:27:48:4f:f4:f0:06: + 5f:95:7c:26:cc:b2:bc:73:15:e4:34:9e:16:20:d2: + af:27:13:e1:0d:e2:88:9b:10:34:ae:e7:55:10:00: + 00:6c:19:6f:78:52:ae:37:6d:e3:26:4a:69:59:40: + b2:d7:f1:2c:2b:46:2e:95:d4:0e:0b:e7:06:9b:32: + 01:be:2f:da:12:f4:ac:15:ec:08:11:0d:4a:4e:1c: + 3c:b5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - D2:58:5E:31:E6:B5:6D:8F:58:B6:D0:DA:C1:4D:38:43:9A:D3:C1:7A + 55:00:E2:BF:82:AB:DE:38:48:85:52:B3:20:D5:26:55:69:0E:47:33 X509v3 Authority Key Identifier: - keyid:84:BA:05:06:4E:33:9D:11:AA:7A:F1:77:1F:A4:69:7E:4C:2D:D4:3F + keyid:0F:21:17:94:40:B1:A6:7C:59:FA:1C:C5:38:CF:62:E8:84:8B:1C:2C X509v3 CRL Distribution Points: @@ -49,38 +49,38 @@ Certificate: X509v3 Subject Alternative Name: DNS:target Signature Algorithm: sha256WithRSAEncryption - 59:c0:18:ae:e6:ec:1d:a0:df:9c:07:d9:94:1b:a1:dd:22:14: - 8f:6f:2c:17:e3:cd:b8:83:17:aa:6d:34:d5:3f:3b:6d:ab:6d: - fe:c0:9d:c6:d9:1b:77:32:8b:0d:4e:4f:64:d5:49:c5:71:08: - 1e:a2:87:0f:28:27:6e:a5:b9:a1:02:da:c4:b7:a8:49:dd:ce: - b2:39:67:67:e8:ee:f0:bf:83:bb:0f:21:9f:a2:62:53:1e:7f: - a0:84:8a:1b:c4:62:98:06:4d:5d:6b:3f:55:5b:71:e3:4c:fc: - 6b:4d:38:ed:f7:84:11:26:86:58:2e:7a:1d:4c:8f:30:ea:ab: - 5d:55:44:2a:ae:35:42:16:bc:c9:ee:88:6c:9f:79:f5:f2:a0: - c2:5b:e7:c0:fb:01:11:50:0c:1d:ea:62:79:79:59:cd:34:4b: - 60:9f:cf:4c:66:eb:8f:28:52:54:ff:6a:df:12:ab:c3:35:8b: - 31:4d:9e:bc:02:c0:87:5e:ff:80:1f:ba:b4:a4:22:89:2f:ae: - f4:fb:07:86:9d:72:b3:36:ac:9e:95:e0:6b:a2:67:54:ef:90: - f0:c8:81:92:0d:4e:a4:7f:2b:bb:3e:5e:6c:ed:cf:45:20:76: - ab:07:b5:07:48:8d:33:08:a1:89:b8:5f:f8:33:e7:31:42:4a: - 4f:6e:59:18 + 5b:31:f0:74:8f:8a:0f:d0:a0:5a:ee:fd:0a:e9:9f:99:e7:20: + 20:b7:83:de:e5:15:48:f2:25:7f:35:f9:17:3a:3e:23:c8:63: + 83:12:dd:7e:85:2b:37:5b:f1:e8:51:dc:66:4e:b4:62:ba:a3: + ea:70:79:28:6a:e3:62:77:a3:36:19:2a:4d:99:df:d0:24:b0: + e4:bb:58:d8:40:94:94:5b:82:4a:91:71:c3:fa:b3:1b:1b:38: + 0e:f7:a3:61:b5:8e:5d:0c:e4:dc:b8:a5:5b:0a:12:a5:bb:bf: + 1c:31:cd:e1:f0:a2:b5:a4:3c:82:77:02:22:02:5a:7e:14:6d: + 01:3d:36:83:73:f3:bb:d6:17:51:0b:12:47:67:33:1a:a6:60: + d5:23:f8:e0:cd:09:b2:24:14:4b:76:82:27:43:82:a4:9d:dd: + df:b7:93:91:b2:29:5f:82:1d:ff:77:40:4a:62:36:1d:45:e4: + 37:93:47:47:e9:85:a8:3b:23:dd:f9:fe:e4:f2:9f:2b:51:e7: + 95:b3:98:44:25:8a:6a:4d:cb:5e:32:8a:b8:c4:a9:00:37:00: + 45:d5:02:d9:49:c8:90:86:4b:65:ac:f3:0c:c0:0c:24:12:8f: + ef:40:60:f9:f8:09:ff:2b:e9:58:19:7f:62:65:14:f5:0b:f3: + 01:45:44:af -----BEGIN CERTIFICATE----- MIIDSTCCAjGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAMMQowCAYDVQQDDAFJMB4X DTE1MDEwMTEyMDAwMFoXDTIxMDEwMTEyMDAwMFowETEPMA0GA1UEAwwGdGFyZ2V0 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHvUSFo7q75y2rQdgU1C -W4KCwhARNrlZAIgYvZmi8EDLrruZgWajRe7N2vGDkRtaZTOGbu0V61SpIBcrHhP+ -aaBscqXKvi/T1RQqkdUIvWsm6KSoGZezHyhvWVTcZWE0Bf5ngNNjnaXnouCqEubQ -d/9yJ4Qj+hgAheP8ZguZMQ6i/cjKzGTaFCezns+mEApaKRopuGq1of6JrlHn8lur -f8Y3UUSBMDo14iiof0t6yKPJExEj3kpLUkHLZIETG9KszcWglraix/dVBsv9ZL7h -IrOgvXdGvh7r6s3er6WJE4JVErjEawEzaTIhGMMcARsJK6TLgCMVOybqwwFZjKI1 -wwIDAQABo4GwMIGtMB0GA1UdDgQWBBTSWF4x5rVtj1i20NrBTThDmtPBejAfBgNV -HSMEGDAWgBSEugUGTjOdEap68XcfpGl+TC3UPzApBgNVHR8EIjAgMB6gHKAahhho +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCIIWMIEit0mEJ6SEC6c +wW/FCFJxlVM4tcvQv0ZUN4vck4z0AXMcWwOd58A2va8z0SqXtqwkjpOd0Y4B/ZYv +iTNx5hjhtQT7rKwF118EuYOv8tPeTepYAmo5nPLXjSW9tg7rfHEbAKt37zh1V3ey +W6zCXes8ngpDLbyLS/Bug7Xvmx01IiWwNxFpnkJjrQra8qdMdvgwCseCV0OqBwjt +qKAtRmNrqpHG69Wk7c0nSE/08AZflXwmzLK8cxXkNJ4WINKvJxPhDeKImxA0rudV +EAAAbBlveFKuN23jJkppWUCy1/EsK0YuldQOC+cGmzIBvi/aEvSsFewIEQ1KThw8 +tQIDAQABo4GwMIGtMB0GA1UdDgQWBBRVAOK/gqveOEiFUrMg1SZVaQ5HMzAfBgNV +HSMEGDAWgBQPIReUQLGmfFn6HMU4z2LohIscLDApBgNVHR8EIjAgMB6gHKAahhho dHRwOi8vdXJsLWZvci1jcmwvSS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW MBQGCCsGAQUFBwMBBggrBgEFBQcDAjARBgNVHREECjAIggZ0YXJnZXQwDQYJKoZI -hvcNAQELBQADggEBAFnAGK7m7B2g35wH2ZQbod0iFI9vLBfjzbiDF6ptNNU/O22r -bf7AncbZG3cyiw1OT2TVScVxCB6ihw8oJ26luaEC2sS3qEndzrI5Z2fo7vC/g7sP -IZ+iYlMef6CEihvEYpgGTV1rP1VbceNM/GtNOO33hBEmhlgueh1MjzDqq11VRCqu -NUIWvMnuiGyfefXyoMJb58D7ARFQDB3qYnl5Wc00S2Cfz0xm648oUlT/at8Sq8M1 -izFNnrwCwIde/4AfurSkIokvrvT7B4adcrM2rJ6V4GuiZ1TvkPDIgZINTqR/K7s+ -Xmztz0UgdqsHtQdIjTMIoYm4X/gz5zFCSk9uWRg= +hvcNAQELBQADggEBAFsx8HSPig/QoFru/Qrpn5nnICC3g97lFUjyJX81+Rc6PiPI +Y4MS3X6FKzdb8ehR3GZOtGK6o+pweShq42J3ozYZKk2Z39AksOS7WNhAlJRbgkqR +ccP6sxsbOA73o2G1jl0M5Ny4pVsKEqW7vxwxzeHworWkPIJ3AiICWn4UbQE9NoNz +87vWF1ELEkdnMxqmYNUj+ODNCbIkFEt2gidDgqSd3d+3k5GyKV+CHf93QEpiNh1F +5DeTR0fphag7I935/uTynytR55WzmEQlimpNy14yirjEqQA3AEXVAtlJyJCGS2Ws +8wzADCQSj+9AYPn4Cf8r6VgZf2JlFPUL8wFFRK8= -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_aia_unittest/target_one_aia.pem b/chromium/net/data/cert_issuer_source_aia_unittest/target_one_aia.pem index 32c465552de..dde4d6aa45b 100644 --- a/chromium/net/data/cert_issuer_source_aia_unittest/target_one_aia.pem +++ b/chromium/net/data/cert_issuer_source_aia_unittest/target_one_aia.pem @@ -12,30 +12,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:e6:20:5f:6c:8f:17:bb:ad:da:b9:19:22:1e:19: - dc:04:47:cd:0b:e9:72:33:6f:5e:c6:91:aa:7e:6e: - 8b:9a:9d:6a:41:47:3f:67:8e:da:bf:ec:76:d9:e7: - 91:58:9a:9a:ab:b5:47:5f:90:c1:c3:31:de:ae:17: - 09:b4:6a:b9:07:1a:82:a1:0a:76:df:69:91:5a:01: - ed:ec:bd:1f:cc:9e:c5:27:54:1d:48:f5:16:e0:11: - 3d:f0:8c:a6:91:ec:41:35:c0:ea:5f:61:d8:14:a5: - b5:48:7a:fd:fd:f8:9e:30:50:bb:73:70:4b:bb:52: - a8:73:18:90:75:3a:1d:42:7b:d7:0c:26:fd:83:26: - 43:47:f6:a8:2e:46:6d:01:96:2d:12:5a:d7:ec:cb: - 46:fe:22:c1:3c:a0:8b:43:d6:92:be:ba:0c:05:01: - 59:0d:ea:32:ee:d2:fe:63:76:17:f4:a4:c3:74:85: - 1e:2f:15:fe:01:b8:1a:27:4f:96:20:55:c2:6e:a4: - b0:3e:ef:ac:07:b9:2f:e3:55:1b:1f:ab:2d:5d:aa: - fc:95:85:9f:ee:e3:25:ee:df:b3:3a:2f:69:04:bb: - e7:37:54:56:3a:02:d2:12:79:05:56:a5:03:3c:47: - f0:12:56:3d:3b:ff:f3:28:8f:73:96:93:38:21:5f: - 98:3b + 00:cc:22:08:58:c2:04:8a:dd:26:10:9e:92:10:2e: + 9c:c1:6f:c5:08:52:71:95:53:38:b5:cb:d0:bf:46: + 54:37:8b:dc:93:8c:f4:01:73:1c:5b:03:9d:e7:c0: + 36:bd:af:33:d1:2a:97:b6:ac:24:8e:93:9d:d1:8e: + 01:fd:96:2f:89:33:71:e6:18:e1:b5:04:fb:ac:ac: + 05:d7:5f:04:b9:83:af:f2:d3:de:4d:ea:58:02:6a: + 39:9c:f2:d7:8d:25:bd:b6:0e:eb:7c:71:1b:00:ab: + 77:ef:38:75:57:77:b2:5b:ac:c2:5d:eb:3c:9e:0a: + 43:2d:bc:8b:4b:f0:6e:83:b5:ef:9b:1d:35:22:25: + b0:37:11:69:9e:42:63:ad:0a:da:f2:a7:4c:76:f8: + 30:0a:c7:82:57:43:aa:07:08:ed:a8:a0:2d:46:63: + 6b:aa:91:c6:eb:d5:a4:ed:cd:27:48:4f:f4:f0:06: + 5f:95:7c:26:cc:b2:bc:73:15:e4:34:9e:16:20:d2: + af:27:13:e1:0d:e2:88:9b:10:34:ae:e7:55:10:00: + 00:6c:19:6f:78:52:ae:37:6d:e3:26:4a:69:59:40: + b2:d7:f1:2c:2b:46:2e:95:d4:0e:0b:e7:06:9b:32: + 01:be:2f:da:12:f4:ac:15:ec:08:11:0d:4a:4e:1c: + 3c:b5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - EF:EB:BB:51:07:08:E2:B1:D5:35:CC:96:47:4C:E6:3E:00:0D:8C:AE + 55:00:E2:BF:82:AB:DE:38:48:85:52:B3:20:D5:26:55:69:0E:47:33 X509v3 Authority Key Identifier: - keyid:84:BA:05:06:4E:33:9D:11:AA:7A:F1:77:1F:A4:69:7E:4C:2D:D4:3F + keyid:0F:21:17:94:40:B1:A6:7C:59:FA:1C:C5:38:CF:62:E8:84:8B:1C:2C Authority Information Access: CA Issuers - URI:http://url-for-aia/I.cer @@ -52,39 +52,39 @@ Certificate: X509v3 Subject Alternative Name: DNS:target Signature Algorithm: sha256WithRSAEncryption - 91:15:64:f2:07:45:63:3c:8b:07:28:31:76:22:df:a1:1e:cd: - a0:a1:8f:9c:62:99:f2:22:f6:22:fb:e4:74:ef:77:17:50:16: - 05:99:46:c5:79:66:19:62:ea:57:38:0c:f2:0d:55:2a:95:7e: - 10:4f:b4:a9:3a:c7:61:af:37:cd:b5:70:85:c0:9e:db:3a:ca: - 70:96:ca:2c:7f:e6:c4:47:f3:42:ae:c3:64:14:31:23:4e:7d: - 24:9b:23:6d:87:69:02:b9:1f:1c:e0:b6:8d:e5:ad:5c:13:f4: - 9f:a3:d8:3b:08:48:24:e5:df:bf:15:03:a4:5a:c7:8d:39:1c: - 6d:1c:45:db:3c:ac:63:39:71:fd:33:4c:b7:3c:ec:5c:de:c8: - a5:41:d9:75:52:c9:45:cc:b7:fa:14:9f:ba:d1:04:aa:9d:ea: - 23:93:e2:c6:35:33:e8:f8:2e:6a:13:e5:ce:f0:ed:8a:b0:5b: - 31:1a:56:91:15:2a:d8:e6:d4:bb:70:91:9d:8d:37:53:09:9a: - af:af:84:67:2c:59:c3:2e:da:56:a6:1f:9b:75:c6:80:b0:f4: - 95:a7:78:15:e3:b5:e9:06:f9:01:63:5b:bf:2f:dd:ff:65:b9: - cc:9b:90:a6:de:90:e3:32:f7:48:bf:3b:fa:a0:c3:98:15:58: - 53:ad:ad:28 + 29:8b:90:40:d5:ca:ba:8b:2e:67:14:8e:13:17:4a:d3:fc:5a: + 80:73:13:82:a7:41:fa:e2:8a:ec:2c:b0:22:f2:71:b1:e8:8b: + 29:62:c8:69:6d:a0:be:28:ec:24:d4:34:64:8b:0d:33:5f:10: + 0b:6a:70:0e:03:b9:78:cc:8f:81:66:04:e6:0f:9b:2d:27:d5: + 45:3d:4e:f0:37:eb:71:3a:85:42:dc:6d:b8:06:c7:a3:1f:3f: + f5:6b:b1:eb:cd:5d:fd:a2:fb:72:76:6a:b9:42:94:bf:33:a9: + 96:23:34:a4:a7:a4:97:8d:4d:8d:55:6d:0f:6e:ee:ba:71:95: + ff:28:16:88:8d:65:e4:1c:f2:4c:88:04:7a:40:f4:69:ab:9d: + 48:e6:93:53:e2:08:c3:06:42:67:cf:7e:f5:45:b1:de:09:22: + 37:5a:fe:1d:92:05:eb:e7:23:90:57:81:68:6a:cd:05:86:04: + 9c:cd:2c:35:16:74:e0:e6:4e:c9:54:8b:7f:14:44:44:da:2b: + 52:19:4a:65:81:3d:d2:d2:33:5e:5c:a5:ef:ed:d0:d0:4a:cb: + 55:21:07:e7:64:22:3e:ce:31:36:fd:a1:ec:f1:32:d0:0c:8b: + 7e:2c:88:c7:2b:3f:9a:e2:5e:89:d7:00:f3:b5:c6:80:e0:46: + de:86:75:df -----BEGIN CERTIFICATE----- MIIDfzCCAmegAwIBAgIBATANBgkqhkiG9w0BAQsFADAMMQowCAYDVQQDDAFJMB4X DTE1MDEwMTEyMDAwMFoXDTIxMDEwMTEyMDAwMFowETEPMA0GA1UEAwwGdGFyZ2V0 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5iBfbI8Xu63auRkiHhnc -BEfNC+lyM29expGqfm6Lmp1qQUc/Z47av+x22eeRWJqaq7VHX5DBwzHerhcJtGq5 -BxqCoQp232mRWgHt7L0fzJ7FJ1QdSPUW4BE98IymkexBNcDqX2HYFKW1SHr9/fie -MFC7c3BLu1KocxiQdTodQnvXDCb9gyZDR/aoLkZtAZYtElrX7MtG/iLBPKCLQ9aS -vroMBQFZDeoy7tL+Y3YX9KTDdIUeLxX+AbgaJ0+WIFXCbqSwPu+sB7kv41UbH6st -Xar8lYWf7uMl7t+zOi9pBLvnN1RWOgLSEnkFVqUDPEfwElY9O//zKI9zlpM4IV+Y -OwIDAQABo4HmMIHjMB0GA1UdDgQWBBTv67tRBwjisdU1zJZHTOY+AA2MrjAfBgNV -HSMEGDAWgBSEugUGTjOdEap68XcfpGl+TC3UPzA0BggrBgEFBQcBAQQoMCYwJAYI +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCIIWMIEit0mEJ6SEC6c +wW/FCFJxlVM4tcvQv0ZUN4vck4z0AXMcWwOd58A2va8z0SqXtqwkjpOd0Y4B/ZYv +iTNx5hjhtQT7rKwF118EuYOv8tPeTepYAmo5nPLXjSW9tg7rfHEbAKt37zh1V3ey +W6zCXes8ngpDLbyLS/Bug7Xvmx01IiWwNxFpnkJjrQra8qdMdvgwCseCV0OqBwjt +qKAtRmNrqpHG69Wk7c0nSE/08AZflXwmzLK8cxXkNJ4WINKvJxPhDeKImxA0rudV +EAAAbBlveFKuN23jJkppWUCy1/EsK0YuldQOC+cGmzIBvi/aEvSsFewIEQ1KThw8 +tQIDAQABo4HmMIHjMB0GA1UdDgQWBBRVAOK/gqveOEiFUrMg1SZVaQ5HMzAfBgNV +HSMEGDAWgBQPIReUQLGmfFn6HMU4z2LohIscLDA0BggrBgEFBQcBAQQoMCYwJAYI KwYBBQUHMAKGGGh0dHA6Ly91cmwtZm9yLWFpYS9JLmNlcjApBgNVHR8EIjAgMB6g HKAahhhodHRwOi8vdXJsLWZvci1jcmwvSS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0G A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjARBgNVHREECjAIggZ0YXJnZXQw -DQYJKoZIhvcNAQELBQADggEBAJEVZPIHRWM8iwcoMXYi36EezaChj5ximfIi9iL7 -5HTvdxdQFgWZRsV5Zhli6lc4DPINVSqVfhBPtKk6x2GvN821cIXAnts6ynCWyix/ -5sRH80Kuw2QUMSNOfSSbI22HaQK5Hxzgto3lrVwT9J+j2DsISCTl378VA6Rax405 -HG0cRds8rGM5cf0zTLc87FzeyKVB2XVSyUXMt/oUn7rRBKqd6iOT4sY1M+j4LmoT -5c7w7YqwWzEaVpEVKtjm1LtwkZ2NN1MJmq+vhGcsWcMu2lamH5t1xoCw9JWneBXj -tekG+QFjW78v3f9lucybkKbekOMy90i/O/qgw5gVWFOtrSg= +DQYJKoZIhvcNAQELBQADggEBACmLkEDVyrqLLmcUjhMXStP8WoBzE4KnQfriiuws +sCLycbHoiyliyGltoL4o7CTUNGSLDTNfEAtqcA4DuXjMj4FmBOYPmy0n1UU9TvA3 +63E6hULcbbgGx6MfP/VrsevNXf2i+3J2arlClL8zqZYjNKSnpJeNTY1VbQ9u7rpx +lf8oFoiNZeQc8kyIBHpA9GmrnUjmk1PiCMMGQmfPfvVFsd4JIjda/h2SBevnI5BX +gWhqzQWGBJzNLDUWdODmTslUi38URETaK1IZSmWBPdLSM15cpe/t0NBKy1UhB+dk +Ij7OMTb9oezxMtAMi34siMcrP5riXonXAPO1xoDgRt6Gdd8= -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_aia_unittest/target_six_aia.pem b/chromium/net/data/cert_issuer_source_aia_unittest/target_six_aia.pem index f18af2db006..aae288098a3 100644 --- a/chromium/net/data/cert_issuer_source_aia_unittest/target_six_aia.pem +++ b/chromium/net/data/cert_issuer_source_aia_unittest/target_six_aia.pem @@ -12,30 +12,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:a8:d1:9d:45:4a:dd:38:b7:b6:76:e5:20:8e:f3: - 68:3a:98:11:33:6e:35:88:1a:ba:18:48:4c:c8:2e: - 72:dd:3d:84:5d:67:ba:99:23:90:14:99:de:7a:6b: - 6c:a7:c9:4f:81:72:d1:62:0a:cb:87:41:c3:c8:74: - 1e:56:b9:96:bf:ea:0c:c8:ff:a8:1b:17:97:74:6f: - 8c:ad:92:42:57:df:6b:e9:d0:4a:9a:0b:05:61:3d: - 50:ce:44:0f:22:41:83:10:f9:02:68:fe:94:c8:e4: - 5b:49:20:1c:02:2c:76:4e:82:0b:8f:f6:ae:53:c1: - df:c0:48:22:78:1e:6f:03:75:00:26:b3:ad:c1:02: - 7f:83:cf:52:7c:6c:58:59:1e:1f:1e:a0:31:b5:38: - 91:4c:e4:2e:c9:71:e4:16:96:33:22:a9:cd:df:9a: - b1:9e:84:29:93:b5:74:f6:5f:9c:8c:9a:3b:8f:11: - a0:8d:82:68:ee:ba:2d:eb:b8:5d:62:f2:32:18:2c: - 84:94:d2:9f:65:e2:2c:eb:93:93:dd:6f:37:1e:ed: - 11:f8:50:ae:d6:e4:68:e3:20:2d:2b:11:cb:fc:37: - cf:14:a7:cf:75:6d:03:44:99:b0:6d:ec:da:a4:fd: - 74:5e:d5:7c:58:42:59:22:bd:1e:53:09:00:0b:45: - 1e:87 + 00:cc:22:08:58:c2:04:8a:dd:26:10:9e:92:10:2e: + 9c:c1:6f:c5:08:52:71:95:53:38:b5:cb:d0:bf:46: + 54:37:8b:dc:93:8c:f4:01:73:1c:5b:03:9d:e7:c0: + 36:bd:af:33:d1:2a:97:b6:ac:24:8e:93:9d:d1:8e: + 01:fd:96:2f:89:33:71:e6:18:e1:b5:04:fb:ac:ac: + 05:d7:5f:04:b9:83:af:f2:d3:de:4d:ea:58:02:6a: + 39:9c:f2:d7:8d:25:bd:b6:0e:eb:7c:71:1b:00:ab: + 77:ef:38:75:57:77:b2:5b:ac:c2:5d:eb:3c:9e:0a: + 43:2d:bc:8b:4b:f0:6e:83:b5:ef:9b:1d:35:22:25: + b0:37:11:69:9e:42:63:ad:0a:da:f2:a7:4c:76:f8: + 30:0a:c7:82:57:43:aa:07:08:ed:a8:a0:2d:46:63: + 6b:aa:91:c6:eb:d5:a4:ed:cd:27:48:4f:f4:f0:06: + 5f:95:7c:26:cc:b2:bc:73:15:e4:34:9e:16:20:d2: + af:27:13:e1:0d:e2:88:9b:10:34:ae:e7:55:10:00: + 00:6c:19:6f:78:52:ae:37:6d:e3:26:4a:69:59:40: + b2:d7:f1:2c:2b:46:2e:95:d4:0e:0b:e7:06:9b:32: + 01:be:2f:da:12:f4:ac:15:ec:08:11:0d:4a:4e:1c: + 3c:b5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 50:7F:07:06:90:38:D2:E8:2A:77:30:AD:87:F8:5B:26:E3:1D:97:47 + 55:00:E2:BF:82:AB:DE:38:48:85:52:B3:20:D5:26:55:69:0E:47:33 X509v3 Authority Key Identifier: - keyid:84:BA:05:06:4E:33:9D:11:AA:7A:F1:77:1F:A4:69:7E:4C:2D:D4:3F + keyid:0F:21:17:94:40:B1:A6:7C:59:FA:1C:C5:38:CF:62:E8:84:8B:1C:2C Authority Information Access: CA Issuers - URI:http://url-for-aia/I.cer @@ -57,32 +57,32 @@ Certificate: X509v3 Subject Alternative Name: DNS:target Signature Algorithm: sha256WithRSAEncryption - 93:3c:98:46:dc:74:09:e3:f0:fd:dd:80:9d:b5:4d:4f:60:f2: - 94:fc:4a:7c:f4:60:f6:70:50:0d:00:22:fa:d8:aa:46:88:de: - 09:43:76:0f:2e:34:a1:d8:6c:a8:0e:7e:a4:09:cb:ae:12:b7: - dc:fa:31:1b:9c:ae:89:c1:36:77:13:f7:68:f8:13:f0:1d:b7: - b0:8a:6f:01:57:62:41:a1:9a:c9:4a:72:23:8a:37:2b:fc:02: - 30:06:16:eb:73:56:30:e6:1b:a7:88:b1:59:24:5b:ee:8b:7d: - 34:b9:12:ba:d8:dd:e1:44:e9:9b:45:b0:5c:75:47:f1:4c:99: - ed:98:d7:c3:a8:a9:7e:4e:5b:a1:9f:f2:bc:61:eb:a2:2b:8d: - ff:ab:a2:6b:37:88:2a:9f:09:83:eb:a9:48:1c:2f:88:ce:5c: - 9f:5d:5d:4a:2f:74:ea:c5:2c:c7:e3:c9:b8:71:f0:80:e1:87: - f7:eb:cb:9c:23:8c:ad:1a:10:e7:00:6e:99:25:eb:2a:97:2f: - 31:96:12:27:9e:e9:59:d8:6a:f5:87:e5:66:e3:61:eb:b6:f9: - 30:27:13:f8:e3:87:27:06:e4:c8:fb:df:f9:49:20:7b:a5:9c: - 90:2e:30:af:00:50:95:ea:95:1c:b4:90:49:df:b4:18:33:04: - 8d:ec:c8:57 + 2f:b7:1b:47:2a:1b:0f:d8:57:f3:cd:7f:bb:a1:ac:5a:31:3c: + 46:0e:c1:3b:a5:5f:3a:ec:2a:fa:6e:a0:ad:bc:00:af:e8:e7: + 5e:9d:d9:8a:ec:81:4d:00:99:12:15:f1:e7:02:fe:58:35:13: + 73:97:4b:36:de:bd:9b:ab:92:94:19:ee:1f:44:e8:fe:e0:c9: + 74:47:e5:b3:8d:40:e7:35:e6:69:2e:b5:a3:ef:83:76:65:20: + 06:92:54:bb:60:50:b1:74:be:40:27:7b:08:e3:82:f3:0f:8e: + 86:fe:cf:7f:a8:75:d1:3a:35:44:7a:12:9d:42:7e:90:5e:6e: + 67:94:77:b0:69:a2:1b:c9:32:28:c9:e3:f8:23:32:57:76:98: + ae:f7:1c:bd:74:5b:47:15:9c:16:80:7e:56:c8:2a:0e:2d:fb: + c8:81:e1:d1:85:ea:15:40:c6:3b:87:86:27:08:ad:98:a7:80: + 73:b8:81:30:7e:f9:3a:19:80:f7:70:95:2b:9d:5e:4c:21:d8: + d4:98:75:b8:f3:96:77:3e:5d:f8:2d:fc:a1:ee:10:26:8a:17: + 11:e3:90:18:5f:5d:6a:03:52:e6:67:d5:5c:59:ce:19:fb:31: + 2d:8d:49:d4:8d:e4:1c:c7:8f:55:fb:69:69:d5:8a:a2:55:02: + 0a:e8:51:99 -----BEGIN CERTIFICATE----- MIIETDCCAzSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADAMMQowCAYDVQQDDAFJMB4X DTE1MDEwMTEyMDAwMFoXDTIxMDEwMTEyMDAwMFowETEPMA0GA1UEAwwGdGFyZ2V0 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNGdRUrdOLe2duUgjvNo -OpgRM241iBq6GEhMyC5y3T2EXWe6mSOQFJneemtsp8lPgXLRYgrLh0HDyHQeVrmW -v+oMyP+oGxeXdG+MrZJCV99r6dBKmgsFYT1QzkQPIkGDEPkCaP6UyORbSSAcAix2 -ToILj/auU8HfwEgieB5vA3UAJrOtwQJ/g89SfGxYWR4fHqAxtTiRTOQuyXHkFpYz -IqnN35qxnoQpk7V09l+cjJo7jxGgjYJo7rot67hdYvIyGCyElNKfZeIs65OT3W83 -Hu0R+FCu1uRo4yAtKxHL/DfPFKfPdW0DRJmwbezapP10XtV8WEJZIr0eUwkAC0Ue -hwIDAQABo4IBsjCCAa4wHQYDVR0OBBYEFFB/BwaQONLoKncwrYf4WybjHZdHMB8G -A1UdIwQYMBaAFIS6BQZOM50Rqnrxdx+kaX5MLdQ/MIH+BggrBgEFBQcBAQSB8TCB +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCIIWMIEit0mEJ6SEC6c +wW/FCFJxlVM4tcvQv0ZUN4vck4z0AXMcWwOd58A2va8z0SqXtqwkjpOd0Y4B/ZYv +iTNx5hjhtQT7rKwF118EuYOv8tPeTepYAmo5nPLXjSW9tg7rfHEbAKt37zh1V3ey +W6zCXes8ngpDLbyLS/Bug7Xvmx01IiWwNxFpnkJjrQra8qdMdvgwCseCV0OqBwjt +qKAtRmNrqpHG69Wk7c0nSE/08AZflXwmzLK8cxXkNJ4WINKvJxPhDeKImxA0rudV +EAAAbBlveFKuN23jJkppWUCy1/EsK0YuldQOC+cGmzIBvi/aEvSsFewIEQ1KThw8 +tQIDAQABo4IBsjCCAa4wHQYDVR0OBBYEFFUA4r+Cq944SIVSsyDVJlVpDkczMB8G +A1UdIwQYMBaAFA8hF5RAsaZ8WfocxTjPYuiEixwsMIH+BggrBgEFBQcBAQSB8TCB 7jAkBggrBgEFBQcwAoYYaHR0cDovL3VybC1mb3ItYWlhL0kuY2VyMCYGCCsGAQUF BzAChhpodHRwOi8vdXJsLWZvci1haWEyL0kyLmZvbzAmBggrBgEFBQcwAoYaaHR0 cDovL3VybC1mb3ItYWlhMy9JMy5mb28wJgYIKwYBBQUHMAKGGmh0dHA6Ly91cmwt @@ -90,10 +90,10 @@ Zm9yLWFpYTQvSTQuZm9vMCYGCCsGAQUFBzAChhpodHRwOi8vdXJsLWZvci1haWE1 L0k1LmZvbzAmBggrBgEFBQcwAoYaaHR0cDovL3VybC1mb3ItYWlhNi9JNi5mb28w KQYDVR0fBCIwIDAeoBygGoYYaHR0cDovL3VybC1mb3ItY3JsL0kuY3JsMA4GA1Ud DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEQYDVR0R -BAowCIIGdGFyZ2V0MA0GCSqGSIb3DQEBCwUAA4IBAQCTPJhG3HQJ4/D93YCdtU1P -YPKU/Ep89GD2cFANACL62KpGiN4JQ3YPLjSh2GyoDn6kCcuuErfc+jEbnK6JwTZ3 -E/do+BPwHbewim8BV2JBoZrJSnIjijcr/AIwBhbrc1Yw5huniLFZJFvui300uRK6 -2N3hROmbRbBcdUfxTJntmNfDqKl+Tluhn/K8YeuiK43/q6JrN4gqnwmD66lIHC+I -zlyfXV1KL3TqxSzH48m4cfCA4Yf368ucI4ytGhDnAG6ZJesqly8xlhInnulZ2Gr1 -h+Vm42HrtvkwJxP444cnBuTI+9/5SSB7pZyQLjCvAFCV6pUctJBJ37QYMwSN7MhX +BAowCIIGdGFyZ2V0MA0GCSqGSIb3DQEBCwUAA4IBAQAvtxtHKhsP2FfzzX+7oaxa +MTxGDsE7pV867Cr6bqCtvACv6OdendmK7IFNAJkSFfHnAv5YNRNzl0s23r2bq5KU +Ge4fROj+4Ml0R+WzjUDnNeZpLrWj74N2ZSAGklS7YFCxdL5AJ3sI44LzD46G/s9/ +qHXROjVEehKdQn6QXm5nlHewaaIbyTIoyeP4IzJXdpiu9xy9dFtHFZwWgH5WyCoO +LfvIgeHRheoVQMY7h4YnCK2Yp4BzuIEwfvk6GYD3cJUrnV5MIdjUmHW485Z3Pl34 +Lfyh7hAmihcR45AYX11qA1LmZ9VcWc4Z+zEtjUnUjeQcx49V+2lp1YqiVQIK6FGZ -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_aia_unittest/target_three_aia.pem b/chromium/net/data/cert_issuer_source_aia_unittest/target_three_aia.pem index 5f24ab3eb3b..db9767c3cc3 100644 --- a/chromium/net/data/cert_issuer_source_aia_unittest/target_three_aia.pem +++ b/chromium/net/data/cert_issuer_source_aia_unittest/target_three_aia.pem @@ -12,30 +12,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ab:6d:a7:ab:5c:a3:04:f8:18:44:5a:e6:16:3b: - 37:be:ec:13:da:6e:5c:55:4e:19:e9:14:d9:f5:0e: - 2e:56:bb:52:bb:58:f0:f7:89:e8:a8:85:47:02:f7: - 51:1c:b8:29:ce:1b:2c:0a:4e:de:8e:c5:d9:a1:aa: - 0f:a3:fd:51:61:fb:7f:e4:e9:05:49:b2:58:6d:10: - fe:11:60:13:24:98:69:17:d1:56:60:93:da:6b:26: - 8b:d7:c3:dc:e5:4f:c0:d1:cd:e5:80:21:3c:68:b0: - 2e:fc:bf:06:9e:2e:0d:26:bf:12:f3:4a:f0:98:9d: - d8:b0:24:3b:27:46:bf:ca:45:29:96:71:00:48:83: - 08:29:22:68:a8:2d:ba:90:38:4b:50:d9:ab:5f:f2: - 89:08:ee:43:ac:e0:ca:2b:2a:45:70:08:23:3b:be: - fe:6f:1d:81:a6:6b:df:19:31:d2:a2:58:b2:87:8c: - 83:ff:ff:5d:47:4d:50:a7:07:3a:b7:1e:f0:b0:6d: - 57:5b:d0:45:06:a5:0e:97:fd:ff:d5:62:71:9f:0d: - bb:35:f0:b8:d1:92:09:42:c9:dd:64:c8:17:8f:3f: - b3:36:dd:ea:5c:58:8e:d6:a4:ed:c1:8e:9f:01:1e: - fd:15:a4:45:97:b8:56:db:85:84:a5:33:82:c1:da: - 82:15 + 00:cc:22:08:58:c2:04:8a:dd:26:10:9e:92:10:2e: + 9c:c1:6f:c5:08:52:71:95:53:38:b5:cb:d0:bf:46: + 54:37:8b:dc:93:8c:f4:01:73:1c:5b:03:9d:e7:c0: + 36:bd:af:33:d1:2a:97:b6:ac:24:8e:93:9d:d1:8e: + 01:fd:96:2f:89:33:71:e6:18:e1:b5:04:fb:ac:ac: + 05:d7:5f:04:b9:83:af:f2:d3:de:4d:ea:58:02:6a: + 39:9c:f2:d7:8d:25:bd:b6:0e:eb:7c:71:1b:00:ab: + 77:ef:38:75:57:77:b2:5b:ac:c2:5d:eb:3c:9e:0a: + 43:2d:bc:8b:4b:f0:6e:83:b5:ef:9b:1d:35:22:25: + b0:37:11:69:9e:42:63:ad:0a:da:f2:a7:4c:76:f8: + 30:0a:c7:82:57:43:aa:07:08:ed:a8:a0:2d:46:63: + 6b:aa:91:c6:eb:d5:a4:ed:cd:27:48:4f:f4:f0:06: + 5f:95:7c:26:cc:b2:bc:73:15:e4:34:9e:16:20:d2: + af:27:13:e1:0d:e2:88:9b:10:34:ae:e7:55:10:00: + 00:6c:19:6f:78:52:ae:37:6d:e3:26:4a:69:59:40: + b2:d7:f1:2c:2b:46:2e:95:d4:0e:0b:e7:06:9b:32: + 01:be:2f:da:12:f4:ac:15:ec:08:11:0d:4a:4e:1c: + 3c:b5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 13:C9:D0:AB:5F:EF:0C:5E:23:88:F5:C4:44:2C:0A:3F:3B:13:21:C2 + 55:00:E2:BF:82:AB:DE:38:48:85:52:B3:20:D5:26:55:69:0E:47:33 X509v3 Authority Key Identifier: - keyid:84:BA:05:06:4E:33:9D:11:AA:7A:F1:77:1F:A4:69:7E:4C:2D:D4:3F + keyid:0F:21:17:94:40:B1:A6:7C:59:FA:1C:C5:38:CF:62:E8:84:8B:1C:2C Authority Information Access: CA Issuers - URI:http://url-for-aia/I.cer @@ -54,41 +54,41 @@ Certificate: X509v3 Subject Alternative Name: DNS:target Signature Algorithm: sha256WithRSAEncryption - 11:88:ca:4b:ea:92:84:28:28:21:ff:a6:22:d3:c3:ab:d0:cd: - b1:6d:bc:db:4c:0a:80:d0:f9:f0:36:6b:41:9d:1e:fc:75:5a: - 61:56:66:62:93:9f:ba:77:f5:e1:aa:0d:72:14:ea:07:3b:2d: - bd:7d:18:f5:b5:82:e6:28:79:b1:c0:c9:41:26:24:58:fd:73: - 4e:6a:ec:b2:b0:52:59:c5:7f:a4:9b:26:2a:5a:43:b2:cb:d4: - 0f:ea:ce:7b:da:e9:f7:0c:10:1b:02:ac:62:4b:03:56:3f:a7: - 29:d1:93:89:45:2f:24:d0:52:54:a6:56:5a:76:e3:06:b1:12: - 49:78:cd:a9:30:a0:9c:48:18:35:7f:28:5d:e9:00:8f:f7:69: - 1a:93:aa:1c:1a:bf:2a:79:68:11:1b:c1:fb:7f:bf:8b:2b:df: - 09:32:69:d5:19:32:bf:ce:12:09:7b:39:57:75:c7:15:9f:b3: - f4:f6:f2:3c:c0:bd:99:c3:57:ab:55:db:55:01:cd:73:f9:52: - 4c:ae:15:86:24:ad:85:57:a8:a5:2c:80:9a:7a:ed:f6:e8:20: - 18:34:8f:bf:b9:00:3d:8e:0c:4b:dc:59:3d:86:62:dc:09:f2: - 03:cd:c0:8c:cd:b9:1d:17:88:ea:44:2c:52:40:89:19:0f:d4: - a7:15:ae:67 + 16:0d:2c:06:91:56:e7:d6:d4:e9:6b:e3:68:37:42:51:0e:2e: + 79:cc:ca:c8:c9:1c:38:15:a6:ac:a8:16:6f:fd:05:7b:3d:c2: + 58:3b:9d:cd:ef:aa:88:11:cc:95:05:70:6e:f5:b9:47:bb:13: + 52:81:01:0d:f3:2e:e3:14:23:48:01:d7:c6:49:01:ce:07:5c: + 0a:90:83:2a:0c:50:d9:af:49:5d:0a:f9:7c:bd:70:7a:56:1e: + 78:d5:5e:38:9b:fe:98:9b:16:f0:c1:97:50:6d:c8:1f:9c:b2: + c2:2f:02:92:cd:5b:9e:1b:9a:e7:8d:10:74:dc:47:90:a0:65: + 4a:e2:41:f5:7f:af:ce:50:46:61:33:2f:97:a2:17:e8:ad:ec: + fd:8e:0a:5f:5e:ba:6c:7c:04:8a:6a:8d:ba:f2:ab:ad:62:60: + ac:83:40:95:64:1b:a1:ee:78:25:28:94:01:5c:a2:69:7a:e0: + 4a:17:1e:61:89:2e:e8:9f:4e:5d:b1:95:66:c1:ba:7b:4c:40: + 0e:0f:5c:b4:cf:11:1a:2a:04:96:62:8c:1a:17:fe:9e:55:a7: + 05:73:08:29:fb:3c:eb:87:69:a7:77:f4:a0:49:30:68:7e:e0: + 63:fd:f2:0b:36:de:0c:2e:33:59:c3:ad:67:f0:51:db:fe:de: + a3:8b:0e:6a -----BEGIN CERTIFICATE----- MIID0jCCArqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAMMQowCAYDVQQDDAFJMB4X DTE1MDEwMTEyMDAwMFoXDTIxMDEwMTEyMDAwMFowETEPMA0GA1UEAwwGdGFyZ2V0 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq22nq1yjBPgYRFrmFjs3 -vuwT2m5cVU4Z6RTZ9Q4uVrtSu1jw94noqIVHAvdRHLgpzhssCk7ejsXZoaoPo/1R -Yft/5OkFSbJYbRD+EWATJJhpF9FWYJPaayaL18Pc5U/A0c3lgCE8aLAu/L8Gni4N -Jr8S80rwmJ3YsCQ7J0a/ykUplnEASIMIKSJoqC26kDhLUNmrX/KJCO5DrODKKypF -cAgjO77+bx2BpmvfGTHSoliyh4yD//9dR01Qpwc6tx7wsG1XW9BFBqUOl/3/1WJx -nw27NfC40ZIJQsndZMgXjz+zNt3qXFiO1qTtwY6fAR79FaRFl7hW24WEpTOCwdqC -FQIDAQABo4IBODCCATQwHQYDVR0OBBYEFBPJ0Ktf7wxeI4j1xEQsCj87EyHCMB8G -A1UdIwQYMBaAFIS6BQZOM50Rqnrxdx+kaX5MLdQ/MIGEBggrBgEFBQcBAQR4MHYw +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCIIWMIEit0mEJ6SEC6c +wW/FCFJxlVM4tcvQv0ZUN4vck4z0AXMcWwOd58A2va8z0SqXtqwkjpOd0Y4B/ZYv +iTNx5hjhtQT7rKwF118EuYOv8tPeTepYAmo5nPLXjSW9tg7rfHEbAKt37zh1V3ey +W6zCXes8ngpDLbyLS/Bug7Xvmx01IiWwNxFpnkJjrQra8qdMdvgwCseCV0OqBwjt +qKAtRmNrqpHG69Wk7c0nSE/08AZflXwmzLK8cxXkNJ4WINKvJxPhDeKImxA0rudV +EAAAbBlveFKuN23jJkppWUCy1/EsK0YuldQOC+cGmzIBvi/aEvSsFewIEQ1KThw8 +tQIDAQABo4IBODCCATQwHQYDVR0OBBYEFFUA4r+Cq944SIVSsyDVJlVpDkczMB8G +A1UdIwQYMBaAFA8hF5RAsaZ8WfocxTjPYuiEixwsMIGEBggrBgEFBQcBAQR4MHYw JAYIKwYBBQUHMAKGGGh0dHA6Ly91cmwtZm9yLWFpYS9JLmNlcjAmBggrBgEFBQcw AoYaaHR0cDovL3VybC1mb3ItYWlhMi9JMi5mb28wJgYIKwYBBQUHMAKGGmh0dHA6 Ly91cmwtZm9yLWFpYTMvSTMuZm9vMCkGA1UdHwQiMCAwHqAcoBqGGGh0dHA6Ly91 cmwtZm9yLWNybC9JLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB BQUHAwEGCCsGAQUFBwMCMBEGA1UdEQQKMAiCBnRhcmdldDANBgkqhkiG9w0BAQsF -AAOCAQEAEYjKS+qShCgoIf+mItPDq9DNsW2820wKgND58DZrQZ0e/HVaYVZmYpOf -unf14aoNchTqBzstvX0Y9bWC5ih5scDJQSYkWP1zTmrssrBSWcV/pJsmKlpDssvU -D+rOe9rp9wwQGwKsYksDVj+nKdGTiUUvJNBSVKZWWnbjBrESSXjNqTCgnEgYNX8o -XekAj/dpGpOqHBq/KnloERvB+3+/iyvfCTJp1Rkyv84SCXs5V3XHFZ+z9PbyPMC9 -mcNXq1XbVQHNc/lSTK4VhiSthVeopSyAmnrt9uggGDSPv7kAPY4MS9xZPYZi3Any -A83AjM25HReI6kQsUkCJGQ/UpxWuZw== +AAOCAQEAFg0sBpFW59bU6WvjaDdCUQ4ueczKyMkcOBWmrKgWb/0Fez3CWDudze+q +iBHMlQVwbvW5R7sTUoEBDfMu4xQjSAHXxkkBzgdcCpCDKgxQ2a9JXQr5fL1welYe +eNVeOJv+mJsW8MGXUG3IH5yywi8Cks1bnhua540QdNxHkKBlSuJB9X+vzlBGYTMv +l6IX6K3s/Y4KX166bHwEimqNuvKrrWJgrINAlWQboe54JSiUAVyiaXrgShceYYku +6J9OXbGVZsG6e0xADg9ctM8RGioElmKMGhf+nlWnBXMIKfs864dpp3f0oEkwaH7g +Y/3yCzbeDC4zWcOtZ/BR2/7eo4sOag== -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_aia_unittest/target_two_aia.pem b/chromium/net/data/cert_issuer_source_aia_unittest/target_two_aia.pem index c530ecb28b8..ebde76a1be3 100644 --- a/chromium/net/data/cert_issuer_source_aia_unittest/target_two_aia.pem +++ b/chromium/net/data/cert_issuer_source_aia_unittest/target_two_aia.pem @@ -12,30 +12,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c8:62:eb:23:95:cd:33:c8:5e:43:58:e3:1e:90: - 82:8d:44:eb:dc:64:d2:cd:fb:09:c2:69:56:11:0f: - d7:8f:cd:20:d7:bc:e3:ae:e9:62:e4:67:3a:d1:31: - 14:45:5b:36:e1:33:00:81:2f:f0:c5:ea:1f:57:ff: - fb:99:43:5b:9f:09:01:83:e0:07:f1:00:42:23:9b: - ef:b2:c2:5d:0f:0e:59:2d:ef:e4:20:e7:fd:f1:96: - 9a:5e:71:7d:db:dd:36:a8:1d:7b:04:bd:74:d9:e5: - 86:d2:34:6e:af:8e:77:8e:35:af:2b:4d:8e:e4:93: - 01:23:a3:27:cd:a5:ce:e0:bd:53:f2:1b:e6:f1:e9: - d2:fb:20:49:01:81:f7:2f:51:5c:d7:63:35:42:de: - 52:f7:bc:1c:1d:6d:af:01:3a:5f:20:59:ee:5d:d6: - 77:1d:cb:d7:ef:14:9e:e1:9f:01:97:7b:bc:a3:d1: - d1:05:6c:64:6c:7d:5a:26:38:b2:5f:f0:a5:3b:f4: - b2:3d:8a:85:f0:25:2d:31:1b:b3:a3:4c:a7:95:2f: - ea:bc:6a:4a:9e:61:19:81:4b:b8:8e:a5:88:3b:36: - 35:e8:e2:35:76:17:29:d8:4e:1a:4c:6d:7c:1d:b2: - e9:79:5b:f5:75:76:78:55:2f:e1:03:2f:94:d6:aa: - 9e:ff + 00:cc:22:08:58:c2:04:8a:dd:26:10:9e:92:10:2e: + 9c:c1:6f:c5:08:52:71:95:53:38:b5:cb:d0:bf:46: + 54:37:8b:dc:93:8c:f4:01:73:1c:5b:03:9d:e7:c0: + 36:bd:af:33:d1:2a:97:b6:ac:24:8e:93:9d:d1:8e: + 01:fd:96:2f:89:33:71:e6:18:e1:b5:04:fb:ac:ac: + 05:d7:5f:04:b9:83:af:f2:d3:de:4d:ea:58:02:6a: + 39:9c:f2:d7:8d:25:bd:b6:0e:eb:7c:71:1b:00:ab: + 77:ef:38:75:57:77:b2:5b:ac:c2:5d:eb:3c:9e:0a: + 43:2d:bc:8b:4b:f0:6e:83:b5:ef:9b:1d:35:22:25: + b0:37:11:69:9e:42:63:ad:0a:da:f2:a7:4c:76:f8: + 30:0a:c7:82:57:43:aa:07:08:ed:a8:a0:2d:46:63: + 6b:aa:91:c6:eb:d5:a4:ed:cd:27:48:4f:f4:f0:06: + 5f:95:7c:26:cc:b2:bc:73:15:e4:34:9e:16:20:d2: + af:27:13:e1:0d:e2:88:9b:10:34:ae:e7:55:10:00: + 00:6c:19:6f:78:52:ae:37:6d:e3:26:4a:69:59:40: + b2:d7:f1:2c:2b:46:2e:95:d4:0e:0b:e7:06:9b:32: + 01:be:2f:da:12:f4:ac:15:ec:08:11:0d:4a:4e:1c: + 3c:b5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - E5:73:F2:21:4B:9E:B8:BB:3C:57:17:0F:F8:0E:E1:6A:FC:F3:2A:48 + 55:00:E2:BF:82:AB:DE:38:48:85:52:B3:20:D5:26:55:69:0E:47:33 X509v3 Authority Key Identifier: - keyid:84:BA:05:06:4E:33:9D:11:AA:7A:F1:77:1F:A4:69:7E:4C:2D:D4:3F + keyid:0F:21:17:94:40:B1:A6:7C:59:FA:1C:C5:38:CF:62:E8:84:8B:1C:2C Authority Information Access: CA Issuers - URI:http://url-for-aia/I.cer @@ -53,40 +53,40 @@ Certificate: X509v3 Subject Alternative Name: DNS:target Signature Algorithm: sha256WithRSAEncryption - 40:67:ce:6d:fa:82:c3:f7:43:ff:8b:04:2e:c8:57:fa:0c:32: - 16:7c:f4:6a:90:a5:bd:31:ba:2f:a6:d6:6a:fe:a9:c5:a2:03: - 2b:87:33:c6:1d:0d:2f:10:aa:15:68:62:a3:5d:bd:d4:3e:2e: - 21:eb:02:36:88:37:6a:47:6a:61:b4:20:db:ba:12:24:3e:5a: - 65:84:39:b6:07:9b:69:30:04:a3:44:ee:f1:8f:2a:55:fb:fd: - bd:bd:76:f2:0f:a8:20:c3:2c:4a:31:94:59:00:2b:d0:ff:a9: - 98:7a:ae:9d:e6:f3:38:6f:7a:8d:f7:e0:b5:c4:75:8c:5e:6c: - 92:47:d4:d2:e0:78:c6:c1:56:f2:10:d3:c0:9f:86:b3:7b:ef: - 0b:20:07:a5:ab:d7:35:ce:d5:48:d6:67:f6:f3:57:72:e6:e5: - e7:81:04:61:dc:a2:f9:47:2b:3f:08:c4:55:41:38:9a:0c:7f: - d2:5f:05:ff:4d:34:8c:4b:4c:6a:6e:73:d2:c2:c3:d3:1c:b0: - 08:6e:17:bb:94:e6:65:6e:da:7e:3f:9c:42:2d:cb:d8:2a:7b: - c9:03:6f:15:e2:6d:63:e6:5e:a7:fb:7c:5e:b3:fe:6a:87:9b: - de:04:91:f6:bb:50:ad:9e:1c:0c:3f:bf:c5:06:99:f0:3f:ad: - 1d:37:26:f5 + 77:29:3a:0d:fd:35:76:ed:b4:ef:07:a4:8f:50:07:e8:fa:d1: + 50:ac:03:49:04:b0:06:85:fa:e5:17:4e:fd:b4:70:40:73:49: + 42:4b:29:c4:92:4b:51:a1:a2:54:65:ed:70:b6:50:ed:87:8c: + b6:ff:f8:88:a9:8b:14:9f:24:d1:2b:82:f6:6a:a7:25:bc:c6: + f0:bf:84:3d:13:ee:ee:73:38:e8:27:f6:9c:94:94:ba:b5:a1: + d3:bb:f4:5e:1e:f2:fb:cf:d0:09:62:c1:a2:08:18:82:2e:b4: + 15:cd:ec:64:3d:af:74:2e:bf:00:ae:55:9b:7b:a5:17:5d:2b: + b6:00:8a:46:fc:28:ab:b2:35:92:2d:87:b0:d6:f6:3a:3a:eb: + dd:84:0b:64:f3:45:25:a6:a1:8c:0e:05:09:31:51:72:92:68: + 9e:75:9e:f4:97:5c:3b:7b:aa:69:18:16:db:be:8b:d8:7b:c1: + ea:45:b5:4c:be:1d:8c:d5:3c:be:dc:4e:16:e3:0e:ec:7a:af: + ab:60:72:83:62:5f:3e:30:fe:81:95:81:d1:cb:c0:e2:ed:ca: + ec:f0:75:2c:71:1c:dd:26:d6:ac:0a:01:82:ca:cd:f7:86:06: + 73:93:e0:ba:0a:04:7a:e6:e5:89:67:b1:ae:77:2b:84:b3:fe: + 3c:a7:55:30 -----BEGIN CERTIFICATE----- MIIDqTCCApGgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAMMQowCAYDVQQDDAFJMB4X DTE1MDEwMTEyMDAwMFoXDTIxMDEwMTEyMDAwMFowETEPMA0GA1UEAwwGdGFyZ2V0 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGLrI5XNM8heQ1jjHpCC -jUTr3GTSzfsJwmlWEQ/Xj80g17zjruli5Gc60TEURVs24TMAgS/wxeofV//7mUNb -nwkBg+AH8QBCI5vvssJdDw5ZLe/kIOf98ZaaXnF92902qB17BL102eWG0jRur453 -jjWvK02O5JMBI6MnzaXO4L1T8hvm8enS+yBJAYH3L1Fc12M1Qt5S97wcHW2vATpf -IFnuXdZ3HcvX7xSe4Z8Bl3u8o9HRBWxkbH1aJjiyX/ClO/SyPYqF8CUtMRuzo0yn -lS/qvGpKnmEZgUu4jqWIOzY16OI1dhcp2E4aTG18HbLpeVv1dXZ4VS/hAy+U1qqe -/wIDAQABo4IBDzCCAQswHQYDVR0OBBYEFOVz8iFLnri7PFcXD/gO4Wr88ypIMB8G -A1UdIwQYMBaAFIS6BQZOM50Rqnrxdx+kaX5MLdQ/MFwGCCsGAQUFBwEBBFAwTjAk +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCIIWMIEit0mEJ6SEC6c +wW/FCFJxlVM4tcvQv0ZUN4vck4z0AXMcWwOd58A2va8z0SqXtqwkjpOd0Y4B/ZYv +iTNx5hjhtQT7rKwF118EuYOv8tPeTepYAmo5nPLXjSW9tg7rfHEbAKt37zh1V3ey +W6zCXes8ngpDLbyLS/Bug7Xvmx01IiWwNxFpnkJjrQra8qdMdvgwCseCV0OqBwjt +qKAtRmNrqpHG69Wk7c0nSE/08AZflXwmzLK8cxXkNJ4WINKvJxPhDeKImxA0rudV +EAAAbBlveFKuN23jJkppWUCy1/EsK0YuldQOC+cGmzIBvi/aEvSsFewIEQ1KThw8 +tQIDAQABo4IBDzCCAQswHQYDVR0OBBYEFFUA4r+Cq944SIVSsyDVJlVpDkczMB8G +A1UdIwQYMBaAFA8hF5RAsaZ8WfocxTjPYuiEixwsMFwGCCsGAQUFBwEBBFAwTjAk BggrBgEFBQcwAoYYaHR0cDovL3VybC1mb3ItYWlhL0kuY2VyMCYGCCsGAQUFBzAC hhpodHRwOi8vdXJsLWZvci1haWEyL0kyLmZvbzApBgNVHR8EIjAgMB6gHKAahhho dHRwOi8vdXJsLWZvci1jcmwvSS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW MBQGCCsGAQUFBwMBBggrBgEFBQcDAjARBgNVHREECjAIggZ0YXJnZXQwDQYJKoZI -hvcNAQELBQADggEBAEBnzm36gsP3Q/+LBC7IV/oMMhZ89GqQpb0xui+m1mr+qcWi -AyuHM8YdDS8QqhVoYqNdvdQ+LiHrAjaIN2pHamG0INu6EiQ+WmWEObYHm2kwBKNE -7vGPKlX7/b29dvIPqCDDLEoxlFkAK9D/qZh6rp3m8zhveo334LXEdYxebJJH1NLg -eMbBVvIQ08CfhrN77wsgB6Wr1zXO1UjWZ/bzV3Lm5eeBBGHcovlHKz8IxFVBOJoM -f9JfBf9NNIxLTGpuc9LCw9McsAhuF7uU5mVu2n4/nEIty9gqe8kDbxXibWPmXqf7 -fF6z/mqHm94Ekfa7UK2eHAw/v8UGmfA/rR03JvU= +hvcNAQELBQADggEBAHcpOg39NXbttO8HpI9QB+j60VCsA0kEsAaF+uUXTv20cEBz +SUJLKcSSS1GholRl7XC2UO2HjLb/+IipixSfJNErgvZqpyW8xvC/hD0T7u5zOOgn +9pyUlLq1odO79F4e8vvP0AliwaIIGIIutBXN7GQ9r3QuvwCuVZt7pRddK7YAikb8 +KKuyNZIth7DW9jo6692EC2TzRSWmoYwOBQkxUXKSaJ51nvSXXDt7qmkYFtu+i9h7 +wepFtUy+HYzVPL7cThbjDux6r6tgcoNiXz4w/oGVgdHLwOLtyuzwdSxxHN0m1qwK +AYLKzfeGBnOT4LoKBHrm5Ylnsa53K4Sz/jynVTA= -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/c1.pem b/chromium/net/data/cert_issuer_source_static_unittest/c1.pem index a646a3443a1..ef15d6b094b 100644 --- a/chromium/net/data/cert_issuer_source_static_unittest/c1.pem +++ b/chromium/net/data/cert_issuer_source_static_unittest/c1.pem @@ -1,4 +1,4 @@ -Generated by ./generate-certs.py. +Generated by generate-certs.py. Refer to generator script docstring for details. Certificate: Data: @@ -14,30 +14,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:bb:13:e9:bf:8b:1d:f4:75:aa:64:73:cd:df:75: - d7:37:79:44:01:6e:57:50:87:9a:17:d0:36:e7:12: - 29:67:47:e2:7b:ff:a1:0c:36:04:a7:dd:7a:a4:7e: - 33:c3:12:6c:56:dd:48:b5:07:83:b6:9c:f1:41:d2: - 72:24:63:d0:08:f8:d3:bf:ea:c7:d2:89:9f:10:57: - 04:ab:63:a5:e0:4b:53:86:a3:05:be:9f:86:b0:b9: - 09:c7:77:20:36:f1:03:f1:46:ef:13:d4:d1:39:11: - 0f:7c:3d:e4:a4:9a:53:9b:f1:2a:7a:1c:52:b7:0c: - 72:38:ea:f7:97:4d:a3:dd:aa:90:77:d6:0f:59:90: - ce:5e:ea:f6:4c:38:9c:15:22:23:dc:36:59:78:24: - ca:79:80:f4:60:4e:46:ac:dc:f5:22:1d:49:40:51: - af:a5:e1:da:1b:8f:81:a7:b0:5b:8e:49:19:06:a7: - 83:a7:22:d0:15:0d:8c:e9:b0:1d:4f:e6:68:e4:ac: - db:31:50:6c:8f:00:f0:cb:30:d5:e5:65:61:ee:6e: - 9c:3a:f5:62:2c:ab:c1:1d:44:c7:de:10:a1:c6:a6: - a2:89:37:66:ab:ff:06:6f:a6:60:d7:36:2b:b7:5a: - 36:72:6b:85:fe:79:4a:63:f4:4e:ef:24:09:0c:42: - 28:c3 + 00:ae:71:64:ba:9f:1d:b4:bc:c9:8a:c7:ed:ef:a5: + f4:42:5d:c6:db:d5:c9:b0:77:45:83:d1:15:bf:2f: + 9b:19:a3:7c:fb:fd:70:62:0d:95:a7:bd:58:9f:2c: + d5:c5:78:fc:fa:23:e0:97:3d:9d:0c:a1:d9:71:8f: + 03:28:c7:7c:d1:09:7f:94:90:74:c1:db:c6:ec:ae: + da:cd:51:45:20:23:3d:f2:23:f5:f6:53:23:86:b0: + 16:84:4a:ea:bd:d4:0a:1a:70:91:70:8d:21:06:b9: + 9e:fc:2f:a2:ad:80:24:b2:06:ed:6b:55:ac:cb:ad: + 70:44:f1:ed:d4:21:e5:cd:fe:1c:42:e8:79:0e:7d: + 87:18:08:c1:85:3c:32:f6:ee:96:dc:5a:84:63:90: + e3:67:a3:fe:31:52:ec:bc:43:24:86:77:a5:56:a3: + 4c:fe:39:2f:ed:d2:75:64:53:30:1a:a3:ce:30:cd: + f2:7b:13:71:be:b4:80:95:9a:a3:8e:f1:3a:f5:15: + 65:a8:a3:91:34:12:67:dc:34:cf:25:5d:8f:ef:79: + 64:49:af:0a:3c:17:89:b5:95:da:85:2b:df:7a:f1: + 57:1f:0f:b0:c1:bc:e1:5b:4a:86:a7:2e:c8:6b:a3: + 96:c6:28:29:d6:33:7c:f2:e7:5e:19:09:6c:93:cb: + 14:cd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 03:19:93:1B:92:8F:1C:2D:2E:A5:71:01:0D:D0:DF:56:D4:7E:EF:8D + 43:56:C8:D4:66:24:6F:71:A2:C8:6F:A6:A1:0B:0F:53:F2:16:15:5B X509v3 Authority Key Identifier: - keyid:84:17:CE:FE:EA:88:CB:E4:D7:19:40:7A:01:E3:62:84:3D:C6:05:EB + keyid:1B:26:D0:C4:43:00:72:E2:A4:AB:01:D1:A4:68:D5:E5:B2:1E:9C:0D Authority Information Access: CA Issuers - URI:http://url-for-aia/I1.cer @@ -52,39 +52,39 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - b7:7c:3d:49:2c:c9:e7:5b:98:21:11:ae:ff:f1:b8:ec:b1:f6: - 59:8b:d0:9c:0c:de:81:89:fe:35:aa:73:8c:56:67:82:bb:0f: - 04:c5:3f:c2:4b:72:2f:29:ae:69:37:0e:86:46:fb:73:af:70: - 8f:36:c3:ad:10:05:41:78:fc:29:9a:79:1d:ce:ff:cc:ec:87: - 8b:ee:da:72:6d:27:7c:7e:44:11:20:79:e0:bd:55:c5:dd:e5: - 9b:1a:ce:dc:8f:9b:25:7d:a1:4b:d0:cc:05:42:7a:2e:b4:79: - 0b:06:5b:28:39:12:a7:54:42:5c:a9:23:a3:8b:64:2e:96:dd: - 35:e0:21:09:ff:60:6d:c1:0b:41:4b:2c:bf:d5:c3:70:64:d0: - 0b:8d:b0:79:3a:b7:00:2e:90:f3:aa:e9:ff:3f:3c:dc:26:7b: - 7e:3e:90:7c:cc:96:d0:4a:f8:8d:b5:e7:49:59:fe:93:c9:8a: - 53:75:db:da:3e:46:af:7c:8b:b6:c8:7a:dd:88:ce:5b:2d:50: - 01:5e:3c:1a:a0:20:b6:4e:60:4c:10:a9:74:d0:36:a0:c6:c8: - 14:d7:3d:1a:11:8d:a3:0b:8a:3a:e2:27:76:c2:bb:26:4c:61: - 29:1d:10:6d:8b:b4:67:a6:66:db:43:76:a0:49:dc:ab:21:64: - 28:5d:d6:cb + a8:bf:98:c5:72:b4:ae:9e:40:52:42:3c:a5:f9:7c:ff:3f:b2: + 71:f6:59:0c:86:66:02:74:7c:ff:59:a5:07:f8:38:fa:8d:d5: + de:b7:e0:24:3c:70:f8:54:c9:a3:7e:6d:85:86:bf:54:0f:6f: + c3:e9:c5:77:dc:42:b6:ad:97:f8:c0:1d:3f:ef:24:92:9f:d4: + 50:bc:0f:d0:82:03:f7:a3:60:b9:12:70:d7:61:25:65:c4:75: + ca:17:15:c5:a6:54:7b:16:5a:3f:0d:55:72:61:16:0c:90:f3: + 77:2a:62:4a:a1:5c:09:c4:3c:4a:4f:dd:85:bc:ac:c6:6a:cb: + 07:0b:15:a5:50:15:05:b9:99:95:54:3f:3a:a2:a0:42:fe:8a: + f6:9f:1b:c7:fc:9d:f2:0f:6e:c2:f6:a9:37:7a:27:8b:25:52: + 45:0e:aa:d5:ad:02:b0:a6:2e:a9:91:8b:6d:22:5a:e4:2a:91: + 1f:0d:f6:c0:88:8e:29:dc:b0:9e:26:8e:18:61:f0:42:bd:9e: + 73:75:f2:48:17:aa:ff:34:9b:38:d4:72:60:e9:38:f8:af:18: + 1c:a0:88:e3:25:cf:c6:22:2f:bf:1c:77:b6:b3:1e:88:d2:17: + 1f:f9:18:31:25:f9:4f:36:e1:51:e8:30:a2:42:f9:9e:cb:35: + 87:30:ce:68 -----BEGIN CERTIFICATE----- MIIDazCCAlOgAwIBAgIBATANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJJMTAe Fw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAwMDBaMA0xCzAJBgNVBAMMAkMxMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxPpv4sd9HWqZHPN33XXN3lE -AW5XUIeaF9A25xIpZ0fie/+hDDYEp916pH4zwxJsVt1ItQeDtpzxQdJyJGPQCPjT -v+rH0omfEFcEq2Ol4EtThqMFvp+GsLkJx3cgNvED8UbvE9TROREPfD3kpJpTm/Eq -ehxStwxyOOr3l02j3aqQd9YPWZDOXur2TDicFSIj3DZZeCTKeYD0YE5GrNz1Ih1J -QFGvpeHaG4+Bp7BbjkkZBqeDpyLQFQ2M6bAdT+Zo5KzbMVBsjwDwyzDV5WVh7m6c -OvViLKvBHUTH3hChxqaiiTdmq/8Gb6Zg1zYrt1o2cmuF/nlKY/RO7yQJDEIowwID -AQABo4HVMIHSMB0GA1UdDgQWBBQDGZMbko8cLS6lcQEN0N9W1H7vjTAfBgNVHSME -GDAWgBSEF87+6ojL5NcZQHoB42KEPcYF6zA1BggrBgEFBQcBAQQpMCcwJQYIKwYB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnFkup8dtLzJisft76X0Ql3G +29XJsHdFg9EVvy+bGaN8+/1wYg2Vp71YnyzVxXj8+iPglz2dDKHZcY8DKMd80Ql/ +lJB0wdvG7K7azVFFICM98iP19lMjhrAWhErqvdQKGnCRcI0hBrme/C+irYAksgbt +a1Wsy61wRPHt1CHlzf4cQuh5Dn2HGAjBhTwy9u6W3FqEY5DjZ6P+MVLsvEMkhnel +VqNM/jkv7dJ1ZFMwGqPOMM3yexNxvrSAlZqjjvE69RVlqKORNBJn3DTPJV2P73lk +Sa8KPBeJtZXahSvfevFXHw+wwbzhW0qGpy7Ia6OWxigp1jN88udeGQlsk8sUzQID +AQABo4HVMIHSMB0GA1UdDgQWBBRDVsjUZiRvcaLIb6ahCw9T8hYVWzAfBgNVHSME +GDAWgBQbJtDEQwBy4qSrAdGkaNXlsh6cDTA1BggrBgEFBQcBAQQpMCcwJQYIKwYB BQUHMAKGGWh0dHA6Ly91cmwtZm9yLWFpYS9JMS5jZXIwKgYDVR0fBCMwITAfoB2g G4YZaHR0cDovL3VybC1mb3ItY3JsL0kxLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYD -VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQC3 -fD1JLMnnW5ghEa7/8bjssfZZi9CcDN6Bif41qnOMVmeCuw8ExT/CS3IvKa5pNw6G -Rvtzr3CPNsOtEAVBePwpmnkdzv/M7IeL7tpybSd8fkQRIHngvVXF3eWbGs7cj5sl -faFL0MwFQnoutHkLBlsoORKnVEJcqSOji2Qult014CEJ/2BtwQtBSyy/1cNwZNAL -jbB5OrcALpDzqun/PzzcJnt+PpB8zJbQSviNtedJWf6TyYpTddvaPkavfIu2yHrd -iM5bLVABXjwaoCC2TmBMEKl00DagxsgU1z0aEY2jC4o64id2wrsmTGEpHRBti7Rn -pmbbQ3agSdyrIWQoXdbL +VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQCo +v5jFcrSunkBSQjyl+Xz/P7Jx9lkMhmYCdHz/WaUH+Dj6jdXet+AkPHD4VMmjfm2F +hr9UD2/D6cV33EK2rZf4wB0/7ySSn9RQvA/QggP3o2C5EnDXYSVlxHXKFxXFplR7 +Flo/DVVyYRYMkPN3KmJKoVwJxDxKT92FvKzGassHCxWlUBUFuZmVVD86oqBC/or2 +nxvH/J3yD27C9qk3eieLJVJFDqrVrQKwpi6pkYttIlrkKpEfDfbAiI4p3LCeJo4Y +YfBCvZ5zdfJIF6r/NJs41HJg6Tj4rxgcoIjjJc/GIi+/HHe2sx6I0hcf+RgxJflP +NuFR6DCiQvmeyzWHMM5o -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/c2.pem b/chromium/net/data/cert_issuer_source_static_unittest/c2.pem index 935a8648bb9..8cd68836540 100644 --- a/chromium/net/data/cert_issuer_source_static_unittest/c2.pem +++ b/chromium/net/data/cert_issuer_source_static_unittest/c2.pem @@ -1,4 +1,4 @@ -Generated by ./generate-certs.py. +Generated by generate-certs.py. Refer to generator script docstring for details. Certificate: Data: @@ -14,30 +14,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:dc:0c:20:7f:23:ae:ea:7d:0c:20:23:32:e1:b0: - 2d:e0:5d:95:b9:5f:89:95:f9:98:5a:df:96:4d:1d: - 66:43:47:15:61:6d:ab:0e:1a:fc:94:46:82:4e:12: - ca:9d:b2:99:78:a1:45:39:4d:6e:6f:5c:ba:c0:62: - ff:93:3e:0d:57:c4:86:4e:0f:fc:7b:7e:01:de:38: - 72:fb:f2:7f:e3:60:f8:0d:42:c3:4f:31:24:3f:96: - d1:73:ac:02:87:f6:30:ab:ec:8a:0e:c2:a5:cf:dd: - e7:91:83:8d:9e:2a:e8:c7:26:6f:0d:d1:ef:54:6f: - a3:91:80:bf:87:0f:77:f7:be:fd:6f:e9:a1:3d:42: - 15:0c:fa:0e:95:7c:de:a3:5e:f2:28:e3:bc:fd:3f: - 27:6d:30:89:e3:51:8a:f4:7f:72:b1:e6:48:12:1e: - 02:d8:b2:fe:64:64:4d:65:17:61:18:5f:1a:f8:f0: - eb:88:35:c8:ad:d0:ed:b4:c6:e3:09:3e:e3:ef:8e: - 40:a1:c7:f3:46:d5:50:a2:ff:ae:49:a4:52:65:4d: - 81:0f:57:ea:92:a6:64:74:90:17:67:82:ca:17:52: - 71:5a:d6:85:65:fe:f0:c7:ff:bb:7b:3d:a0:95:af: - 4c:64:17:56:7f:fe:b9:01:cd:db:b0:df:08:18:c1: - 5f:f3 + 00:b9:9e:f6:53:ca:8c:31:b4:0a:6a:26:23:11:03: + cc:e1:e3:93:9e:d8:76:52:89:2f:0c:42:15:21:c0: + d9:bc:16:ea:6e:bc:39:c0:2f:62:8a:35:c9:95:71: + 4d:a3:45:ac:7f:b3:7e:ec:fa:ac:f3:e8:bf:66:02: + 1a:b1:bd:ce:79:17:6a:19:12:96:eb:b1:9d:dd:e3: + 1c:69:15:e1:f6:34:ed:ba:4d:af:0a:50:03:43:2f: + 9d:7c:8e:79:fa:92:13:2d:73:16:a8:de:72:c2:61: + 19:54:4b:01:2f:5c:a1:77:fc:f7:82:0b:aa:cb:8f: + 55:0d:19:d8:ab:2c:af:35:b4:f7:eb:52:26:97:5e: + 5b:00:f3:a8:12:fa:ce:0d:0d:56:cd:15:1c:7a:67: + 82:9f:b3:fb:5f:05:9c:b7:9f:35:66:3b:18:93:b8: + 2d:1d:47:9b:4b:5e:f3:20:6f:83:c7:5d:91:d2:2b: + 19:9d:a9:f3:46:ff:93:eb:3f:fb:5b:40:a0:8d:5d: + ab:a5:de:d1:02:d4:6b:3e:1a:24:5c:86:a2:ec:9d: + 50:1b:c3:92:22:27:5f:a7:79:5b:40:97:cc:ca:10: + ff:ed:06:2a:51:11:e5:cb:b1:0a:82:84:92:2f:00: + 10:6d:19:af:db:66:53:8d:f7:10:b3:bc:4a:52:83: + eb:b1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 17:8F:59:67:1C:97:6D:5F:5E:91:F1:28:D2:2F:37:9E:46:0F:A9:8D + 37:6E:35:3A:24:04:92:08:FF:D2:5F:88:1F:86:C1:9C:95:A9:0D:72 X509v3 Authority Key Identifier: - keyid:0C:6A:CE:BB:AC:0D:C3:03:19:28:BF:63:76:72:0B:3D:89:5B:D3:B7 + keyid:E3:AC:1D:35:9E:1C:CC:C6:29:9F:37:59:41:C6:DA:C9:44:2C:B2:F3 Authority Information Access: CA Issuers - URI:http://url-for-aia/i1.cer @@ -52,39 +52,39 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 7d:cd:21:c8:a9:3b:3e:d0:8c:47:24:c4:13:1a:ed:9b:b6:1d: - 14:d7:00:9e:5a:6c:6b:c0:6c:48:ab:89:ef:94:09:5b:5b:c3: - a3:54:43:62:70:12:b2:32:cd:15:ab:e9:69:af:15:02:63:71: - b0:9c:6f:ec:67:c9:e1:37:de:1b:ef:b1:5c:2a:95:39:3c:b5: - be:e3:e9:61:81:b5:67:b2:8f:17:8c:20:4b:9b:15:86:d4:0d: - 3b:00:aa:e7:0c:5a:53:93:73:fa:61:c8:d2:05:7d:22:ef:e4: - 3c:45:37:8d:5d:be:83:f8:90:75:33:f0:99:b0:60:36:7c:d4: - 09:fa:23:6a:e5:60:a0:89:94:5d:e9:6d:df:d5:b8:c0:8e:08: - 3b:20:72:e7:5b:03:84:42:fe:ee:e7:46:63:29:58:c4:9a:9b: - 8b:d7:bb:2f:9d:20:5e:5b:04:35:52:79:c6:56:63:d6:44:ae: - d9:5f:e6:c0:6b:fe:f5:8f:ff:3d:2b:7b:a7:8c:0e:36:02:79: - 7f:cd:c4:a5:f4:99:ff:cb:ca:8e:77:9e:de:c2:40:22:b5:d3: - 6d:6c:41:44:ce:b4:21:eb:8c:c3:7f:eb:da:ee:0c:54:9e:5d: - 2c:04:da:df:86:4e:34:b2:a4:8f:a8:9f:ab:73:1d:66:f8:ae: - e8:76:8d:eb + 77:74:20:c3:57:de:ed:a9:59:2c:f2:c8:d2:19:28:ab:c6:4f: + c5:49:80:be:ed:64:43:2e:74:4a:ec:87:90:9e:d2:03:23:3f: + 1f:de:18:7e:9e:20:62:f9:0f:b6:b7:2d:97:61:60:f6:c2:31: + fc:20:9b:d5:b5:cc:3b:47:6f:4c:77:7b:17:99:71:cc:86:46: + 0f:6c:a9:33:3c:82:16:2b:f8:2b:b1:58:6b:44:d7:61:42:30: + fc:e8:ea:ef:47:b0:63:c3:41:30:02:6d:0a:d5:af:0c:54:d1: + a9:3f:d7:e4:98:77:f9:16:d4:81:87:ff:80:69:29:a4:0b:9d: + 61:c1:28:e9:0a:9e:76:5a:78:0e:a1:03:86:a9:88:81:76:94: + 93:ac:64:5d:7f:51:d3:68:3e:61:33:19:cd:f7:50:c3:c8:42: + 60:85:21:44:98:9e:23:97:4d:21:d1:14:a2:9a:b3:99:1c:fb: + 7e:92:1c:10:99:e6:01:e7:38:aa:c2:6d:8a:d3:1a:b7:56:cc: + 81:86:31:53:5b:4d:0c:15:a4:f1:0f:cd:9a:ee:5f:ec:b8:12: + 20:36:eb:1b:8b:b5:82:3e:43:7e:24:43:8e:d5:1a:9e:5c:41: + 0b:50:c8:1c:aa:8c:4e:69:91:3e:11:94:35:9c:3b:c3:bd:1a: + 0b:dd:a9:aa -----BEGIN CERTIFICATE----- MIIDazCCAlOgAwIBAgIBATANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJpMTAe Fw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAwMDBaMA0xCzAJBgNVBAMMAkMyMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AwgfyOu6n0MICMy4bAt4F2V -uV+JlfmYWt+WTR1mQ0cVYW2rDhr8lEaCThLKnbKZeKFFOU1ub1y6wGL/kz4NV8SG -Tg/8e34B3jhy+/J/42D4DULDTzEkP5bRc6wCh/Ywq+yKDsKlz93nkYONniroxyZv -DdHvVG+jkYC/hw939779b+mhPUIVDPoOlXzeo17yKOO8/T8nbTCJ41GK9H9yseZI -Eh4C2LL+ZGRNZRdhGF8a+PDriDXIrdDttMbjCT7j745AocfzRtVQov+uSaRSZU2B -D1fqkqZkdJAXZ4LKF1JxWtaFZf7wx/+7ez2gla9MZBdWf/65Ac3bsN8IGMFf8wID -AQABo4HVMIHSMB0GA1UdDgQWBBQXj1lnHJdtX16R8SjSLzeeRg+pjTAfBgNVHSME -GDAWgBQMas67rA3DAxkov2N2cgs9iVvTtzA1BggrBgEFBQcBAQQpMCcwJQYIKwYB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZ72U8qMMbQKaiYjEQPM4eOT +nth2UokvDEIVIcDZvBbqbrw5wC9iijXJlXFNo0Wsf7N+7Pqs8+i/ZgIasb3OeRdq +GRKW67Gd3eMcaRXh9jTtuk2vClADQy+dfI55+pITLXMWqN5ywmEZVEsBL1yhd/z3 +gguqy49VDRnYqyyvNbT361Iml15bAPOoEvrODQ1WzRUcemeCn7P7XwWct581ZjsY +k7gtHUebS17zIG+Dx12R0isZnanzRv+T6z/7W0CgjV2rpd7RAtRrPhokXIai7J1Q +G8OSIidfp3lbQJfMyhD/7QYqURHly7EKgoSSLwAQbRmv22ZTjfcQs7xKUoPrsQID +AQABo4HVMIHSMB0GA1UdDgQWBBQ3bjU6JASSCP/SX4gfhsGclakNcjAfBgNVHSME +GDAWgBTjrB01nhzMximfN1lBxtrJRCyy8zA1BggrBgEFBQcBAQQpMCcwJQYIKwYB BQUHMAKGGWh0dHA6Ly91cmwtZm9yLWFpYS9pMS5jZXIwKgYDVR0fBCMwITAfoB2g G4YZaHR0cDovL3VybC1mb3ItY3JsL2kxLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYD -VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQB9 -zSHIqTs+0IxHJMQTGu2bth0U1wCeWmxrwGxIq4nvlAlbW8OjVENicBKyMs0Vq+lp -rxUCY3GwnG/sZ8nhN94b77FcKpU5PLW+4+lhgbVnso8XjCBLmxWG1A07AKrnDFpT -k3P6YcjSBX0i7+Q8RTeNXb6D+JB1M/CZsGA2fNQJ+iNq5WCgiZRd6W3f1bjAjgg7 -IHLnWwOEQv7u50ZjKVjEmpuL17svnSBeWwQ1UnnGVmPWRK7ZX+bAa/71j/89K3un -jA42Anl/zcSl9Jn/y8qOd57ewkAitdNtbEFEzrQh64zDf+va7gxUnl0sBNrfhk40 -sqSPqJ+rcx1m+K7odo3r +VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQB3 +dCDDV97tqVks8sjSGSirxk/FSYC+7WRDLnRK7IeQntIDIz8f3hh+niBi+Q+2ty2X +YWD2wjH8IJvVtcw7R29Md3sXmXHMhkYPbKkzPIIWK/grsVhrRNdhQjD86OrvR7Bj +w0EwAm0K1a8MVNGpP9fkmHf5FtSBh/+AaSmkC51hwSjpCp52WngOoQOGqYiBdpST +rGRdf1HTaD5hMxnN91DDyEJghSFEmJ4jl00h0RSimrOZHPt+khwQmeYB5ziqwm2K +0xq3VsyBhjFTW00MFaTxD82a7l/suBIgNusbi7WCPkN+JEOO1RqeXEELUMgcqoxO +aZE+EZQ1nDvDvRoL3amq -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/d.pem b/chromium/net/data/cert_issuer_source_static_unittest/d.pem index c6bdbb97cff..cf347a89e61 100644 --- a/chromium/net/data/cert_issuer_source_static_unittest/d.pem +++ b/chromium/net/data/cert_issuer_source_static_unittest/d.pem @@ -1,4 +1,4 @@ -Generated by ./generate-certs.py. +Generated by generate-certs.py. Refer to generator script docstring for details. Certificate: Data: @@ -14,30 +14,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:d5:0f:8b:7e:d9:f3:86:97:fc:5f:8a:c7:df:e7: - 7e:18:c0:ee:c0:3a:8e:e6:75:65:30:6d:a4:7b:4e: - ef:63:82:ac:0c:46:81:ac:42:ff:12:53:06:51:6a: - d2:9f:e0:2a:15:cb:3c:80:d3:2a:8b:10:30:ff:0f: - bc:47:ab:72:2d:bd:14:06:73:8f:58:ce:4a:64:2f: - 41:eb:a6:2f:77:2d:67:04:d7:b9:00:b1:de:8b:9d: - 05:a0:b3:8f:46:5d:24:c9:2f:ba:e0:c1:c4:a0:5b: - 16:48:6a:f9:a0:0e:82:9b:d4:85:f4:2d:53:07:02: - 94:ec:2c:d2:bd:bc:86:c1:dc:3b:d7:a2:12:5e:38: - 78:4b:9d:30:4b:16:1b:36:6f:9a:12:93:89:f6:fa: - 5f:21:11:7d:ef:b2:ed:03:ab:7c:03:28:48:65:76: - 10:8e:b3:46:2b:19:a4:16:32:1a:ed:fe:19:fc:37: - 93:9d:65:57:ad:9c:6b:88:26:f6:30:bc:83:22:d6: - c0:51:17:2b:e7:79:b1:bc:45:b7:34:4b:ac:3c:40: - 8d:83:80:41:88:a4:25:46:ed:00:77:09:4f:39:cf: - 98:41:6f:49:ad:25:35:e3:01:98:49:13:7d:5e:f5: - 86:84:f1:e4:71:fb:ba:4a:ee:af:31:16:56:1f:f7: - df:cf + 00:c2:ae:07:4a:35:ce:ea:26:bf:b9:d4:ac:b8:c2: + 4b:40:c7:99:e2:52:d5:24:8a:83:1a:31:fd:dd:b4: + ec:b9:8a:90:67:d9:7f:d3:ea:7f:8a:96:d6:ab:a5: + e8:ee:59:61:6d:f3:7f:26:14:82:19:90:f4:65:21: + 68:22:45:58:5a:2e:d4:94:31:a7:13:2c:27:0f:07: + 26:9a:77:dc:47:9a:d7:04:18:94:bd:09:e3:fc:fa: + ef:44:61:f0:b6:c6:65:37:95:8e:c5:67:86:7f:cc: + 58:e7:e8:43:de:ee:cb:de:ad:68:00:95:f4:cd:21: + e7:db:33:09:c1:6d:6b:53:eb:8d:f3:53:cc:7a:a3: + f0:86:bb:0f:2c:3f:94:11:d5:dd:52:44:96:c1:97: + 4a:d3:ca:48:40:b5:67:95:3d:c6:58:44:ac:6d:a3: + 2f:a4:60:eb:72:48:b8:1d:cb:3d:6b:0a:b0:bf:3d: + 42:68:cc:7d:29:78:29:9e:3d:ec:16:ae:84:98:31: + fe:ce:b2:b5:f7:ac:89:e8:df:c7:f1:ad:86:38:22: + fc:24:66:56:cc:5f:09:d8:23:eb:d2:67:96:b1:67: + de:f6:ae:bb:8e:db:88:a9:39:fc:9c:82:35:8b:b8: + 49:54:b4:5f:78:5b:94:c3:4f:9f:bc:bf:0b:06:fc: + 04:65 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - AE:28:BD:DE:6F:60:00:2A:01:59:8F:FD:E6:C5:27:65:CD:01:04:37 + D1:6E:9D:B4:88:56:98:C2:B2:A3:45:F5:95:3E:49:A0:70:45:13:EA X509v3 Authority Key Identifier: - keyid:B7:FB:54:77:0C:76:74:B0:72:84:2F:4E:AF:24:1F:CA:62:8D:99:61 + keyid:3C:E2:AD:12:A1:C0:96:C8:53:4A:6B:B2:49:5C:5A:A6:1E:A9:19:EC Authority Information Access: CA Issuers - URI:http://url-for-aia/I2.cer @@ -52,39 +52,39 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 16:1a:ad:91:a8:9a:d5:d2:63:d4:8c:61:73:0e:d4:14:66:ee: - ef:4e:cb:f4:40:82:42:95:60:ae:65:59:99:ca:62:47:47:48: - 6a:d8:c7:4b:b2:62:a2:c7:45:8a:92:a6:69:0e:f3:7d:8f:9d: - 0b:a7:ba:c0:61:80:76:46:ef:2b:80:56:3a:21:1d:e4:52:2d: - a0:98:bf:36:cc:36:4e:40:2c:55:48:93:39:e3:d7:54:21:48: - ce:03:65:9a:df:59:07:d5:76:5e:5c:25:fb:84:3e:a1:54:98: - ad:d4:7d:ff:7e:c5:62:5e:43:c1:33:f8:04:6d:dd:23:b5:8a: - 48:55:7a:55:69:a5:da:23:46:a2:58:29:6c:22:05:a2:ea:b0: - be:81:5d:6c:a1:9a:7c:41:a1:ae:02:de:4f:87:5b:83:01:81: - 4f:ba:dc:5f:0a:04:41:83:da:5d:79:2d:9a:ca:82:84:48:1d: - b7:a7:b4:e5:ab:28:6b:33:33:09:fc:d7:d8:80:0d:d6:f6:38: - 79:91:44:39:28:b8:bf:ee:4a:43:9b:27:42:7a:f2:e2:3c:4d: - 89:1d:21:e0:ce:ec:06:e0:2e:b2:dc:f2:0a:15:7c:33:0b:ec: - 36:8e:26:31:0e:f8:f7:e8:3d:07:d7:2c:91:c3:0c:35:7a:76: - f3:67:02:c1 + 36:b1:65:08:c1:02:03:41:4e:6f:94:df:7a:70:d9:e0:a2:53: + 81:3c:6e:c0:91:2d:c7:73:5d:3f:69:f6:da:93:65:1b:01:c1: + a1:5a:ac:d4:0b:0b:0a:22:b3:56:ad:dc:f0:f3:3c:63:21:3d: + ad:f2:d3:71:d7:26:71:b6:a8:02:a0:e0:bb:f4:27:39:93:f6: + 78:d7:fb:1c:ad:9c:ff:48:b0:a6:00:cd:4c:ce:87:45:2b:19: + 15:6c:89:45:46:bc:7b:4b:0a:d0:11:ae:fd:cb:30:b7:15:1c: + 37:96:f2:0d:86:99:24:a9:01:bc:f9:7f:1b:73:b9:15:c3:c8: + ba:25:fc:c7:96:ee:83:b7:39:c3:f0:d8:80:90:58:a8:15:bf: + dd:16:bf:62:83:a0:a3:5d:0f:38:0b:78:0b:4a:83:17:88:67: + 20:ca:70:f8:a2:26:89:15:aa:21:8a:b4:ac:7e:29:49:a8:2a: + 8f:72:65:7c:06:6b:a9:d8:f3:c8:3c:b6:03:27:e3:61:ea:3a: + 51:cd:e4:5c:7f:69:9f:9a:c2:f3:c0:0f:16:5a:99:92:c5:1f: + cd:c1:9f:7e:03:18:e3:4f:65:be:56:38:26:2a:f5:18:68:57: + 9f:84:f9:87:f3:9c:34:04:a4:5b:0f:53:4f:5c:ad:c4:6f:5c: + 06:2b:c4:15 -----BEGIN CERTIFICATE----- MIIDajCCAlKgAwIBAgIBATANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJJMjAe Fw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAwMDBaMAwxCjAIBgNVBAMMAUQwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVD4t+2fOGl/xfisff534YwO7A -Oo7mdWUwbaR7Tu9jgqwMRoGsQv8SUwZRatKf4CoVyzyA0yqLEDD/D7xHq3ItvRQG -c49YzkpkL0Hrpi93LWcE17kAsd6LnQWgs49GXSTJL7rgwcSgWxZIavmgDoKb1IX0 -LVMHApTsLNK9vIbB3DvXohJeOHhLnTBLFhs2b5oSk4n2+l8hEX3vsu0Dq3wDKEhl -dhCOs0YrGaQWMhrt/hn8N5OdZVetnGuIJvYwvIMi1sBRFyvnebG8Rbc0S6w8QI2D -gEGIpCVG7QB3CU85z5hBb0mtJTXjAZhJE31e9YaE8eRx+7pK7q8xFlYf99/PAgMB -AAGjgdUwgdIwHQYDVR0OBBYEFK4ovd5vYAAqAVmP/ebFJ2XNAQQ3MB8GA1UdIwQY -MBaAFLf7VHcMdnSwcoQvTq8kH8pijZlhMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEF +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCrgdKNc7qJr+51Ky4wktAx5ni +UtUkioMaMf3dtOy5ipBn2X/T6n+KltarpejuWWFt838mFIIZkPRlIWgiRVhaLtSU +MacTLCcPByaad9xHmtcEGJS9CeP8+u9EYfC2xmU3lY7FZ4Z/zFjn6EPe7sverWgA +lfTNIefbMwnBbWtT643zU8x6o/CGuw8sP5QR1d1SRJbBl0rTykhAtWeVPcZYRKxt +oy+kYOtySLgdyz1rCrC/PUJozH0peCmePewWroSYMf7OsrX3rIno38fxrYY4Ivwk +ZlbMXwnYI+vSZ5axZ972rruO24ipOfycgjWLuElUtF94W5TDT5+8vwsG/ARlAgMB +AAGjgdUwgdIwHQYDVR0OBBYEFNFunbSIVpjCsqNF9ZU+SaBwRRPqMB8GA1UdIwQY +MBaAFDzirRKhwJbIU0prsklcWqYeqRnsMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEF BQcwAoYZaHR0cDovL3VybC1mb3ItYWlhL0kyLmNlcjAqBgNVHR8EIzAhMB+gHaAb hhlodHRwOi8vdXJsLWZvci1jcmwvSTIuY3JsMA4GA1UdDwEB/wQEAwIFoDAdBgNV -HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBABYa -rZGomtXSY9SMYXMO1BRm7u9Oy/RAgkKVYK5lWZnKYkdHSGrYx0uyYqLHRYqSpmkO -832PnQunusBhgHZG7yuAVjohHeRSLaCYvzbMNk5ALFVIkznj11QhSM4DZZrfWQfV -dl5cJfuEPqFUmK3Uff9+xWJeQ8Ez+ARt3SO1ikhVelVppdojRqJYKWwiBaLqsL6B -XWyhmnxBoa4C3k+HW4MBgU+63F8KBEGD2l15LZrKgoRIHbentOWrKGszMwn819iA -Ddb2OHmRRDkouL/uSkObJ0J68uI8TYkdIeDO7AbgLrLc8goVfDML7DaOJjEO+Pfo -PQfXLJHDDDV6dvNnAsE= +HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBADax +ZQjBAgNBTm+U33pw2eCiU4E8bsCRLcdzXT9p9tqTZRsBwaFarNQLCwois1at3PDz +PGMhPa3y03HXJnG2qAKg4Lv0JzmT9njX+xytnP9IsKYAzUzOh0UrGRVsiUVGvHtL +CtARrv3LMLcVHDeW8g2GmSSpAbz5fxtzuRXDyLol/MeW7oO3OcPw2ICQWKgVv90W +v2KDoKNdDzgLeAtKgxeIZyDKcPiiJokVqiGKtKx+KUmoKo9yZXwGa6nY88g8tgMn +42HqOlHN5Fx/aZ+awvPADxZamZLFH83Bn34DGONPZb5WOCYq9RhoV5+E+YfznDQE +pFsPU09crcRvXAYrxBU= -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/e1.pem b/chromium/net/data/cert_issuer_source_static_unittest/e1.pem index c722f529134..9d430355372 100644 --- a/chromium/net/data/cert_issuer_source_static_unittest/e1.pem +++ b/chromium/net/data/cert_issuer_source_static_unittest/e1.pem @@ -1,4 +1,4 @@ -Generated by ./generate-certs.py. +Generated by generate-certs.py. Refer to generator script docstring for details. Certificate: Data: @@ -14,30 +14,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:f1:7c:c7:ef:ed:ae:f5:de:8a:c1:fd:b9:78:1c: - 8b:8b:73:54:19:45:78:0a:a9:56:df:05:7a:bb:3b: - 98:18:88:cf:d4:c2:c4:d9:66:5a:81:34:21:47:cb: - b7:d2:b4:9a:c6:22:ae:33:fa:f0:6a:3d:6f:7b:e1: - ad:7c:fe:e7:33:72:bc:53:aa:d8:92:06:9a:c8:5b: - 1a:8a:eb:b5:d5:72:de:df:43:97:78:22:e6:da:09: - 15:46:55:6c:88:c6:4e:4d:81:3d:6d:41:40:10:fc: - 64:d9:ee:7b:63:fe:fa:77:f1:58:ff:09:b8:46:e2: - 50:53:68:39:e1:5c:47:05:99:84:dd:3f:dc:e0:27: - f9:db:11:39:0c:71:a4:09:b5:42:86:04:f9:f4:fa: - 4a:34:f9:4b:cd:d3:c5:41:4d:4d:7d:47:27:f4:88: - 5a:cb:4a:62:65:6d:a8:76:27:6c:95:5b:40:91:3d: - 49:e2:dc:b9:c4:45:b3:e9:e3:65:67:1a:a4:e2:86: - f5:32:1a:fb:e6:95:7b:b0:4f:5b:89:d4:a7:5d:a3: - 50:a9:5e:bf:aa:c3:e5:0b:72:5c:1e:7f:e6:42:05: - 1f:21:f3:71:37:2e:48:f0:b6:0a:09:4f:2a:f5:81: - fd:46:b5:ba:e1:5f:04:82:8a:6e:b7:83:32:e9:7d: - 7a:35 + 00:ae:91:6b:78:fb:33:11:82:bb:52:ce:22:b5:28: + a4:c1:bb:17:65:49:6f:85:08:98:3f:2b:e1:b6:d5: + 43:42:5c:9f:30:b5:91:9c:28:6a:66:13:62:b2:cf: + 01:90:1b:0c:c6:58:81:9b:78:f6:77:12:e2:1a:32: + 9f:a9:f3:d0:59:56:95:8b:bf:6b:b8:39:d5:77:04: + 46:66:49:dd:1e:65:11:8d:51:a7:b5:25:d1:d0:25: + 73:00:27:98:3a:02:31:90:86:cf:a8:53:dd:10:fc: + a5:f6:29:85:cd:ea:c9:d9:08:7b:58:87:c3:6a:72: + f2:17:7d:e7:e2:be:f7:88:c8:79:b5:29:43:2e:9a: + e8:3c:e0:0b:42:47:c2:0e:3e:b1:6f:2e:a9:78:f0: + 33:0c:b1:b9:67:3c:3f:ac:47:14:33:1d:2a:5a:37: + 7d:24:7f:ca:a7:4d:7c:a9:28:82:86:3b:ab:6f:d2: + 65:6e:e3:cc:f6:7a:96:65:81:7c:e9:8d:64:46:45: + 46:fc:f4:9f:6f:67:f8:9a:2b:df:cc:a9:3a:de:31: + 13:a9:08:99:d1:fd:44:99:be:28:cd:74:bc:84:58: + f5:d9:df:bd:f5:2b:a9:bb:ec:f3:50:e2:75:bb:19: + da:d4:f9:89:55:0f:33:1f:5e:ec:48:1d:e0:91:2d: + 83:a1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 47:02:FD:6B:F5:26:65:BB:20:CA:5C:49:51:67:52:51:43:AB:40:02 + 7B:31:A7:9B:6B:7F:0F:2F:2E:F1:FC:54:09:FB:1A:5F:66:8D:EC:8E X509v3 Authority Key Identifier: - keyid:B3:B8:D0:C2:16:D7:60:93:F5:51:DB:DF:12:8A:B5:36:66:76:C4:6C + keyid:02:D2:01:6B:5B:63:DC:4E:54:01:08:CD:A7:27:A0:85:29:78:E1:D3 Authority Information Access: CA Issuers - URI:http://url-for-aia/I3.cer @@ -52,39 +52,39 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 53:6d:3b:42:d8:23:af:be:ae:ef:dd:78:47:45:07:93:a9:84: - 1d:e9:a3:11:7f:77:0b:96:31:42:af:68:ca:4d:ed:84:f5:63: - 47:6c:4e:84:f6:79:e5:8c:da:ad:52:02:b7:f2:a3:3c:0e:95: - a3:8b:fc:54:94:02:5b:29:aa:a6:db:f7:74:da:42:9f:7a:7f: - de:bf:33:37:07:b9:bc:0a:5d:6f:77:86:89:98:6c:69:92:bf: - 9d:57:1d:da:fb:29:d6:80:ee:32:ed:53:25:66:24:53:57:10: - 79:8a:77:4e:77:15:11:4e:5e:db:2d:35:05:a5:14:09:d2:6c: - 96:76:41:7c:18:e1:fd:a7:22:a8:4c:d4:31:d0:7d:85:19:0d: - c9:2e:9f:15:09:a4:b8:c2:b5:95:71:29:78:09:fb:b4:87:a4: - 2f:0a:06:12:8f:14:49:8d:64:16:5f:5a:8f:72:5b:a6:c4:ce: - 73:c9:eb:e8:9d:80:b7:76:fd:80:33:5b:6e:dd:97:88:01:49: - 50:6e:7d:55:5d:1a:6d:e8:4c:53:4d:d0:d8:62:ef:25:09:bb: - 84:18:d4:f6:f3:3e:c0:a9:ef:ad:be:14:9b:db:6b:04:5a:c3: - 6b:59:5d:cb:bf:1b:60:6b:00:ab:cb:69:f2:b7:14:97:d2:3c: - af:a0:49:11 + 91:1b:ee:94:8b:1b:b9:a4:80:55:9f:83:f3:ee:a2:82:db:71: + df:53:39:07:05:61:7f:37:07:f9:f0:12:66:ef:28:a1:ac:8a: + 84:9f:3f:4f:6b:35:f3:53:a5:6d:24:4f:cb:a7:47:83:72:f2: + e8:05:0f:7e:c2:f1:d1:89:c4:a0:70:13:97:d4:3e:56:0b:4a: + b9:45:63:d1:0a:64:d8:6b:72:4f:e3:52:d5:f3:c2:23:a3:ec: + bb:4f:c4:4d:eb:f5:5c:bd:6e:91:17:cb:93:9a:cb:34:44:88: + 9f:3f:bc:ce:36:44:0a:c9:cc:e3:64:c2:20:60:9c:f8:f8:ab: + 9d:b2:c6:93:0c:bf:57:03:ff:d4:8a:ed:b2:ed:36:18:cc:ad: + 77:59:fc:42:18:a6:5d:d5:0c:5d:01:3c:86:28:83:ac:b5:bd: + c8:f3:05:99:56:7a:b3:19:c9:bb:06:a5:a2:b4:b6:a4:84:0d: + 32:ec:31:de:32:86:ef:ed:b1:c3:6b:33:c3:98:db:12:78:2e: + eb:ad:3f:20:04:b1:1b:74:0c:79:e8:f8:73:2f:80:f3:f0:0d: + 27:35:19:ca:62:ae:fc:50:b4:39:11:99:8a:1b:57:54:9e:d3: + 59:45:ee:bf:9a:54:8c:f9:28:9b:69:e8:0d:8f:1e:d2:9f:31: + c3:9d:05:91 -----BEGIN CERTIFICATE----- MIIDazCCAlOgAwIBAgIBATANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJJMzAe Fw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAwMDBaMA0xCzAJBgNVBAMMAkUxMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8XzH7+2u9d6Kwf25eByLi3NU -GUV4CqlW3wV6uzuYGIjP1MLE2WZagTQhR8u30rSaxiKuM/rwaj1ve+GtfP7nM3K8 -U6rYkgaayFsaiuu11XLe30OXeCLm2gkVRlVsiMZOTYE9bUFAEPxk2e57Y/76d/FY -/wm4RuJQU2g54VxHBZmE3T/c4Cf52xE5DHGkCbVChgT59PpKNPlLzdPFQU1NfUcn -9Ihay0piZW2odidslVtAkT1J4ty5xEWz6eNlZxqk4ob1Mhr75pV7sE9bidSnXaNQ -qV6/qsPlC3JcHn/mQgUfIfNxNy5I8LYKCU8q9YH9RrW64V8Egoput4My6X16NQID -AQABo4HVMIHSMB0GA1UdDgQWBBRHAv1r9SZluyDKXElRZ1JRQ6tAAjAfBgNVHSME -GDAWgBSzuNDCFtdgk/VR298SirU2ZnbEbDA1BggrBgEFBQcBAQQpMCcwJQYIKwYB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpFrePszEYK7Us4itSikwbsX +ZUlvhQiYPyvhttVDQlyfMLWRnChqZhNiss8BkBsMxliBm3j2dxLiGjKfqfPQWVaV +i79ruDnVdwRGZkndHmURjVGntSXR0CVzACeYOgIxkIbPqFPdEPyl9imFzerJ2Qh7 +WIfDanLyF33n4r73iMh5tSlDLproPOALQkfCDj6xby6pePAzDLG5Zzw/rEcUMx0q +Wjd9JH/Kp018qSiChjurb9JlbuPM9nqWZYF86Y1kRkVG/PSfb2f4mivfzKk63jET +qQiZ0f1Emb4ozXS8hFj12d+99Supu+zzUOJ1uxna1PmJVQ8zH17sSB3gkS2DoQID +AQABo4HVMIHSMB0GA1UdDgQWBBR7Maeba38PLy7x/FQJ+xpfZo3sjjAfBgNVHSME +GDAWgBQC0gFrW2PcTlQBCM2nJ6CFKXjh0zA1BggrBgEFBQcBAQQpMCcwJQYIKwYB BQUHMAKGGWh0dHA6Ly91cmwtZm9yLWFpYS9JMy5jZXIwKgYDVR0fBCMwITAfoB2g G4YZaHR0cDovL3VybC1mb3ItY3JsL0kzLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYD -VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBT -bTtC2COvvq7v3XhHRQeTqYQd6aMRf3cLljFCr2jKTe2E9WNHbE6E9nnljNqtUgK3 -8qM8DpWji/xUlAJbKaqm2/d02kKfen/evzM3B7m8Cl1vd4aJmGxpkr+dVx3a+ynW -gO4y7VMlZiRTVxB5indOdxURTl7bLTUFpRQJ0myWdkF8GOH9pyKoTNQx0H2FGQ3J -Lp8VCaS4wrWVcSl4Cfu0h6QvCgYSjxRJjWQWX1qPclumxM5zyevonYC3dv2AM1tu -3ZeIAUlQbn1VXRpt6ExTTdDYYu8lCbuEGNT28z7Aqe+tvhSb22sEWsNrWV3Lvxtg -awCry2nytxSX0jyvoEkR +VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQCR +G+6Uixu5pIBVn4Pz7qKC23HfUzkHBWF/Nwf58BJm7yihrIqEnz9PazXzU6VtJE/L +p0eDcvLoBQ9+wvHRicSgcBOX1D5WC0q5RWPRCmTYa3JP41LV88Ijo+y7T8RN6/Vc +vW6RF8uTmss0RIifP7zONkQKyczjZMIgYJz4+KudssaTDL9XA//Uiu2y7TYYzK13 +WfxCGKZd1QxdATyGKIOstb3I8wWZVnqzGcm7BqWitLakhA0y7DHeMobv7bHDazPD +mNsSeC7rrT8gBLEbdAx56PhzL4Dz8A0nNRnKYq78ULQ5EZmKG1dUntNZRe6/mlSM ++SibaegNjx7SnzHDnQWR -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/e2.pem b/chromium/net/data/cert_issuer_source_static_unittest/e2.pem index c07000f73ce..6107ec8d514 100644 --- a/chromium/net/data/cert_issuer_source_static_unittest/e2.pem +++ b/chromium/net/data/cert_issuer_source_static_unittest/e2.pem @@ -1,4 +1,4 @@ -Generated by ./generate-certs.py. +Generated by generate-certs.py. Refer to generator script docstring for details. Certificate: Data: @@ -14,30 +14,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c7:40:5e:d8:28:53:68:bd:2f:cb:ec:40:bb:fa: - d2:0c:8f:06:6a:1d:e4:41:8b:48:d1:7f:02:00:01: - a5:8e:5c:07:df:ae:e9:98:f8:9e:30:7e:ce:47:5f: - 3b:15:1e:c4:12:d8:1c:ce:95:84:24:75:1e:2a:a7: - 16:cb:14:28:18:34:e3:51:62:13:7a:43:fe:a4:34: - 4e:b8:a0:a4:53:46:3f:d7:42:21:63:34:55:e1:08: - b1:ac:93:84:00:72:9a:ca:8b:91:19:44:9d:d1:2e: - 3f:69:00:d9:09:ab:c3:e4:de:19:8e:91:8b:65:d4: - c3:3d:e3:f2:b5:ea:6a:60:a0:c6:8e:2a:8e:d2:f9: - a3:fa:ca:26:2b:2a:4f:36:03:c2:3d:64:55:9f:38: - 24:60:11:4c:d6:94:3e:5a:61:2f:fe:39:76:bc:72: - d4:15:d5:5f:4a:10:18:b8:99:da:51:89:ec:51:ce: - ef:92:8c:f0:ec:5b:1a:83:c3:ad:59:05:a6:0d:cb: - a5:c0:ad:09:c4:12:fb:4b:a7:5a:17:3b:f6:4b:af: - a2:25:91:1c:db:97:8a:54:44:7f:14:db:88:69:59: - 62:f0:5e:23:2c:87:a0:9c:6e:d0:58:7f:de:a1:66: - 97:61:a8:1d:12:de:f9:aa:58:57:b7:c0:11:6e:df: - 53:17 + 00:cd:3f:ae:a0:40:34:21:a1:4f:e4:72:59:5f:97: + 23:a3:bd:f1:64:c4:c5:9d:73:a6:61:bb:68:12:30: + 97:33:a1:86:4a:a3:bc:e7:9e:43:3a:de:be:06:16: + 6e:c0:5c:fa:9e:e4:ed:b9:43:1a:e2:58:0c:b9:92: + 8f:c3:d3:2b:59:c4:92:c0:32:db:3b:40:3f:b5:5a: + 21:a4:72:18:fa:79:ae:8b:9e:2a:2d:f0:ed:20:0b: + a0:72:af:8c:01:ff:f3:13:83:4d:8a:14:7e:67:4e: + f7:52:40:f1:e9:69:b8:46:51:5b:1f:e9:3e:34:f0: + 87:9a:f2:a4:c4:24:34:ca:b9:52:f4:8b:4b:16:bd: + db:be:27:1d:1e:32:71:7c:a3:2c:8a:e5:44:d0:31: + 21:39:fc:56:e6:c7:bd:2f:36:f7:ef:b4:36:3e:a2: + 35:2e:65:3b:4a:ac:30:ae:47:57:49:58:e4:f1:e6: + 43:53:d4:ec:cf:3a:46:ed:19:00:9f:d9:fa:e2:08: + ca:20:93:d7:11:36:4a:91:89:34:d0:c7:11:11:99: + 4d:3f:8d:c7:e3:9a:90:57:ee:0f:2b:a0:ea:c7:54: + 74:1b:39:71:2e:6b:4a:c4:bc:79:0c:2b:cb:15:30: + 06:e8:ac:8a:74:d3:46:72:82:ff:5a:bc:52:a2:a6: + e6:f3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 8F:E3:36:9B:E5:5C:3F:CC:AD:FF:DB:E9:ED:43:A2:FB:95:34:EB:44 + EF:94:D6:BF:45:A2:19:EC:07:A8:F7:DC:48:48:D0:A3:9C:FE:C8:84 X509v3 Authority Key Identifier: - keyid:1B:D9:9D:7F:59:30:84:1C:E4:92:D1:19:FF:EA:8D:02:B3:C1:8E:50 + keyid:40:F8:36:2C:4C:E3:28:99:C2:3E:78:F2:EA:68:AB:4F:01:7C:FC:28 Authority Information Access: CA Issuers - URI:http://url-for-aia/I3.cer @@ -52,39 +52,39 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 73:92:fc:fb:89:b0:a0:d5:75:56:73:f7:70:44:75:45:d7:90: - 88:2a:40:1f:f7:4d:be:47:00:d9:36:ca:b1:d0:35:9b:f5:b8: - d1:8a:80:90:6a:6e:fa:cb:31:c3:3b:55:01:95:06:17:d7:33: - 45:f4:e1:a7:a6:7a:7f:c3:dc:4d:75:3b:a7:ae:74:e8:cb:9f: - 39:9a:1f:5d:8e:34:af:c5:4a:a0:7d:8c:7e:30:69:b4:72:86: - bb:ef:1f:c9:4f:b9:59:b0:b3:f4:11:af:c9:b7:ae:72:4c:3f: - dd:57:40:67:bf:30:df:33:42:92:e1:33:a7:58:c0:fa:60:10: - a4:bc:9b:cf:3b:bc:6a:5d:67:f9:36:8e:9b:ea:38:a7:4e:10: - 82:77:42:24:bf:17:37:41:ed:33:d6:87:74:09:8a:cb:c2:53: - 10:3d:10:f3:31:69:23:e2:30:45:fb:8b:3c:49:88:9f:01:cf: - 39:8c:11:fd:51:64:49:53:81:3b:67:3e:19:81:46:73:8b:e5: - d1:8b:a7:f0:38:b0:90:5b:48:37:2d:22:72:40:30:1b:31:ad: - 5b:a2:84:de:94:ca:db:8d:11:3d:c9:2e:91:f8:3f:a3:7c:db: - 45:2f:c7:29:57:5f:5a:11:eb:50:46:25:7e:4b:2f:7a:4a:02: - 2e:75:96:75 + 48:7a:ea:12:b8:8e:de:f7:bc:bd:1a:67:8e:0a:b3:0e:90:a1: + ff:29:25:36:4f:9d:db:8c:83:91:67:b6:fe:bd:30:e0:ca:f6: + d9:e3:cb:6e:80:08:4a:a7:d3:fa:51:4f:e8:05:3c:ae:31:5c: + fe:3f:0f:1e:18:21:fc:cf:b3:27:65:53:92:5f:e4:20:4a:b9: + 08:41:04:1e:a2:7d:81:47:6c:ff:4d:1b:c7:3a:d4:32:84:5d: + 9b:35:1a:37:d6:41:fc:00:6e:bf:20:e5:bb:81:d2:b2:16:3b: + e9:38:7a:ca:48:91:66:51:70:db:f9:b4:b8:84:ce:9f:0e:e5: + 22:58:cb:dc:7f:1e:a9:51:be:cb:d0:d1:9c:ce:2a:8b:c1:bf: + 39:24:38:a6:d4:63:06:ba:27:89:04:d9:a9:6a:c4:01:c9:a1: + de:94:be:02:2c:80:f3:b2:60:4b:02:47:c5:bc:4e:8f:12:99: + b3:10:68:63:ed:27:56:64:0d:66:67:54:28:18:f4:4d:0b:52: + 69:b2:c4:39:04:f1:91:17:db:01:80:14:7f:30:33:1d:5a:b4: + b0:e1:40:9c:b4:5b:da:bf:5c:e5:04:e4:67:11:33:e7:19:4c: + 78:76:ed:3c:66:72:9f:07:8c:78:db:33:60:1d:88:d1:1c:a6: + 39:01:f0:63 -----BEGIN CERTIFICATE----- MIIDazCCAlOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJJMzAe Fw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAwMDBaMA0xCzAJBgNVBAMMAkUyMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0Be2ChTaL0vy+xAu/rSDI8G -ah3kQYtI0X8CAAGljlwH367pmPieMH7OR187FR7EEtgczpWEJHUeKqcWyxQoGDTj -UWITekP+pDROuKCkU0Y/10IhYzRV4QixrJOEAHKayouRGUSd0S4/aQDZCavD5N4Z -jpGLZdTDPePytepqYKDGjiqO0vmj+somKypPNgPCPWRVnzgkYBFM1pQ+WmEv/jl2 -vHLUFdVfShAYuJnaUYnsUc7vkozw7Fsag8OtWQWmDculwK0JxBL7S6daFzv2S6+i -JZEc25eKVER/FNuIaVli8F4jLIegnG7QWH/eoWaXYagdEt75qlhXt8ARbt9TFwID -AQABo4HVMIHSMB0GA1UdDgQWBBSP4zab5Vw/zK3/2+ntQ6L7lTTrRDAfBgNVHSME -GDAWgBQb2Z1/WTCEHOSS0Rn/6o0Cs8GOUDA1BggrBgEFBQcBAQQpMCcwJQYIKwYB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzT+uoEA0IaFP5HJZX5cjo73x +ZMTFnXOmYbtoEjCXM6GGSqO8555DOt6+BhZuwFz6nuTtuUMa4lgMuZKPw9MrWcSS +wDLbO0A/tVohpHIY+nmui54qLfDtIAugcq+MAf/zE4NNihR+Z073UkDx6Wm4RlFb +H+k+NPCHmvKkxCQ0yrlS9ItLFr3bvicdHjJxfKMsiuVE0DEhOfxW5se9Lzb377Q2 +PqI1LmU7SqwwrkdXSVjk8eZDU9TszzpG7RkAn9n64gjKIJPXETZKkYk00McREZlN +P43H45qQV+4PK6Dqx1R0GzlxLmtKxLx5DCvLFTAG6KyKdNNGcoL/WrxSoqbm8wID +AQABo4HVMIHSMB0GA1UdDgQWBBTvlNa/RaIZ7Aeo99xISNCjnP7IhDAfBgNVHSME +GDAWgBRA+DYsTOMomcI+ePLqaKtPAXz8KDA1BggrBgEFBQcBAQQpMCcwJQYIKwYB BQUHMAKGGWh0dHA6Ly91cmwtZm9yLWFpYS9JMy5jZXIwKgYDVR0fBCMwITAfoB2g G4YZaHR0cDovL3VybC1mb3ItY3JsL0kzLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYD -VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBz -kvz7ibCg1XVWc/dwRHVF15CIKkAf902+RwDZNsqx0DWb9bjRioCQam76yzHDO1UB -lQYX1zNF9OGnpnp/w9xNdTunrnToy585mh9djjSvxUqgfYx+MGm0coa77x/JT7lZ -sLP0Ea/Jt65yTD/dV0BnvzDfM0KS4TOnWMD6YBCkvJvPO7xqXWf5No6b6jinThCC -d0Ikvxc3Qe0z1od0CYrLwlMQPRDzMWkj4jBF+4s8SYifAc85jBH9UWRJU4E7Zz4Z -gUZzi+XRi6fwOLCQW0g3LSJyQDAbMa1booTelMrbjRE9yS6R+D+jfNtFL8cpV19a -EetQRiV+Sy96SgIudZZ1 +VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBI +euoSuI7e97y9GmeOCrMOkKH/KSU2T53bjIORZ7b+vTDgyvbZ48tugAhKp9P6UU/o +BTyuMVz+Pw8eGCH8z7MnZVOSX+QgSrkIQQQeon2BR2z/TRvHOtQyhF2bNRo31kH8 +AG6/IOW7gdKyFjvpOHrKSJFmUXDb+bS4hM6fDuUiWMvcfx6pUb7L0NGcziqLwb85 +JDim1GMGuieJBNmpasQByaHelL4CLIDzsmBLAkfFvE6PEpmzEGhj7SdWZA1mZ1Qo +GPRNC1JpssQ5BPGRF9sBgBR/MDMdWrSw4UCctFvav1zlBORnETPnGUx4du08ZnKf +B4x42zNgHYjRHKY5AfBj -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/i1_1.pem b/chromium/net/data/cert_issuer_source_static_unittest/i1_1.pem index 33168738a87..1b0945e9f58 100644 --- a/chromium/net/data/cert_issuer_source_static_unittest/i1_1.pem +++ b/chromium/net/data/cert_issuer_source_static_unittest/i1_1.pem @@ -1,4 +1,4 @@ -Generated by ./generate-certs.py. +Generated by generate-certs.py. Refer to generator script docstring for details. Certificate: Data: @@ -14,30 +14,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c1:66:fe:2a:a6:f6:54:97:b6:f0:ef:43:4a:a0: - 36:e7:70:2b:85:77:7c:e9:b9:2e:e0:d7:cc:43:b7: - 43:bb:30:f7:c4:f0:f7:57:44:38:a3:1b:d0:e0:bb: - 64:16:72:9d:7f:69:98:b5:2a:f9:49:c5:35:7b:46: - f4:d8:24:36:b7:56:24:fe:ab:9a:81:1e:eb:9e:18: - 5a:c2:73:fc:06:66:0d:25:4b:c8:04:bd:33:c0:cf: - cc:ca:a4:e6:95:10:a6:a7:82:24:ba:36:b4:f5:25: - 2c:db:d4:04:78:20:00:40:42:06:54:0c:fc:4c:c8: - 72:00:a4:e5:46:d2:3f:32:93:c4:75:d4:62:c7:c3: - 08:3d:da:eb:aa:bb:5b:54:14:08:b3:57:d5:cb:40: - 37:de:0a:77:4b:5d:88:95:d5:1e:b3:d3:07:48:8f: - 41:16:b6:78:4f:b5:8d:cd:74:9d:db:60:a6:95:c4: - ba:f8:3b:59:87:c9:5c:3b:75:69:3d:bb:d8:5c:39: - 33:f1:d0:0c:dd:9c:5b:d3:70:e4:85:e3:20:81:86: - dc:93:39:ef:4a:3b:3c:ff:be:12:c8:20:2b:2f:a3: - 3f:d3:5c:03:8c:82:f6:b9:94:27:a3:ff:d1:63:58: - 86:49:5f:f4:27:39:56:35:04:ee:df:a5:78:7b:7c: - b1:cf + 00:b4:6e:db:61:6f:ec:1f:d1:6e:3d:fa:12:27:3b: + 8c:f7:8c:c7:a7:7d:0d:5e:b5:2a:02:8d:97:29:9b: + 7a:64:bd:0d:56:9b:1f:6e:71:ab:d3:af:10:37:90: + 2b:3a:f0:ee:55:43:fd:50:ea:46:c9:d8:2a:a7:68: + 7a:10:74:a1:cb:fc:b5:c4:b6:ee:67:b4:8b:f5:8d: + 12:b5:3c:d9:0c:ab:e5:37:72:19:be:b2:9f:b9:65: + 78:c1:d1:4e:88:86:10:57:aa:e5:0a:ef:1a:41:1d: + 0a:55:49:34:5e:ae:f7:4e:29:07:c2:34:1f:79:0d: + f8:b7:26:dc:9b:de:a5:00:5c:0e:a3:53:a8:73:3f: + fd:df:ab:18:03:bb:0a:d6:dc:f7:3e:0b:28:c8:61: + 51:71:68:48:fa:5c:87:54:82:19:20:d9:28:2d:fa: + 33:89:4c:5b:dc:a6:d9:49:44:45:c6:af:3d:1a:f9: + 28:45:10:58:a7:27:67:75:7b:8b:58:92:80:a3:ef: + 81:ae:95:27:97:2b:5b:d3:dd:ea:7a:b7:ff:1c:d1: + de:c6:df:ea:d6:19:e0:fe:4f:96:d6:59:cf:85:52: + 71:76:62:ec:fb:97:74:e3:5f:b5:29:62:cd:89:be: + 03:30:5b:5a:35:5d:08:a2:3d:5f:b3:8b:60:0b:5e: + 42:e7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 84:17:CE:FE:EA:88:CB:E4:D7:19:40:7A:01:E3:62:84:3D:C6:05:EB + 1B:26:D0:C4:43:00:72:E2:A4:AB:01:D1:A4:68:D5:E5:B2:1E:9C:0D X509v3 Authority Key Identifier: - keyid:B5:C3:65:5F:95:6A:F7:19:30:E3:80:DD:EF:B0:A4:1B:3D:BE:A6:9D + keyid:5F:CF:54:BD:7C:38:9B:5F:A1:AC:FE:A6:6E:7A:83:80:A6:4B:F9:BF Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -52,39 +52,39 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 5f:ff:6e:d1:01:0c:c2:c6:57:f7:57:71:b6:28:12:b0:7c:24: - 66:ca:cf:5f:3a:14:cb:77:07:14:a5:01:a9:22:6f:b1:60:fa: - 8d:0b:91:54:c7:24:ab:af:9b:be:73:63:fb:08:0c:31:94:5b: - 25:2a:a7:e3:6b:cb:89:c1:7b:48:fb:df:50:4f:3e:fd:97:aa: - 6f:40:2b:1d:15:97:3d:04:3a:6f:c9:dd:04:c7:73:75:88:06: - e8:e1:cf:bf:c6:d4:12:b9:73:f4:0f:2d:1c:af:06:51:96:ee: - 77:fe:65:28:e6:3b:4d:67:0c:55:83:9a:b9:6e:4d:1f:3a:58: - a2:03:6f:0f:1f:58:f2:b2:b4:dd:86:bd:fd:53:5c:20:6b:1e: - 73:c7:89:5d:8b:79:31:f6:33:b2:6c:5d:8b:52:b7:b7:4d:dc: - a4:80:87:54:2a:7a:af:cd:41:ba:82:bb:34:46:25:85:e9:87: - 61:2e:3b:d9:52:09:27:ec:eb:58:9a:39:b8:e0:bc:67:cb:af: - b7:f0:3f:1c:93:23:42:f2:00:9b:9d:61:6a:d7:ce:5a:67:72: - b7:06:da:de:13:11:e0:7c:16:69:91:fd:f8:e1:bd:ab:b6:bb: - 96:f9:82:51:8d:e5:ef:1d:6e:b2:97:d6:9d:75:0f:cb:ed:07: - 96:4a:e5:17 + 35:94:c4:ba:09:88:f4:25:f0:79:c4:35:36:6c:f1:0d:02:c0: + b7:ff:1f:79:71:df:4c:4c:ff:81:3d:7e:74:8e:3a:e4:16:64: + a1:b1:35:7a:ec:e2:2b:4c:d8:5c:bd:b6:29:4f:6c:86:0b:44: + 50:a2:5c:70:1c:69:e4:12:8e:4f:62:76:6b:27:f2:a2:ae:19: + b1:23:b7:2f:d9:f1:5a:9e:15:70:da:83:71:3b:fe:64:56:b7: + 4b:ee:42:c8:ae:a4:7c:7f:a1:ea:98:1b:5d:e5:27:9d:07:f7: + 95:19:48:de:a9:89:04:1e:51:8e:77:da:d8:2c:60:8d:5c:59: + d6:6f:5b:6e:cf:bf:eb:9c:20:53:14:75:40:01:5c:5a:8b:0f: + 01:68:4c:10:9d:3a:69:74:c4:ae:53:d5:a8:6c:f5:e7:5c:ad: + 15:e4:3d:79:a2:1a:5a:0f:c1:a3:e7:1f:80:44:24:10:ce:a5: + 09:71:77:02:c2:8d:94:98:ee:6d:61:f5:ea:79:ef:91:62:f6: + 80:4b:d3:5a:b6:0f:c4:d0:70:90:24:2a:30:3d:c5:65:dd:60: + 9c:a5:e6:24:e1:28:21:85:9e:57:da:33:7a:bc:26:36:39:82: + 68:9f:05:00:65:1c:b4:fa:d6:1e:78:3e:8a:43:5d:de:03:65: + 3e:88:9f:c1 -----BEGIN CERTIFICATE----- MIIDYzCCAkugAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDTELMAkGA1UEAwwCSTEw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBZv4qpvZUl7bw70NKoDbn -cCuFd3zpuS7g18xDt0O7MPfE8PdXRDijG9Dgu2QWcp1/aZi1KvlJxTV7RvTYJDa3 -ViT+q5qBHuueGFrCc/wGZg0lS8gEvTPAz8zKpOaVEKangiS6NrT1JSzb1AR4IABA -QgZUDPxMyHIApOVG0j8yk8R11GLHwwg92uuqu1tUFAizV9XLQDfeCndLXYiV1R6z -0wdIj0EWtnhPtY3NdJ3bYKaVxLr4O1mHyVw7dWk9u9hcOTPx0AzdnFvTcOSF4yCB -htyTOe9KOzz/vhLIICsvoz/TXAOMgva5lCej/9FjWIZJX/QnOVY1BO7fpXh7fLHP -AgMBAAGjgcswgcgwHQYDVR0OBBYEFIQXzv7qiMvk1xlAegHjYoQ9xgXrMB8GA1Ud -IwQYMBaAFLXDZV+VavcZMOOA3e+wpBs9vqadMDcGCCsGAQUFBwEBBCswKTAnBggr +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0btthb+wf0W49+hInO4z3 +jMenfQ1etSoCjZcpm3pkvQ1Wmx9ucavTrxA3kCs68O5VQ/1Q6kbJ2CqnaHoQdKHL +/LXEtu5ntIv1jRK1PNkMq+U3chm+sp+5ZXjB0U6IhhBXquUK7xpBHQpVSTRervdO +KQfCNB95Dfi3Jtyb3qUAXA6jU6hzP/3fqxgDuwrW3Pc+CyjIYVFxaEj6XIdUghkg +2Sgt+jOJTFvcptlJREXGrz0a+ShFEFinJ2d1e4tYkoCj74GulSeXK1vT3ep6t/8c +0d7G3+rWGeD+T5bWWc+FUnF2Yuz7l3TjX7UpYs2JvgMwW1o1XQiiPV+zi2ALXkLn +AgMBAAGjgcswgcgwHQYDVR0OBBYEFBsm0MRDAHLipKsB0aRo1eWyHpwNMB8GA1Ud +IwQYMBaAFF/PVL18OJtfoaz+pm56g4CmS/m/MDcGCCsGAQUFBwEBBCswKTAnBggr BgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlhL1Jvb3QuY2VyMCwGA1UdHwQlMCMw IaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9Sb290LmNybDAOBgNVHQ8BAf8EBAMC -AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAX/9u0QEMwsZX -91dxtigSsHwkZsrPXzoUy3cHFKUBqSJvsWD6jQuRVMckq6+bvnNj+wgMMZRbJSqn -42vLicF7SPvfUE8+/Zeqb0ArHRWXPQQ6b8ndBMdzdYgG6OHPv8bUErlz9A8tHK8G -UZbud/5lKOY7TWcMVYOauW5NHzpYogNvDx9Y8rK03Ya9/VNcIGsec8eJXYt5MfYz -smxdi1K3t03cpICHVCp6r81BuoK7NEYlhemHYS472VIJJ+zrWJo5uOC8Z8uvt/A/ -HJMjQvIAm51hatfOWmdytwba3hMR4HwWaZH9+OG9q7a7lvmCUY3l7x1uspfWnXUP -y+0HlkrlFw== +AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEANZTEugmI9CXw +ecQ1NmzxDQLAt/8feXHfTEz/gT1+dI465BZkobE1euziK0zYXL22KU9shgtEUKJc +cBxp5BKOT2J2ayfyoq4ZsSO3L9nxWp4VcNqDcTv+ZFa3S+5CyK6kfH+h6pgbXeUn +nQf3lRlI3qmJBB5Rjnfa2CxgjVxZ1m9bbs+/65wgUxR1QAFcWosPAWhMEJ06aXTE +rlPVqGz151ytFeQ9eaIaWg/Bo+cfgEQkEM6lCXF3AsKNlJjubWH16nnvkWL2gEvT +WrYPxNBwkCQqMD3FZd1gnKXmJOEoIYWeV9ozerwmNjmCaJ8FAGUctPrWHng+ikNd +3gNlPoifwQ== -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/i1_2.pem b/chromium/net/data/cert_issuer_source_static_unittest/i1_2.pem index 1ff82f433fe..82c96792a7a 100644 --- a/chromium/net/data/cert_issuer_source_static_unittest/i1_2.pem +++ b/chromium/net/data/cert_issuer_source_static_unittest/i1_2.pem @@ -1,4 +1,4 @@ -Generated by ./generate-certs.py. +Generated by generate-certs.py. Refer to generator script docstring for details. Certificate: Data: @@ -14,30 +14,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b9:f4:f5:17:e5:0d:0a:46:f6:81:21:97:dd:ba: - 5d:f4:16:a7:f8:ec:ac:37:cb:cf:50:d0:de:3b:d1: - 9f:7c:22:2d:0b:b6:f4:57:76:3a:69:92:fe:0f:be: - 0c:19:bd:2c:bb:49:bb:f1:d7:89:75:b4:3f:d1:e3: - d3:c0:6e:fd:26:63:d9:81:9c:1e:0a:a5:46:6d:18: - f8:ce:e1:ab:29:8f:82:5f:f3:d2:4f:ef:d1:77:20: - 11:b5:c6:b3:1d:8f:0c:06:3e:51:91:4a:73:19:f8: - 38:b3:b2:57:44:d8:1c:b3:29:8d:85:4f:38:0d:68: - 7d:4c:43:5a:73:7d:8a:63:62:a6:19:f0:19:3d:ca: - 32:af:b3:72:7d:d2:68:a6:29:ad:26:54:b6:6f:cc: - 26:75:3b:c2:58:03:50:af:3b:d2:cc:0a:97:56:ec: - 4c:18:2c:de:04:32:26:f3:36:15:50:bd:2c:81:2d: - 44:da:8f:4a:dc:44:1e:c6:b1:e6:97:d6:53:a8:01: - ca:c1:e9:0f:1e:17:89:17:c5:07:c1:4d:8b:61:ce: - f3:0f:2a:61:5d:eb:25:45:76:74:6c:c1:a3:b9:79: - db:39:aa:f9:e7:fe:d5:4b:c8:33:81:dd:a4:40:2c: - de:51:e0:48:d3:a3:d5:e7:a7:b8:9b:a0:b5:4f:bf: - ba:cd + 00:c9:e4:64:23:d2:71:36:4d:70:84:36:ec:bb:05: + 57:35:56:0c:a0:61:1f:64:fc:87:35:4b:cd:3d:17: + 9d:6a:f9:d5:ef:8f:99:30:36:db:97:e0:80:72:d2: + 0e:30:42:f4:c6:67:3c:be:dc:8c:05:02:13:e2:9b: + ab:a0:45:6e:78:18:4f:34:ae:ee:5d:4e:bb:47:b1: + af:87:fc:d4:99:17:42:cb:06:b4:c5:5f:e1:a0:0c: + 79:5f:f2:b4:ee:74:52:43:6f:6e:83:4e:00:e0:c9: + 66:e1:ea:98:89:6d:85:23:1b:ed:2b:da:af:c5:6b: + 42:35:48:25:f9:a7:2a:54:90:f8:f1:b1:d4:93:61: + c8:c3:0c:39:99:dd:c4:a6:b8:2e:cf:92:57:14:8c: + b9:45:ba:fb:76:40:d4:d8:fe:44:54:17:76:ba:e2: + d0:f2:24:64:14:12:65:a7:be:c6:1a:d7:48:b9:4a: + 93:5f:b1:b3:76:53:f8:ad:5f:d2:44:19:03:0f:f3: + af:99:ee:96:b5:85:ed:2a:ae:b8:41:90:5c:dd:e0: + 19:0c:2a:71:ae:16:59:19:5d:3f:45:44:5e:4a:b3: + e0:86:ea:15:e2:fb:0c:b8:b9:6f:24:a0:c6:bc:fc: + f3:0c:02:f2:52:d8:34:fd:dc:8d:37:08:01:6a:f9: + c4:31 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 0C:6A:CE:BB:AC:0D:C3:03:19:28:BF:63:76:72:0B:3D:89:5B:D3:B7 + E3:AC:1D:35:9E:1C:CC:C6:29:9F:37:59:41:C6:DA:C9:44:2C:B2:F3 X509v3 Authority Key Identifier: - keyid:B5:C3:65:5F:95:6A:F7:19:30:E3:80:DD:EF:B0:A4:1B:3D:BE:A6:9D + keyid:5F:CF:54:BD:7C:38:9B:5F:A1:AC:FE:A6:6E:7A:83:80:A6:4B:F9:BF Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -52,39 +52,39 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 85:49:62:75:55:96:56:c4:8b:46:3a:ee:27:1a:70:84:a4:bc: - b5:a1:0e:13:49:a3:00:bc:d4:54:ef:79:a7:8a:8f:cc:85:bc: - 9f:cc:11:5b:f8:b3:7d:7b:35:46:bb:67:d1:ed:ed:3e:c6:54: - 76:54:db:29:7d:5f:d0:35:f0:1e:cf:d9:7e:c3:1c:b9:32:2d: - 62:92:cb:bf:f2:8f:d2:a1:aa:95:c2:d9:be:9e:af:80:22:63: - 2b:dc:e4:c0:e8:24:64:7c:db:16:85:3c:a3:03:5d:6d:19:88: - 75:87:21:d3:ef:95:e6:20:79:eb:e1:57:44:e8:72:eb:d6:ea: - 46:58:62:5d:0c:43:3f:84:46:fb:cc:7e:3d:0b:5c:a5:7e:b0: - be:ce:14:92:d8:4a:2a:2f:76:68:cb:ff:ab:7d:ae:ac:58:2f: - 0d:25:66:46:d3:ac:f5:33:6c:91:c5:98:9d:83:cc:31:a5:c0: - 17:94:fb:9b:30:a7:de:52:17:dc:e5:72:40:45:37:31:32:a6: - c0:a9:c3:18:f2:0f:94:58:95:3c:03:98:15:70:d3:18:f1:e9: - 91:77:0b:02:02:09:21:6c:b8:34:d4:01:43:e3:97:bb:00:19: - fb:21:d7:1e:d1:ef:63:00:ae:c2:b8:5d:53:e4:30:25:47:f0: - 0f:cd:08:77 + 13:d2:3e:8f:dc:3b:75:cd:54:c9:87:d0:11:e1:9a:ee:2b:a5: + 7e:01:8e:e6:22:6f:56:db:d1:14:2a:9f:d1:f6:20:c1:79:7e: + 1e:04:8a:ae:de:b5:19:28:48:ea:5f:0c:dc:01:0b:1e:39:3f: + cc:c7:83:2e:aa:e1:85:32:32:23:d9:e0:5c:53:4b:58:d2:25: + 07:ec:de:3d:ef:0a:34:d2:f2:46:8d:1d:c3:d5:17:67:09:fb: + d5:d9:fc:86:74:fe:1c:6d:e1:ff:f2:28:ed:f8:6b:89:78:eb: + 46:c6:6c:be:f4:08:b5:36:a2:4b:bf:68:1a:24:a8:b2:1b:8d: + 74:5a:36:d1:34:57:c3:5f:43:2e:73:7f:ff:15:29:74:4b:41: + 0d:c0:fa:13:5a:3f:98:2e:43:c9:b4:ce:6e:e3:ea:1d:44:36: + da:15:e4:de:8a:90:2c:48:16:14:a5:8d:ae:70:03:35:b7:65: + 18:74:4a:b6:d9:37:0a:9c:fd:d5:81:9d:89:c9:a9:7b:15:13: + ce:0e:0f:c4:32:08:49:ec:81:b5:3c:18:69:62:be:c2:b6:05: + 89:52:4a:a9:0f:62:2b:f1:df:f5:ba:bd:2b:62:93:ce:27:5c: + 69:51:2c:d2:5c:c7:53:0f:8b:e1:3d:4a:90:e6:da:0e:f4:89: + 17:4d:72:fb -----BEGIN CERTIFICATE----- MIIDYzCCAkugAwIBAgIBAzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDTELMAkGA1UEAwwCaTEw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC59PUX5Q0KRvaBIZfdul30 -Fqf47Kw3y89Q0N470Z98Ii0LtvRXdjppkv4PvgwZvSy7Sbvx14l1tD/R49PAbv0m -Y9mBnB4KpUZtGPjO4aspj4Jf89JP79F3IBG1xrMdjwwGPlGRSnMZ+DizsldE2Byz -KY2FTzgNaH1MQ1pzfYpjYqYZ8Bk9yjKvs3J90mimKa0mVLZvzCZ1O8JYA1CvO9LM -CpdW7EwYLN4EMibzNhVQvSyBLUTaj0rcRB7GseaX1lOoAcrB6Q8eF4kXxQfBTYth -zvMPKmFd6yVFdnRswaO5eds5qvnn/tVLyDOB3aRALN5R4EjTo9Xnp7iboLVPv7rN -AgMBAAGjgcswgcgwHQYDVR0OBBYEFAxqzrusDcMDGSi/Y3ZyCz2JW9O3MB8GA1Ud -IwQYMBaAFLXDZV+VavcZMOOA3e+wpBs9vqadMDcGCCsGAQUFBwEBBCswKTAnBggr +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ5GQj0nE2TXCENuy7BVc1 +VgygYR9k/Ic1S809F51q+dXvj5kwNtuX4IBy0g4wQvTGZzy+3IwFAhPim6ugRW54 +GE80ru5dTrtHsa+H/NSZF0LLBrTFX+GgDHlf8rTudFJDb26DTgDgyWbh6piJbYUj +G+0r2q/Fa0I1SCX5pypUkPjxsdSTYcjDDDmZ3cSmuC7PklcUjLlFuvt2QNTY/kRU +F3a64tDyJGQUEmWnvsYa10i5SpNfsbN2U/itX9JEGQMP86+Z7pa1he0qrrhBkFzd +4BkMKnGuFlkZXT9FRF5Ks+CG6hXi+wy4uW8koMa8/PMMAvJS2DT93I03CAFq+cQx +AgMBAAGjgcswgcgwHQYDVR0OBBYEFOOsHTWeHMzGKZ83WUHG2slELLLzMB8GA1Ud +IwQYMBaAFF/PVL18OJtfoaz+pm56g4CmS/m/MDcGCCsGAQUFBwEBBCswKTAnBggr BgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlhL1Jvb3QuY2VyMCwGA1UdHwQlMCMw IaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9Sb290LmNybDAOBgNVHQ8BAf8EBAMC -AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAhUlidVWWVsSL -RjruJxpwhKS8taEOE0mjALzUVO95p4qPzIW8n8wRW/izfXs1Rrtn0e3tPsZUdlTb -KX1f0DXwHs/ZfsMcuTItYpLLv/KP0qGqlcLZvp6vgCJjK9zkwOgkZHzbFoU8owNd -bRmIdYch0++V5iB56+FXROhy69bqRlhiXQxDP4RG+8x+PQtcpX6wvs4UkthKKi92 -aMv/q32urFgvDSVmRtOs9TNskcWYnYPMMaXAF5T7mzCn3lIX3OVyQEU3MTKmwKnD -GPIPlFiVPAOYFXDTGPHpkXcLAgIJIWy4NNQBQ+OXuwAZ+yHXHtHvYwCuwrhdU+Qw -JUfwD80Idw== +AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAE9I+j9w7dc1U +yYfQEeGa7iulfgGO5iJvVtvRFCqf0fYgwXl+HgSKrt61GShI6l8M3AELHjk/zMeD +LqrhhTIyI9ngXFNLWNIlB+zePe8KNNLyRo0dw9UXZwn71dn8hnT+HG3h//Io7fhr +iXjrRsZsvvQItTaiS79oGiSoshuNdFo20TRXw19DLnN//xUpdEtBDcD6E1o/mC5D +ybTObuPqHUQ22hXk3oqQLEgWFKWNrnADNbdlGHRKttk3Cpz91YGdicmpexUTzg4P +xDIISeyBtTwYaWK+wrYFiVJKqQ9iK/Hf9bq9K2KTzidcaVEs0lzHUw+L4T1KkOba +DvSJF01y+w== -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/i2.pem b/chromium/net/data/cert_issuer_source_static_unittest/i2.pem index b69bb9003a4..2e51950caba 100644 --- a/chromium/net/data/cert_issuer_source_static_unittest/i2.pem +++ b/chromium/net/data/cert_issuer_source_static_unittest/i2.pem @@ -1,4 +1,4 @@ -Generated by ./generate-certs.py. +Generated by generate-certs.py. Refer to generator script docstring for details. Certificate: Data: @@ -14,30 +14,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:bd:84:dd:82:37:cb:c8:69:8a:c2:c6:ff:38:f7: - 85:93:9e:22:d5:b8:94:12:3b:d9:9f:49:70:ef:ff: - 39:58:fc:e7:36:32:18:37:d4:2b:d9:4e:4e:67:60: - ee:2c:28:d0:4f:66:23:cd:c1:f0:75:f5:54:0e:51: - a5:f0:fa:9c:bd:42:5d:02:3a:62:60:83:b8:e5:fe: - cd:bc:ad:35:b7:9e:09:ec:3a:81:51:b7:46:56:2d: - 90:bb:e5:4a:4f:6a:c6:be:39:79:b6:31:99:1b:c4: - d0:a1:94:dc:e5:51:8e:9d:a9:c5:d8:91:f9:5c:76: - 3a:09:d2:8f:0c:24:3a:ff:91:4c:c6:c9:c7:36:53: - cc:78:eb:fc:00:25:fd:5f:b3:c0:95:10:91:3d:43: - fe:31:b6:b3:84:e9:ec:5f:1b:5a:77:a7:25:29:1a: - 7a:71:d9:7a:62:85:45:c3:51:da:ed:79:a5:41:7d: - 0b:49:3e:2b:51:5e:99:33:1f:1c:5a:52:51:6b:07: - c5:5a:0b:4b:b6:e1:6c:43:07:f2:b2:65:6e:9d:77: - a9:2a:b6:88:7b:a9:d9:97:6b:65:f9:be:4e:39:31: - 4c:a0:2d:06:18:de:53:7c:bf:80:64:cc:2b:7a:b0: - 2b:76:03:c4:40:a6:53:f1:dc:74:87:fb:c5:d8:2f: - f5:ef + 00:d1:69:29:58:fb:d8:7f:47:62:6f:d6:3f:4a:93: + d5:37:73:27:45:1d:e6:73:d5:7e:50:1b:e0:97:4a: + d9:69:90:68:7e:ab:26:f0:c5:2a:11:35:fd:cb:68: + cf:30:bd:b6:59:c5:d8:8b:0e:c8:19:c4:d7:61:d1: + 64:60:41:12:6e:33:88:ac:b9:51:4f:0f:26:9f:4b: + 71:a1:f8:b6:9d:bd:71:9f:37:4b:a6:db:a9:23:06: + f0:c3:22:b3:6b:b7:e5:e7:a1:fc:1f:29:48:4d:96: + a8:35:1e:0a:52:e5:c9:bd:eb:20:be:02:6b:fe:54: + ba:7c:98:20:45:f6:09:dc:64:5f:b3:11:ec:6b:46: + 1e:ea:de:98:64:29:c2:98:c9:c2:e7:9c:23:85:74: + 79:10:d1:b3:7b:c0:be:37:7c:eb:96:38:90:35:45: + f7:30:6f:40:8b:16:be:dd:0f:9d:8b:d4:b0:cb:e1: + 41:6f:94:e7:e9:83:a5:a0:5a:4f:fd:cd:90:eb:c9: + 63:b3:19:17:12:46:4a:63:48:93:44:2c:da:ea:8f: + 6b:d7:28:28:5b:43:ee:82:2d:ce:0a:b9:35:6c:16: + 0a:a8:0b:c2:12:b1:0e:32:ae:33:ec:3e:38:6d:74: + 88:49:77:99:4f:78:59:96:f5:11:10:86:3b:be:2d: + d7:51 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - B7:FB:54:77:0C:76:74:B0:72:84:2F:4E:AF:24:1F:CA:62:8D:99:61 + 3C:E2:AD:12:A1:C0:96:C8:53:4A:6B:B2:49:5C:5A:A6:1E:A9:19:EC X509v3 Authority Key Identifier: - keyid:B5:C3:65:5F:95:6A:F7:19:30:E3:80:DD:EF:B0:A4:1B:3D:BE:A6:9D + keyid:5F:CF:54:BD:7C:38:9B:5F:A1:AC:FE:A6:6E:7A:83:80:A6:4B:F9:BF Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -52,39 +52,39 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 4c:7b:dd:61:fc:1e:ea:5a:d7:73:ae:8a:3b:14:19:3a:8c:ae: - a5:a5:37:1a:74:87:a9:de:9f:79:db:5d:ad:92:85:46:65:35: - a8:77:8c:c2:4e:b8:90:67:7f:ec:ed:7b:a9:b9:1d:6a:27:05: - 22:19:92:6c:46:02:4f:3a:9c:69:67:29:12:33:e2:d6:db:c1: - 0c:79:cb:10:77:ab:d9:df:77:1b:9c:d2:73:8e:e6:31:72:f4: - 04:24:cb:67:b3:73:cc:02:83:7f:be:fb:01:0f:71:25:c0:02: - b1:23:aa:77:03:74:28:fd:5e:9b:03:af:44:60:e5:f4:be:c1: - c4:64:6a:17:47:ab:fe:b3:f5:47:dc:b8:f8:1c:c2:cf:bb:57: - ca:65:0f:73:f0:32:4d:d7:b5:38:35:f7:01:8c:13:de:ab:de: - cd:01:a9:5c:57:d7:2c:23:10:70:34:ea:b5:4a:eb:11:6d:ae: - 36:ee:70:3a:d2:96:73:2d:3c:e6:fe:6f:56:ff:ea:57:39:4f: - ca:70:1b:0e:7e:1c:75:b0:02:0d:4e:92:bb:c0:e6:0e:7d:16: - c4:07:b9:12:00:a5:a5:2f:fa:0e:38:52:62:7b:55:8e:f3:4d: - 62:c5:c1:71:ff:ab:f2:57:54:21:7d:64:7d:07:dd:d8:d9:26: - c2:07:39:8f + 2c:26:73:e0:af:77:68:7c:80:1c:c4:a5:e2:5b:8d:85:d8:19: + 61:eb:8e:1f:d3:d5:d0:5a:76:e3:e0:73:e9:9d:96:89:7c:1e: + 7c:16:b1:22:8b:88:1e:c5:82:a9:b2:a2:d6:90:ca:5a:23:e3: + d2:fa:c8:17:fb:ce:2f:c7:f2:a9:71:95:5b:0c:33:d1:88:d3: + c8:80:9b:5c:ab:cf:9b:45:62:83:08:bf:b6:29:e8:0e:a5:77: + 3b:3b:f2:bc:15:8c:5d:1e:40:7a:69:2c:c4:0e:1a:78:81:67: + d0:04:94:4b:d1:b9:8e:e6:91:0d:e3:6e:e1:e7:6b:e4:f2:76: + 05:b8:5e:a0:04:0a:5a:32:45:7a:e3:06:da:a9:60:96:cb:1b: + 7a:cf:93:f5:63:a0:4e:33:4a:94:47:9d:a7:9e:02:82:4b:83: + 1b:c3:65:be:a7:8a:30:0e:45:f9:12:1e:c6:ec:58:e0:8d:29: + 4c:02:6d:5a:16:c1:36:09:64:52:b8:e1:00:2f:78:ae:3d:2f: + df:8d:da:fa:ee:d7:02:5d:0c:78:93:42:91:e1:b7:99:23:5e: + a4:e5:5a:26:17:41:de:24:27:89:9f:00:e4:f4:1c:77:69:f0: + e2:31:d2:69:2c:ee:c7:2f:33:86:5d:dc:fa:d3:d1:cc:1a:df: + a9:0d:74:3d -----BEGIN CERTIFICATE----- MIIDYzCCAkugAwIBAgIBBDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDTELMAkGA1UEAwwCSTIw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9hN2CN8vIaYrCxv8494WT -niLVuJQSO9mfSXDv/zlY/Oc2Mhg31CvZTk5nYO4sKNBPZiPNwfB19VQOUaXw+py9 -Ql0COmJgg7jl/s28rTW3ngnsOoFRt0ZWLZC75UpPasa+OXm2MZkbxNChlNzlUY6d -qcXYkflcdjoJ0o8MJDr/kUzGycc2U8x46/wAJf1fs8CVEJE9Q/4xtrOE6exfG1p3 -pyUpGnpx2XpihUXDUdrteaVBfQtJPitRXpkzHxxaUlFrB8VaC0u24WxDB/KyZW6d -d6kqtoh7qdmXa2X5vk45MUygLQYY3lN8v4BkzCt6sCt2A8RAplPx3HSH+8XYL/Xv -AgMBAAGjgcswgcgwHQYDVR0OBBYEFLf7VHcMdnSwcoQvTq8kH8pijZlhMB8GA1Ud -IwQYMBaAFLXDZV+VavcZMOOA3e+wpBs9vqadMDcGCCsGAQUFBwEBBCswKTAnBggr +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRaSlY+9h/R2Jv1j9Kk9U3 +cydFHeZz1X5QG+CXStlpkGh+qybwxSoRNf3LaM8wvbZZxdiLDsgZxNdh0WRgQRJu +M4isuVFPDyafS3Gh+LadvXGfN0um26kjBvDDIrNrt+XnofwfKUhNlqg1HgpS5cm9 +6yC+Amv+VLp8mCBF9gncZF+zEexrRh7q3phkKcKYycLnnCOFdHkQ0bN7wL43fOuW +OJA1Rfcwb0CLFr7dD52L1LDL4UFvlOfpg6WgWk/9zZDryWOzGRcSRkpjSJNELNrq +j2vXKChbQ+6CLc4KuTVsFgqoC8ISsQ4yrjPsPjhtdIhJd5lPeFmW9REQhju+LddR +AgMBAAGjgcswgcgwHQYDVR0OBBYEFDzirRKhwJbIU0prsklcWqYeqRnsMB8GA1Ud +IwQYMBaAFF/PVL18OJtfoaz+pm56g4CmS/m/MDcGCCsGAQUFBwEBBCswKTAnBggr BgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlhL1Jvb3QuY2VyMCwGA1UdHwQlMCMw IaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9Sb290LmNybDAOBgNVHQ8BAf8EBAMC -AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEATHvdYfwe6lrX -c66KOxQZOoyupaU3GnSHqd6fedtdrZKFRmU1qHeMwk64kGd/7O17qbkdaicFIhmS -bEYCTzqcaWcpEjPi1tvBDHnLEHer2d93G5zSc47mMXL0BCTLZ7NzzAKDf777AQ9x -JcACsSOqdwN0KP1emwOvRGDl9L7BxGRqF0er/rP1R9y4+BzCz7tXymUPc/AyTde1 -ODX3AYwT3qvezQGpXFfXLCMQcDTqtUrrEW2uNu5wOtKWcy085v5vVv/qVzlPynAb -Dn4cdbACDU6Su8DmDn0WxAe5EgClpS/6DjhSYntVjvNNYsXBcf+r8ldUIX1kfQfd -2Nkmwgc5jw== +AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEALCZz4K93aHyA +HMSl4luNhdgZYeuOH9PV0Fp24+Bz6Z2WiXwefBaxIouIHsWCqbKi1pDKWiPj0vrI +F/vOL8fyqXGVWwwz0YjTyICbXKvPm0Vigwi/tinoDqV3OzvyvBWMXR5AemksxA4a +eIFn0ASUS9G5juaRDeNu4edr5PJ2BbheoAQKWjJFeuMG2qlglssbes+T9WOgTjNK +lEedp54CgkuDG8NlvqeKMA5F+RIexuxY4I0pTAJtWhbBNglkUrjhAC94rj0v343a ++u7XAl0MeJNCkeG3mSNepOVaJhdB3iQniZ8A5PQcd2nw4jHSaSzuxy8zhl3c+tPR +zBrfqQ10PQ== -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/i3_1.pem b/chromium/net/data/cert_issuer_source_static_unittest/i3_1.pem index 823f1fdbb88..c9463c8bfd5 100644 --- a/chromium/net/data/cert_issuer_source_static_unittest/i3_1.pem +++ b/chromium/net/data/cert_issuer_source_static_unittest/i3_1.pem @@ -1,4 +1,4 @@ -Generated by ./generate-certs.py. +Generated by generate-certs.py. Refer to generator script docstring for details. Certificate: Data: @@ -14,30 +14,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:cf:8e:d2:27:02:c2:6e:56:2d:b8:25:f0:79:03: - b6:98:d5:27:a0:32:ec:bb:43:36:63:ce:f3:c6:e3: - 4b:69:1e:57:13:9a:be:d5:a1:34:d3:63:ca:5f:09: - 25:aa:25:13:ac:55:9f:4a:a1:38:ad:be:ae:68:d0: - 60:d8:f7:21:d5:5f:fb:08:66:10:9a:f3:ee:09:5f: - af:7b:58:c0:19:ab:a7:4d:13:b5:35:16:3f:da:27: - 6c:64:03:d3:79:40:3b:93:a8:c8:f2:19:f4:1c:55: - 1c:e5:4e:57:19:05:28:ee:df:46:d0:b6:38:e7:ba: - 34:d9:44:8a:70:f1:86:ec:41:f3:6f:0d:da:76:e6: - 7a:6b:52:36:70:3e:6e:8e:58:75:a8:18:5b:6f:f4: - fc:9d:c3:d3:3f:a2:fc:58:ba:2a:5c:97:56:cb:e0: - 1a:32:58:5b:31:98:19:54:2c:7e:f1:53:ed:ba:4e: - 33:7a:d7:b8:96:f4:22:b8:59:b4:7c:8c:56:ea:3b: - 34:f8:2b:44:66:73:be:d7:11:f7:48:0b:e0:bd:ae: - 03:00:aa:c8:5d:5c:f5:6d:2a:0b:c2:63:0e:3f:97: - 28:3d:b4:7f:53:a9:1d:aa:a8:12:f2:c8:01:05:15: - a4:25:36:89:54:45:e0:54:e3:18:a5:84:2c:98:b6: - ba:9b + 00:cc:ad:d0:52:c3:c3:db:22:c1:cf:d4:40:39:dc: + d1:75:c5:07:26:08:d7:99:df:06:dd:de:37:8c:94: + 14:16:44:69:09:e7:5a:17:08:bf:d5:a2:ed:fd:d7: + e6:ae:bc:33:9c:42:4e:fb:20:5a:94:83:4f:60:71: + e8:b6:ff:68:78:c0:2f:09:05:cd:24:3e:f6:ee:f3: + 8c:98:db:0a:15:98:1d:48:dc:ea:11:e7:0d:52:61: + 0d:b4:d3:7a:55:40:bc:29:82:a0:1e:02:d3:00:ed: + 9b:7a:a9:48:76:0d:37:a8:dd:40:f8:13:44:1e:1c: + 3a:d5:db:ca:e7:40:d5:22:77:59:78:43:f5:b5:df: + d7:7e:db:73:2c:e6:73:7c:09:e1:a0:30:ed:8c:c1: + 4e:7d:5d:4c:9b:3a:0f:13:33:a1:9f:3e:d8:06:50: + 9e:0f:2f:59:d7:5b:7a:db:80:36:81:21:5b:7e:0b: + 7d:c8:2d:8c:1c:1e:9f:c7:3b:b6:78:6e:97:40:b9: + 55:04:1b:2b:a2:4b:7c:a1:6a:a6:46:c2:0d:70:07: + 60:9b:e4:52:12:6a:f5:f9:40:44:0c:bd:35:f0:fd: + 00:d7:dc:ba:9e:9e:ed:30:c4:c8:e8:8b:cd:4e:5c: + 50:66:12:00:db:43:4f:d6:67:d6:4f:7f:68:57:55: + 5f:f9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - B3:B8:D0:C2:16:D7:60:93:F5:51:DB:DF:12:8A:B5:36:66:76:C4:6C + 02:D2:01:6B:5B:63:DC:4E:54:01:08:CD:A7:27:A0:85:29:78:E1:D3 X509v3 Authority Key Identifier: - keyid:B5:C3:65:5F:95:6A:F7:19:30:E3:80:DD:EF:B0:A4:1B:3D:BE:A6:9D + keyid:5F:CF:54:BD:7C:38:9B:5F:A1:AC:FE:A6:6E:7A:83:80:A6:4B:F9:BF Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -52,39 +52,39 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - a8:4f:66:e2:7f:66:d8:76:bb:06:e1:2b:68:63:33:6c:6f:77: - f1:14:a6:26:8d:4e:9d:7a:ad:c3:44:ad:4b:f5:c0:80:dd:e4: - 1a:07:59:32:76:c9:f0:43:e5:0e:dd:b2:2b:1b:de:85:15:86: - 68:ed:7b:81:b5:42:88:72:6d:17:5e:3b:c8:e0:2b:d5:d2:8b: - 2b:be:78:b9:fd:24:a8:02:15:cf:fb:80:c7:03:5b:4b:1a:6e: - dc:72:33:9f:ce:37:8a:91:03:87:c5:af:e2:97:73:75:77:a6: - 5b:59:23:30:2b:9a:ab:91:fc:af:7c:4d:7c:98:6e:bd:aa:b8: - 70:27:91:c6:8a:6a:d1:aa:1e:1e:45:a1:8d:48:c2:92:31:46: - 58:57:59:e4:56:9d:c6:92:8d:33:b1:60:76:ec:c2:0e:35:5c: - 5d:c2:12:a7:d6:12:26:6a:5c:e6:59:8e:29:a0:a8:82:fe:63: - 2a:f2:6d:a3:84:ad:3a:7b:21:1e:39:01:22:a8:77:35:77:f9: - d0:e1:6b:1d:80:e5:63:18:2b:70:75:75:c7:0b:89:3e:6f:5a: - 03:9f:ff:d3:5b:ba:8c:d5:e9:f6:11:ec:fa:51:ea:85:23:80: - ce:65:5f:18:dd:43:47:2c:a7:95:15:4b:65:88:e1:ac:5c:73: - 97:03:e3:d9 + 3f:cd:3f:c5:b9:85:e0:de:50:f7:99:23:7a:76:2c:4f:d5:5d: + f2:8a:49:c9:4d:e8:37:76:09:05:61:f9:69:72:22:3e:49:68: + ac:1f:cb:d8:b7:91:6c:97:ae:cc:73:03:f5:b0:8f:3f:ac:32: + bc:fd:d5:42:f0:73:36:84:02:a8:01:de:9d:36:f3:e6:5b:bf: + 23:0f:a6:46:f9:6f:85:5c:c6:06:bc:d8:99:f1:56:56:74:94: + 53:86:01:9e:46:83:a6:5d:9d:6a:f0:75:b8:0d:ae:46:d9:dc: + 36:2f:2d:75:9b:1b:71:ec:0c:75:90:29:6f:92:9c:77:75:c7: + bf:84:82:21:16:ba:93:5f:48:16:cf:7e:6a:20:91:01:f2:0d: + 0f:fb:e8:11:7e:65:9d:8c:72:91:7b:e0:02:fd:e1:fa:31:80: + f0:2f:ad:73:f7:8c:d7:f4:3f:33:96:a7:e1:e1:38:a7:e7:e2: + e5:bc:5a:51:d0:7a:45:49:56:82:8f:b0:89:75:6b:5e:b7:0d: + 75:9c:48:db:9a:84:38:26:e4:39:bb:b3:8f:13:48:58:43:45: + 6a:56:54:cc:60:88:2e:f2:ee:f0:0d:a1:f5:24:e0:9f:19:b1: + ae:1c:31:f7:ef:22:a5:ce:b0:6b:22:70:06:24:e9:f0:78:7e: + 05:90:46:71 -----BEGIN CERTIFICATE----- MIIDYzCCAkugAwIBAgIBBTANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDTELMAkGA1UEAwwCSTMw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPjtInAsJuVi24JfB5A7aY -1SegMuy7QzZjzvPG40tpHlcTmr7VoTTTY8pfCSWqJROsVZ9KoTitvq5o0GDY9yHV -X/sIZhCa8+4JX697WMAZq6dNE7U1Fj/aJ2xkA9N5QDuTqMjyGfQcVRzlTlcZBSju -30bQtjjnujTZRIpw8YbsQfNvDdp25nprUjZwPm6OWHWoGFtv9Pydw9M/ovxYuipc -l1bL4BoyWFsxmBlULH7xU+26TjN617iW9CK4WbR8jFbqOzT4K0Rmc77XEfdIC+C9 -rgMAqshdXPVtKgvCYw4/lyg9tH9TqR2qqBLyyAEFFaQlNolUReBU4xilhCyYtrqb -AgMBAAGjgcswgcgwHQYDVR0OBBYEFLO40MIW12CT9VHb3xKKtTZmdsRsMB8GA1Ud -IwQYMBaAFLXDZV+VavcZMOOA3e+wpBs9vqadMDcGCCsGAQUFBwEBBCswKTAnBggr +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMrdBSw8PbIsHP1EA53NF1 +xQcmCNeZ3wbd3jeMlBQWRGkJ51oXCL/Vou391+auvDOcQk77IFqUg09gcei2/2h4 +wC8JBc0kPvbu84yY2woVmB1I3OoR5w1SYQ2003pVQLwpgqAeAtMA7Zt6qUh2DTeo +3UD4E0QeHDrV28rnQNUid1l4Q/W139d+23Ms5nN8CeGgMO2MwU59XUybOg8TM6Gf +PtgGUJ4PL1nXW3rbgDaBIVt+C33ILYwcHp/HO7Z4bpdAuVUEGyuiS3yhaqZGwg1w +B2Cb5FISavX5QEQMvTXw/QDX3Lqenu0wxMjoi81OXFBmEgDbQ0/WZ9ZPf2hXVV/5 +AgMBAAGjgcswgcgwHQYDVR0OBBYEFALSAWtbY9xOVAEIzacnoIUpeOHTMB8GA1Ud +IwQYMBaAFF/PVL18OJtfoaz+pm56g4CmS/m/MDcGCCsGAQUFBwEBBCswKTAnBggr BgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlhL1Jvb3QuY2VyMCwGA1UdHwQlMCMw IaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9Sb290LmNybDAOBgNVHQ8BAf8EBAMC -AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAqE9m4n9m2Ha7 -BuEraGMzbG938RSmJo1OnXqtw0StS/XAgN3kGgdZMnbJ8EPlDt2yKxvehRWGaO17 -gbVCiHJtF147yOAr1dKLK754uf0kqAIVz/uAxwNbSxpu3HIzn843ipEDh8Wv4pdz -dXemW1kjMCuaq5H8r3xNfJhuvaq4cCeRxopq0aoeHkWhjUjCkjFGWFdZ5FadxpKN -M7FgduzCDjVcXcISp9YSJmpc5lmOKaCogv5jKvJto4StOnshHjkBIqh3NXf50OFr -HYDlYxgrcHV1xwuJPm9aA5//01u6jNXp9hHs+lHqhSOAzmVfGN1DRyynlRVLZYjh -rFxzlwPj2Q== +AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAP80/xbmF4N5Q +95kjenYsT9Vd8opJyU3oN3YJBWH5aXIiPklorB/L2LeRbJeuzHMD9bCPP6wyvP3V +QvBzNoQCqAHenTbz5lu/Iw+mRvlvhVzGBrzYmfFWVnSUU4YBnkaDpl2davB1uA2u +RtncNi8tdZsbcewMdZApb5Kcd3XHv4SCIRa6k19IFs9+aiCRAfIND/voEX5lnYxy +kXvgAv3h+jGA8C+tc/eM1/Q/M5an4eE4p+fi5bxaUdB6RUlWgo+wiXVrXrcNdZxI +25qEOCbkObuzjxNIWENFalZUzGCILvLu8A2h9STgnxmxrhwx9+8ipc6wayJwBiTp +8Hh+BZBGcQ== -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/i3_2.pem b/chromium/net/data/cert_issuer_source_static_unittest/i3_2.pem index c92719f4d1a..365096b7618 100644 --- a/chromium/net/data/cert_issuer_source_static_unittest/i3_2.pem +++ b/chromium/net/data/cert_issuer_source_static_unittest/i3_2.pem @@ -1,4 +1,4 @@ -Generated by ./generate-certs.py. +Generated by generate-certs.py. Refer to generator script docstring for details. Certificate: Data: @@ -14,30 +14,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c9:4c:34:72:23:55:0b:48:d2:a4:6e:69:e8:68: - 86:c2:7f:ff:18:a7:75:05:00:b8:76:f9:1e:89:38: - 4b:2c:b5:fa:56:93:96:28:a6:59:a4:e4:a5:e9:68: - a2:b5:0b:8d:32:b4:cf:94:e0:9f:11:14:66:9a:41: - 25:d6:de:f3:6b:ff:6a:b9:e5:61:6a:82:ce:65:75: - 1e:c6:78:14:53:90:17:83:a2:07:26:86:08:b6:9c: - 54:be:1d:0d:dd:53:01:5f:50:21:37:92:c0:a9:2f: - 8d:4a:51:48:73:1f:7e:17:93:5a:5c:53:c8:f0:25: - 3e:94:ca:b9:82:8e:5a:d5:98:c8:1f:c7:f8:8c:9c: - 87:7b:8e:ee:da:92:34:6e:ab:1d:43:50:7e:87:f9: - b8:f7:49:58:be:f7:54:78:e8:21:6d:96:45:fa:68: - 3b:99:9f:4a:86:40:b1:2e:fc:15:e4:28:8d:3b:13: - 50:8f:33:6a:b7:c3:fc:fb:d6:fd:0b:97:c6:05:d4: - 6b:82:38:b2:1d:e3:5b:9d:60:97:de:1d:bc:1a:ed: - bd:71:44:18:d6:4d:51:3a:db:8c:f6:da:ee:08:f9: - 2f:ca:b8:ee:5d:4e:1a:1a:38:8c:79:30:9f:ba:4e: - 54:eb:86:12:1f:cc:ec:5d:c4:36:07:89:bd:40:57: - c9:8f + 00:db:69:2a:fa:fb:3f:74:eb:e7:a8:42:19:92:88: + 30:f7:1d:0b:77:09:d0:74:17:3e:2e:93:57:1a:49: + 4a:10:e5:37:11:13:0f:25:fc:2c:11:eb:8f:95:86: + 9f:c0:67:b4:be:5b:58:71:d3:66:09:ba:c5:db:5e: + 43:4b:62:b3:6a:c1:41:fa:a4:e2:80:3d:72:0a:48: + 26:e4:f9:96:ae:4b:b6:b4:2c:c6:5f:53:bc:80:65: + 13:5e:a1:04:f1:e8:18:9b:e5:db:15:04:29:2d:c5: + 97:7b:9f:a2:6a:f0:bd:ac:f7:89:c5:6f:5b:61:39: + 97:82:eb:19:02:eb:56:a2:f7:2f:e8:56:72:26:f2: + 8e:d8:6b:6d:4f:0c:4c:4d:bb:46:b7:f1:4f:37:33: + d4:9d:8b:5e:35:92:7c:e2:79:1a:55:fc:01:17:b1: + 26:2d:af:e3:16:e4:96:2d:a6:41:81:ab:16:b0:74: + 37:39:65:ba:12:0c:f1:8d:a9:1e:3f:51:91:a8:50: + c9:16:b3:ef:78:25:67:e5:c0:22:ec:93:64:50:a7: + 81:78:10:00:28:df:17:c6:35:cc:9c:f8:50:83:36: + 1f:a1:24:f4:44:c6:2f:69:a7:bc:36:73:69:3d:bb: + 24:d8:19:74:1e:10:25:e3:0c:fc:d9:e2:95:2e:bf: + 8d:c7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 1B:D9:9D:7F:59:30:84:1C:E4:92:D1:19:FF:EA:8D:02:B3:C1:8E:50 + 40:F8:36:2C:4C:E3:28:99:C2:3E:78:F2:EA:68:AB:4F:01:7C:FC:28 X509v3 Authority Key Identifier: - keyid:B5:C3:65:5F:95:6A:F7:19:30:E3:80:DD:EF:B0:A4:1B:3D:BE:A6:9D + keyid:5F:CF:54:BD:7C:38:9B:5F:A1:AC:FE:A6:6E:7A:83:80:A6:4B:F9:BF Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -52,39 +52,39 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 81:3a:5d:49:dd:8a:88:7b:91:2d:5f:81:b7:4d:3c:24:2c:36: - ae:da:4e:9a:8a:d6:8d:7a:eb:93:7c:af:ab:57:0b:29:3d:19: - 1d:ed:52:26:a9:3f:bc:aa:c2:27:21:d0:7a:6a:1e:15:82:73: - af:1b:0d:f0:45:9a:e4:88:68:b7:21:a5:4f:a3:de:49:6d:f4: - a7:f6:51:c9:de:53:57:88:7a:1e:1f:58:26:c3:34:7e:06:ca: - d1:53:c7:dc:c3:c6:6d:6f:0c:c9:4d:e4:ca:5a:e6:91:1a:03: - 02:ac:04:1a:2b:33:6d:82:94:62:11:8a:5c:12:02:6f:65:e8: - 9e:21:10:30:c4:1c:77:be:44:bb:38:1e:3b:93:6e:85:e8:6f: - 1e:7d:12:f4:e9:ae:11:06:11:12:4b:63:ae:cb:c6:77:58:c4: - 18:3f:aa:d5:bf:a1:30:0d:ce:d6:d7:4d:94:4e:4b:af:80:50: - 9a:5f:26:aa:49:c5:68:c4:3d:f2:e7:bc:38:6f:45:13:62:e4: - e2:1f:8d:54:f5:91:a3:06:22:49:ca:f3:f3:13:46:7c:09:90: - 48:ba:61:13:08:5a:b0:bd:ed:88:45:ed:bc:7c:9f:03:8c:5e: - a8:24:6e:4c:1c:9e:15:f9:d3:0d:d2:fd:be:ac:01:52:f5:7c: - 23:d7:1d:0b + 92:92:f6:0d:81:05:42:33:98:64:ac:2d:b0:74:24:6b:2a:0e: + 9e:c3:3d:d7:0c:06:48:83:1b:34:d8:7b:27:09:a9:20:c8:ae: + 64:96:02:63:b2:35:a8:91:e8:51:1d:1a:2b:e9:ba:d1:75:dd: + 4f:3a:52:50:22:84:82:3f:23:d1:51:0c:92:6c:4e:87:d1:96: + ef:d3:3e:f7:9f:9a:db:1a:5c:61:62:d3:32:2f:20:1a:c1:53: + e3:3e:38:6b:44:cd:2a:51:b9:dd:8c:3f:1d:14:94:68:23:e7: + 90:ed:4d:24:ea:14:c5:79:7f:dc:a3:3c:d9:9e:77:ce:90:6a: + da:92:3d:31:cc:e2:30:c1:66:a8:a2:11:78:bf:11:58:43:16: + e8:bc:f1:66:29:0c:20:97:79:bf:06:02:d9:9f:38:59:89:41: + fd:a0:27:ea:c1:91:06:99:54:f8:5f:3e:35:ef:92:bd:43:04: + c6:df:38:e6:42:7d:58:23:04:bc:d4:a0:0f:a6:f9:a2:c9:9b: + c2:36:ba:8f:6c:5a:25:4f:7e:ec:4b:99:ff:b1:48:08:b0:82: + cb:95:eb:dd:ec:94:db:da:81:ea:68:b5:03:46:7c:67:10:f9: + 1c:dc:74:8a:4c:77:08:f0:92:2d:07:12:c8:5a:86:35:9c:2b: + 2a:85:fe:4d -----BEGIN CERTIFICATE----- MIIDYzCCAkugAwIBAgIBBjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDTELMAkGA1UEAwwCSTMw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJTDRyI1ULSNKkbmnoaIbC -f/8Yp3UFALh2+R6JOEsstfpWk5Yoplmk5KXpaKK1C40ytM+U4J8RFGaaQSXW3vNr -/2q55WFqgs5ldR7GeBRTkBeDogcmhgi2nFS+HQ3dUwFfUCE3ksCpL41KUUhzH34X -k1pcU8jwJT6UyrmCjlrVmMgfx/iMnId7ju7akjRuqx1DUH6H+bj3SVi+91R46CFt -lkX6aDuZn0qGQLEu/BXkKI07E1CPM2q3w/z71v0Ll8YF1GuCOLId41udYJfeHbwa -7b1xRBjWTVE624z22u4I+S/KuO5dThoaOIx5MJ+6TlTrhhIfzOxdxDYHib1AV8mP -AgMBAAGjgcswgcgwHQYDVR0OBBYEFBvZnX9ZMIQc5JLRGf/qjQKzwY5QMB8GA1Ud -IwQYMBaAFLXDZV+VavcZMOOA3e+wpBs9vqadMDcGCCsGAQUFBwEBBCswKTAnBggr +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbaSr6+z906+eoQhmSiDD3 +HQt3CdB0Fz4uk1caSUoQ5TcREw8l/CwR64+Vhp/AZ7S+W1hx02YJusXbXkNLYrNq +wUH6pOKAPXIKSCbk+ZauS7a0LMZfU7yAZRNeoQTx6Bib5dsVBCktxZd7n6Jq8L2s +94nFb1thOZeC6xkC61ai9y/oVnIm8o7Ya21PDExNu0a38U83M9Sdi141knzieRpV +/AEXsSYtr+MW5JYtpkGBqxawdDc5ZboSDPGNqR4/UZGoUMkWs+94JWflwCLsk2RQ +p4F4EAAo3xfGNcyc+FCDNh+hJPRExi9pp7w2c2k9uyTYGXQeECXjDPzZ4pUuv43H +AgMBAAGjgcswgcgwHQYDVR0OBBYEFED4NixM4yiZwj548upoq08BfPwoMB8GA1Ud +IwQYMBaAFF/PVL18OJtfoaz+pm56g4CmS/m/MDcGCCsGAQUFBwEBBCswKTAnBggr BgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlhL1Jvb3QuY2VyMCwGA1UdHwQlMCMw IaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9Sb290LmNybDAOBgNVHQ8BAf8EBAMC -AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAgTpdSd2KiHuR -LV+Bt008JCw2rtpOmorWjXrrk3yvq1cLKT0ZHe1SJqk/vKrCJyHQemoeFYJzrxsN -8EWa5IhotyGlT6PeSW30p/ZRyd5TV4h6Hh9YJsM0fgbK0VPH3MPGbW8MyU3kylrm -kRoDAqwEGiszbYKUYhGKXBICb2XoniEQMMQcd75EuzgeO5NuhehvHn0S9OmuEQYR -EktjrsvGd1jEGD+q1b+hMA3O1tdNlE5Lr4BQml8mqknFaMQ98ue8OG9FE2Lk4h+N -VPWRowYiScrz8xNGfAmQSLphEwhasL3tiEXtvHyfA4xeqCRuTByeFfnTDdL9vqwB -UvV8I9cdCw== +AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkpL2DYEFQjOY +ZKwtsHQkayoOnsM91wwGSIMbNNh7JwmpIMiuZJYCY7I1qJHoUR0aK+m60XXdTzpS +UCKEgj8j0VEMkmxOh9GW79M+95+a2xpcYWLTMi8gGsFT4z44a0TNKlG53Yw/HRSU +aCPnkO1NJOoUxXl/3KM82Z53zpBq2pI9McziMMFmqKIReL8RWEMW6LzxZikMIJd5 +vwYC2Z84WYlB/aAn6sGRBplU+F8+Ne+SvUMExt845kJ9WCMEvNSgD6b5osmbwja6 +j2xaJU9+7EuZ/7FICLCCy5Xr3eyU29qB6mi1A0Z8ZxD5HNx0ikx3CPCSLQcSyFqG +NZwrKoX+TQ== -----END CERTIFICATE----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/keys/C1.key b/chromium/net/data/cert_issuer_source_static_unittest/keys/C1.key new file mode 100644 index 00000000000..875508ffc0f --- /dev/null +++ b/chromium/net/data/cert_issuer_source_static_unittest/keys/C1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEArnFkup8dtLzJisft76X0Ql3G29XJsHdFg9EVvy+bGaN8+/1w +Yg2Vp71YnyzVxXj8+iPglz2dDKHZcY8DKMd80Ql/lJB0wdvG7K7azVFFICM98iP1 +9lMjhrAWhErqvdQKGnCRcI0hBrme/C+irYAksgbta1Wsy61wRPHt1CHlzf4cQuh5 +Dn2HGAjBhTwy9u6W3FqEY5DjZ6P+MVLsvEMkhnelVqNM/jkv7dJ1ZFMwGqPOMM3y +exNxvrSAlZqjjvE69RVlqKORNBJn3DTPJV2P73lkSa8KPBeJtZXahSvfevFXHw+w +wbzhW0qGpy7Ia6OWxigp1jN88udeGQlsk8sUzQIDAQABAoIBAQCATz3FGzaRc29X +GjnEVS/2BN45YuYIW6KRE6DIUK7ny94px7/7D3zttZNS+Xp/1r9VCkCvXg1/dijn +o0aynxEK/M6PqzWGRi7qdq7P6KBMxD9TNOo89egisLDPO/+wAyAvVG9V9yi8tpnf +avZgYeob3IaTtZ/07KywubaymwBaZADeAYUlbht60PViywQoP9r96yvXBgGtT36l +uW8gjPmaUuzBQWnTfCoM7Baq0TI5cFdSfS2reJ9AWbBiMmiDiMWTcVq9050uiirk +wUcXOcFgE6WlHY1xmFzdgbrSvxIfQpqq3YDTz08X0GG2CCAsOrn5PgVan0QeYMlL +SrXnxGuNAoGBANcwC31BdAP6gq+HDSCugIlslQHponx+dOC30uoLs2Ft7i936mg9 +HLYcQX4qOAd8McKglsScHKhAIcbdgEBrjIHNje+DWY43gF9TvVEN23nJ+8FN/B5a ++6mOnUdXlsOKGwh9m0t/L9nFYXV3bd+eJdSCW+vGBWYXZdCfpbHR3e+rAoGBAM+H +FFipy1idVTYRyeYAVRiw6psZyxfSrTTIKpLSJUWmvihZdg2i42uxG1j7DFILQKAh +NwY6kjs6PcW6JhaRz57siJIJR2ICYOGFfJCmXu6ewmfgfG+7PrYGBUKjtTZ13Xi7 +JY4jw6qIHF7c/kMj7DK2dyhFKptcMGGMoqYqY/VnAoGAIjDLEorM0TkDfLo7lr7D +Q5KSFmy12YwKLA5pH7DePpPF7ZrjDs7u+eyBZ3dz0ZSlH2R+sByR3RXbiAp3r0Sn +XZR4gd7f4t3kssDOasuF3NMAAlXOwk/4fpdfXA+Jr+YIp4+1lghOZQ6cjpp8RbSO +FDbmPg8HmpILJlvHavqKheMCgYAv2z2U6Krs53NEAbwmXwNAq2Oemscb2kh4+IPg +0bcopbgKQ/8WS+7X4cKltVb1AIVJp/8xX4ZjRB4En9WytLNFOdSQoLUmY9gFiavd +C5CuxEueesUXWv2uKhtCb9AVG/8TnUyex56Sj8rDEYFM6FbKpws5bSHTK+I4TJ8h +ZHsilwKBgA3qYo8z/eD7NJEn3fta64ZcWbPNyP3hP/TUCD9kq4iwWN8VLnl6lojm +t+7jqafgkPGoLmYT2l76cIQNCHopbhsyFDVYzSC3z2sBNSrDsHjvJ0bpmVfvnfov +E07ojdu832SXZeDF02nwMa9s+CRLtNf7R3HmbdO0SgY+QAQEhnn4 +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/keys/C2.key b/chromium/net/data/cert_issuer_source_static_unittest/keys/C2.key new file mode 100644 index 00000000000..b86252ec26d --- /dev/null +++ b/chromium/net/data/cert_issuer_source_static_unittest/keys/C2.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAuZ72U8qMMbQKaiYjEQPM4eOTnth2UokvDEIVIcDZvBbqbrw5 +wC9iijXJlXFNo0Wsf7N+7Pqs8+i/ZgIasb3OeRdqGRKW67Gd3eMcaRXh9jTtuk2v +ClADQy+dfI55+pITLXMWqN5ywmEZVEsBL1yhd/z3gguqy49VDRnYqyyvNbT361Im +l15bAPOoEvrODQ1WzRUcemeCn7P7XwWct581ZjsYk7gtHUebS17zIG+Dx12R0isZ +nanzRv+T6z/7W0CgjV2rpd7RAtRrPhokXIai7J1QG8OSIidfp3lbQJfMyhD/7QYq +URHly7EKgoSSLwAQbRmv22ZTjfcQs7xKUoPrsQIDAQABAoIBABZcbwJDGUZ3kPWe +qITJN2pS9xqgqwhgXFmWsGMDj3dYL1+trytWygEqX6FwJ9EueIxdvEGiJSmw9TW9 +tSeKXRA7YN2qXqIAIKt1S5vhNfpp/+V8rESKxQnX95nktA8af9Lu1WD8g0ilV97O +tlLVTuJciBiTfTzOhIlyfqaIWIcYlFsEiJ3eeRb1TH5374LUNiFD6I54F5E03KzO +lUlv1Rn6xQ5OhIw1BE3EOpR5xXm0fIOP57OQyEHcOdgp8WuVgW03LeHBNe/Vx3Zj +0ONM6Y18XoV6dpnnv2WkzPgA8CtToN87QWig5zrdjquf0gmc34ZaE/viRK+fK5qM +y+lbsgECgYEA5SOI2H9B9vF8TfMdDixBV5KGT3fIHWOQdFxj1rvJjflvWf+lm+f5 +d8HN20atbSyXQDW5+rzKepLrvIa1GyUEPhCZQrf74izWF7u4xaSmYpin5bhok3Bo +dQrIr6bONLL2q11OQiaW2REDCkDCvYOu/gYAlc9slcYb1oAohaJDpmECgYEAz2F0 +bT37J+3s8eqLa++XiKIG0E4vhqfwn4CY0iSGWyI4oN/EhgfC61GEoWjXQ4fvyLVt +rMo5ZLVb3kEbs7T1HOk+W/5bDB1fExL9S65AhxFTnJZ9uFntDFq65Z3PrzvIYmlj +ICsvFMc8PBOAmfcAOv4FBPislRcTo/uZAZxzp1ECgYEA4esvOYX/G+LslE5nD1pC +8nzdP+zxuUg5XQDazxVHnFualjmgpx8IsDK9LL16sHGOjxhpzfXmDQReuPp4BdNx +Y2AqO8X66v0Z+Tx06Sl1gzDQGYbAVN43n26Kf+UO2pa47iyIxGAXyt0jCjDf0MrM +9lgkq5BflyxEtjCVw2xBFwECgYEAvvhwnbTJF0EbxL8HOxM8yT7j5WlKjMcUZ92l +XUbzTvMZkNPfhsmY7th3uafxK6f/4SVp5QeoiJwWCHqOhxOp8MC9gzudHm/hwI/p +H4tMstT62SUgiuaMy6a1m4OS4Dy+UBnahaIezhSW3H/dGmuCE9EeUDCrxPOmS4kC +oqAvRLECgYByuRj5W5n8co8o0uiI5JvPBk8hGtlM/hrViL3GEbGqp96nkmIhxFM7 +A77MpFdpzU0hOi2zuxg6KNc+E9ptdDsRJnodt1UXipYP8tjNr8oLp5xmC/misUHm +9ywaW5t5ZxbdhfSA6kuEqb5Lerb/ytrvTBvZlWZKgeZ9bKOfqPi8kQ== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/keys/D.key b/chromium/net/data/cert_issuer_source_static_unittest/keys/D.key new file mode 100644 index 00000000000..0133ecf7e9c --- /dev/null +++ b/chromium/net/data/cert_issuer_source_static_unittest/keys/D.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAwq4HSjXO6ia/udSsuMJLQMeZ4lLVJIqDGjH93bTsuYqQZ9l/ +0+p/ipbWq6Xo7llhbfN/JhSCGZD0ZSFoIkVYWi7UlDGnEywnDwcmmnfcR5rXBBiU +vQnj/PrvRGHwtsZlN5WOxWeGf8xY5+hD3u7L3q1oAJX0zSHn2zMJwW1rU+uN81PM +eqPwhrsPLD+UEdXdUkSWwZdK08pIQLVnlT3GWESsbaMvpGDrcki4Hcs9awqwvz1C +aMx9KXgpnj3sFq6EmDH+zrK196yJ6N/H8a2GOCL8JGZWzF8J2CPr0meWsWfe9q67 +jtuIqTn8nII1i7hJVLRfeFuUw0+fvL8LBvwEZQIDAQABAoIBADHRnRX1jRzIi7m/ +Xe/t8JoEOjH7poWyWHhkoKWSvh2BAxFATIDrenX5wbetPl14TAF6FWimSODIAnK6 +yM40VrbFUysVRb8XRmuHFe7ji2BblHh83ds+Y7SCdqZWNeZgANjnkeCcbIPZxEqc +Wnn7O/qg/4Ne3IV+Dro+Zlm0aYnQxHly7m/AdwfaZ1RZVfInF0dvjZylkbtmJuaC +hsJ6RAq3jQ6nsyaEbEqdAxbnJ2evd5PhlTcADsxgKBCKySMrUgK+QbAgYzyY1EDK +ndYwQEDBgXEde2/z6aFfl3O9usthwqkG39+rna1CJlqj+oRVyF8/lqpBdDtuaPBJ +qJd0iAECgYEA5IP8ucjMXYJA3GvUMQZq+do5Pun7soGU55Zt0Q+/VrCfyoAWD1FX +iSMS8A+kfuM8Ju6nzchn1Rokx304++CpE2MQm7VZiU8NTIMIGxEsbsm1+hQHWd/n +FC/mu9kIFV4GwKfGRbb0ZlkXwo308PMYdeiDwPj1X2pzMqK+TFwbRmUCgYEA2hg8 +Kd73HSvOo2wakopDtqET4/d+EVp35T305XgXYMHMXB3d8G+9hcx3KeLrMWXcUXAY +RTi2gewz8nV60LS1i50zBrZ2z/0MdY++0LC5p6Jrkfe4WlXhJztS5Wb4EKwiNoVZ +IPMQ7Dumxhx/mpdeOUgiynYtflfrjC9B1Y/65gECgYEA4Sd/EprbaeMV/1irOSbG +rqmqr+ehnQ96ZPjd+RhYAZWDy+WKVsthwXhyh2ASRwekVAPgCK1GST06MeibBeol +DToVuiXkM5tVUiblDK5OJlbO27lySMaJC2XrJPlBsrPzWU212SjcBCASfhqa1fHg +DwTrFG74bWwYVzLs55X1NdUCgYEAwtmUJvSFYxKYc3lJ5FKTXL9cvfeIMojZRX6t +Jba9bDy5EDO+7elnMfsTG+EYr/GJfVjg1jdtF3aokp5TM9O/vxSbWgv66qfyUbYz +jM/XjuWVpbvkgRDpL9vYnAv65SplBsDseHuxSt2giq87cip6jELeknQzAQYb9Ark +jqEsUAECgYEAlZ64hDcl1FQOoXB2bCW+5aovqA30+aVIuajWV+mDMhLU13cU/diF +MoyfNxuR+DW6RynyKI4jnTY1QYUoNhgrefXSFN5J+W/iq6eLl2WGaliMaFMzevkE +KE/kP8sG+SW5wtU6WGMxWYAxnNEW8nVm+8sL3jOLFejIF0Daop7aV0U= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/keys/E1.key b/chromium/net/data/cert_issuer_source_static_unittest/keys/E1.key new file mode 100644 index 00000000000..ff46f243055 --- /dev/null +++ b/chromium/net/data/cert_issuer_source_static_unittest/keys/E1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEArpFrePszEYK7Us4itSikwbsXZUlvhQiYPyvhttVDQlyfMLWR +nChqZhNiss8BkBsMxliBm3j2dxLiGjKfqfPQWVaVi79ruDnVdwRGZkndHmURjVGn +tSXR0CVzACeYOgIxkIbPqFPdEPyl9imFzerJ2Qh7WIfDanLyF33n4r73iMh5tSlD +LproPOALQkfCDj6xby6pePAzDLG5Zzw/rEcUMx0qWjd9JH/Kp018qSiChjurb9Jl +buPM9nqWZYF86Y1kRkVG/PSfb2f4mivfzKk63jETqQiZ0f1Emb4ozXS8hFj12d+9 +9Supu+zzUOJ1uxna1PmJVQ8zH17sSB3gkS2DoQIDAQABAoIBAHaeMZz/c/AOGSNn +FoZqm6lYa8lTYQfQk0M5miIWP6G0Nidu+QZXIBVETuiZaMJ23vNX6JmwVCkNF74d +cAiXt5c9EljnNVb1VWuN6BhRUIL6wjZ4qbCZhjwddktAnFuuaed+81O5yJlmU481 +H8qQI5/p94ZsmgiXGpGD6DFW+fRixY8SHhK/T5xJd0C2XW/dQ2aZu3Uu8Nf49ebE ++0OZ8wmCRwDboqxnD3rpyJVIgBiQ4WC+x5aZk9Ihkuo3KJT8LpmEjta128aC6GEp +GnFvDFjanNuewr/lZLZyl/8TY0eqP9eL9vTyYLoJIuYpDiZfVaecY74PKqrPHkLG +4qenoAECgYEA2LXn8Sct/jbtzDUS61jpMxf64tWMOC3Y77mOvXkWZz1ia45vpoxg +aveVf9LqMmFx+OU0eVeX1/6VZ6vpgu74JQZTINeLHszmR4d8GZs5wk5fZWcEKzJG +uHD94RiWyl5BSSS5ppXwg6s3hYbZvU5BVjoJoGCo5vje30pN5J6QieECgYEAzjeS +L6uB9rf3DgmQXkWzwMXqS8imsu0jn/HRRtME8pFlYtJ62s1Sg8D1HEaohIT9+ehd +iP+4bpbH1dQj/4UNfR5mxq0lVPc6Bgm7sA7AN9UP5P7UOLtl2wgr7V+s1rLVkVVm +ZKEC3vx8U+DSc32ICVBOvmxkaGBj/bZK1i0BscECgYEAixYE7SOmQzhh2uRdZitE +UISdgyRnwE68ou9HC5hBprUhC8L5Kb2CzGRm0Qk/QmKEUahZy19Kl1hP75/IWT6i +iLDMfZGZOoVrbpEoNw8HPQwr8dryM/8qoIn0h5nOfceMwzMM7Dvjh75F/i8UZIlr +KbpKH2KqRMOJ12nLIGYcgkECgYBWqBuSVKwklWIIUBSOyROkaobumb8TaXuS9vdO +n9ZwaJEGWhSuZaHLJAbcfwTJy2k+31qO+4bxUgNf4+nMsojcjy35R0Fs1wdXCjgI +3+n+jFZFkKB1xqoixOhQs+fZwQTmMdD5cH/YXJmSVeOaDKJh55Fvi/UVt4vNThFc +t0UDAQKBgQCOWipJJLYeR51/IFaZnqxdVMvh7yl0QmUJHapAAcxrXG2TibMdYlt2 +O9oP0dOVDddJTe2RLRJCcGivL6w4bEuKA+EO4K56G/cS0QuI2dghpS2e1xoSHDfQ +JK5oTDjiTjaTwrH5HlpUjZWVoq7p37F5WEYhqGZztyhkQ8ToaQlqhQ== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/keys/E2.key b/chromium/net/data/cert_issuer_source_static_unittest/keys/E2.key new file mode 100644 index 00000000000..6f3b6e8f7e0 --- /dev/null +++ b/chromium/net/data/cert_issuer_source_static_unittest/keys/E2.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAzT+uoEA0IaFP5HJZX5cjo73xZMTFnXOmYbtoEjCXM6GGSqO8 +555DOt6+BhZuwFz6nuTtuUMa4lgMuZKPw9MrWcSSwDLbO0A/tVohpHIY+nmui54q +LfDtIAugcq+MAf/zE4NNihR+Z073UkDx6Wm4RlFbH+k+NPCHmvKkxCQ0yrlS9ItL +Fr3bvicdHjJxfKMsiuVE0DEhOfxW5se9Lzb377Q2PqI1LmU7SqwwrkdXSVjk8eZD +U9TszzpG7RkAn9n64gjKIJPXETZKkYk00McREZlNP43H45qQV+4PK6Dqx1R0Gzlx +LmtKxLx5DCvLFTAG6KyKdNNGcoL/WrxSoqbm8wIDAQABAoIBAQC+uTVo/iAzO/XE +X6nDFOvuRRuiOuMzG3t5h67+cB6gwLDMfPiV9k+czcygVYoWwI+2xR5OMBg0SgOR +Ear8GidHZE3FwbxMg7hvqdBnQgsJ/bZ/ULr7M8z1ITi4OX4Ngax77mBINiD7mLpj +uavR7QZqeUEHFzNR+EzaZC1NgiN4WDEIWpkDYD9gYD7OR8oIvVFJQZxpq5gIJtp+ +gqyiipDpCjP0EhP88tF6iYzYAWLl/RlgNhDP8Mv/8YLjoKNTtZzZHnzhr2crmvk6 +VgguKqNe5Z6cAQg1zrs2r1pB/I/G1b5WJbGXw6VzI163VJ2vGuex3rzR2KNDMKM/ +T7kUyQeZAoGBAPMl1lkbIW3dyh4Wa3/Rm8dgnMcD109HeOK7meixmN374Brsdlkj +dCJtTP3zU96I1ucXp3E7V25s3ugm9Mp3D2t2Tw5CTpMYPObjYdQGkFr6NBFkFpHB +/j4mz/w1hZMBRTTYbIC0ZlrH23rrE8oamV3nUu07YsdIF87QTD5CzdDPAoGBANgZ +Azy9wcnSKAqrDMDT1jUxzdIqOjn7KTPFXGbqp/HKyZsf1hiFX/RvI3u3ajAx4qH5 +veGNdZQSdJSUnZwgZ7iPJPLhj5Qsr/BsJYJtSscEcf57HVX5j/mJ5qt3HUX6Ul3X +2sQwXZaGpZqLmd47fr34UITJMeyrCgcweqmtuqidAoGAK8/4lKvH1UUuo0dE7Y42 +dLGa7l1p0ZY+WRSWwhAmTHGTSyaqmJtD1OQ/CE9tIF8l4hQoDsYzlek2LTy/xS+4 +7pMt4ZLfF7A5YR09xne8UTheY3fWfUMobciOl5KJVBjZgJEy0+otu1Ph3382XKd4 +VSxWi/q0bNY3vANaial97o8CgYEAp/QIyBTToQBtjp0S9GuwePeUeFvJlXbXtx0V +jAelMA/kUWSVCcnfoiMe+PC832hmNG3eXoeLcuJFKZW4SbgF5TOcDAmzhf6VX88t ++AjprXSPBLK7Qi8M7212kp2patH7YmR56zGMC4nq/Aq0ND0ZbJyqOAoHe2IUETJk +o6wa/yECgYEA4V8WtbetCOCexgOXXvCGIo4S9bZDh27aho0Jsvj7WcMaOOnetiwC +wJIAQo2ltPAMd11pUcqTBZ3V4PFb8H4nFb/MIQXcg4o54dUFx5bi4/ani5n/BT32 +KEG7bBErksKD0aHWoKZzPBdm6GJ4eCCy3qpE5yIqZi+HHysOyG/qA4o= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/keys/I1.key b/chromium/net/data/cert_issuer_source_static_unittest/keys/I1.key new file mode 100644 index 00000000000..c6ca1cc9a31 --- /dev/null +++ b/chromium/net/data/cert_issuer_source_static_unittest/keys/I1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAtG7bYW/sH9FuPfoSJzuM94zHp30NXrUqAo2XKZt6ZL0NVpsf +bnGr068QN5ArOvDuVUP9UOpGydgqp2h6EHShy/y1xLbuZ7SL9Y0StTzZDKvlN3IZ +vrKfuWV4wdFOiIYQV6rlCu8aQR0KVUk0Xq73TikHwjQfeQ34tybcm96lAFwOo1Oo +cz/936sYA7sK1tz3PgsoyGFRcWhI+lyHVIIZINkoLfoziUxb3KbZSURFxq89Gvko +RRBYpydndXuLWJKAo++BrpUnlytb093qerf/HNHext/q1hng/k+W1lnPhVJxdmLs ++5d041+1KWLNib4DMFtaNV0Ioj1fs4tgC15C5wIDAQABAoIBACO5j1ZLgsUKAnni ++ZUrBU4+YYmYCP2ngRngTv29+w3XILz1GdQUTaEsGFnoAac57PaU76MFv95XHprm +5MQ9U4vADX1Vev6tkMidlgasdY08u7WuscpAM7/Rh4dYmeQOJ040WAVCMkCSL2mT +hPr6SZ0AIrkg+NpPGd+poiR6gNEBE7MXcKKECxw73HjzmhFzjb0+cQOljAd6jbtB +CGY7cD9C6dafWEUYg7FPLC0SXD1ZIOdTCdJ0brsWBaOwDClxrTDBxChsxLnh4bxl +Uizv1HKDz8T8aBbaDMJBRSdcwsND+TscZ+bbDwx+WfflxgRkKSyEPRZwA/lGKA5d +s3HIY4ECgYEA6ukJKhoyyZX8+VMbHj2oe05feQCqEFu270iw7ACYny5AU6JS0SlQ +XWSNFeEDwkqsvwP3fQnqmOzLWcNgRegpOINFPgA1UXM2VAI8NURX07uRx9z0hkUo +YAGU2JhI5ifaVmp0fE3xjwST3Gl5yqKf+vPzxHrdAM2/OSNgJ0nxxKUCgYEAxKHD +8vIN4eUpr8xmuvCwjem/m4lmxHU1MX2cYgzQGINsJIjyiHtuZ7SmmN4FngFtiSEH +pM857YIUEZuVHmz7TSFRJsFLsMLrVN+yd0xuqZj1jHsyyiTyEF6fc0LDYA15b/ok +rJbctMtG05NoQ2mZgM35i7uBFnuXsV076ntt95sCgYB5V6jpO6EyaizDqX8fjuAB +2ckNWx991bJYRidFsUUlLKID0ZyP+JRPucn7HEFx0lsLTIRB7aZmGiMsmfSYB8WL +MJvK3BaunSHaIVFyfnwTnhc+s08IMJ8bgJWfkIJPiRSKgPDs6OI3azjpqP5Fgt26 +ptsrif+xE5aMcE6R3OtrFQKBgQCCDgi/4M/D0MIAz+5GyTnNs4STSI8bc/ap9E4C +ID1naU2W4KmiEhnVKAxk4bzPZFxhreITZSkIadgCSWiZBjY1LssxGfqJQHNM4OR2 +uawcKtqGf1n5j/Q3VY6bOtZk6qSeptGpAeObBTSkbkQxCmCIbDQY8v0PtNGBc4xU +rCzw7wKBgDgXRAfXxnTZTwtZqgX1TnTgHos/ekZwrgvm/XBwJkvp7TjnTAPB0v6A +VOXI4BsfyJ2++25b/vztQPY/bhPusnUd/NbWbJHl+27gW9BMJvVk2P95lRQsTHJa ++a5cviN6eimu/OCmwifgKI4rUW56jCZrUbueO0HKDUN0J3yMk8OQ +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/keys/I2.key b/chromium/net/data/cert_issuer_source_static_unittest/keys/I2.key new file mode 100644 index 00000000000..8cc60ea09d5 --- /dev/null +++ b/chromium/net/data/cert_issuer_source_static_unittest/keys/I2.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA0WkpWPvYf0dib9Y/SpPVN3MnRR3mc9V+UBvgl0rZaZBofqsm +8MUqETX9y2jPML22WcXYiw7IGcTXYdFkYEESbjOIrLlRTw8mn0txofi2nb1xnzdL +ptupIwbwwyKza7fl56H8HylITZaoNR4KUuXJvesgvgJr/lS6fJggRfYJ3GRfsxHs +a0Ye6t6YZCnCmMnC55wjhXR5ENGze8C+N3zrljiQNUX3MG9Aixa+3Q+di9Swy+FB +b5Tn6YOloFpP/c2Q68ljsxkXEkZKY0iTRCza6o9r1ygoW0Pugi3OCrk1bBYKqAvC +ErEOMq4z7D44bXSISXeZT3hZlvUREIY7vi3XUQIDAQABAoIBAQChAU29EMU/9s6E +ViGLYWZJn8vNpFOPM9JOHWDscav/Mfxlh4oFDFJvsSdUwVyriPEuzKLVJ6RJy8Id +fzTBnMZi3FR1GHafZnK3fvX7JpKhbQpy87zCqZi9SZTLM17nrxigozaJbuAcZ30k +edhOLEaUMreV357QiKxpJz2JDMZAH7ff6J52iKF5x/7DatuAho/jzg5WBqRG9kR+ ++miTw36Qda1MrlzKCum1X5xwokKlrcOEDHJaICYU3z2ECXTbdroLqXs8SoWX6Scd +T/rncrJMBO6KCkB2mEJ/qp1e3sDSYnXT7/eV7CGdzXq4JfbCznj1HFOP7Igwb5lA +R9VwZBgBAoGBAPIct1+dayALcnp8YaRsUvb76RiYiXJ+wLqyqt4AJdhsHoQ0az6L +s/fsHu/8hWxBKS5aUtH/GLePDSRrSNWLJ6YpYF4IrVb16C4mjjF6O2RxyR5Wo1l6 +d6knG0w9xoi0+cGqj3hLxRiwEvLy5rN8AXxGyMZ0Jhh+VaDu9Th2fhihAoGBAN1s +Pk9vYbZKIJN5Dr5L1Mj7daiQq5FX6Uj9xDPppcqnnG0CkCvuCR6NZx/cN7+mUkng +njF2sOdkIS34iIrIRKBjUxmXxsOyDDdlRpBpPdhuiT3WuNILScagUzU9KsQKHEOC +5GwNGJbRmpScwAB1S1Fpyq6e7EbC3SDAuaYPfNCxAoGAN3OARDPnryUwCQGn02LD +9bFoh6uX/1MsjRYSsFnUUSciLiFbVq3kgCniRBDP9iVOa0FgqpwEazYmSmsP+Wiv +ogzj92WBXeNgVAGcm5RlOfIdoAczznCQK3u7ctDLQdBBS6vmxCSGdcsN6/rZ/82t +AWus3FcJyp5UulFAdLge1UECgYEAnqDYdwIdp4GtmtlEZbJf6+iyXyPdtg+cEm2y +7Vn7K5cuqq4GaWJr6BZ3hcy3p7ZZB5JC4r7cd7k1SADgmURmXd0qgJBKlpJszBbj +Gbw70V1HNyUoXVo27XSYh/CdPbrcisUwLfSn5AyfyM4Pg4SEg/vdd4JlVUBvOPK5 +Ta2UxtECgYEAoiYPSk6YwTSslouGq2h7KISm5W7vfxKB+rFtnUVNxamU75caS+3v +lKQcbVxFc9l855gGbQ2DZbe1bWmnOCT5lDuhR92UCLk/+GJ8Pxbtrd6e4iUoC0IZ +DilqFjHFo5I9FrfsERlpve+xwjfXo4jxmmB/g6A4v9JHT8URYTIfTHk= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/keys/I3.key b/chromium/net/data/cert_issuer_source_static_unittest/keys/I3.key new file mode 100644 index 00000000000..fec5131f410 --- /dev/null +++ b/chromium/net/data/cert_issuer_source_static_unittest/keys/I3.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAzK3QUsPD2yLBz9RAOdzRdcUHJgjXmd8G3d43jJQUFkRpCeda +Fwi/1aLt/dfmrrwznEJO+yBalINPYHHotv9oeMAvCQXNJD727vOMmNsKFZgdSNzq +EecNUmENtNN6VUC8KYKgHgLTAO2beqlIdg03qN1A+BNEHhw61dvK50DVIndZeEP1 +td/XfttzLOZzfAnhoDDtjMFOfV1MmzoPEzOhnz7YBlCeDy9Z11t624A2gSFbfgt9 +yC2MHB6fxzu2eG6XQLlVBBsrokt8oWqmRsINcAdgm+RSEmr1+UBEDL018P0A19y6 +np7tMMTI6IvNTlxQZhIA20NP1mfWT39oV1Vf+QIDAQABAoIBADaPht7pLIZ3x25d +SBmkkXlxYixzYvWzjCMMn4Yr2wbsiYuITm2heXG7kvF94hJmPOPEkUVEJKE+N6Sf ++Mb/Ypv9rwwarcqhtjWQWsRMb22+NOA9c2/+RYDWOk8fqJadQQtXtNMLMbAnprCV ++6jscQ/kmvMGP7w/Djf/9SCcGbSr3eUU0dPOLvNIGbA8Ir7bmPdN2uSH8NVqG9h7 +RyLtdexgBioylEitgG9fStQNG7dym1Xj3jaXclsRJoPg2Garf+5qng0Go1d5hK55 +Sj+NNoq+T+voZkwv6ut6iQn0ijM/To6CdIypTg20f3Jzv/zZTwG9zsAVDA3V50se +dnsNYAECgYEA7H57fnStW8tRsHDkW2gGT2ZXc1xAl/zxCHRgAot0491RR7hcRhum +wfyw0asqYJuNdefPili+WUBGJsZxm6Fnh5o3yaB0SlR7nsCOEN0rjuXWqNMxup69 +FMSdbG6jXczIw833qyppW/eXWgt1SyWPrcXaUMvkBqFUkp9ycuPpJgECgYEA3Y+Q +CSq/Yc0qrF4ypFuqXLKN+oVV3/OlTymmF7F/1crAEhqJ1V5VM3asgRseICdPN9hs +A3WujB8c/9xPp41DKWmvZ1iuShsCenBDWqOJVXsVoM3DWjhboID15Ezs+PCDV4kD +71ESY1As+gBMQHGFcyHrijnP8Qmr8HgTvBL5afkCgYEAuNhDfhuERHMublJOqoMs +K3M6dxhsBF/XpVwQjuyheFjL5trahJGoTYdMTRUUEl6Cut1tAh1K6keqjTQeKB6H +5R1M7XNUcaSG2xZ19Ahqu0458crg25SnBUyIHvB7EB237hNWuZp0r0VeLys1in7Z +RmGWugAjQmtmxxOJSPOKkAECgYEAx1YJneXC6Cghs5DQeUUrglj3GiTqPSJFYXK0 +R27f96aBpggQaFKFz1Z/H20Zbo5PXIwvqfEwCEtZ2O0LEVEr0s+OCyojLPMeCLCG +OL8XqTujGtjlYH+CGGbOVAfN0K77TD8uthq3s3iH7qlj8TrxeMNU2jjnWBJ+ikxO +XRCpK2kCgYEAgErGxfYyuuAGnPb2x+4spr2/5WoDxwRyddYrhxp+DbEb21b+b/FW +s4mALW0+zd+SnDPfFf8FBGFb+A6niNokSfjxd7qsofTF32ozvxXmvZsv3VKiaNHM +93pbV0VBkmzsc0buqEdB/zyLfQVvXMEYkVSfIEo32PB5A3/AJvZoNuk= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/keys/I3_1.key b/chromium/net/data/cert_issuer_source_static_unittest/keys/I3_1.key new file mode 100644 index 00000000000..e21b3bf3965 --- /dev/null +++ b/chromium/net/data/cert_issuer_source_static_unittest/keys/I3_1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA22kq+vs/dOvnqEIZkogw9x0LdwnQdBc+LpNXGklKEOU3ERMP +JfwsEeuPlYafwGe0vltYcdNmCbrF215DS2KzasFB+qTigD1yCkgm5PmWrku2tCzG +X1O8gGUTXqEE8egYm+XbFQQpLcWXe5+iavC9rPeJxW9bYTmXgusZAutWovcv6FZy +JvKO2GttTwxMTbtGt/FPNzPUnYteNZJ84nkaVfwBF7EmLa/jFuSWLaZBgasWsHQ3 +OWW6EgzxjakeP1GRqFDJFrPveCVn5cAi7JNkUKeBeBAAKN8XxjXMnPhQgzYfoST0 +RMYvaae8NnNpPbsk2Bl0HhAl4wz82eKVLr+NxwIDAQABAoIBADSjj481Ne0sJ6DD +cvUnvW+bxUNi1GL1rJJqAOyqhp11EHgFNY4saLpH5GPAL5Vui/tbWOW+DO3qpEtT +2xs768WB5f1nD3wqwbBbzREEHDVmrsedMl5ubXv0Q+hhAxmyUC0ewSfSnrp/fC9J +hiLX7PmRTblTVP4HXiUnmBGOOnPQHiBMxpmtvO5RobxVt5/2pQEQhbcMKYRX/zSv +NNh7KIZmkxe0RcpaNfDZrirAKt3Mlq4AewY0FI2XRiMJiY+1lOGQfqFObAaDdsmt +v7+weaoux38A103FiNp5LaC2j7zTokgYCJ7Uc6846f7KHStLVaXb0G/X8NRVcY5B +D3KTy0kCgYEA9ayCc6/2J0eK0A2MSvJR6AqA0T1neDjgVVQNtQB6Gl3KPrZc4K1v +RVuXR2N03kbpm9iH01bDFLgdI4wyXVHnhtNEtwqIUyfVbTbUgBmrcLWGJ/Q82i5R +w8+WGnpyUB7tgZCYQglvjMUu6WCE0p3SevCE/snXCDlEozP46ifBZAMCgYEA5KIQ +SZT86mf8BAs9zcgB4fq0ZCCNGLvZZYOERHXmj4i18aAr2hAefAsfNqcucmNz/JFf +FE365czjvohp1RSR39ypNClMO+0Q/vq4W4CISi6rYFtb3L/G8HsgD382jg3WTPPn +lhlTC4DJ4zQrc2JOaPxQxQz3qwSdYlTNfS71/e0CgYBBD6qMkLETvfKZHr1kq7/d +P8rVnvlj8UwXzObEZJfxm50P9qOqLMQnDhaGJWSx6P289B8kbPnE5u1wmJRN+n7i +SdkM0JFB1G7FOZwVQLcSZkBdHGVxMosc3EDYSk0zwr0LbwujkXQlR6Mg0xrZ3En9 +nOzbvQBhgSkYP49QE683mQKBgQCnwb4/r2EwQaIp+XGcx0+SV1j7SuMcreDi2nA3 +p2bIFKCjrUnf1An6LFL30A2FgzG8tZHVHS6mZQMKb59v6IrsfkVs74xvQBBDdwXE +pffaromyxvYNcG3xT/aDSG1oKAEBL8nSWbyUaSg5XLMxE4XDBLfjDhO/2T/9wYmR +e96lNQKBgQCwHGtV++WnPafRsUy9JUIsxUJF5c3i6/yTLCqv5MHwXTUVAITKixvs +CWMdIYm2MiOMEeMKyfm/1fBTf3dx0TYC5KFVf9MOBw98kOd56/oxDkxsfCo+4z62 +9G8eyvWIc76GLhNk6cqmqEjLV5j8JmMPwvOtYiXxlq0psImSo/hBNw== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/keys/Root.key b/chromium/net/data/cert_issuer_source_static_unittest/keys/Root.key new file mode 100644 index 00000000000..86ed8c9c4ca --- /dev/null +++ b/chromium/net/data/cert_issuer_source_static_unittest/keys/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAnntK4KGHGNrfdgr5n+nR45sq5epnflopxRmupF/xRuurzEM2 +/dOmHs0x9afEBRv2FQdmaV+8nKOUGjW0+HDORuJxSIf/01ABlZtIJNlBcZCayo9b +4/kRLX1p0SlUTWtfRDY4jCJXimO4E8UCc3ihdtjEQYlXYuL+y6y/MCGV/9a3o0vV +QIwPqe8p4n/NoVaJXoBQlGgTRQDk2wEMDym+a1tqKaTVpFCaFY0eKL1ezZJIczyl +ToO2O7/YwDtnGqK7yw8mNECb+bo8M5UrsqBwuSfFwR+8Kl1G0DmiUcWIkN0bzoTc +rsxgpjd9DsLPY0++lpQryyMPiDhDUnT6FlTpKQIDAQABAoIBAFOG7c74s0hhSzde +z3P9+1Z3mKN26LcKdEtins4ZlwPnADP3FQuwujQvt+4eTszWkNtCfDJ7d+AiwtMR +jWEHq2BmxogQzb+kwkEEh4CMVNay/TJXXnoH8orEN7o6iykGtz4vSZxqGTNiHUmm +IwWTBZ6q3r0f0sPWma3lTRrkCLe+sdX52rkjSxtElqyMbjhpQdXHPjoX3YKviGKG +mZ4bucatA3e/l/50/gH1eIPLXKSQ6TZXTEDVFlFUL9pGjP4nyCPitYXNav7gCvv5 +qyYrBuF2k9MH7R+RGq8hghOh+E1x9jmQ4otPgwn4UrcZ2zb5nXIw3Fq4DMsNRgnw +RxmVAxECgYEAykAjUhFBfduGMoPtjHYkz8x+eW8qM/wZn0WEndoGgBc1jeZn3xzI +8pHlLGJeMXA0Z+kFy8bAnMK4eT9NZy7uvdaDFkynBtVPEjkadfafKG1Qv3MZ4Nge +i4vbjkTwV1zucYjdiOwMdsl0Xl7SV+FqtliS+Gt9w9ky/MuK4NqVB6UCgYEAyJlj +7rmzWe1Np8iuQ6cab6mr5ZaEoe+UdJRncpFTmMpPiqB/EWNkQPCSViG9z6lxA+QL +iFn05WlT2c3yYqLsi/3KVJNgVJQjlb3Cd4nXwWk7AN4eZwRCfqOvZUOcVtXViuro +GGaWZE3KwYtFPpLad7wMq2umN+Ei9TMBt/sgxDUCgYEApb4X8+o2PHjJKd6ZrnEn +S69uuf9Sm5VuPerPejiw+QmMFsSJvPqu5rKPF2dpf6RPHhSFbnBrakvct2gb+4In +niUL+htJCb2G9g0b1S4NUij7cllWDL+vkHZFr/po53893Ibn3YxrznDbT3bvc5tE +QzilALW+M+Br+2SmZAxc8w0CgYBTjiDj9RHRqVipRJvhrh8C1+ez7+g7E3IAxTf5 +rrLld49+LLAA7Cd8LTinC9LmRqu+dSSgnOe3DxJQLMqDb12cShAW/nQnhrTz0GDK +Le5ir5RWHi8HteyEl2WdhnX+bX9PJ92ZHFIUYZrM11f2YnEBYqDcXjCUIgDPpXlX +yxCw6QKBgGdVOSS3h8cIE9lUNLRIGjiopEItNGUrah8uK6dIEcfUR9TScv/S9Rnd +Yo+2o2wz0GWFt6+EeXhodq391DEA+7o03ri0CEGJWJ19bXQJ92J5gvF5IV2rbWQi +8APItQ/iNwhBkZj50nscgIezkj64V6H9UF1BaaF5D2+yLbbIiq6e +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/keys/i1_1.key b/chromium/net/data/cert_issuer_source_static_unittest/keys/i1_1.key new file mode 100644 index 00000000000..10175d5f192 --- /dev/null +++ b/chromium/net/data/cert_issuer_source_static_unittest/keys/i1_1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAyeRkI9JxNk1whDbsuwVXNVYMoGEfZPyHNUvNPRedavnV74+Z +MDbbl+CActIOMEL0xmc8vtyMBQIT4puroEVueBhPNK7uXU67R7Gvh/zUmRdCywa0 +xV/hoAx5X/K07nRSQ29ug04A4Mlm4eqYiW2FIxvtK9qvxWtCNUgl+acqVJD48bHU +k2HIwww5md3Eprguz5JXFIy5Rbr7dkDU2P5EVBd2uuLQ8iRkFBJlp77GGtdIuUqT +X7GzdlP4rV/SRBkDD/Ovme6WtYXtKq64QZBc3eAZDCpxrhZZGV0/RUReSrPghuoV +4vsMuLlvJKDGvPzzDALyUtg0/dyNNwgBavnEMQIDAQABAoIBADI13f3WuZdCvSf0 +rP16P40hQHSmkvM/prTHjFyUQe84AU/aC8Qk8IoeKHPl7+dqz4uEY2QoX55jPOTP +yGhMvEOb8B7vHpMQIJ2dAEW2yHzmfxMVMOIhjXCLiagmKX9gaJEi5n47aRZ+oFqx +SIxtM35e1KZidfKIUWgE8ITdYTa0gk+aP8dVQFnelrdzO+5gHtset2ExeY/7B1+6 +qT5ACQTHef3HXdl98cSDamniPtsXpieT3IbIlrHDwS2l7N9JS+cU9sl7tjafTQJB +0uYWotmt4R8fXjOzX0MQcSI2o/SZC/FX70H0rO/izPBaCmMpIPCz+d0TY4yZmjk3 +d+3c/sECgYEA5RZRHFx9Yczz20q4q15ZyRF2MFVQalto0DA011WQCmC/rqnQoTdc +sIFHViqAvJrCrNr3YU06eXNPNbgptp5Tr49fzZdpnMA2B09+z4lVBAuMBoLIlguW +EB1os6lK0+kSzuR74Jc/kHdsQ7LYG3rnclRxQMoAPOXDwGIO0KHOHdkCgYEA4Zwy +kWUBhugJ8M2NLf1uqmxdS0QZWXaB/V4LuUUmZXnkf+Arzz80ZuciV7P0EEvBF/Y6 +4VyxWUsmxFly0jNguSIK3I17iqQiBmgv2AJjsqhhcRbz7FRmQpGwmJKR9CEfYz1A +UfI43zZ72iUzCZKKS213nKDe3sJ+gJx3X8pFahkCgYEA0fk7jPhFP/AgD36UdxY6 +y23C25hG5cU086VLuZdGOAznhEtH24yn22wTG6pHZxeemdr1ZWzozMrg7kcHjMff +wolycTl35uHSY678d3LTxqpixND403Z5K/oYrpvb5xG5WILZ/EgFTf/37rEtHTrw +ir1VNOIxh5+9ZUc7dwTnrDkCgYEAiQj2Eig24DmK6DACQ9/+2xdNJ41qlFOOK1Z3 +aoZdByAdsap5Eb4DV0mnK3xLj6Zj1+kg5IgH1QP3vSXTv2ejpW/PBx4M3y5I2Hlq +LhttcTQjU6ysZmzxXBfgGxxT+OQxi3bF3cBx2OrgGaWktXjD9YK9N27jUIz0h6wC +OjXDKekCgYBZV/r8oV9VPYuMQS3RrH1S9p/wmt0ZXb8g5msfKBtDeuCqdaTuRtfh +GLY1XPhFkeh4GWJ65UHgrI3iw07UUoSLITC7cUY0fvYp8mjKL5m1LwR2mw/I0gtN +BgPu6gFkhbLkecmEY7zOB2jHdBoZEAmQqxhmHCpj+rBHRKQ/W4eRRg== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/cert_issuer_source_static_unittest/root.pem b/chromium/net/data/cert_issuer_source_static_unittest/root.pem index 318c678629d..785b7c04d54 100644 --- a/chromium/net/data/cert_issuer_source_static_unittest/root.pem +++ b/chromium/net/data/cert_issuer_source_static_unittest/root.pem @@ -1,4 +1,4 @@ -Generated by ./generate-certs.py. +Generated by generate-certs.py. Refer to generator script docstring for details. Certificate: Data: @@ -14,30 +14,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:bc:0a:87:63:a0:a0:fe:a8:d4:b1:9b:54:19:d6: - 12:74:61:bc:42:6d:1c:6f:c8:96:e9:6a:3d:16:e8: - cf:3a:c3:2f:eb:a8:7d:be:0c:3f:46:8c:b7:6d:29: - 82:a8:38:6f:74:ca:9f:14:45:f7:e4:25:a5:26:ba: - 22:55:a3:b6:98:3a:c9:62:22:a5:24:71:8b:66:33: - fc:b5:20:aa:d1:8c:83:f7:b3:19:4e:59:51:fb:82: - d7:fc:ea:78:a6:02:7f:7f:80:6f:4d:d1:3e:61:d6: - d9:f9:40:51:85:0f:bf:2d:56:98:d0:d5:47:ed:47: - e3:1d:3f:e3:e3:55:11:98:6b:94:b0:9f:ac:98:34: - f5:e1:d9:d0:f7:bb:dc:de:3e:18:1f:06:81:30:41: - 8c:ba:70:98:ee:38:0f:a1:dc:5b:01:b0:b0:6a:5c: - 7b:10:d5:aa:8a:40:33:79:9c:71:44:3a:aa:e1:f0: - 70:5c:7e:eb:ae:7f:fb:4d:bb:4d:af:8e:7a:62:cd: - d9:d6:bf:74:7a:3c:8a:1a:74:07:7a:7c:29:b4:f7: - 8c:cc:52:19:1a:f1:d8:a4:9a:a5:35:83:9a:3f:b0: - 46:1b:15:ee:ae:94:c6:fd:96:f5:dd:e1:98:7b:48: - 8e:9a:e3:fb:1a:57:84:c1:ae:69:af:2f:d0:76:99: - e5:61 + 00:9e:7b:4a:e0:a1:87:18:da:df:76:0a:f9:9f:e9: + d1:e3:9b:2a:e5:ea:67:7e:5a:29:c5:19:ae:a4:5f: + f1:46:eb:ab:cc:43:36:fd:d3:a6:1e:cd:31:f5:a7: + c4:05:1b:f6:15:07:66:69:5f:bc:9c:a3:94:1a:35: + b4:f8:70:ce:46:e2:71:48:87:ff:d3:50:01:95:9b: + 48:24:d9:41:71:90:9a:ca:8f:5b:e3:f9:11:2d:7d: + 69:d1:29:54:4d:6b:5f:44:36:38:8c:22:57:8a:63: + b8:13:c5:02:73:78:a1:76:d8:c4:41:89:57:62:e2: + fe:cb:ac:bf:30:21:95:ff:d6:b7:a3:4b:d5:40:8c: + 0f:a9:ef:29:e2:7f:cd:a1:56:89:5e:80:50:94:68: + 13:45:00:e4:db:01:0c:0f:29:be:6b:5b:6a:29:a4: + d5:a4:50:9a:15:8d:1e:28:bd:5e:cd:92:48:73:3c: + a5:4e:83:b6:3b:bf:d8:c0:3b:67:1a:a2:bb:cb:0f: + 26:34:40:9b:f9:ba:3c:33:95:2b:b2:a0:70:b9:27: + c5:c1:1f:bc:2a:5d:46:d0:39:a2:51:c5:88:90:dd: + 1b:ce:84:dc:ae:cc:60:a6:37:7d:0e:c2:cf:63:4f: + be:96:94:2b:cb:23:0f:88:38:43:52:74:fa:16:54: + e9:29 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - B5:C3:65:5F:95:6A:F7:19:30:E3:80:DD:EF:B0:A4:1B:3D:BE:A6:9D + 5F:CF:54:BD:7C:38:9B:5F:A1:AC:FE:A6:6E:7A:83:80:A6:4B:F9:BF X509v3 Authority Key Identifier: - keyid:B5:C3:65:5F:95:6A:F7:19:30:E3:80:DD:EF:B0:A4:1B:3D:BE:A6:9D + keyid:5F:CF:54:BD:7C:38:9B:5F:A1:AC:FE:A6:6E:7A:83:80:A6:4B:F9:BF Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -52,39 +52,39 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 6a:84:0c:35:b2:ec:47:ab:8b:be:3c:6f:e7:ae:84:8a:7d:6c: - ca:00:6f:98:51:15:f7:e7:fb:89:a9:43:b0:01:6c:b7:33:0a: - c1:e2:95:1e:d1:df:ec:17:a3:07:14:9e:04:9f:b4:68:f5:ed: - 27:dc:49:e9:b0:74:5b:a2:a5:9d:f6:da:f3:bf:66:9e:dd:43: - bf:ff:80:06:36:0d:1a:ba:52:b1:e3:5b:06:71:ae:b5:b6:d2: - b9:bc:3a:73:c0:da:24:62:2b:7b:8f:25:f0:95:aa:5d:d3:d6: - 3c:6f:68:38:2f:98:e5:43:6b:95:e6:f6:75:87:28:88:6d:7e: - 94:15:b5:71:93:8e:b9:9d:38:74:49:5a:93:03:59:03:59:21: - 2b:7e:95:0e:4d:ec:5c:eb:44:97:08:43:11:dd:05:ab:46:7d: - 55:7f:33:b7:96:24:40:00:9a:50:8b:8c:d3:f1:87:84:3d:a6: - 3d:83:2e:e0:49:a4:25:8b:1c:2e:c5:d1:7d:3d:1d:52:75:33: - f6:e0:41:7b:fa:92:f1:b9:fa:63:cd:c3:91:2f:0a:ec:6f:77: - a6:e3:30:06:4f:19:98:0f:17:ca:61:65:5d:3b:b4:b8:80:8f: - d4:de:ad:75:d6:6a:34:e8:24:3a:ca:f2:d2:1b:e1:10:bd:64: - 78:37:21:26 + 4f:05:de:55:b9:52:4b:e8:cb:2e:54:8d:a7:63:80:0a:48:02: + 63:b6:dd:f2:22:95:52:89:ef:4f:55:58:7e:32:07:d1:8a:46: + e6:00:6d:73:3c:20:8b:b9:12:b7:8e:04:14:49:b2:9e:58:f8: + d7:07:14:6f:4d:9f:c8:78:db:3f:c4:61:e3:a9:a1:97:e5:9f: + dc:a3:4e:9b:d6:15:66:5a:19:1a:94:1e:97:ba:67:2a:1f:ac: + 97:7c:26:c4:e7:42:b8:c2:d2:34:b4:80:2e:27:6e:99:ad:3f: + ce:d2:e0:9f:26:66:a7:46:43:a9:f3:a7:96:95:67:e5:34:08: + 3d:0c:2c:aa:ca:22:87:52:f1:25:3c:72:57:70:eb:d9:5f:77: + 3b:7d:a6:9d:cc:b5:f5:60:3f:69:2f:07:25:94:16:2a:92:9b: + fb:b6:26:56:62:1d:bb:6f:c5:03:28:93:b0:e5:c0:57:c6:d5: + 78:a3:2a:1f:23:6c:f1:3a:88:14:bb:10:a0:d6:0c:91:05:54: + 4b:cc:8a:d0:8f:c4:f2:1b:99:8f:c9:0f:41:5c:3f:8c:81:9e: + 0c:aa:55:2c:af:f2:e6:d7:22:cd:d9:a6:e2:00:b4:5e:90:7e: + ee:f6:3c:80:e1:35:9d:cf:dd:f2:ba:3b:43:00:c5:05:a4:5e: + 52:88:58:57 -----BEGIN CERTIFICATE----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALwKh2OgoP6o1LGbVBnW -EnRhvEJtHG/IlulqPRbozzrDL+uofb4MP0aMt20pgqg4b3TKnxRF9+QlpSa6IlWj -tpg6yWIipSRxi2Yz/LUgqtGMg/ezGU5ZUfuC1/zqeKYCf3+Ab03RPmHW2flAUYUP -vy1WmNDVR+1H4x0/4+NVEZhrlLCfrJg09eHZ0Pe73N4+GB8GgTBBjLpwmO44D6Hc -WwGwsGpcexDVqopAM3mccUQ6quHwcFx+665/+027Ta+OemLN2da/dHo8ihp0B3p8 -KbT3jMxSGRrx2KSapTWDmj+wRhsV7q6Uxv2W9d3hmHtIjprj+xpXhMGuaa8v0HaZ -5WECAwEAAaOByzCByDAdBgNVHQ4EFgQUtcNlX5Vq9xkw44Dd77CkGz2+pp0wHwYD -VR0jBBgwFoAUtcNlX5Vq9xkw44Dd77CkGz2+pp0wNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ57SuChhxja33YK+Z/p +0eObKuXqZ35aKcUZrqRf8Ubrq8xDNv3Tph7NMfWnxAUb9hUHZmlfvJyjlBo1tPhw +zkbicUiH/9NQAZWbSCTZQXGQmsqPW+P5ES19adEpVE1rX0Q2OIwiV4pjuBPFAnN4 +oXbYxEGJV2Li/susvzAhlf/Wt6NL1UCMD6nvKeJ/zaFWiV6AUJRoE0UA5NsBDA8p +vmtbaimk1aRQmhWNHii9Xs2SSHM8pU6Dtju/2MA7Zxqiu8sPJjRAm/m6PDOVK7Kg +cLknxcEfvCpdRtA5olHFiJDdG86E3K7MYKY3fQ7Cz2NPvpaUK8sjD4g4Q1J0+hZU +6SkCAwEAAaOByzCByDAdBgNVHQ4EFgQUX89UvXw4m1+hrP6mbnqDgKZL+b8wHwYD +VR0jBBgwFoAUX89UvXw4m1+hrP6mbnqDgKZL+b8wNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBqhAw1suxH -q4u+PG/nroSKfWzKAG+YURX35/uJqUOwAWy3MwrB4pUe0d/sF6MHFJ4En7Ro9e0n -3EnpsHRboqWd9trzv2ae3UO//4AGNg0aulKx41sGca61ttK5vDpzwNokYit7jyXw -lapd09Y8b2g4L5jlQ2uV5vZ1hyiIbX6UFbVxk465nTh0SVqTA1kDWSErfpUOTexc -60SXCEMR3QWrRn1VfzO3liRAAJpQi4zT8YeEPaY9gy7gSaQlixwuxdF9PR1SdTP2 -4EF7+pLxufpjzcORLwrsb3em4zAGTxmYDxfKYWVdO7S4gI/U3q111mo06CQ6yvLS -G+EQvWR4NyEm +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBPBd5VuVJL +6MsuVI2nY4AKSAJjtt3yIpVSie9PVVh+MgfRikbmAG1zPCCLuRK3jgQUSbKeWPjX +BxRvTZ/IeNs/xGHjqaGX5Z/co06b1hVmWhkalB6XumcqH6yXfCbE50K4wtI0tIAu +J26ZrT/O0uCfJmanRkOp86eWlWflNAg9DCyqyiKHUvElPHJXcOvZX3c7faadzLX1 +YD9pLwcllBYqkpv7tiZWYh27b8UDKJOw5cBXxtV4oyofI2zxOogUuxCg1gyRBVRL +zIrQj8TyG5mPyQ9BXD+MgZ4MqlUsr/Lm1yLN2abiALRekH7u9jyA4TWdz93yujtD +AMUFpF5SiFhX -----END CERTIFICATE----- diff --git a/chromium/net/data/parse_certificate_unittest/cert_algorithm_not_sequence.pem b/chromium/net/data/parse_certificate_unittest/cert_algorithm_not_sequence.pem index a7a66d7c090..89631f9958c 100644 --- a/chromium/net/data/parse_certificate_unittest/cert_algorithm_not_sequence.pem +++ b/chromium/net/data/parse_certificate_unittest/cert_algorithm_not_sequence.pem @@ -12,8 +12,8 @@ $ openssl asn1parse -i < [CERTIFICATE] MAwwAgUAAgIFAAMCAKs= -----END CERTIFICATE----- -[Error] Couldn't read Certificate.signatureAlgorithm as SEQUENCE +ERROR: Couldn't read Certificate.signatureAlgorithm as SEQUENCE -----BEGIN ERRORS----- -W0Vycm9yXSBDb3VsZG4ndCByZWFkIENlcnRpZmljYXRlLnNpZ25hdHVyZUFsZ29yaXRobSBhcyBTRVFVRU5DRQo= +RVJST1I6IENvdWxkbid0IHJlYWQgQ2VydGlmaWNhdGUuc2lnbmF0dXJlQWxnb3JpdGhtIGFzIFNFUVVFTkNFCg== -----END ERRORS----- diff --git a/chromium/net/data/parse_certificate_unittest/cert_data_after_signature.pem b/chromium/net/data/parse_certificate_unittest/cert_data_after_signature.pem index 09f94bee5cd..db0f00d3b7c 100644 --- a/chromium/net/data/parse_certificate_unittest/cert_data_after_signature.pem +++ b/chromium/net/data/parse_certificate_unittest/cert_data_after_signature.pem @@ -14,8 +14,8 @@ $ openssl asn1parse -i < [CERTIFICATE] MA4wAgUAMAIFAAMCAKwFAA== -----END CERTIFICATE----- -[Error] Unconsumed data inside Certificate SEQUENCE +ERROR: Unconsumed data inside Certificate SEQUENCE -----BEGIN ERRORS----- -W0Vycm9yXSBVbmNvbnN1bWVkIGRhdGEgaW5zaWRlIENlcnRpZmljYXRlIFNFUVVFTkNFCg== +RVJST1I6IFVuY29uc3VtZWQgZGF0YSBpbnNpZGUgQ2VydGlmaWNhdGUgU0VRVUVOQ0UK -----END ERRORS----- diff --git a/chromium/net/data/parse_certificate_unittest/cert_empty_sequence.pem b/chromium/net/data/parse_certificate_unittest/cert_empty_sequence.pem index fb7085abc49..9e084ba4fd2 100644 --- a/chromium/net/data/parse_certificate_unittest/cert_empty_sequence.pem +++ b/chromium/net/data/parse_certificate_unittest/cert_empty_sequence.pem @@ -8,8 +8,8 @@ $ openssl asn1parse -i < [CERTIFICATE] MAA= -----END CERTIFICATE----- -[Error] Couldn't read tbsCertificate as SEQUENCE +ERROR: Couldn't read tbsCertificate as SEQUENCE -----BEGIN ERRORS----- -W0Vycm9yXSBDb3VsZG4ndCByZWFkIHRic0NlcnRpZmljYXRlIGFzIFNFUVVFTkNFCg== +RVJST1I6IENvdWxkbid0IHJlYWQgdGJzQ2VydGlmaWNhdGUgYXMgU0VRVUVOQ0UK -----END ERRORS----- diff --git a/chromium/net/data/parse_certificate_unittest/cert_missing_signature.pem b/chromium/net/data/parse_certificate_unittest/cert_missing_signature.pem index 6fa7197bc22..55cee1dda76 100644 --- a/chromium/net/data/parse_certificate_unittest/cert_missing_signature.pem +++ b/chromium/net/data/parse_certificate_unittest/cert_missing_signature.pem @@ -12,8 +12,8 @@ $ openssl asn1parse -i < [CERTIFICATE] MAgwAgUAMAIFAA== -----END CERTIFICATE----- -[Error] Couldn't read Certificate.signatureValue as BIT STRING +ERROR: Couldn't read Certificate.signatureValue as BIT STRING -----BEGIN ERRORS----- -W0Vycm9yXSBDb3VsZG4ndCByZWFkIENlcnRpZmljYXRlLnNpZ25hdHVyZVZhbHVlIGFzIEJJVCBTVFJJTkcK +RVJST1I6IENvdWxkbid0IHJlYWQgQ2VydGlmaWNhdGUuc2lnbmF0dXJlVmFsdWUgYXMgQklUIFNUUklORwo= -----END ERRORS----- diff --git a/chromium/net/data/parse_certificate_unittest/cert_not_sequence.pem b/chromium/net/data/parse_certificate_unittest/cert_not_sequence.pem index b556ca3af60..fef89382a4f 100644 --- a/chromium/net/data/parse_certificate_unittest/cert_not_sequence.pem +++ b/chromium/net/data/parse_certificate_unittest/cert_not_sequence.pem @@ -8,8 +8,8 @@ $ openssl asn1parse -i < [CERTIFICATE] AhAwBgUAMAIFADACBQADAgCs -----END CERTIFICATE----- -[Error] Failed parsing Certificate SEQUENCE +ERROR: Failed parsing Certificate SEQUENCE -----BEGIN ERRORS----- -W0Vycm9yXSBGYWlsZWQgcGFyc2luZyBDZXJ0aWZpY2F0ZSBTRVFVRU5DRQo= +RVJST1I6IEZhaWxlZCBwYXJzaW5nIENlcnRpZmljYXRlIFNFUVVFTkNFCg== -----END ERRORS----- diff --git a/chromium/net/data/parse_certificate_unittest/cert_signature_not_bit_string.pem b/chromium/net/data/parse_certificate_unittest/cert_signature_not_bit_string.pem index 8c9cc909a50..7cf80d3369a 100644 --- a/chromium/net/data/parse_certificate_unittest/cert_signature_not_bit_string.pem +++ b/chromium/net/data/parse_certificate_unittest/cert_signature_not_bit_string.pem @@ -13,8 +13,8 @@ $ openssl asn1parse -i < [CERTIFICATE] MAwwAgUAMAIFAAQCAQI= -----END CERTIFICATE----- -[Error] Couldn't read Certificate.signatureValue as BIT STRING +ERROR: Couldn't read Certificate.signatureValue as BIT STRING -----BEGIN ERRORS----- -W0Vycm9yXSBDb3VsZG4ndCByZWFkIENlcnRpZmljYXRlLnNpZ25hdHVyZVZhbHVlIGFzIEJJVCBTVFJJTkcK +RVJST1I6IENvdWxkbid0IHJlYWQgQ2VydGlmaWNhdGUuc2lnbmF0dXJlVmFsdWUgYXMgQklUIFNUUklORwo= -----END ERRORS----- diff --git a/chromium/net/data/parse_certificate_unittest/serial_37_bytes.pem b/chromium/net/data/parse_certificate_unittest/serial_37_bytes.pem new file mode 100644 index 00000000000..3a52b08a70c --- /dev/null +++ b/chromium/net/data/parse_certificate_unittest/serial_37_bytes.pem @@ -0,0 +1,13 @@ +This cert has an invalid serial number which has is 37 bytes long (should be +<=20 bytes long). + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SERIAL----- + INTEGER { `0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425` } +#-----END SERIAL----- + +-----BEGIN CERTIFICATE----- +MIICdDCCAd2gAwIBAgIlAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTE0MDQyMzIwNTA0MFoXDTE3MDQyMjIwNTA0MFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2CvIpjLkYv9N89CtWYtFp73xR78JWHsivTWulyWGlKCAwLQfdpFnRjHQEIS3Ih5wI5FyyOlteTqFd4APxJUWdcVKcUzIYz+j8mOcKk+a+svBcW4ohSigJx5lHK4H1VtvLUPtK5CxjK8kba7pFzoFwb+4HK5lOxtYwtmu1qpniPECAwEAAaNQME4wHQYDVR0OBBYEFIt11azLCL4OH2W3+la+bKd12oWvMB8GA1UdIwQYMBaAFIt11azLCL4OH2W3+la+bKd12oWvMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAO+h4bZXWPWr3ExksG8KIriKr9I0y9XxxZ88t0RzCw4fi6b6JXOQ0q0iRwj+VritHniV4a0+aEKRy/c/3AgywCgikWuLldH4RHTlgaskfafMuYybcnu9regrhVFeYqnKReAR+H49lTR8LEqycJA+EFBpVLR+78J0JsghcWTJlgCY= +-----END CERTIFICATE----- diff --git a/chromium/net/data/parse_certificate_unittest/serial_negative.pem b/chromium/net/data/parse_certificate_unittest/serial_negative.pem new file mode 100644 index 00000000000..1570ab27129 --- /dev/null +++ b/chromium/net/data/parse_certificate_unittest/serial_negative.pem @@ -0,0 +1,12 @@ +This cert has an invalid serial number which is negative. + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SERIAL----- + INTEGER { `8001` } +#-----END SERIAL----- + +-----BEGIN CERTIFICATE----- +MIICUTCCAbqgAwIBAgICgAEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNDA0MjMyMDUwNDBaFw0xNzA0MjIyMDUwNDBaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANgryKYy5GL/TfPQrVmLRae98Ue/CVh7Ir01rpclhpSggMC0H3aRZ0Yx0BCEtyIecCORcsjpbXk6hXeAD8SVFnXFSnFMyGM/o/JjnCpPmvrLwXFuKIUooCceZRyuB9Vbby1D7SuQsYyvJG2u6Rc6BcG/uByuZTsbWMLZrtaqZ4jxAgMBAAGjUDBOMB0GA1UdDgQWBBSLddWsywi+Dh9lt/pWvmynddqFrzAfBgNVHSMEGDAWgBSLddWsywi+Dh9lt/pWvmynddqFrzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- diff --git a/chromium/net/data/parse_certificate_unittest/serial_zero_padded.pem b/chromium/net/data/parse_certificate_unittest/serial_zero_padded.pem new file mode 100644 index 00000000000..4f09e7c79e2 --- /dev/null +++ b/chromium/net/data/parse_certificate_unittest/serial_zero_padded.pem @@ -0,0 +1,13 @@ +This cert has a valid serial number which has a preceding zero padding byte due +to the asn.1 encoding. + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SERIAL----- + INTEGER { `008001` } +#-----END SERIAL----- + +-----BEGIN CERTIFICATE----- +MIICUjCCAbugAwIBAgIDAIABMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76HhtldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhrT5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4fj2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg== +-----END CERTIFICATE----- diff --git a/chromium/net/data/parse_certificate_unittest/serial_zero_padded_21_bytes.pem b/chromium/net/data/parse_certificate_unittest/serial_zero_padded_21_bytes.pem new file mode 100644 index 00000000000..7de5e94b7c8 --- /dev/null +++ b/chromium/net/data/parse_certificate_unittest/serial_zero_padded_21_bytes.pem @@ -0,0 +1,14 @@ +This cert has an invalid serial number which has a preceding zero padding byte +due to the asn.1 encoding, and thus the encoded form is 21 bytes long (1 byte +too long). + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SERIAL----- + INTEGER { `00800102030405060708090a0b0c0d0e0f10111213` } +#-----END SERIAL----- + +-----BEGIN CERTIFICATE----- +MIICZDCCAc2gAwIBAgIVAIABAgMEBQYHCAkKCwwNDg8QERITMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76HhtldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhrT5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4fj2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg== +-----END CERTIFICATE----- diff --git a/chromium/net/data/parse_certificate_unittest/subject_t61string.pem b/chromium/net/data/parse_certificate_unittest/subject_t61string.pem new file mode 100644 index 00000000000..5ebda13dbd8 --- /dev/null +++ b/chromium/net/data/parse_certificate_unittest/subject_t61string.pem @@ -0,0 +1,35 @@ +Test certificate for TeletexString handling. + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SUBJECT----- + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "AU" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Some-State" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + # All valid ISO 8859-1 (latin1) characters, bytes 32-126, 160-255. + T61String { `202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7ea0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff` } + } + } + } +#-----END SUBJECT----- + +-----BEGIN CERTIFICATE----- +MIIDAzCCAmygAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjCB7zELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxgcowgccGA1UEChSBvyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+oKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u/w8fLz9PX29/j5+vv8/f7/MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYK8imMuRi/03z0K1Zi0WnvfFHvwlYeyK9Na6XJYaUoIDAtB92kWdGMdAQhLciHnAjkXLI6W15OoV3gA/ElRZ1xUpxTMhjP6PyY5wqT5r6y8FxbiiFKKAnHmUcrgfVW28tQ+0rkLGMryRtrukXOgXBv7gcrmU7G1jC2a7WqmeI8QIDAQABo1AwTjAdBgNVHQ4EFgQUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wHwYDVR0jBBgwFoAUi3XVrMsIvg4fZbf6Vr5sp3Xaha8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA76HhtldY9avcTGSwbwoiuIqv0jTL1fHFnzy3RHMLDh+Lpvolc5DSrSJHCP5WuK0eeJXhrT5oQpHL9z/cCDLAKCKRa4uV0fhEdOWBqyR9p8y5jJtye72t6CuFUV5iqcpF4BH4fj2VNHwsSrJwkD4QUGlUtH7vwnQmyCFxZMmWAJg== +-----END CERTIFICATE----- diff --git a/chromium/net/data/parse_certificate_unittest/subject_t61string_1-32.pem b/chromium/net/data/parse_certificate_unittest/subject_t61string_1-32.pem new file mode 100644 index 00000000000..5644e263cfd --- /dev/null +++ b/chromium/net/data/parse_certificate_unittest/subject_t61string_1-32.pem @@ -0,0 +1,35 @@ +Test certificate for TeletexString handling. + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SUBJECT----- + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "AU" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Some-State" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + # Bytes 1-31 are control characters. 32 is space. + T61String { `0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20` } + } + } + } +#-----END SUBJECT----- + +-----BEGIN CERTIFICATE----- +MIICYDCCAcmgAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBNMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEpMCcGA1UEChQgAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANgryKYy5GL/TfPQrVmLRae98Ue/CVh7Ir01rpclhpSggMC0H3aRZ0Yx0BCEtyIecCORcsjpbXk6hXeAD8SVFnXFSnFMyGM/o/JjnCpPmvrLwXFuKIUooCceZRyuB9Vbby1D7SuQsYyvJG2u6Rc6BcG/uByuZTsbWMLZrtaqZ4jxAgMBAAGjUDBOMB0GA1UdDgQWBBSLddWsywi+Dh9lt/pWvmynddqFrzAfBgNVHSMEGDAWgBSLddWsywi+Dh9lt/pWvmynddqFrzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- diff --git a/chromium/net/data/parse_certificate_unittest/subject_t61string_126-160.pem b/chromium/net/data/parse_certificate_unittest/subject_t61string_126-160.pem new file mode 100644 index 00000000000..0a82375208b --- /dev/null +++ b/chromium/net/data/parse_certificate_unittest/subject_t61string_126-160.pem @@ -0,0 +1,36 @@ +Test certificate for TeletexString handling. + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SUBJECT----- + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "AU" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Some-State" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + # Bytes 126-160. 127-160 are control characters in ISO-8859-1, but + # some of them are valid characters in CP1252. + T61String { `7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0` } + } + } + } +#-----END SUBJECT----- + +-----BEGIN CERTIFICATE----- +MIICYzCCAcygAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjBQMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEsMCoGA1UEChQjfn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANgryKYy5GL/TfPQrVmLRae98Ue/CVh7Ir01rpclhpSggMC0H3aRZ0Yx0BCEtyIecCORcsjpbXk6hXeAD8SVFnXFSnFMyGM/o/JjnCpPmvrLwXFuKIUooCceZRyuB9Vbby1D7SuQsYyvJG2u6Rc6BcG/uByuZTsbWMLZrtaqZ4jxAgMBAAGjUDBOMB0GA1UdDgQWBBSLddWsywi+Dh9lt/pWvmynddqFrzAfBgNVHSMEGDAWgBSLddWsywi+Dh9lt/pWvmynddqFrzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE----- diff --git a/chromium/net/data/parse_certificate_unittest/subject_t61string_actual.pem b/chromium/net/data/parse_certificate_unittest/subject_t61string_actual.pem new file mode 100644 index 00000000000..1fc879bf306 --- /dev/null +++ b/chromium/net/data/parse_certificate_unittest/subject_t61string_actual.pem @@ -0,0 +1,44 @@ +Test certificate for TeletexString handling. + +The certificate data can be updated/regenerated with the +net/data/parse_certificate_unittest/regenerate_pem_from_ascii.py script. + +#-----BEGIN SUBJECT----- + SEQUENCE { + SET { + SEQUENCE { + # countryName + OBJECT_IDENTIFIER { 2.5.4.6 } + PrintableString { "AU" } + } + } + SET { + SEQUENCE { + # stateOrProvinceName + OBJECT_IDENTIFIER { 2.5.4.8 } + UTF8String { "Some-State" } + } + } + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + # If anyone actually implemented real TeletexString processing, this + # would probably be a valid TeletexString representing a Japanese + # character. + # + # switch to JIS X 0208-1978 (2-bytes per char) (See + # https://en.wikipedia.org/wiki/ISO/IEC_2022): + # ESC $ @ + # + # Character 'あ' (See https://www.itscj.ipsj.or.jp/iso-ir/042.pdf): + # 100100 100010 + T61String { `1B24402422` } + } + } + } +#-----END SUBJECT----- + +-----BEGIN CERTIFICATE----- +MIICRTCCAa6gAwIBAgIJAPuwTC6rEJsMMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNDIzMjA1MDQwWhcNMTcwNDIyMjA1MDQwWjAyMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEOMAwGA1UEChQFGyRAJCIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANgryKYy5GL/TfPQrVmLRae98Ue/CVh7Ir01rpclhpSggMC0H3aRZ0Yx0BCEtyIecCORcsjpbXk6hXeAD8SVFnXFSnFMyGM/o/JjnCpPmvrLwXFuKIUooCceZRyuB9Vbby1D7SuQsYyvJG2u6Rc6BcG/uByuZTsbWMLZrtaqZ4jxAgMBAAGjUDBOMB0GA1UdDgQWBBSLddWsywi+Dh9lt/pWvmynddqFrzAfBgNVHSMEGDAWgBSLddWsywi+Dh9lt/pWvmynddqFrzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADvoeG2V1j1q9xMZLBvCiK4iq/SNMvV8cWfPLdEcwsOH4um+iVzkNKtIkcI/la4rR54leGtPmhCkcv3P9wIMsAoIpFri5XR+ER05YGrJH2nzLmMm3J7va3oK4VRXmKpykXgEfh+PZU0fCxKsnCQPhBQaVS0fu/CdCbIIXFkyZYAm +-----END CERTIFICATE-----: diff --git a/chromium/net/data/parse_certificate_unittest/tbs_negative_serial_number.pem b/chromium/net/data/parse_certificate_unittest/tbs_negative_serial_number.pem deleted file mode 100644 index fb9a712618b..00000000000 --- a/chromium/net/data/parse_certificate_unittest/tbs_negative_serial_number.pem +++ /dev/null @@ -1,68 +0,0 @@ -This is a valid TBSCertificate. However the Serial Number is negative (which -strictly speaking is not correct). - - -$ openssl asn1parse -i < [TBS CERTIFICATE] - 0:d=0 hl=2 l= 67 cons: SEQUENCE - 2:d=1 hl=2 l= 3 cons: cont [ 0 ] - 4:d=2 hl=2 l= 1 prim: INTEGER :02 - 7:d=1 hl=2 l= 8 prim: INTEGER :-76E16F56FFFFCAC0 - 17:d=1 hl=2 l= 3 cons: SEQUENCE - 19:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 - 22:d=1 hl=2 l= 3 cons: SEQUENCE - 24:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 - 27:d=1 hl=2 l= 30 cons: SEQUENCE - 29:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z - 44:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z - 59:d=1 hl=2 l= 3 cons: SEQUENCE - 61:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 - 64:d=1 hl=2 l= 3 cons: SEQUENCE - 66:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 ------BEGIN TBS CERTIFICATE----- -MEOgAwIBAgIIiR6QqQAANUAwAwQBATADBAEFMB4XDTEyMTAxODAzMTIwMFoXDTEzMTAxODE0NTk -1OVowAwQBgzADBAHz ------END TBS CERTIFICATE----- - ------BEGIN SERIAL NUMBER----- -iR6QqQAANUA= ------END SERIAL NUMBER----- - -$ openssl asn1parse -i < [SIGNATURE ALGORITHM] - 0:d=0 hl=2 l= 3 cons: SEQUENCE - 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 ------BEGIN SIGNATURE ALGORITHM----- -MAMEAQE= ------END SIGNATURE ALGORITHM----- - -$ openssl asn1parse -i < [ISSUER] - 0:d=0 hl=2 l= 3 cons: SEQUENCE - 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 ------BEGIN ISSUER----- -MAMEAQU= ------END ISSUER----- - -VALIDITY NOTBEFORE: year=2012, month=10, day=18, hours=3, minutes=12, seconds=0 ------BEGIN VALIDITY NOTBEFORE----- -eWVhcj0yMDEyLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0zLCBtaW51dGVzPTEyLCBzZWNvbmR -zPTA= ------END VALIDITY NOTBEFORE----- - -VALIDITY NOTAFTER: year=2013, month=10, day=18, hours=14, minutes=59, seconds=59 ------BEGIN VALIDITY NOTAFTER----- -eWVhcj0yMDEzLCBtb250aD0xMCwgZGF5PTE4LCBob3Vycz0xNCwgbWludXRlcz01OSwgc2Vjb25 -kcz01OQ== ------END VALIDITY NOTAFTER----- - -$ openssl asn1parse -i < [SUBJECT] - 0:d=0 hl=2 l= 3 cons: SEQUENCE - 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 ------BEGIN SUBJECT----- -MAMEAYM= ------END SUBJECT----- - -$ openssl asn1parse -i < [SPKI] - 0:d=0 hl=2 l= 3 cons: SEQUENCE - 2:d=1 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 ------BEGIN SPKI----- -MAMEAfM= ------END SPKI----- diff --git a/chromium/net/data/parse_certificate_unittest/tbs_serial_number_21_octets_leading_0.pem b/chromium/net/data/parse_certificate_unittest/tbs_serial_number_21_octets_leading_0.pem deleted file mode 100644 index efbf0533da4..00000000000 --- a/chromium/net/data/parse_certificate_unittest/tbs_serial_number_21_octets_leading_0.pem +++ /dev/null @@ -1,24 +0,0 @@ -This is a TBSCertificate where the serial number is more than 20 octets (21 -octets, where first octet is a 0). This violates the rules in RFC 5280. - - -$ openssl asn1parse -i < [TBS CERTIFICATE] - 0:d=0 hl=2 l= 80 cons: SEQUENCE - 2:d=1 hl=2 l= 3 cons: cont [ 0 ] - 4:d=2 hl=2 l= 1 prim: INTEGER :00 - 7:d=1 hl=2 l= 21 prim: INTEGER :D8C37E4D87F9C8C82BAF26EF53501DF1FCF3A520 - 30:d=1 hl=2 l= 3 cons: SEQUENCE - 32:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 - 35:d=1 hl=2 l= 3 cons: SEQUENCE - 37:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 - 40:d=1 hl=2 l= 30 cons: SEQUENCE - 42:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z - 57:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z - 72:d=1 hl=2 l= 3 cons: SEQUENCE - 74:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 - 77:d=1 hl=2 l= 3 cons: SEQUENCE - 79:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 ------BEGIN TBS CERTIFICATE----- -MFCgAwIBAAIVANjDfk2H+cjIK68m71NQHfH886UgMAMEAQEwAwQBBTAeFw0xMjEwMTgwMzEyMDB -aFw0xMzEwMTgxNDU5NTlaMAMEAYMwAwQB8w== ------END TBS CERTIFICATE----- diff --git a/chromium/net/data/parse_certificate_unittest/tbs_serial_number_26_octets.pem b/chromium/net/data/parse_certificate_unittest/tbs_serial_number_26_octets.pem deleted file mode 100644 index fe24034a8de..00000000000 --- a/chromium/net/data/parse_certificate_unittest/tbs_serial_number_26_octets.pem +++ /dev/null @@ -1,24 +0,0 @@ -This is a TBSCertificate which has a serial number that is 26 octets long. This -violates RFC 5280. - - -$ openssl asn1parse -i < [TBS CERTIFICATE] - 0:d=0 hl=2 l= 85 cons: SEQUENCE - 2:d=1 hl=2 l= 3 cons: cont [ 0 ] - 4:d=2 hl=2 l= 1 prim: INTEGER :00 - 7:d=1 hl=2 l= 26 prim: INTEGER :42C83C785552E43927E48BE1280FA20F9FB08F47F944C32668F9 - 35:d=1 hl=2 l= 3 cons: SEQUENCE - 37:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:01 - 40:d=1 hl=2 l= 3 cons: SEQUENCE - 42:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:05 - 45:d=1 hl=2 l= 30 cons: SEQUENCE - 47:d=2 hl=2 l= 13 prim: UTCTIME :121018031200Z - 62:d=2 hl=2 l= 13 prim: UTCTIME :131018145959Z - 77:d=1 hl=2 l= 3 cons: SEQUENCE - 79:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:83 - 82:d=1 hl=2 l= 3 cons: SEQUENCE - 84:d=2 hl=2 l= 1 prim: OCTET STRING [HEX DUMP]:F3 ------BEGIN TBS CERTIFICATE----- -MFWgAwIBAAIaQsg8eFVS5Dkn5IvhKA+iD5+wj0f5RMMmaPkwAwQBATADBAEFMB4XDTEyMTAxODA -zMTIwMFoXDTEzMTAxODE0NTk1OVowAwQBgzADBAHz ------END TBS CERTIFICATE----- diff --git a/chromium/net/data/parse_certificate_unittest/tbs_v3_data_after_extensions.pem b/chromium/net/data/parse_certificate_unittest/tbs_v3_data_after_extensions.pem index 3981aa71cab..25331dd45c4 100644 --- a/chromium/net/data/parse_certificate_unittest/tbs_v3_data_after_extensions.pem +++ b/chromium/net/data/parse_certificate_unittest/tbs_v3_data_after_extensions.pem @@ -27,8 +27,8 @@ MEWgAwIBAgIBATADBAEBMAMEAQUwHhcNMTIxMDE4MDMxMjAwWhcNMTMxMDE4MTQ1OTU5WjADBAG DMAMEAfOjBTADBAHdBQA= -----END TBS CERTIFICATE----- -[Error] Unconsumed data inside TBSCertificate +ERROR: Unconsumed data inside TBSCertificate -----BEGIN ERRORS----- -W0Vycm9yXSBVbmNvbnN1bWVkIGRhdGEgaW5zaWRlIFRCU0NlcnRpZmljYXRlCg== +RVJST1I6IFVuY29uc3VtZWQgZGF0YSBpbnNpZGUgVEJTQ2VydGlmaWNhdGUK -----END ERRORS----- diff --git a/chromium/net/data/parse_certificate_unittest/v3_certificate_template.txt b/chromium/net/data/parse_certificate_unittest/v3_certificate_template.txt index 54d2fb4d916..4f0b36edb5f 100644 --- a/chromium/net/data/parse_certificate_unittest/v3_certificate_template.txt +++ b/chromium/net/data/parse_certificate_unittest/v3_certificate_template.txt @@ -10,7 +10,9 @@ SEQUENCE { [0] { INTEGER { 2 } } +#-----BEGIN SERIAL----- INTEGER { `00fbb04c2eab109b0c` } +#-----END SERIAL----- SEQUENCE { # sha1WithRSAEncryption OBJECT_IDENTIFIER { 1.2.840.113549.1.1.5 } @@ -43,6 +45,7 @@ SEQUENCE { UTCTime { "140423205040Z" } UTCTime { "170422205040Z" } } +#-----BEGIN SUBJECT----- SEQUENCE { SET { SEQUENCE { @@ -66,6 +69,7 @@ SEQUENCE { } } } +#-----END SUBJECT----- SEQUENCE { SEQUENCE { # rsaEncryption diff --git a/chromium/net/data/ssl/symantec/README.md b/chromium/net/data/ssl/symantec/README.md index 141415f4878..5c6d558a1ee 100644 --- a/chromium/net/data/ssl/symantec/README.md +++ b/chromium/net/data/ssl/symantec/README.md @@ -22,14 +22,6 @@ The following command can be used to match certificates and their key hashes: ## Excluded Sub-CAs -### Aetna - -WebTrust audit confirmed out-of-band. -[Certification Practices Statement](http://crl.aetna.com/aetnacps.pdf) -Note: Not issuing new certificates and can be removed after October 2016. - - * [d6e4e7b9af3bd5a8f2d6321cde26639c25644f7307ce16aad347d9ad53d3ce13.pem](excluded/d6e4e7b9af3bd5a8f2d6321cde26639c25644f7307ce16aad347d9ad53d3ce13.pem) - ### Apple [WebTrust Audit](https://cert.webtrust.org/ViewSeal?id=1917) diff --git a/chromium/net/data/ssl/symantec/excluded/d6e4e7b9af3bd5a8f2d6321cde26639c25644f7307ce16aad347d9ad53d3ce13.pem b/chromium/net/data/ssl/symantec/excluded/d6e4e7b9af3bd5a8f2d6321cde26639c25644f7307ce16aad347d9ad53d3ce13.pem deleted file mode 100644 index 7894048fb55..00000000000 --- a/chromium/net/data/ssl/symantec/excluded/d6e4e7b9af3bd5a8f2d6321cde26639c25644f7307ce16aad347d9ad53d3ce13.pem +++ /dev/null @@ -1,87 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 146006 (0x23a56) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA - Validity - Not Before: Jul 22 15:05:42 2010 GMT - Not After : Jul 21 15:05:42 2017 GMT - Subject: C=US, O=Aetna Inc., OU=GeoRoot Certification Authority, CN=Aetna Inc. Certificate Authority - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:90:b4:e3:7e:7b:f4:61:52:46:c0:70:55:2c:15: - a7:66:12:1b:19:7e:81:ef:60:dd:5f:0e:81:31:a7: - c1:0a:e9:de:91:cb:46:2a:d7:3a:5c:f1:c1:63:fa: - 14:f5:e8:6f:45:74:41:11:af:25:6b:4f:fd:18:20: - d6:a2:8a:59:ef:19:1c:5d:82:0e:d8:3a:cc:53:53: - 5f:f5:64:69:b5:28:67:af:7c:9f:e9:91:55:c0:70: - 14:aa:2b:d9:dc:a1:15:02:63:95:ee:c9:d6:b6:01: - 7a:c8:09:b0:b5:63:1d:9f:8b:22:b2:43:81:c8:f8: - 6f:61:e4:d5:13:9e:38:14:37:a9:17:b9:36:15:d6: - 27:58:41:66:17:61:f8:94:54:f5:78:de:d9:20:87: - 99:ef:b8:21:7a:01:c1:a9:8e:18:1d:d9:a1:c3:ad: - f8:68:9e:0f:d6:8a:18:6a:aa:88:c4:87:f2:ea:ef: - 5a:ad:9e:25:6d:4f:5f:15:ff:50:a7:a7:48:4e:47: - 92:72:05:00:e8:77:66:e2:90:fd:2a:21:04:b6:50: - 69:34:96:c2:6e:ee:61:6b:ba:a4:0a:73:bf:e0:7a: - 87:42:0f:6f:63:5f:b4:03:f6:35:d6:be:b1:da:b9: - 85:90:08:e3:ae:54:8f:15:7e:c7:af:87:cd:d1:18: - 92:79 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Authority Key Identifier: - keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E - - X509v3 Subject Key Identifier: - BE:C3:C5:71:C8:A0:8D:62:5D:3D:11:32:27:43:31:63:8D:28:29:C1 - X509v3 Basic Constraints: critical - CA:TRUE, pathlen:0 - X509v3 Key Usage: critical - Certificate Sign, CRL Sign - X509v3 CRL Distribution Points: - - Full Name: - URI:http://crl.geotrust.com/crls/gtglobal.crl - - Signature Algorithm: sha1WithRSAEncryption - 3e:3d:03:d2:37:08:02:ca:8d:e4:ed:09:d2:02:86:68:d8:5a: - f1:03:0e:70:67:2d:86:ec:11:5a:6f:2e:f6:9b:ba:e6:81:7f: - 50:6c:0e:d1:4b:0a:4b:f3:33:2f:f2:84:a8:1d:2b:0c:64:a0: - dc:0a:c9:31:02:84:55:6b:bc:22:b2:34:e9:b2:00:66:69:54: - 63:4b:9c:3e:8c:38:e2:cd:01:b9:4a:5e:5c:ed:c7:6d:fb:7b: - c1:ea:e7:a0:13:86:c8:7a:43:d7:bb:89:eb:ee:24:aa:99:72: - 08:ab:bc:79:a8:72:b0:4b:91:7c:30:63:1a:89:9b:5a:89:d9: - fa:ea:3f:72:d9:5a:cc:ed:7c:80:8e:de:61:10:99:17:01:e8: - 8c:8d:16:57:27:ae:d2:40:ed:8a:ec:25:ca:f0:10:9a:90:41: - 6b:ce:79:28:ac:c1:2c:24:96:85:d8:a6:a0:c9:e3:f9:e8:8b: - 7c:98:81:3e:4c:30:1c:99:45:58:14:28:91:5d:76:cb:02:1a: - f5:87:7d:26:19:aa:20:e8:fd:ea:31:92:d6:87:52:bc:17:fd: - f4:96:da:0d:d7:48:a0:43:7e:72:07:1e:06:1b:e5:1b:ff:33: - 21:92:bb:53:0a:58:a9:70:8b:64:13:0b:bb:7c:71:1d:64:de: - bf:c1:02:a1 ------BEGIN CERTIFICATE----- -MIID2jCCAsKgAwIBAgIDAjpWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT -MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i -YWwgQ0EwHhcNMTAwNzIyMTUwNTQyWhcNMTcwNzIxMTUwNTQyWjB3MQswCQYDVQQG -EwJVUzETMBEGA1UEChMKQWV0bmEgSW5jLjEoMCYGA1UECxMfR2VvUm9vdCBDZXJ0 -aWZpY2F0aW9uIEF1dGhvcml0eTEpMCcGA1UEAxMgQWV0bmEgSW5jLiBDZXJ0aWZp -Y2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQ -tON+e/RhUkbAcFUsFadmEhsZfoHvYN1fDoExp8EK6d6Ry0Yq1zpc8cFj+hT16G9F -dEERryVrT/0YINaiilnvGRxdgg7YOsxTU1/1ZGm1KGevfJ/pkVXAcBSqK9ncoRUC -Y5Xuyda2AXrICbC1Yx2fiyKyQ4HI+G9h5NUTnjgUN6kXuTYV1idYQWYXYfiUVPV4 -3tkgh5nvuCF6AcGpjhgd2aHDrfhong/WihhqqojEh/Lq71qtniVtT18V/1Cnp0hO -R5JyBQDod2bikP0qIQS2UGk0lsJu7mFruqQKc7/geodCD29jX7QD9jXWvrHauYWQ -COOuVI8Vfsevh83RGJJ5AgMBAAGjgaMwgaAwHwYDVR0jBBgwFoAUwHqYaI2J+6sF -ZAwRfap9ZbjKzE4wHQYDVR0OBBYEFL7DxXHIoI1iXT0RMidDMWONKCnBMBIGA1Ud -EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMDoGA1UdHwQzMDEwL6AtoCuG -KWh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvZ3RnbG9iYWwuY3JsMA0GCSqG -SIb3DQEBBQUAA4IBAQA+PQPSNwgCyo3k7QnSAoZo2FrxAw5wZy2G7BFaby72m7rm -gX9QbA7RSwpL8zMv8oSoHSsMZKDcCskxAoRVa7wisjTpsgBmaVRjS5w+jDjizQG5 -Sl5c7cdt+3vB6uegE4bIekPXu4nr7iSqmXIIq7x5qHKwS5F8MGMaiZtaidn66j9y -2VrM7XyAjt5hEJkXAeiMjRZXJ67SQO2K7CXK8BCakEFrznkorMEsJJaF2KagyeP5 -6It8mIE+TDAcmUVYFCiRXXbLAhr1h30mGaog6P3qMZLWh1K8F/30ltoN10igQ35y -Bx4GG+Ub/zMhkrtTClipcItkEwu7fHEdZN6/wQKh ------END CERTIFICATE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/README b/chromium/net/data/verify_certificate_chain_unittest/README index a529a508eff..87a46987990 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/README +++ b/chromium/net/data/verify_certificate_chain_unittest/README @@ -17,6 +17,15 @@ generate-all.sh Runs all of the generate-*.py scripts and does some cleanup. =============================== +keys/XXX/*.key +=============================== + +The keys used/generated by test XXX. The private keys shouldn't be needed to run +the tests, however are useful when re-generating the test data to have stable +results (at least for signature types which are deterministic, like RSASSA +PKCS#1 which is used by most of the certificates data). + +=============================== *.pem =============================== diff --git a/chromium/net/data/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued.pem b/chromium/net/data/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued.pem index 01d64cf6fcc..85fc329d3a0 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued.pem @@ -18,30 +18,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ec:1a:fe:56:e3:0e:27:0c:51:3b:f8:18:3a:2f: - 18:97:f4:9a:3c:6b:8f:7c:5e:7e:0e:07:ba:9d:f4: - 1e:2c:86:0f:85:8f:80:de:35:96:29:2a:64:56:0d: - e8:8d:2d:84:8d:78:3a:e2:ec:e7:c6:4f:ba:b8:35: - d4:6b:e0:02:8b:58:d5:61:90:fe:fa:13:fd:7c:63: - 6f:ce:4b:75:ea:cd:0d:ab:cd:75:bf:ef:c4:b0:3d: - 8a:64:9a:0d:e6:b3:80:09:a8:21:52:ff:dc:05:e8: - 4d:00:78:8d:94:43:2d:24:9b:81:a4:89:81:5f:d3: - 0f:e7:76:46:bf:cd:0f:24:30:0d:13:1b:49:f5:c3: - 90:f4:8a:d3:1a:47:75:9f:73:97:be:4b:5b:d0:7d: - 01:42:64:e3:16:a6:ef:86:91:78:19:a1:a8:c9:3f: - 41:a1:dc:ca:c0:7c:0d:a3:72:af:6b:c9:2f:1b:81: - ba:fa:7e:65:af:de:95:fa:5d:1f:30:22:98:79:db: - 4a:6a:e8:0f:99:58:e6:20:f4:68:d9:e0:21:cf:ad: - 3c:ad:9e:43:34:e7:26:62:e6:15:cb:95:78:6c:4b: - 3b:73:71:8d:b8:c0:dd:f8:52:4b:92:25:22:2e:39: - 04:73:24:47:09:46:07:5f:80:9a:c5:5d:69:5a:03: - 03:1b + 00:be:6c:86:21:26:6b:16:22:36:2b:5b:b1:d4:52: + 28:74:2d:76:f3:1b:3b:01:17:dd:e1:18:e3:02:06: + a7:88:93:ad:32:59:53:ff:5d:c5:cd:1a:78:70:fb: + 2e:d9:ba:f9:fa:75:53:fc:02:a8:3c:9b:e0:f4:50: + 00:4f:30:0b:b3:d6:04:6a:b6:ef:85:0b:42:35:29: + 77:fa:91:16:0e:ed:34:8a:f3:d2:5e:e9:66:66:57: + 9b:6f:71:30:16:88:18:7a:f3:fc:61:79:06:d5:e8: + b9:18:d6:b9:20:bf:b9:9a:dd:c5:de:64:7d:44:fd: + 3f:2a:a0:23:31:4d:a7:4c:42:65:ad:9b:38:b6:35: + 51:f7:4a:58:84:b3:92:cb:98:36:a3:92:0c:33:85: + 64:18:f2:06:c4:11:a6:12:a9:7c:da:ea:36:59:90: + 9c:87:a4:60:39:9d:29:e3:21:91:c4:ae:9a:f9:f2: + ec:ad:f8:44:55:5c:3a:21:52:81:58:a1:e0:3a:5b: + 9e:2d:61:62:7f:51:58:44:87:80:41:00:e9:6c:ed: + a7:ff:a0:7c:b4:17:33:7c:78:54:ca:92:81:d1:56: + 75:b1:3a:b7:27:6a:77:e8:0c:30:71:bd:db:b1:06: + 19:e9:d6:99:d6:41:d2:c6:90:3d:72:31:fc:e7:03: + 38:35 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 7B:92:03:28:A9:49:81:7F:C8:EC:36:25:A4:A8:31:A8:09:E0:AF:DD + BF:95:3A:85:28:C1:82:8F:C9:0C:81:29:EA:8A:F8:1E:73:80:F8:7F X509v3 Authority Key Identifier: - keyid:73:DB:AF:CB:C5:A7:D4:A3:D4:A4:0B:33:21:04:3C:37:CE:8F:BE:2D + keyid:0C:50:93:FA:6E:53:C4:76:18:87:E2:39:87:0B:AA:8E:31:01:3D:69 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -56,42 +56,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 40:59:36:cb:ac:7f:e8:5f:ff:57:eb:09:f3:fc:c3:e9:2b:b2: - 90:6e:6b:e7:60:a9:6c:1d:02:f5:5f:cc:29:f6:ed:25:fd:63: - 7d:48:e2:f0:c8:ec:59:a1:8b:49:c3:a9:63:a1:12:70:7d:6f: - a3:04:bf:1a:83:6a:e1:21:5f:ee:6b:6f:9f:5d:4b:79:cb:4c: - 43:a4:92:ea:41:ea:e1:36:92:90:fd:01:0a:82:65:0e:3c:19: - 44:fd:b5:f3:eb:69:cd:c5:ec:9c:f6:bf:34:35:36:8d:73:c2: - 6f:ee:20:63:c7:c5:1b:ca:13:2a:fb:2c:dc:a0:24:49:7f:42: - f3:be:16:6d:62:5b:c9:88:20:bb:e4:99:11:e5:59:66:40:23: - bf:a2:cb:54:14:76:39:7a:7c:82:8f:dd:16:b9:4f:e4:d5:05: - ab:ea:eb:6b:55:64:ba:15:42:7b:4e:cf:25:68:12:8f:55:0e: - 47:93:bf:0b:01:b5:68:76:c3:1e:2e:1d:96:8e:f1:da:fd:13: - ed:29:cf:8e:30:2d:dc:9c:d6:1a:04:1b:7a:8c:c3:fd:a1:42: - 72:79:2e:47:c8:7f:28:b0:8e:ea:2a:b3:de:b0:0d:17:4a:e0: - 7b:ec:a4:93:89:aa:a4:ef:c4:6e:d2:4f:ea:6f:16:f6:4f:6f: - 41:d9:8e:55 + 8e:3e:92:84:d9:51:4c:c7:47:52:fa:ae:7a:86:26:5a:98:88: + 0d:07:9f:22:d2:1e:b1:3f:b3:a8:b2:ba:d2:40:b4:9c:95:01: + b6:1e:6e:4c:2e:54:d2:0f:9a:bc:4f:08:85:5e:6a:f5:da:17: + 13:7a:f6:10:d6:3b:63:7a:47:b7:4e:19:92:4d:66:e9:58:fa: + 78:c7:74:a4:62:b4:5f:a8:0d:49:60:51:b9:be:75:b8:33:e6: + c2:db:47:58:7d:21:f7:88:2f:6a:2b:70:3c:59:f3:a3:50:0e: + c2:91:06:e4:6d:ad:a5:ed:12:d9:15:32:a3:01:a4:a9:58:15: + 8b:e0:ab:9f:8a:eb:1a:e4:6b:da:ff:19:fb:76:ad:c6:27:d1: + 23:6f:d8:88:0a:ec:8c:d3:6a:b6:1c:80:f0:6f:fc:51:dd:20: + 11:36:dd:eb:a9:be:2b:83:54:8a:60:7f:07:c3:a4:7a:00:d8: + 71:47:18:fb:1a:7b:df:18:76:d0:01:71:71:fe:c1:4a:d6:db: + 4c:b0:dd:46:6f:33:a1:b6:59:a7:a6:29:b1:34:67:f9:be:40: + 78:3f:a9:72:45:02:c0:70:3d:42:5f:96:9c:5d:a6:9e:79:11: + 7f:87:6c:7d:42:8b:94:7d:19:44:a8:38:86:ca:0a:c5:06:11: + 84:12:28:b0 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsGv5W -4w4nDFE7+Bg6LxiX9Jo8a498Xn4OB7qd9B4shg+Fj4DeNZYpKmRWDeiNLYSNeDri -7OfGT7q4NdRr4AKLWNVhkP76E/18Y2/OS3XqzQ2rzXW/78SwPYpkmg3ms4AJqCFS -/9wF6E0AeI2UQy0km4GkiYFf0w/ndka/zQ8kMA0TG0n1w5D0itMaR3Wfc5e+S1vQ -fQFCZOMWpu+GkXgZoajJP0Gh3MrAfA2jcq9ryS8bgbr6fmWv3pX6XR8wIph520pq -6A+ZWOYg9GjZ4CHPrTytnkM05yZi5hXLlXhsSztzcY24wN34UkuSJSIuOQRzJEcJ -RgdfgJrFXWlaAwMbAgMBAAGjgekwgeYwHQYDVR0OBBYEFHuSAyipSYF/yOw2JaSo -MagJ4K/dMB8GA1UdIwQYMBaAFHPbr8vFp9Sj1KQLMyEEPDfOj74tMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+bIYh +JmsWIjYrW7HUUih0LXbzGzsBF93hGOMCBqeIk60yWVP/XcXNGnhw+y7Zuvn6dVP8 +Aqg8m+D0UABPMAuz1gRqtu+FC0I1KXf6kRYO7TSK89Je6WZmV5tvcTAWiBh68/xh +eQbV6LkY1rkgv7ma3cXeZH1E/T8qoCMxTadMQmWtmzi2NVH3SliEs5LLmDajkgwz +hWQY8gbEEaYSqXza6jZZkJyHpGA5nSnjIZHErpr58uyt+ERVXDohUoFYoeA6W54t +YWJ/UVhEh4BBAOls7af/oHy0FzN8eFTKkoHRVnWxOrcnanfoDDBxvduxBhnp1pnW +QdLGkD1yMfznAzg1AgMBAAGjgekwgeYwHQYDVR0OBBYEFL+VOoUowYKPyQyBKeqK ++B5zgPh/MB8GA1UdIwQYMBaAFAxQk/puU8R2GIfiOYcLqo4xAT1pMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAQFk2y6x/6F//V+sJ8/zD -6SuykG5r52CpbB0C9V/MKfbtJf1jfUji8MjsWaGLScOpY6EScH1vowS/GoNq4SFf -7mtvn11LectMQ6SS6kHq4TaSkP0BCoJlDjwZRP218+tpzcXsnPa/NDU2jXPCb+4g -Y8fFG8oTKvss3KAkSX9C874WbWJbyYggu+SZEeVZZkAjv6LLVBR2OXp8go/dFrlP -5NUFq+rra1VkuhVCe07PJWgSj1UOR5O/CwG1aHbDHi4dlo7x2v0T7SnPjjAt3JzW -GgQbeozD/aFCcnkuR8h/KLCO6iqz3rANF0rge+ykk4mqpO/EbtJP6m8W9k9vQdmO -VQ== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAjj6ShNlRTMdHUvqueoYm +WpiIDQefItIesT+zqLK60kC0nJUBth5uTC5U0g+avE8IhV5q9doXE3r2ENY7Y3pH +t04Zkk1m6Vj6eMd0pGK0X6gNSWBRub51uDPmwttHWH0h94gvaitwPFnzo1AOwpEG +5G2tpe0S2RUyowGkqVgVi+Crn4rrGuRr2v8Z+3atxifRI2/YiArsjNNqthyA8G/8 +Ud0gETbd66m+K4NUimB/B8OkegDYcUcY+xp73xh20AFxcf7BStbbTLDdRm8zobZZ +p6YpsTRn+b5AeD+pckUCwHA9Ql+WnF2mnnkRf4dsfUKLlH0ZRKg4hsoKxQYRhBIo +sA== -----END CERTIFICATE----- Certificate: @@ -108,30 +108,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:bc:3f:0f:56:90:45:57:c4:d8:42:91:22:59:d4: - 81:5e:4b:af:73:90:fc:5f:85:cc:14:71:73:c5:76: - 70:2b:2c:f7:25:e7:b8:7d:a0:1d:a7:70:b4:f9:b8: - 08:1f:58:33:95:5f:37:73:c2:39:eb:da:ac:4b:fe: - 18:77:35:d5:46:e7:d3:2e:8d:d5:df:c9:21:98:c3: - 86:5d:22:f0:19:b1:1c:e0:49:a7:ad:d4:c7:e0:e4: - f1:ef:c1:b7:48:38:de:a9:d3:fc:4d:14:a4:53:b6: - 80:64:bf:f7:82:3e:05:9a:7e:b7:b4:5a:5f:6d:28: - 1a:91:86:a6:f8:f5:37:42:8a:81:7b:25:e8:1f:75: - e1:7f:bf:01:38:05:dd:38:ae:04:2e:8a:9e:e0:b7: - c5:2a:aa:7b:4e:1e:ff:87:97:c8:9e:dd:33:ef:d9: - f5:58:80:04:9a:e1:b6:49:d9:b9:85:40:d7:c7:fe: - e1:13:73:e5:70:37:cd:40:1d:eb:9b:43:52:e6:c3: - 31:a0:2f:fb:82:38:62:aa:9e:08:dd:bc:4d:2b:05: - f0:a3:31:ab:b7:47:ca:69:a6:47:14:c1:64:63:d0: - 0c:2d:bc:6c:e3:d2:98:e0:df:25:0d:9f:1f:9b:07: - 1b:80:0f:9d:da:04:67:8d:e0:cf:0b:5b:ec:f6:62: - 5f:51 + 00:bb:cd:84:14:6c:0b:68:76:9e:7d:d5:f7:55:ac: + 5a:2b:6d:71:ad:aa:34:2a:dc:b4:b0:c2:37:23:5b: + 05:01:08:b6:9b:fb:97:ce:3c:eb:fe:2f:b2:5e:6b: + 07:bb:5f:29:fb:b1:25:55:5c:dd:9f:de:89:bd:29: + 37:e8:a7:8a:99:c3:50:82:32:10:bb:2d:19:bc:a8: + 47:21:3d:0a:66:b6:8d:ab:42:3a:94:50:7f:c3:19: + 7f:ea:28:89:c2:9d:a8:87:d5:1b:42:63:9a:9f:9e: + 06:72:41:ee:64:ee:ac:1e:21:f6:3e:3d:e5:f6:d1: + 04:dd:7e:61:cb:e5:65:99:c1:49:97:13:c4:11:96: + 3b:62:f0:46:ad:20:5d:52:5c:16:d6:59:29:e2:9e: + 91:15:f1:23:0d:fb:3c:86:90:50:05:2d:63:81:cc: + 39:25:62:cc:00:18:b4:0e:1a:a0:d8:ca:4b:e0:b6: + ea:33:83:8a:2e:ab:6c:6f:41:9e:ec:43:92:d1:83: + b6:d0:45:e7:a8:8d:28:6b:a4:b5:f7:53:8b:8a:dc: + 3e:b0:df:9f:d4:70:4e:c2:2c:1a:a5:4d:6c:5d:2e: + 94:35:84:b9:5d:e9:df:22:fd:55:6e:05:ff:eb:b6: + 10:0c:28:a3:5b:49:c1:98:63:8f:5d:fa:83:4e:11: + cd:13 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 73:DB:AF:CB:C5:A7:D4:A3:D4:A4:0B:33:21:04:3C:37:CE:8F:BE:2D + 0C:50:93:FA:6E:53:C4:76:18:87:E2:39:87:0B:AA:8E:31:01:3D:69 X509v3 Authority Key Identifier: - keyid:48:4D:93:8D:A1:E0:46:7F:2F:DD:60:DF:D1:DF:58:29:2C:1B:CB:4F + keyid:4E:47:5F:93:57:FE:5F:F3:92:73:A6:6A:55:7C:1A:FB:F9:16:85:36 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -146,41 +146,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 Signature Algorithm: sha256WithRSAEncryption - 02:4e:c6:b9:10:f4:c7:3a:52:73:e3:7c:02:6d:61:77:b3:f8: - 98:5f:c5:f2:b4:78:74:36:6b:40:6e:fc:a7:53:7c:b2:5e:e3: - 35:08:1b:44:6c:51:75:29:0f:d1:6c:c0:eb:92:da:11:41:6d: - d8:56:01:aa:81:e2:58:4f:24:bd:bd:25:6b:ab:b3:b3:0a:05: - 1c:db:ed:c2:34:68:11:34:67:ef:32:81:be:e1:53:0b:dd:2b: - ec:07:13:b8:12:b5:42:84:02:e0:56:69:f1:71:bd:6c:1a:5a: - 64:59:8b:4c:a5:d2:7d:13:7d:99:d5:4e:94:41:5c:69:f7:32: - 12:6a:c9:a9:ce:96:1f:6d:72:60:35:d1:fc:2f:c6:66:a2:2e: - 48:1e:6e:0a:80:07:5b:d9:b7:ec:28:78:c3:31:2d:c8:45:0d: - 28:94:b4:98:ba:83:1e:66:e7:f1:37:1e:f6:1d:00:50:90:c0: - 58:09:f2:ee:02:85:0c:10:65:0b:c8:2b:04:06:92:64:d4:34: - 10:36:99:f0:e4:fa:b6:b4:24:3a:57:6c:34:b4:dc:bf:48:d5: - df:97:a7:16:3d:3d:48:ed:c3:3c:b7:ca:e9:36:b4:43:49:e5: - ba:e9:c3:11:70:2f:b2:74:31:4c:60:da:b3:c4:b6:82:43:e8: - f1:e7:1a:4a + 19:b6:16:ea:23:be:47:b1:3a:8f:1b:ef:f7:33:52:87:ff:d4: + b5:0b:44:d3:10:69:c7:99:d6:49:db:74:ac:4c:bd:64:87:c5: + 43:90:a6:0a:4e:00:15:8a:92:21:5c:b0:ed:c9:b7:18:d6:28: + ef:fc:75:3b:98:b0:6e:07:79:94:c7:0f:91:72:97:e5:9a:f7: + 37:45:e2:91:fd:e9:ac:ca:28:65:3f:ac:94:74:b3:87:10:7e: + 56:df:35:4b:89:20:36:ee:9a:05:03:da:f8:d0:fb:02:cc:82: + f6:9b:84:44:11:5f:be:1c:64:e7:8b:0b:6b:c7:51:f2:79:1f: + f1:f5:1f:47:37:37:12:52:07:f2:59:2b:d7:4f:b6:60:75:a4: + 6f:ac:e2:33:10:d6:ef:52:fa:d4:87:08:70:31:4a:3e:c6:b7: + 1d:6c:9c:12:41:39:6d:c3:4f:00:cd:e6:5f:2d:f8:30:19:f8: + 58:54:ae:f7:98:81:24:36:3e:a9:05:b1:d9:27:2b:b2:b9:79: + 46:ba:81:21:22:a0:16:49:4c:6a:1c:48:d0:21:2d:85:8e:00: + f9:7d:71:d6:49:f2:93:aa:16:e9:7c:5d:77:5c:77:6f:4c:ea: + 21:c6:37:b2:76:48:b3:9c:31:2f:80:21:4e:77:86:11:40:1e: + 84:16:60:08 -----BEGIN CERTIFICATE----- MIIDiDCCAnCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjAXMRUwEwYD VQQDDAxJbnRlcm1lZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQC8Pw9WkEVXxNhCkSJZ1IFeS69zkPxfhcwUcXPFdnArLPcl57h9oB2ncLT5uAgf -WDOVXzdzwjnr2qxL/hh3NdVG59MujdXfySGYw4ZdIvAZsRzgSaet1Mfg5PHvwbdI -ON6p0/xNFKRTtoBkv/eCPgWafre0Wl9tKBqRhqb49TdCioF7JegfdeF/vwE4Bd04 -rgQuip7gt8UqqntOHv+Hl8ie3TPv2fVYgASa4bZJ2bmFQNfH/uETc+VwN81AHeub -Q1LmwzGgL/uCOGKqngjdvE0rBfCjMau3R8pppkcUwWRj0AwtvGzj0pjg3yUNnx+b -BxuAD53aBGeN4M8LW+z2Yl9RAgMBAAGjgd4wgdswHQYDVR0OBBYEFHPbr8vFp9Sj -1KQLMyEEPDfOj74tMB8GA1UdIwQYMBaAFEhNk42h4EZ/L91g39HfWCksG8tPMD8G +AQC7zYQUbAtodp591fdVrForbXGtqjQq3LSwwjcjWwUBCLab+5fOPOv+L7Jeawe7 +Xyn7sSVVXN2f3om9KTfop4qZw1CCMhC7LRm8qEchPQpmto2rQjqUUH/DGX/qKInC +naiH1RtCY5qfngZyQe5k7qweIfY+PeX20QTdfmHL5WWZwUmXE8QRljti8EatIF1S +XBbWWSninpEV8SMN+zyGkFAFLWOBzDklYswAGLQOGqDYykvgtuozg4ouq2xvQZ7s +Q5LRg7bQReeojShrpLX3U4uK3D6w35/UcE7CLBqlTWxdLpQ1hLld6d8i/VVuBf/r +thAMKKNbScGYY49d+oNOEc0TAgMBAAGjgd4wgdswHQYDVR0OBBYEFAxQk/puU8R2 +GIfiOYcLqo4xAT1pMB8GA1UdIwQYMBaAFE5HX5NX/l/zknOmalV8Gvv5FoU2MD8G CCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0lu dGVybWVkaWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3It Y3JsL0ludGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQI -MAYBAf8CAQAwDQYJKoZIhvcNAQELBQADggEBAAJOxrkQ9Mc6UnPjfAJtYXez+Jhf -xfK0eHQ2a0Bu/KdTfLJe4zUIG0RsUXUpD9FswOuS2hFBbdhWAaqB4lhPJL29JWur -s7MKBRzb7cI0aBE0Z+8ygb7hUwvdK+wHE7gStUKEAuBWafFxvWwaWmRZi0yl0n0T -fZnVTpRBXGn3MhJqyanOlh9tcmA10fwvxmaiLkgebgqAB1vZt+woeMMxLchFDSiU -tJi6gx5m5/E3HvYdAFCQwFgJ8u4ChQwQZQvIKwQGkmTUNBA2mfDk+ra0JDpXbDS0 -3L9I1d+XpxY9PUjtwzy3yuk2tENJ5brpwxFwL7J0MUxg2rPEtoJD6PHnGko= +MAYBAf8CAQAwDQYJKoZIhvcNAQELBQADggEBABm2FuojvkexOo8b7/czUof/1LUL +RNMQaceZ1knbdKxMvWSHxUOQpgpOABWKkiFcsO3JtxjWKO/8dTuYsG4HeZTHD5Fy +l+Wa9zdF4pH96azKKGU/rJR0s4cQflbfNUuJIDbumgUD2vjQ+wLMgvabhEQRX74c +ZOeLC2vHUfJ5H/H1H0c3NxJSB/JZK9dPtmB1pG+s4jMQ1u9S+tSHCHAxSj7Gtx1s +nBJBOW3DTwDN5l8t+DAZ+FhUrveYgSQ2PqkFsdknK7K5eUa6gSEioBZJTGocSNAh +LYWOAPl9cdZJ8pOqFul8XXdcd29M6iHGN7J2SLOcMS+AIU53hhFAHoQWYAg= -----END CERTIFICATE----- Certificate: @@ -197,30 +197,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:df:e8:e6:8a:d4:14:cf:36:33:e1:1b:9d:9a:cc: - d0:2c:1d:50:df:32:32:c7:d8:27:cc:68:21:8b:6d: - 1b:b0:14:8f:51:64:7f:6d:a4:ca:8d:73:b2:64:93: - fe:63:55:50:09:64:e6:2b:7c:e0:21:c8:39:98:13: - 12:34:70:60:0c:67:20:4a:35:3d:9f:9b:11:f4:8d: - 34:3f:b8:fb:b7:88:42:cb:70:94:a7:9f:b6:f2:46: - 24:21:3f:ec:26:a6:39:63:87:04:04:9a:33:01:b6: - dc:05:67:79:16:d6:e2:0b:fe:de:31:9a:a7:a2:07: - 8b:dc:1c:eb:70:ea:4a:76:b1:cd:b8:79:f8:e2:8e: - a4:4a:a7:c6:9b:ad:34:a6:1d:40:c9:8d:04:df:66: - 87:a1:d4:8b:59:4e:e9:11:42:2c:7d:19:d6:e9:bb: - d3:2c:b3:d5:df:69:c2:00:83:f8:3b:80:98:71:92: - 62:34:8b:6d:d4:fa:5d:d9:31:a6:d4:fb:ff:e2:9f: - e2:ad:0a:bf:15:63:55:54:96:d9:f2:46:01:c8:06: - a8:00:45:ad:b5:d1:4d:f0:e4:a8:f5:19:04:7b:03: - 33:8f:bb:94:9d:b3:23:cd:5e:73:54:62:3b:09:0f: - 73:8c:4f:0c:5a:2c:64:bb:33:70:49:2b:6f:cc:93: - 49:91 + 00:cf:6c:3c:e9:bb:09:74:83:4d:d6:c8:58:96:d9: + 3b:ee:6d:f2:fd:9e:11:e5:80:e5:35:50:51:70:0d: + 95:a9:f9:0e:96:df:33:db:94:6f:a3:7d:2a:80:d2: + a4:3b:fa:34:e0:bd:44:e5:07:a6:09:02:40:3b:6f: + 11:a7:54:88:0f:22:09:58:27:97:4a:7f:55:e3:03: + 5c:c2:13:fb:62:4b:0b:b0:fb:5b:20:c1:57:fc:a4: + 32:4d:97:71:f7:5c:f1:63:6c:21:7b:a8:6e:ce:9f: + e5:50:66:40:b1:e9:23:df:52:b4:b6:de:aa:99:75: + f0:d2:ec:26:60:37:89:c9:a2:dc:b0:f5:33:e9:0e: + 0f:0e:bd:f3:72:65:1e:4f:9c:c6:1b:32:34:98:de: + 04:c0:dd:28:24:ec:f7:dc:e5:54:7a:a5:1a:b0:1a: + 31:96:d3:43:f0:df:4b:52:41:9c:8e:34:22:50:fc: + 44:bb:a5:fb:c0:c5:59:8a:bb:32:42:29:fc:73:cb: + a1:85:54:7f:5a:db:bd:ec:0d:99:76:c0:c5:72:9f: + 0d:28:e9:ca:65:9f:a1:69:b6:07:20:01:64:c7:03: + 0f:ff:ab:a1:f1:df:5b:a4:da:7e:e5:79:68:19:a2: + 63:e0:87:37:05:5d:f7:88:5d:11:c6:1d:d8:18:0a: + 0c:23 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 48:4D:93:8D:A1:E0:46:7F:2F:DD:60:DF:D1:DF:58:29:2C:1B:CB:4F + 4E:47:5F:93:57:FE:5F:F3:92:73:A6:6A:55:7C:1A:FB:F9:16:85:36 X509v3 Authority Key Identifier: - keyid:1A:7A:32:47:1F:8A:2F:A8:FC:F7:F0:A3:67:37:3E:39:C8:F4:46:02 + keyid:A0:D4:A1:BC:4B:2D:3E:83:D7:0D:0C:E2:BE:E6:3A:C5:40:4D:4E:DC Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -235,41 +235,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 Signature Algorithm: sha256WithRSAEncryption - 94:bc:e1:64:08:ca:c2:07:5e:6e:16:0a:95:78:26:81:d1:6f: - 14:5d:10:b0:4a:0b:f9:04:1f:58:68:35:1b:70:cd:d3:22:58: - 62:7d:38:a2:f3:69:af:a3:1e:a0:22:4d:9b:5a:4b:36:3e:78: - 49:a0:aa:02:9d:fe:5c:ce:df:6b:e8:f4:fb:5b:05:7c:78:4f: - f4:66:56:0c:95:c4:31:59:33:f0:e8:be:ad:1c:5d:36:64:0d: - b4:ee:49:19:9f:ad:b7:f5:c4:4c:8e:58:db:61:b7:a2:a7:f7: - 86:22:da:2f:07:65:33:0a:23:86:59:2d:33:37:8f:e9:a9:24: - 84:5a:43:5f:80:5a:88:97:1c:b3:ea:50:0e:10:f4:4f:36:28: - 3a:6a:4a:70:0b:78:16:97:83:ea:ae:34:94:87:02:7b:6d:a0: - 7d:1b:8c:9b:66:3e:69:f5:d1:6e:04:83:6b:f1:68:a0:69:2b: - 88:7c:57:e1:42:81:d3:a8:d8:c7:7e:aa:3a:bf:37:1e:fd:64: - a7:3a:4a:10:3b:7e:c9:fe:d0:ac:c0:d4:f0:16:4a:78:f2:7f: - db:db:4c:8c:96:42:27:85:02:32:b8:71:ca:41:ac:a9:5e:11: - a1:f7:3b:4b:f4:ae:b0:25:ff:cc:4e:12:5b:ca:a6:ae:ed:71: - c8:14:47:56 + c8:e1:98:d8:d3:82:c8:5f:6b:10:fc:04:23:c1:64:7d:4b:14: + 29:ac:68:69:6f:06:e0:7e:4d:af:02:c3:fc:f4:d7:9a:0f:20: + e1:cf:a1:10:57:0b:d6:06:98:e3:1e:d4:ee:b5:34:74:e4:6a: + 82:34:35:89:9b:50:61:fc:0b:9d:46:11:84:8a:ee:4f:f2:ac: + 96:1c:c0:97:79:2b:21:03:c6:ae:c8:27:b5:3e:3e:00:d3:06: + 50:94:bc:ab:10:dd:9e:42:c9:d9:6f:6e:69:0c:d5:47:78:b7: + 76:bb:fb:be:f9:61:c1:ac:4f:8a:be:f8:c0:03:d0:f4:6d:05: + 71:82:6e:5e:d9:08:20:68:a6:83:79:b5:54:f2:2c:7c:2b:24: + eb:d0:a7:5f:d5:ec:29:7f:64:8f:d0:62:82:df:a3:7d:16:19: + 89:0a:e5:b5:99:17:68:ab:0c:e6:11:b5:06:3c:67:bf:82:37: + 9e:c6:8c:2a:53:ca:8c:b0:6d:56:83:1f:0e:2d:3d:01:e3:b2: + f7:8b:2d:60:f0:11:ba:57:35:e0:cf:20:51:79:17:c2:08:11: + 18:d6:e0:38:24:29:04:17:28:ed:88:03:74:a3:44:47:87:90: + 06:fe:20:2f:e0:38:2e:ba:c3:30:c1:cd:14:94:b6:d6:e0:5c: + 9d:a3:aa:1f -----BEGIN CERTIFICATE----- MIIDcDCCAligAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+jmitQU -zzYz4RudmszQLB1Q3zIyx9gnzGghi20bsBSPUWR/baTKjXOyZJP+Y1VQCWTmK3zg -Icg5mBMSNHBgDGcgSjU9n5sR9I00P7j7t4hCy3CUp5+28kYkIT/sJqY5Y4cEBJoz -AbbcBWd5FtbiC/7eMZqnogeL3BzrcOpKdrHNuHn44o6kSqfGm600ph1AyY0E32aH -odSLWU7pEUIsfRnW6bvTLLPV32nCAIP4O4CYcZJiNItt1Ppd2TGm1Pv/4p/irQq/ -FWNVVJbZ8kYByAaoAEWttdFN8OSo9RkEewMzj7uUnbMjzV5zVGI7CQ9zjE8MWixk -uzNwSStvzJNJkQIDAQABo4HOMIHLMB0GA1UdDgQWBBRITZONoeBGfy/dYN/R31gp -LBvLTzAfBgNVHSMEGDAWgBQaejJHH4ovqPz38KNnNz45yPRGAjA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2w86bsJ +dINN1shYltk77m3y/Z4R5YDlNVBRcA2VqfkOlt8z25Rvo30qgNKkO/o04L1E5Qem +CQJAO28Rp1SIDyIJWCeXSn9V4wNcwhP7YksLsPtbIMFX/KQyTZdx91zxY2whe6hu +zp/lUGZAsekj31K0tt6qmXXw0uwmYDeJyaLcsPUz6Q4PDr3zcmUeT5zGGzI0mN4E +wN0oJOz33OVUeqUasBoxltND8N9LUkGcjjQiUPxEu6X7wMVZirsyQin8c8uhhVR/ +Wtu97A2ZdsDFcp8NKOnKZZ+habYHIAFkxwMP/6uh8d9bpNp+5XloGaJj4Ic3BV33 +iF0Rxh3YGAoMIwIDAQABo4HOMIHLMB0GA1UdDgQWBBROR1+TV/5f85JzpmpVfBr7 ++RaFNjAfBgNVHSMEGDAWgBSg1KG8Sy0+g9cNDOK+5jrFQE1O3DA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwDQYJKoZIhvcNAQELBQAD -ggEBAJS84WQIysIHXm4WCpV4JoHRbxRdELBKC/kEH1hoNRtwzdMiWGJ9OKLzaa+j -HqAiTZtaSzY+eEmgqgKd/lzO32vo9PtbBXx4T/RmVgyVxDFZM/Dovq0cXTZkDbTu -SRmfrbf1xEyOWNtht6Kn94Yi2i8HZTMKI4ZZLTM3j+mpJIRaQ1+AWoiXHLPqUA4Q -9E82KDpqSnALeBaXg+quNJSHAnttoH0bjJtmPmn10W4Eg2vxaKBpK4h8V+FCgdOo -2Md+qjq/Nx79ZKc6ShA7fsn+0KzA1PAWSnjyf9vbTIyWQieFAjK4ccpBrKleEaH3 -O0v0rrAl/8xOElvKpq7tccgUR1Y= +ggEBAMjhmNjTgshfaxD8BCPBZH1LFCmsaGlvBuB+Ta8Cw/z015oPIOHPoRBXC9YG +mOMe1O61NHTkaoI0NYmbUGH8C51GEYSK7k/yrJYcwJd5KyEDxq7IJ7U+PgDTBlCU +vKsQ3Z5CydlvbmkM1Ud4t3a7+775YcGsT4q++MAD0PRtBXGCbl7ZCCBopoN5tVTy +LHwrJOvQp1/V7Cl/ZI/QYoLfo30WGYkK5bWZF2irDOYRtQY8Z7+CN57GjCpTyoyw +bVaDHw4tPQHjsveLLWDwEbpXNeDPIFF5F8IIERjW4DgkKQQXKO2IA3SjREeHkAb+ +IC/gOC66wzDBzRSUttbgXJ2jqh8= -----END CERTIFICATE----- Certificate: @@ -286,30 +286,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:da:42:ae:40:b4:79:95:43:58:4b:a9:e0:62:96: - d0:f2:19:7c:6e:dc:8a:96:f6:5a:ec:66:f6:c3:9d: - 3f:0e:18:b9:7a:60:da:df:e1:67:ce:ec:4c:8d:45: - 8a:76:5f:1b:c7:22:1c:2b:40:4d:83:ed:1d:94:f0: - 21:0f:d1:37:8e:9c:4e:98:29:94:3c:e3:e2:79:74: - 4d:12:91:c9:32:b8:6e:7f:7a:d8:26:44:3d:f6:3d: - b6:6b:0f:2a:bd:cd:3d:24:e0:34:bc:53:8b:fa:c6: - 86:66:ec:9e:f9:b3:c0:41:cc:23:c2:5a:72:da:de: - f6:56:6e:10:d0:5a:26:d1:e5:7e:f5:bb:6b:67:47: - 2a:01:d4:5c:d2:40:89:c5:0b:19:b7:63:32:af:d9: - 85:f2:79:77:6a:81:e1:27:13:c7:da:b9:94:7b:25: - c5:d0:ca:67:bb:26:8f:7a:0f:8d:19:67:6d:96:2f: - 24:7a:76:50:c3:62:fa:ae:47:99:a4:97:af:f1:ce: - 02:8b:fe:50:09:a2:16:07:b3:08:65:e9:35:e8:f5: - b6:54:c2:66:15:ac:97:76:ee:da:0d:92:6e:f1:be: - 18:2d:8d:c5:8e:de:fc:a7:b9:fa:27:43:19:4a:08: - d5:ae:0e:9c:7e:7a:8e:36:2f:1d:11:5b:70:c0:77: - 90:af + 00:de:61:1e:7e:20:61:c0:eb:1c:13:ee:75:3c:36: + f0:5d:4b:ef:d2:83:20:1b:d5:bb:6e:70:cf:2f:4a: + 4e:13:b1:a7:66:9c:19:fe:7f:5c:69:85:0a:64:3e: + 05:4e:a3:71:bf:70:70:9a:dd:45:18:14:9b:b6:40: + 39:75:24:67:c3:bf:18:60:be:c9:b4:07:a9:81:f7: + 1b:d9:4c:96:66:eb:dc:ef:7b:fd:c5:27:68:fd:9b: + 94:7e:52:ac:ac:4e:65:60:7b:12:d4:6a:de:0f:81: + cc:3c:cd:cf:39:f5:f5:28:9f:e1:ee:65:02:66:f8: + 0d:df:b0:20:45:03:13:16:d2:c7:f2:f7:c9:c7:c9: + 0d:03:d0:ec:5c:79:a4:54:99:e5:62:52:6c:aa:83: + df:42:d5:f7:83:29:ce:90:32:06:71:80:78:e1:fb: + a6:d4:25:02:c5:b1:bd:43:68:fa:8d:c6:cc:10:18: + 02:58:3d:32:df:65:a8:47:75:cb:88:0e:fa:0e:33: + 60:bd:d1:fe:0c:e4:29:60:f3:28:fb:91:45:f3:ba: + b7:fc:ec:63:ba:b9:2d:4e:fc:95:8e:3d:fb:9d:87: + dd:0b:5c:ff:a8:75:3d:66:2c:cd:ec:4a:fd:c8:24: + 4b:0f:a9:0d:aa:81:69:56:00:c4:ef:97:e1:7d:38: + 6f:b5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 1A:7A:32:47:1F:8A:2F:A8:FC:F7:F0:A3:67:37:3E:39:C8:F4:46:02 + A0:D4:A1:BC:4B:2D:3E:83:D7:0D:0C:E2:BE:E6:3A:C5:40:4D:4E:DC X509v3 Authority Key Identifier: - keyid:1A:7A:32:47:1F:8A:2F:A8:FC:F7:F0:A3:67:37:3E:39:C8:F4:46:02 + keyid:A0:D4:A1:BC:4B:2D:3E:83:D7:0D:0C:E2:BE:E6:3A:C5:40:4D:4E:DC Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -324,41 +324,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - c4:30:1e:17:33:a6:67:a2:0f:5e:a9:53:54:f6:2f:f6:18:ad: - 21:b8:48:8a:81:38:62:1d:63:9f:2e:ef:a6:d2:56:c4:19:b5: - 00:8e:19:fd:29:35:b9:a5:c1:26:9b:81:4a:2a:a6:37:8a:bf: - 23:5e:2c:ca:e7:8a:a6:75:7f:fd:49:1b:cc:e8:42:99:2a:b0: - 44:e3:27:17:11:88:bc:1b:b1:40:f5:5c:f0:85:22:ad:41:8d: - a0:95:d7:94:5b:f0:a7:da:56:3a:db:5d:d3:29:d9:87:e3:1e: - 34:14:c3:91:f9:0b:91:fb:40:f4:9f:44:d9:e3:68:b8:fe:b7: - 20:8c:d4:63:da:45:60:7f:2d:42:d5:15:b5:9c:69:d6:ed:ff: - 2b:aa:49:43:0f:a8:52:0c:91:28:88:0f:da:7b:92:66:63:85: - b6:f2:29:8f:2c:aa:c4:b4:53:32:a1:00:2f:a5:1d:34:f0:32: - b2:59:a1:61:f4:16:42:a5:9a:fb:62:31:e3:85:3b:23:73:2d: - c1:cc:88:97:f6:12:95:01:52:5d:c2:06:aa:85:1c:25:78:9e: - f5:e6:8f:59:49:7c:d1:a6:e2:f4:1f:a2:7f:92:2b:6a:c0:44: - d7:c0:e5:7f:d9:44:13:82:ae:06:ee:1f:64:04:c4:7d:7f:cf: - 04:97:2e:41 + a3:37:3e:47:45:66:c0:12:bf:41:97:3a:80:2c:3b:f8:3b:6c: + 13:ab:39:b6:d5:87:17:fb:35:9d:98:fa:f4:88:54:2b:aa:85: + a9:44:46:7b:a8:c1:62:a8:b4:af:eb:65:72:54:6d:7e:a5:fa: + c2:91:cc:42:e1:ec:02:9e:42:5a:6e:03:bf:73:7d:a5:0e:62: + f6:54:83:b4:f3:f9:c1:b4:3b:af:9a:1e:de:81:6a:ff:7b:a9: + b8:e1:3f:56:d1:9b:50:13:8d:c5:b0:9b:d4:55:bd:db:6e:ff: + 76:13:4c:21:3a:fc:cc:10:59:e4:d5:4d:d2:36:9b:67:67:69: + 5c:3b:96:40:17:e7:a3:0d:b2:45:6b:93:dd:8a:18:a4:65:87: + b5:9f:33:dc:fc:82:3a:5a:56:12:e8:b8:59:5e:e8:8c:f0:a8: + c5:7b:bf:53:56:f0:46:ba:70:94:3a:62:0a:ce:39:1f:44:e2: + 11:ba:8d:88:47:14:bd:c3:68:a3:18:73:3d:25:dc:a3:e4:17: + cb:7d:f6:52:ea:a6:3f:a1:fb:0a:db:6d:60:c2:9c:1e:9f:ae: + b8:c1:90:b0:ea:f9:5f:40:af:50:a7:93:1c:7a:c8:fd:20:6d: + ae:65:cc:63:08:e4:9c:dd:4a:f2:16:d9:1a:5e:dc:a8:d0:67: + c7:27:27:18 -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANpCrkC0eZVDWEup4GKW -0PIZfG7cipb2Wuxm9sOdPw4YuXpg2t/hZ87sTI1FinZfG8ciHCtATYPtHZTwIQ/R -N46cTpgplDzj4nl0TRKRyTK4bn962CZEPfY9tmsPKr3NPSTgNLxTi/rGhmbsnvmz -wEHMI8Jactre9lZuENBaJtHlfvW7a2dHKgHUXNJAicULGbdjMq/ZhfJ5d2qB4ScT -x9q5lHslxdDKZ7smj3oPjRlnbZYvJHp2UMNi+q5HmaSXr/HOAov+UAmiFgezCGXp -Nej1tlTCZhWsl3bu2g2SbvG+GC2NxY7e/Ke5+idDGUoI1a4OnH56jjYvHRFbcMB3 -kK8CAwEAAaOByzCByDAdBgNVHQ4EFgQUGnoyRx+KL6j89/CjZzc+Ocj0RgIwHwYD -VR0jBBgwFoAUGnoyRx+KL6j89/CjZzc+Ocj0RgIwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN5hHn4gYcDrHBPudTw2 +8F1L79KDIBvVu25wzy9KThOxp2acGf5/XGmFCmQ+BU6jcb9wcJrdRRgUm7ZAOXUk +Z8O/GGC+ybQHqYH3G9lMlmbr3O97/cUnaP2blH5SrKxOZWB7EtRq3g+BzDzNzzn1 +9Sif4e5lAmb4Dd+wIEUDExbSx/L3ycfJDQPQ7Fx5pFSZ5WJSbKqD30LV94MpzpAy +BnGAeOH7ptQlAsWxvUNo+o3GzBAYAlg9Mt9lqEd1y4gO+g4zYL3R/gzkKWDzKPuR +RfO6t/zsY7q5LU78lY49+52H3Qtc/6h1PWYszexK/cgkSw+pDaqBaVYAxO+X4X04 +b7UCAwEAAaOByzCByDAdBgNVHQ4EFgQUoNShvEstPoPXDQzivuY6xUBNTtwwHwYD +VR0jBBgwFoAUoNShvEstPoPXDQzivuY6xUBNTtwwNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDEMB4XM6Zn -og9eqVNU9i/2GK0huEiKgThiHWOfLu+m0lbEGbUAjhn9KTW5pcEmm4FKKqY3ir8j -XizK54qmdX/9SRvM6EKZKrBE4ycXEYi8G7FA9VzwhSKtQY2gldeUW/Cn2lY6213T -KdmH4x40FMOR+QuR+0D0n0TZ42i4/rcgjNRj2kVgfy1C1RW1nGnW7f8rqklDD6hS -DJEoiA/ae5JmY4W28imPLKrEtFMyoQAvpR008DKyWaFh9BZCpZr7YjHjhTsjcy3B -zIiX9hKVAVJdwgaqhRwleJ715o9ZSXzRpuL0H6J/kitqwETXwOV/2UQTgq4G7h9k -BMR9f88Ely5B +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCjNz5HRWbA +Er9BlzqALDv4O2wTqzm21YcX+zWdmPr0iFQrqoWpREZ7qMFiqLSv62VyVG1+pfrC +kcxC4ewCnkJabgO/c32lDmL2VIO08/nBtDuvmh7egWr/e6m44T9W0ZtQE43FsJvU +Vb3bbv92E0whOvzMEFnk1U3SNptnZ2lcO5ZAF+ejDbJFa5PdihikZYe1nzPc/II6 +WlYS6LhZXuiM8KjFe79TVvBGunCUOmIKzjkfROIRuo2IRxS9w2ijGHM9Jdyj5BfL +ffZS6qY/ofsK221gwpwen664wZCw6vlfQK9Qp5Mcesj9IG2uZcxjCOSc3UryFtka +Xtyo0GfHJycY -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -370,3 +370,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/common.py b/chromium/net/data/verify_certificate_chain_unittest/common.py index 14ee909f9c9..a9b2ed7de78 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/common.py +++ b/chromium/net/data/verify_certificate_chain_unittest/common.py @@ -42,18 +42,26 @@ JANUARY_1_2021_UTC = '210101120000Z' # The default time tests should use when verifying. DEFAULT_TIME = MARCH_2_2015_UTC +KEY_PURPOSE_ANY = 'anyExtendedKeyUsage' +KEY_PURPOSE_SERVER_AUTH = 'serverAuth' +KEY_PURPOSE_CLIENT_AUTH = 'clientAuth' + +DEFAULT_KEY_PURPOSE = KEY_PURPOSE_SERVER_AUTH + # Counters used to generate unique (but readable) path names. g_cur_path_id = {} # Output paths used: -# - g_out_dir: where any temporary files (keys, cert req, signing db etc) are +# - g_out_dir: where any temporary files (cert req, signing db etc) are # saved to. -# - g_out_pem: the path to the final output (which is a .pem file) +# - g_script_name: the name of the invoking script. For instance if this is +# being run by generate-foo.py then g_script_name will be +# 'foo' # # See init() for how these are assigned, based on the name of the calling # script. g_out_dir = None -g_out_pem = None +g_script_name = None # The default validity range of generated certificates. Can be modified with # set_default_validity_range(). @@ -69,11 +77,15 @@ def set_default_validity_range(start_date, end_date): g_default_start_date = start_date g_default_end_date = end_date + def get_unique_path_id(name): """Returns a base filename that contains 'name', but is unique to the output directory""" - path_id = g_cur_path_id.get(name, 0) - g_cur_path_id[name] = path_id + 1 + # Use case-insensitive matching for counting duplicates, since some + # filesystems are case insensitive, but case preserving. + lowercase_name = name.lower() + path_id = g_cur_path_id.get(lowercase_name, 0) + g_cur_path_id[lowercase_name] = path_id + 1 # Use a short and clean name for the first use of this name. if path_id == 0: @@ -87,10 +99,6 @@ def get_path_in_output_dir(name, suffix): return os.path.join(g_out_dir, '%s%s' % (name, suffix)) -def get_unique_path_in_output_dir(name, suffix): - return get_path_in_output_dir(get_unique_path_id(name), suffix) - - class Key(object): """Describes a public + private key pair. It is a dumb wrapper around an on-disk key.""" @@ -104,38 +112,65 @@ class Key(object): return self.path -def generate_rsa_key(size_bits, path=None): - """Generates an RSA private key and returns it as a Key object. If |path| is - specified the resulting key will be saved at that location.""" - if path is None: - path = get_unique_path_in_output_dir('RsaKey', 'key') +def get_or_generate_key(generation_arguments, path): + """Helper function to either retrieve a key from an existing file |path|, or + generate a new one using the command line |generation_arguments|.""" + + generation_arguments_str = ' '.join(generation_arguments) - # Ensure the path doesn't already exists (otherwise will be overwriting - # something). - assert not os.path.isfile(path) + # If the file doesn't already exist, generate a new key using the generation + # parameters. + if not os.path.isfile(path): + key_contents = subprocess.check_output(generation_arguments) - subprocess.check_call( - ['openssl', 'genrsa', '-out', path, str(size_bits)]) + # Prepend the generation parameters to the key file. + write_string_to_file(generation_arguments_str + '\n' + key_contents, + path) + else: + # If the path already exists, confirm that it is for the expected key type. + first_line = read_file_to_string(path).splitlines()[0] + if first_line != generation_arguments_str: + sys.stderr.write(('\nERROR: The existing key file:\n %s\nis not ' + 'compatible with the requested parameters:\n "%s" vs "%s".\n' + 'Delete the file if you want to re-generate it with the new ' + 'parameters, otherwise pick a new filename\n') % ( + path, first_line, generation_arguments_str)) + sys.exit(1) return Key(path) -def generate_ec_key(named_curve, path=None): - """Generates an EC private key for the certificate and returns it as a Key - object. |named_curve| can be something like secp384r1. If |path| is specified - the resulting key will be saved at that location.""" - if path is None: - path = get_unique_path_in_output_dir('EcKey', 'key') +def get_or_generate_rsa_key(size_bits, path): + """Retrieves an existing key from a file if the path exists. Otherwise + generates an RSA key with the specified bit size and saves it to the path.""" + return get_or_generate_key(['openssl', 'genrsa', str(size_bits)], path) - # Ensure the path doesn't already exists (otherwise will be overwriting - # something). - assert not os.path.isfile(path) - subprocess.check_call( - ['openssl', 'ecparam', '-out', path, - '-name', named_curve, '-genkey']) +def get_or_generate_ec_key(named_curve, path): + """Retrieves an existing key from a file if the path exists. Otherwise + generates an EC key with the specified named curve and saves it to the + path.""" + return get_or_generate_key(['openssl', 'ecparam', '-name', named_curve, + '-genkey'], path) - return Key(path) + +def create_key_path(base_name): + """Generates a name that contains |base_name| in it, and is relative to the + "keys/" directory. If create_key_path(xxx) is called more than once during + the script run, a suffix will be added.""" + + # Save keys to CWD/keys/<generate-script-name>/*.key + # Hack: if the script name was generate-certs.py, then just save to + # 'keys/*.key' (used by external consumers of common.py) + keys_dir = 'keys' + if g_script_name != 'certs': + keys_dir = os.path.join(keys_dir, g_script_name) + + # Create the keys directory if it doesn't exist + if not os.path.exists(keys_dir): + os.makedirs(keys_dir) + + return get_unique_path_id(os.path.join(keys_dir, base_name)) + '.key' class Certificate(object): @@ -249,7 +284,8 @@ class Certificate(object): def get_key(self): if self.key is None: - self.set_key_internal(generate_rsa_key(2048, path=self.get_path(".key"))) + self.set_key_internal( + get_or_generate_rsa_key(2048, create_key_path(self.name))) return self.key @@ -278,8 +314,7 @@ class Certificate(object): self.finalize() # Read the certificate data. - with open(self.get_cert_path(), 'r') as f: - return f.read() + return read_file_to_string(self.get_cert_path()) def finalize(self): @@ -451,10 +486,10 @@ class TrustAnchor(object): return cert_data.replace('CERTIFICATE', block_name) -def write_test_file(description, chain, trust_anchor, utc_time, verify_result, - errors, out_pem=None): +def write_test_file(description, chain, trust_anchor, utc_time, key_purpose, + verify_result, errors, out_pem=None): """Writes a test file that contains all the inputs necessary to run a - verification on a certificate chain""" + verification on a certificate chain.""" # Prepend the script name that generated the file to the description. test_data = '[Created by: %s]\n\n%s\n' % (sys.argv[0], description) @@ -469,10 +504,14 @@ def write_test_file(description, chain, trust_anchor, utc_time, verify_result, verify_result_string = 'SUCCESS' if verify_result else 'FAIL' test_data += '\n' + text_data_to_pem('VERIFY_RESULT', verify_result_string) + test_data += '\n' + text_data_to_pem('KEY_PURPOSE', key_purpose) + if errors is not None: test_data += '\n' + text_data_to_pem('ERRORS', errors) - write_string_to_file(test_data, out_pem if out_pem else g_out_pem) + if not out_pem: + out_pem = g_script_name + '.pem' + write_string_to_file(test_data, out_pem) def write_string_to_file(data, path): @@ -480,6 +519,11 @@ def write_string_to_file(data, path): f.write(data) +def read_file_to_string(path): + with open(path, 'r') as f: + return f.read() + + def init(invoking_script_path): """Creates an output directory to contain all the temporary files that may be created, as well as determining the path for the final output. These paths @@ -487,7 +531,18 @@ def init(invoking_script_path): """ global g_out_dir - global g_out_pem + global g_script_name + + # The scripts assume to be run from within their containing directory (paths + # to things like "keys/" are written relative). + expected_cwd = os.path.realpath(os.path.dirname(invoking_script_path)) + actual_cwd = os.path.realpath(os.getcwd()) + if actual_cwd != expected_cwd: + sys.stderr.write( + ('Your current working directory must be that containing the python ' + 'scripts:\n%s\nas the script may reference paths relative to this\n') + % (expected_cwd)) + sys.exit(1) # Base the output name off of the invoking script's name. out_name = os.path.splitext(os.path.basename(invoking_script_path))[0] @@ -504,7 +559,7 @@ def init(invoking_script_path): shutil.rmtree(g_out_dir, True) os.makedirs(g_out_dir) - g_out_pem = os.path.join('%s.pem' % (out_name)) + g_script_name = out_name def create_self_signed_root_certificate(name): diff --git a/chromium/net/data/verify_certificate_chain_unittest/constrained-non-self-signed-root.pem b/chromium/net/data/verify_certificate_chain_unittest/constrained-non-self-signed-root.pem index b8f2d4e01e3..07d17fee2c7 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/constrained-non-self-signed-root.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/constrained-non-self-signed-root.pem @@ -18,30 +18,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b3:aa:6c:0c:2e:35:34:f6:1f:5d:c3:8b:9e:fe: - f7:7e:5b:26:fd:2b:ba:20:83:92:3a:4e:02:18:7c: - 1d:49:c5:05:15:c1:fa:98:b3:5d:0c:e8:03:9b:60: - d4:e3:a6:3e:0c:ae:b3:c5:21:38:3b:a0:02:fd:80: - a6:05:47:29:d2:12:95:6b:41:7b:41:94:45:ce:bd: - 65:84:d4:5a:51:cc:81:2a:a4:03:8f:31:00:d5:15: - 06:13:54:07:87:99:d9:55:fa:23:a8:19:56:11:87: - 78:4d:62:15:55:4d:b1:5f:00:c3:ce:a1:f0:21:6f: - 97:01:ef:76:49:6d:21:6b:f8:50:12:e9:48:94:3e: - cd:01:d2:30:1f:2d:e2:25:f8:b5:ee:ad:a8:91:e9: - 0d:03:be:b4:11:84:1c:9f:9f:09:60:37:bf:52:c4: - ad:2c:12:6d:eb:2d:1f:e2:c5:64:a8:55:c3:01:e8: - 19:f8:be:96:07:e2:3b:32:7f:59:28:12:79:f2:fd: - e4:98:a7:f1:77:9f:28:13:1e:b7:2c:56:d9:af:8f: - a4:9c:ac:4e:7d:3a:3c:a0:a6:06:61:d2:9c:88:d0: - 4b:72:d4:f3:88:18:b5:53:90:ae:b2:80:dd:b4:90: - c4:e4:76:20:c3:ee:ed:ce:bb:44:d9:ad:39:b1:dd: - 27:cf + 00:ef:a6:fc:7a:0a:92:7b:00:d2:de:17:b1:d3:77: + c9:bb:1e:1b:fe:db:d7:5d:5e:0d:4e:be:08:c1:c9: + ed:4f:d7:40:0c:dc:ca:78:34:15:fa:ab:eb:1b:b8: + fe:c2:f9:c4:27:23:82:ec:f9:e5:69:7e:40:9d:14: + 24:d4:b0:19:cf:2d:3f:88:dc:fb:59:f1:a8:91:19: + e7:b4:e9:99:0d:bf:62:f8:73:8d:8b:80:d4:84:14: + 9a:3b:06:5b:81:2a:36:a0:10:b8:94:7f:c7:aa:a1: + 1a:69:4e:e1:0a:00:73:f9:7e:30:e0:ca:ac:2a:09: + e3:08:ce:27:cc:08:27:8b:68:7d:fe:d8:c7:1c:38: + 8f:f5:39:49:fc:6a:fa:95:45:5c:ab:c2:60:a9:e6: + 25:4f:c6:66:af:61:25:3b:72:17:17:4c:43:b6:74: + 13:83:7c:91:0c:f4:4a:82:fb:e2:84:6f:2a:00:e1: + 7e:94:71:3d:2f:2a:16:47:22:67:a9:b5:16:4f:e1: + 1f:5a:a0:2b:87:26:d0:b4:0c:6d:f9:e4:dd:32:a0: + 07:c2:25:ec:89:74:0c:b0:b8:fd:1a:3d:9a:c1:ef: + 7d:16:3d:c9:ef:c3:ef:71:b4:f7:a6:db:64:4c:5b: + 7b:6c:1c:75:ae:94:26:28:6c:1e:b2:da:51:da:54: + 32:f9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 4C:67:B6:67:88:D3:B0:33:53:B8:A0:1F:0F:63:46:A3:28:35:A9:A3 + C2:9D:FF:9F:33:B6:74:1F:15:7D:7F:15:6A:7B:3C:8F:E6:C8:E3:7E X509v3 Authority Key Identifier: - keyid:9C:54:60:08:5E:37:A1:FA:4A:EA:A7:CB:AB:E1:74:51:84:5F:46:FD + keyid:22:F5:B2:95:50:F0:FB:08:B5:6F:A0:B1:26:B1:43:CA:6A:CA:AB:AA Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -56,42 +56,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 26:13:cf:55:3b:59:ce:94:65:01:3e:96:fb:c5:62:d9:d8:0c: - 53:f2:23:12:f6:a1:a5:c7:30:f3:2b:f2:68:7d:ed:6a:c9:9d: - a5:21:b5:5d:1c:aa:4e:af:57:8c:3d:08:e7:72:d6:8c:20:9f: - 25:f5:cf:31:91:23:47:4e:cc:cc:db:9c:e3:f7:53:d4:46:8f: - ea:92:05:37:12:c8:4b:c8:e5:57:24:ed:86:93:0f:14:1b:ea: - 83:5c:87:c5:52:a4:bb:1c:48:80:4a:28:f6:ef:e6:6d:9a:0c: - 62:75:11:6d:87:bf:8e:79:14:ed:4a:3f:74:5c:5f:7d:f6:53: - f1:dc:94:9b:67:cb:ae:da:18:80:db:31:85:64:ee:b9:36:67: - 50:a8:26:55:0e:38:74:e3:b3:4f:19:10:b4:82:2b:90:18:34: - eb:89:47:3c:2a:fc:e5:06:01:99:fe:8c:56:6c:a1:5b:d6:5f: - 22:b5:00:c8:dd:fc:ae:43:5a:77:ee:17:1c:27:73:7f:71:a9: - e1:e1:0d:7c:81:31:b7:7d:8d:3f:3e:96:8a:2c:5f:bb:8d:7b: - ad:b3:91:3a:ce:68:f2:25:02:cf:ca:84:0b:91:4f:b3:f5:d3: - e2:34:b6:4a:d7:92:c4:f0:4d:d2:40:f9:46:b7:60:ff:84:95: - cd:da:73:73 + ca:c3:44:a2:1e:39:c0:77:09:a6:77:50:8a:d9:ab:5b:43:d1: + ee:12:c2:02:61:0e:2d:28:6a:af:92:2a:02:27:c6:f9:80:f5: + c1:4d:d8:35:f2:ed:16:31:3a:a1:54:65:44:e5:80:c2:9f:6d: + 89:49:63:7c:93:78:55:d0:32:00:77:a1:9f:09:dc:1f:07:6e: + 30:f0:9b:14:ba:60:9c:5c:62:bb:69:f2:59:c3:92:23:47:7a: + b5:5f:06:4d:61:9c:f5:5a:c1:7a:70:2b:fb:79:51:98:e4:e1: + 43:8e:f0:e3:e9:8f:0a:52:59:e0:ab:26:5b:e1:a3:7c:dd:d6: + 49:4d:a7:7c:8d:58:67:c2:3d:2d:b3:b9:55:02:73:cf:d8:16: + 82:36:bc:7b:be:70:07:09:81:46:9a:a6:e0:51:df:3b:25:1c: + ba:40:54:5d:ad:74:26:33:f6:c2:89:6b:aa:42:f7:ba:12:0c: + 16:5f:87:26:89:a2:c5:70:ee:7e:52:d3:c0:a0:0d:36:a8:5d: + 26:8b:85:68:3c:8e:04:b9:05:ef:2c:9f:91:3c:17:36:95:6f: + d4:8e:51:66:9b:7d:bd:7e:24:f3:6d:d2:f0:66:1e:1a:76:50: + db:e1:26:24:ae:41:31:ea:ad:cf:68:e2:7e:d2:8c:8a:c9:11: + 2f:ba:45:43 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzqmwM -LjU09h9dw4ue/vd+Wyb9K7ogg5I6TgIYfB1JxQUVwfqYs10M6AObYNTjpj4MrrPF -ITg7oAL9gKYFRynSEpVrQXtBlEXOvWWE1FpRzIEqpAOPMQDVFQYTVAeHmdlV+iOo -GVYRh3hNYhVVTbFfAMPOofAhb5cB73ZJbSFr+FAS6UiUPs0B0jAfLeIl+LXuraiR -6Q0DvrQRhByfnwlgN79SxK0sEm3rLR/ixWSoVcMB6Bn4vpYH4jsyf1koEnny/eSY -p/F3nygTHrcsVtmvj6ScrE59OjygpgZh0pyI0Ety1POIGLVTkK6ygN20kMTkdiDD -7u3Ou0TZrTmx3SfPAgMBAAGjgekwgeYwHQYDVR0OBBYEFExntmeI07AzU7igHw9j -RqMoNamjMB8GA1UdIwQYMBaAFJxUYAheN6H6Suqny6vhdFGEX0b9MD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvpvx6 +CpJ7ANLeF7HTd8m7Hhv+29ddXg1OvgjBye1P10AM3Mp4NBX6q+sbuP7C+cQnI4Ls ++eVpfkCdFCTUsBnPLT+I3PtZ8aiRGee06ZkNv2L4c42LgNSEFJo7BluBKjagELiU +f8eqoRppTuEKAHP5fjDgyqwqCeMIzifMCCeLaH3+2MccOI/1OUn8avqVRVyrwmCp +5iVPxmavYSU7chcXTEO2dBODfJEM9EqC++KEbyoA4X6UcT0vKhZHImeptRZP4R9a +oCuHJtC0DG355N0yoAfCJeyJdAywuP0aPZrB730WPcnvw+9xtPem22RMW3tsHHWu +lCYobB6y2lHaVDL5AgMBAAGjgekwgeYwHQYDVR0OBBYEFMKd/58ztnQfFX1/FWp7 +PI/myON+MB8GA1UdIwQYMBaAFCL1spVQ8PsItW+gsSaxQ8pqyquqMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAJhPPVTtZzpRlAT6W+8Vi -2dgMU/IjEvahpccw8yvyaH3tasmdpSG1XRyqTq9XjD0I53LWjCCfJfXPMZEjR07M -zNuc4/dT1EaP6pIFNxLIS8jlVyTthpMPFBvqg1yHxVKkuxxIgEoo9u/mbZoMYnUR -bYe/jnkU7Uo/dFxfffZT8dyUm2fLrtoYgNsxhWTuuTZnUKgmVQ44dOOzTxkQtIIr -kBg064lHPCr85QYBmf6MVmyhW9ZfIrUAyN38rkNad+4XHCdzf3Gp4eENfIExt32N -Pz6Wiixfu417rbOROs5o8iUCz8qEC5FPs/XT4jS2SteSxPBN0kD5Rrdg/4SVzdpz -cw== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAysNEoh45wHcJpndQitmr +W0PR7hLCAmEOLShqr5IqAifG+YD1wU3YNfLtFjE6oVRlROWAwp9tiUljfJN4VdAy +AHehnwncHwduMPCbFLpgnFxiu2nyWcOSI0d6tV8GTWGc9VrBenAr+3lRmOThQ47w +4+mPClJZ4KsmW+GjfN3WSU2nfI1YZ8I9LbO5VQJzz9gWgja8e75wBwmBRpqm4FHf +OyUcukBUXa10JjP2wolrqkL3uhIMFl+HJomixXDuflLTwKANNqhdJouFaDyOBLkF +7yyfkTwXNpVv1I5RZpt9vX4k823S8GYeGnZQ2+EmJK5BMeqtz2jiftKMiskRL7pF +Qw== -----END CERTIFICATE----- Certificate: @@ -108,30 +108,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c6:0a:10:7c:70:eb:74:84:70:54:78:38:0e:6b: - da:e4:e6:9c:3b:92:69:8c:5f:eb:ab:11:af:56:27: - 1d:59:94:21:91:c3:5c:2b:cd:67:75:95:5d:fc:d6: - 04:e6:65:0d:9b:4b:70:ce:e5:23:11:a8:a3:f5:61: - d4:5b:d0:99:b8:4b:44:51:3d:7a:ed:9d:5d:e7:82: - 09:25:23:60:12:16:0f:b9:9a:3d:9f:02:22:39:f3: - 02:85:b2:45:a6:f4:81:e7:2f:6a:f9:65:28:94:b4: - 61:b2:4b:04:6e:2d:dd:a9:75:3e:d4:78:16:8a:45: - 6f:3c:85:81:b2:f1:8d:3b:84:ff:19:bd:c5:4d:58: - d4:87:ec:dc:34:23:5c:e3:67:d8:26:c0:dc:ae:ad: - 27:34:8b:60:9d:47:bb:be:54:c1:4a:0d:56:91:c6: - 54:2d:07:51:d5:87:5d:e4:d5:b6:ee:1a:50:51:99: - c4:2d:37:2d:47:4a:3e:19:1c:4f:ba:14:2d:0b:b0: - e7:87:ab:d4:e4:ca:93:a7:77:13:6f:10:c6:df:dd: - f0:86:53:03:0d:b6:92:66:1d:bf:63:1c:84:f0:63: - cb:18:d3:f4:54:20:a8:e8:4c:94:21:7e:3f:b5:81: - 49:9f:bc:51:b9:eb:12:ab:6d:cb:03:37:d0:30:a8: - 1b:11 + 00:df:7c:3d:65:45:14:01:09:48:a1:8b:0c:cb:91: + 7e:9c:65:f1:1b:40:dd:b7:4c:b1:ac:1b:9e:af:b5: + 8a:03:59:f1:77:d4:ab:15:14:53:b5:94:fa:34:20: + f8:35:65:18:da:c5:37:f0:39:bf:f3:bc:7e:73:8a: + 77:1c:db:4d:aa:f1:82:37:7c:ca:b5:f5:23:81:71: + 0f:21:63:7e:73:64:85:d6:7d:77:41:69:89:5e:c2: + 35:41:83:77:61:6c:03:31:aa:ad:83:dd:4b:42:b8: + 20:f8:0b:ec:eb:0a:97:b7:5b:b9:d2:16:3b:f4:c2: + 61:d3:93:0f:dd:be:19:13:3a:3c:e1:3d:67:47:02: + 53:9d:c1:80:5c:24:e3:ba:e5:16:85:10:99:3b:72: + 6a:6c:40:13:4b:d0:b4:84:2c:4d:1f:ea:50:44:00: + eb:8c:70:2d:ab:67:68:a4:15:09:9c:46:09:61:64: + 3f:ba:c3:1b:d9:bf:29:84:f4:14:8a:25:fe:e2:8a: + fa:1d:ae:da:56:f8:e8:da:02:31:5a:96:c0:21:79: + 3c:38:b7:0e:5d:74:c2:2d:14:16:f1:05:ca:f1:1b: + 1f:df:fa:d7:33:e2:cb:a1:cf:ef:31:b5:10:eb:f8: + e8:7a:2e:9b:2f:89:3b:73:be:a8:b8:f6:66:1c:b8: + 3b:f3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 9C:54:60:08:5E:37:A1:FA:4A:EA:A7:CB:AB:E1:74:51:84:5F:46:FD + 22:F5:B2:95:50:F0:FB:08:B5:6F:A0:B1:26:B1:43:CA:6A:CA:AB:AA X509v3 Authority Key Identifier: - keyid:4E:4A:66:D2:28:27:6E:75:19:FA:97:E6:3D:38:18:C6:A6:56:68:69 + keyid:F0:A1:F4:41:56:B9:33:53:7B:7C:DB:DC:AF:9B:3C:66:11:E1:DE:B3 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -146,41 +146,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 5e:d4:51:bf:58:80:db:77:af:e6:7c:a7:03:ab:95:ae:e6:0f: - 26:64:63:b0:70:30:92:1c:f0:d8:7c:f8:93:13:14:e3:62:6e: - 45:ed:cf:dd:c0:4d:8d:b7:b7:2f:bc:29:2d:6e:c2:ed:d5:10: - e6:80:53:91:88:18:35:c5:88:63:69:95:c1:f2:bc:e6:5c:02: - 01:e7:e8:22:f4:3e:6d:91:09:82:64:12:86:80:b1:27:3c:9b: - ee:61:43:c2:1f:54:dc:31:9b:89:38:fe:3d:48:27:f0:fb:c6: - 44:58:c6:de:21:19:b1:e1:4a:70:e4:1b:aa:ea:ad:e9:d3:a8: - bd:23:9a:95:d8:06:3c:32:9d:21:28:7c:de:37:d7:47:a6:96: - a0:d1:98:04:19:f5:47:bc:19:f8:9e:b6:dc:4b:d5:39:c6:27: - 88:ab:9a:19:f1:f1:33:af:e0:62:36:f7:2e:5d:26:5c:70:55: - 5e:3c:df:20:12:42:54:64:e0:5e:5f:2e:ee:6a:85:a4:1e:15: - 52:0b:01:01:1b:70:19:fe:67:31:b7:6e:5e:4d:61:93:6b:3c: - c3:fd:c7:55:a8:f0:bc:81:5e:2b:38:84:ab:d8:b8:54:3c:a1: - 59:db:ae:70:2b:71:ca:f3:5f:f8:ce:d0:67:af:45:99:19:8c: - 25:9d:d1:e9 + 8d:16:59:e5:09:e5:3b:8a:bb:cc:4d:0c:d9:17:55:49:b0:47: + 3e:e2:89:82:5c:82:c2:8a:78:b5:09:3a:a0:9d:27:4e:60:40: + 16:f6:88:17:95:8d:88:ee:64:af:13:df:a9:6d:24:75:27:a2: + 15:bb:de:0c:fc:c6:16:f2:55:cc:61:e2:12:92:d9:8f:2d:7a: + f5:0d:c4:8d:6b:2b:1a:2f:82:52:b3:9c:ac:cb:40:b7:73:39: + 60:a0:a1:0b:23:40:fb:cb:d1:86:84:76:17:ad:cd:05:24:e2: + 81:ce:65:d7:56:34:a4:62:19:e1:a2:2d:ce:ac:36:41:d3:33: + a3:58:ea:6e:88:0d:43:38:fe:44:cd:36:b9:10:69:6c:21:2d: + 2e:ee:5d:96:db:86:7d:42:72:de:42:36:65:e1:f1:0b:e3:b3: + c2:42:d9:93:6d:b7:e8:41:b3:12:0a:91:f1:9b:40:01:ae:a7: + 24:3b:df:6b:35:5a:f2:86:92:c2:31:7f:f5:e8:31:cb:75:54: + a6:57:fd:f7:bb:6b:79:ba:ea:77:3a:b9:20:3b:16:89:1a:21: + 00:4f:ee:23:47:43:50:58:d5:cc:a7:70:01:a3:02:ce:a6:b0: + be:5f:ce:7f:12:7c:f2:09:0f:15:a5:5e:10:ed:0d:42:05:49: + 1a:25:df:22 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgoQfHDr -dIRwVHg4Dmva5OacO5JpjF/rqxGvVicdWZQhkcNcK81ndZVd/NYE5mUNm0twzuUj -Eaij9WHUW9CZuEtEUT167Z1d54IJJSNgEhYPuZo9nwIiOfMChbJFpvSB5y9q+WUo -lLRhsksEbi3dqXU+1HgWikVvPIWBsvGNO4T/Gb3FTVjUh+zcNCNc42fYJsDcrq0n -NItgnUe7vlTBSg1WkcZULQdR1Ydd5NW27hpQUZnELTctR0o+GRxPuhQtC7Dnh6vU -5MqTp3cTbxDG393whlMDDbaSZh2/YxyE8GPLGNP0VCCo6EyUIX4/tYFJn7xRuesS -q23LAzfQMKgbEQIDAQABo4HLMIHIMB0GA1UdDgQWBBScVGAIXjeh+krqp8ur4XRR -hF9G/TAfBgNVHSMEGDAWgBROSmbSKCdudRn6l+Y9OBjGplZoaTA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33w9ZUUU +AQlIoYsMy5F+nGXxG0Ddt0yxrBuer7WKA1nxd9SrFRRTtZT6NCD4NWUY2sU38Dm/ +87x+c4p3HNtNqvGCN3zKtfUjgXEPIWN+c2SF1n13QWmJXsI1QYN3YWwDMaqtg91L +Qrgg+Avs6wqXt1u50hY79MJh05MP3b4ZEzo84T1nRwJTncGAXCTjuuUWhRCZO3Jq +bEATS9C0hCxNH+pQRADrjHAtq2dopBUJnEYJYWQ/usMb2b8phPQUiiX+4or6Ha7a +Vvjo2gIxWpbAIXk8OLcOXXTCLRQW8QXK8Rsf3/rXM+LLoc/vMbUQ6/joei6bL4k7 +c76ouPZmHLg78wIDAQABo4HLMIHIMB0GA1UdDgQWBBQi9bKVUPD7CLVvoLEmsUPK +asqrqjAfBgNVHSMEGDAWgBTwofRBVrkzU3t829yvmzxmEeHeszA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AF7UUb9YgNt3r+Z8pwOrla7mDyZkY7BwMJIc8Nh8+JMTFONibkXtz93ATY23ty+8 -KS1uwu3VEOaAU5GIGDXFiGNplcHyvOZcAgHn6CL0Pm2RCYJkEoaAsSc8m+5hQ8If -VNwxm4k4/j1IJ/D7xkRYxt4hGbHhSnDkG6rqrenTqL0jmpXYBjwynSEofN4310em -lqDRmAQZ9Ue8GfiettxL1TnGJ4irmhnx8TOv4GI29y5dJlxwVV483yASQlRk4F5f -Lu5qhaQeFVILAQEbcBn+ZzG3bl5NYZNrPMP9x1Wo8LyBXis4hKvYuFQ8oVnbrnAr -ccrzX/jO0GevRZkZjCWd0ek= +AI0WWeUJ5TuKu8xNDNkXVUmwRz7iiYJcgsKKeLUJOqCdJ05gQBb2iBeVjYjuZK8T +36ltJHUnohW73gz8xhbyVcxh4hKS2Y8tevUNxI1rKxovglKznKzLQLdzOWCgoQsj +QPvL0YaEdhetzQUk4oHOZddWNKRiGeGiLc6sNkHTM6NY6m6IDUM4/kTNNrkQaWwh +LS7uXZbbhn1Cct5CNmXh8Qvjs8JC2ZNtt+hBsxIKkfGbQAGupyQ732s1WvKGksIx +f/XoMct1VKZX/fe7a3m66nc6uSA7FokaIQBP7iNHQ1BY1cyncAGjAs6msL5fzn8S +fPIJDxWlXhDtDUIFSRol3yI= -----END CERTIFICATE----- Certificate: @@ -197,30 +197,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:a5:1a:7b:1e:97:d2:f5:6c:17:83:73:76:62:4f: - 12:53:75:3d:4b:86:2d:42:77:e7:11:75:65:cd:43: - 69:5a:b3:80:ad:42:87:a0:8e:9e:cf:e5:9e:6a:2d: - 1f:3e:0a:9a:6e:2b:01:e9:aa:d5:bd:91:50:38:f8: - 16:04:79:d3:fe:69:1c:82:9d:e7:10:2c:19:31:8a: - 1b:8d:a7:ef:f2:4c:36:de:f6:2f:65:93:78:0a:77: - ba:1d:5b:b1:39:bf:55:71:05:43:fb:6c:d4:49:b2: - 35:93:85:c0:99:4e:3b:d2:4d:bf:19:4c:1b:55:b6: - ef:ca:40:b3:6e:6a:18:29:eb:78:fa:f5:7e:15:61: - 85:70:1d:1f:a4:cd:59:eb:86:c1:a5:c4:8b:74:22: - e1:5d:9b:80:d4:26:a1:a1:7d:40:4d:89:17:4f:ef: - ea:04:d0:d1:b8:7a:38:b1:a5:13:9a:08:64:4d:85: - 88:4e:8d:07:fc:55:0b:22:7e:b7:ab:85:28:b9:d9: - 71:c9:99:cb:fb:85:fb:cf:8a:2e:cd:98:90:bb:b1: - 17:5f:50:02:5e:23:9c:55:d7:f2:fa:76:47:d6:ee: - 12:44:9a:17:c4:67:83:9d:75:5f:20:b1:a8:70:c4: - 22:69:00:17:26:a8:9d:c5:88:1a:e5:29:bb:63:c8: - 02:f5 + 00:f3:dc:12:03:cd:db:fd:7e:72:7d:ec:23:30:07: + d3:f6:13:be:72:df:82:73:3f:bb:ea:c9:93:e6:74: + 99:81:e2:dd:a0:00:5a:c6:43:6e:fa:79:00:36:fe: + d7:d8:6a:5d:8f:0a:19:53:3c:aa:b5:9f:0d:6c:8a: + 23:ae:04:da:f3:f0:23:f2:b2:7b:ab:cc:d1:d7:b6: + d9:7a:3a:e3:2a:b9:ca:d5:42:3c:be:66:83:8a:2e: + 0c:53:6c:10:e9:ce:5e:f7:4f:83:f7:c4:32:7b:b7: + 33:ff:b1:89:09:39:fd:f4:7b:98:f5:02:8a:5b:9c: + 89:04:07:0f:8e:72:13:f1:33:a1:ae:6c:92:51:a8: + 07:87:df:32:c9:4b:86:f5:8a:cf:b1:ac:04:17:b1: + 6b:09:41:17:51:01:78:c9:4a:b8:3d:31:5c:f1:97: + 36:6d:3c:99:cf:66:b2:8b:22:b1:04:66:de:9b:cb: + 1c:d7:75:28:75:9f:97:f5:46:e0:53:6a:9c:4e:26: + 19:5a:2d:2d:6b:cb:dd:37:6b:08:cd:0d:de:df:6c: + cd:1d:81:8b:e8:35:de:2b:16:c1:e5:f8:58:41:5c: + 65:38:d8:c1:e4:b7:df:b1:ad:79:e0:c5:05:a5:9a: + 54:25:41:33:61:6e:5c:4b:1b:08:07:25:ce:c0:84: + 1a:57 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 4E:4A:66:D2:28:27:6E:75:19:FA:97:E6:3D:38:18:C6:A6:56:68:69 + F0:A1:F4:41:56:B9:33:53:7B:7C:DB:DC:AF:9B:3C:66:11:E1:DE:B3 X509v3 Authority Key Identifier: - keyid:8F:01:DF:48:8B:1D:55:FA:61:CF:0A:EF:D6:89:C1:E7:69:7E:24:51 + keyid:24:E4:04:3C:15:03:89:2D:99:71:16:0F:70:8E:32:24:76:BD:99:C6 Authority Information Access: CA Issuers - URI:http://url-for-aia/UberRoot.cer @@ -235,41 +235,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - c8:bb:c7:40:ef:2b:d4:1d:61:92:65:48:61:99:5b:d4:5b:1d: - 8d:c6:ea:b8:d4:bf:1b:e9:ea:5a:f0:21:f3:95:b8:e7:cf:e7: - c3:8b:68:b2:14:53:fc:c8:07:4d:d8:fc:97:27:8d:0d:41:68: - 4c:5e:c8:ab:ee:e3:9c:72:d3:d5:5b:a4:3a:2b:e4:2f:e2:13: - c8:a5:8d:63:61:c9:f8:e1:99:3f:c4:22:36:0d:bb:88:28:85: - 99:23:ae:b9:0b:4e:50:7b:81:2d:28:da:9e:9e:7e:86:21:99: - ac:f1:a9:bc:1f:cf:6c:5f:90:91:b1:bf:76:b2:3a:5f:f3:e6: - 54:89:bf:db:1e:f5:3a:93:53:ec:80:75:7e:ea:81:e0:c1:8b: - 2d:89:f8:62:16:f0:96:ae:8e:be:d7:af:e6:fa:d4:54:b4:01: - bc:dd:f0:93:cc:89:b7:f2:06:81:2e:df:02:11:ac:22:21:44: - 77:de:22:aa:9f:2b:05:3a:4e:a9:b4:a2:15:50:13:03:b1:a1: - 1a:f4:de:c4:7b:2e:84:56:80:7c:98:db:82:af:a0:8e:79:a5: - b1:81:b7:0f:9b:60:78:5b:57:fc:eb:8e:74:91:e5:e3:58:c6: - b7:82:b2:88:d2:83:5f:b4:94:75:6b:97:8a:3f:88:40:ad:5d: - a1:18:da:7a + 94:82:81:b0:49:b8:87:5c:c1:eb:62:24:0b:3c:de:26:15:28: + 2a:1a:5c:c7:e7:61:85:46:48:df:5c:2c:a2:d0:3e:ca:2e:8c: + 6a:fd:3b:4d:58:52:72:58:c1:d9:10:0c:1f:af:ac:40:38:c7: + 60:67:8e:14:6b:f9:7a:cb:1c:e0:b6:58:b2:32:f0:c3:2e:c7: + 26:af:08:7f:06:42:ec:99:3a:dc:71:2b:cf:35:5f:45:c2:39: + 4c:1a:ab:86:99:1f:68:08:94:45:20:eb:49:28:06:a7:b1:69: + 5d:0c:da:dc:79:99:b4:46:eb:6c:b5:a9:d2:15:ce:1a:2f:e7: + 53:0f:6c:7f:67:a2:f9:63:34:f6:a0:22:7c:fb:31:0b:aa:5c: + 02:39:17:9e:c1:60:b7:06:3f:a6:9c:2f:6c:ef:56:36:be:b9: + 45:a4:d2:e5:a5:8f:c1:28:0b:1f:e2:c1:8f:29:40:10:86:e5: + f5:12:e5:f7:33:7f:ae:a4:3c:11:2e:03:be:0f:5f:4a:25:83: + d4:28:6a:e5:a8:04:a3:dd:f5:3f:6b:12:ee:45:84:19:32:5e: + ea:32:0c:96:f3:cb:a8:b6:15:d5:0c:99:00:ed:68:84:ef:8b: + d3:86:74:b0:ee:70:60:0e:65:43:62:59:54:b3:26:6b:a7:d0: + 3f:71:57:2f -----BEGIN TRUST_ANCHOR_CONSTRAINED----- MIIDcTCCAlmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhVYmVy Um9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAwMDBaMA8xDTALBgNVBAMM -BFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClGnsel9L1bBeD -c3ZiTxJTdT1Lhi1Cd+cRdWXNQ2las4CtQoegjp7P5Z5qLR8+CppuKwHpqtW9kVA4 -+BYEedP+aRyCnecQLBkxihuNp+/yTDbe9i9lk3gKd7odW7E5v1VxBUP7bNRJsjWT -hcCZTjvSTb8ZTBtVtu/KQLNuahgp63j69X4VYYVwHR+kzVnrhsGlxIt0IuFdm4DU -JqGhfUBNiRdP7+oE0NG4ejixpROaCGRNhYhOjQf8VQsifrerhSi52XHJmcv7hfvP -ii7NmJC7sRdfUAJeI5xV1/L6dkfW7hJEmhfEZ4OddV8gsahwxCJpABcmqJ3FiBrl -KbtjyAL1AgMBAAGjgdMwgdAwHQYDVR0OBBYEFE5KZtIoJ251GfqX5j04GMamVmhp -MB8GA1UdIwQYMBaAFI8B30iLHVX6Yc8K79aJwedpfiRRMDsGCCsGAQUFBwEBBC8w +BFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDz3BIDzdv9fnJ9 +7CMwB9P2E75y34JzP7vqyZPmdJmB4t2gAFrGQ276eQA2/tfYal2PChlTPKq1nw1s +iiOuBNrz8CPysnurzNHXttl6OuMqucrVQjy+ZoOKLgxTbBDpzl73T4P3xDJ7tzP/ +sYkJOf30e5j1AopbnIkEBw+OchPxM6GubJJRqAeH3zLJS4b1is+xrAQXsWsJQRdR +AXjJSrg9MVzxlzZtPJnPZrKLIrEEZt6byxzXdSh1n5f1RuBTapxOJhlaLS1ry903 +awjNDd7fbM0dgYvoNd4rFsHl+FhBXGU42MHkt9+xrXngxQWlmlQlQTNhblxLGwgH +Jc7AhBpXAgMBAAGjgdMwgdAwHQYDVR0OBBYEFPCh9EFWuTNTe3zb3K+bPGYR4d6z +MB8GA1UdIwQYMBaAFCTkBDwVA4ktmXEWD3COMiR2vZnGMDsGCCsGAQUFBwEBBC8w LTArBggrBgEFBQcwAoYfaHR0cDovL3VybC1mb3ItYWlhL1ViZXJSb290LmNlcjAw BgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vdXJsLWZvci1jcmwvVWJlclJvb3QuY3Js MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA -A4IBAQDIu8dA7yvUHWGSZUhhmVvUWx2Nxuq41L8b6epa8CHzlbjnz+fDi2iyFFP8 -yAdN2PyXJ40NQWhMXsir7uOcctPVW6Q6K+Qv4hPIpY1jYcn44Zk/xCI2DbuIKIWZ -I665C05Qe4EtKNqenn6GIZms8am8H89sX5CRsb92sjpf8+ZUib/bHvU6k1PsgHV+ -6oHgwYstifhiFvCWro6+16/m+tRUtAG83fCTzIm38gaBLt8CEawiIUR33iKqnysF -Ok6ptKIVUBMDsaEa9N7Eey6EVoB8mNuCr6COeaWxgbcPm2B4W1f86450keXjWMa3 -grKI0oNftJR1a5eKP4hArV2hGNp6 +A4IBAQCUgoGwSbiHXMHrYiQLPN4mFSgqGlzH52GFRkjfXCyi0D7KLoxq/TtNWFJy +WMHZEAwfr6xAOMdgZ44Ua/l6yxzgtliyMvDDLscmrwh/BkLsmTrccSvPNV9FwjlM +GquGmR9oCJRFIOtJKAansWldDNrceZm0RutstanSFc4aL+dTD2x/Z6L5YzT2oCJ8 ++zELqlwCOReewWC3Bj+mnC9s71Y2vrlFpNLlpY/BKAsf4sGPKUAQhuX1EuX3M3+u +pDwRLgO+D19KJYPUKGrlqASj3fU/axLuRYQZMl7qMgyW88uothXVDJkA7WiE74vT +hnSw7nBgDmVDYllUsyZrp9A/cVcv -----END TRUST_ANCHOR_CONSTRAINED----- 150302120000Z @@ -281,3 +281,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/constrained-root-bad-eku.pem b/chromium/net/data/verify_certificate_chain_unittest/constrained-root-bad-eku.pem new file mode 100644 index 00000000000..5fe160a7264 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/constrained-root-bad-eku.pem @@ -0,0 +1,299 @@ +[Created by: generate-constrained-root-bad-eku.py] + +Certificate chain with 1 intermediate and a trust anchor. The trust anchor +has an EKU that restricts it to clientAuth. Verification is expected to fail as +the end-entity is verified for serverAuth, and the trust anchor enforces +constraints. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:f0:08:00:ea:5d:93:fb:9f:3d:fd:b5:ae:6f:89: + 02:b9:7f:4b:75:b9:51:cb:ef:6f:dd:7b:50:b6:2a: + a7:fa:9c:41:88:6e:a1:be:2b:8b:54:2a:02:c8:c0: + 2c:ed:c8:ad:75:9d:84:22:c5:12:d8:63:ac:60:85: + 42:3d:e2:c5:59:00:01:c7:4d:63:08:bf:a2:63:cf: + dd:fc:48:e6:55:e6:2c:5c:d6:bf:e1:d1:19:09:56: + 8b:43:f2:be:ba:04:81:33:7d:5c:ee:26:3b:f7:c2: + 15:d5:57:11:4c:08:fc:48:e4:f5:8b:d1:62:cb:72: + 10:7e:fe:ae:84:ff:f8:d6:35:20:80:f3:b9:59:a3: + 7f:1d:bf:6f:f5:6d:6b:29:e4:b1:5e:2e:20:cc:80: + 04:f8:6d:67:04:18:71:ac:c3:cf:53:4b:ca:1a:a1: + 06:c1:7d:d7:fe:24:a8:6b:d2:52:18:4a:7a:ad:c4: + 2f:70:e1:a8:66:9a:94:dc:13:b2:26:4d:e0:60:f1: + 67:57:31:f1:00:d5:b2:3c:31:6a:34:52:75:2b:d2: + f3:d3:b0:d6:f7:54:be:9c:ba:99:39:82:50:02:ee: + b6:d8:c4:b7:ce:08:30:a7:8e:2d:b0:6b:78:f1:19: + 27:cd:c5:c3:a4:f2:c7:91:b3:5e:61:94:e6:a7:94: + 3b:c7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F2:29:C1:07:7D:FB:62:7D:1B:06:45:F8:E8:F4:FE:77:B2:8C:BC:AE + X509v3 Authority Key Identifier: + keyid:8B:3C:5F:76:85:CD:27:14:00:7B:0B:92:AF:4A:D5:52:9B:BA:53:BE + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 3a:2e:7b:e3:cd:20:6b:b0:dc:d6:a3:4f:00:98:53:76:bd:36: + 82:12:c8:ed:11:8a:31:17:90:55:45:07:0d:72:4e:94:dd:a6: + 22:ad:c0:b9:ee:4e:5f:d5:0d:1c:62:d8:04:5d:75:75:10:ed: + e1:4b:79:16:cf:bd:b1:2e:bc:0d:1b:10:0c:4b:77:8f:61:51: + 7f:41:fb:35:2d:5c:2d:b4:51:15:01:68:51:72:ae:ec:eb:bb: + f8:e1:45:7a:80:5c:e5:5b:c5:c0:27:1d:12:7a:d5:80:be:06: + 64:38:f7:59:57:f5:c8:54:aa:42:0f:71:f0:d5:b9:a3:dc:7e: + e0:e8:08:d2:d3:6d:12:aa:51:24:fa:5d:58:64:73:a7:8a:b6: + 4a:83:9c:a2:12:04:4c:cb:2f:40:e6:6e:e1:b2:fe:1a:d0:7e: + 2c:fd:e8:21:5c:08:fe:e8:d4:81:cd:07:2f:c1:ca:96:c8:79: + 2e:53:30:36:41:8e:bd:49:95:76:1e:18:b6:53:a5:45:d0:08: + b4:e7:21:13:bc:f1:21:00:18:34:dc:d1:86:71:ea:05:70:54: + ac:42:89:20:e1:9f:4a:0e:11:09:00:bf:fd:46:91:3e:13:14: + 7c:c6:68:e1:df:c1:16:5d:3f:e9:2f:91:dd:17:0a:e4:95:3d: + a6:96:e4:cf +-----BEGIN CERTIFICATE----- +MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwCADq +XZP7nz39ta5viQK5f0t1uVHL72/de1C2Kqf6nEGIbqG+K4tUKgLIwCztyK11nYQi +xRLYY6xghUI94sVZAAHHTWMIv6Jjz938SOZV5ixc1r/h0RkJVotD8r66BIEzfVzu +Jjv3whXVVxFMCPxI5PWL0WLLchB+/q6E//jWNSCA87lZo38dv2/1bWsp5LFeLiDM +gAT4bWcEGHGsw89TS8oaoQbBfdf+JKhr0lIYSnqtxC9w4ahmmpTcE7ImTeBg8WdX +MfEA1bI8MWo0UnUr0vPTsNb3VL6cupk5glAC7rbYxLfOCDCnji2wa3jxGSfNxcOk +8seRs15hlOanlDvHAgMBAAGjgekwgeYwHQYDVR0OBBYEFPIpwQd9+2J9GwZF+Oj0 +/neyjLyuMB8GA1UdIwQYMBaAFIs8X3aFzScUAHsLkq9K1VKbulO+MD8GCCsGAQUF +BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk +aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu +dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAOi57480ga7Dc1qNPAJhT +dr02ghLI7RGKMReQVUUHDXJOlN2mIq3Aue5OX9UNHGLYBF11dRDt4Ut5Fs+9sS68 +DRsQDEt3j2FRf0H7NS1cLbRRFQFoUXKu7Ou7+OFFeoBc5VvFwCcdEnrVgL4GZDj3 +WVf1yFSqQg9x8NW5o9x+4OgI0tNtEqpRJPpdWGRzp4q2SoOcohIETMsvQOZu4bL+ +GtB+LP3oIVwI/ujUgc0HL8HKlsh5LlMwNkGOvUmVdh4YtlOlRdAItOchE7zxIQAY +NNzRhnHqBXBUrEKJIOGfSg4RCQC//UaRPhMUfMZo4d/BFl0/6S+R3RcK5JU9ppbk +zw== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b6:0a:f3:0b:43:2a:d8:e5:15:f6:48:94:21:e9: + 23:61:0f:0e:cc:5a:a6:ba:45:b0:8b:99:54:44:0b: + 56:4e:b1:13:e2:ce:b9:58:0a:dc:77:41:36:86:ac: + eb:b4:54:04:77:1f:cf:f6:1d:12:c5:58:38:65:ff: + 20:41:f0:43:9d:a4:bf:fa:61:3b:75:52:f0:39:9d: + 5b:fb:e2:88:fb:69:32:b2:b9:4d:a8:34:88:e3:ce: + e1:2f:f4:03:d5:1b:3f:1a:ab:95:98:a1:6f:87:2b: + 10:76:02:4f:ba:67:7f:9a:23:5c:90:8a:dc:b3:27: + a5:28:14:98:1e:b2:06:92:0a:60:37:fe:56:b6:16: + 84:59:01:a5:e9:1d:04:d5:46:66:e4:30:fa:0e:0e: + c2:d7:66:21:4a:fc:99:4f:85:33:96:36:7d:dc:5c: + 04:16:bc:5c:ee:f3:6d:4d:b6:a2:0f:39:fc:e2:63: + 96:bf:3d:5a:61:02:8f:db:d7:07:c4:24:02:f0:02: + 52:e7:2c:08:78:b9:8d:d9:5f:2d:cc:6c:1e:9e:f9: + 91:95:e8:be:13:77:02:b3:86:ab:cb:24:ed:4a:bf: + 36:29:2d:66:36:1e:fc:3d:3a:c5:0f:23:5d:e9:2e: + 41:d8:79:97:ee:8b:cc:75:2d:c7:3a:be:4d:e5:fd: + a2:33 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 8B:3C:5F:76:85:CD:27:14:00:7B:0B:92:AF:4A:D5:52:9B:BA:53:BE + X509v3 Authority Key Identifier: + keyid:1A:DD:A6:8B:40:A4:5B:6A:1B:06:BF:9B:76:54:8A:9B:88:F8:8B:07 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 83:84:de:b3:56:ad:2a:16:56:6e:7b:64:3e:35:bd:39:38:2e: + 6e:2a:fa:09:a9:c3:ea:86:30:8c:4e:e0:2b:13:80:a1:40:f3: + 10:15:9d:4f:77:90:0f:12:c9:a5:60:2e:87:43:0b:c1:90:5a: + b3:95:fb:37:0c:c7:86:d0:2f:bb:4c:b8:97:40:d6:61:a6:47: + e6:30:42:9f:e6:28:ac:b7:99:83:52:a0:c0:4b:dd:e2:ad:1b: + e7:5d:c5:9a:fb:6c:d9:bc:7c:bc:64:1a:47:9b:01:9f:4e:10: + aa:f7:6a:25:a0:0b:64:6b:8f:54:42:74:23:d3:83:a8:b7:fc: + 78:95:65:11:27:f2:b5:1e:90:78:31:9d:f3:5f:7f:8d:63:3f: + ce:cf:1e:11:bd:8b:01:a7:fa:33:d2:9b:ac:9c:c0:ee:b1:f2: + ee:02:ea:73:07:28:1d:8c:23:98:93:cc:23:92:26:35:a4:d7: + 57:f7:d1:28:b0:4e:6a:9c:78:01:c9:f2:52:e0:1d:13:86:76: + 7e:13:3c:07:69:a5:3f:d6:3e:2e:36:70:0a:be:4d:1a:14:ac: + 73:bd:5a:ad:78:68:a6:35:a2:50:5b:ab:c1:e3:a1:f7:47:f2: + 76:2b:e8:5d:4a:e4:f3:4a:dc:93:53:64:9c:83:f3:af:a5:0f: + e1:83:1d:89 +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgrzC0Mq +2OUV9kiUIekjYQ8OzFqmukWwi5lURAtWTrET4s65WArcd0E2hqzrtFQEdx/P9h0S +xVg4Zf8gQfBDnaS/+mE7dVLwOZ1b++KI+2kysrlNqDSI487hL/QD1Rs/GquVmKFv +hysQdgJPumd/miNckIrcsyelKBSYHrIGkgpgN/5WthaEWQGl6R0E1UZm5DD6Dg7C +12YhSvyZT4UzljZ93FwEFrxc7vNtTbaiDzn84mOWvz1aYQKP29cHxCQC8AJS5ywI +eLmN2V8tzGwenvmRlei+E3cCs4aryyTtSr82KS1mNh78PTrFDyNd6S5B2HmX7ovM +dS3HOr5N5f2iMwIDAQABo4HLMIHIMB0GA1UdDgQWBBSLPF92hc0nFAB7C5KvStVS +m7pTvjAfBgNVHSMEGDAWgBQa3aaLQKRbahsGv5t2VIqbiPiLBzA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +AIOE3rNWrSoWVm57ZD41vTk4Lm4q+gmpw+qGMIxO4CsTgKFA8xAVnU93kA8SyaVg +LodDC8GQWrOV+zcMx4bQL7tMuJdA1mGmR+YwQp/mKKy3mYNSoMBL3eKtG+ddxZr7 +bNm8fLxkGkebAZ9OEKr3aiWgC2Rrj1RCdCPTg6i3/HiVZREn8rUekHgxnfNff41j +P87PHhG9iwGn+jPSm6ycwO6x8u4C6nMHKB2MI5iTzCOSJjWk11f30SiwTmqceAHJ +8lLgHROGdn4TPAdppT/WPi42cAq+TRoUrHO9Wq14aKY1olBbq8HjofdH8nYr6F1K +5PNK3JNTZJyD86+lD+GDHYk= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d9:e2:08:ac:46:4f:3e:c9:2c:0e:1b:2e:0d:cb: + 05:2e:b2:60:dd:39:3b:31:90:3c:89:ee:6f:32:3f: + 4e:9c:4a:93:d7:97:e5:e9:9d:0a:72:a5:77:c8:e6: + 67:db:e0:e2:d7:35:ab:d5:7b:26:2a:97:39:4c:04: + e3:32:93:df:69:9e:5e:c7:fb:3a:53:70:18:91:39: + 76:23:aa:65:5b:e0:87:32:cb:2c:6c:6f:e7:38:9f: + 79:db:23:ea:3c:86:9b:f2:03:d3:df:15:5c:ce:58: + b5:46:77:5d:21:09:f9:e3:ae:16:ce:e6:d5:95:41: + d5:ee:c7:74:89:bf:dc:c8:80:47:e0:49:6e:ff:26: + 6b:0a:d4:c2:04:21:a0:b5:b0:07:4d:1b:1c:e1:a8: + 53:23:13:3f:01:31:d9:3f:dc:2d:70:8b:61:49:b1: + 6d:6f:c6:4e:f7:35:45:17:40:39:9d:28:1d:77:68: + 82:c2:75:9a:c2:9f:90:ab:4c:c9:8a:3e:68:2a:2c: + ba:62:ab:e1:58:c8:3b:fe:c0:95:8e:55:33:53:ca: + 3f:fb:9a:ae:95:13:65:3f:a6:9a:d6:98:f1:ad:72: + 74:ce:d8:65:12:9f:63:fd:63:c5:3f:90:3d:d8:b2: + 2b:fe:48:fa:da:ab:f2:49:c6:1d:2a:ba:f8:73:e1: + 50:a1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 1A:DD:A6:8B:40:A4:5B:6A:1B:06:BF:9B:76:54:8A:9B:88:F8:8B:07 + X509v3 Authority Key Identifier: + keyid:1A:DD:A6:8B:40:A4:5B:6A:1B:06:BF:9B:76:54:8A:9B:88:F8:8B:07 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Extended Key Usage: + TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 7f:58:39:4d:ec:e0:7e:11:fa:c1:29:d1:c8:56:42:19:33:f4: + 8c:e0:a1:22:90:fc:9d:cc:d2:36:4f:f7:91:51:cc:0a:40:49: + da:cc:70:81:3e:59:ae:65:a3:c5:86:42:5f:df:fe:1d:51:93: + fb:77:99:01:b0:02:c5:95:1f:32:6f:a2:4a:21:28:50:f8:bc: + 5d:67:01:28:a0:4f:6c:a0:43:ea:7b:7a:66:3a:33:a0:c2:0c: + a5:44:10:9b:e4:f9:4a:09:43:02:e0:01:ca:fd:c2:b1:07:31: + c8:6b:0d:ec:c8:c1:4f:53:2e:10:1b:d9:8a:42:00:74:d5:cc: + ec:47:51:c5:12:63:a7:f2:93:4f:0e:cd:82:3c:70:3b:9f:c8: + 0c:9f:5b:fa:15:47:e5:e6:6d:5d:37:7c:fa:e2:a2:4b:aa:d8: + be:c4:2e:e5:3e:71:ae:c9:7b:79:86:1c:29:3c:00:e3:d5:9b: + 30:23:12:c0:33:12:7d:36:8c:99:cb:6a:39:74:fa:8f:6e:8f: + 5c:53:6e:53:94:59:c9:59:7d:1e:3c:e2:ac:32:43:5e:4c:14: + 87:cf:39:c9:55:38:e0:29:a6:19:e9:62:21:8d:f0:1b:9d:31: + c9:c3:93:12:fd:b3:0e:83:fc:21:dc:bb:df:09:a6:57:6e:18: + 58:ff:ad:73 +-----BEGIN TRUST_ANCHOR_CONSTRAINED----- +MIIDejCCAmKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANniCKxGTz7JLA4bLg3L +BS6yYN05OzGQPInubzI/TpxKk9eX5emdCnKld8jmZ9vg4tc1q9V7JiqXOUwE4zKT +32meXsf7OlNwGJE5diOqZVvghzLLLGxv5zifedsj6jyGm/ID098VXM5YtUZ3XSEJ ++eOuFs7m1ZVB1e7HdIm/3MiAR+BJbv8mawrUwgQhoLWwB00bHOGoUyMTPwEx2T/c +LXCLYUmxbW/GTvc1RRdAOZ0oHXdogsJ1msKfkKtMyYo+aCosumKr4VjIO/7AlY5V +M1PKP/uarpUTZT+mmtaY8a1ydM7YZRKfY/1jxT+QPdiyK/5I+tqr8knGHSq6+HPh +UKECAwEAAaOB4DCB3TAdBgNVHQ4EFgQUGt2mi0CkW2obBr+bdlSKm4j4iwcwHwYD +VR0jBBgwFoAUGt2mi0CkW2obBr+bdlSKm4j4iwcwNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqG +SIb3DQEBCwUAA4IBAQB/WDlN7OB+EfrBKdHIVkIZM/SM4KEikPydzNI2T/eRUcwK +QEnazHCBPlmuZaPFhkJf3/4dUZP7d5kBsALFlR8yb6JKIShQ+LxdZwEooE9soEPq +e3pmOjOgwgylRBCb5PlKCUMC4AHK/cKxBzHIaw3syMFPUy4QG9mKQgB01czsR1HF +EmOn8pNPDs2CPHA7n8gMn1v6FUfl5m1dN3z64qJLqti+xC7lPnGuyXt5hhwpPADj +1ZswIxLAMxJ9NoyZy2o5dPqPbo9cU25TlFnJWX0ePOKsMkNeTBSHzznJVTjgKaYZ +6WIhjfAbnTHJw5MS/bMOg/wh3LvfCaZXbhhY/61z +-----END TRUST_ANCHOR_CONSTRAINED----- + +150302120000Z +-----BEGIN TIME----- +MTUwMzAyMTIwMDAwWg== +-----END TIME----- + +FAIL +-----BEGIN VERIFY_RESULT----- +RkFJTA== +-----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=2 ----- +ERROR: The extended key usage does not include server auth + + +-----BEGIN ERRORS----- +LS0tLS0gQ2VydGlmaWNhdGUgaT0yIC0tLS0tCkVSUk9SOiBUaGUgZXh0ZW5kZWQga2V5IHVzYWdlIGRvZXMgbm90IGluY2x1ZGUgc2VydmVyIGF1dGgKCg== +-----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/constrained-root-basic-constraints-ca-false.pem b/chromium/net/data/verify_certificate_chain_unittest/constrained-root-basic-constraints-ca-false.pem index f8842981b09..789a3fb77ef 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/constrained-root-basic-constraints-ca-false.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/constrained-root-basic-constraints-ca-false.pem @@ -19,30 +19,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b8:b6:4b:46:a5:2a:82:68:2c:9f:19:09:8f:0c: - c6:ad:af:bf:e1:8f:86:e5:2b:7b:b6:53:cd:bf:cf: - 57:f2:c9:19:55:2c:3e:d5:33:b6:5f:0c:d6:65:4b: - f0:37:49:28:32:68:c5:56:32:a1:8d:13:5f:2a:7e: - ff:b4:13:b4:69:07:df:82:04:f9:bf:9e:06:61:ad: - 4b:82:2c:12:3e:d6:37:ef:1f:be:4c:6e:16:5b:f1: - 02:ea:31:75:40:2b:f1:6d:2d:7b:fb:5c:43:7a:34: - 70:23:c5:dc:80:fa:76:4b:36:28:91:7c:0f:14:01: - 5b:66:51:89:54:79:3c:d5:c3:e3:4f:6a:a9:d6:ab: - ba:57:f9:6d:13:b3:cc:2c:7a:5f:87:06:62:9e:31: - 9b:e2:5c:5e:b7:70:e1:1a:dc:02:0a:23:cb:dc:28: - fb:85:03:b0:5b:a0:94:d8:4a:6a:8e:dc:02:2a:19: - c1:ea:32:9d:a2:9b:84:34:6c:79:90:d6:bf:9d:74: - 02:cd:21:a3:bf:57:46:db:4e:5a:76:3e:32:54:66: - 7e:2f:f1:4b:40:72:9d:bf:c3:fc:33:8b:6b:cc:a4: - ce:2a:dd:74:13:7b:e7:3d:31:26:ae:a8:88:83:ab: - 24:27:31:21:55:17:de:a9:d6:d4:ae:c1:6e:b0:ca: - e5:9f + 00:b3:7d:07:29:33:df:ea:eb:78:7f:88:ef:13:78: + ff:42:10:a6:ae:9c:8d:9e:c6:48:37:77:a4:2c:27: + 81:cd:a9:b2:54:b5:84:cd:0a:a1:90:11:28:1d:85: + 0f:9a:88:a4:a1:75:36:42:53:19:71:4d:da:17:02: + 9f:80:94:58:55:87:23:47:47:be:8a:64:15:d6:15: + 6f:fe:73:a2:e7:e8:5a:01:48:33:ae:21:a1:7c:a3: + 3a:58:fc:2c:25:f5:ab:ff:bb:3d:ff:e1:2f:62:d8: + 79:ec:e5:d6:b0:33:dc:ce:68:ca:f5:96:b7:0e:5f: + 22:80:09:e8:ca:6c:14:64:84:97:a9:c0:bf:57:e4: + ad:42:46:c6:58:07:2d:12:18:a2:d1:1f:5d:40:0e: + 93:19:eb:a0:4b:49:f5:1e:f6:8b:f9:6f:37:96:e4: + 07:04:71:bc:da:d4:e0:3f:3d:4e:3e:71:40:e8:39: + 27:ab:c8:2d:b4:22:45:51:32:8a:c4:21:10:84:fe: + ba:74:3e:72:8e:64:66:24:f6:a2:7a:f9:10:29:9d: + 48:59:57:a9:0a:59:b4:00:60:5c:e1:93:4f:53:23: + a1:2e:a3:a3:eb:49:2c:8a:d1:2d:ba:bb:57:c3:a4: + 5f:78:85:4b:8d:b0:6a:89:f0:cc:ba:be:60:89:a8: + 9c:49 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - CB:79:A5:28:D4:40:7E:78:F4:F3:C5:7B:21:DA:CF:D8:4C:95:FC:EE + 72:41:94:01:8B:5E:D8:39:1C:E1:A1:6F:76:49:3E:9F:93:09:60:3A X509v3 Authority Key Identifier: - keyid:21:63:3C:E9:BA:5F:79:17:3D:28:91:51:B7:72:6E:26:3C:9E:9C:65 + keyid:7A:10:56:B4:5F:2F:4E:7E:28:92:1A:46:EE:EB:8F:1E:A0:B6:3B:02 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -57,42 +57,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 96:8e:91:69:58:40:6d:ef:8b:60:3f:35:57:0a:93:85:6d:e5: - a5:df:99:05:e4:b9:32:c6:e3:9b:e6:2e:8c:4c:b5:4d:c4:fa: - 40:cd:44:2c:f1:b3:bd:d2:24:9a:d7:cb:1b:64:46:b7:db:11: - a0:7f:49:5b:ec:fc:0e:d5:36:73:f7:60:48:82:11:be:92:1c: - 41:0f:96:85:ef:c3:e5:cf:3b:a6:2e:41:99:6c:77:6b:3b:74: - e3:a9:d0:35:9f:17:f8:7f:4d:a7:33:6c:ce:fa:a3:be:f4:0d: - fb:38:02:ab:10:d3:46:22:e6:ae:a6:62:5b:5f:48:98:cd:ba: - 4b:ef:1f:5c:3b:2a:2e:ef:48:76:8b:3d:05:d6:e4:25:2b:60: - 2d:a8:cd:64:98:95:73:22:62:d7:67:7f:35:93:2f:2f:cc:99: - ac:d2:07:1f:9d:ff:1f:e3:33:84:4f:ff:a6:b7:48:7a:fc:24: - c5:25:c1:22:b4:4e:f1:cd:10:10:0a:b8:9b:1d:9e:86:d9:9d: - 52:3c:af:04:76:b8:3b:98:83:6d:82:51:ca:b2:ff:15:e4:22: - 50:98:8f:fb:2c:bc:2e:77:8e:11:6b:5b:06:97:ff:da:ea:29: - 51:88:df:94:2f:7c:75:26:54:99:d9:0a:bc:bb:8d:a0:23:6a: - db:cc:85:4e + 8b:ee:65:ac:90:4d:81:25:5f:e1:42:eb:b8:38:4a:08:10:f6: + 35:e8:46:4d:e1:10:9c:59:25:6b:ce:ac:a6:8f:64:b3:d7:15: + b0:e9:4d:1e:a6:5e:62:fc:38:9e:41:45:60:7c:20:9d:8f:ed: + f2:fd:a5:9c:14:1d:12:bf:31:e2:d0:b8:a8:c2:6a:df:d2:38: + 7a:d0:f3:1e:ad:24:c7:cd:f6:5e:71:1c:c3:df:f0:16:47:5c: + b4:c9:6f:6c:0d:bc:92:ec:29:76:6d:5b:ea:96:97:b4:1e:43: + 11:c4:41:6c:ee:66:ef:e8:48:1a:f6:52:17:0e:73:08:92:ad: + df:c5:29:93:9a:07:1b:16:58:8e:14:0d:1c:e4:06:ac:92:87: + 64:62:22:f4:f8:1e:45:d7:de:eb:9a:cd:1c:74:5c:bb:9a:02: + b9:ab:57:f0:a6:11:9b:4a:87:e0:b8:62:ca:18:e4:cf:c4:d6: + 7f:52:2b:e1:54:f6:92:65:be:89:3c:e0:78:1f:d4:8b:e4:37: + 0f:c8:68:01:df:fa:39:60:e5:de:7b:31:87:3b:19:39:ca:42: + b8:9f:93:2a:2f:2b:14:5c:57:f9:ca:2e:bc:6a:38:73:72:3a: + 87:e2:29:c1:54:4d:45:31:49:3a:b6:d7:04:c6:8c:19:59:67: + c3:94:a1:4c -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4tktG -pSqCaCyfGQmPDMatr7/hj4blK3u2U82/z1fyyRlVLD7VM7ZfDNZlS/A3SSgyaMVW -MqGNE18qfv+0E7RpB9+CBPm/ngZhrUuCLBI+1jfvH75MbhZb8QLqMXVAK/FtLXv7 -XEN6NHAjxdyA+nZLNiiRfA8UAVtmUYlUeTzVw+NPaqnWq7pX+W0Ts8wsel+HBmKe -MZviXF63cOEa3AIKI8vcKPuFA7BboJTYSmqO3AIqGcHqMp2im4Q0bHmQ1r+ddALN -IaO/V0bbTlp2PjJUZn4v8UtAcp2/w/wzi2vMpM4q3XQTe+c9MSauqIiDqyQnMSFV -F96p1tSuwW6wyuWfAgMBAAGjgekwgeYwHQYDVR0OBBYEFMt5pSjUQH549PPFeyHa -z9hMlfzuMB8GA1UdIwQYMBaAFCFjPOm6X3kXPSiRUbdybiY8npxlMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzfQcp +M9/q63h/iO8TeP9CEKaunI2exkg3d6QsJ4HNqbJUtYTNCqGQESgdhQ+aiKShdTZC +UxlxTdoXAp+AlFhVhyNHR76KZBXWFW/+c6Ln6FoBSDOuIaF8ozpY/Cwl9av/uz3/ +4S9i2Hns5dawM9zOaMr1lrcOXyKACejKbBRkhJepwL9X5K1CRsZYBy0SGKLRH11A +DpMZ66BLSfUe9ov5bzeW5AcEcbza1OA/PU4+cUDoOSeryC20IkVRMorEIRCE/rp0 +PnKOZGYk9qJ6+RApnUhZV6kKWbQAYFzhk09TI6Euo6PrSSyK0S26u1fDpF94hUuN +sGqJ8My6vmCJqJxJAgMBAAGjgekwgeYwHQYDVR0OBBYEFHJBlAGLXtg5HOGhb3ZJ +Pp+TCWA6MB8GA1UdIwQYMBaAFHoQVrRfL05+KJIaRu7rjx6gtjsCMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAlo6RaVhAbe+LYD81VwqT -hW3lpd+ZBeS5Msbjm+YujEy1TcT6QM1ELPGzvdIkmtfLG2RGt9sRoH9JW+z8DtU2 -c/dgSIIRvpIcQQ+Whe/D5c87pi5BmWx3azt046nQNZ8X+H9NpzNszvqjvvQN+zgC -qxDTRiLmrqZiW19ImM26S+8fXDsqLu9Idos9BdbkJStgLajNZJiVcyJi12d/NZMv -L8yZrNIHH53/H+MzhE//prdIevwkxSXBIrRO8c0QEAq4mx2ehtmdUjyvBHa4O5iD -bYJRyrL/FeQiUJiP+yy8LneOEWtbBpf/2uopUYjflC98dSZUmdkKvLuNoCNq28yF -Tg== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAi+5lrJBNgSVf4ULruDhK +CBD2NehGTeEQnFkla86spo9ks9cVsOlNHqZeYvw4nkFFYHwgnY/t8v2lnBQdEr8x +4tC4qMJq39I4etDzHq0kx832XnEcw9/wFkdctMlvbA28kuwpdm1b6paXtB5DEcRB +bO5m7+hIGvZSFw5zCJKt38Upk5oHGxZYjhQNHOQGrJKHZGIi9PgeRdfe65rNHHRc +u5oCuatX8KYRm0qH4Lhiyhjkz8TWf1Ir4VT2kmW+iTzgeB/Ui+Q3D8hoAd/6OWDl +3nsxhzsZOcpCuJ+TKi8rFFxX+couvGo4c3I6h+IpwVRNRTFJOrbXBMaMGVlnw5Sh +TA== -----END CERTIFICATE----- Certificate: @@ -109,30 +109,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:a9:38:35:27:ba:37:72:ce:20:03:31:f3:dc:4e: - 96:e4:69:f4:d4:d1:77:8f:59:a8:93:d8:02:d3:a6: - 14:c1:d4:a2:8e:a2:69:0b:fa:28:1d:3c:71:f4:59: - de:c7:a0:80:09:7a:3e:b0:74:be:50:29:93:ce:73: - 66:67:64:30:5f:e0:8c:8a:05:2a:18:16:77:03:c6: - 09:26:b6:dd:c0:5d:d3:99:07:71:98:02:82:bd:ff: - d4:5a:f2:84:6c:9f:3c:90:d5:d7:fb:06:24:65:12: - fd:df:29:f1:2e:81:d0:b8:2f:ea:dd:0f:52:15:50: - 91:b4:10:6b:2d:88:d5:91:44:57:51:ff:1f:db:62: - 47:5d:41:9a:b1:3f:03:f6:fd:3b:79:e0:46:b0:69: - 01:ee:72:d9:48:22:6a:b7:59:2e:39:6f:1f:01:1b: - e0:b2:c4:a1:9e:b8:dc:c5:99:87:0f:84:d5:55:4d: - bb:0b:73:fc:85:62:a6:14:53:13:1d:d8:36:a1:96: - b8:7f:65:81:e6:04:20:97:e8:05:ca:c9:4e:55:9b: - eb:74:97:7d:cf:72:52:17:7b:ac:a2:10:0f:96:7d: - 0c:f3:d3:52:6d:d0:af:36:44:be:6f:18:d9:39:0c: - 75:b8:e0:9e:5c:38:ec:47:72:a3:61:cc:e1:e9:de: - a5:a9 + 00:bb:be:bc:29:e3:c0:a2:2b:12:a7:b2:77:ff:30: + a1:03:d7:b9:aa:0b:7d:b4:2a:4b:e4:cb:72:cb:5e: + ff:34:16:06:51:e2:e5:bf:a0:ae:0b:19:34:c3:45: + b1:2b:df:94:3c:9c:00:1c:bf:1f:69:a5:a6:08:04: + 20:c9:0a:0d:c2:69:0b:a6:63:63:ab:9b:76:5b:d0: + 1e:d1:20:32:02:bc:4d:4b:02:7e:8a:6c:90:34:b1: + 2b:ae:88:da:99:fd:e0:77:f6:97:54:dc:f5:53:64: + 83:87:70:f9:03:c4:aa:45:2c:78:bc:b0:9b:fa:11: + eb:a0:8c:a4:62:12:c2:82:ee:70:83:a8:8f:19:26: + 1c:f0:60:e4:17:20:bf:4c:d8:76:90:42:0d:cd:82: + fe:e9:38:39:ca:d8:72:c0:8f:cf:98:4d:af:47:82: + 77:63:a7:6e:c0:e8:ac:f8:4c:a8:b1:b0:20:09:03: + 74:67:cc:24:5f:91:24:4a:38:05:ca:64:3e:b7:e0: + 03:a5:79:44:71:32:19:31:cb:0a:02:84:39:8a:a7: + 10:c7:6b:60:72:81:16:3f:9c:ac:f8:af:46:c4:21: + f4:88:30:a8:8d:62:82:1c:36:8d:b0:d9:00:bb:b5: + 8c:e5:7a:89:de:6c:fd:3f:f0:e1:12:50:8c:1c:02: + 1f:e9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 21:63:3C:E9:BA:5F:79:17:3D:28:91:51:B7:72:6E:26:3C:9E:9C:65 + 7A:10:56:B4:5F:2F:4E:7E:28:92:1A:46:EE:EB:8F:1E:A0:B6:3B:02 X509v3 Authority Key Identifier: - keyid:A4:4A:EF:8D:03:05:5A:85:D8:D5:43:64:B2:EE:06:D6:D1:75:36:8B + keyid:9E:16:CB:63:0C:02:2E:E7:DC:BA:AA:D5:D2:10:B0:E0:F7:2D:14:6D Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -147,41 +147,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - ad:e7:db:f0:f9:65:22:52:9d:80:63:50:03:43:15:e2:19:44: - 93:31:c8:7b:f3:8c:81:d4:72:84:5c:a3:b9:90:b3:97:78:c6: - 7c:c3:50:8c:29:e9:49:d6:f1:cc:6e:f0:20:a2:2c:ff:ab:52: - 15:04:90:73:b1:3f:7f:be:21:87:96:c4:31:87:ae:15:ca:33: - 4a:79:84:11:11:4f:2c:dd:12:36:b0:c4:03:dd:c6:a5:a4:d2: - 5b:71:23:40:56:4e:49:97:1f:cb:af:c3:93:69:69:a0:6d:cd: - ac:47:9a:65:d1:c0:2f:d8:6d:56:4e:a4:90:16:6c:8b:fb:38: - b7:b3:ac:52:d6:0a:17:21:8d:a6:6e:ff:f3:15:13:d4:3b:0d: - 74:77:4e:60:63:9c:10:6f:36:70:a6:a8:93:8a:88:ff:82:13: - 25:0a:ba:5e:e6:09:c9:bb:8b:3d:cb:e4:d3:c0:28:6e:c6:2d: - 21:82:d3:81:b1:28:41:dd:7a:aa:cd:be:66:1e:06:3a:99:cf: - 41:ed:02:81:0a:0e:98:a2:f4:03:4b:31:c1:d8:78:79:a0:fd: - 25:a1:30:09:1c:29:e5:38:3a:b3:f2:48:70:5f:82:b6:71:b7: - f4:cd:99:e6:62:f2:78:b7:8c:92:af:d6:ce:96:c8:0f:84:60: - 93:19:fa:21 + 3e:31:dd:13:08:38:cc:52:d8:16:8d:eb:23:d2:af:0e:52:f7: + 90:bc:e9:5d:c0:3d:52:aa:ee:54:a9:8b:71:d0:71:79:a0:42: + 66:9c:14:bd:a6:9b:b0:62:67:78:b9:52:1c:87:3d:32:22:af: + 65:2a:7f:3b:fc:94:a7:70:c2:83:2c:d6:cf:c7:ba:1f:28:4b: + 7a:a4:0f:90:7d:a6:b7:72:bd:37:d9:39:18:8b:e4:c0:9f:03: + aa:70:db:70:51:48:32:a9:4c:2d:a6:f7:55:ae:6c:06:7e:7d: + e9:0f:5a:0e:ae:30:2d:79:ea:5c:de:dd:95:2b:a9:ad:c4:c1: + e2:d7:4b:3b:2a:41:e8:80:94:bc:97:10:3a:c0:1a:71:56:4c: + 04:c2:6f:30:dd:35:dc:68:16:4c:c5:1d:0c:6b:fd:d2:c1:38: + c9:cb:6c:fd:70:5a:34:7a:04:e1:b2:24:e4:d5:c6:8f:5b:96: + 93:a1:54:cb:f8:02:4b:e6:72:a1:45:9a:8c:e9:5a:b9:02:c2: + 07:04:2e:25:80:1e:ad:58:14:f6:96:b6:7d:85:80:da:9f:5a: + 3c:4e:db:a2:5b:b6:4c:ea:b8:92:13:bd:e7:da:41:25:c1:86: + 44:6e:65:3e:cb:d4:a2:70:ad:49:2e:eb:2a:86:6a:22:40:89: + 22:6f:46:a5 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTg1J7o3 -cs4gAzHz3E6W5Gn01NF3j1mok9gC06YUwdSijqJpC/ooHTxx9Fnex6CACXo+sHS+ -UCmTznNmZ2QwX+CMigUqGBZ3A8YJJrbdwF3TmQdxmAKCvf/UWvKEbJ88kNXX+wYk -ZRL93ynxLoHQuC/q3Q9SFVCRtBBrLYjVkURXUf8f22JHXUGasT8D9v07eeBGsGkB -7nLZSCJqt1kuOW8fARvgssShnrjcxZmHD4TVVU27C3P8hWKmFFMTHdg2oZa4f2WB -5gQgl+gFyslOVZvrdJd9z3JSF3usohAPln0M89NSbdCvNkS+bxjZOQx1uOCeXDjs -R3KjYczh6d6lqQIDAQABo4HLMIHIMB0GA1UdDgQWBBQhYzzpul95Fz0okVG3cm4m -PJ6cZTAfBgNVHSMEGDAWgBSkSu+NAwVahdjVQ2Sy7gbW0XU2izA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu768KePA +oisSp7J3/zChA9e5qgt9tCpL5Mtyy17/NBYGUeLlv6CuCxk0w0WxK9+UPJwAHL8f +aaWmCAQgyQoNwmkLpmNjq5t2W9Ae0SAyArxNSwJ+imyQNLErrojamf3gd/aXVNz1 +U2SDh3D5A8SqRSx4vLCb+hHroIykYhLCgu5wg6iPGSYc8GDkFyC/TNh2kEINzYL+ +6Tg5ythywI/PmE2vR4J3Y6duwOis+EyosbAgCQN0Z8wkX5EkSjgFymQ+t+ADpXlE +cTIZMcsKAoQ5iqcQx2tgcoEWP5ys+K9GxCH0iDCojWKCHDaNsNkAu7WM5XqJ3mz9 +P/DhElCMHAIf6QIDAQABo4HLMIHIMB0GA1UdDgQWBBR6EFa0Xy9OfiiSGkbu648e +oLY7AjAfBgNVHSMEGDAWgBSeFstjDAIu59y6qtXSELDg9y0UbTA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AK3n2/D5ZSJSnYBjUANDFeIZRJMxyHvzjIHUcoRco7mQs5d4xnzDUIwp6UnW8cxu -8CCiLP+rUhUEkHOxP3++IYeWxDGHrhXKM0p5hBERTyzdEjawxAPdxqWk0ltxI0BW -TkmXH8uvw5NpaaBtzaxHmmXRwC/YbVZOpJAWbIv7OLezrFLWChchjaZu//MVE9Q7 -DXR3TmBjnBBvNnCmqJOKiP+CEyUKul7mCcm7iz3L5NPAKG7GLSGC04GxKEHdeqrN -vmYeBjqZz0HtAoEKDpii9ANLMcHYeHmg/SWhMAkcKeU4OrPySHBfgrZxt/TNmeZi -8ni3jJKv1s6WyA+EYJMZ+iE= +AD4x3RMIOMxS2BaN6yPSrw5S95C86V3APVKq7lSpi3HQcXmgQmacFL2mm7BiZ3i5 +UhyHPTIir2Uqfzv8lKdwwoMs1s/Huh8oS3qkD5B9prdyvTfZORiL5MCfA6pw23BR +SDKpTC2m91WubAZ+fekPWg6uMC156lze3ZUrqa3EweLXSzsqQeiAlLyXEDrAGnFW +TATCbzDdNdxoFkzFHQxr/dLBOMnLbP1wWjR6BOGyJOTVxo9blpOhVMv4AkvmcqFF +mozpWrkCwgcELiWAHq1YFPaWtn2FgNqfWjxO26JbtkzquJITvefaQSXBhkRuZT7L +1KJwrUku6yqGaiJAiSJvRqU= -----END CERTIFICATE----- Certificate: @@ -198,30 +198,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:e9:d3:1f:75:ed:64:d9:2b:d9:1c:3b:ab:db:86: - 88:7a:65:57:87:7c:b9:51:2f:57:7f:34:7d:73:5d: - 53:8f:a0:13:08:26:ec:46:0d:05:cb:91:36:4a:9b: - 13:65:76:9d:68:b9:30:6a:13:9e:b2:1b:95:e7:3e: - 11:fc:16:50:ff:6f:8e:bd:88:79:4d:9e:fa:74:20: - 2d:1c:f0:15:98:d7:de:f9:99:46:f3:f5:c2:17:08: - c2:c3:3b:e3:6e:1b:bf:c9:3f:db:c3:ff:a4:d2:ee: - c4:8e:91:e6:af:12:e7:5c:1c:73:af:df:0f:0f:05: - d8:f0:f6:21:95:5e:40:97:ee:5d:1b:df:a8:89:30: - f4:08:e6:e4:c6:ca:aa:58:fa:e6:8c:b4:2f:3e:56: - ea:9b:02:4f:bc:65:c5:a7:41:bf:8d:e2:34:dc:f3: - da:f3:23:36:07:32:62:96:5b:be:44:69:39:47:44: - 70:96:96:03:f1:d8:1b:e3:bd:32:bc:9e:3b:5a:4c: - 38:fa:75:d1:af:2c:30:d3:59:0b:87:43:85:b1:2e: - 43:15:97:13:89:8e:e7:15:c2:8b:39:be:5f:f1:59: - 57:45:b8:ac:e8:bd:4a:46:a6:50:5e:22:40:68:60: - 5a:77:81:2f:3d:be:03:13:3b:70:2c:a6:ad:eb:58: - c1:05 + 00:a8:a5:0e:06:b7:99:51:ad:fd:57:50:ba:00:3c: + ce:4b:a5:f8:a1:6d:00:ae:32:93:30:ec:a3:1b:58: + e3:09:5e:4e:61:fa:7f:f1:21:1a:a6:8d:bd:72:21: + e6:6d:82:33:7e:20:be:66:54:a6:42:92:18:db:43: + ef:09:93:d8:b4:6e:64:78:ce:b4:3b:9f:44:62:9f: + 73:dd:e9:0f:11:ce:9a:a1:82:dd:32:04:71:f2:46: + 03:e2:a1:7c:36:2f:78:de:97:b8:7b:da:3a:6a:b8: + 81:7c:d1:76:17:72:3c:a6:ba:74:4b:38:db:6b:47: + d3:52:f1:e0:ad:17:4f:48:fe:2b:7a:a5:28:aa:52: + 12:4c:f6:c2:4e:23:b5:b2:eb:9c:e1:6b:91:05:b0: + a7:3f:64:6f:bc:08:96:78:de:9f:ed:27:5b:d8:33: + b6:80:aa:80:40:a7:a3:c4:96:37:71:9a:ef:a6:2b: + 5d:07:e9:8d:e5:9b:84:4a:ac:db:52:68:b9:80:74: + be:ce:a7:c2:fe:b7:45:37:b2:c2:e9:0f:f9:54:15: + ab:7e:e9:c6:86:05:4a:26:f8:b6:3f:ec:a7:0a:4e: + 00:a1:73:3e:f3:db:77:38:0f:bc:37:9b:7c:cb:4d: + fc:ab:4b:d1:a2:ff:7d:1d:b1:d2:14:0d:74:bc:a4: + 8d:11 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - A4:4A:EF:8D:03:05:5A:85:D8:D5:43:64:B2:EE:06:D6:D1:75:36:8B + 9E:16:CB:63:0C:02:2E:E7:DC:BA:AA:D5:D2:10:B0:E0:F7:2D:14:6D X509v3 Authority Key Identifier: - keyid:A4:4A:EF:8D:03:05:5A:85:D8:D5:43:64:B2:EE:06:D6:D1:75:36:8B + keyid:9E:16:CB:63:0C:02:2E:E7:DC:BA:AA:D5:D2:10:B0:E0:F7:2D:14:6D Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -236,41 +236,41 @@ Certificate: X509v3 Basic Constraints: critical CA:FALSE Signature Algorithm: sha256WithRSAEncryption - 26:9d:8a:78:1d:b6:59:cd:cc:23:10:2b:9b:2c:a1:b4:fc:53: - 1e:c5:57:d8:d8:05:f2:dc:a6:13:2e:4b:13:af:14:bf:fa:c0: - af:3e:96:24:4a:ed:38:0f:10:f0:90:a9:c4:0d:92:59:6d:c7: - 12:bf:17:e2:d7:1b:20:1c:74:ab:7a:50:38:52:cf:55:58:40: - f7:c4:ee:78:a4:c1:79:ab:50:0c:a7:90:86:09:b0:05:bd:2a: - ec:31:00:a5:83:43:95:45:27:06:c0:e7:49:a3:81:9e:90:56: - 97:29:fc:b0:f1:4d:75:68:04:93:a2:1b:8e:fd:52:e1:2d:b8: - 30:be:4e:3d:e9:2b:96:4e:38:a3:26:4b:fe:36:72:45:55:57: - f1:c9:98:a7:9d:17:e2:b6:05:c8:bb:a4:ed:5e:be:23:8b:60: - e0:c8:42:c6:29:5f:37:37:2c:86:7d:06:67:5e:67:44:19:7f: - 13:5d:d3:8a:1e:50:b7:1c:03:52:0d:ff:4e:3c:69:f6:2f:d1: - 70:37:47:63:fa:60:1f:34:a4:1f:d8:2f:ed:e0:0e:f2:68:f8: - e3:58:34:33:3b:af:8f:15:c8:fe:2e:73:17:60:a9:49:7e:7e: - 1a:0e:9a:a2:60:bf:09:8d:85:8c:a3:dc:77:5f:45:b4:f9:f0: - 6d:a0:29:2a + 17:46:88:e9:36:01:90:63:cd:07:5a:1c:e2:6d:f8:62:7b:ac: + 64:87:bd:e5:1a:e0:5f:53:e1:ab:ab:ff:6b:a6:b6:56:b9:20: + 1e:64:69:80:10:b2:d4:9a:45:67:42:15:83:a7:fc:d2:ff:43: + 03:e1:e9:f5:75:a7:cc:0a:c0:25:c8:bc:37:03:b9:40:b7:c5: + bd:bc:f3:90:a3:55:b8:c8:db:f0:ed:38:ee:63:e2:3b:8b:a1: + ec:c1:3b:d1:9c:55:08:ac:5f:05:e3:ed:20:ce:46:49:49:8b: + ea:48:86:a6:28:40:27:1b:a6:5d:dc:f5:be:7a:f4:7a:9f:6e: + 79:fd:03:b5:cd:51:d3:d9:e6:01:0c:38:fd:8e:d2:b9:be:17: + 27:d6:14:16:34:62:3a:0b:45:42:90:f3:88:cf:6e:8d:19:40: + b2:6e:10:f9:1f:6c:fb:ed:02:b8:30:ed:83:af:1b:de:eb:12: + dd:3c:0d:79:d2:de:e5:78:7f:29:2c:ae:d2:ca:e8:45:d4:30: + ee:d1:f1:41:f5:9e:9f:ce:4c:12:8b:e3:2b:6c:02:13:90:b3: + b8:d6:50:25:5c:da:17:eb:03:3a:b2:f8:df:77:5b:cb:4a:5f: + c6:b6:11:21:9c:4f:c4:f8:00:e3:e1:96:db:0c:88:a7:9c:35: + 03:8f:2c:e3 -----BEGIN TRUST_ANCHOR_CONSTRAINED----- MIIDYjCCAkqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOnTH3XtZNkr2Rw7q9uG -iHplV4d8uVEvV380fXNdU4+gEwgm7EYNBcuRNkqbE2V2nWi5MGoTnrIblec+EfwW -UP9vjr2IeU2e+nQgLRzwFZjX3vmZRvP1whcIwsM7424bv8k/28P/pNLuxI6R5q8S -51wcc6/fDw8F2PD2IZVeQJfuXRvfqIkw9Ajm5MbKqlj65oy0Lz5W6psCT7xlxadB -v43iNNzz2vMjNgcyYpZbvkRpOUdEcJaWA/HYG+O9MryeO1pMOPp10a8sMNNZC4dD -hbEuQxWXE4mO5xXCizm+X/FZV0W4rOi9SkamUF4iQGhgWneBLz2+AxM7cCymretY -wQUCAwEAAaOByDCBxTAdBgNVHQ4EFgQUpErvjQMFWoXY1UNksu4G1tF1NoswHwYD -VR0jBBgwFoAUpErvjQMFWoXY1UNksu4G1tF1NoswNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKilDga3mVGt/VdQugA8 +zkul+KFtAK4ykzDsoxtY4wleTmH6f/EhGqaNvXIh5m2CM34gvmZUpkKSGNtD7wmT +2LRuZHjOtDufRGKfc93pDxHOmqGC3TIEcfJGA+KhfDYveN6XuHvaOmq4gXzRdhdy +PKa6dEs422tH01Lx4K0XT0j+K3qlKKpSEkz2wk4jtbLrnOFrkQWwpz9kb7wIlnje +n+0nW9gztoCqgECno8SWN3Ga76YrXQfpjeWbhEqs21JouYB0vs6nwv63RTeywukP ++VQVq37pxoYFSib4tj/spwpOAKFzPvPbdzgPvDebfMtN/KtL0aL/fR2x0hQNdLyk +jRECAwEAAaOByDCBxTAdBgNVHQ4EFgQUnhbLYwwCLufcuqrV0hCw4PctFG0wHwYD +VR0jBBgwFoAUnhbLYwwCLufcuqrV0hCw4PctFG0wNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAmnYp4HbZZzcwj -ECubLKG0/FMexVfY2AXy3KYTLksTrxS/+sCvPpYkSu04DxDwkKnEDZJZbccSvxfi -1xsgHHSrelA4Us9VWED3xO54pMF5q1AMp5CGCbAFvSrsMQClg0OVRScGwOdJo4Ge -kFaXKfyw8U11aASTohuO/VLhLbgwvk496SuWTjijJkv+NnJFVVfxyZinnRfitgXI -u6TtXr4ji2DgyELGKV83NyyGfQZnXmdEGX8TXdOKHlC3HANSDf9OPGn2L9FwN0dj -+mAfNKQf2C/t4A7yaPjjWDQzO6+PFcj+LnMXYKlJfn4aDpqiYL8JjYWMo9x3X0W0 -+fBtoCkq +AwIBBjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAXRojpNgGQY80H +Whzibfhie6xkh73lGuBfU+Grq/9rprZWuSAeZGmAELLUmkVnQhWDp/zS/0MD4en1 +dafMCsAlyLw3A7lAt8W9vPOQo1W4yNvw7TjuY+I7i6HswTvRnFUIrF8F4+0gzkZJ +SYvqSIamKEAnG6Zd3PW+evR6n255/QO1zVHT2eYBDDj9jtK5vhcn1hQWNGI6C0VC +kPOIz26NGUCybhD5H2z77QK4MO2Drxve6xLdPA150t7leH8pLK7SyuhF1DDu0fFB +9Z6fzkwSi+MrbAITkLO41lAlXNoX6wM6svjfd1vLSl/GthEhnE/E+ADj4ZbbDIin +nDUDjyzj -----END TRUST_ANCHOR_CONSTRAINED----- 150302120000Z @@ -282,3 +282,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/constrained-root-lacks-basic-constraints.pem b/chromium/net/data/verify_certificate_chain_unittest/constrained-root-lacks-basic-constraints.pem index 307b9f235db..6e57e66b58f 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/constrained-root-lacks-basic-constraints.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/constrained-root-lacks-basic-constraints.pem @@ -18,30 +18,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ad:75:ea:d9:63:a8:36:b6:47:9e:1f:f4:c4:38: - b8:81:a1:cb:46:09:41:00:e8:12:9e:fd:c1:f8:92: - cc:cb:92:90:72:e3:8c:74:20:9a:b2:d7:17:2a:c5: - 91:d7:2f:99:64:ad:96:52:16:bc:cd:f0:7a:5d:c8: - 04:90:f9:28:ec:05:40:4a:ca:29:33:9f:6c:98:5b: - da:9d:be:6a:a5:2d:82:a5:78:2e:b9:a9:20:77:c0: - 53:3c:63:19:af:ca:1c:20:da:b6:69:bc:0b:ba:b5: - f0:a0:92:e7:f5:34:af:a2:41:32:86:6d:67:03:5e: - d5:e6:68:d0:e5:8d:54:89:5d:39:66:ae:af:f2:2f: - 38:e2:f6:64:a5:7c:84:fe:2b:87:73:1b:76:29:c8: - d9:06:a8:bf:c7:c9:90:a2:7a:ab:36:b5:96:b2:e4: - 1c:68:3a:27:d6:80:e8:f6:cd:61:cf:c5:a6:f8:60: - bf:bc:2c:8c:aa:fb:ae:a4:12:b7:3f:a5:db:cc:25: - f7:7e:fe:01:bf:0e:2d:26:ef:b4:da:d0:e7:31:53: - 88:e6:3f:bc:85:f9:e7:9d:40:a9:70:8a:73:8d:f7: - b3:dd:7d:67:52:a5:98:7a:22:2b:e8:15:3f:82:4e: - 10:27:ed:92:f8:fa:41:89:6b:26:e9:dd:93:4a:74: - d3:a9 + 00:b6:ec:ef:24:7e:2c:a4:bb:5b:e1:b1:a0:d6:fd: + a0:3d:be:ea:69:1b:dc:65:d0:35:ab:1a:cf:0a:08: + f5:ba:f3:96:99:55:87:14:d5:fb:43:e0:a9:ab:f7: + e6:d1:fc:09:53:e3:81:5b:1a:ba:b6:a9:93:3e:21: + c9:65:11:54:ca:77:74:e5:dc:d3:a2:78:72:b8:59: + 3b:4b:85:1f:f2:b8:3b:38:1e:56:55:c9:fa:fb:ed: + 3b:0b:55:11:76:24:23:4d:bd:92:fb:2c:87:ce:0c: + 2a:1d:16:60:91:5f:92:d6:e3:a6:c5:02:4e:24:22: + 76:5d:45:0e:35:9e:f4:4b:f5:a1:d2:5e:0b:15:90: + 34:64:c7:13:3a:97:32:01:25:06:55:34:34:c1:95: + 17:e6:93:03:6e:59:2f:68:0a:a6:ea:83:70:9f:3c: + 0e:b1:29:f2:eb:14:69:19:ec:ef:43:64:9e:bf:15: + 28:d9:e6:d0:b3:a9:da:9e:da:a8:86:36:21:a4:9b: + 21:c8:c2:dc:d8:04:fd:a9:1a:3b:15:64:eb:fa:50: + a1:71:85:9b:9f:14:e1:6f:9c:32:98:2d:82:64:71: + 1c:4a:8f:bc:fb:0b:98:18:ef:e3:d9:3f:9a:df:1e: + b9:09:ab:bf:b0:d4:09:05:e5:47:14:c1:b8:05:59: + cc:2d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 92:9A:80:3A:5C:7F:B9:45:6C:C1:79:03:FC:BE:1D:F9:00:A5:ED:9E + 83:4E:85:AD:B6:23:89:9C:16:DE:68:3B:75:E5:29:7B:D8:06:2D:49 X509v3 Authority Key Identifier: - keyid:A4:79:C2:53:F1:7B:AF:B0:97:61:6B:AE:EA:24:7A:98:C7:D7:41:18 + keyid:89:BF:48:AC:C6:30:B7:51:CE:94:B6:45:9D:D8:C8:16:8B:7D:47:F7 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -56,42 +56,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 5e:39:9f:dc:2f:71:14:dc:68:84:af:52:a3:3d:07:68:3f:cc: - db:fa:4e:b9:d8:7e:7a:a0:7c:9a:75:81:55:a4:c2:45:4f:90: - 46:d4:8d:08:ca:3a:fa:64:04:b0:1c:42:e4:64:ad:4b:d3:c3: - 3c:57:b5:47:76:fd:7e:e4:a5:6c:22:71:4b:1c:d2:0d:23:8c: - b1:9a:20:18:f5:78:49:fa:06:e6:47:e5:4a:43:88:b4:8e:b8: - d9:23:b8:75:97:d4:cd:db:58:dd:7a:21:c6:65:47:fa:2f:f5: - c5:c7:c3:43:7f:e2:61:ff:55:e5:0e:1e:f7:2b:a7:1a:45:16: - 16:e6:bb:4b:f5:f5:2d:fd:01:f2:e3:41:b9:d1:dc:bb:52:97: - c5:90:cf:d1:57:70:46:46:ad:0f:e3:81:cc:18:e6:ce:05:fd: - 29:09:b2:eb:91:18:79:38:92:23:33:9b:0f:53:b1:fe:5d:81: - 65:b9:49:c9:64:6a:75:c4:e6:fe:8b:fc:3f:06:22:ab:e0:0a: - 18:d9:d5:5e:a6:d5:bd:2d:9f:b4:48:b5:ba:42:54:c7:75:be: - 8d:95:8b:ef:27:68:2a:a9:82:14:e4:9f:2c:ec:fd:27:cb:56: - c3:26:ec:10:96:85:f5:9b:42:b6:9c:99:ee:48:4a:3e:1b:81: - 9c:5f:7d:ad + 68:d1:c1:bd:2a:ed:8b:6b:14:e1:52:15:16:6c:2f:d9:0b:e4: + 24:2a:55:e7:dc:58:ff:b4:c3:05:2d:f3:7c:36:aa:db:cd:6b: + ae:19:df:63:e8:6d:91:1d:a7:02:b7:b5:e4:a2:60:9b:3d:9f: + a3:0d:5c:f6:72:87:1e:bf:2e:e8:4c:c1:61:48:4b:8a:d6:8f: + 9b:82:3f:fe:f1:d7:94:04:82:cb:6a:7f:33:b7:97:f6:6c:bf: + 79:f3:94:e9:46:ed:00:e5:16:e5:12:f5:f1:e4:e7:45:1c:8b: + fa:b3:ca:03:27:74:df:69:b2:e3:75:3b:b0:96:c2:42:97:07: + 03:b7:34:8e:e0:c5:01:7b:1d:b8:24:7d:9c:b5:4f:d5:0a:c1: + 45:9a:f6:a5:72:e6:ca:84:78:f2:b9:ac:4e:68:75:23:57:9e: + 0e:f5:06:2e:d1:38:5f:d8:81:b6:e0:f6:72:cb:7d:dc:16:5f: + 72:66:b7:0d:60:aa:7e:48:4e:16:62:74:3d:d7:de:b1:d3:ae: + e2:07:d0:e9:4c:7f:ef:32:80:1a:8b:7f:ae:14:0d:59:31:59: + ab:39:39:df:27:c0:23:82:d7:39:e8:8e:48:b9:53:f3:c5:e9: + 84:93:be:f4:32:44:d8:ed:1a:d5:49:3d:14:d8:07:f6:a1:6f: + 93:f9:1b:21 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtderZ -Y6g2tkeeH/TEOLiBoctGCUEA6BKe/cH4kszLkpBy44x0IJqy1xcqxZHXL5lkrZZS -FrzN8HpdyASQ+SjsBUBKyikzn2yYW9qdvmqlLYKleC65qSB3wFM8Yxmvyhwg2rZp -vAu6tfCgkuf1NK+iQTKGbWcDXtXmaNDljVSJXTlmrq/yLzji9mSlfIT+K4dzG3Yp -yNkGqL/HyZCieqs2tZay5BxoOifWgOj2zWHPxab4YL+8LIyq+66kErc/pdvMJfd+ -/gG/Di0m77Ta0OcxU4jmP7yF+eedQKlwinON97PdfWdSpZh6IivoFT+CThAn7ZL4 -+kGJaybp3ZNKdNOpAgMBAAGjgekwgeYwHQYDVR0OBBYEFJKagDpcf7lFbMF5A/y+ -HfkApe2eMB8GA1UdIwQYMBaAFKR5wlPxe6+wl2FrruokepjH10EYMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC27O8k +fiyku1vhsaDW/aA9vuppG9xl0DWrGs8KCPW685aZVYcU1ftD4Kmr9+bR/AlT44Fb +Grq2qZM+IcllEVTKd3Tl3NOieHK4WTtLhR/yuDs4HlZVyfr77TsLVRF2JCNNvZL7 +LIfODCodFmCRX5LW46bFAk4kInZdRQ41nvRL9aHSXgsVkDRkxxM6lzIBJQZVNDTB +lRfmkwNuWS9oCqbqg3CfPA6xKfLrFGkZ7O9DZJ6/FSjZ5tCzqdqe2qiGNiGkmyHI +wtzYBP2pGjsVZOv6UKFxhZufFOFvnDKYLYJkcRxKj7z7C5gY7+PZP5rfHrkJq7+w +1AkF5UcUwbgFWcwtAgMBAAGjgekwgeYwHQYDVR0OBBYEFINOha22I4mcFt5oO3Xl +KXvYBi1JMB8GA1UdIwQYMBaAFIm/SKzGMLdRzpS2RZ3YyBaLfUf3MD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAXjmf3C9xFNxohK9Soz0H -aD/M2/pOudh+eqB8mnWBVaTCRU+QRtSNCMo6+mQEsBxC5GStS9PDPFe1R3b9fuSl -bCJxSxzSDSOMsZogGPV4SfoG5kflSkOItI642SO4dZfUzdtY3XohxmVH+i/1xcfD -Q3/iYf9V5Q4e9yunGkUWFua7S/X1Lf0B8uNBudHcu1KXxZDP0VdwRkatD+OBzBjm -zgX9KQmy65EYeTiSIzObD1Ox/l2BZblJyWRqdcTm/ov8PwYiq+AKGNnVXqbVvS2f -tEi1ukJUx3W+jZWL7ydoKqmCFOSfLOz9J8tWwybsEJaF9ZtCtpyZ7khKPhuBnF99 -rQ== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAaNHBvSrti2sU4VIVFmwv +2QvkJCpV59xY/7TDBS3zfDaq281rrhnfY+htkR2nAre15KJgmz2fow1c9nKHHr8u +6EzBYUhLitaPm4I//vHXlASCy2p/M7eX9my/efOU6UbtAOUW5RL18eTnRRyL+rPK +Ayd032my43U7sJbCQpcHA7c0juDFAXsduCR9nLVP1QrBRZr2pXLmyoR48rmsTmh1 +I1eeDvUGLtE4X9iBtuD2cst93BZfcma3DWCqfkhOFmJ0PdfesdOu4gfQ6Ux/7zKA +Got/rhQNWTFZqzk53yfAI4LXOeiOSLlT88XphJO+9DJE2O0a1Uk9FNgH9qFvk/kb +IQ== -----END CERTIFICATE----- Certificate: @@ -108,30 +108,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:9b:ae:24:f7:35:a1:99:8f:a3:2e:f8:62:c1:ba: - f3:f3:92:a8:18:1e:57:b1:40:17:0a:3a:3b:67:64: - 7d:7c:97:98:ce:b0:e4:4b:aa:98:5e:66:4f:d6:4a: - 83:2d:c2:db:ac:4e:d0:83:3c:07:0a:f1:51:3f:7d: - 8f:5f:1d:48:14:e1:39:98:bf:c9:44:f6:a0:72:6c: - 1d:1c:13:91:cd:90:e2:19:88:80:59:2f:13:62:ac: - 9b:d0:19:53:a8:fe:f3:43:a7:94:fb:8c:df:98:10: - 48:6c:4b:20:c5:70:21:27:43:02:fe:15:ed:37:bf: - ee:71:d0:7d:69:f6:94:82:8e:83:a5:f8:b2:31:47: - bf:af:5c:94:d8:d8:a7:f8:bd:a2:fa:89:62:61:43: - 9e:46:10:e9:32:73:9c:32:bd:b9:a2:fe:35:96:df: - 10:b5:a6:8f:af:ed:4b:e0:4b:22:00:7f:e8:78:bf: - e9:0f:2d:26:80:d2:96:3a:0a:2e:02:b9:f7:49:57: - d6:7e:df:e4:97:dd:50:69:c7:49:f2:b2:74:94:1e: - ea:f9:7b:61:45:36:3b:7d:29:6b:09:de:ac:58:19: - 14:58:2c:83:b8:99:08:ba:be:78:ba:e8:f1:bb:f1: - 09:32:44:18:fb:72:4e:41:1c:6b:43:16:a2:73:6a: - 63:65 + 00:ac:2a:39:80:53:9e:de:12:59:e3:e1:77:4d:62: + f3:bc:5e:ba:8a:e3:a0:72:81:10:b5:55:37:e9:16: + 8b:f3:39:42:71:11:e7:d8:50:5e:08:f5:60:f8:bb: + 73:89:eb:73:65:30:49:c7:10:5f:fa:f7:0d:a2:ae: + 7e:8e:cb:ba:b8:64:ba:36:92:e1:c0:16:15:a6:93: + 13:62:71:0e:5f:a6:a9:4f:54:d1:62:d8:14:a9:b5: + 4a:ef:27:74:83:2a:33:ed:9e:3a:ba:e4:c4:d9:04: + 73:34:1b:fc:68:ea:4d:6f:d2:3d:ba:25:04:18:2c: + 3d:c4:81:dd:01:b8:b4:fe:3a:09:c6:2a:72:84:e6: + fa:00:a7:db:7f:4c:a0:c9:46:b5:9c:fc:15:d4:4c: + 98:8e:60:43:2f:41:2d:6d:a7:f9:99:d8:ef:92:c5: + 6c:f2:cc:d2:50:c0:44:1b:a4:c2:0c:a8:7a:66:64: + ae:76:4d:11:03:b4:d0:0a:6f:01:d4:e2:6d:90:42: + 33:78:17:78:8b:e1:b3:55:77:9b:f8:8f:d2:5f:08: + 08:bf:f9:51:fe:8e:8b:ab:ea:fb:31:15:cb:b2:ed: + fc:16:78:c8:ec:fb:43:c4:35:4b:da:78:a5:53:0e: + 7a:5e:63:93:e4:f6:02:93:aa:9a:a4:c0:e1:7f:45: + 1b:39 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - A4:79:C2:53:F1:7B:AF:B0:97:61:6B:AE:EA:24:7A:98:C7:D7:41:18 + 89:BF:48:AC:C6:30:B7:51:CE:94:B6:45:9D:D8:C8:16:8B:7D:47:F7 X509v3 Authority Key Identifier: - keyid:75:7D:62:57:BC:81:26:58:67:4D:49:F8:04:11:12:62:63:3C:3C:DC + keyid:FA:67:7E:92:9E:B8:4B:2B:0A:B0:E7:68:CC:C8:EA:A9:97:AF:A2:FD Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -146,41 +146,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 93:d8:9b:e5:69:16:43:e6:5b:3b:c0:70:44:ec:1d:7d:9e:4f: - 28:16:99:b5:70:6f:5a:f6:f3:90:1f:e9:3c:eb:8f:bb:3b:28: - d0:e1:3f:60:6d:81:de:01:77:71:88:54:44:41:16:73:48:3c: - f6:5c:7d:6b:6d:81:e4:35:05:f6:4c:91:cb:a3:bf:06:d3:b2: - 33:39:06:07:4f:2d:99:ff:34:85:6b:75:02:18:5f:b1:9e:5d: - a7:a0:78:b9:26:aa:1e:87:51:37:3f:47:af:56:07:04:95:01: - cf:40:39:0a:ce:01:7b:e0:34:dc:14:e3:06:57:d8:93:0c:6c: - 90:51:92:51:6e:b8:f7:ff:62:81:e3:73:f1:34:5f:a0:19:7c: - 39:d7:d1:81:10:5a:90:52:e1:32:c7:3a:66:69:c5:5b:d7:54: - 15:70:d0:9b:42:bd:70:74:37:2b:a2:e7:ee:d3:20:96:3a:32: - ee:53:21:f0:f6:4b:c8:fb:a7:e1:ce:9d:72:cf:d0:e2:7c:e4: - 13:20:66:62:8d:b6:b9:9d:56:4b:c8:cc:e9:00:b6:c7:f7:e4: - dc:ed:2c:25:af:32:05:98:ef:56:de:7a:07:ff:eb:62:c1:7b: - 0b:56:95:ee:90:55:d6:6f:c9:8d:8f:15:dd:d3:65:c1:c7:8c: - 94:f9:82:5d + c0:f6:2e:12:b6:74:1d:04:70:30:75:1b:4e:ab:8d:e3:66:1e: + 7d:eb:6d:51:f7:ee:a0:92:5c:2d:1b:fe:63:de:4e:5e:62:fc: + 14:45:43:cb:c3:00:b9:ad:44:cb:a6:2a:43:e6:1d:8d:6c:09: + 30:70:eb:fa:be:6a:bc:04:c9:7f:c4:cd:d0:ac:d5:07:34:1b: + d8:77:97:3f:82:41:4e:d1:7a:ff:d0:36:85:2c:7f:2f:ff:e5: + 48:67:c8:71:a7:a0:fe:21:e4:8a:10:2e:45:e8:69:99:2e:2f: + aa:86:ad:e1:b6:4a:a2:49:cc:8e:a7:32:6a:ee:ff:ea:be:e4: + ed:f4:09:a2:b7:5f:39:a0:2c:c2:60:cd:67:0c:e1:4a:c8:02: + 17:02:30:49:0d:31:df:30:fc:5a:ae:24:ab:ad:66:93:0f:34: + 8b:62:a6:eb:86:44:4d:8f:cf:31:5f:df:91:c9:4c:8d:10:89: + a5:67:ad:ff:38:2b:56:81:76:e5:42:d4:6a:78:04:93:41:6b: + b1:ee:62:f6:da:8f:35:35:d2:26:54:c0:7a:f7:44:b7:b6:81: + ae:f5:e6:50:c9:f7:06:35:a1:9b:aa:19:2c:3c:31:b1:84:00: + 47:3c:1a:31:11:5c:69:0b:a9:b6:e9:3b:34:32:e1:7e:66:0e: + 0d:6a:9b:ca -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm64k9zWh -mY+jLvhiwbrz85KoGB5XsUAXCjo7Z2R9fJeYzrDkS6qYXmZP1kqDLcLbrE7QgzwH -CvFRP32PXx1IFOE5mL/JRPagcmwdHBORzZDiGYiAWS8TYqyb0BlTqP7zQ6eU+4zf -mBBIbEsgxXAhJ0MC/hXtN7/ucdB9afaUgo6DpfiyMUe/r1yU2Nin+L2i+oliYUOe -RhDpMnOcMr25ov41lt8QtaaPr+1L4EsiAH/oeL/pDy0mgNKWOgouArn3SVfWft/k -l91QacdJ8rJ0lB7q+XthRTY7fSlrCd6sWBkUWCyDuJkIur54uujxu/EJMkQY+3JO -QRxrQxaic2pjZQIDAQABo4HLMIHIMB0GA1UdDgQWBBSkecJT8XuvsJdha67qJHqY -x9dBGDAfBgNVHSMEGDAWgBR1fWJXvIEmWGdNSfgEERJiYzw83DA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCo5gFOe +3hJZ4+F3TWLzvF66iuOgcoEQtVU36RaL8zlCcRHn2FBeCPVg+LtzietzZTBJxxBf ++vcNoq5+jsu6uGS6NpLhwBYVppMTYnEOX6apT1TRYtgUqbVK7yd0gyoz7Z46uuTE +2QRzNBv8aOpNb9I9uiUEGCw9xIHdAbi0/joJxipyhOb6AKfbf0ygyUa1nPwV1EyY +jmBDL0Etbaf5mdjvksVs8szSUMBEG6TCDKh6ZmSudk0RA7TQCm8B1OJtkEIzeBd4 +i+GzVXeb+I/SXwgIv/lR/o6Lq+r7MRXLsu38FnjI7PtDxDVL2nilUw56XmOT5PYC +k6qapMDhf0UbOQIDAQABo4HLMIHIMB0GA1UdDgQWBBSJv0isxjC3Uc6UtkWd2MgW +i31H9zAfBgNVHSMEGDAWgBT6Z36SnrhLKwqw52jMyOqpl6+i/TA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AJPYm+VpFkPmWzvAcETsHX2eTygWmbVwb1r285Af6Tzrj7s7KNDhP2Btgd4Bd3GI -VERBFnNIPPZcfWttgeQ1BfZMkcujvwbTsjM5BgdPLZn/NIVrdQIYX7GeXaegeLkm -qh6HUTc/R69WBwSVAc9AOQrOAXvgNNwU4wZX2JMMbJBRklFuuPf/YoHjc/E0X6AZ -fDnX0YEQWpBS4TLHOmZpxVvXVBVw0JtCvXB0Nyui5+7TIJY6Mu5TIfD2S8j7p+HO -nXLP0OJ85BMgZmKNtrmdVkvIzOkAtsf35NztLCWvMgWY71beegf/62LBewtWle6Q -VdZvyY2PFd3TZcHHjJT5gl0= +AMD2LhK2dB0EcDB1G06rjeNmHn3rbVH37qCSXC0b/mPeTl5i/BRFQ8vDALmtRMum +KkPmHY1sCTBw6/q+arwEyX/EzdCs1Qc0G9h3lz+CQU7Rev/QNoUsfy//5UhnyHGn +oP4h5IoQLkXoaZkuL6qGreG2SqJJzI6nMmru/+q+5O30CaK3XzmgLMJgzWcM4UrI +AhcCMEkNMd8w/FquJKutZpMPNItipuuGRE2PzzFf35HJTI0QiaVnrf84K1aBduVC +1Gp4BJNBa7HuYvbajzU10iZUwHr3RLe2ga715lDJ9wY1oZuqGSw8MbGEAEc8GjER +XGkLqbbpOzQy4X5mDg1qm8o= -----END CERTIFICATE----- Certificate: @@ -197,30 +197,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:d6:d2:49:ce:36:d3:12:76:22:3f:67:89:7e:64: - 6e:09:f4:eb:b8:d7:66:3e:92:18:f2:2b:2c:4e:4a: - ca:77:97:83:cc:79:38:d2:50:ea:cf:7e:cf:dc:fa: - 83:05:61:d1:70:8f:e3:32:85:39:52:57:0b:77:62: - a0:63:ce:69:79:d0:a5:2c:95:06:92:38:f1:12:41: - 4b:5d:87:1e:8e:c5:40:28:36:16:c6:bd:fc:1f:ca: - 07:73:d5:1d:c5:5d:46:56:03:c7:f6:67:fb:91:ab: - 43:fb:53:48:a4:6f:75:e7:0b:10:f1:3d:aa:14:42: - 32:0b:b1:fc:10:81:d0:18:1b:1b:bd:d1:fd:e9:0d: - 53:64:3e:8f:3e:df:f0:07:2e:b8:b2:23:74:ea:9b: - 23:7c:15:42:e5:53:1a:0c:80:1e:49:dd:4e:fa:e4: - 50:a8:e2:74:3f:09:4f:bc:1c:71:7d:72:fe:7a:15: - ac:2e:0b:9b:8c:41:2b:ce:32:a4:f5:40:71:6b:e8: - 2c:93:a9:41:03:53:95:a0:4a:68:2d:f0:b6:1e:01: - da:7d:34:47:3d:d5:fb:ef:63:9a:72:df:e8:14:08: - 1a:29:29:aa:c3:ff:37:f4:ee:37:a4:45:da:d1:2c: - 94:1c:f3:df:62:41:f2:d0:00:0e:2c:06:88:12:71: - 8d:7f + 00:d5:a0:85:97:01:89:b2:31:f1:f5:fb:99:66:f9: + 47:a6:fd:65:be:1e:35:ef:8b:ad:75:bf:81:61:9e: + aa:54:d6:02:87:61:07:d4:4e:0a:c5:2d:9a:78:e0: + 93:ee:b9:b1:aa:06:14:91:13:23:ec:dd:a2:b1:80: + 9e:d4:af:8d:77:38:d6:3b:f6:53:a6:c2:cf:af:37: + 40:9e:c4:70:23:c9:da:e5:31:77:c8:1b:a3:9d:dc: + 14:b2:79:77:86:1d:0e:48:58:60:b0:46:69:1d:6a: + 4b:1b:19:bb:c6:e2:c5:b3:ea:1a:79:dc:ba:db:10: + 0f:31:52:9b:73:55:09:d1:97:a8:a1:02:e5:12:c8: + 39:6d:c0:75:0e:90:2f:48:1c:26:b5:19:f2:cb:00: + ac:42:f0:3b:e5:dd:8e:55:b5:d5:61:e3:47:c4:fb: + 0f:79:83:ae:6a:ca:ec:4b:e3:89:db:af:ec:47:10: + c5:42:82:90:8b:61:1e:c7:f0:39:8b:63:31:1c:8c: + d5:90:48:82:9a:a0:a4:84:a1:2d:7f:4d:3a:7d:3a: + 31:f5:03:bc:ce:cf:a4:e5:53:43:23:ed:dc:46:cf: + 8c:28:d1:dd:97:c8:93:0f:6c:cf:0f:6e:1c:a8:c2: + c4:51:73:6a:f1:33:fb:22:26:fb:c3:e2:e6:b9:37: + 72:e5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 75:7D:62:57:BC:81:26:58:67:4D:49:F8:04:11:12:62:63:3C:3C:DC + FA:67:7E:92:9E:B8:4B:2B:0A:B0:E7:68:CC:C8:EA:A9:97:AF:A2:FD X509v3 Authority Key Identifier: - keyid:75:7D:62:57:BC:81:26:58:67:4D:49:F8:04:11:12:62:63:3C:3C:DC + keyid:FA:67:7E:92:9E:B8:4B:2B:0A:B0:E7:68:CC:C8:EA:A9:97:AF:A2:FD Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -233,40 +233,40 @@ Certificate: X509v3 Key Usage: critical Certificate Sign, CRL Sign Signature Algorithm: sha256WithRSAEncryption - 52:16:ce:5c:55:aa:c3:76:80:5a:60:ee:8a:85:f5:9f:64:ca: - 6d:b9:66:53:73:a4:92:47:a9:d5:8e:b5:90:b2:a9:62:69:32: - e3:2c:f5:28:e6:d3:6c:d9:94:af:83:11:04:30:95:48:e2:9e: - 2d:bf:67:63:95:97:32:99:28:b7:87:3d:dc:97:41:08:72:f7: - 89:6a:94:bb:fe:62:cd:08:f6:d6:0b:86:60:5b:d7:4d:eb:df: - 40:70:d9:bd:cb:e0:24:b8:ee:62:5a:7f:58:d3:3d:11:53:63: - 34:aa:af:59:6b:86:30:ab:fb:55:40:cc:e3:65:0e:d6:36:b4: - dc:d1:db:a4:bc:1c:7a:51:cf:8a:7d:41:0a:e6:3a:16:c9:43: - e6:9e:41:31:f3:4f:81:c1:24:e8:fb:c5:db:87:c8:01:f5:b8: - 60:ed:2a:0e:fc:31:59:26:63:fb:60:26:8f:52:0c:7c:19:b7: - 29:18:c9:12:eb:80:6c:aa:25:46:41:92:1a:3a:e1:df:9e:94: - 1f:92:01:90:b0:92:2c:e0:dd:31:81:a2:c0:ae:05:ae:85:c2: - ee:ce:63:2c:c8:3f:41:f9:06:8b:66:56:05:e7:58:7d:3f:d0: - ed:05:25:ea:1e:d0:69:24:f0:e3:dd:0a:d8:2e:ba:fe:d9:1a: - ba:39:2b:7d + 54:d6:3d:d6:97:11:fc:2b:66:e3:f1:e4:4a:55:45:7d:33:7e: + 54:69:c4:49:02:aa:f7:84:0b:2a:1e:87:d1:55:77:f3:93:c8: + 25:d4:74:37:48:0d:de:22:4b:9d:f2:dc:8f:f9:49:9f:0d:e7: + e9:1a:69:70:2d:66:ee:f0:38:07:5d:16:55:34:40:6a:29:2f: + a1:51:29:3f:de:1f:55:18:78:22:b2:41:d0:2c:85:7c:2c:e2: + a7:18:d3:8e:17:50:b7:f6:c1:e7:b6:de:57:1c:a1:8e:33:e2: + 4c:c7:08:78:bd:13:47:b0:1b:d4:4c:07:17:7e:a7:84:17:d3: + 7d:12:43:05:bc:8e:8b:b4:52:46:95:bf:87:ac:ae:92:30:39: + 14:59:fe:55:47:37:a1:4f:7c:97:f9:f5:55:92:7d:95:47:26: + be:1e:b6:e8:86:c6:09:8a:a2:27:1e:c5:c9:29:89:e1:ea:e2: + 70:09:d6:af:6f:74:91:b8:12:fa:03:ad:ab:4a:89:a8:d2:1d: + 3b:9e:f7:8a:cc:90:43:5d:4d:aa:3a:a3:25:8a:25:15:53:68: + b5:66:2d:fe:f3:b3:03:26:b8:f1:2b:89:5a:e9:fc:fa:2d:e2: + bb:57:ac:5b:15:de:3e:eb:34:3a:34:ad:5b:40:5b:16:c9:c2: + c4:ae:a1:45 -----BEGIN TRUST_ANCHOR_CONSTRAINED----- MIIDVDCCAjygAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANbSSc420xJ2Ij9niX5k -bgn067jXZj6SGPIrLE5KyneXg8x5ONJQ6s9+z9z6gwVh0XCP4zKFOVJXC3dioGPO -aXnQpSyVBpI48RJBS12HHo7FQCg2Fsa9/B/KB3PVHcVdRlYDx/Zn+5GrQ/tTSKRv -decLEPE9qhRCMgux/BCB0BgbG73R/ekNU2Q+jz7f8AcuuLIjdOqbI3wVQuVTGgyA -HkndTvrkUKjidD8JT7wccX1y/noVrC4Lm4xBK84ypPVAcWvoLJOpQQNTlaBKaC3w -th4B2n00Rz3V++9jmnLf6BQIGikpqsP/N/TuN6RF2tEslBzz32JB8tAADiwGiBJx -jX8CAwEAAaOBujCBtzAdBgNVHQ4EFgQUdX1iV7yBJlhnTUn4BBESYmM8PNwwHwYD -VR0jBBgwFoAUdX1iV7yBJlhnTUn4BBESYmM8PNwwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANWghZcBibIx8fX7mWb5 +R6b9Zb4eNe+LrXW/gWGeqlTWAodhB9ROCsUtmnjgk+65saoGFJETI+zdorGAntSv +jXc41jv2U6bCz683QJ7EcCPJ2uUxd8gbo53cFLJ5d4YdDkhYYLBGaR1qSxsZu8bi +xbPqGnncutsQDzFSm3NVCdGXqKEC5RLIOW3AdQ6QL0gcJrUZ8ssArELwO+XdjlW1 +1WHjR8T7D3mDrmrK7Evjiduv7EcQxUKCkIthHsfwOYtjMRyM1ZBIgpqgpIShLX9N +On06MfUDvM7PpOVTQyPt3EbPjCjR3ZfIkw9szw9uHKjCxFFzavEz+yIm+8Pi5rk3 +cuUCAwEAAaOBujCBtzAdBgNVHQ4EFgQU+md+kp64SysKsOdozMjqqZevov0wHwYD +VR0jBBgwFoAU+md+kp64SysKsOdozMjqqZevov0wNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAUhbOXFWqw3aAWmDuioX1n2TKbblmU3Ok -kkep1Y61kLKpYmky4yz1KObTbNmUr4MRBDCVSOKeLb9nY5WXMpkot4c93JdBCHL3 -iWqUu/5izQj21guGYFvXTevfQHDZvcvgJLjuYlp/WNM9EVNjNKqvWWuGMKv7VUDM -42UO1ja03NHbpLwcelHPin1BCuY6FslD5p5BMfNPgcEk6PvF24fIAfW4YO0qDvwx -WSZj+2Amj1IMfBm3KRjJEuuAbKolRkGSGjrh356UH5IBkLCSLODdMYGiwK4FroXC -7s5jLMg/QfkGi2ZWBedYfT/Q7QUl6h7QaSTw490K2C66/tkaujkrfQ== +AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAVNY91pcR/Ctm4/HkSlVFfTN+VGnESQKq +94QLKh6H0VV385PIJdR0N0gN3iJLnfLcj/lJnw3n6RppcC1m7vA4B10WVTRAaikv +oVEpP94fVRh4IrJB0CyFfCzipxjTjhdQt/bB57beVxyhjjPiTMcIeL0TR7Ab1EwH +F36nhBfTfRJDBbyOi7RSRpW/h6yukjA5FFn+VUc3oU98l/n1VZJ9lUcmvh626IbG +CYqiJx7FySmJ4ericAnWr290kbgS+gOtq0qJqNIdO573isyQQ11NqjqjJYolFVNo +tWYt/vOzAya48SuJWun8+i3iu1esWxXePus0OjStW0BbFsnCxK6hRQ== -----END TRUST_ANCHOR_CONSTRAINED----- 150302120000Z @@ -278,3 +278,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/expired-constrained-root.pem b/chromium/net/data/verify_certificate_chain_unittest/expired-constrained-root.pem index 190fb56253a..7e6b3a2a285 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/expired-constrained-root.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/expired-constrained-root.pem @@ -19,30 +19,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:a8:bc:a9:2c:1c:80:81:33:16:83:62:e9:f7:0a: - 0d:5a:8b:86:da:a8:45:2f:04:1c:18:c0:d6:e5:f7: - 33:f3:76:86:eb:a3:07:6b:83:e1:75:e5:da:6d:1c: - ee:99:a1:d7:38:bb:29:9a:7d:8f:54:c6:d4:0e:88: - dd:b7:59:b2:a8:45:c3:c8:82:42:ca:8c:e5:21:f6: - 94:b0:8f:59:41:64:0c:31:a2:93:f9:2a:38:fe:d8: - f5:e1:2e:b6:6c:f8:51:3f:9b:85:53:48:4e:34:30: - f1:cc:2b:c5:32:6d:ce:85:ed:69:d0:a3:53:3e:8c: - f7:4e:b1:d7:a6:ea:18:08:c6:23:d2:9e:13:e0:a6: - 50:e7:ea:da:f8:a0:d0:0f:ef:54:9b:fe:8c:3f:a1: - ea:c8:13:1b:84:f6:44:c1:a9:7a:69:ef:34:99:41: - ec:a9:1c:b0:9b:39:ae:98:4c:fc:68:2d:ba:96:68: - d5:b7:cf:2c:f0:2f:35:8a:0f:73:7c:8a:a0:e1:7a: - 0a:e4:3d:d0:05:e2:d9:d1:bd:30:d2:69:82:ba:31: - b4:c7:9a:29:d5:aa:97:36:e5:2a:92:85:fa:a9:87: - 00:ef:5b:ec:db:5e:82:2b:78:dd:89:de:99:ff:d8: - 35:17:eb:bc:57:c1:ae:11:52:63:ef:23:54:09:18: - f9:7f + 00:d9:a8:d1:eb:ee:56:1e:d5:3c:a1:b9:bf:1b:f7: + d0:1f:49:ad:af:ad:b4:af:e0:64:f3:f9:19:6b:95: + c9:ab:b1:25:65:74:91:dc:84:bc:03:0d:73:95:dd: + 0d:6a:1b:b8:8c:75:a3:03:6f:c8:01:ff:23:b0:e9: + 26:03:6c:24:2a:d4:e5:6b:6a:00:07:fd:b3:d4:4c: + ab:c3:42:15:5a:4a:68:66:58:8b:60:df:d2:22:f6: + e0:4e:ee:1c:c9:d0:3d:8f:bf:3c:90:d8:af:54:9e: + eb:1b:76:55:dc:f6:2a:a9:80:97:84:93:61:56:2c: + f4:b8:d3:ac:a7:db:47:37:c9:8b:4f:d2:bc:79:18: + 52:bf:e7:ca:3f:47:6f:b9:11:da:aa:53:33:ee:05: + b9:8f:2f:4e:c3:a5:b6:e4:87:8d:21:e4:39:3f:a2: + 0b:b4:87:e2:c4:b0:10:d7:0c:dd:bd:cf:2f:1f:2b: + a4:af:89:5a:69:00:4d:6c:74:74:4c:6f:67:cc:a2: + 58:d3:09:d6:a8:93:98:93:11:cb:a9:6a:15:f2:bc: + ea:d7:1a:b3:ae:4f:45:a8:58:2f:a7:0d:d6:bf:32: + 65:be:a9:27:be:00:c1:2c:85:bf:17:e3:b7:95:61: + a5:cc:ba:c7:50:ca:5e:25:03:3c:f9:33:53:f6:bd: + 18:69 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 27:5D:22:BE:A2:20:5F:DC:69:8D:8A:6F:5B:CC:EF:D1:2A:AE:57:5B + B2:8B:FD:28:C3:5D:3E:84:62:BD:4D:6B:A4:EB:64:94:E5:60:35:D3 X509v3 Authority Key Identifier: - keyid:9F:6B:C0:D8:24:51:E0:D7:89:F4:E0:74:B7:0D:D6:FF:8B:AF:58:04 + keyid:ED:60:6E:83:A7:52:C3:36:D0:36:B1:A5:B5:BD:8B:AB:3F:EC:CB:1B Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -57,42 +57,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 1d:e0:a8:55:02:9d:d1:70:c6:ca:d2:82:75:35:ce:14:88:18: - 65:5d:12:42:b2:80:8d:ae:c1:24:fe:e2:c8:ca:b0:51:d0:39: - 24:e2:82:c1:96:bb:38:d1:54:dc:c0:51:dd:96:c0:d7:45:76: - cf:5c:37:fc:53:96:b0:c8:84:99:f9:4a:ad:03:98:1e:44:86: - 81:36:e1:4b:3a:3d:bc:f0:b5:58:4d:83:3a:30:56:45:e0:89: - 67:f6:61:cb:18:60:e9:53:42:a2:92:0b:dc:8f:6e:59:b2:9a: - bc:36:61:11:f2:90:17:72:5f:a8:e2:2f:43:22:e2:b0:7c:00: - 69:64:e2:3f:69:15:32:56:1a:58:c3:b3:61:ec:37:a7:58:e3: - df:e2:e2:f0:04:5e:37:f5:07:7d:52:aa:21:32:35:d2:18:5a: - b8:17:ef:7a:cc:de:10:10:2b:ae:73:a7:d8:38:a5:32:58:65: - 6c:9c:8e:e6:c9:93:e9:e0:54:bf:8b:01:cf:ee:a0:b6:dc:68: - 26:af:fe:39:48:8b:aa:37:37:ca:9c:28:97:0a:60:f6:53:dd: - ff:81:34:c1:68:2f:05:84:86:9e:7e:89:cd:21:a5:66:85:63: - 33:fb:1d:e6:70:88:56:f6:c2:34:60:0b:c3:f4:49:2a:c5:81: - 82:72:da:1a + 7f:ea:a3:4e:d2:f6:37:e7:5d:65:58:13:c4:65:a2:00:fb:1f: + 40:1f:1d:ed:05:2d:4c:80:bf:08:59:8b:f4:d0:e4:f9:c4:0d: + 1a:c9:ff:ff:10:d1:0e:91:dc:1a:ed:16:08:de:10:de:c0:28: + 34:0c:d7:c8:52:6e:53:34:1d:93:ec:1d:38:41:7a:84:cd:c8: + 65:6e:8e:9a:95:ae:b7:0b:14:c2:90:26:29:4a:d6:ae:0b:90: + 8b:88:55:d3:86:70:f4:d4:bb:7c:e2:08:ec:47:b3:a6:fa:bc: + fc:bb:9f:b1:8f:82:75:e0:72:b8:59:df:96:41:7c:ef:f7:f5: + ae:c6:09:c7:f2:b9:9d:f4:d2:32:3e:0f:ab:9c:d8:d4:27:72: + 5d:e1:b7:48:47:d0:55:e8:70:a3:d5:e1:66:8c:00:71:91:c6: + 10:57:63:58:03:fd:7f:c0:29:c2:40:65:63:fc:1f:8b:56:29: + 5a:47:cc:03:fe:18:c9:0d:63:9d:01:a6:6a:dd:60:10:64:d1: + b7:11:2e:85:de:b1:4a:07:ab:09:9d:1b:56:0e:1f:f3:2c:bf: + 82:80:61:61:9c:fb:54:5f:0e:db:8f:ac:d8:c7:7d:e1:7d:c7: + c9:ea:d9:fe:00:2f:ab:a9:20:17:fa:0a:82:22:e8:87:66:58: + f9:21:bf:41 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCovKks -HICBMxaDYun3Cg1ai4baqEUvBBwYwNbl9zPzdobrowdrg+F15dptHO6Zodc4uyma -fY9UxtQOiN23WbKoRcPIgkLKjOUh9pSwj1lBZAwxopP5Kjj+2PXhLrZs+FE/m4VT -SE40MPHMK8Uybc6F7WnQo1M+jPdOsdem6hgIxiPSnhPgplDn6tr4oNAP71Sb/ow/ -oerIExuE9kTBqXpp7zSZQeypHLCbOa6YTPxoLbqWaNW3zyzwLzWKD3N8iqDhegrk -PdAF4tnRvTDSaYK6MbTHminVqpc25SqShfqphwDvW+zbXoIreN2J3pn/2DUX67xX -wa4RUmPvI1QJGPl/AgMBAAGjgekwgeYwHQYDVR0OBBYEFCddIr6iIF/caY2Kb1vM -79EqrldbMB8GA1UdIwQYMBaAFJ9rwNgkUeDXifTgdLcN1v+Lr1gEMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZqNHr +7lYe1Tyhub8b99AfSa2vrbSv4GTz+RlrlcmrsSVldJHchLwDDXOV3Q1qG7iMdaMD +b8gB/yOw6SYDbCQq1OVragAH/bPUTKvDQhVaSmhmWItg39Ii9uBO7hzJ0D2PvzyQ +2K9UnusbdlXc9iqpgJeEk2FWLPS406yn20c3yYtP0rx5GFK/58o/R2+5EdqqUzPu +BbmPL07Dpbbkh40h5Dk/ogu0h+LEsBDXDN29zy8fK6SviVppAE1sdHRMb2fMoljT +Cdaok5iTEcupahXyvOrXGrOuT0WoWC+nDda/MmW+qSe+AMEshb8X47eVYaXMusdQ +yl4lAzz5M1P2vRhpAgMBAAGjgekwgeYwHQYDVR0OBBYEFLKL/SjDXT6EYr1Na6Tr +ZJTlYDXTMB8GA1UdIwQYMBaAFO1gboOnUsM20DaxpbW9i6s/7MsbMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAHeCoVQKd0XDGytKCdTXO -FIgYZV0SQrKAja7BJP7iyMqwUdA5JOKCwZa7ONFU3MBR3ZbA10V2z1w3/FOWsMiE -mflKrQOYHkSGgTbhSzo9vPC1WE2DOjBWReCJZ/Zhyxhg6VNCopIL3I9uWbKavDZh -EfKQF3JfqOIvQyLisHwAaWTiP2kVMlYaWMOzYew3p1jj3+Li8AReN/UHfVKqITI1 -0hhauBfveszeEBArrnOn2DilMlhlbJyO5smT6eBUv4sBz+6gttxoJq/+OUiLqjc3 -ypwolwpg9lPd/4E0wWgvBYSGnn6JzSGlZoVjM/sd5nCIVvbCNGALw/RJKsWBgnLa -Gg== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAf+qjTtL2N+ddZVgTxGWi +APsfQB8d7QUtTIC/CFmL9NDk+cQNGsn//xDRDpHcGu0WCN4Q3sAoNAzXyFJuUzQd +k+wdOEF6hM3IZW6OmpWutwsUwpAmKUrWrguQi4hV04Zw9NS7fOII7Eezpvq8/Luf +sY+CdeByuFnflkF87/f1rsYJx/K5nfTSMj4Pq5zY1CdyXeG3SEfQVehwo9XhZowA +cZHGEFdjWAP9f8ApwkBlY/wfi1YpWkfMA/4YyQ1jnQGmat1gEGTRtxEuhd6xSger +CZ0bVg4f8yy/goBhYZz7VF8O24+s2Md94X3HyerZ/gAvq6kgF/oKgiLoh2ZY+SG/ +QQ== -----END CERTIFICATE----- Certificate: @@ -109,30 +109,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ae:5d:2a:68:be:2b:83:82:45:26:41:fc:7d:0a: - 0a:91:4c:d4:b6:83:35:d5:ba:81:07:57:ce:9b:2c: - 28:b0:e9:34:e3:60:f3:93:71:b2:a1:a7:57:9a:a4: - fb:5f:2f:22:c8:71:37:0a:22:de:b9:3d:d1:19:89: - 06:3f:cd:bd:50:8d:57:4b:86:ca:2e:2c:5a:57:dd: - 0d:2d:3b:83:31:d2:3a:ca:92:a1:a6:a5:79:3f:94: - a6:b3:b6:d0:64:31:ad:3e:28:cf:9c:6d:da:f4:df: - 46:55:4b:89:ce:38:b1:dc:33:1d:05:56:ad:c0:75: - c2:21:0e:29:f5:10:52:85:a9:dd:cd:b1:cb:b3:74: - d7:d6:36:13:42:8b:d1:bc:71:8a:b9:65:64:b9:b4: - 84:b7:49:6d:f7:95:f5:48:d9:0c:5f:84:b7:84:ab: - 4c:4c:78:ed:b6:70:7b:f6:0c:3d:74:00:4a:e7:68: - fe:c2:00:f9:2e:dc:10:e7:4e:6e:87:6f:db:c7:cb: - 06:53:2a:44:53:2f:84:f2:d0:2d:21:fc:60:00:69: - ba:fd:52:a0:86:84:c4:7e:88:7f:35:ab:41:45:38: - a7:c2:3f:d2:0f:20:26:3e:a4:8c:35:10:d3:93:52: - 70:18:44:25:ef:89:ea:f3:10:a1:ce:33:69:88:11: - d1:09 + 00:9d:df:80:0d:53:d7:49:a6:44:47:34:0c:ca:ea: + 55:9a:e0:de:39:61:df:1a:b5:97:4e:37:5b:11:78: + 51:73:f3:2d:9a:8a:e9:b3:d7:44:f9:27:36:e9:1b: + d6:7a:9d:c7:7d:11:7e:cb:6d:92:2a:73:73:b9:76: + 7b:32:b3:b9:a2:a5:ae:ea:6e:5f:fa:aa:b4:55:8b: + 61:69:ce:1f:a3:87:ee:f1:fb:d0:18:0a:ca:34:2a: + 57:9a:18:92:75:21:52:21:ee:23:e4:5a:41:90:34: + 4f:08:2e:2b:1b:35:25:88:a1:4c:4b:2e:6b:21:f5: + 6b:f6:63:63:a3:7a:d3:98:3d:6f:d0:bb:98:d0:8c: + cb:d5:fd:cf:3b:1d:9d:99:d1:46:2f:43:3a:86:1b: + ba:27:e3:d8:85:d2:03:56:7f:84:a7:d2:3a:55:2c: + 84:02:b8:6d:75:f9:16:9f:2f:7c:93:16:48:16:b6: + 65:df:c5:0f:6c:dc:d8:7e:24:f9:f2:89:37:90:f3: + da:33:48:be:08:d1:4d:f7:f3:fe:4e:dc:fd:78:a1: + dc:d5:45:2f:bf:a2:78:d3:5b:91:90:3e:d8:71:d4: + 97:24:51:44:5f:28:bb:ec:ba:c7:70:af:fa:bd:fa: + cf:87:ca:a4:87:15:90:66:6f:79:c2:9c:3c:cb:d5: + 74:ad Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 9F:6B:C0:D8:24:51:E0:D7:89:F4:E0:74:B7:0D:D6:FF:8B:AF:58:04 + ED:60:6E:83:A7:52:C3:36:D0:36:B1:A5:B5:BD:8B:AB:3F:EC:CB:1B X509v3 Authority Key Identifier: - keyid:A8:0C:3D:AD:82:26:A9:EB:AF:61:CC:3D:E0:68:1D:82:DE:DB:D1:FD + keyid:A1:21:61:FE:00:0C:7D:FD:88:EC:4D:62:35:1D:2C:0A:05:F8:5A:4F Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -147,41 +147,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 69:1c:29:c5:7c:e3:18:58:86:0c:88:41:20:23:9d:75:07:22: - 4b:89:1d:6a:08:15:cf:85:c2:8d:f4:17:37:9e:a0:7e:67:b9: - 0e:95:80:b1:a8:8f:06:2d:5e:9d:67:5c:d3:a7:47:74:d3:f7: - 00:fb:84:75:99:d4:b9:07:ba:3b:63:2c:d9:57:04:48:35:f4: - 20:91:39:55:ad:86:27:4e:ba:22:17:85:9a:dd:e4:4f:dd:dd: - d4:d0:0a:5b:43:6c:2e:d1:4f:f8:50:32:64:a2:15:46:bb:82: - ef:d1:ff:17:2a:dd:13:50:81:7e:1c:5b:6e:50:7b:8c:72:03: - eb:58:9a:fd:e8:e6:f1:d7:c5:59:ff:18:2a:95:64:c0:53:84: - 0f:c1:1c:66:73:24:29:81:ae:0d:b7:b1:fc:44:2d:fb:02:89: - 70:97:c0:ed:91:6f:9b:57:7b:40:38:29:8c:fa:87:52:f8:db: - 8a:3b:1c:a2:a3:c1:08:8b:cf:9a:6e:dc:a8:b3:96:5e:31:05: - af:5c:1c:21:8e:d3:fe:18:17:af:a9:77:92:6f:46:93:36:d2: - e1:4f:a2:d9:e4:5d:bf:61:ad:db:c4:87:61:79:c3:bd:c3:e1: - 5b:d7:76:03:e3:fe:4a:75:a0:84:2b:ea:82:c1:d5:2c:6f:e7: - 55:46:1f:36 + bc:5b:90:b2:4b:fe:df:d9:0e:5a:ba:c2:2b:26:ba:f7:ec:a1: + ac:4b:37:a5:cf:66:cc:e2:e8:48:46:ad:36:d4:05:4f:d0:d1: + a3:15:4f:72:2c:f1:18:d6:82:de:e4:39:50:3c:0f:91:bf:24: + 4c:21:30:8d:56:7b:13:de:bd:99:8c:02:a3:eb:26:90:f1:9e: + 7a:e5:00:b5:6a:33:ca:2e:68:98:df:bf:1c:01:e1:34:42:d5: + dd:f6:25:78:74:fa:26:09:4a:21:c5:02:39:6a:31:9f:6d:71: + 68:2b:fc:5c:8a:4e:5b:f2:0d:c9:b5:d6:5e:85:ab:39:1d:67: + a6:ef:82:ec:2e:e0:bf:ac:12:20:62:fc:3b:05:a6:25:f7:36: + 51:83:59:27:99:39:f8:5f:3c:4a:0d:e1:c1:fd:f8:b0:d2:2d: + 6b:34:9f:43:32:53:62:61:d1:67:ac:de:f4:05:7e:20:86:ad: + b9:c9:91:29:d2:ab:84:fd:b9:5c:94:43:b9:81:55:c9:b1:b4: + 6d:ae:44:c7:a2:72:c1:ec:53:17:c5:46:36:b2:31:58:60:85: + fc:95:45:d9:a6:75:45:3d:54:b7:fc:da:31:20:a0:33:09:0c: + bd:75:ca:c1:f3:99:0c:c9:5e:6b:2b:3a:f6:26:f6:1b:bb:85: + 18:a8:9c:03 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArl0qaL4r -g4JFJkH8fQoKkUzUtoM11bqBB1fOmywosOk042Dzk3GyoadXmqT7Xy8iyHE3CiLe -uT3RGYkGP829UI1XS4bKLixaV90NLTuDMdI6ypKhpqV5P5Sms7bQZDGtPijPnG3a -9N9GVUuJzjix3DMdBVatwHXCIQ4p9RBShandzbHLs3TX1jYTQovRvHGKuWVkubSE -t0lt95X1SNkMX4S3hKtMTHjttnB79gw9dABK52j+wgD5LtwQ505uh2/bx8sGUypE -Uy+E8tAtIfxgAGm6/VKghoTEfoh/NatBRTinwj/SDyAmPqSMNRDTk1JwGEQl74nq -8xChzjNpiBHRCQIDAQABo4HLMIHIMB0GA1UdDgQWBBSfa8DYJFHg14n04HS3Ddb/ -i69YBDAfBgNVHSMEGDAWgBSoDD2tgiap669hzD3gaB2C3tvR/TA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnd+ADVPX +SaZERzQMyupVmuDeOWHfGrWXTjdbEXhRc/Mtmorps9dE+Sc26RvWep3HfRF+y22S +KnNzuXZ7MrO5oqWu6m5f+qq0VYthac4fo4fu8fvQGArKNCpXmhiSdSFSIe4j5FpB +kDRPCC4rGzUliKFMSy5rIfVr9mNjo3rTmD1v0LuY0IzL1f3POx2dmdFGL0M6hhu6 +J+PYhdIDVn+Ep9I6VSyEArhtdfkWny98kxZIFrZl38UPbNzYfiT58ok3kPPaM0i+ +CNFN9/P+Ttz9eKHc1UUvv6J401uRkD7YcdSXJFFEXyi77LrHcK/6vfrPh8qkhxWQ +Zm95wpw8y9V0rQIDAQABo4HLMIHIMB0GA1UdDgQWBBTtYG6Dp1LDNtA2saW1vYur +P+zLGzAfBgNVHSMEGDAWgBShIWH+AAx9/YjsTWI1HSwKBfhaTzA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AGkcKcV84xhYhgyIQSAjnXUHIkuJHWoIFc+Fwo30FzeeoH5nuQ6VgLGojwYtXp1n -XNOnR3TT9wD7hHWZ1LkHujtjLNlXBEg19CCROVWthidOuiIXhZrd5E/d3dTQCltD -bC7RT/hQMmSiFUa7gu/R/xcq3RNQgX4cW25Qe4xyA+tYmv3o5vHXxVn/GCqVZMBT -hA/BHGZzJCmBrg23sfxELfsCiXCXwO2Rb5tXe0A4KYz6h1L424o7HKKjwQiLz5pu -3Kizll4xBa9cHCGO0/4YF6+pd5JvRpM20uFPotnkXb9hrdvEh2F5w73D4VvXdgPj -/kp1oIQr6oLB1Sxv51VGHzY= +ALxbkLJL/t/ZDlq6wismuvfsoaxLN6XPZszi6EhGrTbUBU/Q0aMVT3Is8RjWgt7k +OVA8D5G/JEwhMI1WexPevZmMAqPrJpDxnnrlALVqM8ouaJjfvxwB4TRC1d32JXh0 ++iYJSiHFAjlqMZ9tcWgr/FyKTlvyDcm11l6FqzkdZ6bvguwu4L+sEiBi/DsFpiX3 +NlGDWSeZOfhfPEoN4cH9+LDSLWs0n0MyU2Jh0Wes3vQFfiCGrbnJkSnSq4T9uVyU +Q7mBVcmxtG2uRMeicsHsUxfFRjayMVhghfyVRdmmdUU9VLf82jEgoDMJDL11ysHz +mQzJXmsrOvYm9hu7hRionAM= -----END CERTIFICATE----- Certificate: @@ -198,30 +198,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b1:3a:fd:fa:bf:99:17:55:07:e6:61:ce:aa:d9: - 34:6c:24:96:c6:72:78:40:b4:98:21:ba:82:d4:3c: - 63:a2:17:75:45:d5:92:ee:63:e5:e1:75:16:cf:69: - fb:92:ee:80:a1:61:60:c4:bf:d1:a2:d8:e2:45:6b: - 6b:0a:a0:2b:ee:c7:d4:9e:db:c7:7e:30:93:17:d8: - 66:0d:c3:9e:da:d9:98:97:a2:bd:1a:3a:6e:cf:14: - d4:50:c6:30:60:09:9c:5c:4c:65:dd:23:5d:90:87: - 80:06:16:5d:8b:0a:af:37:9b:bc:e9:83:61:dd:3e: - 50:07:42:52:17:bc:68:de:20:d2:98:ee:5d:e5:24: - 4d:7a:9d:50:e7:6a:81:2c:43:3f:0a:57:c1:a7:03: - a8:94:2e:e7:4f:0c:29:8e:cf:a2:13:06:e9:6f:e0: - 22:ba:39:a9:d6:0f:0a:55:13:38:9b:67:5d:fa:59: - b5:6a:8c:8a:af:9e:73:b4:67:47:56:7f:1f:f6:96: - 81:7f:b3:7f:9c:18:1e:3c:c6:76:3a:2d:ed:b0:ea: - 81:60:0a:a1:d4:e3:70:c0:ef:62:58:4e:7e:43:c3: - 3e:8e:c4:dd:13:64:57:ee:14:df:24:93:73:27:c4: - df:13:9a:87:67:b5:ea:e0:7e:0c:dd:1b:b2:88:1c: - a5:9d + 00:df:26:c9:a6:b0:71:99:f9:d6:a0:38:5c:35:52: + 50:89:0a:36:ac:e3:f6:8e:0a:1c:00:a4:25:5d:f5: + 25:e9:26:36:a4:8b:ae:ac:a5:9d:db:95:23:9b:b2: + b6:2d:ae:70:66:7f:74:5d:31:17:f2:2d:3c:ac:b2: + 15:69:70:d7:53:7a:5e:2a:91:b2:77:03:6d:28:26: + a3:d3:41:c6:9f:2c:21:02:88:e3:68:03:b4:27:ae: + 16:eb:14:59:2c:0d:8f:44:83:22:d9:d5:f6:e3:80: + 62:0b:2f:3b:ab:f4:d3:76:55:2e:39:d8:4a:62:1e: + fa:b1:6f:6b:6f:3b:19:5b:fe:2c:04:d2:5e:64:7d: + 38:67:5d:e5:71:4f:9f:94:f9:23:c5:72:b1:c7:0d: + fc:5f:b5:5e:8e:97:7f:00:94:c2:28:c7:4e:1f:15: + 62:ba:e0:fb:b7:86:59:22:7e:f8:72:83:ed:1b:59: + 32:4c:44:eb:54:78:85:5c:6d:87:0a:4a:b9:b2:9f: + 60:6a:50:9d:ce:6e:4c:8f:64:44:de:ab:f5:db:c4: + 49:c7:72:30:8c:bc:9f:cd:32:8e:a6:9c:d3:13:e9: + 20:34:d9:3c:71:9f:64:ed:f0:47:29:20:53:f0:d1: + 45:bd:b0:a7:87:12:74:b6:ce:8c:c5:3f:76:92:17: + 73:ad Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - A8:0C:3D:AD:82:26:A9:EB:AF:61:CC:3D:E0:68:1D:82:DE:DB:D1:FD + A1:21:61:FE:00:0C:7D:FD:88:EC:4D:62:35:1D:2C:0A:05:F8:5A:4F X509v3 Authority Key Identifier: - keyid:A8:0C:3D:AD:82:26:A9:EB:AF:61:CC:3D:E0:68:1D:82:DE:DB:D1:FD + keyid:A1:21:61:FE:00:0C:7D:FD:88:EC:4D:62:35:1D:2C:0A:05:F8:5A:4F Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -236,41 +236,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 45:91:23:ab:2f:b8:a2:2e:24:63:4b:bb:54:17:29:3d:86:9c: - 7d:f8:a3:9d:88:4c:9e:89:bf:e9:1a:bc:35:73:27:e1:9d:3e: - e4:fc:3c:87:71:21:be:a5:bd:e7:e1:dd:44:b1:67:36:b6:1f: - 0a:7c:a1:30:8a:57:23:5f:61:88:18:48:a4:15:0e:58:81:27: - a3:9a:42:f4:47:d7:f1:0c:c6:84:dd:03:8f:63:49:07:01:38: - 6f:88:60:33:4d:45:73:9f:02:78:a2:1d:e1:a7:75:d7:18:7c: - b9:89:e5:ff:30:e6:45:5f:80:5f:f9:88:b5:89:bd:8f:d4:6c: - 7d:af:c2:c7:4e:a1:83:74:08:cb:4d:e9:c1:e6:c6:c4:de:55: - 10:19:fa:6a:04:89:0a:d8:54:cf:5d:58:f0:17:63:cb:db:0a: - 18:6b:75:2a:36:97:3f:f9:ed:3c:c9:2d:8b:40:dd:63:3b:82: - f6:fa:0f:5a:31:6e:f9:4a:b8:18:ca:1a:0d:77:6b:b6:01:8e: - a8:4b:15:be:29:b6:9a:db:15:2a:8a:66:49:29:74:c2:68:c9: - 80:0b:ce:de:aa:4d:54:d2:43:c2:7f:6b:ed:80:5a:0a:c7:bf: - d3:95:ed:d1:c1:e8:d0:f2:1f:dc:a7:22:e6:2d:52:b0:fe:d8: - b7:3d:bc:d1 + 97:67:0c:df:fc:10:7e:ef:ec:3d:93:14:55:26:8e:55:1b:76: + c2:b2:6a:9b:00:64:75:30:e1:13:81:11:7f:98:02:f4:bd:41: + 6a:90:d3:ac:cc:c1:4c:93:d8:4f:5e:3b:e0:70:7f:7c:fd:53: + 64:29:3d:bc:8a:a5:41:64:65:36:5f:77:c9:05:2f:2b:b2:97: + bd:80:0b:30:94:40:3c:20:51:dc:2e:8e:0d:e5:89:68:76:36: + c5:c7:80:31:7e:e4:76:e0:2d:87:86:c3:eb:6b:9f:82:a1:d6: + 66:ce:4d:e0:d7:fa:27:e3:b6:9e:8d:5b:19:66:03:b7:27:71: + 90:b9:a7:9a:00:89:67:a5:fe:31:e2:0f:92:66:47:c0:ba:96: + 87:21:c1:63:f1:37:a3:d4:39:f6:25:47:40:52:71:9c:7e:f2: + 64:57:be:13:ec:a7:7d:d3:ac:72:cc:2e:4b:af:b1:59:05:bb: + f9:d0:bd:e1:68:1e:21:a6:f2:5b:8d:23:ec:2a:3f:5a:bd:96: + 3e:c9:35:72:e3:10:4a:1a:66:b0:a6:44:13:54:cc:85:10:d5: + 0f:f0:90:3f:e8:7a:14:2b:c3:da:a6:af:6a:9f:d6:95:c5:5a: + 5a:30:29:9d:66:c7:6f:13:da:b9:1f:74:6b:d8:0b:07:57:5e: + ac:e1:85:3b -----BEGIN TRUST_ANCHOR_CONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE1MDMwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALE6/fq/mRdVB+ZhzqrZ -NGwklsZyeEC0mCG6gtQ8Y6IXdUXVku5j5eF1Fs9p+5LugKFhYMS/0aLY4kVrawqg -K+7H1J7bx34wkxfYZg3DntrZmJeivRo6bs8U1FDGMGAJnFxMZd0jXZCHgAYWXYsK -rzebvOmDYd0+UAdCUhe8aN4g0pjuXeUkTXqdUOdqgSxDPwpXwacDqJQu508MKY7P -ohMG6W/gIro5qdYPClUTOJtnXfpZtWqMiq+ec7RnR1Z/H/aWgX+zf5wYHjzGdjot -7bDqgWAKodTjcMDvYlhOfkPDPo7E3RNkV+4U3ySTcyfE3xOah2e16uB+DN0bsogc -pZ0CAwEAAaOByzCByDAdBgNVHQ4EFgQUqAw9rYImqeuvYcw94Ggdgt7b0f0wHwYD -VR0jBBgwFoAUqAw9rYImqeuvYcw94Ggdgt7b0f0wNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN8myaawcZn51qA4XDVS +UIkKNqzj9o4KHACkJV31JekmNqSLrqylnduVI5uyti2ucGZ/dF0xF/ItPKyyFWlw +11N6XiqRsncDbSgmo9NBxp8sIQKI42gDtCeuFusUWSwNj0SDItnV9uOAYgsvO6v0 +03ZVLjnYSmIe+rFva287GVv+LATSXmR9OGdd5XFPn5T5I8VysccN/F+1Xo6XfwCU +wijHTh8VYrrg+7eGWSJ++HKD7RtZMkxE61R4hVxthwpKubKfYGpQnc5uTI9kRN6r +9dvEScdyMIy8n80yjqac0xPpIDTZPHGfZO3wRykgU/DRRb2wp4cSdLbOjMU/dpIX +c60CAwEAAaOByzCByDAdBgNVHQ4EFgQUoSFh/gAMff2I7E1iNR0sCgX4Wk8wHwYD +VR0jBBgwFoAUoSFh/gAMff2I7E1iNR0sCgX4Wk8wNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBFkSOrL7ii -LiRjS7tUFyk9hpx9+KOdiEyeib/pGrw1cyfhnT7k/DyHcSG+pb3n4d1EsWc2th8K -fKEwilcjX2GIGEikFQ5YgSejmkL0R9fxDMaE3QOPY0kHAThviGAzTUVznwJ4oh3h -p3XXGHy5ieX/MOZFX4Bf+Yi1ib2P1Gx9r8LHTqGDdAjLTenB5sbE3lUQGfpqBIkK -2FTPXVjwF2PL2woYa3UqNpc/+e08yS2LQN1jO4L2+g9aMW75SrgYyhoNd2u2AY6o -SxW+Kbaa2xUqimZJKXTCaMmAC87eqk1U0kPCf2vtgFoKx7/Tle3RwejQ8h/cpyLm -LVKw/ti3PbzR +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCXZwzf/BB+ +7+w9kxRVJo5VG3bCsmqbAGR1MOETgRF/mAL0vUFqkNOszMFMk9hPXjvgcH98/VNk +KT28iqVBZGU2X3fJBS8rspe9gAswlEA8IFHcLo4N5YlodjbFx4AxfuR24C2HhsPr +a5+CodZmzk3g1/on47aejVsZZgO3J3GQuaeaAIlnpf4x4g+SZkfAupaHIcFj8Tej +1Dn2JUdAUnGcfvJkV74T7Kd906xyzC5Lr7FZBbv50L3haB4hpvJbjSPsKj9avZY+ +yTVy4xBKGmawpkQTVMyFENUP8JA/6HoUK8Papq9qn9aVxVpaMCmdZsdvE9q5H3Rr +2AsHV16s4YU7 -----END TRUST_ANCHOR_CONSTRAINED----- 150302120000Z @@ -282,3 +282,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/expired-intermediate.pem b/chromium/net/data/verify_certificate_chain_unittest/expired-intermediate.pem index 5ce2527c3f7..a455ab5a777 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/expired-intermediate.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/expired-intermediate.pem @@ -17,30 +17,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c0:b3:a7:c8:34:e7:e2:df:55:43:80:00:33:96: - 78:2c:3a:ac:7e:79:5d:86:9f:df:7e:9b:7a:30:d0: - 5b:30:2b:26:cc:06:e7:1f:13:6c:80:36:59:ec:1c: - 4b:c9:70:c2:79:14:f4:83:2f:cf:39:a2:9d:96:5c: - f2:91:90:ae:8f:f6:63:f6:cc:fb:1b:eb:fe:53:9b: - b6:27:8b:52:bb:bb:94:1b:8b:e5:76:cc:5a:4d:d7: - 9c:96:05:62:f4:c8:bf:87:cf:a7:6e:55:fd:b5:ab: - 28:ae:08:c3:cd:5f:72:77:e3:d8:8d:de:1b:cb:17: - bb:4c:b3:3d:6d:f2:84:22:5c:fb:84:31:46:68:3e: - bd:b5:83:81:24:01:80:7d:eb:76:8e:1f:7b:8f:e7: - 77:cb:8f:ca:69:77:5a:7a:56:f3:1c:3c:16:bf:00: - 2b:9f:2d:f5:3a:59:e0:f5:84:91:d3:7a:3e:90:39: - 44:5a:65:36:ab:5f:25:5d:9b:57:1e:13:91:97:88: - cb:36:39:d3:10:ee:2c:54:4d:6c:d7:22:92:37:0b: - 04:05:8f:1d:c3:58:b4:87:7c:db:17:2b:fc:db:00: - eb:0f:8c:75:96:e5:12:96:37:fe:b2:d5:68:1c:67: - fe:fb:60:c2:30:85:ae:0d:9b:62:50:6f:32:ae:fc: - 85:77 + 00:e5:5d:52:78:e5:9d:90:f8:e6:89:33:f2:76:2f: + 04:9f:a8:f1:db:92:f1:b3:43:19:a3:7c:1f:a1:46: + 2f:aa:b4:48:fe:f2:35:cd:2d:61:76:e7:5c:52:c9: + 7b:d6:90:3a:91:11:44:a8:bd:39:d4:5d:10:e0:17: + 71:03:b9:e2:a5:fb:08:15:d2:50:dd:4d:67:ed:9c: + a9:9b:3e:bd:3a:91:57:49:53:73:8b:2b:3e:c0:e4: + aa:c9:c2:68:31:82:b4:0e:40:a9:e7:d1:c4:f6:5b: + 48:3d:88:74:1f:43:2e:f8:b3:66:d8:41:b4:0b:6a: + 21:38:05:65:05:99:8f:84:75:07:57:3a:1b:7b:2d: + 21:0a:fc:7a:22:d9:d3:89:43:0c:1a:18:f9:92:d9: + 42:0f:86:d8:28:d2:b4:ca:28:9a:85:29:1b:0a:d7: + 01:3b:bd:cb:83:36:a0:d3:d3:4c:5a:54:06:a0:a0: + c6:51:12:33:00:5f:85:2e:0a:b5:63:2e:e0:f3:95: + 03:f9:d8:17:24:19:85:a1:23:cc:45:ea:2f:2e:89: + 3c:05:52:f0:69:95:0e:fc:71:1a:8f:2c:90:54:6f: + 14:46:33:99:bd:8b:a7:5e:0b:ad:ad:00:4f:78:8b: + 69:36:a5:38:43:63:f4:6f:f1:a8:f6:21:22:38:56: + 9f:7b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - FC:25:45:D2:F9:2D:71:1C:EA:7B:79:2C:C5:C7:37:5F:9E:2A:5F:5D + 6E:07:CA:2E:D6:33:0C:B0:73:89:52:A6:81:9F:EA:5A:7D:58:36:E5 X509v3 Authority Key Identifier: - keyid:4C:33:3C:86:48:60:C6:50:02:47:AF:DE:60:2F:A0:5C:96:EE:70:7B + keyid:72:43:36:2F:89:32:3C:1F:45:05:00:D1:48:B6:8F:03:7A:01:52:38 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -55,42 +55,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 46:d0:27:3e:e6:49:d1:48:c4:0e:d3:0e:d0:3e:be:44:7f:0e: - a0:38:92:84:c4:ed:60:65:1c:26:3f:12:dd:d8:e3:49:c6:c8: - 42:86:67:95:6c:61:e7:61:8c:da:0a:db:90:d0:6f:e7:9f:05: - 38:a5:4a:4e:c3:40:f8:2b:ff:67:ad:9f:70:27:10:8d:68:f2: - ee:78:d5:a7:83:2f:e3:67:b3:47:8c:39:c9:29:97:f0:77:b7: - fe:7f:c7:6b:aa:6d:4c:83:39:e3:dc:bd:c3:18:e3:d8:d3:50: - 8a:97:d3:ee:59:3a:62:20:5b:e7:99:77:e6:d1:d2:d3:d0:d5: - 04:7d:86:8e:26:30:05:d1:0e:0f:d6:d2:1e:49:42:67:61:81: - 3d:10:75:d6:ba:c4:07:bb:e7:43:c8:a6:f7:56:e3:2b:d4:35: - d1:56:94:5c:0b:b6:25:02:d7:cd:74:e7:4d:1d:02:d3:43:ab: - dd:50:9f:c4:cf:15:4c:77:87:48:1e:57:3f:3d:7e:7e:67:9b: - ae:2f:79:ea:16:a9:cd:c6:76:cb:3c:75:75:a7:78:22:af:a9: - b4:83:d3:b2:72:e8:43:cc:4a:8d:ee:b4:5a:ac:b2:30:96:52: - 91:26:4b:17:29:4e:53:b4:58:df:f9:1d:53:2c:66:3d:c5:d7: - 11:99:b6:f5 + 86:0c:e2:41:1a:2d:bb:48:71:92:4c:18:59:05:e0:f9:12:24: + 5f:98:ec:54:03:66:1b:f6:6b:36:bd:03:51:35:98:5e:e0:3e: + cb:18:25:c5:9f:be:9d:64:5e:17:73:99:e4:cf:85:64:90:34: + 45:31:c0:b5:04:c6:20:03:54:f2:e5:42:79:e9:b5:7a:38:a1: + 6f:a4:7f:4b:c0:fe:3b:ca:e8:65:46:77:1d:cb:16:76:6c:cb: + 1a:6b:54:1b:f5:63:46:c3:8d:60:0a:f9:f6:d5:fa:c8:22:e3: + 1e:d8:3f:10:b6:11:31:17:55:70:21:d4:ba:2b:55:bb:a0:d3: + 00:0e:a0:90:c9:65:5b:20:eb:93:c1:9f:a9:8b:25:b2:b3:d2: + df:d6:de:e3:a5:15:6b:79:53:69:ea:09:4f:03:89:df:b2:39: + 9c:a6:42:a5:43:15:aa:22:ce:c6:f7:16:0f:fc:2b:af:18:42: + f0:0a:e2:73:28:99:6d:dd:41:f3:2b:d3:f5:3d:11:25:97:8f: + 44:5a:39:83:69:29:d2:e6:49:58:7b:ae:2d:90:71:4a:d4:47: + 6c:a2:d8:aa:df:dc:ea:5a:9a:1f:78:99:7e:f6:67:f1:bd:f9: + e5:72:7c:e0:f0:62:f5:fa:0a:73:71:92:06:6e:f9:22:c7:4e: + c9:cb:75:1f -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAs6fI -NOfi31VDgAAzlngsOqx+eV2Gn99+m3ow0FswKybMBucfE2yANlnsHEvJcMJ5FPSD -L885op2WXPKRkK6P9mP2zPsb6/5Tm7Yni1K7u5Qbi+V2zFpN15yWBWL0yL+Hz6du -Vf21qyiuCMPNX3J349iN3hvLF7tMsz1t8oQiXPuEMUZoPr21g4EkAYB963aOH3uP -53fLj8ppd1p6VvMcPBa/ACufLfU6WeD1hJHTej6QOURaZTarXyVdm1ceE5GXiMs2 -OdMQ7ixUTWzXIpI3CwQFjx3DWLSHfNsXK/zbAOsPjHWW5RKWN/6y1WgcZ/77YMIw -ha4Nm2JQbzKu/IV3AgMBAAGjgekwgeYwHQYDVR0OBBYEFPwlRdL5LXEc6nt5LMXH -N1+eKl9dMB8GA1UdIwQYMBaAFEwzPIZIYMZQAkev3mAvoFyW7nB7MD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlXVJ4 +5Z2Q+OaJM/J2LwSfqPHbkvGzQxmjfB+hRi+qtEj+8jXNLWF251xSyXvWkDqREUSo +vTnUXRDgF3EDueKl+wgV0lDdTWftnKmbPr06kVdJU3OLKz7A5KrJwmgxgrQOQKnn +0cT2W0g9iHQfQy74s2bYQbQLaiE4BWUFmY+EdQdXOht7LSEK/Hoi2dOJQwwaGPmS +2UIPhtgo0rTKKJqFKRsK1wE7vcuDNqDT00xaVAagoMZREjMAX4UuCrVjLuDzlQP5 +2BckGYWhI8xF6i8uiTwFUvBplQ78cRqPLJBUbxRGM5m9i6deC62tAE94i2k2pThD +Y/Rv8aj2ISI4Vp97AgMBAAGjgekwgeYwHQYDVR0OBBYEFG4Hyi7WMwywc4lSpoGf +6lp9WDblMB8GA1UdIwQYMBaAFHJDNi+JMjwfRQUA0Ui2jwN6AVI4MD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEARtAnPuZJ0UjEDtMO0D6+ -RH8OoDiShMTtYGUcJj8S3djjScbIQoZnlWxh52GM2grbkNBv558FOKVKTsNA+Cv/ -Z62fcCcQjWjy7njVp4Mv42ezR4w5ySmX8He3/n/Ha6ptTIM549y9wxjj2NNQipfT -7lk6YiBb55l35tHS09DVBH2GjiYwBdEOD9bSHklCZ2GBPRB11rrEB7vnQ8im91bj -K9Q10VaUXAu2JQLXzXTnTR0C00Or3VCfxM8VTHeHSB5XPz1+fmebri956hapzcZ2 -yzx1dad4Iq+ptIPTsnLoQ8xKje60WqyyMJZSkSZLFylOU7RY3/kdUyxmPcXXEZm2 -9Q== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAhgziQRotu0hxkkwYWQXg ++RIkX5jsVANmG/ZrNr0DUTWYXuA+yxglxZ++nWReF3OZ5M+FZJA0RTHAtQTGIANU +8uVCeem1ejihb6R/S8D+O8roZUZ3HcsWdmzLGmtUG/VjRsONYAr59tX6yCLjHtg/ +ELYRMRdVcCHUuitVu6DTAA6gkMllWyDrk8GfqYslsrPS39be46UVa3lTaeoJTwOJ +37I5nKZCpUMVqiLOxvcWD/wrrxhC8AricyiZbd1B8yvT9T0RJZePRFo5g2kp0uZJ +WHuuLZBxStRHbKLYqt/c6lqaH3iZfvZn8b355XJ84PBi9foKc3GSBm75IsdOyct1 +Hw== -----END CERTIFICATE----- Certificate: @@ -107,30 +107,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ae:f8:c2:3a:71:85:a2:bd:ca:2c:30:b7:22:3a: - f3:c9:24:7e:74:86:98:af:cd:13:0a:c1:4c:52:56: - f6:03:19:af:7d:67:73:2e:e2:99:e4:3b:f7:7a:7c: - dc:8d:83:61:36:c4:89:bc:14:aa:11:8d:e7:fe:3d: - 61:e5:1a:78:88:9b:af:63:05:30:78:f8:1e:f5:92: - e5:2d:02:d4:b4:cb:a4:44:a4:cc:1b:38:52:fb:55: - 4a:b9:37:d4:bb:d0:13:20:69:cb:1f:34:4c:d0:ca: - 32:04:23:f3:52:1f:39:e8:90:a3:3d:68:f5:a9:e3: - fc:e3:f1:e2:c3:47:55:68:ab:7e:90:77:87:90:00: - e9:30:05:ea:30:07:6d:66:d6:c8:98:bd:8b:81:18: - c6:c5:45:26:30:ce:c8:61:6a:dc:70:7a:23:8a:4d: - b8:ca:94:68:a7:48:ba:d6:fb:10:89:a9:9d:5e:1c: - 43:10:b5:de:33:68:a3:2c:91:2b:70:da:be:bd:1e: - b2:30:2e:b9:f7:57:fc:d9:d1:4a:92:78:34:93:df: - 89:6a:85:1c:df:23:f3:30:fb:7d:9f:7b:b3:cc:9d: - 85:98:f8:64:7a:34:ba:7a:51:80:01:eb:91:77:7f: - 77:f6:65:86:9e:51:5e:4e:20:6f:c9:ed:3c:50:1c: - cd:8f + 00:c2:f3:7c:09:dc:05:78:96:43:d9:a5:90:a3:1d: + a4:d8:2e:f6:2d:c4:4e:8d:ee:37:1d:30:28:44:f6: + 50:f9:99:12:c4:b6:be:44:0f:07:48:22:67:d1:60: + 42:60:2a:27:62:15:d2:d1:2e:9a:16:02:4e:fb:44: + 37:8c:ba:7a:7d:72:af:55:cf:d6:f5:7c:1f:b3:dd: + fa:b8:57:e4:78:72:72:90:f5:85:cb:c3:7e:8d:1f: + 89:1f:50:43:ff:53:e4:a7:ff:65:b7:af:da:bd:b1: + 80:77:0d:d5:a2:e3:59:35:97:d0:fc:39:26:b5:9a: + af:3c:7c:ac:5a:05:af:ca:98:40:3f:20:1c:ae:3c: + b2:35:e7:52:ff:01:aa:83:1a:67:aa:77:83:67:2e: + 95:6e:79:49:e8:28:dd:74:82:b2:c0:17:81:9e:f7: + 2a:1d:c2:14:7c:2a:10:b4:16:19:e1:59:10:48:36: + 35:c8:f9:bc:35:36:91:2d:c9:81:a4:18:b4:2f:ff: + 79:6d:32:ca:23:52:c0:d3:39:2c:7e:c2:a1:99:53: + 9d:ee:1e:50:4b:5d:af:f3:ca:df:39:6b:dc:54:24: + 0c:14:7b:3e:f7:f8:5e:b8:af:ea:67:68:4b:08:1f: + 25:5b:14:ff:31:e7:7d:50:c7:15:b2:53:2a:a3:5a: + a5:c3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 4C:33:3C:86:48:60:C6:50:02:47:AF:DE:60:2F:A0:5C:96:EE:70:7B + 72:43:36:2F:89:32:3C:1F:45:05:00:D1:48:B6:8F:03:7A:01:52:38 X509v3 Authority Key Identifier: - keyid:FB:59:3E:CC:A2:42:62:72:9F:53:96:95:3A:48:EA:16:80:C8:42:40 + keyid:5A:2B:EB:7C:7B:14:AB:7F:3B:58:EC:EC:21:5E:A5:EB:E1:F4:4F:5F Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -145,41 +145,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 4f:a5:3b:98:b8:a9:83:3a:35:3d:75:a8:f6:e8:59:43:95:3a: - 0b:37:dc:ac:d0:12:82:31:2a:64:c8:64:81:f4:f8:d7:28:2c: - bf:6f:81:79:a8:21:7b:70:62:4b:7f:c8:b1:bf:69:8b:38:14: - e8:78:aa:61:f1:6f:6b:1a:81:93:e7:c4:7b:9f:99:75:2c:90: - e9:8d:3a:7e:4e:2f:09:f9:0a:20:04:cb:3e:c6:ed:59:f5:2e: - 2e:be:73:b4:40:4f:9d:96:f0:8c:b8:01:88:fa:bf:7a:ed:f6: - cc:46:c5:62:1b:bb:f3:1d:3a:4b:02:7c:aa:6e:61:1f:5b:4e: - 0e:d5:3f:c3:5c:c0:5f:1a:aa:fb:bb:4f:4d:a4:45:4c:2a:cd: - c0:c2:29:3d:1f:31:2b:0d:80:45:c7:5f:4b:09:96:88:a6:4a: - b0:fb:66:3f:4b:41:c3:5b:a7:f7:7f:ce:cb:b5:c9:54:62:66: - 61:d1:20:73:f6:c2:e0:81:11:20:b1:a0:a5:44:3f:52:4a:77: - 9d:b9:b9:99:e7:73:a8:23:1f:02:91:03:e5:90:ad:23:00:2a: - 08:99:37:16:df:ca:70:bf:da:e9:50:1d:c5:94:81:57:97:7d: - 3f:d2:4f:91:74:94:90:2e:5c:dd:33:13:a0:83:25:4d:c0:7e: - 19:97:e3:d6 + 93:26:19:fa:1c:97:d5:da:b7:29:b3:90:c2:dc:6a:2b:83:fc: + 62:35:3f:39:d7:61:6a:be:e3:9f:f9:fa:b5:a4:99:a4:17:50: + d6:bc:32:13:db:32:85:fa:8c:67:56:9d:a2:34:78:7c:c6:67: + 74:51:dd:e4:7c:af:07:f6:f2:48:b4:10:42:09:0f:a1:85:14: + a4:31:5f:75:49:1a:56:d6:a0:83:be:01:8b:37:38:ec:c4:c0: + 51:48:c5:97:e3:08:95:78:09:84:2d:f3:d5:4a:93:12:5a:ad: + dc:db:8a:6d:f1:ea:b0:e3:1b:25:38:e9:fb:35:76:77:c8:5b: + a4:31:c7:28:bf:79:cb:d8:d3:ca:ad:85:ed:51:96:98:df:76: + 75:8a:08:23:7f:a3:10:13:8c:e8:4d:59:75:1d:54:65:74:de: + bf:b9:43:c3:e1:ca:1e:83:ff:ce:ca:ca:f3:25:b5:50:b7:61: + 4a:5e:15:cc:41:2f:ad:4a:c8:a9:8a:57:ae:ed:34:3e:28:25: + c3:1c:57:00:a6:4d:1e:22:8e:94:15:61:de:e8:67:bb:a1:21: + 22:c3:e7:83:c2:4c:1d:32:7a:3a:3b:a7:d3:2b:39:e3:12:1a: + 5e:f3:97:68:65:7f:6a:4c:ce:98:78:d8:41:77:63:76:18:8b: + 9e:47:fc:b1 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE1MDMwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvjCOnGF -or3KLDC3IjrzySR+dIaYr80TCsFMUlb2AxmvfWdzLuKZ5Dv3enzcjYNhNsSJvBSq -EY3n/j1h5Rp4iJuvYwUwePge9ZLlLQLUtMukRKTMGzhS+1VKuTfUu9ATIGnLHzRM -0MoyBCPzUh856JCjPWj1qeP84/Hiw0dVaKt+kHeHkADpMAXqMAdtZtbImL2LgRjG -xUUmMM7IYWrccHojik24ypRop0i61vsQiamdXhxDELXeM2ijLJErcNq+vR6yMC65 -91f82dFKkng0k9+JaoUc3yPzMPt9n3uzzJ2FmPhkejS6elGAAeuRd3939mWGnlFe -TiBvye08UBzNjwIDAQABo4HLMIHIMB0GA1UdDgQWBBRMMzyGSGDGUAJHr95gL6Bc -lu5wezAfBgNVHSMEGDAWgBT7WT7MokJicp9TlpU6SOoWgMhCQDA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvN8CdwF +eJZD2aWQox2k2C72LcROje43HTAoRPZQ+ZkSxLa+RA8HSCJn0WBCYConYhXS0S6a +FgJO+0Q3jLp6fXKvVc/W9Xwfs936uFfkeHJykPWFy8N+jR+JH1BD/1Pkp/9lt6/a +vbGAdw3VouNZNZfQ/DkmtZqvPHysWgWvyphAPyAcrjyyNedS/wGqgxpnqneDZy6V +bnlJ6CjddIKywBeBnvcqHcIUfCoQtBYZ4VkQSDY1yPm8NTaRLcmBpBi0L/95bTLK +I1LA0zksfsKhmVOd7h5QS12v88rfOWvcVCQMFHs+9/heuK/qZ2hLCB8lWxT/Med9 +UMcVslMqo1qlwwIDAQABo4HLMIHIMB0GA1UdDgQWBBRyQzYviTI8H0UFANFIto8D +egFSODAfBgNVHSMEGDAWgBRaK+t8exSrfztY7OwhXqXr4fRPXzA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AE+lO5i4qYM6NT11qPboWUOVOgs33KzQEoIxKmTIZIH0+NcoLL9vgXmoIXtwYkt/ -yLG/aYs4FOh4qmHxb2sagZPnxHufmXUskOmNOn5OLwn5CiAEyz7G7Vn1Li6+c7RA -T52W8Iy4AYj6v3rt9sxGxWIbu/MdOksCfKpuYR9bTg7VP8NcwF8aqvu7T02kRUwq -zcDCKT0fMSsNgEXHX0sJloimSrD7Zj9LQcNbp/d/zsu1yVRiZmHRIHP2wuCBESCx -oKVEP1JKd525uZnnc6gjHwKRA+WQrSMAKgiZNxbfynC/2ulQHcWUgVeXfT/ST5F0 -lJAuXN0zE6CDJU3AfhmX49Y= +AJMmGfocl9XatymzkMLcaiuD/GI1PznXYWq+45/5+rWkmaQXUNa8MhPbMoX6jGdW +naI0eHzGZ3RR3eR8rwf28ki0EEIJD6GFFKQxX3VJGlbWoIO+AYs3OOzEwFFIxZfj +CJV4CYQt89VKkxJardzbim3x6rDjGyU46fs1dnfIW6Qxxyi/ecvY08qthe1Rlpjf +dnWKCCN/oxATjOhNWXUdVGV03r+5Q8Phyh6D/87KyvMltVC3YUpeFcxBL61KyKmK +V67tND4oJcMcVwCmTR4ijpQVYd7oZ7uhISLD54PCTB0yejo7p9MrOeMSGl7zl2hl +f2pMzph42EF3Y3YYi55H/LE= -----END CERTIFICATE----- Certificate: @@ -196,30 +196,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c9:53:af:4f:d1:35:5f:3e:69:08:13:28:41:5b: - 69:25:b0:ee:39:75:73:4c:63:c4:08:42:0c:5e:04: - 04:62:21:1a:92:5d:c8:6d:e8:44:6a:3b:3e:c5:6a: - 22:56:86:db:cb:38:c8:c7:55:ed:2c:dc:bc:36:39: - 76:96:3f:6a:5f:3d:12:43:60:b1:94:13:75:94:02: - 8b:ad:f4:be:85:5b:ed:f1:c5:03:2c:3c:0c:e3:eb: - 7f:ab:94:4a:79:8b:48:fd:ad:7a:c3:e0:a8:de:40: - ea:f0:a7:87:54:40:6e:f4:74:88:aa:2b:bb:21:bf: - d6:7f:da:bc:cf:52:48:3d:b6:75:0d:e2:6b:ea:03: - 0a:d7:39:f5:78:45:63:05:1a:4b:99:40:5e:97:08: - 0a:5d:34:63:fa:ba:de:a7:f5:1c:e8:b2:26:96:0f: - c9:c1:ac:6d:ef:05:8d:1c:dc:09:0b:bc:d3:f3:fb: - 10:43:2f:b2:36:3e:cf:84:1a:37:1e:fc:81:67:c6: - 14:87:bb:87:33:16:2a:95:cf:e7:0a:b7:52:00:05: - 09:08:a9:a5:97:5d:be:ed:19:92:4e:6c:4f:94:7f: - e5:1a:34:c0:dc:3f:02:8e:ae:77:fc:b6:27:77:78: - 48:e7:ca:a1:bd:27:1d:3c:a3:2d:8d:46:d5:a6:9d: - 53:cd + 00:c5:99:c3:5a:ac:ee:dd:88:55:9e:e4:3b:02:e9: + 99:bf:7e:7c:20:2e:ad:35:96:06:74:f8:06:62:6c: + 30:55:b5:16:f9:e2:db:99:65:f8:b7:58:00:01:70: + 3f:7c:23:ff:a7:39:4b:3a:d8:f7:72:65:3e:fd:66: + c0:69:43:cc:85:22:3b:d7:22:5d:1f:aa:d4:39:83: + 58:08:cd:e3:c1:8b:f1:77:4a:92:6a:5c:83:df:1b: + 59:dd:b5:92:fd:b0:6a:b0:29:a6:13:7e:2b:0e:cb: + a7:0e:30:c4:b6:2f:f7:1b:e3:ce:3c:38:2c:18:bd: + 0c:21:dd:e1:dd:2a:18:77:94:31:12:89:0a:ee:80: + 30:98:2f:3a:fc:72:75:9c:f1:fb:39:31:c7:ac:63: + 24:d4:11:40:86:49:e4:72:ce:b9:df:f3:51:bd:d7: + f2:7b:49:cd:97:65:4a:8f:65:c0:87:61:99:9c:86: + c9:96:95:fc:bc:d2:c4:c2:cc:82:c4:1b:3d:18:ba: + dd:13:1c:80:cf:9a:34:e7:44:90:29:c5:e5:f9:53: + 2f:20:e2:1c:95:ff:01:bb:ea:89:d1:47:59:fd:5a: + 44:75:58:df:42:29:bc:50:89:bc:1d:6c:e3:35:f8: + 85:ce:57:c4:c5:47:58:37:5d:1f:1b:03:66:61:0d: + 2f:79 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - FB:59:3E:CC:A2:42:62:72:9F:53:96:95:3A:48:EA:16:80:C8:42:40 + 5A:2B:EB:7C:7B:14:AB:7F:3B:58:EC:EC:21:5E:A5:EB:E1:F4:4F:5F X509v3 Authority Key Identifier: - keyid:FB:59:3E:CC:A2:42:62:72:9F:53:96:95:3A:48:EA:16:80:C8:42:40 + keyid:5A:2B:EB:7C:7B:14:AB:7F:3B:58:EC:EC:21:5E:A5:EB:E1:F4:4F:5F Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -234,41 +234,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 34:3c:af:58:31:78:ea:c0:32:23:d8:b0:8e:84:44:9c:a3:b7: - 0b:b5:a4:4b:3d:21:d2:8a:02:ec:4c:ed:ab:c3:0a:17:89:50: - 45:fc:43:0b:db:6c:e6:69:56:3c:41:b0:c9:2d:12:19:bd:a1: - b6:a7:fa:25:a4:73:6f:32:06:b7:f5:ac:64:b3:b9:b6:44:65: - 83:b2:48:cc:3c:68:69:ae:16:0a:c0:c5:57:39:00:51:16:97: - 0e:03:7d:e7:02:65:f2:84:de:e9:a6:9d:d5:83:73:37:9d:f5: - bc:d8:ef:dc:6f:1b:48:db:f6:ca:a0:00:d5:e6:c0:f6:94:2d: - a9:4e:b4:4d:cf:49:7d:c4:4d:3a:68:a2:b2:d8:e8:67:77:98: - 6f:1c:2d:4a:74:13:2b:24:04:67:50:38:7e:e9:cb:0c:94:0d: - d0:07:50:52:a5:03:10:07:6a:04:ef:33:ea:b0:70:9f:27:34: - 47:b0:f8:41:81:7e:f2:93:0b:c0:cf:c3:d7:06:59:f1:24:2a: - 61:64:7f:38:f0:4f:77:d3:92:e4:1f:e4:44:a4:b6:85:40:59: - 3d:df:f2:cc:57:ea:1a:58:1d:f8:90:d4:2d:53:67:56:c3:88: - 9d:17:0f:19:19:fc:ed:4e:cc:b9:76:fa:fc:93:e5:bf:08:e7: - a9:d6:46:0f + 0c:03:aa:0e:1c:44:df:8d:6a:d3:4e:74:66:e5:39:5e:07:8b: + e9:b9:07:0a:b8:6d:f0:24:f2:5c:93:4a:3b:f8:04:03:5c:ee: + 62:74:ea:31:52:0b:a9:01:34:96:c1:aa:22:0e:a0:df:92:9c: + 32:f5:0d:71:68:cd:5e:8e:05:72:88:d8:ca:9f:c0:de:25:1c: + 5e:b3:67:af:64:61:ea:11:ed:2b:9c:32:ed:5a:4d:45:d0:a7: + c6:02:57:6d:21:ea:c2:be:0c:51:89:eb:2f:19:55:ee:bc:7e: + 30:c1:5a:f8:8c:49:ae:71:39:98:e3:c2:4b:ba:95:c4:1c:1d: + 40:3b:dc:8b:d0:8a:02:42:1e:d3:5d:80:b7:3b:f6:7d:84:b4: + 7e:b5:15:c0:b7:2d:03:32:a0:93:e9:c5:c6:98:49:e5:27:3c: + 13:94:c1:00:c5:26:a3:a0:28:be:9d:49:c8:90:18:3f:04:c5: + 5f:cf:f9:38:42:47:9f:ad:88:14:4c:57:59:69:50:d8:e7:fc: + 5e:9a:ec:c4:0c:54:68:c5:40:f0:37:a8:ed:c9:f0:40:0a:86: + 3a:7a:15:a8:8b:2b:da:9e:be:44:46:f6:3a:96:37:a3:09:f4: + 6b:00:74:22:c3:1f:c0:0e:65:09:14:97:f0:d9:bc:e5:4e:12: + 3a:16:93:e9 -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMlTr0/RNV8+aQgTKEFb -aSWw7jl1c0xjxAhCDF4EBGIhGpJdyG3oRGo7PsVqIlaG28s4yMdV7SzcvDY5dpY/ -al89EkNgsZQTdZQCi630voVb7fHFAyw8DOPrf6uUSnmLSP2tesPgqN5A6vCnh1RA -bvR0iKoruyG/1n/avM9SSD22dQ3ia+oDCtc59XhFYwUaS5lAXpcICl00Y/q63qf1 -HOiyJpYPycGsbe8FjRzcCQu80/P7EEMvsjY+z4QaNx78gWfGFIe7hzMWKpXP5wq3 -UgAFCQippZddvu0Zkk5sT5R/5Ro0wNw/Ao6ud/y2J3d4SOfKob0nHTyjLY1G1aad -U80CAwEAAaOByzCByDAdBgNVHQ4EFgQU+1k+zKJCYnKfU5aVOkjqFoDIQkAwHwYD -VR0jBBgwFoAU+1k+zKJCYnKfU5aVOkjqFoDIQkAwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMWZw1qs7t2IVZ7kOwLp +mb9+fCAurTWWBnT4BmJsMFW1Fvni25ll+LdYAAFwP3wj/6c5SzrY93JlPv1mwGlD +zIUiO9ciXR+q1DmDWAjN48GL8XdKkmpcg98bWd21kv2warApphN+Kw7Lpw4wxLYv +9xvjzjw4LBi9DCHd4d0qGHeUMRKJCu6AMJgvOvxydZzx+zkxx6xjJNQRQIZJ5HLO +ud/zUb3X8ntJzZdlSo9lwIdhmZyGyZaV/LzSxMLMgsQbPRi63RMcgM+aNOdEkCnF +5flTLyDiHJX/AbvqidFHWf1aRHVY30IpvFCJvB1s4zX4hc5XxMVHWDddHxsDZmEN +L3kCAwEAAaOByzCByDAdBgNVHQ4EFgQUWivrfHsUq387WOzsIV6l6+H0T18wHwYD +VR0jBBgwFoAUWivrfHsUq387WOzsIV6l6+H0T18wNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA0PK9YMXjq -wDIj2LCOhESco7cLtaRLPSHSigLsTO2rwwoXiVBF/EML22zmaVY8QbDJLRIZvaG2 -p/olpHNvMga39axks7m2RGWDskjMPGhprhYKwMVXOQBRFpcOA33nAmXyhN7ppp3V -g3M3nfW82O/cbxtI2/bKoADV5sD2lC2pTrRNz0l9xE06aKKy2Ohnd5hvHC1KdBMr -JARnUDh+6csMlA3QB1BSpQMQB2oE7zPqsHCfJzRHsPhBgX7ykwvAz8PXBlnxJCph -ZH848E9305LkH+REpLaFQFk93/LMV+oaWB34kNQtU2dWw4idFw8ZGfztTsy5dvr8 -k+W/COep1kYP +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAMA6oOHETf +jWrTTnRm5TleB4vpuQcKuG3wJPJck0o7+AQDXO5idOoxUgupATSWwaoiDqDfkpwy +9Q1xaM1ejgVyiNjKn8DeJRxes2evZGHqEe0rnDLtWk1F0KfGAldtIerCvgxRiesv +GVXuvH4wwVr4jEmucTmY48JLupXEHB1AO9yL0IoCQh7TXYC3O/Z9hLR+tRXAty0D +MqCT6cXGmEnlJzwTlMEAxSajoCi+nUnIkBg/BMVfz/k4QkefrYgUTFdZaVDY5/xe +muzEDFRoxUDwN6jtyfBACoY6ehWoiyvanr5ERvY6ljejCfRrAHQiwx/ADmUJFJfw +2bzlThI6FpPp -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -281,10 +281,15 @@ FAIL RkFJTA== -----END VERIFY_RESULT----- -[Context] Processing Certificate - index: 0 - [Error] Time is after notAfter +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Time is after notAfter + -----BEGIN ERRORS----- -W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMAogICAgICBbRXJyb3JdIFRpbWUgaXMgYWZ0ZXIgbm90QWZ0ZXIK +LS0tLS0gQ2VydGlmaWNhdGUgaT0xIChDTj1JbnRlcm1lZGlhdGUpIC0tLS0tCkVSUk9SOiBUaW1lIGlzIGFmdGVyIG5vdEFmdGVyCgo= -----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/expired-target-notBefore.pem b/chromium/net/data/verify_certificate_chain_unittest/expired-target-notBefore.pem index f73790cbf64..c4a7c8e3579 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/expired-target-notBefore.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/expired-target-notBefore.pem @@ -17,30 +17,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:d8:d8:32:e7:2a:be:55:8d:e7:e8:ae:ee:1d:c6: - f5:3b:0c:6d:25:d9:53:8e:4a:84:0c:1e:7b:cb:30: - 2f:5f:1f:85:a3:e7:e0:92:79:b4:a2:35:fe:b7:71: - b4:a3:c0:79:dd:50:e5:e4:b0:61:b5:2c:97:2e:e6: - 4a:bc:c6:3c:c7:20:f3:87:20:4e:27:d8:8a:f6:0d: - a9:ac:0a:57:9a:53:03:9e:5f:32:ef:07:18:0a:ab: - f6:a7:42:4e:ef:36:9a:10:4a:db:d3:9f:49:d7:04: - 3a:95:61:77:ba:5e:d2:84:cb:57:ec:45:91:d0:fd: - be:5b:8b:4d:2f:0b:21:ab:89:ab:92:d9:fc:18:0c: - 44:bb:54:0a:94:5d:bd:ee:ac:a9:ee:f2:27:a8:3f: - 30:b1:e7:f6:fd:1a:05:86:56:db:22:de:bd:e5:a6: - d2:50:2d:4c:0c:ab:1c:b2:49:6c:23:9a:46:d8:f5: - 53:f4:9d:52:2c:f0:25:e3:a8:e7:99:d3:6d:ec:f0: - 0c:d1:bd:1e:73:c6:8f:5d:11:50:88:b3:63:bc:c7: - c5:eb:36:74:8f:03:fe:1a:36:d7:ac:5f:18:ae:73: - 11:7f:dc:81:dc:7c:77:17:ec:2c:91:c5:db:cc:2d: - 1a:a0:f1:ad:aa:d4:b6:1d:22:ee:22:bd:48:c9:f0: - df:7f + 00:e7:98:ab:da:da:60:92:7c:1f:fa:48:13:23:e5: + 80:74:cf:cd:98:4f:55:39:14:a2:38:e2:6f:68:fe: + 03:6e:9a:40:9e:2b:47:88:c7:b5:07:f6:27:02:ad: + 22:78:55:73:84:6f:f0:44:32:95:cc:94:57:f1:bf: + d7:f4:4d:1d:64:0c:07:49:ea:6e:b2:91:27:e0:49: + f3:d2:62:65:8c:2c:43:b0:91:91:10:c8:23:96:cc: + 6c:da:11:f3:5f:da:aa:28:72:91:f4:d4:8b:ce:dc: + 6a:c6:61:7a:fa:96:1f:19:40:c4:5e:45:09:ca:20: + 0c:24:19:7a:30:20:c9:af:94:aa:8b:ca:89:4b:79: + 0d:96:ee:53:52:8b:5a:b8:da:a8:25:fe:97:05:29: + 87:84:5e:73:87:ac:ee:6f:b5:3e:c9:8a:5f:86:1d: + 5a:a0:78:5b:ea:c0:5f:74:a4:4d:a3:d9:25:eb:ce: + 70:52:68:95:02:0b:c2:84:46:0b:45:92:19:d6:9e: + 69:9a:0c:2e:da:b6:2f:9a:44:30:71:22:aa:ee:1c: + 27:04:e4:77:bb:91:44:ef:39:47:5c:15:a4:20:70: + 86:b2:e5:00:77:65:60:f7:5e:9c:08:d0:4c:bb:b4: + e3:57:e0:75:89:26:a3:95:e0:4e:b0:09:bc:b4:3a: + 31:41 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - E6:C3:54:85:55:F1:44:F6:4B:55:D3:EA:09:69:E3:95:F6:DA:2A:FA + A2:94:73:5E:30:8A:B4:B1:C9:04:57:ED:47:47:A5:76:E3:02:CC:E3 X509v3 Authority Key Identifier: - keyid:EC:3F:B7:92:DD:EA:7D:97:A5:77:22:28:E9:98:4D:0D:07:69:C4:86 + keyid:E8:2F:43:7B:3F:D0:73:F7:C9:94:06:34:36:E5:B8:96:3E:DB:B8:C7 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -55,42 +55,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 27:8e:41:9c:f0:5c:4a:e0:b0:63:c7:fa:cc:1f:d4:21:35:33: - 87:13:68:b7:18:08:0e:ba:22:a1:51:1a:d9:ba:31:a7:35:80: - c7:75:35:a4:68:c8:3e:91:79:55:e3:60:34:79:a1:0f:a9:cc: - 05:92:61:40:b0:66:2b:fe:c7:29:a2:54:f3:7c:71:b6:36:fe: - a9:fd:7b:79:ea:66:19:c0:2f:d2:56:97:2f:ca:12:a3:96:6b: - b3:57:c8:06:58:6f:de:53:d7:63:ee:93:d6:b2:f2:11:9c:8a: - a1:00:26:6c:9a:bd:dd:da:97:ea:07:61:5e:48:8e:dd:3f:10: - 4b:39:d1:9a:ba:8f:14:30:b3:36:3c:9f:a7:2c:68:b4:3c:da: - f2:90:24:4a:03:19:38:24:73:b5:72:b3:ae:31:b3:44:96:36: - 3d:38:c5:c7:07:62:78:06:d8:5d:01:07:d9:b3:2d:be:0f:46: - 13:8c:25:f9:d7:e0:84:5d:a4:62:a7:5d:3b:22:cf:e6:95:97: - 20:d3:24:40:cc:cf:3d:72:17:f9:c1:8e:ee:15:6f:99:8f:24: - d1:83:6b:f9:fe:6b:94:3a:9c:2c:02:5c:1d:70:d6:f8:d6:69: - 0d:99:f5:53:89:4f:21:7b:a6:34:dd:ce:27:ef:45:a5:e0:c6: - e5:f5:fc:5f + 9c:3a:72:f1:d3:00:76:dc:0e:4b:a3:b0:d3:7e:cc:2d:d7:f7: + 73:40:5f:28:4f:33:53:3c:13:a9:36:1f:bc:7e:a2:9b:cb:e1: + c1:7a:7a:ca:c8:30:8c:d4:ec:c3:ef:b9:8f:e4:c8:12:d5:2e: + 87:4c:f8:ff:13:94:92:2a:13:68:a3:a0:24:6c:7e:f8:7f:1e: + b6:b3:a6:33:c9:37:11:36:4d:b3:8e:7f:d1:60:0e:1b:a2:50: + a2:d7:d1:5a:00:36:ce:df:64:d5:43:28:27:e9:fd:c6:c4:38: + 80:34:ef:25:f7:e2:84:af:ce:46:5a:de:cd:d4:a0:10:44:28: + 64:19:1a:a3:02:33:13:64:1e:a1:d4:db:37:49:d0:1d:4d:c4: + 84:eb:18:c0:b9:30:91:66:a5:4f:7e:f6:bf:dd:b9:31:93:b2: + c2:a0:66:6f:1c:58:f9:35:3b:ba:fc:83:8f:99:a0:92:a0:11: + 47:27:f0:c8:8d:c7:04:c2:57:e4:a3:4e:d0:c5:ba:8a:6d:f3: + 85:09:d3:94:9e:6c:e0:50:2b:8d:c7:f5:20:e8:5f:c9:9e:87: + 92:04:de:af:b9:9f:f1:36:b0:f9:95:52:89:ea:70:5e:35:8b: + 19:43:44:e1:fc:7a:0b:7e:88:b2:03:79:5e:bd:99:dd:a9:39: + 89:fe:6e:d0 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMzAyMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY2DLn -Kr5Vjeforu4dxvU7DG0l2VOOSoQMHnvLMC9fH4Wj5+CSebSiNf63cbSjwHndUOXk -sGG1LJcu5kq8xjzHIPOHIE4n2Ir2DamsCleaUwOeXzLvBxgKq/anQk7vNpoQStvT -n0nXBDqVYXe6XtKEy1fsRZHQ/b5bi00vCyGriauS2fwYDES7VAqUXb3urKnu8ieo -PzCx5/b9GgWGVtsi3r3lptJQLUwMqxyySWwjmkbY9VP0nVIs8CXjqOeZ023s8AzR -vR5zxo9dEVCIs2O8x8XrNnSPA/4aNtesXxiucxF/3IHcfHcX7CyRxdvMLRqg8a2q -1LYdIu4ivUjJ8N9/AgMBAAGjgekwgeYwHQYDVR0OBBYEFObDVIVV8UT2S1XT6glp -45X22ir6MB8GA1UdIwQYMBaAFOw/t5Ld6n2XpXciKOmYTQ0HacSGMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnmKva +2mCSfB/6SBMj5YB0z82YT1U5FKI44m9o/gNumkCeK0eIx7UH9icCrSJ4VXOEb/BE +MpXMlFfxv9f0TR1kDAdJ6m6ykSfgSfPSYmWMLEOwkZEQyCOWzGzaEfNf2qoocpH0 +1IvO3GrGYXr6lh8ZQMReRQnKIAwkGXowIMmvlKqLyolLeQ2W7lNSi1q42qgl/pcF +KYeEXnOHrO5vtT7Jil+GHVqgeFvqwF90pE2j2SXrznBSaJUCC8KERgtFkhnWnmma +DC7ati+aRDBxIqruHCcE5He7kUTvOUdcFaQgcIay5QB3ZWD3XpwI0Ey7tONX4HWJ +JqOV4E6wCby0OjFBAgMBAAGjgekwgeYwHQYDVR0OBBYEFKKUc14wirSxyQRX7UdH +pXbjAszjMB8GA1UdIwQYMBaAFOgvQ3s/0HP3yZQGNDbluJY+27jHMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAJ45BnPBcSuCwY8f6zB/U -ITUzhxNotxgIDroioVEa2boxpzWAx3U1pGjIPpF5VeNgNHmhD6nMBZJhQLBmK/7H -KaJU83xxtjb+qf17eepmGcAv0laXL8oSo5Zrs1fIBlhv3lPXY+6T1rLyEZyKoQAm -bJq93dqX6gdhXkiO3T8QSznRmrqPFDCzNjyfpyxotDza8pAkSgMZOCRztXKzrjGz -RJY2PTjFxwdieAbYXQEH2bMtvg9GE4wl+dfghF2kYqddOyLP5pWXINMkQMzPPXIX -+cGO7hVvmY8k0YNr+f5rlDqcLAJcHXDW+NZpDZn1U4lPIXumNN3OJ+9FpeDG5fX8 -Xw== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAnDpy8dMAdtwOS6Ow037M +Ldf3c0BfKE8zUzwTqTYfvH6im8vhwXp6ysgwjNTsw++5j+TIEtUuh0z4/xOUkioT +aKOgJGx++H8etrOmM8k3ETZNs45/0WAOG6JQotfRWgA2zt9k1UMoJ+n9xsQ4gDTv +JffihK/ORlrezdSgEEQoZBkaowIzE2QeodTbN0nQHU3EhOsYwLkwkWalT372v925 +MZOywqBmbxxY+TU7uvyDj5mgkqARRyfwyI3HBMJX5KNO0MW6im3zhQnTlJ5s4FAr +jcf1IOhfyZ6HkgTer7mf8Taw+ZVSiepwXjWLGUNE4fx6C36IsgN5Xr2Z3ak5if5u +0A== -----END CERTIFICATE----- Certificate: @@ -107,30 +107,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:e4:7c:a3:bb:4c:6d:c3:5e:ae:62:cd:af:18:39: - c5:4b:6a:a3:fd:85:d0:ed:8b:25:93:bd:2b:06:22: - b2:6b:c1:ff:73:c9:26:dd:d6:eb:eb:ee:93:4a:6d: - df:10:02:b8:c5:72:d4:2f:c7:b4:1a:06:e9:38:b4: - 90:ae:9f:5f:69:45:47:07:68:17:b2:84:8a:65:b8: - 1e:ef:de:f1:b4:8a:6b:ab:de:55:79:5d:f5:2e:96: - 46:5b:5c:87:0b:4a:a8:53:70:4f:6f:f3:9e:9d:f4: - f8:38:fa:1f:a6:5f:a3:25:08:f2:e9:63:fc:3c:98: - 4d:91:df:77:60:e7:e2:bd:af:bb:d9:23:38:2d:6e: - 07:07:0c:1a:59:5e:8a:43:c7:da:b2:ce:39:3a:80: - c6:72:60:1f:d3:93:45:cd:63:b8:8b:96:bf:30:cd: - b1:f6:56:d7:a9:de:14:42:ae:42:40:f8:e9:7b:47: - a3:63:a1:5d:b9:2b:c0:3b:2b:81:56:11:54:ce:96: - 85:e6:3a:8c:66:ff:42:9f:ce:e4:a4:80:f5:59:8a: - 4b:ae:b2:37:c2:1f:45:9b:49:cd:db:0f:8b:a7:37: - 31:20:19:b4:42:20:aa:e9:e4:af:13:5a:b9:ea:d2: - 2c:9a:15:48:af:8d:ed:d0:fe:02:c0:a2:c6:47:bd: - dd:2f + 00:c0:11:fb:d1:6d:1c:d9:5e:1d:4c:49:f3:48:10: + 4e:52:31:7a:2a:4f:97:88:0f:4a:c4:06:fd:6c:fd: + 9a:8e:77:b3:74:6b:35:b3:c1:96:3f:fe:fd:2f:ed: + 4b:ac:55:b3:18:75:e0:5b:45:7d:83:3e:00:29:e8: + 9b:de:18:a7:68:ea:04:f2:66:4e:4e:2e:a2:b3:6a: + 51:35:9d:76:e8:7c:bb:8a:3c:a2:85:2c:1d:b1:5b: + b9:53:68:3f:52:87:1b:92:29:df:71:a8:50:04:31: + 9e:0a:1e:58:ef:dd:72:bf:37:23:a8:98:9c:0c:e2: + 26:5a:0c:cf:b3:c7:00:55:65:4a:72:22:0c:b4:a4: + b9:56:84:61:38:49:6c:c2:27:63:6b:33:d7:bc:d4: + b8:b6:87:e6:51:d9:c2:e4:b5:2a:dd:a1:c8:b5:ea: + 88:26:15:2b:62:0e:e0:b5:83:a5:42:b2:a0:08:81: + d2:9f:15:b9:24:ac:da:e6:ce:a1:3a:3e:7c:b3:9a: + db:a8:55:f6:9d:43:0b:fd:09:3b:cd:ec:6a:3c:52: + 65:4d:54:71:d2:ef:d8:76:a1:c4:51:7d:ef:0a:70: + 76:60:3a:f0:40:11:c1:18:60:59:53:a8:ba:52:05: + ce:79:51:8c:ae:da:f3:b1:d3:1d:92:83:b2:5d:33: + e1:c7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - EC:3F:B7:92:DD:EA:7D:97:A5:77:22:28:E9:98:4D:0D:07:69:C4:86 + E8:2F:43:7B:3F:D0:73:F7:C9:94:06:34:36:E5:B8:96:3E:DB:B8:C7 X509v3 Authority Key Identifier: - keyid:44:FC:9D:F0:51:F2:23:99:FE:A4:76:CB:CB:5C:39:BD:FC:68:38:45 + keyid:41:C5:CF:62:9B:03:74:29:CC:82:F6:5A:85:3B:37:D8:E1:D7:0A:DE Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -145,41 +145,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 40:21:7c:15:90:68:e9:aa:b0:ab:21:63:e7:21:f1:92:5b:75: - 02:34:b4:cd:06:b3:45:f4:93:07:d1:0f:f2:bc:92:ac:75:94: - 43:ad:a8:4f:91:6a:28:0c:cd:47:8d:01:de:54:51:aa:14:e3: - 35:f8:eb:d8:d4:59:f5:86:ef:55:e6:6f:54:17:47:c1:5f:e8: - be:0d:7f:34:d2:88:2d:b5:04:29:25:11:cc:a3:d7:0e:49:b2: - 9a:e3:01:1d:3f:15:89:68:41:19:4d:ee:8d:12:0e:96:ce:5e: - e5:08:31:64:4f:89:e0:91:1b:a9:b0:3c:4e:50:cb:83:a0:df: - d0:d3:df:af:53:d5:99:6b:88:dd:9c:4f:98:f1:0d:1d:f5:29: - f6:c5:be:18:84:4f:1f:76:ce:6f:c8:08:a0:f4:58:af:a3:ff: - cb:44:55:ad:2e:6e:e0:44:07:f4:a3:d4:08:9c:d1:0e:04:29: - 34:54:1b:bd:e8:e3:b4:56:e1:0b:05:bd:ee:6d:47:fb:10:42: - d2:14:12:e4:15:29:bd:06:13:7d:12:41:fa:5f:5d:01:27:69: - 99:76:ff:76:74:c8:c8:fe:11:c5:2e:67:44:d3:32:6d:8f:45: - e4:0a:5a:73:ef:74:75:6a:6c:d6:c2:c5:e8:73:bc:be:29:b3: - 3a:01:cf:02 + d3:ed:dd:c9:1e:dc:c0:02:8c:7b:a9:aa:d0:47:fc:ee:de:f2: + f0:1f:b6:0c:79:2d:ef:30:02:67:4a:83:f5:f7:6e:b4:ce:e8: + 41:cb:bb:6a:dc:ae:86:4c:06:1c:a7:ad:7b:14:90:60:73:ab: + 91:89:af:0f:b7:23:cf:89:3f:ef:b8:31:06:35:00:db:db:39: + 1a:8f:80:d3:9c:49:91:a2:3b:cb:0c:21:45:17:ba:2b:6b:a6: + 5e:cc:23:86:5a:8f:fa:a9:c8:69:e6:94:76:b5:78:6a:8d:4d: + f9:0d:10:13:a9:12:ed:69:07:d9:0b:a6:0d:65:17:cf:5e:7a: + 9b:55:82:e6:62:9f:2f:ef:b8:e8:11:57:23:f9:cf:1e:46:b3: + 13:15:de:99:b6:dc:58:69:73:27:f3:34:14:6d:0e:e1:b6:c3: + 8b:62:17:09:e0:77:8d:58:ae:59:91:6a:3b:82:2a:f4:30:4c: + dd:f4:b7:53:31:fd:eb:b0:0e:66:c1:35:e3:27:31:a8:bf:0e: + 8d:3c:6b:c9:5e:18:46:30:83:b4:06:e2:81:c6:59:ef:5f:94: + 87:41:b7:f4:5a:99:3c:6b:0e:73:cb:77:ac:ae:df:3a:55:32: + 1d:89:1b:4e:96:85:a3:cd:33:57:f2:de:90:8a:29:8a:b3:cb: + 7d:59:aa:25 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Hyju0xt -w16uYs2vGDnFS2qj/YXQ7Yslk70rBiKya8H/c8km3dbr6+6TSm3fEAK4xXLUL8e0 -GgbpOLSQrp9faUVHB2gXsoSKZbge797xtIprq95VeV31LpZGW1yHC0qoU3BPb/Oe -nfT4OPofpl+jJQjy6WP8PJhNkd93YOfiva+72SM4LW4HBwwaWV6KQ8fass45OoDG -cmAf05NFzWO4i5a/MM2x9lbXqd4UQq5CQPjpe0ejY6FduSvAOyuBVhFUzpaF5jqM -Zv9Cn87kpID1WYpLrrI3wh9Fm0nN2w+LpzcxIBm0QiCq6eSvE1q56tIsmhVIr43t -0P4CwKLGR73dLwIDAQABo4HLMIHIMB0GA1UdDgQWBBTsP7eS3ep9l6V3IijpmE0N -B2nEhjAfBgNVHSMEGDAWgBRE/J3wUfIjmf6kdsvLXDm9/Gg4RTA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBH70W0c +2V4dTEnzSBBOUjF6Kk+XiA9KxAb9bP2ajnezdGs1s8GWP/79L+1LrFWzGHXgW0V9 +gz4AKeib3hinaOoE8mZOTi6is2pRNZ126Hy7ijyihSwdsVu5U2g/UocbkinfcahQ +BDGeCh5Y791yvzcjqJicDOImWgzPs8cAVWVKciIMtKS5VoRhOElswidjazPXvNS4 +tofmUdnC5LUq3aHIteqIJhUrYg7gtYOlQrKgCIHSnxW5JKza5s6hOj58s5rbqFX2 +nUML/Qk7zexqPFJlTVRx0u/YdqHEUX3vCnB2YDrwQBHBGGBZU6i6UgXOeVGMrtrz +sdMdkoOyXTPhxwIDAQABo4HLMIHIMB0GA1UdDgQWBBToL0N7P9Bz98mUBjQ25biW +Ptu4xzAfBgNVHSMEGDAWgBRBxc9imwN0KcyC9lqFOzfY4dcK3jA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AEAhfBWQaOmqsKshY+ch8ZJbdQI0tM0Gs0X0kwfRD/K8kqx1lEOtqE+RaigMzUeN -Ad5UUaoU4zX469jUWfWG71Xmb1QXR8Ff6L4NfzTSiC21BCklEcyj1w5JsprjAR0/ -FYloQRlN7o0SDpbOXuUIMWRPieCRG6mwPE5Qy4Og39DT369T1ZlriN2cT5jxDR31 -KfbFvhiETx92zm/ICKD0WK+j/8tEVa0ubuBEB/Sj1Aic0Q4EKTRUG73o47RW4QsF -ve5tR/sQQtIUEuQVKb0GE30SQfpfXQEnaZl2/3Z0yMj+EcUuZ0TTMm2PReQKWnPv -dHVqbNbCxehzvL4pszoBzwI= +ANPt3cke3MACjHupqtBH/O7e8vAftgx5Le8wAmdKg/X3brTO6EHLu2rcroZMBhyn +rXsUkGBzq5GJrw+3I8+JP++4MQY1ANvbORqPgNOcSZGiO8sMIUUXuitrpl7MI4Za +j/qpyGnmlHa1eGqNTfkNEBOpEu1pB9kLpg1lF89eeptVguZiny/vuOgRVyP5zx5G +sxMV3pm23FhpcyfzNBRtDuG2w4tiFwngd41YrlmRajuCKvQwTN30t1Mx/euwDmbB +NeMnMai/Do08a8leGEYwg7QG4oHGWe9flIdBt/RamTxrDnPLd6yu3zpVMh2JG06W +haPNM1fy3pCKKYqzy31ZqiU= -----END CERTIFICATE----- Certificate: @@ -196,30 +196,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:a0:21:1c:d1:00:97:80:26:4c:59:fe:1f:73:23: - 48:97:10:b0:7f:bb:bb:34:00:76:fb:5d:e6:1f:59: - ed:24:d9:25:9c:16:06:50:8e:83:da:d6:93:22:80: - 34:69:d3:d2:ee:98:9b:51:09:02:25:e4:04:fa:cc: - de:4f:f6:3d:9c:65:80:b3:83:19:dd:74:b7:3f:84: - 86:7f:77:f9:5b:bc:c9:5c:0d:98:3e:77:df:3b:f1: - 43:cd:3d:4a:88:81:76:08:cb:56:25:5f:ff:56:7e: - e1:e2:ab:41:60:9a:89:32:cf:9b:5e:3f:95:17:04: - 75:2d:a2:b7:e8:02:ea:6e:a0:2f:69:9f:30:a7:cd: - 7b:e6:e5:3d:98:01:51:b4:3e:c2:cf:87:f9:a1:e8: - 9d:69:43:91:37:58:b9:ec:2e:64:5f:76:21:e5:09: - 8c:6e:72:31:f4:c5:79:2f:14:1f:84:17:10:e3:50: - 0f:5d:d2:dd:f1:33:cb:57:f2:19:8c:04:96:e8:a7: - 3b:77:51:3a:6e:03:2b:29:2a:db:40:da:fb:41:f2: - bc:37:ef:31:5c:2b:0f:b2:f4:58:27:b6:0f:24:4d: - 1d:97:ca:bd:00:c8:5f:eb:c4:3d:5d:b7:9e:d6:58: - 45:8a:20:af:2f:16:fc:51:6c:55:66:24:19:21:66: - 38:9f + 00:d9:ec:81:3f:71:c2:86:b2:1e:84:63:69:f0:17: + 3a:83:38:80:e0:ec:18:7e:41:1a:dc:34:5f:31:d3: + 1d:e8:28:40:1d:a0:e0:7c:1e:1d:0e:b4:34:ea:e9: + 96:92:fe:17:47:a2:65:73:fe:02:dd:45:85:0c:d4: + 16:ef:c4:68:ff:b4:2e:b3:a2:50:85:82:94:c6:cf: + fd:22:b4:38:09:e2:fd:8c:87:4e:58:5e:6a:d8:8d: + 6d:56:71:bd:22:5c:a2:61:93:ed:5c:47:a6:85:7d: + 7d:ce:24:92:4c:a1:96:37:05:d9:ea:53:7e:59:e4: + 0c:c2:9b:97:e4:c5:89:96:36:ac:4e:4d:a1:62:f5: + 19:e4:38:81:9b:2d:95:19:9a:1c:aa:c2:e8:1c:63: + 06:3a:3f:cd:0b:cc:e3:a8:26:ff:19:7b:bd:c1:d1: + a8:c4:55:d7:4f:16:d9:65:95:e7:d3:4d:6f:c8:a8: + 2b:c3:9b:a1:7d:65:86:b7:43:5f:0d:77:37:3d:2e: + 06:28:dc:54:da:be:63:66:d5:64:39:e2:6d:eb:84: + 25:af:a4:75:9d:4c:f0:98:18:3e:01:c7:70:48:64: + d2:1c:27:11:63:4a:b9:c5:c2:bd:63:f5:3d:81:53: + 99:82:3e:f5:cd:12:5e:ff:48:61:94:2d:54:ab:95: + 09:b1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 44:FC:9D:F0:51:F2:23:99:FE:A4:76:CB:CB:5C:39:BD:FC:68:38:45 + 41:C5:CF:62:9B:03:74:29:CC:82:F6:5A:85:3B:37:D8:E1:D7:0A:DE X509v3 Authority Key Identifier: - keyid:44:FC:9D:F0:51:F2:23:99:FE:A4:76:CB:CB:5C:39:BD:FC:68:38:45 + keyid:41:C5:CF:62:9B:03:74:29:CC:82:F6:5A:85:3B:37:D8:E1:D7:0A:DE Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -234,41 +234,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 94:de:4b:73:02:e3:22:7f:1e:82:0c:64:a8:de:79:70:34:96: - 9d:b5:e9:a0:51:bc:5c:3a:b1:97:7e:a4:0a:04:60:5a:3b:3a: - 88:7e:ff:67:1a:19:7f:61:c0:6a:f9:73:14:b4:6b:be:21:fd: - f3:e2:7a:61:56:73:15:9e:8d:c5:bb:21:47:8a:1f:fa:03:0d: - 0a:90:20:37:69:49:0b:2e:6a:9c:64:5b:e8:f0:ed:29:32:5f: - bc:f8:59:81:ad:d8:d9:71:ef:8d:bd:9c:ed:2e:c3:53:4f:12: - ec:f3:83:24:36:30:b1:c6:59:a7:2c:a8:6d:62:30:bc:a3:28: - 13:0a:09:ed:47:a9:f5:68:e9:97:33:b2:e7:e7:5c:f9:bb:c1: - 4b:7b:63:62:0a:0f:31:58:7e:24:88:30:f5:42:cf:3e:86:ca: - 48:5b:83:44:b0:04:fa:0b:e2:9c:8b:5f:9c:68:77:23:79:40: - 29:95:0d:6e:32:bf:ab:b4:ae:8a:2a:ca:f2:2a:92:a7:0d:b4: - 80:5d:ce:be:f8:68:24:00:d9:30:9c:de:ba:35:d4:22:b5:dd: - 15:37:70:bd:2e:7c:53:65:db:6f:1d:47:fa:53:56:dd:d0:9f: - e7:d5:d5:27:7f:c7:2e:9b:55:c2:70:1f:5e:66:b8:d1:2e:ac: - c6:e9:de:aa + 8c:96:f7:8f:d9:f5:7b:82:56:0d:3c:b9:21:18:bb:4d:07:35: + 20:d6:04:5a:5a:55:a7:1b:71:ee:ac:f3:47:ce:2f:39:8d:cd: + 90:66:a3:fa:2b:1a:23:7e:6b:ae:44:1e:d6:61:79:31:7e:6c: + 2e:37:fb:12:39:6d:c4:12:14:30:b9:8c:f9:5c:01:6c:a9:4d: + 08:6d:9b:9f:1b:3f:9c:f1:1e:87:e0:8a:29:87:78:e2:ac:5b: + c3:05:01:94:18:f9:8f:cb:61:9a:b8:e8:0c:02:3f:3c:7d:25: + 69:3e:9d:b2:2b:f0:9b:25:dc:b3:0d:b3:39:4b:7a:d3:1b:45: + be:a8:fa:dd:c6:3d:74:f9:25:76:15:fc:06:a5:5e:7b:2f:96: + 28:1f:72:0e:15:82:ba:62:6c:13:b9:e0:92:56:ff:93:55:93: + a5:02:14:66:37:36:ef:da:e1:aa:e1:49:33:08:37:83:61:4e: + 0d:3e:39:95:8d:4e:6b:3c:00:1b:69:14:74:aa:f7:d7:e3:c7: + 61:2c:4a:92:d1:57:89:fb:1b:ef:a5:70:79:f9:65:86:7e:97: + 92:bb:5b:3f:c3:a5:8c:1a:8f:68:23:c8:9e:32:90:81:cb:7e: + a8:a1:88:b3:30:2d:a6:f5:e4:eb:8b:67:38:b6:f9:6d:42:56: + 8e:cc:07:44 -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKAhHNEAl4AmTFn+H3Mj -SJcQsH+7uzQAdvtd5h9Z7STZJZwWBlCOg9rWkyKANGnT0u6Ym1EJAiXkBPrM3k/2 -PZxlgLODGd10tz+Ehn93+Vu8yVwNmD533zvxQ809SoiBdgjLViVf/1Z+4eKrQWCa -iTLPm14/lRcEdS2it+gC6m6gL2mfMKfNe+blPZgBUbQ+ws+H+aHonWlDkTdYuewu -ZF92IeUJjG5yMfTFeS8UH4QXEONQD13S3fEzy1fyGYwEluinO3dROm4DKykq20Da -+0HyvDfvMVwrD7L0WCe2DyRNHZfKvQDIX+vEPV23ntZYRYogry8W/FFsVWYkGSFm -OJ8CAwEAAaOByzCByDAdBgNVHQ4EFgQURPyd8FHyI5n+pHbLy1w5vfxoOEUwHwYD -VR0jBBgwFoAURPyd8FHyI5n+pHbLy1w5vfxoOEUwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANnsgT9xwoayHoRjafAX +OoM4gODsGH5BGtw0XzHTHegoQB2g4HweHQ60NOrplpL+F0eiZXP+At1FhQzUFu/E +aP+0LrOiUIWClMbP/SK0OAni/YyHTlheatiNbVZxvSJcomGT7VxHpoV9fc4kkkyh +ljcF2epTflnkDMKbl+TFiZY2rE5NoWL1GeQ4gZstlRmaHKrC6BxjBjo/zQvM46gm +/xl7vcHRqMRV108W2WWV59NNb8ioK8OboX1lhrdDXw13Nz0uBijcVNq+Y2bVZDni +beuEJa+kdZ1M8JgYPgHHcEhk0hwnEWNKucXCvWP1PYFTmYI+9c0SXv9IYZQtVKuV +CbECAwEAAaOByzCByDAdBgNVHQ4EFgQUQcXPYpsDdCnMgvZahTs32OHXCt4wHwYD +VR0jBBgwFoAUQcXPYpsDdCnMgvZahTs32OHXCt4wNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCU3ktzAuMi -fx6CDGSo3nlwNJadtemgUbxcOrGXfqQKBGBaOzqIfv9nGhl/YcBq+XMUtGu+If3z -4nphVnMVno3FuyFHih/6Aw0KkCA3aUkLLmqcZFvo8O0pMl+8+FmBrdjZce+NvZzt -LsNTTxLs84MkNjCxxlmnLKhtYjC8oygTCgntR6n1aOmXM7Ln51z5u8FLe2NiCg8x -WH4kiDD1Qs8+hspIW4NEsAT6C+Kci1+caHcjeUAplQ1uMr+rtK6KKsryKpKnDbSA -Xc6++GgkANkwnN66NdQitd0VN3C9LnxTZdtvHUf6U1bd0J/n1dUnf8cum1XCcB9e -ZrjRLqzG6d6q +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCMlveP2fV7 +glYNPLkhGLtNBzUg1gRaWlWnG3HurPNHzi85jc2QZqP6KxojfmuuRB7WYXkxfmwu +N/sSOW3EEhQwuYz5XAFsqU0IbZufGz+c8R6H4Ioph3jirFvDBQGUGPmPy2GauOgM +Aj88fSVpPp2yK/CbJdyzDbM5S3rTG0W+qPrdxj10+SV2FfwGpV57L5YoH3IOFYK6 +YmwTueCSVv+TVZOlAhRmNzbv2uGq4UkzCDeDYU4NPjmVjU5rPAAbaRR0qvfX48dh +LEqS0VeJ+xvvpXB5+WWGfpeSu1s/w6WMGo9oI8ieMpCBy36ooYizMC2m9eTri2c4 +tvltQlaOzAdE -----END TRUST_ANCHOR_UNCONSTRAINED----- 150301120000Z @@ -281,10 +281,15 @@ FAIL RkFJTA== -----END VERIFY_RESULT----- -[Context] Processing Certificate - index: 1 - [Error] Time is before notBefore +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=0 (CN=Target) ----- +ERROR: Time is before notBefore + -----BEGIN ERRORS----- -W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMQogICAgICBbRXJyb3JdIFRpbWUgaXMgYmVmb3JlIG5vdEJlZm9yZQo= +LS0tLS0gQ2VydGlmaWNhdGUgaT0wIChDTj1UYXJnZXQpIC0tLS0tCkVSUk9SOiBUaW1lIGlzIGJlZm9yZSBub3RCZWZvcmUKCg== -----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/expired-target.pem b/chromium/net/data/verify_certificate_chain_unittest/expired-target.pem index cb21f352b14..53441402208 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/expired-target.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/expired-target.pem @@ -17,30 +17,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:df:82:6a:2a:fe:30:47:00:84:06:de:48:a1:fc: - a5:d9:2c:d5:7d:e2:71:eb:ff:b5:7b:da:8c:c7:fc: - 38:8a:a3:64:5a:f8:01:70:e0:c0:26:d4:70:2c:08: - da:6b:5c:b4:40:41:aa:9e:b4:1d:05:9b:54:7c:54: - a4:b8:07:03:b0:69:95:98:c5:e6:7a:7f:71:6f:07: - dd:a5:21:59:79:7c:58:7c:00:0d:9d:18:6b:c0:3d: - 2d:fe:c6:63:58:c6:5f:29:47:01:b6:a2:dd:bb:f4: - 8a:8b:d0:15:3e:0b:01:18:34:0a:d4:a1:d3:e9:7a: - c3:5d:97:2b:c7:53:ff:49:81:34:fc:16:b4:02:f8: - 7c:55:6e:fa:9b:4f:cd:31:1a:f5:d2:5c:8f:92:d7: - bd:48:50:a9:b1:c4:89:cd:6d:c8:1d:99:77:34:d1: - d3:61:8f:b9:f8:3b:3e:c6:b3:2e:5f:3c:d0:f7:04: - 34:51:9f:83:4e:7b:1d:c9:59:53:81:6e:d9:f7:4b: - 36:dc:80:9e:b4:a4:cb:5d:18:1d:d3:52:3e:d8:b3: - 4e:28:c5:ba:2c:bd:dc:d1:e2:4a:21:e5:2a:ed:6f: - 97:84:a9:01:89:eb:2e:21:9e:b9:4a:6a:9b:c5:fe: - b0:5a:34:cf:25:0f:55:53:41:be:94:b9:8d:81:44: - fa:b5 + 00:d1:ba:03:81:9f:9e:55:9e:1a:95:8f:fd:1b:45: + 51:fe:91:3c:ac:14:9b:08:b7:0e:db:f2:2f:3f:83: + b8:06:59:7b:5f:67:74:e4:a1:36:40:b1:a0:32:c5: + 13:d7:ad:cb:3c:a7:e8:5d:73:bd:40:8b:0d:f1:3c: + fc:38:a1:e7:a1:09:94:44:e6:7d:86:cf:fd:cd:eb: + 47:90:29:53:97:22:3f:40:d4:d4:73:a2:17:00:fc: + 81:a9:57:5f:d6:21:92:06:8e:72:5e:f0:f7:f5:90: + aa:a2:b5:c6:58:9c:90:14:6f:72:f5:f0:8a:27:f6: + 4e:22:b2:3a:29:47:e1:3f:b5:69:38:e1:f0:6e:81: + 7e:9e:b0:0e:d3:01:81:57:95:78:06:75:66:4c:1e: + 2b:2d:d1:68:47:b9:94:47:55:a8:08:a8:0d:64:95: + e6:a2:b5:ce:74:74:91:3f:20:db:05:77:6b:0c:ed: + b4:6e:95:7d:d1:8c:d0:6c:3f:2f:ab:0e:d0:a9:c1: + 4e:2f:02:1b:e5:37:02:61:ab:6d:0e:2f:a8:d5:ca: + 08:1c:3c:75:17:e0:56:fc:07:68:89:4a:e3:1c:f4: + af:f1:eb:a6:b3:5e:68:9d:2f:e7:08:23:a3:9d:e5: + a4:78:ae:cc:39:95:a7:e1:6e:31:73:51:99:19:b2: + 17:87 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - A1:54:DE:B4:8A:C7:C9:C4:33:C6:9B:40:BF:3D:6E:CF:DB:47:EC:8C + 25:FF:8A:94:CE:C2:88:76:B1:E3:8A:B4:0E:F5:5F:B5:3A:2F:6C:B6 X509v3 Authority Key Identifier: - keyid:13:F7:B3:D5:1C:C9:63:BD:3A:24:01:43:AE:4A:26:96:46:55:F5:F0 + keyid:83:98:28:40:CF:A4:63:D5:9B:A8:81:96:82:A5:40:A6:47:2C:F2:42 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -55,42 +55,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - aa:f9:d5:79:52:fa:99:3e:d8:cd:ab:c3:e4:05:a9:85:c5:bf: - 78:3b:d6:14:0b:06:f4:62:77:8e:70:40:a5:b9:b4:46:52:5d: - 86:ad:52:52:f7:c3:1f:e9:e8:8a:e2:5b:23:63:bf:e8:5c:d8: - a6:11:ad:02:94:09:04:3b:67:cb:62:a3:09:67:eb:b3:68:0f: - 81:6d:0f:d6:4e:6c:d8:a3:e5:85:8f:8f:7e:65:a4:c7:d9:ba: - a8:05:22:2c:94:9d:8f:e4:d1:a5:5c:7e:c0:0f:39:3e:d7:b4: - 2c:df:d7:c1:ab:9e:5d:8d:28:51:d5:fa:2f:c6:fa:85:17:d4: - 05:d5:4d:d8:ee:6a:14:23:da:a0:cc:43:7b:65:54:71:e1:e1: - 79:b0:62:0a:a3:70:56:9b:53:5d:70:b7:78:6f:fd:ba:13:a7: - 99:0a:0a:b3:46:2a:7b:48:26:31:b2:50:aa:5e:29:d9:1b:55: - 1f:cb:de:2a:17:4d:ee:0d:67:2b:4e:dd:f6:54:d0:72:ec:e3: - 53:4e:24:26:a6:1e:17:e8:94:ca:a8:4a:3a:af:b8:48:51:1a: - 76:38:bd:bf:cb:c5:56:e4:a8:e4:f8:cb:cb:e9:97:ed:4e:b9: - af:fb:e7:92:d3:b7:ba:81:a0:13:e8:09:31:f3:45:91:2a:5c: - 93:12:a9:99 + 87:9e:4c:50:45:02:3d:74:32:3b:0c:b0:88:c9:b3:2f:2c:33: + 96:83:fe:20:75:fe:df:33:a6:1f:ab:99:5e:66:e2:94:b3:85: + a4:64:c3:95:a8:9e:be:fe:49:b1:22:84:38:dc:68:8e:43:a2: + e1:8e:4e:9a:a4:5c:67:ce:0e:4d:cd:b7:89:da:b0:0f:d6:81: + bb:ce:07:b9:a3:07:61:6e:60:e8:68:38:f8:99:65:53:2d:59: + 3a:28:52:e3:88:93:bf:f2:b3:8a:01:5f:76:cd:3f:46:a9:42: + cd:f2:ba:b7:d4:46:c6:38:c8:bb:7b:91:38:43:de:10:bb:b2: + d4:b8:ec:01:47:dc:74:c4:ef:87:77:af:f6:c3:2a:ec:2d:f4: + 69:3d:8b:f2:f2:8f:cb:ab:2a:69:4e:85:f0:af:19:53:b6:0e: + 8e:22:a2:0e:d0:4b:52:53:34:c3:8e:4a:25:48:38:b6:cd:5b: + 9f:02:93:d8:a9:96:59:05:ca:d2:9f:30:6c:93:e3:b3:cb:f7: + a8:10:c0:3b:b6:80:b0:5c:38:56:06:4b:b5:82:7d:e4:e7:7e: + 2a:d9:1b:80:08:da:4f:60:d3:35:87:17:e9:20:4f:70:18:2e: + 93:f3:1c:cc:3c:5c:59:43:ba:d0:e5:96:84:93:50:02:ea:3c: + cd:e6:55:a5 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTUwMzAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfgmoq -/jBHAIQG3kih/KXZLNV94nHr/7V72ozH/DiKo2Ra+AFw4MAm1HAsCNprXLRAQaqe -tB0Fm1R8VKS4BwOwaZWYxeZ6f3FvB92lIVl5fFh8AA2dGGvAPS3+xmNYxl8pRwG2 -ot279IqL0BU+CwEYNArUodPpesNdlyvHU/9JgTT8FrQC+HxVbvqbT80xGvXSXI+S -171IUKmxxInNbcgdmXc00dNhj7n4Oz7Gsy5fPND3BDRRn4NOex3JWVOBbtn3Szbc -gJ60pMtdGB3TUj7Ys04oxbosvdzR4koh5Srtb5eEqQGJ6y4hnrlKapvF/rBaNM8l -D1VTQb6UuY2BRPq1AgMBAAGjgekwgeYwHQYDVR0OBBYEFKFU3rSKx8nEM8abQL89 -bs/bR+yMMB8GA1UdIwQYMBaAFBP3s9UcyWO9OiQBQ65KJpZGVfXwMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRugOB +n55VnhqVj/0bRVH+kTysFJsItw7b8i8/g7gGWXtfZ3TkoTZAsaAyxRPXrcs8p+hd +c71Aiw3xPPw4oeehCZRE5n2Gz/3N60eQKVOXIj9A1NRzohcA/IGpV1/WIZIGjnJe +8Pf1kKqitcZYnJAUb3L18Ion9k4isjopR+E/tWk44fBugX6esA7TAYFXlXgGdWZM +Hist0WhHuZRHVagIqA1kleaitc50dJE/INsFd2sM7bRulX3RjNBsPy+rDtCpwU4v +AhvlNwJhq20OL6jVyggcPHUX4Fb8B2iJSuMc9K/x66azXmidL+cII6Od5aR4rsw5 +lafhbjFzUZkZsheHAgMBAAGjgekwgeYwHQYDVR0OBBYEFCX/ipTOwoh2seOKtA71 +X7U6L2y2MB8GA1UdIwQYMBaAFIOYKEDPpGPVm6iBloKlQKZHLPJCMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAqvnVeVL6mT7YzavD5AWp -hcW/eDvWFAsG9GJ3jnBApbm0RlJdhq1SUvfDH+noiuJbI2O/6FzYphGtApQJBDtn -y2KjCWfrs2gPgW0P1k5s2KPlhY+PfmWkx9m6qAUiLJSdj+TRpVx+wA85Pte0LN/X -waueXY0oUdX6L8b6hRfUBdVN2O5qFCPaoMxDe2VUceHhebBiCqNwVptTXXC3eG/9 -uhOnmQoKs0Yqe0gmMbJQql4p2RtVH8veKhdN7g1nK07d9lTQcuzjU04kJqYeF+iU -yqhKOq+4SFEadji9v8vFVuSo5PjLy+mX7U65r/vnktO3uoGgE+gJMfNFkSpckxKp -mQ== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAh55MUEUCPXQyOwywiMmz +LywzloP+IHX+3zOmH6uZXmbilLOFpGTDlaievv5JsSKEONxojkOi4Y5OmqRcZ84O +Tc23idqwD9aBu84HuaMHYW5g6Gg4+JllUy1ZOihS44iTv/KzigFfds0/RqlCzfK6 +t9RGxjjIu3uROEPeELuy1LjsAUfcdMTvh3ev9sMq7C30aT2L8vKPy6sqaU6F8K8Z +U7YOjiKiDtBLUlM0w45KJUg4ts1bnwKT2KmWWQXK0p8wbJPjs8v3qBDAO7aAsFw4 +VgZLtYJ95Od+KtkbgAjaT2DTNYcX6SBPcBguk/MczDxcWUO60OWWhJNQAuo8zeZV +pQ== -----END CERTIFICATE----- Certificate: @@ -107,30 +107,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ba:33:55:c9:1e:c0:91:17:3a:eb:30:8c:ed:23: - cc:1d:6d:1e:e7:6e:4e:ac:23:63:23:ae:48:87:13: - 61:0f:0c:0b:ee:72:f7:c2:7b:95:2e:7b:25:34:08: - b6:e1:f5:ae:50:bf:8f:cf:81:6e:e6:26:9f:92:61: - c4:fb:44:9e:23:09:df:13:80:bc:38:5b:db:08:6c: - 68:60:46:d4:e3:e0:41:91:c4:42:d5:d9:75:d2:c4: - df:29:b8:04:bb:96:dc:9d:e4:0b:f7:de:ab:cf:90: - ad:22:c8:ab:56:65:84:00:3b:b9:e6:29:b5:e2:96: - 88:bd:95:e5:10:6d:57:ab:be:d1:f4:61:bb:1d:b4: - 7f:f9:02:db:48:d3:21:9d:f1:03:77:bf:f9:ca:f3: - 4e:2d:44:1c:28:1d:c5:4f:30:1b:0a:8b:71:0e:5f: - 86:0a:3f:97:7f:47:a6:a2:3c:60:02:c6:e8:bd:e9: - 52:b1:0b:cb:53:d4:09:f4:b6:20:23:b4:89:09:ff: - 1a:61:e8:dd:ac:19:4d:be:94:1e:60:24:d4:6c:89: - 03:3a:c4:44:5b:dd:7c:59:37:b7:0c:83:40:24:0e: - ed:ab:02:cf:cd:93:d2:3d:5d:e0:c6:c4:c5:1d:1a: - 01:d1:e1:77:58:62:90:e1:83:af:d2:ee:31:f3:29: - 0c:1f + 00:d7:e6:30:ab:6e:50:4c:37:97:12:0b:a3:87:eb: + 68:99:df:83:be:e5:70:ee:74:b8:64:27:a1:60:ce: + 02:49:6a:84:d8:88:70:ad:53:cf:76:94:38:7b:91: + ad:ed:a4:1d:58:9f:99:ff:c6:3e:5f:11:be:17:f1: + e3:a0:05:3e:10:00:b7:10:4c:04:1c:e6:fa:e4:70: + c9:01:af:bd:b4:bc:7c:a2:8e:24:79:72:79:f1:58: + 1a:d7:b9:d3:3c:fc:cc:16:f0:14:67:f2:e5:89:e5: + cf:37:eb:16:d2:8b:e6:21:aa:83:d4:d8:94:cf:3f: + a3:f4:0a:e1:dc:37:e8:e9:24:42:60:14:20:9c:2c: + 3b:25:ef:81:d4:5a:09:a8:86:d7:76:0c:31:12:96: + ca:24:01:6a:54:a8:d5:00:6a:74:5a:e7:21:39:0c: + a0:b5:63:fe:a9:11:ac:dd:ca:b2:30:7a:94:85:42: + ca:0c:fd:ad:ef:d1:94:57:25:93:d4:83:e5:de:e8: + c1:96:9b:43:52:5d:e1:a1:b8:dc:91:97:15:09:80: + 58:42:01:6e:2a:47:ca:e5:a1:ba:47:e1:d2:7a:c6: + 20:b3:bb:e9:79:65:88:94:58:7f:ae:96:01:d3:e3: + 17:90:d4:06:74:92:96:71:fc:47:36:84:6a:ad:85: + 71:b9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 13:F7:B3:D5:1C:C9:63:BD:3A:24:01:43:AE:4A:26:96:46:55:F5:F0 + 83:98:28:40:CF:A4:63:D5:9B:A8:81:96:82:A5:40:A6:47:2C:F2:42 X509v3 Authority Key Identifier: - keyid:5F:B1:E2:C5:58:EB:EF:73:DC:15:A3:0F:8E:24:0C:6C:67:65:00:04 + keyid:03:75:5B:98:4F:24:A0:F2:7C:A3:A1:C3:82:12:34:75:A6:66:8B:30 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -145,41 +145,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - a5:43:87:2e:d0:2c:51:df:a7:aa:48:b4:38:fc:1d:6f:c9:db: - 23:32:75:f2:d1:52:45:ea:4a:89:1f:e9:10:0c:22:0d:70:3e: - f0:c1:cf:b7:a8:cd:af:d4:33:99:14:6e:62:b9:a8:0f:a6:2c: - 75:dd:d8:79:88:fc:cb:c4:7e:64:b1:2f:7a:0b:b2:a4:6c:82: - 29:7d:23:32:d3:de:a8:90:a8:77:f8:33:13:e9:3e:42:0b:32: - e8:50:e0:af:31:2f:b9:e5:be:b7:c7:16:ca:a7:96:9e:95:24: - d2:c1:b3:df:70:5f:7b:8a:33:6b:55:76:e8:18:32:66:0e:9a: - 60:cf:dc:30:1e:38:15:05:6e:cc:4a:1e:e7:2e:e0:5a:de:ea: - 84:a1:ce:04:fd:db:74:d6:fe:b6:4d:6b:86:38:22:78:f1:3e: - ba:dc:8b:85:a6:2f:56:10:1f:7d:b8:96:00:4c:d6:a3:fa:93: - fd:1b:29:64:40:7c:f8:65:3f:73:8a:7e:3e:72:c7:ce:19:74: - 51:21:26:5d:2d:41:a0:95:c9:8f:70:fd:2a:60:7a:b0:fc:e5: - 14:65:9a:3e:68:2c:4a:47:1b:5a:97:8a:31:a9:1a:1a:c9:fc: - e3:be:c9:dd:65:0f:33:2b:f9:d9:68:5b:54:22:c4:dc:a6:21: - 42:6c:ec:64 + 9e:e1:a4:23:8b:87:f9:a3:4b:0a:19:1e:7a:25:e2:49:1b:74: + 89:51:88:a4:90:a9:70:1a:f4:12:c3:de:b7:b6:b5:97:a2:65: + 1f:e3:e4:59:7b:4e:25:ef:0e:c8:d2:87:8c:cd:95:69:d7:a6: + 02:72:ee:16:c0:11:6b:bf:0e:a7:86:38:48:5b:0d:a0:c9:9d: + c4:4e:48:d3:3a:18:61:2e:cf:03:3c:a9:2b:71:f1:d6:75:d6: + a5:63:7d:a8:5d:30:59:2f:36:40:87:d0:79:e3:92:f1:9b:51: + db:a8:e2:44:c6:92:b3:38:50:38:20:4e:ff:4d:d8:7c:7d:a6: + a8:5f:b8:24:9f:91:8e:7f:e6:ba:82:81:2a:a9:45:f5:ed:77: + 3f:e6:5f:ca:ef:be:b4:4d:f7:c4:d3:8a:07:6b:60:b9:12:57: + f4:25:1e:92:f2:7b:21:11:7d:a3:c8:21:66:d6:a6:5a:a3:db: + c2:16:44:85:3b:49:4c:7e:4b:83:07:d5:5a:3d:9b:a3:3e:05: + 74:73:2c:a1:02:e9:d5:97:bf:23:17:c7:fc:29:a3:1c:95:40: + 76:3d:7e:55:b7:83:58:98:cf:52:5b:b3:a2:bb:16:1a:fd:ad: + 3b:9f:84:96:32:12:01:2e:70:5c:9b:5d:52:79:95:75:d0:de: + ab:36:63:cb -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujNVyR7A -kRc66zCM7SPMHW0e525OrCNjI65IhxNhDwwL7nL3wnuVLnslNAi24fWuUL+Pz4Fu -5iafkmHE+0SeIwnfE4C8OFvbCGxoYEbU4+BBkcRC1dl10sTfKbgEu5bcneQL996r -z5CtIsirVmWEADu55im14paIvZXlEG1Xq77R9GG7HbR/+QLbSNMhnfEDd7/5yvNO -LUQcKB3FTzAbCotxDl+GCj+Xf0emojxgAsbovelSsQvLU9QJ9LYgI7SJCf8aYejd -rBlNvpQeYCTUbIkDOsREW918WTe3DINAJA7tqwLPzZPSPV3gxsTFHRoB0eF3WGKQ -4YOv0u4x8ykMHwIDAQABo4HLMIHIMB0GA1UdDgQWBBQT97PVHMljvTokAUOuSiaW -RlX18DAfBgNVHSMEGDAWgBRfseLFWOvvc9wVow+OJAxsZ2UABDA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+Ywq25Q +TDeXEgujh+tomd+DvuVw7nS4ZCehYM4CSWqE2IhwrVPPdpQ4e5Gt7aQdWJ+Z/8Y+ +XxG+F/HjoAU+EAC3EEwEHOb65HDJAa+9tLx8oo4keXJ58Vga17nTPPzMFvAUZ/Ll +ieXPN+sW0ovmIaqD1NiUzz+j9Arh3Dfo6SRCYBQgnCw7Je+B1FoJqIbXdgwxEpbK +JAFqVKjVAGp0WuchOQygtWP+qRGs3cqyMHqUhULKDP2t79GUVyWT1IPl3ujBlptD +Ul3hobjckZcVCYBYQgFuKkfK5aG6R+HSesYgs7vpeWWIlFh/rpYB0+MXkNQGdJKW +cfxHNoRqrYVxuQIDAQABo4HLMIHIMB0GA1UdDgQWBBSDmChAz6Rj1ZuogZaCpUCm +RyzyQjAfBgNVHSMEGDAWgBQDdVuYTySg8nyjocOCEjR1pmaLMDA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AKVDhy7QLFHfp6pItDj8HW/J2yMydfLRUkXqSokf6RAMIg1wPvDBz7eoza/UM5kU -bmK5qA+mLHXd2HmI/MvEfmSxL3oLsqRsgil9IzLT3qiQqHf4MxPpPkILMuhQ4K8x -L7nlvrfHFsqnlp6VJNLBs99wX3uKM2tVdugYMmYOmmDP3DAeOBUFbsxKHucu4Fre -6oShzgT923TW/rZNa4Y4InjxPrrci4WmL1YQH324lgBM1qP6k/0bKWRAfPhlP3OK -fj5yx84ZdFEhJl0tQaCVyY9w/SpgerD85RRlmj5oLEpHG1qXijGpGhrJ/OO+yd1l -DzMr+dloW1QixNymIUJs7GQ= +AJ7hpCOLh/mjSwoZHnol4kkbdIlRiKSQqXAa9BLD3re2tZeiZR/j5Fl7TiXvDsjS +h4zNlWnXpgJy7hbAEWu/DqeGOEhbDaDJncROSNM6GGEuzwM8qStx8dZ11qVjfahd +MFkvNkCH0HnjkvGbUduo4kTGkrM4UDggTv9N2Hx9pqhfuCSfkY5/5rqCgSqpRfXt +dz/mX8rvvrRN98TTigdrYLkSV/QlHpLyeyERfaPIIWbWplqj28IWRIU7SUx+S4MH +1Vo9m6M+BXRzLKEC6dWXvyMXx/wpoxyVQHY9flW3g1iYz1Jbs6K7Fhr9rTufhJYy +EgEucFybXVJ5lXXQ3qs2Y8s= -----END CERTIFICATE----- Certificate: @@ -196,30 +196,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:df:9c:45:02:46:38:eb:d4:64:cd:8e:95:65:63: - d5:e6:71:8b:67:13:d8:bc:6d:64:73:d7:40:17:79: - 80:a4:8d:8e:5f:bf:5e:48:b0:2f:bc:49:08:71:b4: - 80:38:00:cd:e9:ee:2e:6e:73:8a:77:56:b4:b3:d0: - e3:0c:40:c9:ca:1f:9b:a0:89:68:07:34:cd:f4:f4: - b9:a2:c1:ca:42:0e:da:90:cf:95:89:3a:3c:de:ad: - a6:ff:49:6c:e2:5e:f5:0b:ff:be:06:ee:ab:e1:81: - e9:da:a3:b8:d5:63:af:5e:10:63:49:23:0a:1d:ca: - 3e:bc:96:6e:82:5c:4f:ce:56:a7:8f:53:34:65:cb: - 47:88:3e:38:4d:71:b6:8a:06:e4:ed:4f:d2:df:59: - 3e:a7:03:a7:be:c2:14:a6:cf:9e:4b:c8:a3:25:21: - b2:3e:f8:cd:65:de:fc:0e:52:fd:fa:cf:d3:07:af: - 79:53:11:bf:e6:77:ce:d8:1a:4b:4f:cb:d2:35:28: - f8:5a:4b:05:a2:dd:88:e1:54:ac:1a:15:8d:54:a2: - b7:ac:66:7a:f8:4a:2a:75:94:15:b3:44:c2:05:ff: - e3:a0:34:40:84:00:39:6d:6d:e1:8e:16:f3:d3:60: - 2b:95:2f:fc:74:6e:b1:83:b7:0b:9d:9e:d8:34:45: - 21:f7 + 00:a8:75:44:0e:b5:bf:02:84:f6:a2:71:18:fe:02: + cc:88:ee:9a:e6:c7:d2:42:52:e2:77:5a:89:e0:d8: + f3:db:39:4d:90:d8:f0:e8:91:d6:04:08:fc:ff:b6: + 28:84:7a:be:68:4c:be:b7:a5:34:14:8e:de:8d:9e: + 42:a9:83:4b:ce:9f:6f:fe:99:40:ff:90:67:96:22: + 72:3d:6d:e2:7c:f9:e4:28:d6:cb:48:1f:55:2c:68: + ea:83:74:2f:c4:d2:79:91:0c:51:4d:bb:a5:6d:e0: + 0b:27:29:71:c3:05:73:cb:81:04:43:da:5c:17:b4: + 94:d0:f6:71:72:d1:24:0f:c3:31:5f:f0:5c:69:62: + 14:6b:a3:55:2d:c4:d6:4c:10:31:f3:ab:40:3a:52: + d3:84:08:c3:57:df:29:26:f4:98:81:18:fc:48:f8: + 2b:2e:65:35:81:fa:09:3d:bf:63:b3:f2:e6:fd:23: + 3a:bc:4e:1a:47:f6:5c:31:82:e5:fe:a1:09:ce:c5: + 0c:29:55:39:52:e9:d9:62:86:c7:2c:c3:da:d9:bc: + f0:38:97:93:54:21:2e:69:e0:a0:49:d8:27:1b:e6: + a9:0a:74:64:34:f7:ed:20:61:9f:48:db:87:aa:43: + 41:09:fb:ec:f4:ae:a8:e8:f4:f2:7b:6a:de:dc:b6: + 52:9b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 5F:B1:E2:C5:58:EB:EF:73:DC:15:A3:0F:8E:24:0C:6C:67:65:00:04 + 03:75:5B:98:4F:24:A0:F2:7C:A3:A1:C3:82:12:34:75:A6:66:8B:30 X509v3 Authority Key Identifier: - keyid:5F:B1:E2:C5:58:EB:EF:73:DC:15:A3:0F:8E:24:0C:6C:67:65:00:04 + keyid:03:75:5B:98:4F:24:A0:F2:7C:A3:A1:C3:82:12:34:75:A6:66:8B:30 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -234,41 +234,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 98:24:67:cd:0c:c3:0f:c5:09:c1:b3:b2:c3:eb:90:d5:1b:7e: - ce:45:7e:e8:f9:ae:bd:54:46:58:4e:0f:b3:65:30:45:98:3e: - 02:bf:a0:a9:e6:9c:69:f7:94:c8:bc:3d:33:ed:ac:52:5e:65: - 58:f1:ef:4d:bd:bf:39:65:62:e1:75:35:b2:27:92:fa:9b:3d: - 92:ed:51:f3:73:9a:73:2f:2f:61:2a:1d:34:e0:a1:fa:fc:b3: - dc:24:40:af:14:fd:d5:26:d0:5e:cb:fd:05:8b:88:f5:5c:0f: - 6f:75:68:c5:32:f1:1d:cd:a2:be:b2:66:0c:1a:4c:d6:df:1b: - e4:09:b9:bf:32:41:59:ca:bc:48:33:b1:ec:6a:fa:4d:dc:72: - ae:96:15:29:35:78:85:96:f9:64:05:75:50:b3:3e:b0:f8:15: - 7c:06:54:ff:36:98:2a:6d:4f:33:b0:78:1c:d3:be:12:2d:5b: - b4:37:2b:04:1b:d8:ce:28:db:9c:6d:49:e8:6f:f6:45:75:0a: - fb:69:dc:71:63:cd:c6:17:84:4b:8a:14:a0:ef:42:6a:6f:f2: - a8:76:e9:c6:4b:94:d2:24:f5:aa:80:d2:b6:81:17:c6:7d:7d: - 88:36:fe:26:44:cf:36:5a:5e:de:c4:34:da:54:1e:89:1f:d6: - 98:9e:3c:f7 + 60:21:00:45:b7:cb:54:72:f2:a9:28:a1:3e:53:58:25:e7:4d: + 06:6c:34:5c:ad:7e:7c:c4:7e:f4:a4:43:71:c4:fe:bc:90:0b: + 26:66:dd:a2:75:e4:4d:fc:82:75:e1:3c:f5:a3:b5:66:42:a9: + 21:15:a6:c7:4a:17:1b:7d:92:42:82:b2:49:c0:10:d4:d8:f7: + d9:48:a8:c0:80:88:a2:15:68:01:e4:70:5b:79:17:1b:77:30: + 92:5b:29:37:e1:5b:31:61:0d:de:cf:59:61:6c:02:ee:8a:e0: + 20:85:71:c7:d8:df:ea:0d:09:d0:c9:78:19:f8:b6:6c:fb:0b: + 5b:10:f8:2d:35:f5:f3:0c:f1:cb:fc:b1:71:fa:be:90:b6:f3: + 7b:19:49:8f:68:8d:bb:40:ce:4c:35:51:9b:6f:0d:f2:f5:06: + 36:12:6d:14:de:30:c6:89:7c:c6:bf:52:aa:c6:5c:11:ea:10: + c7:91:1a:b7:e7:79:8c:e6:02:ea:1e:87:2e:0b:ed:3c:03:f4: + b9:79:ff:b5:7a:4c:7e:cb:df:92:2e:7a:50:a5:56:c1:90:c5: + da:e5:0c:12:3a:0c:21:d7:e3:ff:6f:f8:bb:6a:bf:65:55:60: + f1:24:e3:ed:fa:0f:d7:64:f2:16:b1:7c:eb:b8:8e:36:fa:a0: + 01:33:ef:9a -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+cRQJGOOvUZM2OlWVj -1eZxi2cT2LxtZHPXQBd5gKSNjl+/XkiwL7xJCHG0gDgAzenuLm5zindWtLPQ4wxA -ycofm6CJaAc0zfT0uaLBykIO2pDPlYk6PN6tpv9JbOJe9Qv/vgbuq+GB6dqjuNVj -r14QY0kjCh3KPryWboJcT85Wp49TNGXLR4g+OE1xtooG5O1P0t9ZPqcDp77CFKbP -nkvIoyUhsj74zWXe/A5S/frP0weveVMRv+Z3ztgaS0/L0jUo+FpLBaLdiOFUrBoV -jVSit6xmevhKKnWUFbNEwgX/46A0QIQAOW1t4Y4W89NgK5Uv/HRusYO3C52e2DRF -IfcCAwEAAaOByzCByDAdBgNVHQ4EFgQUX7HixVjr73PcFaMPjiQMbGdlAAQwHwYD -VR0jBBgwFoAUX7HixVjr73PcFaMPjiQMbGdlAAQwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKh1RA61vwKE9qJxGP4C +zIjumubH0kJS4ndaieDY89s5TZDY8OiR1gQI/P+2KIR6vmhMvrelNBSO3o2eQqmD +S86fb/6ZQP+QZ5Yicj1t4nz55CjWy0gfVSxo6oN0L8TSeZEMUU27pW3gCycpccMF +c8uBBEPaXBe0lND2cXLRJA/DMV/wXGliFGujVS3E1kwQMfOrQDpS04QIw1ffKSb0 +mIEY/Ej4Ky5lNYH6CT2/Y7Py5v0jOrxOGkf2XDGC5f6hCc7FDClVOVLp2WKGxyzD +2tm88DiXk1QhLmngoEnYJxvmqQp0ZDT37SBhn0jbh6pDQQn77PSuqOj08ntq3ty2 +UpsCAwEAAaOByzCByDAdBgNVHQ4EFgQUA3VbmE8koPJ8o6HDghI0daZmizAwHwYD +VR0jBBgwFoAUA3VbmE8koPJ8o6HDghI0daZmizAwNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCYJGfNDMMP -xQnBs7LD65DVG37ORX7o+a69VEZYTg+zZTBFmD4Cv6Cp5pxp95TIvD0z7axSXmVY -8e9Nvb85ZWLhdTWyJ5L6mz2S7VHzc5pzLy9hKh004KH6/LPcJECvFP3VJtBey/0F -i4j1XA9vdWjFMvEdzaK+smYMGkzW3xvkCbm/MkFZyrxIM7HsavpN3HKulhUpNXiF -lvlkBXVQsz6w+BV8BlT/NpgqbU8zsHgc074SLVu0NysEG9jOKNucbUnob/ZFdQr7 -adxxY83GF4RLihSg70Jqb/KodunGS5TSJPWqgNK2gRfGfX2INv4mRM82Wl7exDTa -VB6JH9aYnjz3 +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBgIQBFt8tU +cvKpKKE+U1gl500GbDRcrX58xH70pENxxP68kAsmZt2ideRN/IJ14Tz1o7VmQqkh +FabHShcbfZJCgrJJwBDU2PfZSKjAgIiiFWgB5HBbeRcbdzCSWyk34VsxYQ3ez1lh +bALuiuAghXHH2N/qDQnQyXgZ+LZs+wtbEPgtNfXzDPHL/LFx+r6QtvN7GUmPaI27 +QM5MNVGbbw3y9QY2Em0U3jDGiXzGv1KqxlwR6hDHkRq353mM5gLqHocuC+08A/S5 +ef+1ekx+y9+SLnpQpVbBkMXa5QwSOgwh1+P/b/i7ar9lVWDxJOPt+g/XZPIWsXzr +uI42+qABM++a -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -281,10 +281,15 @@ FAIL RkFJTA== -----END VERIFY_RESULT----- -[Context] Processing Certificate - index: 1 - [Error] Time is after notAfter +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=0 (CN=Target) ----- +ERROR: Time is after notAfter + -----BEGIN ERRORS----- -W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMQogICAgICBbRXJyb3JdIFRpbWUgaXMgYWZ0ZXIgbm90QWZ0ZXIK +LS0tLS0gQ2VydGlmaWNhdGUgaT0wIChDTj1UYXJnZXQpIC0tLS0tCkVSUk9SOiBUaW1lIGlzIGFmdGVyIG5vdEFmdGVyCgo= -----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/expired-unconstrained-root.pem b/chromium/net/data/verify_certificate_chain_unittest/expired-unconstrained-root.pem index cdb2edebb3a..90f131ad2d5 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/expired-unconstrained-root.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/expired-unconstrained-root.pem @@ -19,30 +19,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b3:fa:1c:ab:da:95:23:00:c5:f7:9d:3e:fa:be: - 50:46:36:b3:b8:6c:9b:ed:57:22:ae:c1:19:65:f5: - 53:9b:55:48:bd:9f:59:95:8f:a6:a8:33:25:87:f8: - 69:be:58:ac:73:1f:aa:5b:0d:8d:ed:65:53:a8:fd: - a4:99:92:d7:9f:a2:ce:9d:09:a7:af:65:dd:e7:1c: - 18:9d:61:6e:3f:05:7c:09:10:03:50:90:03:3a:20: - 7c:b5:80:f3:16:8b:d8:1e:c9:e4:53:5d:1c:6e:e2: - b3:b3:9d:87:fa:2b:47:25:fe:ee:8b:4e:22:35:cc: - 22:59:94:78:13:57:67:69:ab:99:14:70:94:2c:0e: - 32:e3:bc:89:b4:e4:b1:09:4b:ae:bd:6d:7e:cd:a8: - ff:ee:37:8b:1a:25:5e:ae:21:51:e2:cb:9c:6a:a5: - 27:23:62:c7:62:89:a1:69:13:c3:03:ec:f9:a7:5a: - 90:e2:e0:c5:c7:6d:ec:76:f5:76:88:f5:15:1a:4d: - 00:da:38:51:ea:03:16:a4:90:74:87:6e:ba:23:3a: - 91:58:a0:94:6c:3c:8c:f1:c6:2f:69:9e:41:1a:50: - ea:3b:d1:a6:d2:9b:50:04:63:ca:b7:c1:eb:04:07: - 89:40:43:07:1e:84:d5:6c:08:01:50:7f:7b:aa:9e: - c4:4d + 00:c8:7c:97:b3:0d:f9:56:4b:f9:6c:a3:4b:05:f3: + d6:34:aa:f9:3b:b9:59:7f:02:7b:89:b5:d0:9b:be: + 38:c9:e6:62:0e:79:38:c7:aa:bc:2c:0b:6b:3e:b5: + 22:ba:8a:23:2f:ee:c4:8b:5a:59:a7:9e:4d:a0:bb: + a2:13:61:9e:d6:b0:1f:34:74:b6:bc:ff:fd:ee:95: + 00:5b:3a:71:e1:c1:5c:89:5f:f4:70:60:f1:ca:1c: + 2d:33:49:03:a2:78:a1:b4:96:f1:ef:6a:ba:03:77: + 89:bc:64:34:99:b1:20:54:18:78:5b:d7:98:c9:c2: + d2:f1:c6:64:2f:18:2f:b8:e7:e7:25:78:91:7a:59: + 34:ca:2f:e2:c9:47:62:b6:ff:0d:39:11:03:f5:97: + e5:fd:33:14:52:4f:cc:46:6e:b1:8c:52:00:fb:dd: + be:e7:dd:fe:93:49:15:ae:98:86:bf:ea:13:ca:2b: + 29:4a:16:ab:83:4f:26:e5:bd:e8:23:40:55:a9:a3: + aa:f4:0c:56:54:13:a0:f1:dd:3b:6b:d1:7b:2b:a8: + 46:37:3a:fa:6b:2c:94:0e:17:0a:1b:f0:fa:37:1f: + e1:14:74:d8:50:43:f6:86:9c:99:bb:03:6e:46:1e: + e4:64:f5:4f:4f:67:b8:f6:8c:c2:5e:9d:ef:c1:0f: + ac:c3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - BD:E0:2F:8E:DD:4A:65:2F:EE:52:E4:0F:3B:8A:28:80:D6:17:C4:76 + CA:78:A4:F1:F5:90:DF:91:0F:99:E9:68:EC:EA:37:23:7B:83:C1:6D X509v3 Authority Key Identifier: - keyid:A8:9E:04:25:6D:55:C9:D7:11:47:D3:DD:67:71:0E:7E:88:89:49:71 + keyid:56:44:1D:0C:BA:47:5A:7D:24:AB:AC:13:96:25:FF:86:D0:08:85:8C Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -57,42 +57,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 95:07:d3:f3:57:d3:2d:c3:f9:d5:4a:d4:54:85:1f:25:3d:3c: - e8:34:6f:6e:bc:5a:b3:50:fd:4f:b5:cf:87:54:26:7b:ab:4d: - 5d:28:af:29:d1:24:ad:75:5d:3f:5b:68:63:b3:c0:20:82:8e: - c4:7f:58:7c:74:ea:d8:0d:50:11:63:43:ee:67:af:9f:16:c3: - 89:f1:15:a6:94:a9:72:bb:0c:40:48:54:25:87:e7:94:6f:34: - f5:83:03:ed:2a:6f:b6:2d:b7:70:4d:8b:6e:31:80:0c:dd:3d: - 9a:84:5a:55:ce:b7:08:a9:15:59:66:ec:a9:a1:4f:79:73:16: - a2:6a:44:1f:7a:6d:69:f2:de:a0:50:07:da:01:4b:22:2e:40: - f4:8b:e7:7c:f3:cd:27:fd:92:eb:fd:e8:4a:da:32:91:6a:ec: - b8:0c:49:db:f8:73:5e:a4:83:a2:c2:40:dd:e0:78:f9:3c:83: - 39:e4:22:88:7c:d1:cf:58:4a:4c:f1:0b:4f:21:94:c4:fb:4e: - a8:c4:84:ce:6a:7c:ff:0c:9b:1f:c6:db:67:22:6d:29:2f:28: - 81:60:c2:a3:ab:af:fa:f9:a5:55:83:35:97:1d:17:23:2a:32: - 75:92:7b:2b:67:99:3c:25:f4:b5:c8:74:ac:05:7e:59:43:5c: - 47:38:16:9b + 18:42:14:de:e2:54:ee:72:4c:e2:22:ae:bf:58:10:f3:51:e3: + 00:a3:93:48:aa:a5:88:54:64:df:d0:d8:46:a7:68:ac:e4:ce: + 18:59:c1:40:1b:19:7a:5c:61:1e:98:38:3a:6a:a4:19:85:3c: + da:f7:31:2e:cb:b1:a1:fe:5c:a7:54:02:ca:e5:dd:78:ae:24: + 9a:79:ce:72:c0:60:e4:e2:ef:5e:d8:b1:96:a2:41:28:01:e6: + d1:16:f9:65:b4:68:82:78:00:e5:72:5b:56:62:6e:3d:f6:0a: + 4e:76:56:39:c7:92:35:7e:cc:22:98:be:17:1e:f0:ae:4d:1b: + 5d:e2:e6:f9:8d:ce:8a:24:0e:12:31:e0:0d:ca:c7:18:70:f5: + 3e:a5:79:e1:d5:96:60:87:36:98:b6:5c:f4:91:3b:76:c4:d5: + 1f:95:a0:4f:e5:60:94:15:23:0f:4c:51:4a:b2:5e:24:6e:16: + a7:1a:86:43:58:e9:8b:2d:2e:3a:b2:8a:82:fd:af:40:7d:97: + 53:a9:12:ae:3c:aa:3f:5c:1b:6e:14:ef:22:32:c5:4f:f1:02: + 67:56:68:e7:ee:ee:f9:a3:ba:71:90:cb:6b:85:d3:15:78:11: + ce:50:ca:36:32:8e:e8:09:a1:6f:23:ff:26:5a:fd:75:8e:0d: + 5d:db:7f:de -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz+hyr -2pUjAMX3nT76vlBGNrO4bJvtVyKuwRll9VObVUi9n1mVj6aoMyWH+Gm+WKxzH6pb -DY3tZVOo/aSZktefos6dCaevZd3nHBidYW4/BXwJEANQkAM6IHy1gPMWi9geyeRT -XRxu4rOznYf6K0cl/u6LTiI1zCJZlHgTV2dpq5kUcJQsDjLjvIm05LEJS669bX7N -qP/uN4saJV6uIVHiy5xqpScjYsdiiaFpE8MD7PmnWpDi4MXHbex29XaI9RUaTQDa -OFHqAxakkHSHbrojOpFYoJRsPIzxxi9pnkEaUOo70abSm1AEY8q3wesEB4lAQwce -hNVsCAFQf3uqnsRNAgMBAAGjgekwgeYwHQYDVR0OBBYEFL3gL47dSmUv7lLkDzuK -KIDWF8R2MB8GA1UdIwQYMBaAFKieBCVtVcnXEUfT3WdxDn6IiUlxMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIfJez +DflWS/lso0sF89Y0qvk7uVl/AnuJtdCbvjjJ5mIOeTjHqrwsC2s+tSK6iiMv7sSL +Wlmnnk2gu6ITYZ7WsB80dLa8//3ulQBbOnHhwVyJX/RwYPHKHC0zSQOieKG0lvHv +aroDd4m8ZDSZsSBUGHhb15jJwtLxxmQvGC+45+cleJF6WTTKL+LJR2K2/w05EQP1 +l+X9MxRST8xGbrGMUgD73b7n3f6TSRWumIa/6hPKKylKFquDTyblvegjQFWpo6r0 +DFZUE6Dx3Ttr0XsrqEY3OvprLJQOFwob8Po3H+EUdNhQQ/aGnJm7A25GHuRk9U9P +Z7j2jMJene/BD6zDAgMBAAGjgekwgeYwHQYDVR0OBBYEFMp4pPH1kN+RD5npaOzq +NyN7g8FtMB8GA1UdIwQYMBaAFFZEHQy6R1p9JKusE5Yl/4bQCIWMMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAlQfT81fTLcP51UrUVIUf -JT086DRvbrxas1D9T7XPh1Qme6tNXSivKdEkrXVdP1toY7PAIIKOxH9YfHTq2A1Q -EWND7mevnxbDifEVppSpcrsMQEhUJYfnlG809YMD7Spvti23cE2LbjGADN09moRa -Vc63CKkVWWbsqaFPeXMWompEH3ptafLeoFAH2gFLIi5A9IvnfPPNJ/2S6/3oStoy -kWrsuAxJ2/hzXqSDosJA3eB4+TyDOeQiiHzRz1hKTPELTyGUxPtOqMSEzmp8/wyb -H8bbZyJtKS8ogWDCo6uv+vmlVYM1lx0XIyoydZJ7K2eZPCX0tch0rAV+WUNcRzgW -mw== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAGEIU3uJU7nJM4iKuv1gQ +81HjAKOTSKqliFRk39DYRqdorOTOGFnBQBsZelxhHpg4OmqkGYU82vcxLsuxof5c +p1QCyuXdeK4kmnnOcsBg5OLvXtixlqJBKAHm0Rb5ZbRogngA5XJbVmJuPfYKTnZW +OceSNX7MIpi+Fx7wrk0bXeLm+Y3OiiQOEjHgDcrHGHD1PqV54dWWYIc2mLZc9JE7 +dsTVH5WgT+VglBUjD0xRSrJeJG4WpxqGQ1jpiy0uOrKKgv2vQH2XU6kSrjyqP1wb +bhTvIjLFT/ECZ1Zo5+7u+aO6cZDLa4XTFXgRzlDKNjKO6AmhbyP/Jlr9dY4NXdt/ +3g== -----END CERTIFICATE----- Certificate: @@ -109,30 +109,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c0:b1:53:c8:38:a8:e5:4e:90:c9:19:52:07:46: - ec:7c:87:46:9e:ac:a4:c9:51:89:9c:55:43:98:a0: - 58:60:59:ce:73:e2:53:df:4a:e5:fb:ee:57:a9:9c: - da:d3:c4:76:6b:82:77:94:ee:83:39:e5:d6:6e:ed: - e1:3f:6e:80:a0:51:82:85:79:14:53:b6:aa:15:d8: - d7:7a:1a:96:26:8f:09:b8:29:b4:c8:6c:a7:80:e6: - 10:18:ec:d7:f7:b0:ff:59:19:45:f8:37:de:28:bd: - 56:4f:67:53:c1:80:44:7d:80:b5:dd:d6:6f:bf:3b: - 1f:02:f3:00:67:88:7d:36:65:13:39:7d:3e:a8:35: - 13:54:e4:91:c8:ee:f1:53:fd:af:f7:3b:f8:59:e0: - bc:e0:1e:ac:41:01:d1:b8:01:ee:ae:d2:39:b8:fa: - 57:6e:b2:7a:98:5f:51:ac:d6:6a:38:80:6b:01:64: - 13:96:d7:0b:74:5f:76:82:d9:44:9d:47:26:cc:59: - 9a:22:3c:72:eb:20:9a:d9:2b:b1:dd:cd:0a:54:0b: - 77:0b:83:2c:0d:bf:b4:62:4a:fc:87:84:4f:29:8d: - fc:6c:b9:3a:4c:8b:45:85:2b:48:7d:2c:33:1f:ac: - 8b:77:39:8c:cb:0c:f4:08:93:4c:ec:34:15:be:81: - 09:a3 + 00:b8:ea:dc:cf:e7:81:3c:c1:99:70:bd:71:4c:93: + 94:33:49:be:87:bf:28:2b:d0:6c:38:90:66:7d:37: + d5:a3:f1:5c:a1:a5:41:35:0b:5c:a7:bc:8f:ac:b3: + 09:ef:62:68:9f:60:3e:9e:4c:cb:7f:a4:bf:4a:0f: + a7:b2:5a:93:ec:b8:14:30:3f:d9:86:b8:ad:31:8a: + bf:20:ab:c7:40:dc:28:5b:3e:dc:39:b2:00:44:34: + 01:d6:81:13:a7:e6:d1:d8:d3:68:22:95:ee:bf:bd: + e4:d1:9f:08:dd:a9:ff:65:ff:81:6a:68:1d:ee:d3: + d5:c4:76:85:54:43:73:bf:f0:3c:c1:66:bb:a4:eb: + 22:1e:81:29:dd:4f:41:c2:a4:73:63:43:24:60:ef: + e2:f0:ae:e6:a6:25:c8:a9:ee:1b:7f:ab:be:71:cb: + f7:15:cb:2d:b4:a7:56:4b:2b:35:08:9b:12:70:15: + 33:53:ca:a7:b4:97:37:34:d3:f7:d5:f8:19:54:03: + 50:b4:f5:47:1a:f1:10:03:b5:54:64:c1:9c:b5:6d: + 14:0a:5a:28:24:4b:11:b6:fe:70:c2:0f:80:82:cd: + 94:59:16:ff:75:8b:da:91:3d:5f:16:95:4d:61:77: + 67:28:37:3b:6e:a6:a4:88:33:01:12:a0:10:fc:59: + 49:d3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - A8:9E:04:25:6D:55:C9:D7:11:47:D3:DD:67:71:0E:7E:88:89:49:71 + 56:44:1D:0C:BA:47:5A:7D:24:AB:AC:13:96:25:FF:86:D0:08:85:8C X509v3 Authority Key Identifier: - keyid:29:13:82:EE:25:10:7F:40:23:D6:A7:1B:28:25:35:8A:E8:B6:AA:28 + keyid:07:75:1E:E3:64:F9:CA:06:47:B4:68:B9:D8:34:39:46:87:8D:27:A1 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -147,41 +147,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 57:37:54:5c:fd:ce:4e:4c:0f:b5:37:13:0d:0e:5f:dd:d8:4c: - 17:53:38:e6:07:65:6c:67:80:e0:75:25:26:78:7b:2e:b8:1a: - 6c:31:44:a1:5f:73:83:6d:34:1e:ff:76:42:d5:ad:ab:c0:b9: - cc:25:9e:88:7f:be:29:db:49:25:08:5d:3b:7d:43:2e:85:66: - ff:fe:b5:d4:aa:21:7a:b8:5a:b4:49:ab:c6:ef:8d:28:64:f4: - ea:be:64:33:c4:94:c6:31:f5:cc:55:cb:f1:20:be:e6:85:03: - 32:99:61:e0:09:3c:e6:df:61:9a:c5:45:ea:f8:a3:f8:c1:6d: - ff:7b:44:04:8e:7f:74:89:ab:39:5a:fc:a6:09:77:9c:5d:1c: - 99:a8:db:bc:2a:8e:19:25:8d:e3:10:37:94:42:e7:37:9c:16: - ba:be:4b:67:94:5f:18:2e:ae:e3:fd:ef:15:12:7d:4b:5a:47: - b7:45:7a:ee:27:3f:e1:6b:42:02:75:40:36:50:fd:6c:1e:de: - 8a:b9:f7:d5:f8:69:0c:fd:58:65:35:64:a2:ca:c5:1e:b3:aa: - a0:4b:42:22:00:e3:d8:e7:b4:e8:69:48:37:42:55:60:24:48: - 9a:d8:42:9e:d9:cf:2b:3c:9e:b1:fc:2f:39:5d:b5:fe:e3:72: - 44:e4:00:50 + 38:e4:78:d9:89:e4:56:3c:54:06:4a:fa:95:79:32:8c:0c:94: + e8:85:29:b4:d7:c8:d3:9b:6a:69:30:b6:f5:1f:8a:4c:09:6d: + b5:a3:43:ae:9f:75:35:5b:80:7e:82:eb:fb:1c:17:9c:9f:ff: + 71:e8:e5:83:2e:a4:f1:8a:40:23:5a:62:ab:40:2a:b0:7f:9a: + b3:ec:c4:75:a8:af:29:9e:e6:59:6e:85:a2:36:1a:51:e8:e8: + 22:3f:ff:49:22:4e:7f:64:03:2e:94:d0:8c:6d:85:e2:84:65: + fb:02:e2:27:9b:cf:1e:54:a9:69:94:68:29:4b:87:46:5c:50: + ee:ef:29:30:f5:7f:87:1d:53:05:68:bf:c6:a8:9f:b1:6a:5a: + ca:4f:03:dd:f5:de:88:36:7d:04:57:a5:df:ff:f8:db:5d:cc: + 9f:92:28:23:1b:06:aa:7e:e0:2d:ad:9d:05:d4:58:40:7a:5c: + cb:69:fa:44:91:02:ac:12:fa:dd:b5:0e:7f:e7:2d:31:69:c6: + 4f:70:b2:8f:ae:73:70:ca:e3:3b:8e:0c:af:3f:19:47:ac:7b: + b1:36:c2:07:67:c4:47:46:fe:e0:cd:a4:7f:80:f5:8a:f5:af: + 91:da:a2:f9:28:87:09:fe:4c:2c:6d:1d:e9:05:d1:12:31:ae: + b3:fe:44:ca -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLFTyDio -5U6QyRlSB0bsfIdGnqykyVGJnFVDmKBYYFnOc+JT30rl++5XqZza08R2a4J3lO6D -OeXWbu3hP26AoFGChXkUU7aqFdjXehqWJo8JuCm0yGyngOYQGOzX97D/WRlF+Dfe -KL1WT2dTwYBEfYC13dZvvzsfAvMAZ4h9NmUTOX0+qDUTVOSRyO7xU/2v9zv4WeC8 -4B6sQQHRuAHurtI5uPpXbrJ6mF9RrNZqOIBrAWQTltcLdF92gtlEnUcmzFmaIjxy -6yCa2Sux3c0KVAt3C4MsDb+0Ykr8h4RPKY38bLk6TItFhStIfSwzH6yLdzmMywz0 -CJNM7DQVvoEJowIDAQABo4HLMIHIMB0GA1UdDgQWBBSongQlbVXJ1xFH091ncQ5+ -iIlJcTAfBgNVHSMEGDAWgBQpE4LuJRB/QCPWpxsoJTWK6LaqKDA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOrcz+eB +PMGZcL1xTJOUM0m+h78oK9BsOJBmfTfVo/FcoaVBNQtcp7yPrLMJ72Jon2A+nkzL +f6S/Sg+nslqT7LgUMD/ZhritMYq/IKvHQNwoWz7cObIARDQB1oETp+bR2NNoIpXu +v73k0Z8I3an/Zf+Bamgd7tPVxHaFVENzv/A8wWa7pOsiHoEp3U9BwqRzY0MkYO/i +8K7mpiXIqe4bf6u+ccv3FcsttKdWSys1CJsScBUzU8qntJc3NNP31fgZVANQtPVH +GvEQA7VUZMGctW0UClooJEsRtv5wwg+Ags2UWRb/dYvakT1fFpVNYXdnKDc7bqak +iDMBEqAQ/FlJ0wIDAQABo4HLMIHIMB0GA1UdDgQWBBRWRB0MukdafSSrrBOWJf+G +0AiFjDAfBgNVHSMEGDAWgBQHdR7jZPnKBke0aLnYNDlGh40noTA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AFc3VFz9zk5MD7U3Ew0OX93YTBdTOOYHZWxngOB1JSZ4ey64GmwxRKFfc4NtNB7/ -dkLVravAucwlnoh/vinbSSUIXTt9Qy6FZv/+tdSqIXq4WrRJq8bvjShk9Oq+ZDPE -lMYx9cxVy/EgvuaFAzKZYeAJPObfYZrFRer4o/jBbf97RASOf3SJqzla/KYJd5xd -HJmo27wqjhkljeMQN5RC5zecFrq+S2eUXxguruP97xUSfUtaR7dFeu4nP+FrQgJ1 -QDZQ/Wwe3oq599X4aQz9WGU1ZKLKxR6zqqBLQiIA49jntOhpSDdCVWAkSJrYQp7Z -zys8nrH8Lzldtf7jckTkAFA= +ADjkeNmJ5FY8VAZK+pV5MowMlOiFKbTXyNObamkwtvUfikwJbbWjQ66fdTVbgH6C +6/scF5yf/3Ho5YMupPGKQCNaYqtAKrB/mrPsxHWoryme5lluhaI2GlHo6CI//0ki +Tn9kAy6U0IxtheKEZfsC4iebzx5UqWmUaClLh0ZcUO7vKTD1f4cdUwVov8aon7Fq +WspPA9313og2fQRXpd//+NtdzJ+SKCMbBqp+4C2tnQXUWEB6XMtp+kSRAqwS+t21 +Dn/nLTFpxk9wso+uc3DK4zuODK8/GUese7E2wgdnxEdG/uDNpH+A9Yr1r5Haovko +hwn+TCxtHekF0RIxrrP+RMo= -----END CERTIFICATE----- Certificate: @@ -198,30 +198,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b4:d2:a3:a5:24:1a:21:0c:58:52:09:77:f1:ab: - 2d:49:cb:b0:e5:e2:3c:12:9a:bd:a8:df:36:37:fe: - be:97:6f:18:b0:8e:51:08:94:c1:8e:3e:8f:f0:ae: - 23:19:5e:0a:eb:5e:02:a1:bb:be:61:83:39:cb:52: - e1:8f:0e:ba:61:c4:4b:53:09:c3:f7:38:a3:95:fc: - 89:86:06:59:bc:0c:b5:e1:a2:d3:6d:d8:84:de:75: - 80:7b:1d:04:04:b0:94:03:07:42:b4:73:52:96:b0: - 68:3c:08:e3:b3:af:e9:29:60:f6:4f:6f:8a:42:fc: - 85:63:f6:18:d6:12:6c:6e:94:eb:c3:c0:60:12:19: - f8:61:d6:47:72:46:1a:cd:ed:6a:0b:65:cc:91:68: - ec:a7:c7:f1:c8:7a:44:5c:1e:e8:8e:2b:ed:50:82: - a2:1d:31:31:be:bd:06:56:52:20:bf:37:25:3d:cf: - 18:7f:87:94:ba:c7:9d:6e:68:7f:96:29:20:b7:dc: - fc:73:d9:26:82:6e:f1:97:c2:48:9d:71:35:5c:3e: - b6:86:69:e5:b5:1a:e9:08:4e:dc:dd:c5:0d:e1:4e: - 08:97:0a:41:1a:39:56:b1:31:02:0f:c2:e2:94:a0: - 3a:e0:d8:77:6e:a9:b6:fe:1d:8e:38:ad:52:e6:de: - 59:e3 + 00:a9:91:e0:b0:cc:ae:f4:2a:c1:32:17:cf:cf:c8: + f1:19:d8:82:d0:ae:e4:22:4b:3b:94:af:4a:ee:7a: + 36:29:60:18:39:8f:f2:51:d7:1c:a0:18:29:f1:98: + cb:8d:fa:e0:09:d6:0d:7f:74:08:cb:58:2e:0f:8b: + 1c:9d:05:31:8a:e2:41:b6:18:0f:98:ee:70:78:d3: + 2b:50:d4:87:a7:f6:36:6b:71:40:37:97:a9:34:3f: + a1:40:37:f7:e3:5b:bc:4f:21:b6:80:ef:c9:cb:e8: + 94:da:fa:d0:23:33:e6:e1:7f:57:72:59:c6:ca:7f: + 93:2f:5c:5e:d9:a8:55:8e:f2:a0:45:77:03:29:6b: + 55:f6:38:c2:fa:42:bc:9a:73:4a:5b:2a:27:5a:dd: + ab:c0:68:d0:b3:51:5b:e7:b8:4e:02:8f:09:35:31: + 36:93:52:a3:bd:69:5f:58:f4:de:3f:44:4a:8d:ea: + 9a:08:8f:1e:f6:5c:b1:db:21:0b:07:0a:8f:9b:d1: + d4:7f:cb:05:96:d5:04:b1:d2:5e:d9:13:6a:33:5b: + d4:98:05:1c:c0:33:07:a7:84:7c:6a:ca:5d:65:5e: + ea:18:6c:ef:4c:d6:65:a6:c1:07:bb:11:78:c3:fb: + 91:be:36:09:08:98:42:9b:6f:eb:ad:80:e0:14:13: + 11:85 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 29:13:82:EE:25:10:7F:40:23:D6:A7:1B:28:25:35:8A:E8:B6:AA:28 + 07:75:1E:E3:64:F9:CA:06:47:B4:68:B9:D8:34:39:46:87:8D:27:A1 X509v3 Authority Key Identifier: - keyid:29:13:82:EE:25:10:7F:40:23:D6:A7:1B:28:25:35:8A:E8:B6:AA:28 + keyid:07:75:1E:E3:64:F9:CA:06:47:B4:68:B9:D8:34:39:46:87:8D:27:A1 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -236,41 +236,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 6a:88:6c:4d:9f:ee:e6:a5:ec:19:64:e7:b9:86:03:c5:f0:32: - 92:69:3b:35:03:b8:87:12:db:48:78:5d:44:3b:75:e2:3b:87: - 7d:ef:96:83:93:06:93:fc:17:58:71:3e:c6:b0:8b:5b:13:2b: - c7:97:42:ed:3e:de:4a:96:cd:f1:df:3a:90:96:7f:f1:21:72: - 90:58:9b:77:cc:80:2d:19:5a:b1:6f:d6:dd:c8:fc:b7:32:1d: - 8f:77:d4:5e:f0:9d:e4:05:8a:ae:d9:7c:58:fa:00:6e:9f:f9: - 9a:2e:11:25:8b:28:5c:4b:76:ef:62:4d:ff:55:bc:aa:77:fa: - 87:33:3c:f5:a9:87:b5:d5:7f:e0:ef:51:a5:74:9a:04:5b:e9: - 35:f8:e6:43:d0:82:9a:db:4a:90:df:56:20:1d:31:b1:56:bc: - 73:0b:5e:91:bb:a6:62:37:fc:ba:dd:f7:24:69:54:95:c3:28: - 41:68:21:16:9f:d6:32:b6:17:88:29:52:f6:d3:2b:98:2f:28: - 78:c3:67:b3:76:83:df:a9:86:01:cd:c2:bf:e0:84:61:56:76: - f5:1f:12:d4:d1:fb:9e:c0:1b:22:c8:9e:05:4c:34:3b:93:54: - 1e:0a:db:41:91:9a:07:8d:aa:f8:fd:8d:89:ec:eb:32:b3:10: - 4f:52:53:68 + 1c:0e:a2:5f:96:f2:00:13:ed:56:30:0d:62:cd:d3:01:d2:ed: + 9a:9a:4a:2e:e8:47:15:5e:54:65:c5:1a:85:8b:4d:ed:0b:4e: + 1d:37:7d:10:80:bf:5f:a8:3d:33:fd:39:6f:7c:5a:f0:eb:e9: + 0e:12:ff:fd:7d:96:07:1d:28:5a:b2:6c:2f:6c:23:b8:15:75: + c0:ed:5d:7e:04:f9:7b:31:9c:df:75:4e:93:4d:46:99:ea:0c: + 82:1c:17:6d:c0:82:c2:bf:f7:74:d1:57:e9:53:df:8e:47:c1: + 80:28:1b:1d:4f:79:91:5b:c3:78:bc:a5:e6:f3:79:02:a6:71: + 2e:26:50:8b:fe:d8:41:1f:a5:08:e6:2c:e9:bd:ee:07:16:7a: + b3:9f:8b:66:8e:10:41:0d:b1:5c:f4:2a:3c:23:36:a0:40:42: + f3:88:21:f6:74:c0:2c:53:f3:44:34:7f:81:cd:53:cb:d1:e6: + df:b3:0e:99:f2:ae:37:95:a8:ea:0d:f0:37:40:a6:68:07:f9: + 42:fd:0d:87:63:1a:b0:82:f7:1f:5a:46:49:4c:7b:24:d3:c5: + 05:36:0b:3b:4b:65:93:82:74:61:e9:ed:11:2e:5c:99:eb:73: + b0:e2:c7:ec:dd:a2:17:91:17:be:d1:45:df:9e:fc:a3:67:be: + 5f:c7:e1:2e -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE1MDMwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTSo6UkGiEMWFIJd/Gr -LUnLsOXiPBKavajfNjf+vpdvGLCOUQiUwY4+j/CuIxleCuteAqG7vmGDOctS4Y8O -umHES1MJw/c4o5X8iYYGWbwMteGi023YhN51gHsdBASwlAMHQrRzUpawaDwI47Ov -6Slg9k9vikL8hWP2GNYSbG6U68PAYBIZ+GHWR3JGGs3tagtlzJFo7KfH8ch6RFwe -6I4r7VCCoh0xMb69BlZSIL83JT3PGH+HlLrHnW5of5YpILfc/HPZJoJu8ZfCSJ1x -NVw+toZp5bUa6QhO3N3FDeFOCJcKQRo5VrExAg/C4pSgOuDYd26ptv4djjitUube -WeMCAwEAAaOByzCByDAdBgNVHQ4EFgQUKROC7iUQf0Aj1qcbKCU1iui2qigwHwYD -VR0jBBgwFoAUKROC7iUQf0Aj1qcbKCU1iui2qigwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKmR4LDMrvQqwTIXz8/I +8RnYgtCu5CJLO5SvSu56NilgGDmP8lHXHKAYKfGYy4364AnWDX90CMtYLg+LHJ0F +MYriQbYYD5jucHjTK1DUh6f2NmtxQDeXqTQ/oUA39+NbvE8htoDvycvolNr60CMz +5uF/V3JZxsp/ky9cXtmoVY7yoEV3AylrVfY4wvpCvJpzSlsqJ1rdq8Bo0LNRW+e4 +TgKPCTUxNpNSo71pX1j03j9ESo3qmgiPHvZcsdshCwcKj5vR1H/LBZbVBLHSXtkT +ajNb1JgFHMAzB6eEfGrKXWVe6hhs70zWZabBB7sReMP7kb42CQiYQptv662A4BQT +EYUCAwEAAaOByzCByDAdBgNVHQ4EFgQUB3Ue42T5ygZHtGi52DQ5RoeNJ6EwHwYD +VR0jBBgwFoAUB3Ue42T5ygZHtGi52DQ5RoeNJ6EwNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBqiGxNn+7m -pewZZOe5hgPF8DKSaTs1A7iHEttIeF1EO3XiO4d975aDkwaT/BdYcT7GsItbEyvH -l0LtPt5Kls3x3zqQln/xIXKQWJt3zIAtGVqxb9bdyPy3Mh2Pd9Re8J3kBYqu2XxY -+gBun/maLhEliyhcS3bvYk3/Vbyqd/qHMzz1qYe11X/g71GldJoEW+k1+OZD0IKa -20qQ31YgHTGxVrxzC16Ru6ZiN/y63fckaVSVwyhBaCEWn9YytheIKVL20yuYLyh4 -w2ezdoPfqYYBzcK/4IRhVnb1HxLU0fuewBsiyJ4FTDQ7k1QeCttBkZoHjar4/Y2J -7OsysxBPUlNo +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAcDqJflvIA +E+1WMA1izdMB0u2amkou6EcVXlRlxRqFi03tC04dN30QgL9fqD0z/TlvfFrw6+kO +Ev/9fZYHHShasmwvbCO4FXXA7V1+BPl7MZzfdU6TTUaZ6gyCHBdtwILCv/d00Vfp +U9+OR8GAKBsdT3mRW8N4vKXm83kCpnEuJlCL/thBH6UI5izpve4HFnqzn4tmjhBB +DbFc9Co8IzagQELziCH2dMAsU/NENH+BzVPL0ebfsw6Z8q43lajqDfA3QKZoB/lC +/Q2HYxqwgvcfWkZJTHsk08UFNgs7S2WTgnRh6e0RLlyZ63Ow4sfs3aIXkRe+0UXf +nvyjZ75fx+Eu -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -282,3 +282,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-basic-constraints-pathlen-0-self-issued.py b/chromium/net/data/verify_certificate_chain_unittest/generate-basic-constraints-pathlen-0-self-issued.py index 1d71f77ca21..9db4ffec29c 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-basic-constraints-pathlen-0-self-issued.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-basic-constraints-pathlen-0-self-issued.py @@ -30,7 +30,9 @@ target = common.create_end_entity_certificate('Target', intermediate2) chain = [target, intermediate2, intermediate1] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-constrained-non-self-signed-root.py b/chromium/net/data/verify_certificate_chain_unittest/generate-constrained-non-self-signed-root.py index fe2378d10f4..b51c0da52aa 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-constrained-non-self-signed-root.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-constrained-non-self-signed-root.py @@ -23,8 +23,10 @@ target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=True) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-constrained-root-bad-eku.py b/chromium/net/data/verify_certificate_chain_unittest/generate-constrained-root-bad-eku.py new file mode 100755 index 00000000000..ae9db3bdcc6 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-constrained-root-bad-eku.py @@ -0,0 +1,35 @@ +#!/usr/bin/python +# Copyright (c) 2017 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain with 1 intermediate and a trust anchor. The trust anchor +has an EKU that restricts it to clientAuth. Verification is expected to fail as +the end-entity is verified for serverAuth, and the trust anchor enforces +constraints.""" + +import common + +# Self-signed root certificate (used as trust anchor) with non-CA basic +# constraints. +root = common.create_self_signed_root_certificate('Root') +root.get_extensions().set_property('extendedKeyUsage', 'clientAuth') + +# Intermediate certificate. +intermediate = common.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = common.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate] +trusted = common.TrustAnchor(root, constrained=True) +time = common.DEFAULT_TIME +key_purpose = common.KEY_PURPOSE_SERVER_AUTH +verify_result = False +errors = """----- Certificate i=2 ----- +ERROR: The extended key usage does not include server auth + +""" + +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-constrained-root-basic-constraints-ca-false.py b/chromium/net/data/verify_certificate_chain_unittest/generate-constrained-root-basic-constraints-ca-false.py index dd4ae514d64..d8f1d3f6f63 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-constrained-root-basic-constraints-ca-false.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-constrained-root-basic-constraints-ca-false.py @@ -24,7 +24,9 @@ target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=True) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-constrained-root-lacks-basic-constraints.py b/chromium/net/data/verify_certificate_chain_unittest/generate-constrained-root-lacks-basic-constraints.py index b646d26f109..fe632b910ee 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-constrained-root-lacks-basic-constraints.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-constrained-root-lacks-basic-constraints.py @@ -22,7 +22,9 @@ target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=True) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-expired-constrained-root.py b/chromium/net/data/verify_certificate_chain_unittest/generate-expired-constrained-root.py index bee2c1e6e46..e62caa9f13e 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-expired-constrained-root.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-expired-constrained-root.py @@ -29,7 +29,9 @@ trusted = common.TrustAnchor(root, constrained=True) # Both the target and intermediate are valid at this time, however the # root is not. time = common.MARCH_2_2015_UTC +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-expired-intermediate.py b/chromium/net/data/verify_certificate_chain_unittest/generate-expired-intermediate.py index c2aed479b26..037bf013cbf 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-expired-intermediate.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-expired-intermediate.py @@ -27,10 +27,12 @@ trusted = common.TrustAnchor(root, constrained=False) # Both the root and target are valid at this time, however the # intermediate certificate is not. time = common.MARCH_2_2015_UTC +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False -errors = """[Context] Processing Certificate - index: 0 - [Error] Time is after notAfter +errors = """----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Time is after notAfter + """ -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-expired-target-notBefore.py b/chromium/net/data/verify_certificate_chain_unittest/generate-expired-target-notBefore.py index da5d0718e57..a04f2f4ce76 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-expired-target-notBefore.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-expired-target-notBefore.py @@ -27,10 +27,12 @@ trusted = common.TrustAnchor(root, constrained=False) # Both the root and intermediate are valid at this time, however the # target is not. time = common.MARCH_1_2015_UTC +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False -errors = """[Context] Processing Certificate - index: 1 - [Error] Time is before notBefore +errors = """----- Certificate i=0 (CN=Target) ----- +ERROR: Time is before notBefore + """ -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-expired-target.py b/chromium/net/data/verify_certificate_chain_unittest/generate-expired-target.py index 679e0dd3f84..92456769517 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-expired-target.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-expired-target.py @@ -27,10 +27,12 @@ trusted = common.TrustAnchor(root, constrained=False) # Both the root and intermediate are valid at this time, however the # target is not. time = common.MARCH_2_2015_UTC +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False -errors = """[Context] Processing Certificate - index: 1 - [Error] Time is after notAfter +errors = """----- Certificate i=0 (CN=Target) ----- +ERROR: Time is after notAfter + """ -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-expired-unconstrained-root.py b/chromium/net/data/verify_certificate_chain_unittest/generate-expired-unconstrained-root.py index 7585cb2c42d..e415072b317 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-expired-unconstrained-root.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-expired-unconstrained-root.py @@ -30,7 +30,9 @@ trusted = common.TrustAnchor(root, constrained=False) # root is not. This doesn't matter since the root certificate is # just a delivery mechanism for the name + SPKI. time = common.MARCH_2_2015_UTC +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-incorrect-trust-anchor.py b/chromium/net/data/verify_certificate_chain_unittest/generate-incorrect-trust-anchor.py index 22a1e0acf96..1d6eb5b028f 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-incorrect-trust-anchor.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-incorrect-trust-anchor.py @@ -25,11 +25,14 @@ bogus_root = common.create_self_signed_root_certificate('BogusRoot') chain = [target, intermediate] trusted = common.TrustAnchor(bogus_root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False -errors = """[Context] Processing Certificate - index: 0 - [Error] Signature verification failed - [Error] VerifySignedData failed +errors = """----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Signature verification failed +ERROR: VerifySignedData failed +ERROR: subject does not match issuer + """ -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-basic-constraints-ca-false.py b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-basic-constraints-ca-false.py index 7796e878def..faa9247a7cb 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-basic-constraints-ca-false.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-basic-constraints-ca-false.py @@ -23,10 +23,12 @@ target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False -errors = """[Context] Processing Certificate - index: 0 - [Error] Basic Constraints indicates not a CA +errors = """----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Basic Constraints indicates not a CA + """ -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-basic-constraints-not-critical.py b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-basic-constraints-not-critical.py index 1e9bb3fb43d..ee4ab5e9293 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-basic-constraints-not-critical.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-basic-constraints-not-critical.py @@ -23,7 +23,9 @@ target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-lacks-basic-constraints.py b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-lacks-basic-constraints.py index c836417d123..80743e79826 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-lacks-basic-constraints.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-lacks-basic-constraints.py @@ -22,10 +22,12 @@ target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False -errors = """[Context] Processing Certificate - index: 0 - [Error] Does not have Basic Constraints +errors = """----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Does not have Basic Constraints + """ -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-lacks-signing-key-usage.py b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-lacks-signing-key-usage.py index f38f6af07c1..b04faef3c1b 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-lacks-signing-key-usage.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-lacks-signing-key-usage.py @@ -23,10 +23,12 @@ target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False -errors = """[Context] Processing Certificate - index: 0 - [Error] keyCertSign bit is not set +errors = """----- Certificate i=1 (CN=Intermediate) ----- +ERROR: keyCertSign bit is not set + """ -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-restricts-eku-fail.py b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-restricts-eku-fail.py new file mode 100755 index 00000000000..14659795c0c --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-restricts-eku-fail.py @@ -0,0 +1,36 @@ +#!/usr/bin/python +# Copyright (c) 2017 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain with 1 intermediate and a trusted root. The intermediate +restricts the EKU to clientAuth, and the target has serverAuth + +clientAuth. Verification is expected to fail when requesting serverAuth.""" + +import common + +# Self-signed root certificate (used as trust anchor). +root = common.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = common.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().set_property('extendedKeyUsage', + 'clientAuth') + +# Target certificate. +target = common.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('extendedKeyUsage', + 'serverAuth,clientAuth') + +chain = [target, intermediate] +trusted = common.TrustAnchor(root, constrained=False) +time = common.DEFAULT_TIME +key_purpose = common.KEY_PURPOSE_SERVER_AUTH +verify_result = False +errors = """----- Certificate i=1 (CN=Intermediate) ----- +ERROR: The extended key usage does not include server auth + +""" + +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-restricts-eku-ok.py b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-restricts-eku-ok.py new file mode 100755 index 00000000000..ef5b82acc5f --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-restricts-eku-ok.py @@ -0,0 +1,34 @@ +#!/usr/bin/python +# Copyright (c) 2017 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain with 1 intermediate and a trusted root. The intermediate +restricts the EKU to serverAuth, and the target has serverAuth + +clientAuth. Verification is expected to succeed as this is consistent with +the requested key purpose.""" + +import common + +# Self-signed root certificate (used as trust anchor). +root = common.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = common.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().set_property('extendedKeyUsage', + 'serverAuth') + +# Target certificate. +target = common.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('extendedKeyUsage', + 'serverAuth,clientAuth') + +chain = [target, intermediate] +trusted = common.TrustAnchor(root, constrained=False) +time = common.DEFAULT_TIME +key_purpose = common.KEY_PURPOSE_SERVER_AUTH +verify_result = True +errors = None + +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-sets-eku-any.py b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-sets-eku-any.py new file mode 100755 index 00000000000..01ae7a93c09 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-sets-eku-any.py @@ -0,0 +1,34 @@ +#!/usr/bin/python +# Copyright (c) 2017 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain with 1 intermediate and a trusted root. The intermediate +restricts the EKU to clientAuth + any, and the target has serverAuth + +clientAuth. Verification is expected to succeed because intermediate will match +the "any".""" + +import common + +# Self-signed root certificate (used as trust anchor). +root = common.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = common.create_intermediate_certificate('Intermediate', root) +intermediate.get_extensions().set_property('extendedKeyUsage', + 'clientAuth,anyExtendedKeyUsage') + +# Target certificate. +target = common.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('extendedKeyUsage', + 'serverAuth,clientAuth') + +chain = [target, intermediate] +trusted = common.TrustAnchor(root, constrained=False) +time = common.DEFAULT_TIME +key_purpose = common.KEY_PURPOSE_SERVER_AUTH +verify_result = True +errors = None + +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-signed-with-md5.py b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-signed-with-md5.py index 4cffe3ec56e..a1d208c5048 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-signed-with-md5.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-signed-with-md5.py @@ -22,11 +22,13 @@ target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False -errors = """[Context] Processing Certificate - index: 0 - [Error] Unacceptable signature algorithm - [Error] VerifySignedData failed +errors = """----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Unacceptable signature algorithm +ERROR: VerifySignedData failed + """ -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-unknown-critical-extension.py b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-unknown-critical-extension.py index 0d9378f1012..357cd90639a 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-unknown-critical-extension.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-unknown-critical-extension.py @@ -24,12 +24,14 @@ target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False -errors = """[Context] Processing Certificate - index: 0 - [Error] Unconsumed critical extension - oid: 2A0304 - value: 01020304 +errors = """----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Unconsumed critical extension + oid: 2A0304 + value: 01020304 + """ -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-unknown-non-critical-extension.py b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-unknown-non-critical-extension.py index 67879f65097..ae4b03d77ed 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-unknown-non-critical-extension.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-intermediate-unknown-non-critical-extension.py @@ -23,7 +23,9 @@ target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-key-rollover.py b/chromium/net/data/verify_certificate_chain_unittest/generate-key-rollover.py index 686e53e9cc1..f838098723a 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-key-rollover.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-key-rollover.py @@ -78,15 +78,19 @@ newchain = [target, newintermediate] newtrusted = common.TrustAnchor(newroot, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None -common.write_test_file(__doc__, oldchain, oldtrusted, time, verify_result, - errors, out_pem="key-rollover-oldchain.pem") -common.write_test_file(__doc__, rolloverchain, oldtrusted, time, verify_result, - errors, out_pem="key-rollover-rolloverchain.pem") -common.write_test_file(__doc__, longrolloverchain, oldtrusted, time, +common.write_test_file(__doc__, oldchain, oldtrusted, time, key_purpose, + verify_result, errors, + out_pem="key-rollover-oldchain.pem") +common.write_test_file(__doc__, rolloverchain, oldtrusted, time, key_purpose, verify_result, errors, + out_pem="key-rollover-rolloverchain.pem") +common.write_test_file(__doc__, longrolloverchain, oldtrusted, time, + key_purpose, verify_result, errors, out_pem="key-rollover-longrolloverchain.pem") -common.write_test_file(__doc__, newchain, newtrusted, time, verify_result, - errors, out_pem="key-rollover-newchain.pem") +common.write_test_file(__doc__, newchain, newtrusted, time, key_purpose, + verify_result, errors, + out_pem="key-rollover-newchain.pem") diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-non-self-signed-root.py b/chromium/net/data/verify_certificate_chain_unittest/generate-non-self-signed-root.py index d30e5308dc4..709c83cea01 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-non-self-signed-root.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-non-self-signed-root.py @@ -23,7 +23,9 @@ target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-target-and-intermediate.py b/chromium/net/data/verify_certificate_chain_unittest/generate-target-and-intermediate.py index 1b5c80e22ce..0132b2b19cd 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-target-and-intermediate.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-target-and-intermediate.py @@ -20,7 +20,9 @@ target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-target-has-keycertsign-but-not-ca.py b/chromium/net/data/verify_certificate_chain_unittest/generate-target-has-keycertsign-but-not-ca.py index 026c704d85c..7d361dffa3a 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-target-has-keycertsign-but-not-ca.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-target-has-keycertsign-but-not-ca.py @@ -25,10 +25,12 @@ target.get_extensions().set_property('keyUsage', chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False -errors = """[Context] Processing Certificate - index: 1 - [Error] Target certificate looks like a CA but does not set all CA properties +errors = """----- Certificate i=0 (CN=Target) ----- +ERROR: Target certificate looks like a CA but does not set all CA properties + """ -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-target-has-pathlen-but-not-ca.py b/chromium/net/data/verify_certificate_chain_unittest/generate-target-has-pathlen-but-not-ca.py index d35ce7bf263..b8e767350f5 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-target-has-pathlen-but-not-ca.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-target-has-pathlen-but-not-ca.py @@ -24,10 +24,12 @@ target.get_extensions().set_property('basicConstraints', chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False -errors = """[Context] Processing Certificate - index: 1 - [Error] Target certificate looks like a CA but does not set all CA properties +errors = """----- Certificate i=0 (CN=Target) ----- +ERROR: Target certificate looks like a CA but does not set all CA properties + """ -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-target-lacks-eku.py b/chromium/net/data/verify_certificate_chain_unittest/generate-target-lacks-eku.py new file mode 100755 index 00000000000..846b481b84f --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-target-lacks-eku.py @@ -0,0 +1,30 @@ +#!/usr/bin/python +# Copyright (c) 2017 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain with 1 intermediate and a trusted root. The target has no +Extended Key Usage extension (meaning it is unrestricted). Verification is +expected to succeed.""" + +import common + +# Self-signed root certificate (used as trust anchor). +root = common.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = common.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = common.create_end_entity_certificate('Target', intermediate) +target.get_extensions().remove_property('extendedKeyUsage') + +chain = [target, intermediate] +trusted = common.TrustAnchor(root, constrained=False) +time = common.DEFAULT_TIME +key_purpose = common.KEY_PURPOSE_SERVER_AUTH +verify_result = True +errors = None + +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-target-not-end-entity.py b/chromium/net/data/verify_certificate_chain_unittest/generate-target-not-end-entity.py index a9e17d0a338..59bc3aa3bf7 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-target-not-end-entity.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-target-not-end-entity.py @@ -21,7 +21,9 @@ target = common.create_intermediate_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-target-restricts-eku-fail.py b/chromium/net/data/verify_certificate_chain_unittest/generate-target-restricts-eku-fail.py new file mode 100755 index 00000000000..43a6846cad8 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-target-restricts-eku-fail.py @@ -0,0 +1,33 @@ +#!/usr/bin/python +# Copyright (c) 2017 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain with 1 intermediate and a trusted root. The target +certificate has only clientAuth EKU, so is expected to fail when verifying for +serverAuth.""" + +import common + +# Self-signed root certificate (used as trust anchor). +root = common.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = common.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = common.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('extendedKeyUsage', 'clientAuth') + +chain = [target, intermediate] +trusted = common.TrustAnchor(root, constrained=False) +time = common.DEFAULT_TIME +key_purpose = common.KEY_PURPOSE_SERVER_AUTH +verify_result = False +errors = """----- Certificate i=0 (CN=Target) ----- +ERROR: The extended key usage does not include server auth + +""" + +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-target-sets-eku-any.py b/chromium/net/data/verify_certificate_chain_unittest/generate-target-sets-eku-any.py new file mode 100755 index 00000000000..cf9c857533b --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-target-sets-eku-any.py @@ -0,0 +1,31 @@ +#!/usr/bin/python +# Copyright (c) 2017 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain with 1 intermediate and a trusted root. The target +restricts EKU to clientAuth+any and requests serverAuth during verification. +This should succeed.""" + +import common + +# Self-signed root certificate (used as trust anchor). +root = common.create_self_signed_root_certificate('Root') + +# Intermediate certificate. +intermediate = common.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = common.create_end_entity_certificate('Target', intermediate) +target.get_extensions().set_property('extendedKeyUsage', + 'clientAuth,anyExtendedKeyUsage') + +chain = [target, intermediate] +trusted = common.TrustAnchor(root, constrained=False) +time = common.DEFAULT_TIME +key_purpose = common.KEY_PURPOSE_SERVER_AUTH +verify_result = True +errors = None + +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-target-signed-by-512bit-rsa.py b/chromium/net/data/verify_certificate_chain_unittest/generate-target-signed-by-512bit-rsa.py index c59751535fe..e57026cc978 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-target-signed-by-512bit-rsa.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-target-signed-by-512bit-rsa.py @@ -14,7 +14,8 @@ root = common.create_self_signed_root_certificate('Root') # Intermediate with a very weak key size (512-bit RSA). intermediate = common.create_intermediate_certificate('Intermediate', root) -intermediate.set_key(common.generate_rsa_key(512)) +intermediate.set_key(common.get_or_generate_rsa_key( + 512, common.create_key_path(intermediate.name))) # Target certificate. target = common.create_end_entity_certificate('Target', intermediate) @@ -22,14 +23,16 @@ target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False -errors = """[Context] Processing Certificate - index: 1 - [Error] RSA modulus too small - actual: 512 - minimum: 1024 - [Error] Unacceptable modulus length for RSA key - [Error] VerifySignedData failed +errors = """----- Certificate i=0 (CN=Target) ----- +ERROR: RSA modulus too small + actual: 512 + minimum: 1024 +ERROR: Unacceptable modulus length for RSA key +ERROR: VerifySignedData failed + """ -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-target-signed-using-ecdsa.py b/chromium/net/data/verify_certificate_chain_unittest/generate-target-signed-using-ecdsa.py index b0a9fd247b7..c986a554881 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-target-signed-using-ecdsa.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-target-signed-using-ecdsa.py @@ -13,7 +13,8 @@ root = common.create_self_signed_root_certificate('Root') # Intermediate using an EC key for the P-384 curve. intermediate = common.create_intermediate_certificate('Intermediate', root) -intermediate.set_key(common.generate_ec_key('secp384r1')) +intermediate.set_key(common.get_or_generate_ec_key( + 'secp384r1', common.create_key_path(intermediate.name))) # Target certificate contains an RSA key (but is signed using ECDSA). target = common.create_end_entity_certificate('Target', intermediate) @@ -21,7 +22,9 @@ target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-target-signed-with-md5.py b/chromium/net/data/verify_certificate_chain_unittest/generate-target-signed-with-md5.py index d9d4df44450..6b9adc0e865 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-target-signed-with-md5.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-target-signed-with-md5.py @@ -21,11 +21,13 @@ target.set_signature_hash('md5') chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False -errors = """[Context] Processing Certificate - index: 1 - [Error] Unacceptable signature algorithm - [Error] VerifySignedData failed +errors = """----- Certificate i=0 (CN=Target) ----- +ERROR: Unacceptable signature algorithm +ERROR: VerifySignedData failed + """ -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-target-unknown-critical-extension.py b/chromium/net/data/verify_certificate_chain_unittest/generate-target-unknown-critical-extension.py index a94f41878bc..375522c1b41 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-target-unknown-critical-extension.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-target-unknown-critical-extension.py @@ -24,12 +24,14 @@ target.get_extensions().add_property('1.2.3.4', chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False -errors = """[Context] Processing Certificate - index: 1 - [Error] Unconsumed critical extension - oid: 2A0304 - value: 01020304 +errors = """----- Certificate i=0 (CN=Target) ----- +ERROR: Unconsumed critical extension + oid: 2A0304 + value: 01020304 + """ -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-target-wrong-signature.py b/chromium/net/data/verify_certificate_chain_unittest/generate-target-wrong-signature.py index 4f09b14ef8f..b803a39ff67 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-target-wrong-signature.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-target-wrong-signature.py @@ -27,11 +27,13 @@ target = common.create_end_entity_certificate('Target', wrong_intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False -errors = """[Context] Processing Certificate - index: 1 - [Error] Signature verification failed - [Error] VerifySignedData failed +errors = """----- Certificate i=0 (CN=Target) ----- +ERROR: Signature verification failed +ERROR: VerifySignedData failed + """ -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-unconstrained-non-self-signed-root.py b/chromium/net/data/verify_certificate_chain_unittest/generate-unconstrained-non-self-signed-root.py index 4d433a772b1..80a147b6794 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-unconstrained-non-self-signed-root.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-unconstrained-non-self-signed-root.py @@ -23,8 +23,9 @@ target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) - +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-unconstrained-root-bad-eku.py b/chromium/net/data/verify_certificate_chain_unittest/generate-unconstrained-root-bad-eku.py new file mode 100755 index 00000000000..4da8905bde4 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-unconstrained-root-bad-eku.py @@ -0,0 +1,32 @@ +#!/usr/bin/python +# Copyright (c) 2017 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""Certificate chain with 1 intermediate and a trust anchor. The trust anchor +has an EKU that restricts it to clientAuth. Verification is expected to fail as +the end-entity is verified for serverAuth, and the trust anchor enforces +constraints.""" + +import common + +# Self-signed root certificate (used as trust anchor) with non-CA basic +# constraints. +root = common.create_self_signed_root_certificate('Root') +root.get_extensions().set_property('extendedKeyUsage', 'clientAuth') + +# Intermediate certificate. +intermediate = common.create_intermediate_certificate('Intermediate', root) + +# Target certificate. +target = common.create_end_entity_certificate('Target', intermediate) + +chain = [target, intermediate] +trusted = common.TrustAnchor(root, constrained=False) +time = common.DEFAULT_TIME +key_purpose = common.KEY_PURPOSE_SERVER_AUTH +verify_result = True +errors = None + +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-unconstrained-root-basic-constraints-ca-false.py b/chromium/net/data/verify_certificate_chain_unittest/generate-unconstrained-root-basic-constraints-ca-false.py index ba48dd86610..1f71d1ed4a0 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-unconstrained-root-basic-constraints-ca-false.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-unconstrained-root-basic-constraints-ca-false.py @@ -24,8 +24,9 @@ target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) - +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-unconstrained-root-lacks-basic-constraints.py b/chromium/net/data/verify_certificate_chain_unittest/generate-unconstrained-root-lacks-basic-constraints.py index dbd1802de8f..68a49419f7b 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-unconstrained-root-lacks-basic-constraints.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-unconstrained-root-lacks-basic-constraints.py @@ -22,7 +22,9 @@ target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-violates-basic-constraints-pathlen-0.py b/chromium/net/data/verify_certificate_chain_unittest/generate-violates-basic-constraints-pathlen-0.py index 64e03555577..30e375a0f49 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-violates-basic-constraints-pathlen-0.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-violates-basic-constraints-pathlen-0.py @@ -29,10 +29,12 @@ target = common.create_end_entity_certificate('Target', intermediate2) chain = [target, intermediate2, intermediate1] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False -errors = """[Context] Processing Certificate - index: 1 - [Error] max_path_length reached +errors = """----- Certificate i=1 (CN=Intermediate2) ----- +ERROR: max_path_length reached + """ -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-constrained-root.py b/chromium/net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-constrained-root.py index 27bd109f60c..ac8ed03c599 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-constrained-root.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-constrained-root.py @@ -27,10 +27,12 @@ target = common.create_end_entity_certificate('Target', intermediate2) chain = [target, intermediate2, intermediate1] trusted = common.TrustAnchor(root, constrained=True) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False -errors = """[Context] Processing Certificate - index: 1 - [Error] max_path_length reached +errors = """----- Certificate i=1 (CN=Intermediate2) ----- +ERROR: max_path_length reached + """ -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-unconstrained-root.py b/chromium/net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-unconstrained-root.py index d51a38a45fb..1a83ab014fc 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-unconstrained-root.py +++ b/chromium/net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-unconstrained-root.py @@ -27,7 +27,9 @@ target = common.create_end_entity_certificate('Target', intermediate2) chain = [target, intermediate2, intermediate1] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME +key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None -common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) +common.write_test_file(__doc__, chain, trusted, time, key_purpose, + verify_result, errors) diff --git a/chromium/net/data/verify_certificate_chain_unittest/incorrect-trust-anchor.pem b/chromium/net/data/verify_certificate_chain_unittest/incorrect-trust-anchor.pem index ba601d6c436..4c7ba693fc8 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/incorrect-trust-anchor.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/incorrect-trust-anchor.pem @@ -18,30 +18,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:a3:7b:69:ed:ad:13:3f:59:75:63:cf:2a:9e:b0: - 78:06:62:e2:5e:40:3f:12:2e:61:1c:7f:2e:f8:4f: - 0e:92:28:80:18:d8:e2:e2:f4:b4:63:84:c8:0b:4d: - ae:1b:f0:4d:d5:49:91:89:b9:a4:11:b3:77:72:ba: - 12:16:3e:29:7c:51:28:99:37:69:57:6d:3b:68:e1: - 58:83:c0:ad:13:af:63:2e:85:63:ab:92:11:7a:92: - 8b:fa:66:33:f9:3b:c9:ab:22:75:9f:6c:91:1b:22: - 6b:c9:2d:c8:6d:58:2b:bc:a9:f3:cf:24:8f:7a:37: - 9b:83:67:e5:b2:eb:ea:35:c6:9d:e4:a8:24:74:18: - 5b:8b:62:6b:cd:92:d7:c3:6c:b1:40:e1:2f:a3:16: - 52:92:df:59:70:bc:cc:37:27:8f:8e:3d:b9:fc:d6: - ca:fb:63:89:b3:d0:64:24:2b:97:e3:a7:bc:6f:76: - 7e:e6:82:36:9f:c4:ea:b2:96:60:ac:86:57:09:55: - d7:3b:45:a8:23:b8:b1:4a:92:f8:a9:66:1f:1a:0f: - c5:f6:da:4e:6d:02:56:1b:8a:9f:52:9f:bd:b5:16: - a6:fb:85:3d:fa:04:1d:8e:25:b4:03:9e:74:e4:98: - 4a:da:39:7b:d0:f2:7d:f9:f4:97:ce:d1:d8:4d:31: - 88:47 + 00:b3:d8:e1:c8:d6:ce:ed:3b:b7:8a:5b:17:c2:9e: + 0c:04:f4:4e:ba:ad:1b:cf:c0:63:b7:c9:01:e9:7a: + 28:d4:d8:0b:71:36:af:02:f6:44:fc:ce:5e:84:50: + fb:5f:ef:a0:b8:b5:77:62:c0:6c:9f:8f:4f:64:52: + 67:04:0b:d3:92:31:a5:79:f3:8d:11:03:03:a2:c0: + da:ef:8f:b5:68:f8:55:f0:ac:9b:05:3a:df:ea:7b: + 3b:06:f2:de:e3:b2:c5:27:3e:b9:39:90:c0:27:0d: + de:6c:a2:8e:e4:2e:f9:95:13:37:df:20:12:28:ae: + 82:5e:91:3a:cb:75:ae:55:fb:07:d6:40:48:cd:6f: + 9c:3e:07:0f:48:d1:8f:ba:db:fa:b2:7c:ce:29:10: + e0:6b:48:36:80:db:4c:10:19:a1:28:fb:e0:b5:4f: + b2:89:40:b7:6b:9a:af:a1:9b:b0:52:03:23:16:fb: + 0f:5d:c6:c9:f2:98:08:c5:07:85:76:30:57:46:be: + 85:46:ed:14:74:60:00:61:ce:f7:88:62:6c:0b:a2: + 41:9c:5a:27:3f:e5:29:9c:36:73:a3:04:8b:ab:74: + 2d:1e:f5:96:f7:b4:c2:51:77:a9:9c:ef:ac:fd:bc: + aa:cf:ba:98:cf:6c:1b:fc:e9:20:8c:dc:17:45:49: + 12:45 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 94:D6:3E:50:DE:FF:47:B8:65:1A:C6:33:78:79:87:8D:F2:32:32:BA + 14:7E:08:D5:73:67:A9:9C:5B:C1:26:14:D1:96:8E:09:88:11:32:67 X509v3 Authority Key Identifier: - keyid:CC:11:88:FF:DF:7E:14:06:07:B5:10:B6:C1:BC:CB:2B:65:FC:83:77 + keyid:3F:EE:51:69:3A:24:09:D6:26:3C:A4:08:22:1F:0D:77:7D:D5:E7:3B Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -56,42 +56,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - b4:9a:15:da:2b:7d:d4:26:f2:41:a2:04:1e:13:f3:b3:28:bf: - a3:85:34:fc:42:b1:57:05:0f:97:e5:f5:d9:d4:0e:eb:43:e8: - 63:ce:5b:23:8b:48:ab:2f:25:03:81:43:ba:7e:9a:14:e4:4e: - 9c:5b:d3:08:56:b7:00:7c:7f:fd:9e:ab:50:ce:09:95:2c:21: - 00:74:22:26:83:fb:08:47:34:1b:67:0e:eb:e0:c4:ab:3d:00: - 76:b2:9a:b1:00:c8:d0:17:0d:2e:81:43:71:51:f8:d7:f5:ad: - e9:f0:81:12:2a:e0:6f:c7:10:11:d7:f4:55:73:a4:7c:cb:97: - 6c:fd:2b:34:bf:7e:a9:57:d8:e1:a9:05:01:5a:09:2b:49:bf: - bc:99:a3:a5:7c:b0:df:7a:32:0f:c2:94:0f:e0:15:f2:86:8f: - c3:19:44:49:02:10:56:f6:a9:58:38:7f:4d:f1:66:58:00:f9: - 17:18:ab:b4:0c:c1:9e:f3:8d:5d:61:4d:02:8c:3a:97:89:8d: - 5f:d0:98:f3:57:5c:85:35:b0:94:f8:02:7c:6f:bf:69:bf:7b: - 91:5a:c3:38:88:0d:ec:42:3b:b5:29:6b:0a:2d:10:19:ae:bc: - 6c:18:95:2e:cd:74:04:af:95:79:ab:8e:4a:cc:53:6e:4d:ad: - 83:58:6d:c5 + 85:2e:d4:1b:3a:28:c2:2e:2d:4f:9d:4e:f6:fe:9a:96:a2:c3: + 0a:58:30:0d:f7:74:ac:8d:56:85:c9:78:9d:0f:69:73:94:ac: + a3:2a:9c:1e:f7:ca:83:d5:3b:b4:6a:7b:d8:bf:b6:f2:44:fb: + d0:09:f5:34:e4:ac:e2:9e:89:6e:e4:48:1f:61:c3:a0:e6:67: + b8:29:68:b6:c6:de:e6:93:fc:4e:04:76:d8:a5:58:9b:55:e7: + 10:ec:08:0a:22:ae:21:41:8f:de:3f:9b:eb:7d:48:35:2e:ee: + ed:b6:e6:5b:40:df:40:ee:21:b0:e8:b8:6f:34:29:71:45:a8: + 67:c7:f8:c4:5c:b3:4f:f1:2f:5e:65:9f:0e:d1:f8:f2:03:55: + a0:6c:e8:76:ec:40:51:f4:28:41:80:77:e2:6c:91:08:c7:ed: + 4d:a8:c0:3c:08:a4:c1:6b:6a:5f:c6:65:7c:c3:ad:c6:b7:f1: + 3d:05:8b:91:32:2c:37:9b:88:6e:28:c8:ec:4f:35:a2:1e:94: + 80:97:75:26:1d:91:e4:ac:d7:f8:f7:b5:30:66:90:bc:9a:d5: + a6:4e:b5:d0:36:b5:d2:b1:06:1b:73:14:75:bd:67:8c:a8:22: + 28:8a:79:b0:85:89:47:54:7a:98:3a:eb:5f:b6:bf:ab:07:56: + 64:b0:13:8b -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCje2nt -rRM/WXVjzyqesHgGYuJeQD8SLmEcfy74Tw6SKIAY2OLi9LRjhMgLTa4b8E3VSZGJ -uaQRs3dyuhIWPil8USiZN2lXbTto4ViDwK0Tr2MuhWOrkhF6kov6ZjP5O8mrInWf -bJEbImvJLchtWCu8qfPPJI96N5uDZ+Wy6+o1xp3kqCR0GFuLYmvNktfDbLFA4S+j -FlKS31lwvMw3J4+OPbn81sr7Y4mz0GQkK5fjp7xvdn7mgjafxOqylmCshlcJVdc7 -RagjuLFKkvipZh8aD8X22k5tAlYbip9Sn721Fqb7hT36BB2OJbQDnnTkmEraOXvQ -8n359JfO0dhNMYhHAgMBAAGjgekwgeYwHQYDVR0OBBYEFJTWPlDe/0e4ZRrGM3h5 -h43yMjK6MB8GA1UdIwQYMBaAFMwRiP/ffhQGB7UQtsG8yytl/IN3MD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz2OHI +1s7tO7eKWxfCngwE9E66rRvPwGO3yQHpeijU2AtxNq8C9kT8zl6EUPtf76C4tXdi +wGyfj09kUmcEC9OSMaV5840RAwOiwNrvj7Vo+FXwrJsFOt/qezsG8t7jssUnPrk5 +kMAnDd5soo7kLvmVEzffIBIoroJekTrLda5V+wfWQEjNb5w+Bw9I0Y+62/qyfM4p +EOBrSDaA20wQGaEo++C1T7KJQLdrmq+hm7BSAyMW+w9dxsnymAjFB4V2MFdGvoVG +7RR0YABhzveIYmwLokGcWic/5SmcNnOjBIurdC0e9Zb3tMJRd6mc76z9vKrPupjP +bBv86SCM3BdFSRJFAgMBAAGjgekwgeYwHQYDVR0OBBYEFBR+CNVzZ6mcW8EmFNGW +jgmIETJnMB8GA1UdIwQYMBaAFD/uUWk6JAnWJjykCCIfDXd91ec7MD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAtJoV2it91CbyQaIEHhPz -syi/o4U0/EKxVwUPl+X12dQO60PoY85bI4tIqy8lA4FDun6aFOROnFvTCFa3AHx/ -/Z6rUM4JlSwhAHQiJoP7CEc0G2cO6+DEqz0AdrKasQDI0BcNLoFDcVH41/Wt6fCB -Eirgb8cQEdf0VXOkfMuXbP0rNL9+qVfY4akFAVoJK0m/vJmjpXyw33oyD8KUD+AV -8oaPwxlESQIQVvapWDh/TfFmWAD5FxirtAzBnvONXWFNAow6l4mNX9CY81dchTWw -lPgCfG+/ab97kVrDOIgN7EI7tSlrCi0QGa68bBiVLs10BK+VeauOSsxTbk2tg1ht -xQ== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAhS7UGzoowi4tT51O9v6a +lqLDClgwDfd0rI1Whcl4nQ9pc5SsoyqcHvfKg9U7tGp72L+28kT70An1NOSs4p6J +buRIH2HDoOZnuClotsbe5pP8TgR22KVYm1XnEOwICiKuIUGP3j+b631INS7u7bbm +W0DfQO4hsOi4bzQpcUWoZ8f4xFyzT/EvXmWfDtH48gNVoGzoduxAUfQoQYB34myR +CMftTajAPAikwWtqX8ZlfMOtxrfxPQWLkTIsN5uIbijI7E81oh6UgJd1Jh2R5KzX ++Pe1MGaQvJrVpk610Da10rEGG3MUdb1njKgiKIp5sIWJR1R6mDrrX7a/qwdWZLAT +iw== -----END CERTIFICATE----- Certificate: @@ -108,30 +108,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b6:cf:57:a5:6e:7c:9a:78:f2:c1:bd:99:eb:7c: - af:6a:c8:38:2e:8e:cf:e5:20:c0:f9:57:5c:e2:83: - 29:33:2c:b1:9d:2b:91:ce:4c:da:27:62:5f:18:08: - a8:f1:03:eb:0e:be:f2:1e:00:8c:63:f2:8f:d3:c1: - e4:df:0a:d3:d4:82:0d:6c:c4:98:87:eb:5b:81:66: - 43:f3:38:5e:d4:8b:91:47:70:8b:89:90:a0:0b:9d: - 63:56:4f:58:4b:e2:36:e1:97:df:37:71:7a:90:f5: - 62:2c:3e:57:71:6a:75:db:10:66:22:4c:fd:e9:a0: - 78:5e:4c:e3:8c:d5:c2:c9:a0:10:3d:ec:bd:7b:76: - 9f:5f:54:e3:c3:88:9b:d7:7f:8c:80:79:87:0f:3c: - aa:28:d9:f5:63:e8:f3:a5:6b:2b:e0:45:1c:af:94: - 00:84:b4:e4:fc:3a:5d:9c:bc:05:c2:04:b7:3a:23: - 84:56:66:a2:50:fc:8d:00:06:52:7f:a2:d3:9e:0b: - fa:d5:ba:1b:1e:10:e9:13:60:56:a6:cd:ab:67:90: - 66:0c:3d:71:c0:46:42:13:48:74:a8:a8:6d:0c:a8: - 6d:7b:6b:57:f1:ba:c0:c5:c8:cd:d9:75:20:d3:59: - ed:32:ed:5c:b6:63:b4:9b:0b:3a:05:7b:ad:38:70: - e4:3d + 00:e4:40:ac:b5:f3:c7:b0:dc:ca:07:85:b4:fa:5f: + 0d:28:a4:0d:88:12:cb:05:a3:4f:bb:7d:01:88:de: + 0c:b3:b9:0c:cc:3f:b4:6e:9f:d6:b6:a7:2a:6b:03: + c5:bc:3b:10:17:69:fd:29:5c:d3:fd:38:fe:b6:5e: + b2:04:8f:10:93:92:aa:db:76:07:a2:60:0f:3e:07: + bb:8d:f1:ca:c8:f3:38:69:61:38:41:4e:69:2d:70: + c2:ed:af:85:81:99:dc:8e:65:03:45:32:9b:01:95: + 7c:d5:c0:90:bd:f4:08:a5:44:4b:e5:a2:e7:fe:17: + e4:f3:3d:59:35:8e:6d:3b:70:4d:b8:49:ac:63:ff: + 3e:d4:71:36:e9:2b:50:c9:5c:bc:bb:b0:c6:1b:c4: + 0a:01:ec:ae:3f:b7:bd:10:57:08:5e:ec:8a:07:ce: + e5:da:46:25:e8:ca:0a:e0:c2:cc:0d:44:84:db:0c: + 88:d5:0f:65:bc:ea:69:10:ba:dc:93:ef:34:f9:2f: + c7:9b:c5:49:27:72:9c:a3:fd:40:9c:49:e3:59:7c: + 24:cc:99:9a:01:b6:0d:fb:41:cb:36:80:41:88:c7: + 75:9f:d5:01:6f:63:d5:f5:75:85:cd:26:3e:a6:fe: + 8d:a9:ef:a8:b0:04:8b:7e:89:f3:5f:75:3a:56:69: + c7:07 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - CC:11:88:FF:DF:7E:14:06:07:B5:10:B6:C1:BC:CB:2B:65:FC:83:77 + 3F:EE:51:69:3A:24:09:D6:26:3C:A4:08:22:1F:0D:77:7D:D5:E7:3B X509v3 Authority Key Identifier: - keyid:A7:26:DB:0B:03:E6:0B:32:0B:8C:34:AD:CE:60:CD:4C:89:9B:59:6E + keyid:64:6F:C2:6E:64:18:20:24:F6:02:A9:AF:63:23:01:ED:CC:69:9B:E0 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -146,41 +146,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 69:10:d5:c3:ff:f0:65:c6:79:55:be:ba:6b:7c:7f:49:a2:47: - b0:d7:e9:28:9f:14:f6:11:6a:d7:1f:e3:11:30:c1:d0:0c:21: - 8c:b3:21:95:c1:f3:2e:7c:8a:34:f6:d6:c7:49:9a:75:4c:93: - 35:c4:88:f7:be:d6:ed:e0:75:22:29:4d:0f:59:80:1a:1b:9b: - a4:fd:86:af:1e:76:44:03:f9:42:f2:74:1e:6b:74:fc:fa:64: - 67:33:4a:14:93:fc:84:1f:92:0c:62:ac:aa:e1:f0:6f:3e:09: - 90:d5:67:68:2a:28:9c:5f:86:29:8d:48:ef:3e:a5:48:60:08: - b5:cf:ac:ba:ff:ba:d7:7d:9a:8e:b4:63:10:e3:14:12:12:89: - 37:00:42:fb:4c:e5:b7:0d:e5:b8:28:5b:9f:79:48:aa:e4:ef: - 17:ec:eb:f1:c3:82:d9:48:ec:cd:f4:f7:1f:8f:e2:9e:ec:71: - a6:7a:ce:c0:fc:14:8f:48:17:56:10:02:27:aa:d9:10:bb:fc: - 6d:e2:d8:b6:66:27:08:e5:31:4d:fb:24:45:0f:da:7a:9c:8d: - e5:91:0c:80:91:1e:44:78:01:28:ca:db:40:87:db:38:0f:18: - 1a:a9:ff:68:8c:03:b2:89:82:e2:80:ee:3c:77:e2:4e:85:a5: - cf:72:3f:24 + 51:a1:13:9b:4c:41:c6:c6:8d:7e:3a:58:ed:f9:29:e5:25:16: + bc:42:3c:ce:69:9f:f0:82:3c:93:87:1e:01:1f:24:9a:e5:db: + 96:cb:1f:b2:9d:b9:a9:18:7c:8c:2e:db:e7:9f:6e:af:e8:49: + 13:2c:19:46:6e:e1:c9:54:8e:8b:da:af:1d:63:67:17:4d:34: + e6:b2:85:ff:0c:c5:76:15:17:93:f1:d6:86:73:25:43:aa:59: + b8:29:c0:72:b5:ec:e3:80:68:aa:83:10:7e:81:f1:38:38:b4: + ae:1b:0f:70:8e:55:6d:3c:dd:f2:91:d3:d9:3e:bd:1e:46:9e: + f2:28:3b:53:81:28:76:f0:49:e5:80:58:5a:e6:dd:ba:0c:30: + b7:cb:2b:c6:c6:3d:52:54:2f:f1:f8:d9:c9:be:cc:3b:a3:42: + 11:f5:c6:97:f5:b6:57:da:40:52:e2:14:de:b2:e7:9c:b9:06: + 9c:e1:80:93:91:d9:c8:e0:23:92:20:81:70:b9:44:81:08:3b: + 97:32:06:fc:f7:80:ea:94:71:61:0d:3f:da:75:f1:b9:51:eb: + 85:a9:ed:00:e3:59:96:d0:63:35:0c:dd:5b:c8:d2:08:5e:32: + df:c8:29:bb:31:10:14:dc:4d:23:f0:e2:ee:06:a8:71:ac:03: + cd:26:6c:37 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAts9XpW58 -mnjywb2Z63yvasg4Lo7P5SDA+Vdc4oMpMyyxnSuRzkzaJ2JfGAio8QPrDr7yHgCM -Y/KP08Hk3wrT1IINbMSYh+tbgWZD8zhe1IuRR3CLiZCgC51jVk9YS+I24ZffN3F6 -kPViLD5XcWp12xBmIkz96aB4XkzjjNXCyaAQPey9e3afX1Tjw4ib13+MgHmHDzyq -KNn1Y+jzpWsr4EUcr5QAhLTk/DpdnLwFwgS3OiOEVmaiUPyNAAZSf6LTngv61bob -HhDpE2BWps2rZ5BmDD1xwEZCE0h0qKhtDKhte2tX8brAxcjN2XUg01ntMu1ctmO0 -mws6BXutOHDkPQIDAQABo4HLMIHIMB0GA1UdDgQWBBTMEYj/334UBge1ELbBvMsr -ZfyDdzAfBgNVHSMEGDAWgBSnJtsLA+YLMguMNK3OYM1MiZtZbjA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ECstfPH +sNzKB4W0+l8NKKQNiBLLBaNPu30BiN4Ms7kMzD+0bp/WtqcqawPFvDsQF2n9KVzT +/Tj+tl6yBI8Qk5Kq23YHomAPPge7jfHKyPM4aWE4QU5pLXDC7a+FgZncjmUDRTKb +AZV81cCQvfQIpURL5aLn/hfk8z1ZNY5tO3BNuEmsY/8+1HE26StQyVy8u7DGG8QK +AeyuP7e9EFcIXuyKB87l2kYl6MoK4MLMDUSE2wyI1Q9lvOppELrck+80+S/Hm8VJ +J3Kco/1AnEnjWXwkzJmaAbYN+0HLNoBBiMd1n9UBb2PV9XWFzSY+pv6Nqe+osASL +fonzX3U6VmnHBwIDAQABo4HLMIHIMB0GA1UdDgQWBBQ/7lFpOiQJ1iY8pAgiHw13 +fdXnOzAfBgNVHSMEGDAWgBRkb8JuZBggJPYCqa9jIwHtzGmb4DA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AGkQ1cP/8GXGeVW+umt8f0miR7DX6SifFPYRatcf4xEwwdAMIYyzIZXB8y58ijT2 -1sdJmnVMkzXEiPe+1u3gdSIpTQ9ZgBobm6T9hq8edkQD+ULydB5rdPz6ZGczShST -/IQfkgxirKrh8G8+CZDVZ2gqKJxfhimNSO8+pUhgCLXPrLr/utd9mo60YxDjFBIS -iTcAQvtM5bcN5bgoW595SKrk7xfs6/HDgtlI7M309x+P4p7scaZ6zsD8FI9IF1YQ -Aieq2RC7/G3i2LZmJwjlMU37JEUP2nqcjeWRDICRHkR4ASjK20CH2zgPGBqp/2iM -A7KJguKA7jx34k6Fpc9yPyQ= +AFGhE5tMQcbGjX46WO35KeUlFrxCPM5pn/CCPJOHHgEfJJrl25bLH7KduakYfIwu +2+efbq/oSRMsGUZu4clUjovarx1jZxdNNOayhf8MxXYVF5Px1oZzJUOqWbgpwHK1 +7OOAaKqDEH6B8Tg4tK4bD3COVW083fKR09k+vR5GnvIoO1OBKHbwSeWAWFrm3boM +MLfLK8bGPVJUL/H42cm+zDujQhH1xpf1tlfaQFLiFN6y55y5BpzhgJOR2cjgI5Ig +gXC5RIEIO5cyBvz3gOqUcWENP9p18blR64Wp7QDjWZbQYzUM3VvI0gheMt/IKbsx +EBTcTSPw4u4GqHGsA80mbDc= -----END CERTIFICATE----- Certificate: @@ -197,30 +197,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:a6:2e:77:a3:0d:0b:86:02:e4:79:46:6d:76:0e: - de:ba:55:19:76:07:90:e5:7a:4b:9a:99:70:f2:91: - f2:28:94:e7:e0:8b:aa:c4:a5:c1:82:36:d8:30:be: - 84:43:45:ae:2a:60:e7:fe:d4:a0:a1:a7:e9:30:56: - d0:c9:5d:f8:5f:86:9c:ba:c9:ad:cc:29:77:15:0c: - e8:7b:78:52:42:ec:69:db:db:38:d6:f5:25:75:50: - 6f:21:a0:9a:b2:4e:3a:33:6c:47:60:b2:a4:e7:ec: - bc:c0:9f:d7:46:1b:bb:82:43:2a:22:6d:fb:65:0d: - b5:cf:48:b9:a6:e3:2b:26:77:32:db:a6:80:b6:a7: - 63:f5:b9:d7:bf:f3:37:bd:2b:88:15:b5:50:06:0c: - c9:6f:05:2b:97:ac:ff:01:d9:9e:55:b8:2d:90:62: - a4:38:d4:d3:19:87:8f:b0:dd:88:4d:ca:19:f3:c9: - 2f:95:22:a8:19:be:98:38:6d:0f:17:65:d7:ee:5b: - 82:73:f8:c5:28:43:76:96:a6:ef:00:9c:5e:d0:9d: - cc:52:dc:c8:6c:d6:4a:8e:2c:5a:c0:9b:e0:b4:1b: - f4:5f:43:84:b7:ad:7d:d1:07:c6:79:16:d8:01:c2: - 73:e7:ad:dc:4c:d4:a5:bc:ab:99:60:6d:18:34:14: - ed:07 + 00:b8:c8:2f:dc:30:b5:3e:65:02:31:fe:76:d5:cf: + 18:49:18:9a:99:63:02:ea:1f:9c:fc:34:05:04:f5: + dc:94:15:48:0c:0b:c0:18:b9:0f:a5:a0:8f:66:27: + 02:0b:a9:33:0f:a8:27:d7:61:d7:77:7e:d5:ab:db: + d4:a0:32:d0:40:9b:66:91:5b:ec:07:df:67:13:14: + 71:1f:21:98:d8:89:ae:15:dd:68:07:3d:3b:62:5c: + 34:f8:e8:39:da:2a:23:01:6a:09:a7:91:a1:c1:94: + ab:ba:42:7f:24:20:57:c8:67:2a:d6:cf:24:7b:b6: + 14:ad:69:61:c5:50:6b:6b:d2:77:0c:0c:6e:30:df: + 2b:e8:c4:de:89:a9:94:bf:8d:70:4e:ee:e1:5d:0f: + 11:0f:80:71:3d:67:90:59:c5:c7:d6:8b:6a:29:7d: + 8a:43:7a:98:0d:75:83:db:3c:09:27:19:12:77:99: + 2c:2b:a2:94:dc:7d:78:41:e2:4a:9a:31:f4:fa:8b: + ef:d3:d3:42:dd:1d:a5:be:5d:2f:1c:9c:33:4f:7d: + c8:bd:12:eb:18:cd:e0:80:d5:7a:1a:2d:93:fc:1f: + 59:8e:72:f8:e5:21:e1:f2:fe:b7:6a:c1:e1:39:20: + 26:60:98:fd:02:f0:5b:a2:6d:13:c7:15:20:9b:ef: + d5:31 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 60:21:11:AF:90:99:E9:F8:9A:0B:80:16:9C:63:C3:DC:45:08:84:91 + 6F:BD:F8:37:8B:1D:B5:1A:91:4C:D6:08:E8:33:85:8C:08:E9:3E:63 X509v3 Authority Key Identifier: - keyid:60:21:11:AF:90:99:E9:F8:9A:0B:80:16:9C:63:C3:DC:45:08:84:91 + keyid:6F:BD:F8:37:8B:1D:B5:1A:91:4C:D6:08:E8:33:85:8C:08:E9:3E:63 Authority Information Access: CA Issuers - URI:http://url-for-aia/BogusRoot.cer @@ -235,41 +235,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 97:aa:1c:16:64:05:60:ea:e0:5b:ae:7e:31:f3:6e:04:07:fe: - ba:34:6d:fd:b3:c9:74:d1:f8:b4:da:c2:97:1e:00:da:05:b6: - 08:de:e3:8e:6e:5e:a9:9b:15:62:41:0b:2f:d2:bc:24:4a:47: - e9:7a:0c:6b:ba:c9:04:7c:82:ea:c5:89:5c:03:6f:8a:e6:a1: - 13:4c:02:1a:5b:2e:ae:48:8b:16:f5:6d:01:89:89:66:29:06: - 40:49:fe:b9:51:19:9e:ea:6d:76:ce:a7:78:7e:72:bf:04:4c: - bf:f6:17:b0:bc:79:3e:67:47:89:ec:d9:07:40:55:6e:5b:7c: - 79:6e:7f:97:e9:1b:d3:df:b6:54:e5:53:44:32:e2:39:17:ea: - 17:be:6c:82:8a:b6:c2:6a:b4:c5:b7:8c:6d:38:34:b4:b8:27: - 66:1f:4f:70:1d:65:77:6c:73:d8:69:24:6f:06:09:d4:f9:a9: - 7a:eb:47:cb:9b:3e:ec:42:89:2e:f4:2b:20:36:f1:fc:70:e2: - 3b:83:0a:e0:3a:04:1e:bf:53:cb:b6:ca:fe:2f:25:d5:c6:aa: - 71:39:a9:8e:25:4a:75:bb:15:fc:29:4f:ba:d6:a9:02:c7:8d: - d8:06:48:aa:6d:0b:34:bd:36:19:ea:87:a9:50:e5:a8:d8:31: - 73:a2:30:44 + 5e:a7:eb:14:09:17:41:8b:14:1b:05:8f:a6:61:25:c1:e4:b9: + de:ee:a7:44:1a:ba:d7:a9:a0:9e:d2:92:03:f5:86:7e:5e:a1: + 01:c2:29:5c:77:cd:0b:0e:46:8f:4f:35:28:23:ae:2d:35:3c: + c0:2e:db:73:90:1d:7f:58:81:08:01:76:d7:f5:a4:1e:03:56: + a6:f6:ac:de:c4:49:c0:3e:99:e7:75:1b:39:d8:7a:c9:a1:d6: + 07:50:02:fd:b9:89:2c:c7:03:96:28:c6:a9:fd:4e:55:f1:2c: + c0:01:c7:ae:ae:ea:a4:e9:2a:e4:57:35:2d:ef:95:8c:f4:d7: + d4:7c:35:ed:7f:16:fd:81:9c:9b:1e:c5:2c:9d:f4:06:da:8f: + bb:6f:9b:64:ff:33:9b:a0:a9:f7:df:6c:ae:48:7b:34:6a:05: + c5:6e:de:31:e5:64:c5:80:88:45:ab:29:7c:39:ec:5f:98:cf: + ce:23:f4:e7:06:99:c1:c9:b6:04:8c:d8:7d:7b:8c:e4:a4:87: + ee:7f:66:b2:d5:92:61:2c:56:9b:86:5c:0d:8e:68:84:c9:96: + a5:98:6b:bc:6e:3b:4b:c1:0c:10:ae:90:e7:9e:c3:b8:cd:08: + ea:80:55:9f:74:1c:6e:9f:2a:5c:76:b5:45:84:4d:62:cd:fd: + 68:12:d8:8c -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDeTCCAmGgAwIBAgIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlCb2d1 c1Jvb3QwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjAUMRIwEAYDVQQD -DAlCb2d1c1Jvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmLnej -DQuGAuR5Rm12Dt66VRl2B5DlekuamXDykfIolOfgi6rEpcGCNtgwvoRDRa4qYOf+ -1KChp+kwVtDJXfhfhpy6ya3MKXcVDOh7eFJC7Gnb2zjW9SV1UG8hoJqyTjozbEdg -sqTn7LzAn9dGG7uCQyoibftlDbXPSLmm4ysmdzLbpoC2p2P1ude/8ze9K4gVtVAG -DMlvBSuXrP8B2Z5VuC2QYqQ41NMZh4+w3YhNyhnzyS+VIqgZvpg4bQ8XZdfuW4Jz -+MUoQ3aWpu8AnF7QncxS3Mhs1kqOLFrAm+C0G/RfQ4S3rX3RB8Z5FtgBwnPnrdxM -1KW8q5lgbRg0FO0HAgMBAAGjgdUwgdIwHQYDVR0OBBYEFGAhEa+Qmen4mguAFpxj -w9xFCISRMB8GA1UdIwQYMBaAFGAhEa+Qmen4mguAFpxjw9xFCISRMDwGCCsGAQUF +DAlCb2d1c1Jvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4yC/c +MLU+ZQIx/nbVzxhJGJqZYwLqH5z8NAUE9dyUFUgMC8AYuQ+loI9mJwILqTMPqCfX +Ydd3ftWr29SgMtBAm2aRW+wH32cTFHEfIZjYia4V3WgHPTtiXDT46DnaKiMBagmn +kaHBlKu6Qn8kIFfIZyrWzyR7thStaWHFUGtr0ncMDG4w3yvoxN6JqZS/jXBO7uFd +DxEPgHE9Z5BZxcfWi2opfYpDepgNdYPbPAknGRJ3mSwropTcfXhB4kqaMfT6i+/T +00LdHaW+XS8cnDNPfci9EusYzeCA1XoaLZP8H1mOcvjlIeHy/rdqweE5ICZgmP0C +8FuibRPHFSCb79UxAgMBAAGjgdUwgdIwHQYDVR0OBBYEFG+9+DeLHbUakUzWCOgz +hYwI6T5jMB8GA1UdIwQYMBaAFG+9+DeLHbUakUzWCOgzhYwI6T5jMDwGCCsGAQUF BwEBBDAwLjAsBggrBgEFBQcwAoYgaHR0cDovL3VybC1mb3ItYWlhL0JvZ3VzUm9v dC5jZXIwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL3VybC1mb3ItY3JsL0JvZ3Vz Um9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAJeqHBZkBWDq4FuufjHzbgQH/ro0bf2zyXTR+LTawpceANoF -tgje445uXqmbFWJBCy/SvCRKR+l6DGu6yQR8gurFiVwDb4rmoRNMAhpbLq5Iixb1 -bQGJiWYpBkBJ/rlRGZ7qbXbOp3h+cr8ETL/2F7C8eT5nR4ns2QdAVW5bfHluf5fp -G9PftlTlU0Qy4jkX6he+bIKKtsJqtMW3jG04NLS4J2YfT3AdZXdsc9hpJG8GCdT5 -qXrrR8ubPuxCiS70KyA28fxw4juDCuA6BB6/U8u2yv4vJdXGqnE5qY4lSnW7Ffwp -T7rWqQLHjdgGSKptCzS9Nhnqh6lQ5ajYMXOiMEQ= +hvcNAQELBQADggEBAF6n6xQJF0GLFBsFj6ZhJcHkud7up0QautepoJ7SkgP1hn5e +oQHCKVx3zQsORo9PNSgjri01PMAu23OQHX9YgQgBdtf1pB4DVqb2rN7EScA+med1 +GznYesmh1gdQAv25iSzHA5Yoxqn9TlXxLMABx66u6qTpKuRXNS3vlYz019R8Ne1/ +Fv2BnJsexSyd9Abaj7tvm2T/M5ugqfffbK5IezRqBcVu3jHlZMWAiEWrKXw57F+Y +z84j9OcGmcHJtgSM2H17jOSkh+5/ZrLVkmEsVpuGXA2OaITJlqWYa7xuO0vBDBCu +kOeew7jNCOqAVZ90HG6fKlx2tUWETWLN/WgS2Iw= -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -282,11 +282,17 @@ FAIL RkFJTA== -----END VERIFY_RESULT----- -[Context] Processing Certificate - index: 0 - [Error] Signature verification failed - [Error] VerifySignedData failed +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Signature verification failed +ERROR: VerifySignedData failed +ERROR: subject does not match issuer + -----BEGIN ERRORS----- -W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMAogICAgICBbRXJyb3JdIFNpZ25hdHVyZSB2ZXJpZmljYXRpb24gZmFpbGVkCiAgICAgIFtFcnJvcl0gVmVyaWZ5U2lnbmVkRGF0YSBmYWlsZWQK +LS0tLS0gQ2VydGlmaWNhdGUgaT0xIChDTj1JbnRlcm1lZGlhdGUpIC0tLS0tCkVSUk9SOiBTaWduYXR1cmUgdmVyaWZpY2F0aW9uIGZhaWxlZApFUlJPUjogVmVyaWZ5U2lnbmVkRGF0YSBmYWlsZWQKRVJST1I6IHN1YmplY3QgZG9lcyBub3QgbWF0Y2ggaXNzdWVyCgo= -----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false.pem b/chromium/net/data/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false.pem index 0d4171644b7..c51ee5b86a4 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/intermediate-basic-constraints-ca-false.pem @@ -18,30 +18,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b7:1c:6d:3b:54:28:d0:fa:14:25:fe:22:77:55: - 16:d3:25:34:af:cd:e7:5a:8a:38:4b:82:99:95:6d: - e1:99:f7:f3:1d:53:2d:8e:90:b2:d5:4e:7e:e7:0c: - 9d:73:98:5e:3b:ed:bc:4f:fe:c7:38:f7:8a:ce:b7: - 08:0f:bd:78:18:9a:ec:f2:21:9e:25:ba:bc:24:3f: - 22:73:60:f7:2c:fa:9a:e9:aa:f8:75:65:4e:af:4e: - d9:01:f3:27:3e:c8:f5:b5:27:98:bd:a2:f6:34:ad: - 70:c8:5e:fb:3f:87:08:dc:d0:a6:30:c1:35:ee:95: - 7b:f2:7a:59:03:7e:03:39:fb:51:be:b3:13:54:cc: - 15:68:e1:b7:97:40:cf:e4:ff:84:a2:10:75:6d:d5: - 29:f8:91:8d:38:0a:92:c6:34:89:89:c2:d4:49:84: - 35:94:f9:08:ad:8c:44:10:3e:49:40:21:53:bb:6e: - 1b:20:1c:ce:e3:c8:a7:c7:e9:ab:4f:3f:f2:21:47: - 3a:d5:0a:59:6f:a9:59:42:ff:c5:7c:6a:c5:fc:79: - 29:05:a0:07:47:64:39:d0:bc:a1:86:64:c8:4c:08: - ec:f2:03:47:7c:00:ce:02:ff:5a:02:59:d3:ee:2c: - db:35:32:e9:24:a2:c2:f8:50:c8:3e:10:b1:dd:0a: - 5d:1b + 00:96:d4:6b:47:00:ed:9a:72:03:1f:bc:14:42:63: + 28:8d:c9:5a:08:27:59:06:2e:61:d9:28:aa:ed:58: + 17:5f:f2:bf:ee:33:ab:74:0b:1c:c3:00:b6:38:96: + 96:d0:dc:91:44:ab:1d:fa:e5:99:ed:fe:ee:43:dd: + 21:b0:b8:1a:31:70:bb:c6:a5:eb:6e:2e:79:cf:c3: + c9:32:f7:39:e5:ff:9f:1e:fd:c8:8c:8f:9d:42:e6: + 5d:cc:b1:75:fa:94:f3:f8:df:f8:47:ea:7a:4f:4c: + 1d:67:fd:37:2e:75:a3:13:84:00:92:c5:6c:86:66: + 80:39:7b:0f:2e:af:14:ce:82:1c:e4:78:7b:f3:d8: + f4:b3:b1:d1:7d:5f:ed:19:6f:1d:eb:7e:be:3a:33: + e1:b4:86:82:22:05:28:87:85:b8:2b:70:f1:88:45: + 6b:b4:fb:d0:f0:0a:e5:45:f6:a8:e2:18:88:74:56: + 4c:a7:4b:cb:13:8e:61:8b:1a:c2:a2:2b:2d:24:7a: + f0:4c:53:49:8b:98:be:52:31:72:5d:38:e7:8d:36: + 7b:bb:34:4d:66:2d:b3:8b:82:85:9f:e6:f9:d8:58: + da:0d:e9:d5:d2:be:53:4b:88:ad:58:8a:3b:3c:1d: + 53:60:ed:15:50:9c:fd:c3:bf:0c:fc:56:02:8f:06: + ab:9d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 03:34:C9:78:9C:53:67:7A:2C:96:D9:3F:63:F2:18:3D:49:A8:44:87 + 69:F2:C8:4F:15:5E:61:18:40:61:41:B1:88:18:21:B5:77:6F:F9:DE X509v3 Authority Key Identifier: - keyid:9C:93:40:54:48:97:2B:0C:3B:AF:CE:5C:79:97:26:EC:32:33:4C:FB + keyid:AF:9B:3A:70:86:45:08:AD:02:CD:FC:FD:46:48:82:7D:46:63:31:DB Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -56,42 +56,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 72:78:37:46:b3:e3:d4:01:73:3a:59:1c:5f:13:27:10:46:dd: - ec:b1:9e:7c:6d:d8:a7:ac:b1:62:36:57:2a:44:17:d4:64:22: - 18:67:ae:84:0b:6b:53:49:76:15:a3:d3:7e:69:ae:d4:54:5d: - 46:11:0a:15:1c:ee:91:ab:da:6a:88:24:b0:ae:21:ee:a2:e6: - de:c4:cb:79:93:62:18:7d:4e:ee:d8:83:7d:65:63:f3:9c:08: - ca:28:5c:af:51:9f:36:b2:c3:06:3c:ec:cf:35:84:c5:9e:bc: - 75:03:be:e5:23:4e:7f:67:7d:86:14:df:21:4d:5e:d3:b7:86: - d6:14:cd:84:3a:3d:29:4f:de:e5:db:ac:96:a9:58:cf:02:e4: - c4:b1:26:08:34:f5:a4:3f:47:a1:0f:b3:0b:69:29:78:50:ba: - a9:eb:4a:44:fc:e7:bf:e9:ce:ba:8b:dc:b9:6a:25:c6:11:32: - 24:a0:59:7c:6e:4d:6c:cf:1b:f2:06:0f:5f:d7:4d:35:b1:f9: - a2:f7:c4:b0:b4:bb:ab:58:b5:ba:09:39:0d:50:d9:c2:a4:eb: - d9:79:23:40:ed:51:97:75:de:f5:14:c0:dc:ea:9f:6a:80:70: - ef:4e:b8:52:26:46:fc:70:e8:83:9c:2c:e8:63:b0:7f:81:a3: - 4e:91:35:02 + b2:5a:9e:62:99:e4:0e:de:7b:de:ca:d6:a9:50:9d:18:c4:83: + 51:0d:be:00:9f:f8:61:b1:d2:38:f6:30:61:ef:d5:88:05:38: + ac:37:8e:fc:c4:24:50:c5:eb:1f:75:f6:87:20:ba:47:a4:fe: + 91:e6:82:ef:4a:03:66:0e:67:a7:24:d9:f3:00:92:bc:a5:41: + 66:ca:36:f7:ef:c7:7c:84:72:28:74:23:d9:f2:aa:cb:9c:bc: + 1b:e1:3a:16:22:60:29:6e:f9:88:2f:92:a2:39:81:7e:0f:55: + 4c:fe:c5:ab:e3:8d:54:41:4b:b8:09:57:57:07:e5:c9:7a:85: + 43:b7:1f:1d:39:81:d0:18:83:dd:fd:db:28:6f:07:88:42:7e: + cd:89:73:7b:08:ef:8b:01:33:f2:a3:e4:3a:be:43:de:c1:03: + e0:0c:e1:6d:0a:dd:ad:36:bc:76:13:57:2f:89:35:35:85:d3: + 74:8c:11:ff:86:16:39:7e:3e:ee:fc:88:30:8d:4d:1d:5f:97: + ba:77:c7:6a:d4:05:d9:c9:27:29:10:08:f9:a0:56:8e:5b:5d: + d9:3f:7d:d4:73:5b:eb:d7:0c:f9:58:b4:38:66:37:8e:f2:48: + ad:80:7e:2b:bd:09:01:66:16:31:e4:31:df:4e:cc:78:d3:40: + c8:08:44:72 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3HG07 -VCjQ+hQl/iJ3VRbTJTSvzedaijhLgpmVbeGZ9/MdUy2OkLLVTn7nDJ1zmF477bxP -/sc494rOtwgPvXgYmuzyIZ4lurwkPyJzYPcs+prpqvh1ZU6vTtkB8yc+yPW1J5i9 -ovY0rXDIXvs/hwjc0KYwwTXulXvyelkDfgM5+1G+sxNUzBVo4beXQM/k/4SiEHVt -1Sn4kY04CpLGNImJwtRJhDWU+QitjEQQPklAIVO7bhsgHM7jyKfH6atPP/IhRzrV -CllvqVlC/8V8asX8eSkFoAdHZDnQvKGGZMhMCOzyA0d8AM4C/1oCWdPuLNs1Mukk -osL4UMg+ELHdCl0bAgMBAAGjgekwgeYwHQYDVR0OBBYEFAM0yXicU2d6LJbZP2Py -GD1JqESHMB8GA1UdIwQYMBaAFJyTQFRIlysMO6/OXHmXJuwyM0z7MD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCW1GtH +AO2acgMfvBRCYyiNyVoIJ1kGLmHZKKrtWBdf8r/uM6t0CxzDALY4lpbQ3JFEqx36 +5Znt/u5D3SGwuBoxcLvGpetuLnnPw8ky9znl/58e/ciMj51C5l3MsXX6lPP43/hH +6npPTB1n/TcudaMThACSxWyGZoA5ew8urxTOghzkeHvz2PSzsdF9X+0Zbx3rfr46 +M+G0hoIiBSiHhbgrcPGIRWu0+9DwCuVF9qjiGIh0VkynS8sTjmGLGsKiKy0kevBM +U0mLmL5SMXJdOOeNNnu7NE1mLbOLgoWf5vnYWNoN6dXSvlNLiK1Yijs8HVNg7RVQ +nP3Dvwz8VgKPBqudAgMBAAGjgekwgeYwHQYDVR0OBBYEFGnyyE8VXmEYQGFBsYgY +IbV3b/neMB8GA1UdIwQYMBaAFK+bOnCGRQitAs38/UZIgn1GYzHbMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAcng3RrPj1AFzOlkcXxMn -EEbd7LGefG3Yp6yxYjZXKkQX1GQiGGeuhAtrU0l2FaPTfmmu1FRdRhEKFRzukava -aogksK4h7qLm3sTLeZNiGH1O7tiDfWVj85wIyihcr1GfNrLDBjzszzWExZ68dQO+ -5SNOf2d9hhTfIU1e07eG1hTNhDo9KU/e5duslqlYzwLkxLEmCDT1pD9HoQ+zC2kp -eFC6qetKRPznv+nOuovcuWolxhEyJKBZfG5NbM8b8gYPX9dNNbH5ovfEsLS7q1i1 -ugk5DVDZwqTr2XkjQO1Rl3Xe9RTA3OqfaoBw7064UiZG/HDog5ws6GOwf4GjTpE1 -Ag== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAslqeYpnkDt573srWqVCd +GMSDUQ2+AJ/4YbHSOPYwYe/ViAU4rDeO/MQkUMXrH3X2hyC6R6T+keaC70oDZg5n +pyTZ8wCSvKVBZso29+/HfIRyKHQj2fKqy5y8G+E6FiJgKW75iC+SojmBfg9VTP7F +q+ONVEFLuAlXVwflyXqFQ7cfHTmB0BiD3f3bKG8HiEJ+zYlzewjviwEz8qPkOr5D +3sED4AzhbQrdrTa8dhNXL4k1NYXTdIwR/4YWOX4+7vyIMI1NHV+XunfHatQF2ckn +KRAI+aBWjltd2T991HNb69cM+Vi0OGY3jvJIrYB+K70JAWYWMeQx307MeNNAyAhE +cg== -----END CERTIFICATE----- Certificate: @@ -108,30 +108,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c6:22:75:92:c4:7c:6f:77:4d:46:f7:17:84:1b: - e2:08:1f:ff:71:7e:4d:6d:a4:e7:0f:58:46:84:61: - 22:02:70:4e:b8:45:3a:e2:10:d1:cf:ff:91:7c:12: - 8e:7d:19:ab:0a:46:ac:1b:d6:d6:05:b6:99:43:9b: - ab:e5:cf:ee:62:e9:94:21:84:72:5b:63:6e:5a:e1: - 25:42:c3:b7:ee:31:5f:e0:e7:69:19:01:a2:d5:54: - 70:f8:aa:aa:24:5b:3b:4d:2b:cd:2f:e4:2a:a4:be: - ba:2f:ab:a2:b6:f8:84:71:f3:23:bc:12:68:26:1e: - 49:d0:87:3e:46:46:33:47:70:f2:42:d4:3f:ba:9c: - 89:7d:4f:6e:a5:35:cf:d9:46:a8:63:c4:35:4a:e7: - 4f:f2:e0:51:90:8e:08:ed:2e:ae:18:ac:5d:16:44: - 25:32:fa:1b:3c:14:e9:37:69:9f:72:48:01:a5:1b: - f3:e1:e7:75:ec:ca:92:83:48:a4:67:e1:8d:c1:dd: - 15:02:e4:4a:82:93:d3:f3:27:9e:66:ce:a8:3a:17: - d2:c6:a7:08:31:ba:d2:e8:e7:fa:53:b6:4f:09:d8: - 7e:e4:53:b2:f1:03:d9:c4:31:0c:6d:32:a0:9d:08: - d3:c4:bb:db:45:11:68:80:ba:f8:52:dc:19:9e:67: - 68:99 + 00:c2:02:78:c1:e7:a0:b7:63:87:52:e4:d4:11:71: + 3e:cb:65:9c:d9:2f:cb:48:30:8e:62:29:ae:c9:22: + 36:a6:67:d2:ea:10:58:d2:82:ab:bc:1e:a3:12:64: + 6e:fd:79:af:2e:6c:c0:8b:fd:36:68:ea:e0:0a:09: + 53:99:89:75:92:61:13:ac:aa:d9:e2:f1:ac:93:72: + 94:65:99:9e:52:9d:8f:6d:1e:b1:3e:83:fb:fa:c4: + dd:b4:b3:d2:0b:bb:f8:21:10:a9:51:8e:9e:b4:c8: + a8:63:79:50:62:03:59:3f:53:19:02:7c:a4:d9:45: + dd:07:b7:76:89:ac:ac:6f:b1:1d:aa:8c:4a:e5:40: + a2:05:32:2f:ba:a8:a9:8a:f3:eb:f0:f3:d9:9e:97: + e6:89:42:dd:95:67:de:33:62:2c:10:59:0b:b6:de: + 9a:3e:54:10:b8:a4:a9:33:05:4d:fc:ea:8b:56:38: + 2a:11:88:cd:75:1f:74:ea:4e:ad:3c:ef:da:d4:00: + 72:57:1c:16:d3:20:b6:99:cc:7f:aa:58:fa:48:e8: + e9:a9:bd:00:2e:87:ce:39:9b:1c:17:23:ac:28:55: + 77:81:e7:ac:f6:d6:6d:77:27:fb:e7:a0:22:72:58: + 83:4d:1a:1a:be:b6:00:8e:d1:11:c7:71:28:93:09: + 74:7b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 9C:93:40:54:48:97:2B:0C:3B:AF:CE:5C:79:97:26:EC:32:33:4C:FB + AF:9B:3A:70:86:45:08:AD:02:CD:FC:FD:46:48:82:7D:46:63:31:DB X509v3 Authority Key Identifier: - keyid:6F:25:CD:4D:1F:09:D0:5A:D5:3A:23:08:72:F1:9D:08:8A:1D:CA:34 + keyid:6C:B8:FE:A6:74:44:97:70:ED:FE:CB:24:38:90:2A:A9:61:48:FB:EB Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -146,41 +146,41 @@ Certificate: X509v3 Basic Constraints: critical CA:FALSE Signature Algorithm: sha256WithRSAEncryption - 14:4a:f9:6f:29:a6:a1:1b:2b:d7:3d:5d:14:83:05:1a:46:ac: - 73:64:d5:b7:09:87:0f:08:1d:b2:ac:1c:db:79:05:e4:62:fa: - 37:7d:78:82:c9:7c:44:f3:01:9a:a6:31:78:ac:af:1e:53:9e: - 84:ab:95:f0:2e:48:62:d6:3e:a3:95:35:1e:18:c6:9e:0d:15: - 9e:94:0f:bd:8c:1b:f6:de:48:d8:cd:7c:9b:23:4d:bb:d0:f6: - df:bb:27:a6:55:82:07:3e:27:2e:80:6e:b3:67:06:67:6d:b6: - f8:5f:60:58:ab:d8:9d:f6:4b:6b:a8:9a:be:9e:c3:69:e8:15: - 00:61:9f:b2:24:6d:bd:d5:e3:7e:c7:83:66:4e:12:58:b7:c1: - c1:0e:de:1a:dc:ae:4d:19:78:b8:6c:48:fb:5b:fc:a2:86:0b: - 60:77:d7:cb:d6:e6:c9:13:5f:cf:d6:98:6c:ab:9e:9b:9d:99: - 4c:87:91:3e:d1:4a:ad:ef:84:f6:45:cc:da:99:fa:ff:57:df: - be:44:70:f9:0c:38:63:c0:31:44:45:05:46:9a:63:db:dd:a0: - f5:dc:1b:f8:51:d8:30:e5:47:23:29:d1:79:a5:e6:1e:87:2b: - c3:f8:0e:fe:de:13:bb:cd:a5:14:f3:d8:0b:34:73:47:68:07: - 8a:ac:e0:65 + 3f:ec:85:4a:fd:7e:f8:bf:4e:fd:12:e1:c4:70:75:17:55:d8: + 51:0e:92:49:9f:52:f9:e5:56:25:54:62:9e:0e:c4:24:be:d9: + aa:71:d6:cf:83:89:12:db:0a:6d:a1:c8:97:37:c6:89:9a:f7: + 50:45:de:27:de:5f:48:27:6c:09:90:b0:7f:4b:1e:d4:0a:50: + 8a:be:71:6f:b6:38:76:b5:a1:9d:73:2e:79:51:73:a0:7e:f9: + 5e:17:12:09:99:5a:e9:f9:b7:a7:59:8d:83:6f:8c:b4:ff:b6: + 2b:13:24:a0:ca:e6:e3:d2:61:b2:18:7f:40:fe:e1:08:98:d5: + e1:cb:54:b6:6e:3a:78:52:07:a7:0c:20:d8:d6:e5:ae:b5:a7: + 89:92:24:91:4c:51:99:e0:bf:0e:f8:28:82:ca:64:f1:83:30: + 7a:cd:83:a5:16:77:de:58:21:2b:e5:0c:46:3a:c8:67:14:d3: + e4:4a:0d:5d:61:d2:4c:5a:00:8f:89:e3:93:a7:e2:e9:9c:fd: + 13:83:8a:39:09:d6:22:90:e1:ee:3b:d9:4c:8a:5d:a9:39:f0: + f0:a4:f2:ee:a1:5b:1a:12:80:cb:61:1c:6d:fb:15:8a:e7:8d: + f9:8b:bf:99:06:94:f2:e1:00:e6:c3:a8:08:1c:d1:cf:f6:a7: + 23:e1:3d:3d -----BEGIN CERTIFICATE----- MIIDajCCAlKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiJ1ksR8 -b3dNRvcXhBviCB//cX5NbaTnD1hGhGEiAnBOuEU64hDRz/+RfBKOfRmrCkasG9bW -BbaZQ5ur5c/uYumUIYRyW2NuWuElQsO37jFf4OdpGQGi1VRw+KqqJFs7TSvNL+Qq -pL66L6uitviEcfMjvBJoJh5J0Ic+RkYzR3DyQtQ/upyJfU9upTXP2UaoY8Q1SudP -8uBRkI4I7S6uGKxdFkQlMvobPBTpN2mfckgBpRvz4ed17MqSg0ikZ+GNwd0VAuRK -gpPT8yeeZs6oOhfSxqcIMbrS6Of6U7ZPCdh+5FOy8QPZxDEMbTKgnQjTxLvbRRFo -gLr4UtwZnmdomQIDAQABo4HIMIHFMB0GA1UdDgQWBBSck0BUSJcrDDuvzlx5lybs -MjNM+zAfBgNVHSMEGDAWgBRvJc1NHwnQWtU6Iwhy8Z0Iih3KNDA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgJ4weeg +t2OHUuTUEXE+y2Wc2S/LSDCOYimuySI2pmfS6hBY0oKrvB6jEmRu/XmvLmzAi/02 +aOrgCglTmYl1kmETrKrZ4vGsk3KUZZmeUp2PbR6xPoP7+sTdtLPSC7v4IRCpUY6e +tMioY3lQYgNZP1MZAnyk2UXdB7d2iaysb7EdqoxK5UCiBTIvuqipivPr8PPZnpfm +iULdlWfeM2IsEFkLtt6aPlQQuKSpMwVN/OqLVjgqEYjNdR906k6tPO/a1AByVxwW +0yC2mcx/qlj6SOjpqb0ALofOOZscFyOsKFV3gees9tZtdyf756AicliDTRoavrYA +jtERx3Eokwl0ewIDAQABo4HIMIHFMB0GA1UdDgQWBBSvmzpwhkUIrQLN/P1GSIJ9 +RmMx2zAfBgNVHSMEGDAWgBRsuP6mdESXcO3+yyQ4kCqpYUj76zA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD -VR0PAQH/BAQDAgEGMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBABRK -+W8ppqEbK9c9XRSDBRpGrHNk1bcJhw8IHbKsHNt5BeRi+jd9eILJfETzAZqmMXis -rx5TnoSrlfAuSGLWPqOVNR4Yxp4NFZ6UD72MG/beSNjNfJsjTbvQ9t+7J6ZVggc+ -Jy6AbrNnBmdttvhfYFir2J32S2uomr6ew2noFQBhn7Ikbb3V437Hg2ZOEli3wcEO -3hrcrk0ZeLhsSPtb/KKGC2B318vW5skTX8/WmGyrnpudmUyHkT7RSq3vhPZFzNqZ -+v9X375EcPkMOGPAMURFBUaaY9vdoPXcG/hR2DDlRyMp0Xml5h6HK8P4Dv7eE7vN -pRTz2As0c0doB4qs4GU= +VR0PAQH/BAQDAgEGMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAD/s +hUr9fvi/Tv0S4cRwdRdV2FEOkkmfUvnlViVUYp4OxCS+2apx1s+DiRLbCm2hyJc3 +xoma91BF3ifeX0gnbAmQsH9LHtQKUIq+cW+2OHa1oZ1zLnlRc6B++V4XEgmZWun5 +t6dZjYNvjLT/tisTJKDK5uPSYbIYf0D+4QiY1eHLVLZuOnhSB6cMINjW5a61p4mS +JJFMUZngvw74KILKZPGDMHrNg6UWd95YISvlDEY6yGcU0+RKDV1h0kxaAI+J45On +4umc/RODijkJ1iKQ4e472UyKXak58PCk8u6hWxoSgMthHG37FYrnjfmLv5kGlPLh +AObDqAgc0c/2pyPhPT0= -----END CERTIFICATE----- Certificate: @@ -197,30 +197,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c4:3e:31:36:4f:df:d0:36:0e:06:5c:89:2c:c8: - 01:c6:18:a4:e7:1f:82:11:af:30:66:28:7c:c3:14: - b2:ff:a4:6c:6a:c0:f4:ae:58:82:5f:91:e6:78:19: - d7:d2:87:5c:9e:75:3a:af:c0:fd:e8:18:c4:81:b4: - 51:be:f7:c3:0d:74:d7:8a:53:01:28:c9:da:93:f4: - a6:da:51:6a:d1:23:78:1b:ab:17:46:e6:bb:71:4e: - 33:8b:9d:e1:75:7e:56:3b:00:02:74:fe:1f:49:01: - 81:0f:59:05:d6:2a:a0:48:db:9f:fc:29:6e:77:6e: - e3:78:63:4d:12:9f:f5:54:63:a5:1e:b2:c4:83:62: - ac:79:76:bd:80:d9:4c:dd:99:44:91:c3:31:fd:0f: - 3a:d8:13:6d:3c:4f:98:5b:50:e0:1a:84:b5:3b:e2: - 0f:52:89:7f:b0:de:97:e2:f9:e5:0b:2c:c4:61:9a: - f3:4b:15:e3:f2:a3:30:44:b0:d4:a6:1a:dd:60:c0: - 85:21:30:ed:b5:1e:6f:9f:50:db:ad:42:a6:3a:04: - 7c:3f:ae:94:ed:eb:43:2a:d9:85:c8:1d:72:f4:61: - d5:27:7a:a4:62:93:56:37:4b:4e:d5:44:02:f0:29: - 1f:70:2c:76:fb:2f:5b:d4:dc:86:09:03:fe:d9:13: - 5f:27 + 00:bb:74:06:fa:a6:03:d1:64:c6:fa:62:8c:f6:40: + 93:be:4e:7d:71:8b:3c:fb:57:b2:64:7a:08:9d:ce: + c3:40:ff:eb:84:43:e9:0c:e0:80:2c:e3:9c:38:43: + 90:9d:e1:a5:4e:a1:10:9f:ac:b4:bf:24:38:7a:d7: + 37:21:0d:ae:de:f0:99:37:43:6a:e7:7f:d0:4a:ba: + d3:a4:f4:df:ce:fa:d1:b0:03:f9:5d:79:a5:c5:82: + b0:cf:62:02:87:84:ec:73:d2:65:33:86:02:d7:f4: + 57:8d:98:a2:2a:8f:89:c6:23:29:68:ff:56:46:d2: + dc:9a:e3:d2:24:d8:e9:fe:18:0c:4f:67:b3:cd:5e: + 31:4a:70:2e:4c:b2:7e:10:e1:38:c7:a1:fa:bc:8f: + 9b:23:e9:19:56:c5:38:4a:e8:7d:31:e2:6e:03:70: + ce:f2:0b:52:7d:6d:d7:d7:53:d8:e0:1c:6e:95:f3: + 1c:b6:04:50:03:23:39:86:42:28:68:26:5f:ca:a7: + 13:e2:51:ed:f0:55:bb:ac:4e:9d:cf:e5:07:44:41: + 45:f8:5c:65:cf:d7:7f:0a:e0:ee:5e:5e:2c:0c:13: + 10:f6:d4:e3:ba:9f:16:f4:8c:85:b2:53:4c:e1:56: + 63:f0:08:11:84:df:dc:e1:a0:7f:fb:78:5d:eb:21: + f9:e5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 6F:25:CD:4D:1F:09:D0:5A:D5:3A:23:08:72:F1:9D:08:8A:1D:CA:34 + 6C:B8:FE:A6:74:44:97:70:ED:FE:CB:24:38:90:2A:A9:61:48:FB:EB X509v3 Authority Key Identifier: - keyid:6F:25:CD:4D:1F:09:D0:5A:D5:3A:23:08:72:F1:9D:08:8A:1D:CA:34 + keyid:6C:B8:FE:A6:74:44:97:70:ED:FE:CB:24:38:90:2A:A9:61:48:FB:EB Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -235,41 +235,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 5e:dc:6f:dc:d9:7f:6f:75:c7:c8:27:62:2f:02:7c:c2:26:35: - 82:6c:5e:93:88:34:9b:e2:fc:8a:89:9e:0a:a0:89:aa:08:e4: - 1c:59:38:4b:c7:5c:ba:92:d5:ce:1a:b0:30:25:ba:69:c9:52: - 6e:29:78:31:d6:49:c5:b3:64:e3:49:28:2d:3c:41:8a:10:c4: - 77:f1:a8:77:37:50:52:ec:ed:bb:1a:61:3f:29:ad:3e:1a:56: - 06:48:a0:89:17:91:77:67:bc:4d:68:9a:ac:a8:a8:ad:4a:05: - 2a:33:18:7a:5e:b9:32:f5:c4:7b:c0:23:90:fb:78:9a:0a:18: - f3:9b:46:f1:3c:c5:f0:3c:1b:06:56:39:3b:ba:da:5e:7e:5f: - 42:47:bc:fd:a6:bb:64:2d:db:9a:5b:60:61:e6:9d:a6:ac:c9: - 24:20:ff:cd:b7:5d:ee:8e:04:92:a1:10:34:26:48:b2:b6:3a: - c7:9a:66:2e:f0:64:f0:61:64:ef:28:85:c9:94:46:6b:fb:c5: - 0f:b9:f5:ef:51:5a:61:be:27:39:00:4c:00:7f:8a:49:14:7b: - 1a:40:e5:e7:fe:d6:d0:a7:df:33:5c:86:1e:e5:4a:64:ff:e8: - 8f:1f:9e:3c:d8:a9:a2:d2:0b:c3:53:b7:cf:f6:d1:92:84:be: - d9:e6:67:06 + 1d:f7:c7:61:bf:e6:5b:98:aa:4f:b3:9f:a5:9b:af:d0:31:38: + d1:9e:b6:44:59:c0:23:e7:cb:e5:2b:8d:f3:fe:6c:85:96:74: + 25:ad:05:ae:bd:6b:c6:c2:aa:54:80:43:8d:af:e4:3f:0d:1c: + 9d:79:52:17:57:dc:81:d1:cc:14:a7:32:99:fa:b3:dc:4c:e6: + c5:f8:3d:76:23:68:af:01:84:b9:39:89:ea:c7:b1:25:dc:01: + 73:5c:f6:f4:f5:f4:9e:16:6e:13:59:90:a5:dd:9d:62:1f:73: + 3f:51:90:79:7c:ff:7c:98:2c:b5:a2:1b:62:72:f6:86:3f:1e: + 18:fc:52:f2:f0:af:6d:3e:2b:e6:89:fa:25:62:6c:6d:35:59: + 87:5f:9e:8d:f4:49:7f:83:eb:d2:e9:b2:49:f7:11:2f:2e:c9: + f4:f1:36:46:72:3f:63:21:88:f2:ba:60:c8:6b:9f:8d:9c:bd: + 64:9b:18:d9:c0:b8:c4:62:6a:85:47:e9:07:11:a1:0f:ff:a7: + 38:7f:ed:35:55:ca:60:c9:ed:51:53:d8:e9:1c:40:9b:cf:3a: + d1:be:a5:aa:71:35:50:30:92:50:97:04:9c:68:27:27:ce:19: + bf:c5:6a:f0:86:4e:19:ef:4a:2b:14:9f:39:cc:5b:4d:d8:3e: + 8b:9d:bb:cb -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMQ+MTZP39A2DgZciSzI -AcYYpOcfghGvMGYofMMUsv+kbGrA9K5Ygl+R5ngZ19KHXJ51Oq/A/egYxIG0Ub73 -ww1014pTASjJ2pP0ptpRatEjeBurF0bmu3FOM4ud4XV+VjsAAnT+H0kBgQ9ZBdYq -oEjbn/wpbndu43hjTRKf9VRjpR6yxINirHl2vYDZTN2ZRJHDMf0POtgTbTxPmFtQ -4BqEtTviD1KJf7Del+L55QssxGGa80sV4/KjMESw1KYa3WDAhSEw7bUeb59Q261C -pjoEfD+ulO3rQyrZhcgdcvRh1Sd6pGKTVjdLTtVEAvApH3AsdvsvW9TchgkD/tkT -XycCAwEAAaOByzCByDAdBgNVHQ4EFgQUbyXNTR8J0FrVOiMIcvGdCIodyjQwHwYD -VR0jBBgwFoAUbyXNTR8J0FrVOiMIcvGdCIodyjQwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALt0BvqmA9FkxvpijPZA +k75OfXGLPPtXsmR6CJ3Ow0D/64RD6QzggCzjnDhDkJ3hpU6hEJ+stL8kOHrXNyEN +rt7wmTdDaud/0Eq606T038760bAD+V15pcWCsM9iAoeE7HPSZTOGAtf0V42YoiqP +icYjKWj/VkbS3Jrj0iTY6f4YDE9ns81eMUpwLkyyfhDhOMeh+ryPmyPpGVbFOEro +fTHibgNwzvILUn1t19dT2OAcbpXzHLYEUAMjOYZCKGgmX8qnE+JR7fBVu6xOnc/l +B0RBRfhcZc/Xfwrg7l5eLAwTEPbU47qfFvSMhbJTTOFWY/AIEYTf3OGgf/t4Xesh ++eUCAwEAAaOByzCByDAdBgNVHQ4EFgQUbLj+pnREl3Dt/sskOJAqqWFI++swHwYD +VR0jBBgwFoAUbLj+pnREl3Dt/sskOJAqqWFI++swNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBe3G/c2X9v -dcfIJ2IvAnzCJjWCbF6TiDSb4vyKiZ4KoImqCOQcWThLx1y6ktXOGrAwJbppyVJu -KXgx1knFs2TjSSgtPEGKEMR38ah3N1BS7O27GmE/Ka0+GlYGSKCJF5F3Z7xNaJqs -qKitSgUqMxh6Xrky9cR7wCOQ+3iaChjzm0bxPMXwPBsGVjk7utpefl9CR7z9prtk -LduaW2Bh5p2mrMkkIP/Nt13ujgSSoRA0JkiytjrHmmYu8GTwYWTvKIXJlEZr+8UP -ufXvUVphvic5AEwAf4pJFHsaQOXn/tbQp98zXIYe5Upk/+iPH5482Kmi0gvDU7fP -9tGShL7Z5mcG +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAd98dhv+Zb +mKpPs5+lm6/QMTjRnrZEWcAj58vlK43z/myFlnQlrQWuvWvGwqpUgEONr+Q/DRyd +eVIXV9yB0cwUpzKZ+rPcTObF+D12I2ivAYS5OYnqx7El3AFzXPb09fSeFm4TWZCl +3Z1iH3M/UZB5fP98mCy1ohticvaGPx4Y/FLy8K9tPivmifolYmxtNVmHX56N9El/ +g+vS6bJJ9xEvLsn08TZGcj9jIYjyumDIa5+NnL1kmxjZwLjEYmqFR+kHEaEP/6c4 +f+01Vcpgye1RU9jpHECbzzrRvqWqcTVQMJJQlwScaCcnzhm/xWrwhk4Z70orFJ85 +zFtN2D6LnbvL -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -282,10 +282,15 @@ FAIL RkFJTA== -----END VERIFY_RESULT----- -[Context] Processing Certificate - index: 0 - [Error] Basic Constraints indicates not a CA +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Basic Constraints indicates not a CA + -----BEGIN ERRORS----- -W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMAogICAgICBbRXJyb3JdIEJhc2ljIENvbnN0cmFpbnRzIGluZGljYXRlcyBub3QgYSBDQQo= +LS0tLS0gQ2VydGlmaWNhdGUgaT0xIChDTj1JbnRlcm1lZGlhdGUpIC0tLS0tCkVSUk9SOiBCYXNpYyBDb25zdHJhaW50cyBpbmRpY2F0ZXMgbm90IGEgQ0EKCg== -----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical.pem b/chromium/net/data/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical.pem index 8a1ec44a84f..ee35a5ee9cd 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/intermediate-basic-constraints-not-critical.pem @@ -19,30 +19,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:9f:2f:38:1d:84:e6:1c:ed:c4:47:2b:63:0b:41: - 73:dd:fe:74:c7:1a:d2:c8:7f:c1:90:ae:bf:6b:82: - a1:17:93:80:a1:92:39:52:66:81:93:90:e6:15:d7: - d6:bc:a4:03:eb:fc:50:b2:dc:f6:29:f7:a9:32:b6: - 23:6c:d4:d0:3e:d9:56:6e:9d:a0:91:10:2c:8a:1e: - 93:8d:38:37:ef:3e:7d:7a:de:15:07:c2:6c:62:1c: - 76:81:ce:a7:9e:be:44:57:1b:77:77:ed:fa:2f:e1: - c5:53:83:65:74:c6:11:3c:f2:4d:84:89:1d:3b:54: - 93:5e:38:44:f1:d4:03:ad:03:69:fd:eb:da:02:aa: - cf:6f:04:ea:22:0a:3f:a1:68:bc:56:a4:51:aa:93: - 8a:f2:22:47:42:04:98:48:68:40:2e:f6:a6:8d:38: - 84:ba:1a:56:0c:bc:53:85:77:b4:ba:e2:03:ac:10: - 0f:1d:52:64:ad:f5:92:20:38:dc:fa:dd:8b:c6:8d: - 96:30:ea:72:e2:aa:ff:5d:c3:fc:dc:1a:43:c6:da: - 48:56:f6:4c:d4:8d:00:da:28:5f:01:23:9b:b1:eb: - b7:92:b7:35:43:5e:c0:21:96:22:b6:bd:c6:5f:1b: - 0b:58:88:44:a5:ee:90:f4:e6:d0:94:41:2c:44:8c: - af:e9 + 00:d8:cc:f6:ec:23:eb:20:d2:0e:7e:29:04:ec:8c: + b9:bd:ee:47:6e:0b:ac:a9:fa:22:a4:fc:41:74:04: + d0:b5:8a:37:56:29:d5:be:e7:e0:45:88:30:d9:5a: + e0:a7:69:fd:d1:c3:4d:1c:42:68:ae:7d:cf:54:db: + 84:b9:91:e6:68:c5:d1:6d:a4:34:4a:7f:8f:3e:a3: + a8:c4:0e:3f:90:42:a9:b8:84:c2:fd:51:ed:eb:e9: + 6d:cc:5a:22:f7:fb:eb:29:7d:5d:97:9d:26:eb:10: + 29:bf:2a:bd:b0:2f:33:9b:e7:a3:17:9b:db:b4:ce: + f8:5e:66:25:7c:8c:e3:c8:53:cf:c2:c3:80:cf:e6: + 68:98:ca:bd:e3:b8:d3:bc:e2:03:d0:31:5b:ef:21: + 6d:2d:42:5e:cb:9a:3a:4d:7a:bd:e7:75:75:ff:63: + 95:aa:08:20:fb:a8:6f:95:a9:ea:45:07:c4:a7:32: + 89:58:94:98:76:2f:5d:d4:85:90:e3:be:96:33:1c: + 53:d7:bd:58:87:75:4e:8c:c9:c9:6b:c8:b6:3f:d3: + 46:1a:9f:4c:de:a5:48:cd:ad:87:fe:7a:82:f2:0c: + 65:84:f5:09:ce:cf:fd:6c:66:57:91:dc:fb:85:d1: + ff:b2:4c:ce:2f:a3:73:b1:dc:1e:13:5c:03:1a:a6: + 99:13 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 05:31:5F:95:5B:3C:43:02:74:27:C6:2E:06:50:92:FF:5C:54:AE:73 + FD:20:6C:45:13:AE:E6:1F:25:FD:C9:1E:E3:09:32:CC:34:28:4E:CF X509v3 Authority Key Identifier: - keyid:77:27:6B:15:A8:06:86:AD:0D:67:E0:D6:5B:82:3A:F8:6B:00:A3:A7 + keyid:5A:44:77:BA:2D:5E:48:FE:11:68:59:58:40:91:67:E2:22:BF:31:38 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -57,42 +57,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 00:ba:cd:3c:7b:0f:eb:b3:b1:5f:5b:0a:83:12:4d:d6:28:7e: - ff:d9:65:2c:23:f8:d2:68:cc:25:14:0c:6e:9b:37:bb:72:66: - 13:54:ff:b9:2f:f4:c8:9e:77:5b:31:2b:93:e6:94:cf:e9:bd: - 43:1a:e8:f6:c3:c5:61:fa:ff:a7:72:09:ba:2b:08:02:e4:a5: - 62:24:b1:b1:3b:0a:c0:bb:72:19:af:73:2d:9a:66:8e:f7:0f: - 30:9f:49:0f:aa:83:87:ed:45:9e:75:3a:50:32:d6:c4:cf:20: - a0:31:73:16:98:69:e9:d7:16:5b:6f:6f:0a:d8:96:82:a3:d6: - a8:a4:84:d7:1a:50:22:bd:14:d7:61:d9:43:a9:58:cf:46:e8: - 64:e9:1c:a9:d6:d3:49:45:1e:53:16:71:05:a7:0b:ae:d7:c0: - 43:8c:24:02:07:6f:99:ed:4b:f6:89:a8:31:f5:ba:56:e3:db: - 00:10:7e:0d:e0:46:96:b2:27:be:60:29:e8:91:e9:55:43:b1: - e6:74:e9:17:4e:bd:db:32:ec:61:7e:b0:d1:17:27:90:29:d9: - 2e:53:6a:8f:de:77:ae:f4:ff:f4:96:84:e6:8d:37:43:63:17: - 87:6a:8c:55:bd:ea:fd:2c:b2:83:10:3c:d7:f0:bd:21:45:ad: - ba:36:6d:43 + aa:49:c8:46:29:80:22:96:d0:94:a2:93:7b:d5:fb:e8:68:58: + 34:e0:ab:ad:52:ca:1d:9f:6a:c0:75:3d:52:6c:b4:16:9b:97: + 8f:1c:da:a4:4d:20:15:60:dc:e7:4c:d3:ad:ad:d0:01:0d:19: + 70:ef:18:36:5c:93:e8:de:48:7f:7a:e8:26:b8:d8:f7:c5:1d: + d5:48:21:98:6f:68:a1:e8:73:6a:77:b2:6b:90:cf:2a:ab:bf: + 50:c6:bf:bb:e4:3f:7f:e5:76:d0:94:70:f5:65:30:1f:a6:8b: + e2:7f:7d:71:75:8f:93:7e:d6:06:48:8d:87:fc:6e:92:39:04: + 9b:6d:33:70:f0:4a:64:9a:fe:f2:f9:95:85:49:33:31:23:5e: + 47:21:09:48:0b:42:b4:ac:6c:51:49:ad:d3:b0:04:6c:3f:42: + dc:c9:bd:f5:43:c0:6b:a4:c6:14:58:a9:4e:06:e6:1c:63:2c: + 65:0b:7e:ad:bb:6d:d1:56:2a:72:c7:ea:42:e5:75:fb:d4:15: + 6f:ab:09:40:bc:0c:12:18:13:43:ce:d6:6d:86:ad:91:13:85: + 82:45:18:7e:a9:b2:85:ce:fb:26:0a:e3:0a:c3:5a:d6:a1:7e: + e8:05:34:b7:94:57:4e:b9:17:61:dc:b4:f6:3e:fd:6f:07:33: + d3:f4:65:85 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfLzgd -hOYc7cRHK2MLQXPd/nTHGtLIf8GQrr9rgqEXk4ChkjlSZoGTkOYV19a8pAPr/FCy -3PYp96kytiNs1NA+2VZunaCRECyKHpONODfvPn163hUHwmxiHHaBzqeevkRXG3d3 -7fov4cVTg2V0xhE88k2EiR07VJNeOETx1AOtA2n969oCqs9vBOoiCj+haLxWpFGq -k4ryIkdCBJhIaEAu9qaNOIS6GlYMvFOFd7S64gOsEA8dUmSt9ZIgONz63YvGjZYw -6nLiqv9dw/zcGkPG2khW9kzUjQDaKF8BI5ux67eStzVDXsAhliK2vcZfGwtYiESl -7pD05tCUQSxEjK/pAgMBAAGjgekwgeYwHQYDVR0OBBYEFAUxX5VbPEMCdCfGLgZQ -kv9cVK5zMB8GA1UdIwQYMBaAFHcnaxWoBoatDWfg1luCOvhrAKOnMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYzPbs +I+sg0g5+KQTsjLm97kduC6yp+iKk/EF0BNC1ijdWKdW+5+BFiDDZWuCnaf3Rw00c +Qmiufc9U24S5keZoxdFtpDRKf48+o6jEDj+QQqm4hML9Ue3r6W3MWiL3++spfV2X +nSbrECm/Kr2wLzOb56MXm9u0zvheZiV8jOPIU8/Cw4DP5miYyr3juNO84gPQMVvv +IW0tQl7LmjpNer3ndXX/Y5WqCCD7qG+VqepFB8SnMolYlJh2L13UhZDjvpYzHFPX +vViHdU6MyclryLY/00Yan0zepUjNrYf+eoLyDGWE9QnOz/1sZleR3PuF0f+yTM4v +o3Ox3B4TXAMappkTAgMBAAGjgekwgeYwHQYDVR0OBBYEFP0gbEUTruYfJf3JHuMJ +Msw0KE7PMB8GA1UdIwQYMBaAFFpEd7otXkj+EWhZWECRZ+IivzE4MD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAALrNPHsP67OxX1sKgxJN -1ih+/9llLCP40mjMJRQMbps3u3JmE1T/uS/0yJ53WzErk+aUz+m9Qxro9sPFYfr/ -p3IJuisIAuSlYiSxsTsKwLtyGa9zLZpmjvcPMJ9JD6qDh+1FnnU6UDLWxM8goDFz -Fphp6dcWW29vCtiWgqPWqKSE1xpQIr0U12HZQ6lYz0boZOkcqdbTSUUeUxZxBacL -rtfAQ4wkAgdvme1L9omoMfW6VuPbABB+DeBGlrInvmAp6JHpVUOx5nTpF0692zLs -YX6w0RcnkCnZLlNqj953rvT/9JaE5o03Q2MXh2qMVb3q/SyygxA81/C9IUWtujZt -Qw== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAqknIRimAIpbQlKKTe9X7 +6GhYNOCrrVLKHZ9qwHU9Umy0FpuXjxzapE0gFWDc50zTra3QAQ0ZcO8YNlyT6N5I +f3roJrjY98Ud1UghmG9ooehzaneya5DPKqu/UMa/u+Q/f+V20JRw9WUwH6aL4n99 +cXWPk37WBkiNh/xukjkEm20zcPBKZJr+8vmVhUkzMSNeRyEJSAtCtKxsUUmt07AE +bD9C3Mm99UPAa6TGFFipTgbmHGMsZQt+rbtt0VYqcsfqQuV1+9QVb6sJQLwMEhgT +Q87WbYatkROFgkUYfqmyhc77JgrjCsNa1qF+6AU0t5RXTrkXYdy09j79bwcz0/Rl +hQ== -----END CERTIFICATE----- Certificate: @@ -109,30 +109,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:94:4c:ba:e4:24:50:f0:02:98:a7:42:66:d3:d6: - 53:4d:ad:3f:76:fa:4f:72:61:fd:79:cc:43:e2:d6: - 2f:d9:99:84:0b:da:34:6f:65:ca:78:2b:a9:22:98: - 04:ba:93:89:e9:8c:d0:71:62:cd:a4:3a:35:e2:8c: - 2d:8a:48:36:2b:d1:99:52:27:c7:44:34:30:2c:87: - a7:47:e3:df:74:a3:6c:c6:3c:d2:ba:5c:3c:04:79: - 1f:11:36:58:7a:86:65:60:cc:a1:4c:ba:f9:72:7e: - 80:d3:1b:12:18:8a:44:b3:f3:fa:20:f8:8c:3d:63: - e3:96:0a:6b:0a:32:a1:f1:75:7c:6b:76:5f:1b:ef: - bd:64:c3:34:fd:2e:27:89:dd:ef:e5:74:08:08:a4: - 96:92:7b:f3:4b:f5:ee:eb:91:0b:bb:ca:53:e8:ed: - 48:a8:bb:7c:f8:9f:30:f7:15:05:32:7d:73:62:37: - 4f:f7:a1:d4:de:45:e2:f7:49:86:b9:c9:f8:84:cc: - 67:b2:f0:34:48:e6:54:e4:5d:1f:fb:03:fc:d8:15: - a1:17:0e:53:0d:c8:c9:a6:99:bf:f8:93:df:af:35: - e3:10:91:91:24:f3:eb:88:0b:d8:4f:16:36:a3:28: - ad:21:bd:22:bf:46:59:0a:ea:f0:fb:fc:01:c3:ba: - 42:e9 + 00:fb:af:dd:12:ab:aa:06:e0:72:bd:43:4c:3e:5b: + cd:02:9c:ca:c1:42:6d:cd:47:6e:6c:4c:6b:3f:2e: + c1:3f:2e:88:3d:77:4f:1c:34:60:ba:f7:fb:58:64: + 3c:c2:76:5d:30:88:48:22:81:2f:27:c8:1f:b4:ed: + 96:07:5d:f7:7c:4a:37:be:fe:4f:7b:1f:19:82:21: + 24:18:c9:ae:a7:a5:58:62:9d:6b:f9:9a:88:56:0f: + 7f:b4:0c:1a:d5:4f:ab:2c:c4:97:6e:ec:db:b1:a0: + 43:86:34:08:2e:21:16:f8:f6:3e:2a:e8:ca:9a:a4: + fb:91:7e:f9:43:19:42:08:10:7e:92:af:60:45:4e: + 30:e4:d3:d3:e9:bf:32:cf:c1:1b:a0:52:6e:a4:aa: + ed:13:6d:e8:7f:68:c6:88:84:67:20:8f:6b:82:9c: + 49:5d:b4:95:63:9d:0a:dc:9f:ab:7b:b3:eb:f7:ad: + 48:35:f5:44:ec:84:23:e1:5b:ca:49:16:e0:c2:5a: + 8f:3e:d2:2b:fa:50:08:bf:12:3b:da:8c:96:66:93: + 69:5b:27:4e:b8:e7:8d:11:14:e6:29:23:b5:d9:f7: + b0:f9:e2:90:e2:d8:be:8d:1d:dc:89:f5:eb:15:df: + 58:88:e8:91:14:94:9d:37:e3:10:1a:de:30:3c:18: + d7:6f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 77:27:6B:15:A8:06:86:AD:0D:67:E0:D6:5B:82:3A:F8:6B:00:A3:A7 + 5A:44:77:BA:2D:5E:48:FE:11:68:59:58:40:91:67:E2:22:BF:31:38 X509v3 Authority Key Identifier: - keyid:6C:17:23:18:CA:A6:A4:28:C6:08:4C:AA:9A:3F:18:FB:7B:67:B2:36 + keyid:B8:16:92:87:E1:0C:B9:E5:61:C3:DA:A5:05:11:6A:58:DD:78:65:8E Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -147,41 +147,41 @@ Certificate: X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption - af:80:f1:f7:93:98:cd:84:13:e3:eb:ab:2d:ff:91:4c:72:5d: - d9:a9:b7:96:e8:bc:e9:f3:31:a0:46:7c:0d:49:a3:1f:5a:6a: - aa:82:9a:c2:1f:37:7a:9a:37:1a:96:fb:8e:fa:28:e1:eb:b8: - a3:d0:66:2d:9e:6e:ff:8e:c3:0a:17:23:ae:60:d5:9b:d2:fb: - 23:2b:a9:b0:22:cb:e6:85:29:11:d3:b5:71:3e:30:9a:9c:60: - 24:c5:a8:42:66:4f:5c:10:8b:fa:61:ad:d7:14:2b:51:0e:53: - 24:1a:c7:5f:d9:12:97:6a:8c:da:d5:f9:35:41:4c:d4:0e:a8: - 98:c6:e8:61:db:7b:95:d5:ca:26:ff:60:01:e2:c6:4e:f7:67: - ee:36:1f:2b:71:82:46:f5:11:44:ce:7b:ac:85:06:f1:09:35: - 07:62:08:36:ad:b6:5b:c6:70:a0:bb:f0:5b:2e:47:09:a2:69: - 79:a6:f1:77:fd:3c:b9:57:f4:c7:e6:f8:80:18:ba:d0:a0:c1: - b1:6f:b9:c8:3b:a2:c1:83:5c:e7:3a:05:19:36:c5:ae:54:dc: - df:1d:ad:18:e0:52:dd:71:ba:53:3e:2c:7d:eb:09:3a:cb:25: - 10:b3:52:50:7f:42:2b:a8:2c:a7:cc:02:8e:17:99:af:7e:d2: - 75:f4:15:f1 + 26:ed:4b:f6:f6:2c:49:cc:f5:e6:b2:db:08:0b:87:39:9f:b0: + 5a:10:8e:70:be:01:72:a5:b0:da:96:3b:40:d3:78:ac:47:78: + e1:74:46:77:cb:86:e0:1a:90:bc:23:24:ea:cf:69:88:e7:58: + 75:2c:45:e9:12:d6:b3:20:b3:13:26:86:17:da:18:8a:d9:32: + f3:c3:4b:92:4e:87:9a:a5:eb:a2:62:a9:dd:70:bf:8e:7a:02: + 05:a2:15:27:ea:d3:f5:4f:e4:ed:6d:77:a1:e3:dc:b6:8b:2e: + c8:04:fd:f6:f4:e5:c3:e5:77:26:63:f2:14:93:74:a3:43:0c: + 36:65:59:81:3b:79:db:ed:5b:da:20:bc:fc:ee:e5:4b:54:7b: + 7c:da:4e:a9:be:1b:3a:87:18:bd:03:35:01:d0:20:e1:5d:74: + a8:35:eb:1e:40:71:37:4a:dc:b3:35:3b:01:7c:e6:87:5e:bd: + fd:af:72:7a:48:67:05:92:e7:54:63:fc:20:cb:be:aa:0e:4a: + 0c:1e:09:8a:38:7f:25:c7:98:14:78:c6:29:07:cb:73:02:2d: + 95:43:75:8c:8f:87:df:6a:31:5f:45:dd:bf:08:cf:f5:a6:60: + fe:3d:99:c9:e0:51:1d:40:17:ce:f7:ac:f2:ad:ce:b4:2f:2a: + 9d:6e:19:23 -----BEGIN CERTIFICATE----- MIIDajCCAlKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEy65CRQ -8AKYp0Jm09ZTTa0/dvpPcmH9ecxD4tYv2ZmEC9o0b2XKeCupIpgEupOJ6YzQcWLN -pDo14owtikg2K9GZUifHRDQwLIenR+PfdKNsxjzSulw8BHkfETZYeoZlYMyhTLr5 -cn6A0xsSGIpEs/P6IPiMPWPjlgprCjKh8XV8a3ZfG++9ZMM0/S4nid3v5XQICKSW -knvzS/Xu65ELu8pT6O1IqLt8+J8w9xUFMn1zYjdP96HU3kXi90mGucn4hMxnsvA0 -SOZU5F0f+wP82BWhFw5TDcjJppm/+JPfrzXjEJGRJPPriAvYTxY2oyitIb0iv0ZZ -Curw+/wBw7pC6QIDAQABo4HIMIHFMB0GA1UdDgQWBBR3J2sVqAaGrQ1n4NZbgjr4 -awCjpzAfBgNVHSMEGDAWgBRsFyMYyqakKMYITKqaPxj7e2eyNjA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+6/dEquq +BuByvUNMPlvNApzKwUJtzUdubExrPy7BPy6IPXdPHDRguvf7WGQ8wnZdMIhIIoEv +J8gftO2WB133fEo3vv5Pex8ZgiEkGMmup6VYYp1r+ZqIVg9/tAwa1U+rLMSXbuzb +saBDhjQILiEW+PY+KujKmqT7kX75QxlCCBB+kq9gRU4w5NPT6b8yz8EboFJupKrt +E23of2jGiIRnII9rgpxJXbSVY50K3J+re7Pr961INfVE7IQj4VvKSRbgwlqPPtIr ++lAIvxI72oyWZpNpWydOuOeNERTmKSO12few+eKQ4ti+jR3cifXrFd9YiOiRFJSd +N+MQGt4wPBjXbwIDAQABo4HIMIHFMB0GA1UdDgQWBBRaRHe6LV5I/hFoWVhAkWfi +Ir8xODAfBgNVHSMEGDAWgBS4FpKH4Qy55WHD2qUFEWpY3XhljjA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD -VR0PAQH/BAQDAgEGMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAK+A -8feTmM2EE+Prqy3/kUxyXdmpt5bovOnzMaBGfA1Jox9aaqqCmsIfN3qaNxqW+476 -KOHruKPQZi2ebv+OwwoXI65g1ZvS+yMrqbAiy+aFKRHTtXE+MJqcYCTFqEJmT1wQ -i/phrdcUK1EOUyQax1/ZEpdqjNrV+TVBTNQOqJjG6GHbe5XVyib/YAHixk73Z+42 -Hytxgkb1EUTOe6yFBvEJNQdiCDattlvGcKC78FsuRwmiaXmm8Xf9PLlX9Mfm+IAY -utCgwbFvucg7osGDXOc6BRk2xa5U3N8drRjgUt1xulM+LH3rCTrLJRCzUlB/Qiuo -LKfMAo4Xma9+0nX0FfE= +VR0PAQH/BAQDAgEGMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACbt +S/b2LEnM9eay2wgLhzmfsFoQjnC+AXKlsNqWO0DTeKxHeOF0RnfLhuAakLwjJOrP +aYjnWHUsRekS1rMgsxMmhhfaGIrZMvPDS5JOh5ql66Jiqd1wv456AgWiFSfq0/VP +5O1td6Hj3LaLLsgE/fb05cPldyZj8hSTdKNDDDZlWYE7edvtW9ogvPzu5UtUe3za +Tqm+GzqHGL0DNQHQIOFddKg16x5AcTdK3LM1OwF85odevf2vcnpIZwWS51Rj/CDL +vqoOSgweCYo4fyXHmBR4xikHy3MCLZVDdYyPh99qMV9F3b8Iz/WmYP49mcngUR1A +F873rPKtzrQvKp1uGSM= -----END CERTIFICATE----- Certificate: @@ -198,30 +198,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:e2:4c:a9:08:30:3f:0e:6a:ec:ec:80:8e:07:cb: - fa:9b:01:b9:8a:37:f0:b1:f2:c2:43:79:90:7e:70: - 76:ac:5c:41:60:55:66:fb:4f:e6:79:c8:18:01:7f: - d5:bd:9a:d5:58:5a:00:bf:81:86:37:1e:68:1a:92: - da:dd:e8:20:1a:47:43:78:bb:7e:5c:82:c6:59:1b: - 37:c9:99:b2:ac:bb:d2:c0:cf:58:5a:25:13:a6:6b: - 9a:79:be:dc:f6:6f:6c:80:5d:58:c2:b5:67:ae:09: - 1b:ba:2a:f3:2a:00:d2:43:b6:59:df:38:7c:ef:c1: - be:1b:a1:e0:7d:9b:20:27:04:67:94:45:b3:2d:f6: - 77:91:3c:c4:94:5f:78:7a:79:2c:4b:21:23:8b:f4: - d3:60:73:10:59:c7:a1:84:3f:5a:4e:82:43:90:68: - 77:2a:f6:b1:d2:d4:cc:cd:76:36:13:95:c5:a7:f4: - 46:d8:b7:ee:ef:59:07:2c:69:4d:9c:22:e4:2d:f1: - a9:2c:50:35:50:c2:91:ea:37:d9:6c:b6:f2:ff:cd: - 7e:00:ae:51:e3:b4:10:5f:87:e3:92:fe:9e:62:a5: - 34:fe:15:c4:19:20:3a:68:fd:3c:be:ae:aa:a3:52: - 48:d3:05:95:99:f8:38:18:c5:44:d6:71:c4:bf:34: - e5:c7 + 00:aa:94:1d:65:8c:79:04:f0:c9:d1:3c:23:76:e9: + 3e:2c:c9:52:e1:fc:b9:bf:35:8d:66:e4:37:66:b5: + 4b:ff:1a:9b:cb:30:e1:d4:30:54:fb:6e:f2:43:fd: + 76:b8:84:51:79:12:5a:65:95:87:ec:3d:19:b0:ab: + 04:94:64:aa:bc:e5:bf:e2:77:fd:07:28:3c:b5:20: + da:55:2c:79:04:f2:71:6e:31:b4:63:14:80:4e:c3: + 83:1e:ea:7e:5a:c0:4d:48:4a:2e:9e:52:80:80:98: + 22:10:4a:05:d7:db:13:8f:37:67:20:63:19:01:92: + 07:46:94:b5:c9:ba:e7:68:af:06:57:35:69:50:50: + 22:23:0b:92:a1:98:32:08:88:5c:8b:4c:7c:a5:6a: + f3:31:ee:bf:4c:59:b0:a1:cb:e8:28:1d:fa:4c:d3: + 1b:e6:2b:03:1a:4f:b5:8d:93:5d:18:95:c7:93:c1: + 8b:6f:55:17:34:17:e9:d8:70:47:c8:4c:b2:5a:fa: + a7:aa:66:b7:a3:62:17:0a:7c:27:15:ef:c2:bc:5b: + 7a:7d:88:c7:2a:45:0c:d7:3b:91:7e:72:c6:30:cb: + 12:39:1e:a2:8a:88:39:30:f0:54:b4:19:6f:b6:5e: + e8:01:60:2c:2b:27:cb:e5:93:49:ab:b8:9e:f0:29: + e6:c7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 6C:17:23:18:CA:A6:A4:28:C6:08:4C:AA:9A:3F:18:FB:7B:67:B2:36 + B8:16:92:87:E1:0C:B9:E5:61:C3:DA:A5:05:11:6A:58:DD:78:65:8E X509v3 Authority Key Identifier: - keyid:6C:17:23:18:CA:A6:A4:28:C6:08:4C:AA:9A:3F:18:FB:7B:67:B2:36 + keyid:B8:16:92:87:E1:0C:B9:E5:61:C3:DA:A5:05:11:6A:58:DD:78:65:8E Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -236,41 +236,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - d2:00:6a:7a:21:40:79:ad:84:23:e8:62:29:b5:47:0a:7a:91: - 08:3d:f3:af:0a:14:e9:93:08:7a:81:bf:44:6f:e9:59:5b:d6: - 8f:e1:bd:cd:9f:46:94:2e:7e:79:df:53:9e:85:e3:86:e0:15: - 65:e4:fd:b9:10:f7:19:6c:f1:ba:39:3b:2e:49:97:18:7d:95: - a9:e5:14:49:65:44:31:39:5b:75:c7:09:75:1f:b3:5a:5b:fe: - 09:1a:4a:af:ec:6b:58:5a:7b:ef:44:58:37:ab:23:72:bd:97: - 7b:02:63:65:cf:3d:f6:13:62:44:49:04:dc:85:fc:6f:31:80: - c7:e0:1e:5b:77:90:29:cb:06:67:4e:99:41:b1:66:d7:4b:a3: - fa:85:5c:bc:2e:c5:fa:a0:a1:8d:07:ba:52:31:cf:5e:2a:98: - f1:ba:dc:56:4b:b3:cc:11:b2:d1:2d:0a:eb:75:a8:fe:f6:02: - d8:9b:0f:5b:7e:11:50:b1:51:b9:31:11:c5:4b:fa:bf:34:4d: - 46:e9:27:39:61:ca:09:41:b2:67:fc:54:8a:38:0b:50:7d:f0: - e4:7a:a4:30:08:12:86:b3:fc:d2:43:0c:b5:50:4b:45:ee:cf: - 90:5b:3e:39:47:11:b6:6b:a6:24:fe:02:17:07:7c:06:15:23: - 0f:d8:0e:7b + 2d:63:65:51:b6:94:8d:0e:13:09:50:fe:e7:77:07:43:59:8a: + 4f:ad:99:0c:3a:db:df:83:6a:ac:62:dd:e5:c3:1c:fe:4b:3d: + d8:a4:f1:9d:c2:4d:9f:1b:dc:56:92:6b:13:db:e0:52:2b:75: + ba:b8:0c:d1:86:8e:41:ef:18:fa:42:5a:fc:1e:bc:4e:a9:b1: + 26:50:4d:c0:3e:0c:b3:64:84:d7:73:dc:86:16:0b:1b:0c:97: + 91:cd:93:42:d0:c1:b2:dd:1d:b4:af:9e:a1:4e:b2:a4:81:0d: + 0b:e8:3b:d1:01:67:7a:86:27:0e:f8:03:e9:98:78:71:c9:25: + 69:0b:89:cd:20:21:06:08:64:58:a4:27:ba:f5:da:e8:b2:c9: + ba:24:7a:64:91:ee:09:a4:8f:65:33:d9:b3:a7:39:5c:15:cb: + 2f:0f:2b:ab:79:be:65:85:34:78:24:8f:8d:82:1c:c4:2f:75: + ae:63:eb:07:92:6b:89:26:19:a8:76:1a:d2:14:c8:01:ea:ae: + 3c:1b:d8:94:e9:0c:db:b0:bf:f1:37:9d:f9:8b:c8:0c:70:bb: + b5:05:f3:9d:cc:74:95:30:a3:a1:0b:df:8a:d1:1c:f1:98:5e: + a1:a8:3a:92:87:6a:aa:9e:d6:23:f3:0c:37:db:cb:e7:fa:70: + e0:d3:13:ae -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOJMqQgwPw5q7OyAjgfL -+psBuYo38LHywkN5kH5wdqxcQWBVZvtP5nnIGAF/1b2a1VhaAL+BhjceaBqS2t3o -IBpHQ3i7flyCxlkbN8mZsqy70sDPWFolE6Zrmnm+3PZvbIBdWMK1Z64JG7oq8yoA -0kO2Wd84fO/Bvhuh4H2bICcEZ5RFsy32d5E8xJRfeHp5LEshI4v002BzEFnHoYQ/ -Wk6CQ5Bodyr2sdLUzM12NhOVxaf0Rti37u9ZByxpTZwi5C3xqSxQNVDCkeo32Wy2 -8v/NfgCuUeO0EF+H45L+nmKlNP4VxBkgOmj9PL6uqqNSSNMFlZn4OBjFRNZxxL80 -5ccCAwEAAaOByzCByDAdBgNVHQ4EFgQUbBcjGMqmpCjGCEyqmj8Y+3tnsjYwHwYD -VR0jBBgwFoAUbBcjGMqmpCjGCEyqmj8Y+3tnsjYwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqUHWWMeQTwydE8I3bp +PizJUuH8ub81jWbkN2a1S/8am8sw4dQwVPtu8kP9driEUXkSWmWVh+w9GbCrBJRk +qrzlv+J3/QcoPLUg2lUseQTycW4xtGMUgE7Dgx7qflrATUhKLp5SgICYIhBKBdfb +E483ZyBjGQGSB0aUtcm652ivBlc1aVBQIiMLkqGYMgiIXItMfKVq8zHuv0xZsKHL +6Cgd+kzTG+YrAxpPtY2TXRiVx5PBi29VFzQX6dhwR8hMslr6p6pmt6NiFwp8JxXv +wrxben2IxypFDNc7kX5yxjDLEjkeooqIOTDwVLQZb7Ze6AFgLCsny+WTSau4nvAp +5scCAwEAAaOByzCByDAdBgNVHQ4EFgQUuBaSh+EMueVhw9qlBRFqWN14ZY4wHwYD +VR0jBBgwFoAUuBaSh+EMueVhw9qlBRFqWN14ZY4wNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDSAGp6IUB5 -rYQj6GIptUcKepEIPfOvChTpkwh6gb9Eb+lZW9aP4b3Nn0aULn5531OeheOG4BVl -5P25EPcZbPG6OTsuSZcYfZWp5RRJZUQxOVt1xwl1H7NaW/4JGkqv7GtYWnvvRFg3 -qyNyvZd7AmNlzz32E2JESQTchfxvMYDH4B5bd5ApywZnTplBsWbXS6P6hVy8LsX6 -oKGNB7pSMc9eKpjxutxWS7PMEbLRLQrrdaj+9gLYmw9bfhFQsVG5MRHFS/q/NE1G -6Sc5YcoJQbJn/FSKOAtQffDkeqQwCBKGs/zSQwy1UEtF7s+QWz45RxG2a6Yk/gIX -B3wGFSMP2A57 +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAtY2VRtpSN +DhMJUP7ndwdDWYpPrZkMOtvfg2qsYt3lwxz+Sz3YpPGdwk2fG9xWkmsT2+BSK3W6 +uAzRho5B7xj6Qlr8HrxOqbEmUE3APgyzZITXc9yGFgsbDJeRzZNC0MGy3R20r56h +TrKkgQ0L6DvRAWd6hicO+APpmHhxySVpC4nNICEGCGRYpCe69drossm6JHpkke4J +pI9lM9mzpzlcFcsvDyureb5lhTR4JI+NghzEL3WuY+sHkmuJJhmodhrSFMgB6q48 +G9iU6QzbsL/xN535i8gMcLu1BfOdzHSVMKOhC9+K0RzxmF6hqDqSh2qqntYj8ww3 +28vn+nDg0xOu -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -282,3 +282,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints.pem b/chromium/net/data/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints.pem index ceb0487cb28..5130b18e00a 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/intermediate-lacks-basic-constraints.pem @@ -18,30 +18,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ac:3c:48:cb:8e:9b:00:37:e3:06:36:23:5e:3c: - 24:0b:d2:57:0e:52:8f:53:d0:48:ca:38:67:91:a7: - 10:d3:35:2d:67:f4:ad:2c:9e:c1:ee:f5:6b:62:23: - 34:03:32:76:29:96:fd:db:cc:a4:9a:d8:b6:97:c4: - a9:73:c1:a1:57:2f:cd:80:d1:d9:db:39:82:11:bb: - 95:3e:1b:b3:1e:ac:e7:c0:67:f3:1e:cb:4f:d4:a6: - c7:01:32:c5:45:ca:53:ff:cf:46:e1:b3:4f:55:01: - ef:76:44:92:55:55:d8:a4:db:5c:80:8f:48:51:86: - 6c:d9:b6:b7:5c:74:56:06:00:38:3f:d9:ee:c3:ae: - 78:a0:57:ff:fa:41:02:14:63:00:bb:1f:98:9a:f5: - 39:50:51:50:78:03:5d:13:a2:fd:a3:08:b0:ff:69: - ee:60:c8:af:1c:1e:8a:13:4b:0e:b9:48:29:92:f2: - 95:0a:d9:85:2f:ff:17:ab:c7:6f:e0:32:d1:16:9e: - 66:ae:81:87:b8:7e:70:ac:73:8c:67:de:dd:1a:e0: - 0e:0e:bb:ab:bc:f5:ef:38:d9:37:49:71:d1:7c:e6: - 64:f7:00:10:e4:83:ed:1e:58:05:44:89:f2:a9:a2: - 1d:57:5c:b5:db:bc:55:39:35:d7:f3:a5:b8:28:d1: - 45:5d + 00:cd:97:c5:b2:49:20:8b:97:3c:5d:b5:01:5b:8d: + ac:af:2a:2a:b5:cf:1a:ba:d8:1c:2d:68:12:1f:1f: + 10:8c:50:4d:d6:75:72:cb:62:d5:5f:ff:6b:45:44: + a6:76:15:31:6e:7d:0e:21:2e:53:65:57:cf:7f:24: + ab:2d:05:db:7e:94:e7:7b:dc:ec:02:6d:58:3b:4e: + db:c0:95:02:bf:c4:ad:4c:26:20:49:11:a5:d1:b7: + 01:e9:27:15:85:ef:19:9a:7d:b9:32:6a:f8:0e:45: + 8b:ee:f4:31:ad:e6:ef:bf:be:d7:ac:44:2e:11:59: + 15:5b:82:81:37:88:46:58:98:96:5b:b4:33:c5:c3: + 14:11:7a:53:fc:e9:7a:c5:dd:61:ed:01:a4:83:fe: + 39:66:8d:34:8d:87:09:94:78:f4:fe:0c:0e:e8:ca: + f1:d0:7a:d6:d0:55:1d:4b:21:31:6c:54:39:ff:1d: + 38:c4:58:c0:10:02:78:ab:73:36:d3:2b:09:a4:62: + e9:e3:32:41:02:ea:d6:99:0a:0e:01:3c:df:68:3e: + 58:cb:7e:c2:61:84:c9:27:37:83:0b:5c:e8:60:5e: + 53:64:e6:50:cf:2a:22:cd:be:57:92:72:6c:6b:47: + 77:ee:bb:96:48:b0:4b:1b:eb:37:b8:0f:2b:c6:97: + 98:b3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 9E:25:C3:B0:61:AE:69:26:DE:05:F4:15:3C:58:B0:7C:6D:91:5C:5B + A1:B6:F2:69:1D:9D:60:3D:20:03:B7:D6:19:26:AF:97:9F:7F:56:2A X509v3 Authority Key Identifier: - keyid:E5:AE:8F:CC:87:F7:B5:85:86:1E:4B:A6:CF:FC:B9:CA:10:C8:79:90 + keyid:45:32:A9:37:50:F0:A0:A1:8E:02:EB:8B:34:65:28:12:3F:FB:6A:18 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -56,42 +56,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - c5:3c:97:21:6a:dc:f8:0c:23:76:c2:4e:33:63:f4:7e:d1:61: - bd:f8:cf:6d:b5:ef:d6:f1:96:a0:84:07:42:ab:e2:34:90:3a: - 95:2a:db:f6:19:28:bd:19:22:65:20:b0:25:b0:f0:ca:d0:d3: - 44:41:fe:03:f2:9f:0c:df:02:dc:64:c6:47:13:1e:26:dd:6a: - 5d:52:8a:fe:d3:0a:9a:d1:8c:a5:93:ec:1a:d4:d5:ad:ba:cd: - 6b:c2:99:6b:04:b7:06:98:a8:53:dc:d9:97:97:da:ac:29:bb: - 09:4a:25:ca:08:83:eb:ed:1f:a7:ae:28:fc:51:09:a9:e4:95: - f2:66:97:f2:97:48:9e:01:44:40:5b:4a:91:a5:ed:f9:86:6b: - fb:e2:47:c8:47:aa:ad:8d:aa:79:30:fb:4f:f1:a7:7c:c3:23: - b3:23:4d:15:a3:04:67:ff:26:b1:50:c0:5a:13:f4:8a:61:da: - 98:a2:35:0e:ec:4f:2b:e7:e0:dc:29:0a:07:20:e4:22:97:b1: - da:0d:73:6f:32:03:f1:cd:4b:a2:7b:9b:c3:62:a8:dd:55:02: - 57:6b:2f:a4:d6:46:20:bc:bd:f7:52:e7:44:8e:3d:2c:73:05: - 55:ac:35:8b:af:39:32:a1:07:da:fd:bb:8c:bb:35:e0:e6:bb: - 0c:49:1a:e4 + 94:ff:02:45:5d:2d:61:30:d0:d7:39:40:ed:ac:ce:ed:82:4a: + 6e:52:d4:55:a3:78:f0:a6:79:87:5c:f2:b2:9a:89:5a:ee:3a: + 73:62:d8:a0:14:28:ce:38:d8:37:3d:ca:51:77:4a:fc:8a:a8: + ee:6e:fa:7e:ca:a8:dd:ed:92:80:b0:6d:98:f2:8b:1d:4d:62: + 0d:7e:4e:74:04:53:9e:b1:8f:83:3c:db:20:1a:e7:8c:6d:98: + 3f:1e:74:df:05:f8:b4:23:ef:ba:95:07:6b:db:7a:ba:9d:e3: + 0a:b7:e5:df:bb:5b:4e:81:a1:f5:e5:c4:30:99:e4:4e:22:1d: + 0c:90:96:10:54:3c:9f:cb:5d:8d:fd:91:ac:1e:eb:ed:fc:28: + a8:ca:32:04:d9:2b:7b:d0:57:1c:59:81:93:41:56:35:e1:68: + bd:24:61:9b:8d:d4:de:39:9e:d1:e1:b9:15:a6:bf:5a:7a:2f: + e5:c2:b8:c0:16:ec:dc:3c:ff:e4:8e:f6:3f:94:a6:14:a3:7d: + 70:07:34:3b:dc:8c:e2:16:bc:98:91:20:d4:60:1d:53:ee:c9: + 1c:52:9d:a7:dc:d4:24:71:05:93:71:f6:d8:fa:20:ba:fe:6b: + 0f:97:3d:4b:4b:84:b9:8f:31:50:83:91:f8:c9:79:46:3d:62: + 69:4e:09:87 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsPEjL -jpsAN+MGNiNePCQL0lcOUo9T0EjKOGeRpxDTNS1n9K0snsHu9WtiIzQDMnYplv3b -zKSa2LaXxKlzwaFXL82A0dnbOYIRu5U+G7MerOfAZ/Mey0/UpscBMsVFylP/z0bh -s09VAe92RJJVVdik21yAj0hRhmzZtrdcdFYGADg/2e7DrnigV//6QQIUYwC7H5ia -9TlQUVB4A10Tov2jCLD/ae5gyK8cHooTSw65SCmS8pUK2YUv/xerx2/gMtEWnmau -gYe4fnCsc4xn3t0a4A4Ou6u89e842TdJcdF85mT3ABDkg+0eWAVEifKpoh1XXLXb -vFU5Ndfzpbgo0UVdAgMBAAGjgekwgeYwHQYDVR0OBBYEFJ4lw7Bhrmkm3gX0FTxY -sHxtkVxbMB8GA1UdIwQYMBaAFOWuj8yH97WFhh5Lps/8ucoQyHmQMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNl8Wy +SSCLlzxdtQFbjayvKiq1zxq62BwtaBIfHxCMUE3WdXLLYtVf/2tFRKZ2FTFufQ4h +LlNlV89/JKstBdt+lOd73OwCbVg7TtvAlQK/xK1MJiBJEaXRtwHpJxWF7xmafbky +avgORYvu9DGt5u+/vtesRC4RWRVbgoE3iEZYmJZbtDPFwxQRelP86XrF3WHtAaSD +/jlmjTSNhwmUePT+DA7oyvHQetbQVR1LITFsVDn/HTjEWMAQAnirczbTKwmkYunj +MkEC6taZCg4BPN9oPljLfsJhhMknN4MLXOhgXlNk5lDPKiLNvleScmxrR3fuu5ZI +sEsb6ze4DyvGl5izAgMBAAGjgekwgeYwHQYDVR0OBBYEFKG28mkdnWA9IAO31hkm +r5eff1YqMB8GA1UdIwQYMBaAFEUyqTdQ8KChjgLrizRlKBI/+2oYMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAxTyXIWrc+AwjdsJOM2P0 -ftFhvfjPbbXv1vGWoIQHQqviNJA6lSrb9hkovRkiZSCwJbDwytDTREH+A/KfDN8C -3GTGRxMeJt1qXVKK/tMKmtGMpZPsGtTVrbrNa8KZawS3BpioU9zZl5farCm7CUol -ygiD6+0fp64o/FEJqeSV8maX8pdIngFEQFtKkaXt+YZr++JHyEeqrY2qeTD7T/Gn -fMMjsyNNFaMEZ/8msVDAWhP0imHamKI1DuxPK+fg3CkKByDkIpex2g1zbzID8c1L -onubw2Ko3VUCV2svpNZGILy991LnRI49LHMFVaw1i685MqEH2v27jLs14Oa7DEka -5A== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAlP8CRV0tYTDQ1zlA7azO +7YJKblLUVaN48KZ5h1zyspqJWu46c2LYoBQozjjYNz3KUXdK/Iqo7m76fsqo3e2S +gLBtmPKLHU1iDX5OdARTnrGPgzzbIBrnjG2YPx503wX4tCPvupUHa9t6up3jCrfl +37tbToGh9eXEMJnkTiIdDJCWEFQ8n8tdjf2RrB7r7fwoqMoyBNkre9BXHFmBk0FW +NeFovSRhm43U3jme0eG5Faa/Wnov5cK4wBbs3Dz/5I72P5SmFKN9cAc0O9yM4ha8 +mJEg1GAdU+7JHFKdp9zUJHEFk3H22Poguv5rD5c9S0uEuY8xUIOR+Ml5Rj1iaU4J +hw== -----END CERTIFICATE----- Certificate: @@ -108,30 +108,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c5:bf:ce:e4:8e:d2:b9:92:d9:78:eb:36:78:b0: - d4:2b:a9:22:cd:83:57:58:a2:0f:5b:e5:c8:e4:f4: - d6:41:2c:1f:5a:08:6b:12:7b:f6:8f:39:44:0f:f4: - d2:3e:56:cd:63:87:13:b1:88:1a:da:f1:13:2f:4a: - d0:76:78:61:6f:71:08:e0:0c:a2:9a:6a:6b:c7:8c: - 81:6f:e1:ea:22:09:83:fd:09:53:78:f0:1d:4e:f7: - b3:17:17:7e:fc:dc:a5:21:83:7f:46:8c:81:af:07: - 68:91:14:54:43:bf:d2:85:fa:58:91:61:cc:87:bc: - 8d:b3:97:c1:a5:42:de:73:49:29:c9:0c:48:92:15: - d9:0e:6b:3d:4a:4c:50:c6:8b:a5:69:6c:b2:2f:02: - 9e:0a:4f:27:1a:d0:1c:0e:b8:d9:fc:a7:62:92:69: - 0c:40:ec:49:3b:59:a5:38:fc:8e:cb:2f:91:9f:09: - 76:2c:b8:d4:25:7e:83:71:56:89:29:2c:a3:d8:bf: - 95:70:99:f5:cb:20:df:fa:fd:b8:89:e6:42:82:a9: - 01:d8:e0:42:f2:d2:c3:78:26:cc:fb:05:30:90:a0: - 83:bd:ce:b3:6d:bb:01:ae:84:aa:71:4f:d9:37:38: - 7e:07:35:6f:ed:88:c7:52:17:38:ac:c6:44:b5:fe: - 4a:b3 + 00:d4:d2:58:5a:24:b9:9d:c4:07:62:ed:0a:24:09: + 46:d4:97:a8:e1:e6:fa:c2:8d:ba:31:da:ea:95:6f: + ca:79:cc:10:08:cd:8e:5d:33:eb:04:40:94:7a:15: + 94:71:fe:50:73:ea:a0:41:e6:bf:93:aa:7f:60:c2: + e6:55:1a:24:ce:b5:f9:5f:ad:f7:90:b5:49:1c:30: + 45:ad:ed:12:d3:b0:9d:de:03:33:01:a6:c0:12:4e: + 96:13:d7:9f:b0:69:67:b9:cf:d5:a9:ce:9d:7c:4e: + 5f:0d:7b:d1:a4:65:93:12:22:42:e8:02:9f:18:0b: + 03:af:1f:3c:b1:e0:ac:a7:a7:87:b1:22:c1:c9:fe: + 1d:81:13:dd:e7:d9:21:68:86:6a:06:13:82:73:e5: + 78:78:e0:99:76:75:38:68:73:cb:8b:33:25:53:72: + d1:58:f0:40:64:36:03:32:1d:72:c3:8c:ef:de:76: + 07:df:9a:b7:b9:4c:10:94:fb:c8:7b:69:ba:d3:a9: + 1a:21:8c:f7:c5:b3:b1:1b:72:44:10:8c:dd:c3:76: + 36:e5:ce:a8:a0:29:1b:fa:47:0c:e3:89:f2:44:84: + cc:88:0f:48:09:c9:0e:1e:a9:ee:a7:55:ba:5a:6f: + 78:66:d8:bd:4d:9c:d5:52:95:83:b1:80:b5:af:ce: + f5:73 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - E5:AE:8F:CC:87:F7:B5:85:86:1E:4B:A6:CF:FC:B9:CA:10:C8:79:90 + 45:32:A9:37:50:F0:A0:A1:8E:02:EB:8B:34:65:28:12:3F:FB:6A:18 X509v3 Authority Key Identifier: - keyid:0F:59:3C:0D:B8:B1:5B:C5:96:9D:B4:E8:4F:CF:4B:A6:B3:AD:33:E7 + keyid:E5:37:1E:E2:93:2C:94:BA:7F:8B:6E:2F:75:D5:0D:D8:0A:D2:96:12 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -144,40 +144,40 @@ Certificate: X509v3 Key Usage: critical Certificate Sign, CRL Sign Signature Algorithm: sha256WithRSAEncryption - 12:11:99:0b:59:f6:cd:61:bf:99:bc:25:83:b2:e7:4b:42:ec: - ee:1d:03:3b:cf:5d:76:95:19:2c:d1:41:d0:f6:5c:08:9d:6f: - 66:50:07:ea:07:fa:88:01:96:05:39:8d:6a:e0:34:27:1e:a2: - 80:c2:9b:91:ba:17:35:49:ef:8c:42:9d:59:ac:42:3f:52:fa: - ef:5f:51:aa:3a:dc:b6:ee:d6:8c:20:89:de:36:7d:a2:e2:ff: - eb:13:9d:dc:99:d1:62:33:c5:82:19:12:18:d4:94:5b:5f:c4: - f7:74:55:f0:be:fa:0e:4d:7a:01:7e:53:b3:2d:4d:09:b6:7b: - 8e:0a:7c:3e:b9:39:a1:ee:b6:3d:3f:e8:4a:b0:1d:e4:ee:7b: - 96:75:19:b5:71:6a:ae:e0:af:14:59:9f:fc:2b:13:dd:70:c9: - da:dd:a9:3c:14:3e:f1:69:3b:ce:42:b4:c5:3f:12:f8:37:eb: - bf:0c:9d:48:a4:6e:4c:9f:e7:3c:4f:a5:91:32:8b:7f:2e:5f: - e7:bf:bc:f4:a0:5f:43:f7:3a:1f:78:a3:0e:8e:c0:46:16:9e: - 58:6a:0f:7e:e0:69:af:94:ec:bc:3a:7f:8b:44:ef:19:f8:14: - 16:a4:1d:bd:49:c6:96:da:ba:11:a8:bc:36:11:c7:ad:ab:e0: - a5:e2:05:77 + 9f:e2:34:01:15:93:a9:8f:17:75:32:29:ef:47:20:dd:fc:d7: + b6:5f:14:01:44:31:03:a4:24:72:63:c9:ac:0b:89:8b:b9:8e: + b4:f7:a5:6c:f1:e3:0e:41:e8:a3:2a:db:29:39:81:bc:0c:ca: + 26:99:05:d2:af:e4:66:f4:b4:31:43:ae:6e:0b:ed:3d:a0:cc: + a8:ad:82:aa:f6:d3:fd:be:8a:8a:17:f9:b1:d4:45:6d:bd:a5: + a9:79:f9:c1:d0:fb:d3:77:77:43:29:fd:ad:8a:a3:72:6b:0b: + 9f:71:b8:cb:35:23:32:5a:79:18:6e:9b:20:d5:af:ff:a4:97: + f5:ab:dc:46:6c:9a:a3:2d:15:18:02:11:94:de:8f:ba:11:09: + ab:3c:26:7d:2e:99:21:56:5a:6e:3c:db:74:b7:5e:40:bd:73: + 4f:1d:25:15:db:83:62:a8:94:27:4b:0c:89:7e:c9:6f:07:23: + c3:8f:88:30:51:de:b0:9c:89:35:04:8c:0f:b4:02:e1:b6:fc: + 16:15:f5:9a:ad:46:39:99:fd:f6:60:16:89:86:2e:c1:8a:6c: + 80:42:ea:85:94:60:f6:42:e0:12:da:3c:db:1b:a3:bd:5e:e0: + 8f:7c:c2:56:54:94:8a:d4:bf:25:a3:09:bf:2f:d1:f0:05:bf: + d0:ae:df:13 -----BEGIN CERTIFICATE----- MIIDXDCCAkSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxb/O5I7S -uZLZeOs2eLDUK6kizYNXWKIPW+XI5PTWQSwfWghrEnv2jzlED/TSPlbNY4cTsYga -2vETL0rQdnhhb3EI4Ayimmprx4yBb+HqIgmD/QlTePAdTvezFxd+/NylIYN/RoyB -rwdokRRUQ7/ShfpYkWHMh7yNs5fBpULec0kpyQxIkhXZDms9SkxQxoulaWyyLwKe -Ck8nGtAcDrjZ/KdikmkMQOxJO1mlOPyOyy+Rnwl2LLjUJX6DcVaJKSyj2L+VcJn1 -yyDf+v24ieZCgqkB2OBC8tLDeCbM+wUwkKCDvc6zbbsBroSqcU/ZNzh+BzVv7YjH -Uhc4rMZEtf5KswIDAQABo4G6MIG3MB0GA1UdDgQWBBTlro/Mh/e1hYYeS6bP/LnK -EMh5kDAfBgNVHSMEGDAWgBQPWTwNuLFbxZadtOhPz0ums60z5zA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NJYWiS5 +ncQHYu0KJAlG1Jeo4eb6wo26MdrqlW/KecwQCM2OXTPrBECUehWUcf5Qc+qgQea/ +k6p/YMLmVRokzrX5X633kLVJHDBFre0S07Cd3gMzAabAEk6WE9efsGlnuc/Vqc6d +fE5fDXvRpGWTEiJC6AKfGAsDrx88seCsp6eHsSLByf4dgRPd59khaIZqBhOCc+V4 +eOCZdnU4aHPLizMlU3LRWPBAZDYDMh1yw4zv3nYH35q3uUwQlPvIe2m606kaIYz3 +xbOxG3JEEIzdw3Y25c6ooCkb+kcM44nyRITMiA9ICckOHqnup1W6Wm94Zti9TZzV +UpWDsYC1r871cwIDAQABo4G6MIG3MB0GA1UdDgQWBBRFMqk3UPCgoY4C64s0ZSgS +P/tqGDAfBgNVHSMEGDAWgBTlNx7ikyyUun+Lbi911Q3YCtKWEjA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD -VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQASEZkLWfbNYb+ZvCWDsudL -QuzuHQM7z112lRks0UHQ9lwInW9mUAfqB/qIAZYFOY1q4DQnHqKAwpuRuhc1Se+M -Qp1ZrEI/UvrvX1GqOty27taMIIneNn2i4v/rE53cmdFiM8WCGRIY1JRbX8T3dFXw -vvoOTXoBflOzLU0JtnuOCnw+uTmh7rY9P+hKsB3k7nuWdRm1cWqu4K8UWZ/8KxPd -cMna3ak8FD7xaTvOQrTFPxL4N+u/DJ1IpG5Mn+c8T6WRMot/Ll/nv7z0oF9D9zof -eKMOjsBGFp5Yag9+4GmvlOy8On+LRO8Z+BQWpB29ScaW2roRqLw2Ecetq+Cl4gV3 +VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCf4jQBFZOpjxd1MinvRyDd +/Ne2XxQBRDEDpCRyY8msC4mLuY6096Vs8eMOQeijKtspOYG8DMommQXSr+Rm9LQx +Q65uC+09oMyorYKq9tP9voqKF/mx1EVtvaWpefnB0PvTd3dDKf2tiqNyawufcbjL +NSMyWnkYbpsg1a//pJf1q9xGbJqjLRUYAhGU3o+6EQmrPCZ9LpkhVlpuPNt0t15A +vXNPHSUV24NiqJQnSwyJfslvByPDj4gwUd6wnIk1BIwPtALhtvwWFfWarUY5mf32 +YBaJhi7BimyAQuqFlGD2QuAS2jzbG6O9XuCPfMJWVJSK1L8lowm/L9HwBb/Qrt8T -----END CERTIFICATE----- Certificate: @@ -194,30 +194,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c3:da:da:10:95:78:5c:73:c8:43:66:41:23:8e: - 3e:3f:a1:00:57:de:60:d9:2a:84:57:85:08:c6:60: - 79:65:2d:51:c9:93:c1:e7:fa:5b:1a:eb:6f:79:44: - d5:71:f6:bd:f4:8c:86:0b:d9:e3:49:dd:a6:f3:5d: - 48:8a:25:4a:2a:20:80:c1:83:da:b8:c5:e0:20:de: - 40:67:bc:22:38:51:72:df:e3:b7:82:aa:47:ed:c9: - 74:a0:82:97:71:35:a8:2f:73:01:86:56:43:e8:88: - 42:f9:cc:9b:69:71:09:45:8c:39:82:14:db:2e:08: - 17:85:96:c5:69:46:73:55:9b:d8:12:4b:5f:32:70: - cc:52:4e:7e:77:94:78:0e:f4:dd:40:ff:d7:3b:cc: - f7:df:a9:a7:a1:a3:a3:4e:25:c8:e4:68:1c:e3:90: - c2:c5:bb:66:3a:c1:8b:e3:1b:df:b9:8c:0c:9a:3a: - 6a:a9:8e:8d:b3:54:49:14:af:28:51:29:b2:5b:7b: - 68:34:4c:f3:bb:a5:5d:51:0b:99:6b:b1:fe:b3:16: - d1:ef:2f:18:ee:8a:f8:05:9b:df:0d:92:3a:e0:62: - 7b:1d:bc:fb:60:45:ce:f9:e0:46:f6:16:39:08:a7: - 68:b5:da:e5:9f:7c:db:07:15:dc:47:e6:5d:a3:8c: - 06:7b + 00:a9:f3:a8:48:50:46:fe:b1:fa:ee:af:1a:5c:c1: + f2:d0:e1:f9:d1:b4:8e:82:c7:91:d2:eb:1e:06:ba: + 27:e5:3e:d5:ae:c7:1c:3f:a6:b9:48:05:c4:90:57: + 23:ab:2a:01:cd:ca:7f:df:8c:b6:2e:6f:83:88:e9: + 8e:f3:b0:e8:97:9a:91:cd:ad:d0:ef:fb:4b:d7:61: + bd:f1:5d:00:97:70:5b:95:1e:6d:3c:a7:03:2b:ec: + 29:cc:b6:ed:b1:e2:9a:db:38:ce:73:02:19:3f:20: + 03:70:cd:88:29:f9:ad:40:f7:16:0b:b4:93:9b:ac: + 13:da:bb:39:e9:2f:2f:17:39:1a:27:47:75:cd:0a: + 81:a2:e5:a8:58:e7:08:15:a3:33:86:0e:b9:ba:90: + 23:3b:2a:2a:ed:04:d7:80:85:51:d8:dd:ba:d0:96: + 34:ef:8c:21:19:ce:cd:0a:9e:fc:ab:3d:ed:69:d1: + 4b:d2:2b:1f:77:5c:74:96:d7:25:ce:02:e0:49:ed: + 18:ee:c4:37:d1:e5:f5:a2:5c:ae:c9:fe:2b:cd:68: + a6:a5:31:9a:76:5e:a2:10:be:aa:14:ca:57:c3:31: + ac:92:bd:9b:53:df:69:8f:e2:26:85:36:20:27:f5: + 60:fb:66:6d:9b:a7:ec:f8:e4:1a:df:a2:38:ee:ef: + 3c:d1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 0F:59:3C:0D:B8:B1:5B:C5:96:9D:B4:E8:4F:CF:4B:A6:B3:AD:33:E7 + E5:37:1E:E2:93:2C:94:BA:7F:8B:6E:2F:75:D5:0D:D8:0A:D2:96:12 X509v3 Authority Key Identifier: - keyid:0F:59:3C:0D:B8:B1:5B:C5:96:9D:B4:E8:4F:CF:4B:A6:B3:AD:33:E7 + keyid:E5:37:1E:E2:93:2C:94:BA:7F:8B:6E:2F:75:D5:0D:D8:0A:D2:96:12 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -232,41 +232,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 3e:f9:8e:c2:1a:d7:ea:b1:71:03:6d:6d:a9:de:e9:45:1d:ab: - a3:26:4c:95:4b:15:ad:9d:be:94:aa:20:57:83:b2:32:96:06: - c1:37:9a:6a:18:41:ad:13:3b:52:23:a1:0a:1f:fc:8c:fa:3b: - 88:43:d1:5e:1e:59:80:06:a5:0a:5e:95:66:3d:3d:cb:4a:b4: - 38:77:a6:fa:04:29:e8:c1:b8:b5:f7:49:07:ae:53:dd:62:64: - 3c:70:4c:64:b5:54:84:4d:04:3f:6d:86:80:9d:e2:2b:a4:88: - 1c:38:74:fc:83:c3:60:c8:86:64:f5:d7:29:f7:e4:8e:02:a9: - 47:a6:e1:46:0f:c4:b5:22:59:f1:a7:1b:ae:86:7c:70:32:d4: - 8c:19:7f:a7:6d:82:0b:f3:42:37:02:b5:3d:f3:41:d5:7d:67: - 97:80:78:9a:e2:06:54:18:bc:b0:7f:5d:77:15:bb:89:cb:4d: - 29:0c:02:ab:b3:b7:40:44:3a:2c:4a:2e:54:43:7f:ff:b0:5f: - da:c5:5f:38:0e:ce:4e:18:ed:f3:f9:99:f0:7c:01:69:ca:0e: - 15:85:1e:ff:b7:2d:04:6c:3b:5b:f9:7f:70:bc:0c:ac:16:b7: - d1:b4:f1:74:84:ad:73:e7:9f:c7:c9:ea:93:d9:f1:c6:a7:59: - bf:92:4e:ec + 37:bf:03:0e:0e:78:33:e8:3d:65:48:7f:e7:10:6a:39:34:0b: + ae:00:da:ac:75:21:b5:35:f5:92:c5:43:3f:18:54:0b:bb:17: + 79:99:b2:95:57:22:2b:b3:69:76:f9:28:9f:fa:3c:c2:5b:b0: + bb:3a:6c:eb:7f:a2:3b:60:c7:4d:4a:a8:b8:04:52:9c:10:e6: + 40:48:86:11:0f:55:1f:bc:22:3e:e8:93:f5:57:17:06:5d:71: + bc:7f:da:a6:cd:4d:76:c5:e1:81:2c:95:6b:f6:cc:f4:b0:f2: + 44:24:37:fa:fe:ac:ef:a5:a1:d7:05:87:07:0e:40:46:c8:78: + 57:e1:6d:a2:3d:56:d1:df:e5:a9:e0:63:24:4b:8f:5a:c1:41: + 7e:55:7f:89:6b:45:76:6e:c1:d1:0f:e2:a2:25:2b:56:c6:50: + 09:f6:2c:91:11:f2:35:43:ad:22:c5:af:7b:98:28:56:c3:bc: + 09:59:61:aa:f3:02:a4:19:be:25:8b:d5:55:f3:e0:98:46:1e: + 8f:f5:02:4f:dc:e7:41:2a:69:a8:7e:a5:13:68:31:d3:eb:69: + b6:52:fe:b5:df:a7:33:f2:c9:f3:fd:f9:a2:72:68:f0:0c:5b: + 77:9b:f0:27:88:29:fd:3b:81:4d:9b:5c:d9:82:8c:e8:0f:71: + e2:5f:c9:73 -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPa2hCVeFxzyENmQSOO -Pj+hAFfeYNkqhFeFCMZgeWUtUcmTwef6Wxrrb3lE1XH2vfSMhgvZ40ndpvNdSIol -SioggMGD2rjF4CDeQGe8IjhRct/jt4KqR+3JdKCCl3E1qC9zAYZWQ+iIQvnMm2lx -CUWMOYIU2y4IF4WWxWlGc1Wb2BJLXzJwzFJOfneUeA703UD/1zvM99+pp6Gjo04l -yORoHOOQwsW7ZjrBi+Mb37mMDJo6aqmOjbNUSRSvKFEpslt7aDRM87ulXVELmWux -/rMW0e8vGO6K+AWb3w2SOuBiex28+2BFzvngRvYWOQinaLXa5Z982wcV3EfmXaOM -BnsCAwEAAaOByzCByDAdBgNVHQ4EFgQUD1k8DbixW8WWnbToT89LprOtM+cwHwYD -VR0jBBgwFoAUD1k8DbixW8WWnbToT89LprOtM+cwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKnzqEhQRv6x+u6vGlzB +8tDh+dG0joLHkdLrHga6J+U+1a7HHD+muUgFxJBXI6sqAc3Kf9+Mti5vg4jpjvOw +6Jeakc2t0O/7S9dhvfFdAJdwW5UebTynAyvsKcy27bHimts4znMCGT8gA3DNiCn5 +rUD3Fgu0k5usE9q7OekvLxc5GidHdc0KgaLlqFjnCBWjM4YOubqQIzsqKu0E14CF +UdjdutCWNO+MIRnOzQqe/Ks97WnRS9IrH3dcdJbXJc4C4EntGO7EN9Hl9aJcrsn+ +K81opqUxmnZeohC+qhTKV8MxrJK9m1PfaY/iJoU2ICf1YPtmbZun7PjkGt+iOO7v +PNECAwEAAaOByzCByDAdBgNVHQ4EFgQU5Tce4pMslLp/i24vddUN2ArSlhIwHwYD +VR0jBBgwFoAU5Tce4pMslLp/i24vddUN2ArSlhIwNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA++Y7CGtfq -sXEDbW2p3ulFHaujJkyVSxWtnb6UqiBXg7IylgbBN5pqGEGtEztSI6EKH/yM+juI -Q9FeHlmABqUKXpVmPT3LSrQ4d6b6BCnowbi190kHrlPdYmQ8cExktVSETQQ/bYaA -neIrpIgcOHT8g8NgyIZk9dcp9+SOAqlHpuFGD8S1IlnxpxuuhnxwMtSMGX+nbYIL -80I3ArU980HVfWeXgHia4gZUGLywf113FbuJy00pDAKrs7dARDosSi5UQ3//sF/a -xV84Ds5OGO3z+ZnwfAFpyg4VhR7/ty0EbDtb+X9wvAysFrfRtPF0hK1z55/HyeqT -2fHGp1m/kk7s +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA3vwMODngz +6D1lSH/nEGo5NAuuANqsdSG1NfWSxUM/GFQLuxd5mbKVVyIrs2l2+Sif+jzCW7C7 +Omzrf6I7YMdNSqi4BFKcEOZASIYRD1UfvCI+6JP1VxcGXXG8f9qmzU12xeGBLJVr +9sz0sPJEJDf6/qzvpaHXBYcHDkBGyHhX4W2iPVbR3+Wp4GMkS49awUF+VX+Ja0V2 +bsHRD+KiJStWxlAJ9iyREfI1Q60ixa97mChWw7wJWWGq8wKkGb4li9VV8+CYRh6P +9QJP3OdBKmmofqUTaDHT62m2Uv6136cz8snz/fmicmjwDFt3m/AniCn9O4FNm1zZ +gozoD3HiX8lz -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -279,10 +279,15 @@ FAIL RkFJTA== -----END VERIFY_RESULT----- -[Context] Processing Certificate - index: 0 - [Error] Does not have Basic Constraints +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Does not have Basic Constraints + -----BEGIN ERRORS----- -W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMAogICAgICBbRXJyb3JdIERvZXMgbm90IGhhdmUgQmFzaWMgQ29uc3RyYWludHMK +LS0tLS0gQ2VydGlmaWNhdGUgaT0xIChDTj1JbnRlcm1lZGlhdGUpIC0tLS0tCkVSUk9SOiBEb2VzIG5vdCBoYXZlIEJhc2ljIENvbnN0cmFpbnRzCgo= -----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage.pem b/chromium/net/data/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage.pem index eea8741f725..2cb3c7215b5 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/intermediate-lacks-signing-key-usage.pem @@ -18,30 +18,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:a3:21:17:35:c0:77:f1:a3:51:77:11:45:3e:92: - 5f:97:65:eb:99:cc:26:e2:8c:f8:4a:d8:3d:71:17: - a2:eb:6a:cf:2f:07:a8:fa:27:c1:f8:c5:50:22:42: - a2:6f:92:4b:67:c3:0c:a7:ec:35:87:05:ac:eb:e3: - 27:cd:62:3d:c4:2e:80:f6:2a:af:31:05:c7:1b:0f: - 3b:71:6d:90:77:0d:b4:48:e7:26:2e:4a:44:af:bb: - 76:e0:62:ec:e6:61:cc:5b:61:ea:03:ce:4d:46:d0: - 96:e2:d5:d9:67:6f:0c:f2:06:e3:9a:14:04:68:82: - 88:d6:8b:c1:7f:fb:81:8c:e6:dc:88:20:f7:53:ef: - d5:56:5b:5e:00:b3:5b:e8:ce:d0:d2:6a:ed:b8:4a: - f2:4b:56:fb:63:75:d4:6b:a3:8a:d4:3f:e6:9e:29: - 1b:a7:23:61:ba:f0:d6:19:fb:8c:ad:40:2f:7c:14: - 36:0f:4b:f1:6e:f0:b8:6e:7d:cc:82:11:63:48:15: - 2f:34:00:99:cd:be:b4:1a:be:d8:73:38:00:ac:c1: - 09:41:a2:c4:ec:74:69:15:52:c4:45:2d:20:ff:b5: - ce:d0:41:be:a2:b2:4d:ef:a7:3b:f1:df:9d:78:1a: - 9d:2c:6c:61:26:2e:f7:82:ab:50:76:6d:a3:d3:33: - 46:07 + 00:c7:f3:c9:3b:b8:fb:d0:c6:d9:9d:7e:a6:0c:37: + fb:1e:e7:a9:ec:90:b1:a2:06:2a:b0:f1:d3:81:53: + 8c:86:ea:c3:80:04:18:04:26:b0:70:4f:6b:7c:6b: + 5f:31:b8:8d:e7:8a:93:a1:9d:69:20:a9:5e:0a:13: + a1:a1:c7:7b:e9:e4:bf:d1:67:50:e4:7a:e4:db:00: + a6:cb:f6:2c:a8:47:9d:7b:9a:6e:69:86:06:a2:0d: + ad:68:86:67:ff:da:0e:a1:ae:30:57:28:27:15:f3: + 8b:b6:e2:3e:c8:30:26:6e:f4:05:ec:eb:b5:bc:cb: + 37:bc:5d:db:c2:6a:f8:4f:e5:7f:b8:f2:62:aa:59: + 3b:40:ce:40:67:7d:83:bb:66:20:a5:73:82:7e:40: + ce:87:ae:3d:36:dc:06:26:09:c9:3e:6b:13:ed:c8: + 44:ee:cf:f3:db:38:a1:ee:cd:02:94:18:7f:c6:d7: + 78:65:8d:34:bb:a3:d4:c5:27:e1:b9:b5:67:ad:fb: + 3c:ce:9a:3d:f6:c7:54:2e:7b:fa:f8:89:e9:56:2b: + e9:78:2e:02:14:2b:1a:18:e4:ce:f7:80:67:f7:0f: + 88:bc:78:70:8f:1c:d5:3f:22:3b:38:22:51:d8:fd: + 6d:93:de:05:0c:1c:a8:b7:b1:d3:a9:83:6b:8b:10: + ad:61 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 95:3C:F4:24:9F:9C:4A:CB:16:AA:A4:8A:AB:DF:D7:9D:6D:BA:AC:FA + C5:A1:CF:17:29:4F:62:DA:B7:74:71:6F:6A:89:D9:DE:45:66:A7:E4 X509v3 Authority Key Identifier: - keyid:29:73:E8:7F:69:DE:63:14:43:C6:6D:55:6C:C2:AE:84:FA:D5:FC:8C + keyid:4C:E2:EE:E5:DC:2B:D0:74:49:43:BA:6D:6B:91:6F:A3:C0:53:89:92 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -56,42 +56,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - a7:dc:31:88:64:26:72:62:34:8d:3a:75:7a:71:d4:ae:7a:2c: - f4:2d:44:e9:e9:e8:c5:4d:79:b2:dc:12:ea:75:60:44:cb:6e: - df:22:47:d5:ae:f6:03:dc:c4:6b:cf:90:75:29:49:50:04:e0: - 94:2a:b3:bf:d4:ae:e2:08:ad:52:22:65:91:33:09:79:cf:c9: - 27:9b:52:dd:a8:0d:f5:21:b6:58:c4:5f:1b:79:72:69:7a:7b: - 49:7d:64:67:d0:d6:1c:21:fe:e9:ae:39:1c:b4:3f:f2:f6:6d: - 7e:30:15:76:a3:af:eb:43:c0:ed:f3:8a:bc:48:5c:47:fc:44: - 09:da:7d:9a:20:f1:e2:1d:4d:40:34:0c:e1:68:16:9e:47:57: - 1a:6a:19:e4:b2:6e:dd:7c:69:5f:b8:2b:bd:e7:cb:e4:9c:9c: - 79:e1:a5:b3:82:a1:c9:5b:fd:73:d6:a8:1d:1d:d8:31:d6:37: - 00:e9:7a:d2:a2:ee:c0:42:21:22:da:70:6e:a8:8c:fa:0c:24: - c9:70:4b:49:0a:c1:db:35:f2:71:d7:30:41:a7:6b:05:92:c6: - cd:8c:d4:de:c2:6b:aa:b8:70:d2:fa:cf:9a:01:af:34:80:95: - ad:ab:59:86:f2:56:6d:d8:43:95:24:e3:f7:7b:b9:83:89:ed: - e7:7a:2f:35 + 16:ce:d2:ca:93:02:19:26:32:7b:da:3d:66:36:c1:4e:53:00: + 46:c7:47:21:a7:fc:f1:af:e8:1f:d5:79:31:7f:6e:e3:25:60: + 93:97:16:8e:9b:d7:05:08:8e:5d:f0:a0:c4:13:b3:a0:7f:25: + ed:fb:df:cd:96:52:12:84:24:d6:01:a2:86:3a:40:42:cf:f8: + 1c:f3:7d:ae:41:46:01:ec:b3:7d:55:62:a0:d8:bb:0d:77:08: + 4c:0d:b7:61:dd:f5:4b:da:c5:5a:35:21:b1:d2:b6:a3:f1:2e: + fd:f8:6b:b5:53:4f:ba:aa:b0:40:e2:42:01:4d:03:40:fb:d1: + ea:d1:b9:b4:d0:bc:58:9e:65:20:ae:77:58:a7:3f:5e:b7:fe: + b8:aa:93:56:b3:40:2f:e0:a8:4a:70:76:d7:a6:c2:a5:1e:c5: + a2:4f:af:87:57:1b:99:33:82:42:b0:42:62:7a:00:b3:76:0f: + 96:b5:b4:db:77:85:bb:d8:8e:4d:ca:1f:10:19:b3:91:d1:09: + 1c:f0:e5:7b:87:fe:6f:82:94:ab:81:66:68:5d:00:44:a6:3f: + 66:c9:1a:fe:05:73:19:91:8f:be:75:e9:53:38:3c:75:d0:9d: + 12:91:b6:9a:95:e8:87:4e:d2:73:63:8a:80:7e:04:70:4c:58: + b0:ef:fa:56 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjIRc1 -wHfxo1F3EUU+kl+XZeuZzCbijPhK2D1xF6Lras8vB6j6J8H4xVAiQqJvkktnwwyn -7DWHBazr4yfNYj3ELoD2Kq8xBccbDztxbZB3DbRI5yYuSkSvu3bgYuzmYcxbYeoD -zk1G0Jbi1dlnbwzyBuOaFARogojWi8F/+4GM5tyIIPdT79VWW14As1voztDSau24 -SvJLVvtjddRro4rUP+aeKRunI2G68NYZ+4ytQC98FDYPS/Fu8LhufcyCEWNIFS80 -AJnNvrQavthzOACswQlBosTsdGkVUsRFLSD/tc7QQb6isk3vpzvx3514Gp0sbGEm -LveCq1B2baPTM0YHAgMBAAGjgekwgeYwHQYDVR0OBBYEFJU89CSfnErLFqqkiqvf -151tuqz6MB8GA1UdIwQYMBaAFClz6H9p3mMUQ8ZtVWzCroT61fyMMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH88k7 +uPvQxtmdfqYMN/se56nskLGiBiqw8dOBU4yG6sOABBgEJrBwT2t8a18xuI3nipOh +nWkgqV4KE6Ghx3vp5L/RZ1DkeuTbAKbL9iyoR517mm5phgaiDa1ohmf/2g6hrjBX +KCcV84u24j7IMCZu9AXs67W8yze8XdvCavhP5X+48mKqWTtAzkBnfYO7ZiClc4J+ +QM6Hrj023AYmCck+axPtyETuz/PbOKHuzQKUGH/G13hljTS7o9TFJ+G5tWet+zzO +mj32x1Que/r4ielWK+l4LgIUKxoY5M73gGf3D4i8eHCPHNU/Ijs4IlHY/W2T3gUM +HKi3sdOpg2uLEK1hAgMBAAGjgekwgeYwHQYDVR0OBBYEFMWhzxcpT2Lat3Rxb2qJ +2d5FZqfkMB8GA1UdIwQYMBaAFEzi7uXcK9B0SUO6bWuRb6PAU4mSMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAp9wxiGQmcmI0jTp1enHU -rnos9C1E6enoxU15stwS6nVgRMtu3yJH1a72A9zEa8+QdSlJUATglCqzv9Su4git -UiJlkTMJec/JJ5tS3agN9SG2WMRfG3lyaXp7SX1kZ9DWHCH+6a45HLQ/8vZtfjAV -dqOv60PA7fOKvEhcR/xECdp9miDx4h1NQDQM4WgWnkdXGmoZ5LJu3XxpX7grvefL -5JyceeGls4KhyVv9c9aoHR3YMdY3AOl60qLuwEIhItpwbqiM+gwkyXBLSQrB2zXy -cdcwQadrBZLGzYzU3sJrqrhw0vrPmgGvNICVratZhvJWbdhDlSTj93u5g4nt53ov -NQ== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAFs7SypMCGSYye9o9ZjbB +TlMARsdHIaf88a/oH9V5MX9u4yVgk5cWjpvXBQiOXfCgxBOzoH8l7fvfzZZSEoQk +1gGihjpAQs/4HPN9rkFGAeyzfVVioNi7DXcITA23Yd31S9rFWjUhsdK2o/Eu/fhr +tVNPuqqwQOJCAU0DQPvR6tG5tNC8WJ5lIK53WKc/Xrf+uKqTVrNAL+CoSnB216bC +pR7Fok+vh1cbmTOCQrBCYnoAs3YPlrW023eFu9iOTcofEBmzkdEJHPDle4f+b4KU +q4FmaF0ARKY/Zska/gVzGZGPvnXpUzg8ddCdEpG2mpXoh07Sc2OKgH4EcExYsO/6 +Vg== -----END CERTIFICATE----- Certificate: @@ -108,30 +108,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:cf:bd:56:f0:dc:36:bc:a8:05:9b:fd:e3:c1:86: - da:96:c5:0b:b0:7f:fd:e5:6d:f4:df:44:46:82:ed: - 45:60:4b:5d:c6:27:5a:d8:f1:3c:28:a5:eb:3f:a9: - 5f:bc:b2:a9:20:fe:09:fa:39:76:5f:2a:91:b2:ef: - c9:47:70:c9:d0:ce:66:57:25:d0:72:12:c5:2a:ab: - 5c:bc:b3:9a:ba:c8:e9:cb:81:6a:16:f1:7d:a9:9f: - e8:9a:0a:47:29:53:34:f7:99:70:14:c6:63:4c:aa: - ba:96:7c:78:c4:11:d1:cc:3b:35:56:e8:7f:41:9c: - 41:69:d2:b0:dd:36:00:ed:dd:a2:bd:e2:56:29:c5: - 8d:4e:7b:71:fb:f5:a1:7b:37:df:d2:66:d4:fe:c8: - 24:6d:a3:c4:43:e9:d3:3e:e3:08:78:95:e9:86:e3: - 73:09:f9:04:fe:1a:25:19:5b:7c:a8:da:62:05:aa: - 56:1b:2a:d4:33:ff:4f:a2:fe:34:90:ec:e9:94:f5: - 0a:92:e9:b3:bf:c4:d3:78:80:0a:5e:4e:11:58:94: - 66:a8:52:b8:6e:49:64:cb:45:ee:7c:46:80:d7:3d: - 40:df:9e:69:54:ce:a5:7f:db:6b:73:42:c5:9c:6e: - 7c:b6:9f:ac:b9:8c:cd:7f:da:00:7b:3b:c2:dd:4d: - 44:c7 + 00:c9:5c:c0:66:3d:c7:72:ee:18:23:d7:56:80:3c: + b2:c2:57:81:a3:74:9c:05:07:e7:1a:70:ba:0c:08: + fc:14:db:52:16:03:2b:90:bb:01:1a:61:65:52:19: + 8a:9b:08:2e:ed:00:29:31:a3:8a:7b:30:32:89:cb: + 3d:4e:1e:a2:4c:f6:21:ff:5e:02:9c:7f:7a:e0:0d: + 1c:cb:d7:e9:ee:9e:64:3f:b3:ca:17:79:c1:36:9d: + 51:87:06:2d:c1:f4:28:f2:8b:49:a9:d2:12:89:b4: + 60:60:65:00:6f:09:83:f8:95:94:ca:8c:70:2d:1d: + e0:7b:42:fc:53:4b:40:8c:d3:67:a1:2c:0a:c7:53: + 8a:af:31:91:5b:12:cd:4b:d0:19:11:22:cc:82:94: + 10:89:f0:b2:ae:f0:11:6e:91:bb:a5:77:89:c9:fd: + 37:ea:b0:09:9a:7a:bf:7b:e9:d5:f5:56:13:af:b3: + d9:3f:c4:90:5a:b1:ed:ee:de:6f:86:16:61:f6:2d: + 15:c9:6e:94:f2:72:58:e7:5e:ab:f1:2a:42:b1:6c: + c7:cd:fd:b1:2d:48:e0:b3:c4:09:e6:bd:e1:f9:3b: + 1b:a5:5c:dc:0d:b9:40:2d:55:af:70:b2:01:cf:83: + 35:85:4f:b4:a9:fc:33:f3:3c:f7:30:0c:c0:c5:22: + 05:85 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 29:73:E8:7F:69:DE:63:14:43:C6:6D:55:6C:C2:AE:84:FA:D5:FC:8C + 4C:E2:EE:E5:DC:2B:D0:74:49:43:BA:6D:6B:91:6F:A3:C0:53:89:92 X509v3 Authority Key Identifier: - keyid:77:B3:BD:49:4D:67:D0:7E:4F:67:C3:26:C7:1E:66:42:F9:6D:E4:08 + keyid:CC:94:41:CF:A9:F7:C7:58:7C:37:E3:C5:37:29:9B:12:B3:DF:D5:3B Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -146,41 +146,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - ad:b2:08:36:77:a1:da:aa:e4:31:7d:a8:61:03:be:0a:86:a2: - 15:3b:08:bb:c8:86:eb:f8:52:c0:63:27:db:5c:25:16:98:05: - b1:84:dc:12:74:ce:25:a6:2e:be:32:2c:1f:0a:04:4e:9e:bb: - a1:b6:34:ef:20:2d:a3:fe:cc:b3:40:2e:75:9c:2d:c3:c0:e7: - 8e:aa:9f:18:60:a9:61:18:4f:a5:d8:3d:c7:d3:09:62:6c:b8: - 5a:99:3b:34:70:7b:7d:61:cc:f8:c9:71:97:2c:59:96:d2:1a: - c5:4e:ce:df:65:cf:18:05:bd:9f:bc:86:ba:16:55:79:58:d8: - f7:32:44:b6:59:32:9f:5d:ef:04:25:2a:2d:54:36:9e:62:0f: - c4:df:1c:10:64:02:ba:64:f2:ea:3d:cc:5c:ea:2e:4d:72:fa: - e9:72:0f:77:af:5d:1e:32:b9:64:7c:c5:b2:77:36:64:e5:ba: - d0:a0:8c:97:7d:b3:76:6c:c1:15:70:f8:0c:50:b8:3c:d4:6c: - 4f:33:32:f2:c8:b8:35:cd:80:a2:3a:49:55:ba:2e:5b:c9:9a: - b6:77:fb:0f:01:2e:72:21:bc:88:f6:e3:71:8c:68:59:f3:1b: - d8:e1:d3:e3:6c:15:5d:8d:82:a3:db:84:44:58:3e:2f:a9:88: - 56:2a:a6:4b + 69:a7:89:a0:25:d4:c9:92:31:7c:81:77:5d:69:74:e8:21:f1: + 36:60:f7:88:a7:e2:7a:31:29:86:68:3f:b2:59:b3:9e:87:66: + b7:bd:b7:7e:fa:f0:9b:96:e2:d4:65:c3:a2:fd:68:22:03:28: + f5:ea:39:0b:9a:a4:4d:1a:b5:c8:f9:80:e3:ba:58:55:6f:56: + 0e:18:51:bf:f0:a3:cb:d8:19:a8:a7:c5:53:ad:a3:29:34:ee: + 10:69:32:fd:fe:76:11:1a:5d:c2:9d:6b:a0:94:de:16:7b:b8: + 2b:94:c1:cf:ad:4f:d6:61:ff:04:db:43:71:c3:18:02:1c:ae: + 0a:e3:f2:40:b6:01:e4:ef:55:ee:59:ad:4b:16:e7:23:24:d8: + 53:01:5a:4a:27:a9:ce:af:a8:29:18:3b:0b:4a:19:3b:f0:8c: + c1:9b:cf:bc:75:8e:a3:e3:64:5d:eb:67:b7:52:42:ee:ed:a5: + d8:3d:c6:0b:37:a3:ca:16:43:1e:52:25:05:f4:b0:b3:37:35: + ea:b2:6b:06:39:f3:32:e0:82:06:22:eb:06:46:f5:3d:7b:f0: + 4f:bf:84:95:9e:ac:69:b3:be:2d:41:f2:50:94:5a:99:38:63: + 09:9c:2a:3f:8e:ab:70:ea:44:bd:80:6e:c0:20:bb:ee:de:5c: + 97:f0:57:59 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz71W8Nw2 -vKgFm/3jwYbalsULsH/95W3030RGgu1FYEtdxida2PE8KKXrP6lfvLKpIP4J+jl2 -XyqRsu/JR3DJ0M5mVyXQchLFKqtcvLOausjpy4FqFvF9qZ/omgpHKVM095lwFMZj -TKq6lnx4xBHRzDs1Vuh/QZxBadKw3TYA7d2iveJWKcWNTntx+/Whezff0mbU/sgk -baPEQ+nTPuMIeJXphuNzCfkE/holGVt8qNpiBapWGyrUM/9Pov40kOzplPUKkumz -v8TTeIAKXk4RWJRmqFK4bklky0XufEaA1z1A355pVM6lf9trc0LFnG58tp+suYzN -f9oAezvC3U1ExwIDAQABo4HLMIHIMB0GA1UdDgQWBBQpc+h/ad5jFEPGbVVswq6E -+tX8jDAfBgNVHSMEGDAWgBR3s71JTWfQfk9nwybHHmZC+W3kCDA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVzAZj3H +cu4YI9dWgDyywleBo3ScBQfnGnC6DAj8FNtSFgMrkLsBGmFlUhmKmwgu7QApMaOK +ezAyics9Th6iTPYh/14CnH964A0cy9fp7p5kP7PKF3nBNp1RhwYtwfQo8otJqdIS +ibRgYGUAbwmD+JWUyoxwLR3ge0L8U0tAjNNnoSwKx1OKrzGRWxLNS9AZESLMgpQQ +ifCyrvARbpG7pXeJyf036rAJmnq/e+nV9VYTr7PZP8SQWrHt7t5vhhZh9i0VyW6U +8nJY516r8SpCsWzHzf2xLUjgs8QJ5r3h+TsbpVzcDblALVWvcLIBz4M1hU+0qfwz +8zz3MAzAxSIFhQIDAQABo4HLMIHIMB0GA1UdDgQWBBRM4u7l3CvQdElDum1rkW+j +wFOJkjAfBgNVHSMEGDAWgBTMlEHPqffHWHw348U3KZsSs9/VOzA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgWgMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AK2yCDZ3odqq5DF9qGEDvgqGohU7CLvIhuv4UsBjJ9tcJRaYBbGE3BJ0ziWmLr4y -LB8KBE6eu6G2NO8gLaP+zLNALnWcLcPA546qnxhgqWEYT6XYPcfTCWJsuFqZOzRw -e31hzPjJcZcsWZbSGsVOzt9lzxgFvZ+8hroWVXlY2PcyRLZZMp9d7wQlKi1UNp5i -D8TfHBBkArpk8uo9zFzqLk1y+ulyD3evXR4yuWR8xbJ3NmTlutCgjJd9s3ZswRVw -+AxQuDzUbE8zMvLIuDXNgKI6SVW6LlvJmrZ3+w8BLnIhvIj243GMaFnzG9jh0+Ns -FV2NgqPbhERYPi+piFYqpks= +AGmniaAl1MmSMXyBd11pdOgh8TZg94in4noxKYZoP7JZs56HZre9t3768JuW4tRl +w6L9aCIDKPXqOQuapE0atcj5gOO6WFVvVg4YUb/wo8vYGainxVOtoyk07hBpMv3+ +dhEaXcKda6CU3hZ7uCuUwc+tT9Zh/wTbQ3HDGAIcrgrj8kC2AeTvVe5ZrUsW5yMk +2FMBWkonqc6vqCkYOwtKGTvwjMGbz7x1jqPjZF3rZ7dSQu7tpdg9xgs3o8oWQx5S +JQX0sLM3NeqyawY58zLgggYi6wZG9T178E+/hJWerGmzvi1B8lCUWpk4YwmcKj+O +q3DqRL2AbsAgu+7eXJfwV1k= -----END CERTIFICATE----- Certificate: @@ -197,30 +197,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b3:13:19:f8:ad:c0:ff:5e:86:19:9a:3c:7f:0c: - 04:81:2c:bd:c4:ee:fe:6c:bb:b5:a2:ee:08:10:bd: - bb:b6:d1:6c:0d:e7:49:6a:45:0f:0f:46:2b:b6:49: - 49:92:7d:c8:b8:81:c1:3f:70:80:39:8a:29:de:77: - f0:a3:3e:ef:8f:8d:9c:74:ca:05:c6:5f:12:fc:d4: - 4f:47:64:5d:ea:4d:84:af:f0:d0:88:ff:58:98:ad: - 7f:6f:c0:22:bc:8e:a4:44:7b:2c:d3:3e:08:45:2a: - 13:20:90:1d:b6:0b:2c:4e:a4:40:c3:76:66:6f:eb: - 5c:49:fc:1d:81:8e:a7:cc:a3:91:bd:6f:fa:22:73: - 84:35:99:08:2c:3e:8e:0b:74:a6:16:79:b3:37:2f: - 66:5c:b1:4c:55:76:af:65:9c:cc:e6:af:b0:8c:c3: - 28:24:c9:a0:f2:b4:d0:74:d3:e0:72:af:0d:86:f0: - 21:4a:9e:4a:9f:95:7b:7a:73:4c:a9:b5:0a:ac:23: - f7:63:64:88:fc:00:9b:69:23:33:1a:75:bd:6d:f6: - f2:62:c7:68:19:d0:d1:55:2c:6d:f4:41:d8:3b:79: - 41:5f:44:97:b9:8f:5a:b4:0a:12:b9:94:0e:34:c7: - a7:93:cf:dd:f1:3d:bb:0f:11:33:fc:c8:c4:76:2d: - 9e:cd + 00:cb:b8:41:ee:d5:da:d2:45:d6:49:60:20:14:fb: + 2c:a9:de:97:50:8e:1c:2f:82:c0:f5:ad:ae:58:ca: + 46:cb:e5:cc:19:4f:e3:4f:15:7f:41:d4:b7:34:f3: + 3d:da:86:6d:1a:d0:ab:f0:76:82:ea:a5:db:fb:c2: + e3:56:ac:4a:f0:33:57:d5:82:9e:72:db:2c:36:a3: + 1b:d9:b1:e6:27:1c:98:7e:42:37:b6:21:bd:5a:18: + 61:bc:6f:77:d7:0c:07:13:39:70:a1:46:08:9f:12: + 05:c9:ac:a4:57:78:b5:8f:bc:6d:ca:b2:b0:24:ff: + fd:9c:61:9f:28:2f:7e:bb:d2:e3:2a:81:ed:f5:b7: + 84:c9:be:fa:04:3c:29:e8:1f:ca:68:44:08:27:e3: + fc:ba:ce:74:19:59:c5:cd:9e:cb:a3:4a:e5:0f:d9: + 78:38:b4:8c:c8:5f:a6:93:48:13:83:cc:a9:d2:60: + 45:61:0d:00:22:84:88:ea:e3:dd:da:f0:05:c8:09: + 3a:b2:3e:5b:6e:3e:c6:18:47:ff:18:54:b6:c0:6e: + fc:df:75:4b:2f:23:30:a1:8e:e2:4b:8b:63:fc:80: + 83:62:eb:c9:a5:fe:ed:26:37:ad:59:ef:79:6a:2d: + 67:d6:f9:5c:88:5e:19:62:05:55:9a:26:e5:61:b3: + f6:65 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 77:B3:BD:49:4D:67:D0:7E:4F:67:C3:26:C7:1E:66:42:F9:6D:E4:08 + CC:94:41:CF:A9:F7:C7:58:7C:37:E3:C5:37:29:9B:12:B3:DF:D5:3B X509v3 Authority Key Identifier: - keyid:77:B3:BD:49:4D:67:D0:7E:4F:67:C3:26:C7:1E:66:42:F9:6D:E4:08 + keyid:CC:94:41:CF:A9:F7:C7:58:7C:37:E3:C5:37:29:9B:12:B3:DF:D5:3B Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -235,41 +235,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 5d:bb:5a:36:f5:74:9c:51:8c:7c:b3:e0:71:91:0d:51:59:45: - 92:b8:3c:f1:0a:42:ac:c3:c7:9f:4e:2a:61:09:7d:46:27:c7: - a6:23:09:39:39:18:9e:78:3f:94:cf:d6:44:5e:8e:9f:c4:4e: - fd:b4:ab:4f:56:ea:90:6d:4d:51:88:55:e2:56:c0:03:14:a2: - 99:d2:1d:67:03:75:6d:5c:a0:c5:5c:78:a6:c5:8e:96:6e:7a: - 4f:a1:b0:4e:29:62:92:bc:44:88:a4:72:8d:64:16:da:ff:c4: - e8:4c:d3:eb:a6:03:85:eb:a8:42:ee:ae:c0:87:f2:43:41:05: - 43:e2:d5:ad:b6:59:dd:59:51:6c:2b:77:f3:51:a9:e0:9b:3e: - ba:04:64:d3:f3:ce:59:5a:ad:b1:56:da:91:80:89:d9:62:81: - 99:9c:a4:49:24:7a:bc:91:4e:ab:86:e6:0b:76:0d:34:2d:75: - fa:7b:13:f5:b3:52:22:c1:57:7c:cd:79:0c:2b:ba:8b:87:83: - 52:59:5b:69:55:9d:c4:0a:98:b0:b0:dd:88:86:8c:28:c3:b2: - bd:35:85:b1:f0:78:6a:99:ac:63:52:08:5b:69:97:55:c0:87: - 81:be:bd:09:7f:eb:56:a9:84:9f:f6:9c:df:f2:19:41:60:f1: - 06:d1:77:38 + 33:52:cd:b6:65:6e:1c:04:7d:9f:a1:7c:13:20:9a:bf:c4:c9: + cf:f6:0f:c1:bd:1d:a6:a6:61:55:17:3d:00:80:1e:26:51:97: + 35:a7:e1:c5:a2:94:2b:a8:78:c0:d0:07:b9:07:ab:9f:80:a3: + a2:79:8f:08:c3:3d:3a:a4:00:f5:6a:06:4c:33:34:d4:32:35: + cd:d9:70:ad:91:86:00:50:c0:17:a4:ce:17:f8:b7:84:02:bd: + 75:0b:39:6f:bb:bd:0f:18:7d:f7:8e:34:e9:c3:4c:30:7b:ae: + 2f:b5:06:9a:c1:a7:ec:bd:87:13:f7:27:00:89:c7:b6:e4:f1: + 6b:76:52:7d:75:c1:7b:58:67:10:5b:96:83:b4:ab:13:ad:8a: + af:16:b2:88:78:85:9e:86:89:f6:6b:02:4b:23:38:66:8b:39: + ad:29:a6:ff:68:8d:62:a3:b0:46:e9:2e:e7:d9:01:c0:52:59: + 02:7d:d1:53:b9:8f:38:4a:f9:56:16:3e:0a:5b:b1:32:d0:2e: + a4:75:3f:ee:fc:65:60:c0:5f:ac:81:b8:e4:dd:c6:df:87:8a: + 4a:ad:4d:30:a4:59:bb:ed:66:fa:c5:e5:b8:a3:7d:4c:eb:a3: + 90:e0:03:b1:ae:35:5a:f8:29:56:9f:d7:b9:ae:79:20:4a:75: + bc:4d:9f:c8 -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALMTGfitwP9ehhmaPH8M -BIEsvcTu/my7taLuCBC9u7bRbA3nSWpFDw9GK7ZJSZJ9yLiBwT9wgDmKKd538KM+ -74+NnHTKBcZfEvzUT0dkXepNhK/w0Ij/WJitf2/AIryOpER7LNM+CEUqEyCQHbYL -LE6kQMN2Zm/rXEn8HYGOp8yjkb1v+iJzhDWZCCw+jgt0phZ5szcvZlyxTFV2r2Wc -zOavsIzDKCTJoPK00HTT4HKvDYbwIUqeSp+Ve3pzTKm1Cqwj92NkiPwAm2kjMxp1 -vW328mLHaBnQ0VUsbfRB2Dt5QV9El7mPWrQKErmUDjTHp5PP3fE9uw8RM/zIxHYt -ns0CAwEAAaOByzCByDAdBgNVHQ4EFgQUd7O9SU1n0H5PZ8Mmxx5mQvlt5AgwHwYD -VR0jBBgwFoAUd7O9SU1n0H5PZ8Mmxx5mQvlt5AgwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu4Qe7V2tJF1klgIBT7 +LKnel1COHC+CwPWtrljKRsvlzBlP408Vf0HUtzTzPdqGbRrQq/B2guql2/vC41as +SvAzV9WCnnLbLDajG9mx5iccmH5CN7YhvVoYYbxvd9cMBxM5cKFGCJ8SBcmspFd4 +tY+8bcqysCT//ZxhnygvfrvS4yqB7fW3hMm++gQ8KegfymhECCfj/LrOdBlZxc2e +y6NK5Q/ZeDi0jMhfppNIE4PMqdJgRWENACKEiOrj3drwBcgJOrI+W24+xhhH/xhU +tsBu/N91Sy8jMKGO4kuLY/yAg2LryaX+7SY3rVnveWotZ9b5XIheGWIFVZom5WGz +9mUCAwEAAaOByzCByDAdBgNVHQ4EFgQUzJRBz6n3x1h8N+PFNymbErPf1TswHwYD +VR0jBBgwFoAUzJRBz6n3x1h8N+PFNymbErPf1TswNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBdu1o29XSc -UYx8s+BxkQ1RWUWSuDzxCkKsw8efTiphCX1GJ8emIwk5ORieeD+Uz9ZEXo6fxE79 -tKtPVuqQbU1RiFXiVsADFKKZ0h1nA3VtXKDFXHimxY6WbnpPobBOKWKSvESIpHKN -ZBba/8ToTNPrpgOF66hC7q7Ah/JDQQVD4tWttlndWVFsK3fzUangmz66BGTT885Z -Wq2xVtqRgInZYoGZnKRJJHq8kU6rhuYLdg00LXX6exP1s1IiwVd8zXkMK7qLh4NS -WVtpVZ3ECpiwsN2Ihowow7K9NYWx8HhqmaxjUghbaZdVwIeBvr0Jf+tWqYSf9pzf -8hlBYPEG0Xc4 +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAzUs22ZW4c +BH2foXwTIJq/xMnP9g/BvR2mpmFVFz0AgB4mUZc1p+HFopQrqHjA0Ae5B6ufgKOi +eY8Iwz06pAD1agZMMzTUMjXN2XCtkYYAUMAXpM4X+LeEAr11Czlvu70PGH33jjTp +w0wwe64vtQaawafsvYcT9ycAice25PFrdlJ9dcF7WGcQW5aDtKsTrYqvFrKIeIWe +hon2awJLIzhmizmtKab/aI1io7BG6S7n2QHAUlkCfdFTuY84SvlWFj4KW7Ey0C6k +dT/u/GVgwF+sgbjk3cbfh4pKrU0wpFm77Wb6xeW4o31M66OQ4AOxrjVa+ClWn9e5 +rnkgSnW8TZ/I -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -282,10 +282,15 @@ FAIL RkFJTA== -----END VERIFY_RESULT----- -[Context] Processing Certificate - index: 0 - [Error] keyCertSign bit is not set +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: keyCertSign bit is not set + -----BEGIN ERRORS----- -W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMAogICAgICBbRXJyb3JdIGtleUNlcnRTaWduIGJpdCBpcyBub3Qgc2V0Cg== +LS0tLS0gQ2VydGlmaWNhdGUgaT0xIChDTj1JbnRlcm1lZGlhdGUpIC0tLS0tCkVSUk9SOiBrZXlDZXJ0U2lnbiBiaXQgaXMgbm90IHNldAoK -----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-fail.pem b/chromium/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-fail.pem new file mode 100644 index 00000000000..80580adbba6 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-fail.pem @@ -0,0 +1,298 @@ +[Created by: generate-intermediate-restricts-eku-fail.py] + +Certificate chain with 1 intermediate and a trusted root. The intermediate +restricts the EKU to clientAuth, and the target has serverAuth + +clientAuth. Verification is expected to fail when requesting serverAuth. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bb:d3:3c:f5:4c:df:73:61:c9:d0:be:56:b8:7f: + e6:52:56:9c:3b:84:83:23:d8:ea:30:cb:cc:01:ba: + 1d:36:70:d3:4c:58:62:74:2f:96:57:7c:e5:b0:27: + 6f:fa:72:c0:5b:0b:0c:f6:ec:1e:3b:c7:04:45:b8: + 89:97:be:fa:49:27:b6:c2:0a:29:b8:98:cd:a4:a4: + 54:29:ce:55:c5:91:ff:89:d3:51:87:88:d0:c3:ef: + 0c:de:43:b0:e0:b9:d9:23:92:f0:04:42:b6:50:06: + 2b:1a:7b:97:3e:67:a4:ed:77:23:e5:83:76:76:63: + 09:6d:be:05:6e:fc:aa:a0:c8:91:97:97:2d:85:02: + 95:c2:fc:dd:dc:f4:4b:08:c3:be:3b:43:76:96:cc: + ec:55:7a:0f:00:fe:29:4b:87:ca:df:50:ba:5c:60: + e5:6f:8c:f0:56:7b:5b:20:3d:87:fd:81:7f:61:51: + 6c:44:61:55:3a:52:28:cf:49:4d:72:3f:34:b0:a3: + 04:18:e6:47:50:c7:f0:e1:a5:4f:8c:59:e3:73:ca: + b6:a6:0d:34:a3:40:fb:41:97:8c:66:93:64:29:20: + 13:1b:f5:ab:69:74:11:88:13:8d:dc:15:c8:22:a2: + 2b:16:74:f2:f1:8b:27:c1:5a:9c:c5:0e:95:78:ba: + fe:9f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 6D:1B:79:D9:7C:01:F2:1D:99:D4:DD:54:90:BF:32:03:0F:28:4D:38 + X509v3 Authority Key Identifier: + keyid:3A:B9:4C:96:D7:3D:14:A8:24:C8:DE:55:0A:54:05:5D:5C:A2:C9:99 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 03:b3:7d:3a:ad:31:3c:23:cd:8f:44:99:81:8c:1a:72:a7:c9: + da:24:74:8c:cf:00:59:8b:d6:38:d1:b0:64:e6:9b:bb:40:9a: + d0:d0:ba:22:58:4d:a1:4d:16:7e:a9:dd:27:11:b5:69:31:5d: + 7d:cb:8d:26:16:76:3f:fc:f4:15:72:c0:50:32:88:2c:83:02: + b6:6f:c3:e7:a0:93:53:f6:e5:e9:6b:bc:91:9c:18:3a:ae:4f: + 86:5b:b3:88:bd:1b:1e:29:cf:13:76:f8:5c:93:50:32:c5:a1: + 96:0a:fb:b9:66:53:a4:5a:e6:e8:fe:75:90:02:68:18:82:cf: + 0e:1f:37:6c:47:43:5d:4b:10:68:16:89:4a:59:f4:2a:62:1e: + 7c:7a:35:a2:5b:0e:72:f1:7b:62:d8:84:bd:ad:8c:1e:4d:71: + d3:45:aa:2f:0c:46:bd:06:0f:88:38:14:11:d5:c6:e8:d8:82: + f1:c0:b6:0a:f6:c7:d0:71:89:1c:4f:11:d2:ae:cc:ee:b6:39: + 01:69:46:69:8b:73:4f:d3:ad:2a:a8:be:49:7c:01:22:58:b9: + d1:63:10:5f:19:d9:51:22:45:13:24:48:91:8a:00:9a:70:54: + 91:3a:ab:65:ef:63:b8:ce:48:1c:b7:9d:1a:a3:9c:9a:96:ce: + 51:3f:88:8e +-----BEGIN CERTIFICATE----- +MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC70zz1 +TN9zYcnQvla4f+ZSVpw7hIMj2Oowy8wBuh02cNNMWGJ0L5ZXfOWwJ2/6csBbCwz2 +7B47xwRFuImXvvpJJ7bCCim4mM2kpFQpzlXFkf+J01GHiNDD7wzeQ7DgudkjkvAE +QrZQBisae5c+Z6TtdyPlg3Z2YwltvgVu/KqgyJGXly2FApXC/N3c9EsIw747Q3aW +zOxVeg8A/ilLh8rfULpcYOVvjPBWe1sgPYf9gX9hUWxEYVU6UijPSU1yPzSwowQY +5kdQx/DhpU+MWeNzyramDTSjQPtBl4xmk2QpIBMb9atpdBGIE43cFcgioisWdPLx +iyfBWpzFDpV4uv6fAgMBAAGjgekwgeYwHQYDVR0OBBYEFG0bedl8AfIdmdTdVJC/ +MgMPKE04MB8GA1UdIwQYMBaAFDq5TJbXPRSoJMjeVQpUBV1cosmZMD8GCCsGAQUF +BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk +aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu +dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAA7N9Oq0xPCPNj0SZgYwa +cqfJ2iR0jM8AWYvWONGwZOabu0Ca0NC6IlhNoU0WfqndJxG1aTFdfcuNJhZ2P/z0 +FXLAUDKILIMCtm/D56CTU/bl6Wu8kZwYOq5PhluziL0bHinPE3b4XJNQMsWhlgr7 +uWZTpFrm6P51kAJoGILPDh83bEdDXUsQaBaJSln0KmIefHo1olsOcvF7YtiEva2M +Hk1x00WqLwxGvQYPiDgUEdXG6NiC8cC2CvbH0HGJHE8R0q7M7rY5AWlGaYtzT9Ot +Kqi+SXwBIli50WMQXxnZUSJFEyRIkYoAmnBUkTqrZe9juM5IHLedGqOcmpbOUT+I +jg== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bd:9a:08:67:72:a5:4d:ba:39:c4:0a:d5:a9:42: + 46:7a:a0:f3:f2:2b:1f:83:91:58:a7:00:3b:b3:17: + 51:e5:1f:83:13:44:10:14:7f:84:6d:97:57:de:32: + 00:bd:15:18:e4:c7:89:8b:6e:5b:41:51:ad:d3:c9: + f7:3e:75:51:74:5c:71:40:2e:9b:95:be:8f:3b:17: + 33:a5:3a:33:17:97:05:d7:30:0c:40:94:c1:8d:e7: + 80:5f:f3:d4:3e:e4:46:8c:e3:80:ec:95:91:87:e0: + a0:a3:32:73:6c:44:c2:9c:12:a5:d3:6b:91:e0:60: + 3d:a1:61:9d:09:6f:5f:7b:b1:c5:98:6a:3a:cc:85: + 76:45:f2:44:0e:3f:cf:b9:56:5a:23:55:68:31:4b: + 17:30:ad:a0:e2:b1:85:3f:6e:2e:7e:a7:38:b9:dd: + cd:3d:fb:74:1a:83:87:c2:ec:ec:6a:63:0b:5e:c8: + 75:07:b5:4f:3f:93:58:a5:fe:3e:76:18:ee:16:df: + b1:52:b8:1a:f0:77:65:a3:b7:2d:16:a3:e6:c8:11: + 67:e1:20:ea:2f:ed:0b:93:e6:c8:2a:a0:fc:34:b7: + fa:4b:21:33:60:02:86:cf:b4:bd:f0:c7:ec:f5:7a: + b4:ff:84:18:f4:73:a1:28:7a:31:de:08:b6:fd:be: + 0a:7d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 3A:B9:4C:96:D7:3D:14:A8:24:C8:DE:55:0A:54:05:5D:5C:A2:C9:99 + X509v3 Authority Key Identifier: + keyid:AE:89:01:94:41:77:67:BD:EF:7F:98:4F:29:E7:1B:3A:18:B9:DD:51 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Extended Key Usage: + TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 48:57:46:43:a9:be:bb:bb:5c:b1:c1:42:cd:72:22:1e:34:98: + 8f:ae:c5:8f:88:72:3e:01:f4:9f:d0:2a:ed:6b:3a:32:22:e0: + 9e:be:2c:7d:5c:b8:01:98:d8:41:97:58:88:69:a1:1c:2d:c3: + 97:00:71:47:b8:f9:91:5d:66:b2:cd:e9:ec:3c:1a:70:b5:7a: + ee:8e:88:d3:d6:c3:32:e7:11:c2:a5:8d:b4:01:2c:87:06:a5: + c8:85:07:29:6c:1a:20:ee:5e:ca:6e:42:f0:89:f3:e9:d1:e8: + cd:d6:4b:ef:b4:fc:10:be:ae:b8:4c:0d:b0:af:3d:72:4a:17: + 03:72:d5:aa:a4:30:bf:8d:6f:66:9f:19:fa:e0:c7:e4:fe:5c: + 30:53:95:8e:6a:87:59:bb:14:62:3a:1a:2f:24:87:c3:0c:8e: + 09:e7:e4:f1:3c:e3:03:e7:29:28:5d:b4:fd:a1:f7:8c:00:c5: + 8f:33:56:09:df:48:f8:d3:1e:cd:4a:b8:69:ac:81:65:3d:20: + f3:d2:52:dd:44:e7:fa:f8:22:b4:fb:ec:8e:b9:27:a8:d9:12: + 69:bc:d0:6d:b6:45:41:c5:d6:fc:16:d0:47:da:b4:a3:75:f0: + e2:fa:49:9d:5f:9c:64:ee:17:1d:1a:83:26:5d:e0:ad:fb:a8: + 74:70:30:08 +-----BEGIN CERTIFICATE----- +MIIDgjCCAmqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZoIZ3Kl +Tbo5xArVqUJGeqDz8isfg5FYpwA7sxdR5R+DE0QQFH+EbZdX3jIAvRUY5MeJi25b +QVGt08n3PnVRdFxxQC6blb6POxczpTozF5cF1zAMQJTBjeeAX/PUPuRGjOOA7JWR +h+CgozJzbETCnBKl02uR4GA9oWGdCW9fe7HFmGo6zIV2RfJEDj/PuVZaI1VoMUsX +MK2g4rGFP24ufqc4ud3NPft0GoOHwuzsamMLXsh1B7VPP5NYpf4+dhjuFt+xUrga +8Hdlo7ctFqPmyBFn4SDqL+0Lk+bIKqD8NLf6SyEzYAKGz7S98Mfs9Xq0/4QY9HOh +KHox3gi2/b4KfQIDAQABo4HgMIHdMB0GA1UdDgQWBBQ6uUyW1z0UqCTI3lUKVAVd +XKLJmTAfBgNVHSMEGDAWgBSuiQGUQXdnve9/mE8p5xs6GLndUTA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUH +AwIwDQYJKoZIhvcNAQELBQADggEBAEhXRkOpvru7XLHBQs1yIh40mI+uxY+Icj4B +9J/QKu1rOjIi4J6+LH1cuAGY2EGXWIhpoRwtw5cAcUe4+ZFdZrLN6ew8GnC1eu6O +iNPWwzLnEcKljbQBLIcGpciFBylsGiDuXspuQvCJ8+nR6M3WS++0/BC+rrhMDbCv +PXJKFwNy1aqkML+Nb2afGfrgx+T+XDBTlY5qh1m7FGI6Gi8kh8MMjgnn5PE84wPn +KShdtP2h94wAxY8zVgnfSPjTHs1KuGmsgWU9IPPSUt1E5/r4IrT77I65J6jZEmm8 +0G22RUHF1vwW0EfatKN18OL6SZ1fnGTuFx0agyZd4K37qHRwMAg= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b6:30:63:d8:b0:11:71:5f:03:38:e5:24:a7:88: + 9c:fe:f5:a6:2a:59:63:7b:18:39:d5:34:2f:27:4c: + fe:18:27:eb:7e:71:25:4d:af:71:97:7f:f0:18:b0: + 19:a7:fd:ab:52:d9:01:aa:13:ff:3f:c9:c8:d4:87: + fa:69:53:28:b7:52:4f:91:ac:55:cb:38:7f:61:32: + b6:d9:20:f4:58:6f:c3:4c:4f:64:d7:14:34:8c:d3: + ac:f5:97:8a:9d:f6:d0:0b:64:b4:3a:55:71:0b:92: + b1:8e:df:2e:77:8a:fe:36:f6:0f:be:49:03:3d:42: + fc:4c:e4:50:f6:3e:86:d0:e4:0b:15:cd:27:49:ae: + 7a:be:d7:05:28:68:f7:e7:35:1b:fc:2a:50:c1:66: + f3:31:11:f3:f9:40:80:51:3a:60:9a:87:47:fc:46: + 99:e3:1a:c9:5c:76:d9:34:45:b0:82:d6:06:d7:ea: + 5d:13:ce:ca:4e:9d:2e:80:cd:b3:5c:47:11:dd:f1: + 8a:97:c7:8d:37:6a:1a:c7:97:13:ad:bf:9c:85:32: + df:20:0a:a9:27:3b:e6:26:c6:9d:98:d3:d1:d7:a0: + 16:4d:b1:a3:3b:1f:19:c3:c5:81:dd:35:25:3c:86: + 8e:8b:76:69:f2:e5:35:5e:3c:6c:3f:7e:47:57:7f: + eb:0d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AE:89:01:94:41:77:67:BD:EF:7F:98:4F:29:E7:1B:3A:18:B9:DD:51 + X509v3 Authority Key Identifier: + keyid:AE:89:01:94:41:77:67:BD:EF:7F:98:4F:29:E7:1B:3A:18:B9:DD:51 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 3e:0f:33:42:25:43:7e:e0:36:64:99:cc:4d:38:94:6e:26:40: + 50:7d:78:af:88:41:6b:44:4c:55:db:3e:11:2d:d3:67:94:79: + d6:7e:bc:e1:23:9b:2a:a4:a7:ad:3d:a9:fe:86:3e:3d:81:98: + 7c:0f:21:60:a4:65:13:83:a3:c4:4d:12:d8:d5:52:3f:ad:de: + 29:f5:ee:dc:31:ef:56:85:ce:7a:b4:05:f4:95:6e:ba:ce:ac: + 09:19:49:eb:8e:ea:c6:dd:13:dd:15:b7:53:7b:44:67:ab:4d: + b7:41:c6:4e:de:f7:ca:bb:cc:7a:fb:84:ec:31:f6:ac:9e:26: + 83:74:cf:4f:a9:6a:dd:dd:68:28:f7:13:2e:54:42:ea:39:8d: + 44:51:3d:2e:05:11:63:81:0b:a8:82:96:72:ff:bb:45:a6:e7: + 9b:f3:03:24:d0:21:e4:67:2b:a8:d9:61:aa:ab:9b:b9:f0:3f: + b7:16:fc:7b:32:dc:4a:33:e8:a3:d3:79:f5:fc:16:6e:95:23: + a5:ec:a7:75:76:ff:ff:8f:6b:c4:32:d2:4d:e7:45:2c:1d:7e: + 8a:76:28:dd:e6:01:e1:f0:f9:45:5b:91:7c:0a:92:90:be:1b: + 9c:0c:1f:b9:24:df:d2:f7:f5:fa:8c:76:cd:00:01:73:35:04: + a7:08:6a:dd +-----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- +MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALYwY9iwEXFfAzjlJKeI +nP71pipZY3sYOdU0LydM/hgn635xJU2vcZd/8BiwGaf9q1LZAaoT/z/JyNSH+mlT +KLdST5GsVcs4f2Eyttkg9Fhvw0xPZNcUNIzTrPWXip320AtktDpVcQuSsY7fLneK +/jb2D75JAz1C/EzkUPY+htDkCxXNJ0muer7XBSho9+c1G/wqUMFm8zER8/lAgFE6 +YJqHR/xGmeMayVx22TRFsILWBtfqXRPOyk6dLoDNs1xHEd3xipfHjTdqGseXE62/ +nIUy3yAKqSc75ibGnZjT0degFk2xozsfGcPFgd01JTyGjot2afLlNV48bD9+R1d/ +6w0CAwEAAaOByzCByDAdBgNVHQ4EFgQUrokBlEF3Z73vf5hPKecbOhi53VEwHwYD +VR0jBBgwFoAUrokBlEF3Z73vf5hPKecbOhi53VEwNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA+DzNCJUN+ +4DZkmcxNOJRuJkBQfXiviEFrRExV2z4RLdNnlHnWfrzhI5sqpKetPan+hj49gZh8 +DyFgpGUTg6PETRLY1VI/rd4p9e7cMe9Whc56tAX0lW66zqwJGUnrjurG3RPdFbdT +e0Rnq023QcZO3vfKu8x6+4TsMfasniaDdM9PqWrd3Wgo9xMuVELqOY1EUT0uBRFj +gQuogpZy/7tFpueb8wMk0CHkZyuo2WGqq5u58D+3Fvx7MtxKM+ij03n1/BZulSOl +7Kd1dv//j2vEMtJN50UsHX6Kdijd5gHh8PlFW5F8CpKQvhucDB+5JN/S9/X6jHbN +AAFzNQSnCGrd +-----END TRUST_ANCHOR_UNCONSTRAINED----- + +150302120000Z +-----BEGIN TIME----- +MTUwMzAyMTIwMDAwWg== +-----END TIME----- + +FAIL +-----BEGIN VERIFY_RESULT----- +RkFJTA== +-----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: The extended key usage does not include server auth + + +-----BEGIN ERRORS----- +LS0tLS0gQ2VydGlmaWNhdGUgaT0xIChDTj1JbnRlcm1lZGlhdGUpIC0tLS0tCkVSUk9SOiBUaGUgZXh0ZW5kZWQga2V5IHVzYWdlIGRvZXMgbm90IGluY2x1ZGUgc2VydmVyIGF1dGgKCg== +-----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-ok.pem b/chromium/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-ok.pem new file mode 100644 index 00000000000..d3c332c176d --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/intermediate-restricts-eku-ok.pem @@ -0,0 +1,291 @@ +[Created by: generate-intermediate-restricts-eku-ok.py] + +Certificate chain with 1 intermediate and a trusted root. The intermediate +restricts the EKU to serverAuth, and the target has serverAuth + +clientAuth. Verification is expected to succeed as this is consistent with +the requested key purpose. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b2:4d:55:36:b9:dd:25:6c:a3:e3:5c:2f:95:97: + ac:3a:df:2d:6a:63:03:f7:e9:b2:a7:4d:f3:7d:21: + 78:af:80:cf:34:6a:47:ba:05:0d:90:ad:5d:5a:86: + 9d:c2:5b:7f:47:8c:0a:44:b6:de:d7:c1:17:e7:0f: + 44:ea:88:05:70:5d:81:95:81:44:24:b3:70:38:fc: + ab:53:1e:41:75:0e:72:4d:3c:89:16:3e:b9:bf:e5: + 9d:5e:af:56:ef:50:a0:e0:da:bd:94:c0:39:07:52: + b4:fb:3d:6a:4f:71:0e:4d:55:bb:69:4a:31:5b:4a: + 16:60:fa:fd:40:34:30:70:eb:12:d0:33:0a:9d:27: + 68:ba:2f:bf:51:7c:5f:fb:04:fd:c6:08:25:1c:44: + a0:a8:4b:02:7c:fc:8c:ab:b4:e9:8c:c9:bc:ab:13: + 3c:1e:75:0d:09:cf:c9:56:db:2a:12:5c:e0:e1:58: + 70:95:df:99:9e:c9:21:b3:ba:3c:50:5a:26:a2:95: + 12:8b:9f:8e:f1:76:ea:85:94:ac:ef:14:44:b4:d9: + 44:28:a3:f1:60:c0:7b:e8:1f:01:bd:f7:78:bf:ef: + cd:75:ee:dd:2d:e8:7d:5e:97:3c:b7:06:b0:16:6c: + 2d:0b:f2:07:7f:d9:43:f0:79:58:fe:53:41:c2:89: + f6:9d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + D5:E6:09:2D:66:DD:8D:8F:23:BF:FA:0F:9A:19:29:A4:B0:3B:CA:25 + X509v3 Authority Key Identifier: + keyid:A8:E7:C3:7D:1D:87:34:60:3C:F6:5E:AD:96:99:05:CF:A2:06:2F:65 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 0e:b4:d0:41:86:b0:77:cb:da:ba:08:9c:cf:73:a1:4f:d0:0e: + 62:29:a4:88:05:10:f1:e4:96:22:b5:80:47:56:5b:3e:52:69: + 7b:ae:82:cb:cd:00:10:f0:ea:88:49:3e:2d:e7:8e:a8:47:7f: + af:af:69:2a:7e:69:12:55:48:40:88:31:04:0f:b6:85:69:db: + 7a:ce:06:a4:7c:bd:f0:36:0b:3c:1c:19:d3:76:ec:77:51:cc: + ec:72:21:ed:d8:fb:44:2f:6d:fd:1f:ec:ef:6d:87:c9:87:e2: + 97:6d:f8:7b:10:6d:1c:ad:be:07:7e:d4:b9:10:47:99:9e:f7: + bf:e6:13:c2:b3:55:5e:52:5e:62:a6:3d:4d:c2:5a:b6:f7:24: + dc:d3:19:eb:9b:52:7b:36:87:33:c1:eb:b7:da:94:d7:09:b4: + e8:9c:fd:19:b8:ab:ff:be:2d:20:06:11:52:ae:c9:30:12:43: + 20:50:6c:b5:d0:cc:2e:85:ed:81:c8:cd:a7:be:f2:95:1c:c8: + 36:ea:4e:37:a9:b0:41:68:e2:a7:46:b2:d5:f8:95:94:85:12: + 98:a0:da:a9:12:8b:bf:2c:65:2c:48:b3:11:ca:69:b0:e3:80: + 9b:36:c1:82:33:51:a2:8c:71:ec:9b:83:cf:4f:bf:23:d4:a5: + 41:63:f5:40 +-----BEGIN CERTIFICATE----- +MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyTVU2 +ud0lbKPjXC+Vl6w63y1qYwP36bKnTfN9IXivgM80ake6BQ2QrV1ahp3CW39HjApE +tt7XwRfnD0TqiAVwXYGVgUQks3A4/KtTHkF1DnJNPIkWPrm/5Z1er1bvUKDg2r2U +wDkHUrT7PWpPcQ5NVbtpSjFbShZg+v1ANDBw6xLQMwqdJ2i6L79RfF/7BP3GCCUc +RKCoSwJ8/IyrtOmMybyrEzwedQ0Jz8lW2yoSXODhWHCV35meySGzujxQWiailRKL +n47xduqFlKzvFES02UQoo/FgwHvoHwG993i/78117t0t6H1elzy3BrAWbC0L8gd/ +2UPweVj+U0HCifadAgMBAAGjgekwgeYwHQYDVR0OBBYEFNXmCS1m3Y2PI7/6D5oZ +KaSwO8olMB8GA1UdIwQYMBaAFKjnw30dhzRgPPZerZaZBc+iBi9lMD8GCCsGAQUF +BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk +aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu +dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEADrTQQYawd8vaugicz3Oh +T9AOYimkiAUQ8eSWIrWAR1ZbPlJpe66Cy80AEPDqiEk+LeeOqEd/r69pKn5pElVI +QIgxBA+2hWnbes4GpHy98DYLPBwZ03bsd1HM7HIh7dj7RC9t/R/s722HyYfil234 +exBtHK2+B37UuRBHmZ73v+YTwrNVXlJeYqY9TcJatvck3NMZ65tSezaHM8Hrt9qU +1wm06Jz9Gbir/74tIAYRUq7JMBJDIFBstdDMLoXtgcjNp77ylRzINupON6mwQWji +p0ay1fiVlIUSmKDaqRKLvyxlLEizEcppsOOAmzbBgjNRooxx7JuDz0+/I9SlQWP1 +QA== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c7:a6:98:a9:bd:8e:27:ab:e7:f5:9e:36:a4:a4: + f7:b7:59:0f:02:0a:5a:a7:0a:04:d9:d2:df:43:e4: + 13:61:c7:41:33:cf:1b:3e:e5:f6:74:36:6b:db:27: + c5:cf:00:3d:c6:dd:2a:dd:1b:1b:ca:fd:d0:4b:a3: + 90:92:66:19:36:4b:bb:9b:dc:74:a6:fb:23:d2:8f: + 6e:74:35:1a:df:13:7a:40:df:a1:12:f3:09:a2:70: + 39:a0:e2:5c:0e:b6:9a:4c:53:f8:2e:12:fb:ea:db: + 9d:6a:6e:0e:41:2a:3d:b3:da:3e:7e:9b:2a:1a:2a: + e5:70:1b:19:b2:10:d1:12:3d:e1:9c:f3:b0:05:40: + 79:c3:fb:44:41:80:01:10:2e:99:72:5f:f5:39:1e: + 5d:f4:2c:22:b5:c1:9b:ec:21:29:50:f9:36:3b:0e: + 8a:a9:0b:d2:e7:ce:74:16:10:74:4e:f7:f5:bc:14: + ae:af:79:4a:82:f5:2a:e2:2a:e4:f1:e1:2c:e7:91: + 04:fd:a5:38:09:f6:21:ce:62:2e:65:0d:1f:30:3c: + 11:fe:e5:79:85:51:18:95:e6:9d:15:82:f5:22:d1: + 77:b5:4d:64:82:86:84:8c:59:90:86:b4:64:1e:a6: + cc:20:d8:9b:09:b9:4f:7d:57:52:b6:00:9f:b6:d2: + b3:ef + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + A8:E7:C3:7D:1D:87:34:60:3C:F6:5E:AD:96:99:05:CF:A2:06:2F:65 + X509v3 Authority Key Identifier: + keyid:A1:4F:77:20:47:E0:DD:E5:33:AF:6C:77:9A:CF:33:CA:99:39:B9:BB + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 86:0d:ee:57:98:f7:94:52:50:89:78:60:a9:5b:8c:f4:de:a9: + 67:0d:af:b2:85:c7:73:97:c1:fe:62:a6:50:26:05:23:db:5d: + 16:87:79:ae:10:d7:5c:cf:56:a3:ba:e3:ad:7c:7a:75:5d:0a: + 00:66:d1:d2:25:1e:13:4e:87:96:11:a2:04:7c:77:90:35:8a: + 21:28:71:82:62:1f:00:4e:d0:44:57:ac:0d:33:64:65:fd:27: + 61:5c:53:ee:22:21:cf:1e:92:a0:4a:ad:aa:87:2e:c9:65:8f: + c3:ec:b1:6e:5e:82:a9:60:a0:7c:74:c6:93:6a:16:c0:76:32: + 51:60:ab:83:1e:8a:ba:af:80:51:67:15:9f:6c:8b:65:0f:95: + 44:60:fb:34:af:06:ab:48:2c:78:9f:6b:2f:fb:af:a8:cf:8e: + b4:b2:81:d4:e2:bc:bf:84:b9:2e:45:74:58:f9:b1:9d:b9:06: + b2:00:09:e9:8d:26:58:06:a7:09:c0:ba:bd:39:ea:83:2d:2c: + 65:e1:44:19:67:f5:55:bc:81:eb:87:91:cf:1b:5b:24:6b:f3: + a9:2a:b4:b3:40:13:3a:2f:ee:53:04:09:de:a7:98:54:2b:77: + fc:78:14:8e:1d:6a:a7:db:18:a9:42:d4:a8:23:22:9a:d5:2a: + b9:d4:70:36 +-----BEGIN CERTIFICATE----- +MIIDgjCCAmqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6aYqb2O +J6vn9Z42pKT3t1kPAgpapwoE2dLfQ+QTYcdBM88bPuX2dDZr2yfFzwA9xt0q3Rsb +yv3QS6OQkmYZNku7m9x0pvsj0o9udDUa3xN6QN+hEvMJonA5oOJcDraaTFP4LhL7 +6tudam4OQSo9s9o+fpsqGirlcBsZshDREj3hnPOwBUB5w/tEQYABEC6Zcl/1OR5d +9CwitcGb7CEpUPk2Ow6KqQvS5850FhB0Tvf1vBSur3lKgvUq4irk8eEs55EE/aU4 +CfYhzmIuZQ0fMDwR/uV5hVEYleadFYL1ItF3tU1kgoaEjFmQhrRkHqbMINibCblP +fVdStgCfttKz7wIDAQABo4HgMIHdMB0GA1UdDgQWBBSo58N9HYc0YDz2Xq2WmQXP +ogYvZTAfBgNVHSMEGDAWgBShT3cgR+Dd5TOvbHeazzPKmTm5uzA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUH +AwEwDQYJKoZIhvcNAQELBQADggEBAIYN7leY95RSUIl4YKlbjPTeqWcNr7KFx3OX +wf5iplAmBSPbXRaHea4Q11zPVqO64618enVdCgBm0dIlHhNOh5YRogR8d5A1iiEo +cYJiHwBO0ERXrA0zZGX9J2FcU+4iIc8ekqBKraqHLsllj8PssW5egqlgoHx0xpNq +FsB2MlFgq4MeirqvgFFnFZ9si2UPlURg+zSvBqtILHifay/7r6jPjrSygdTivL+E +uS5FdFj5sZ25BrIACemNJlgGpwnAur056oMtLGXhRBln9VW8geuHkc8bWyRr86kq +tLNAEzov7lMECd6nmFQrd/x4FI4daqfbGKlC1KgjIprVKrnUcDY= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b3:35:83:74:7b:e7:c4:56:bb:33:c3:b5:19:86: + 79:48:54:e0:02:be:10:8a:d4:74:9c:51:31:1a:7c: + 5c:bd:c7:29:4c:e7:65:2e:f4:41:7d:b9:02:10:38: + 9c:4d:dc:3e:47:bc:76:50:bc:12:16:ca:d6:97:e9: + 35:1c:88:f6:92:8a:66:2f:7f:8a:dd:8d:9b:2b:55: + cd:5c:d3:18:b6:2f:3e:c2:a1:59:8f:cb:18:ad:c8: + aa:a3:ae:d2:98:92:a0:50:44:f0:7b:13:73:47:69: + 7d:f3:1a:49:37:29:9f:4a:40:1f:1b:28:00:82:f8: + 9d:80:02:fd:e6:37:d8:a9:6b:5a:3b:e2:ce:d8:a0: + 40:7a:27:30:4c:eb:0a:42:a6:1a:bc:20:bf:3f:3a: + b0:ab:ee:38:7b:c9:07:c2:6b:87:54:cb:9e:1c:60: + 36:a5:dc:01:d1:44:0d:e2:ff:23:1d:47:d7:17:89: + 1e:38:fa:09:30:f4:19:a0:be:60:4a:a9:f8:62:4a: + bf:f1:ca:01:33:17:f0:78:f3:fa:19:58:11:cb:ef: + f5:20:2e:91:80:85:11:ec:ac:55:51:9f:64:6a:87: + 68:0d:9f:d7:93:0a:7a:8a:1c:7d:67:10:73:91:f2: + 0c:81:c6:e8:93:5a:d7:b1:65:2c:e9:54:33:5e:39: + b7:9d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + A1:4F:77:20:47:E0:DD:E5:33:AF:6C:77:9A:CF:33:CA:99:39:B9:BB + X509v3 Authority Key Identifier: + keyid:A1:4F:77:20:47:E0:DD:E5:33:AF:6C:77:9A:CF:33:CA:99:39:B9:BB + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 64:60:7d:50:48:0f:3b:0d:00:93:1f:a8:95:5b:0b:55:7e:1c: + bd:76:cd:f8:26:49:ec:e5:e2:16:08:29:ef:cd:0d:57:c0:f7: + 26:a3:80:cd:0d:61:8d:31:98:25:f3:8c:9a:e0:0d:d7:eb:bb: + aa:94:13:99:7c:8c:fc:ff:ea:b6:bc:66:36:9f:d8:50:ee:e1: + f6:75:a9:e0:30:12:38:70:a6:ca:72:15:46:d0:70:0c:92:f7: + 8d:5e:ab:32:ef:76:cd:33:ed:a9:b2:1e:7c:da:ad:c3:43:70: + 2b:6a:20:aa:47:89:9a:05:31:bc:13:e4:8e:56:1c:99:27:85: + 2b:98:08:ec:54:3f:e9:4b:50:b0:b9:d3:86:2f:c3:8f:a3:61: + d4:0a:39:ae:55:0f:d1:57:22:05:53:46:88:68:92:22:f7:6b: + e4:62:98:ad:7b:37:e4:ce:5e:ac:97:11:93:69:ad:d3:3c:db: + ed:dc:e9:3e:82:14:0c:1f:55:79:5f:78:82:0f:c8:72:2a:19: + 3b:92:a7:80:bd:4d:c7:d7:d2:be:36:e9:d2:56:17:e7:8e:71: + 25:4c:97:03:62:78:45:f4:ba:6a:e5:61:e9:a6:13:26:3d:f9: + 14:90:7f:2d:83:70:bd:58:20:a9:40:a0:a5:81:55:40:d0:ce: + f0:81:b5:23 +-----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- +MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALM1g3R758RWuzPDtRmG +eUhU4AK+EIrUdJxRMRp8XL3HKUznZS70QX25AhA4nE3cPke8dlC8EhbK1pfpNRyI +9pKKZi9/it2NmytVzVzTGLYvPsKhWY/LGK3IqqOu0piSoFBE8HsTc0dpffMaSTcp +n0pAHxsoAIL4nYAC/eY32KlrWjviztigQHonMEzrCkKmGrwgvz86sKvuOHvJB8Jr +h1TLnhxgNqXcAdFEDeL/Ix1H1xeJHjj6CTD0GaC+YEqp+GJKv/HKATMX8Hjz+hlY +Ecvv9SAukYCFEeysVVGfZGqHaA2f15MKeoocfWcQc5HyDIHG6JNa17FlLOlUM145 +t50CAwEAAaOByzCByDAdBgNVHQ4EFgQUoU93IEfg3eUzr2x3ms8zypk5ubswHwYD +VR0jBBgwFoAUoU93IEfg3eUzr2x3ms8zypk5ubswNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBkYH1QSA87 +DQCTH6iVWwtVfhy9ds34Jkns5eIWCCnvzQ1XwPcmo4DNDWGNMZgl84ya4A3X67uq +lBOZfIz8/+q2vGY2n9hQ7uH2dangMBI4cKbKchVG0HAMkveNXqsy73bNM+2psh58 +2q3DQ3AraiCqR4maBTG8E+SOVhyZJ4UrmAjsVD/pS1CwudOGL8OPo2HUCjmuVQ/R +VyIFU0aIaJIi92vkYpitezfkzl6slxGTaa3TPNvt3Ok+ghQMH1V5X3iCD8hyKhk7 +kqeAvU3H19K+NunSVhfnjnElTJcDYnhF9Lpq5WHpphMmPfkUkH8tg3C9WCCpQKCl +gVVA0M7wgbUj +-----END TRUST_ANCHOR_UNCONSTRAINED----- + +150302120000Z +-----BEGIN TIME----- +MTUwMzAyMTIwMDAwWg== +-----END TIME----- + +SUCCESS +-----BEGIN VERIFY_RESULT----- +U1VDQ0VTUw== +-----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/intermediate-sets-eku-any.pem b/chromium/net/data/verify_certificate_chain_unittest/intermediate-sets-eku-any.pem new file mode 100644 index 00000000000..bdf50fd6711 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/intermediate-sets-eku-any.pem @@ -0,0 +1,291 @@ +[Created by: generate-intermediate-sets-eku-any.py] + +Certificate chain with 1 intermediate and a trusted root. The intermediate +restricts the EKU to clientAuth + any, and the target has serverAuth + +clientAuth. Verification is expected to succeed because intermediate will match +the "any". + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ae:2e:8b:18:8d:f7:76:2c:94:0c:3f:a0:b6:ea: + 70:1f:5e:c8:48:c5:aa:ad:55:6b:bd:55:68:0d:8e: + ce:e5:99:27:c5:2c:b2:9a:29:a9:8f:8e:c3:c6:97: + 89:6d:31:d7:a4:8f:d8:36:37:4f:33:c7:d6:42:03: + 11:08:c4:7f:35:8c:ee:0f:1b:7a:31:74:04:aa:01: + d3:1e:8b:5b:01:9d:60:4b:9c:d1:8f:1e:ab:e5:dc: + 8f:17:77:49:e3:f6:d5:82:a5:2f:0a:e8:dc:9f:96: + 1e:2a:a1:41:d1:67:2c:9e:f3:7f:94:0c:6e:cf:5f: + 55:52:37:05:d0:39:37:1a:6e:11:ed:db:fa:aa:92: + a7:4f:50:29:07:69:af:1d:a7:99:fa:e1:56:f0:03: + 38:b0:ae:6b:e7:19:0b:dd:c3:07:31:8e:84:04:a5: + b4:eb:b8:bc:23:f3:40:b0:17:b4:ab:9e:3f:05:96: + 89:fc:84:23:cc:d1:06:c2:e4:8b:c6:65:f5:24:eb: + 72:31:bc:41:7d:3a:c9:55:08:0c:ee:a6:ae:1f:78: + 17:f8:a7:9d:7b:b1:82:f5:ce:82:6b:a8:b2:c6:8a: + b9:be:a5:d8:39:f4:49:e2:4c:53:32:85:26:53:4d: + 44:ce:d5:3b:a0:6b:e7:d9:02:a1:5a:ef:e1:a5:81: + a7:fb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + EB:B0:1C:BD:B7:68:B8:D1:B9:8A:C2:9F:5D:CF:DD:AF:F2:62:70:8A + X509v3 Authority Key Identifier: + keyid:EE:C6:9A:65:CC:FB:CE:A0:3E:17:02:F9:68:12:86:B6:22:09:60:B4 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 04:83:63:1b:67:f1:17:c4:b4:65:6c:fa:2f:b8:d0:67:b4:14: + b2:51:4f:a2:cd:c5:20:a0:83:b2:f6:20:af:49:07:59:89:8e: + cf:bc:59:3a:b6:c3:e0:ec:a7:cd:87:7c:a6:72:bb:0b:6c:97: + 16:00:d2:2e:0b:66:c0:35:66:5b:f9:d8:25:cb:f2:20:f2:39: + b8:a9:a6:ab:47:ba:06:ba:97:a5:27:f7:9b:2a:68:35:e0:96: + 39:37:16:2f:28:b9:ad:bb:49:59:18:fe:d1:7b:5d:5e:ec:1d: + f0:e7:77:61:ab:f4:c6:6d:25:fa:a6:56:0c:1c:aa:6c:37:97: + e4:4a:9d:56:16:d0:e2:45:05:e9:d2:72:8a:ad:d9:3d:98:ad: + 7f:d3:a1:1a:f3:e4:f6:eb:c2:b1:97:49:42:55:45:ab:a2:03: + 22:24:2f:7f:c6:ed:7b:87:47:ab:3f:6e:a1:d9:c5:6c:21:db: + 73:de:47:e6:62:4e:7b:53:c0:df:6e:38:1d:2d:37:29:0a:81: + 46:7f:2e:0a:bd:c5:4d:9b:71:86:3e:22:81:bd:2a:79:9e:e0: + 2f:44:aa:bc:f8:a7:12:f3:79:8d:ec:69:0c:10:ed:7f:df:a2: + a2:07:88:2c:1d:a9:1b:61:fd:b8:59:3e:70:4c:7d:f1:95:61: + d4:98:61:ff +-----BEGIN CERTIFICATE----- +MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuLosY +jfd2LJQMP6C26nAfXshIxaqtVWu9VWgNjs7lmSfFLLKaKamPjsPGl4ltMdekj9g2 +N08zx9ZCAxEIxH81jO4PG3oxdASqAdMei1sBnWBLnNGPHqvl3I8Xd0nj9tWCpS8K +6Nyflh4qoUHRZyye83+UDG7PX1VSNwXQOTcabhHt2/qqkqdPUCkHaa8dp5n64Vbw +AziwrmvnGQvdwwcxjoQEpbTruLwj80CwF7Srnj8Flon8hCPM0QbC5IvGZfUk63Ix +vEF9OslVCAzupq4feBf4p517sYL1zoJrqLLGirm+pdg59EniTFMyhSZTTUTO1Tug +a+fZAqFa7+Glgaf7AgMBAAGjgekwgeYwHQYDVR0OBBYEFOuwHL23aLjRuYrCn13P +3a/yYnCKMB8GA1UdIwQYMBaAFO7GmmXM+86gPhcC+WgShrYiCWC0MD8GCCsGAQUF +BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk +aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu +dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEABINjG2fxF8S0ZWz6L7jQ +Z7QUslFPos3FIKCDsvYgr0kHWYmOz7xZOrbD4OynzYd8pnK7C2yXFgDSLgtmwDVm +W/nYJcvyIPI5uKmmq0e6BrqXpSf3mypoNeCWOTcWLyi5rbtJWRj+0XtdXuwd8Od3 +Yav0xm0l+qZWDByqbDeX5EqdVhbQ4kUF6dJyiq3ZPZitf9OhGvPk9uvCsZdJQlVF +q6IDIiQvf8bte4dHqz9uodnFbCHbc95H5mJOe1PA3244HS03KQqBRn8uCr3FTZtx +hj4igb0qeZ7gL0SqvPinEvN5jexpDBDtf9+iogeILB2pG2H9uFk+cEx98ZVh1Jhh +/w== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d1:41:40:6f:cb:25:05:d9:29:d0:a3:c7:fe:2f: + f0:53:ad:46:36:19:aa:b1:1f:3f:7a:a2:e0:fb:03: + 2b:77:65:6a:79:eb:f3:a3:16:13:34:83:3b:42:de: + a2:bb:e2:bf:d8:d2:75:3d:48:38:86:bb:2a:7d:14: + a3:88:f7:7c:00:f4:0a:6b:6b:aa:9b:44:24:62:fe: + db:a3:42:55:15:67:2a:32:ff:b2:4d:80:93:d0:84: + ef:1b:dc:7c:ac:56:2d:54:08:02:f6:18:6e:b5:80: + a8:77:52:1f:b8:2c:09:6d:cc:f8:1c:04:91:62:6e: + 1e:dd:1d:89:b2:f1:23:0b:4d:4c:6c:da:49:3d:61: + 83:72:0f:66:36:12:3f:f3:ff:53:52:73:53:a1:ca: + 38:bd:c3:48:bf:7a:2f:13:19:d7:c2:28:e1:6f:32: + 00:5e:64:ac:4b:05:7a:77:62:57:55:a9:59:83:d5: + ed:a3:2e:28:34:71:79:2f:b9:c3:9e:df:b3:2a:b1: + 59:cd:04:00:1d:8b:11:56:ae:c6:67:f6:4f:1d:58: + 07:65:e0:b0:2f:ef:57:6d:de:c1:a0:7c:6e:38:a8: + 45:26:21:96:e0:f6:ef:0e:28:cf:01:70:57:dc:20: + 15:08:ad:e8:e3:98:74:8c:54:32:c1:28:17:e0:de: + a1:8b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + EE:C6:9A:65:CC:FB:CE:A0:3E:17:02:F9:68:12:86:B6:22:09:60:B4 + X509v3 Authority Key Identifier: + keyid:42:75:41:34:C5:59:9F:99:A3:9B:1C:0C:57:DB:5C:C7:C1:48:B7:91 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Extended Key Usage: + TLS Web Client Authentication, Any Extended Key Usage + Signature Algorithm: sha256WithRSAEncryption + 7e:65:1a:1b:ca:f6:29:2d:fa:64:43:07:29:94:06:40:45:c5: + 86:64:c8:7e:3d:83:78:1b:a2:41:2c:35:33:80:f1:d3:77:84: + 6c:7b:db:f1:65:3b:71:72:85:67:5e:a9:b3:91:8e:39:41:ae: + ba:ad:3a:c5:7f:f2:be:e3:af:83:b1:3e:26:c0:36:f4:c7:12: + 21:51:2f:1f:37:19:a5:03:25:d9:25:9c:b1:10:1b:56:06:1e: + 7a:08:b6:d8:04:de:3c:23:8b:cb:22:ea:24:65:a8:89:f4:61: + 8b:16:c4:9d:bb:31:f1:20:56:18:32:eb:26:43:7a:83:71:33: + e6:ab:d2:3d:44:d2:20:2c:39:b7:79:46:59:41:8c:f4:b2:16: + a1:23:2b:cb:67:10:e3:c0:2d:e5:a5:57:8d:a9:86:f3:d6:79: + 54:60:34:d7:48:f4:34:84:a2:55:0a:7c:7c:3e:66:8b:6c:6d: + a1:5a:cf:fd:96:f1:f9:f0:88:f8:f5:66:b1:7d:c4:cb:8a:47: + 7d:d3:d6:fa:3c:34:76:8d:9d:1a:68:bc:d7:cd:2a:eb:99:cf: + d2:f0:bd:44:3e:91:77:45:85:56:a0:80:74:a7:1d:65:a6:d5: + ef:82:95:80:d3:f9:a0:39:e7:34:2d:4e:63:cb:47:f8:05:13: + 34:62:ec:c8 +-----BEGIN CERTIFICATE----- +MIIDiDCCAnCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UFAb8sl +Bdkp0KPH/i/wU61GNhmqsR8/eqLg+wMrd2VqeevzoxYTNIM7Qt6iu+K/2NJ1PUg4 +hrsqfRSjiPd8APQKa2uqm0QkYv7bo0JVFWcqMv+yTYCT0ITvG9x8rFYtVAgC9hhu +tYCod1IfuCwJbcz4HASRYm4e3R2JsvEjC01MbNpJPWGDcg9mNhI/8/9TUnNToco4 +vcNIv3ovExnXwijhbzIAXmSsSwV6d2JXValZg9Xtoy4oNHF5L7nDnt+zKrFZzQQA +HYsRVq7GZ/ZPHVgHZeCwL+9Xbd7BoHxuOKhFJiGW4PbvDijPAXBX3CAVCK3o45h0 +jFQywSgX4N6hiwIDAQABo4HmMIHjMB0GA1UdDgQWBBTuxpplzPvOoD4XAvloEoa2 +IglgtDAfBgNVHSMEGDAWgBRCdUE0xVmfmaObHAxX21zHwUi3kTA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wGQYDVR0lBBIwEAYIKwYBBQUH +AwIGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBAH5lGhvK9ikt+mRDBymUBkBFxYZk +yH49g3gbokEsNTOA8dN3hGx72/FlO3FyhWdeqbORjjlBrrqtOsV/8r7jr4OxPibA +NvTHEiFRLx83GaUDJdklnLEQG1YGHnoIttgE3jwji8si6iRlqIn0YYsWxJ27MfEg +Vhgy6yZDeoNxM+ar0j1E0iAsObd5RllBjPSyFqEjK8tnEOPALeWlV42phvPWeVRg +NNdI9DSEolUKfHw+ZotsbaFaz/2W8fnwiPj1ZrF9xMuKR33T1vo8NHaNnRpovNfN +KuuZz9LwvUQ+kXdFhVaggHSnHWWm1e+ClYDT+aA55zQtTmPLR/gFEzRi7Mg= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:96:66:c7:e7:fd:21:14:ec:df:4a:05:1a:8c: + 22:da:8f:3e:b7:8e:ca:a2:de:d7:e3:08:05:cd:28: + 1c:da:d4:99:ba:ad:de:92:07:44:18:55:e7:b5:41: + 6b:38:64:18:06:ab:6c:b8:ad:3d:b8:4e:c8:fa:8c: + fc:58:2c:2c:a8:42:08:28:b4:85:2a:aa:57:e2:a8: + 76:4a:6e:fe:38:2f:d1:14:c6:52:6f:05:a4:89:54: + c2:0f:f0:93:83:09:b7:55:56:94:7b:57:65:87:09: + dd:61:ea:1a:02:3c:24:a5:cc:2d:d3:7c:0a:dc:2e: + 67:a2:7f:91:ad:b4:76:76:02:ac:7f:85:5f:61:86: + 0c:60:15:a0:82:7f:85:16:f4:10:8d:49:27:e4:33: + 58:75:55:6b:5a:ab:c7:d1:bd:3d:a8:3b:68:1b:b4: + de:68:89:c4:87:fe:87:04:d4:52:f3:8f:fa:2e:44: + 79:c1:62:46:b7:88:4c:bb:75:61:fd:e6:c5:6a:fb: + a8:3b:ef:a7:e6:1a:1e:44:2d:61:a7:4e:63:5e:66: + b8:f7:85:60:74:8b:ea:20:82:84:84:71:f5:1d:c6: + 0c:c2:ee:11:78:01:ae:44:5a:e3:7b:97:2e:01:d0: + 18:91:77:01:23:7f:d2:21:73:f4:f3:9a:94:ad:93: + 2e:a1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 42:75:41:34:C5:59:9F:99:A3:9B:1C:0C:57:DB:5C:C7:C1:48:B7:91 + X509v3 Authority Key Identifier: + keyid:42:75:41:34:C5:59:9F:99:A3:9B:1C:0C:57:DB:5C:C7:C1:48:B7:91 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 47:b6:e9:3a:86:dc:51:de:1f:9c:e4:ce:08:aa:28:ee:50:9e: + 92:7f:f9:ee:0c:44:1e:e8:e3:18:6d:51:db:e5:62:56:af:fd: + ca:37:a2:7c:a7:a9:64:8d:27:52:0c:c5:4a:64:6f:16:30:2a: + c6:63:18:7f:7c:3d:fe:a1:5e:4a:04:87:1b:64:1c:c6:03:89: + d2:a2:3b:e0:bf:f4:a4:b3:93:ef:75:fd:3b:4e:1f:9c:fd:36: + ec:3c:6f:ec:b5:62:21:e0:c4:4b:07:71:34:29:61:20:b9:50: + 6c:fc:b9:a1:74:39:93:10:32:ea:1e:11:5e:20:27:47:7a:6a: + 3d:52:e1:35:85:9d:ca:65:f2:0d:b6:a2:6a:34:af:31:23:a1: + ca:be:cf:dc:ab:36:04:4f:d6:93:9b:c1:3f:fd:dd:34:d4:ca: + 16:84:4b:92:4c:d5:11:4d:c3:ae:11:a7:8d:c0:cf:c8:94:27: + 5b:7f:9d:e0:d8:fa:67:7a:75:ce:a4:e7:d5:d0:c8:fc:ce:31: + 20:ab:7a:3b:59:8f:41:ce:58:7f:70:96:9b:e3:00:3b:ca:9e: + f3:df:66:e1:86:7a:f0:1c:72:6b:96:2a:29:c7:3a:f5:c3:c0: + c4:5f:a6:86:7f:c1:f5:ae:6f:4c:14:3a:b1:15:5e:c9:c8:77: + 52:d1:da:c5 +-----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- +MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMOWZsfn/SEU7N9KBRqM +ItqPPreOyqLe1+MIBc0oHNrUmbqt3pIHRBhV57VBazhkGAarbLitPbhOyPqM/Fgs +LKhCCCi0hSqqV+Kodkpu/jgv0RTGUm8FpIlUwg/wk4MJt1VWlHtXZYcJ3WHqGgI8 +JKXMLdN8CtwuZ6J/ka20dnYCrH+FX2GGDGAVoIJ/hRb0EI1JJ+QzWHVVa1qrx9G9 +Pag7aBu03miJxIf+hwTUUvOP+i5EecFiRreITLt1Yf3mxWr7qDvvp+YaHkQtYadO +Y15muPeFYHSL6iCChIRx9R3GDMLuEXgBrkRa43uXLgHQGJF3ASN/0iFz9POalK2T +LqECAwEAAaOByzCByDAdBgNVHQ4EFgQUQnVBNMVZn5mjmxwMV9tcx8FIt5EwHwYD +VR0jBBgwFoAUQnVBNMVZn5mjmxwMV9tcx8FIt5EwNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBHtuk6htxR +3h+c5M4IqijuUJ6Sf/nuDEQe6OMYbVHb5WJWr/3KN6J8p6lkjSdSDMVKZG8WMCrG +Yxh/fD3+oV5KBIcbZBzGA4nSojvgv/Sks5Pvdf07Th+c/TbsPG/stWIh4MRLB3E0 +KWEguVBs/LmhdDmTEDLqHhFeICdHemo9UuE1hZ3KZfINtqJqNK8xI6HKvs/cqzYE +T9aTm8E//d001MoWhEuSTNURTcOuEaeNwM/IlCdbf53g2PpnenXOpOfV0Mj8zjEg +q3o7WY9Bzlh/cJab4wA7yp7z32bhhnrwHHJrliopxzr1w8DEX6aGf8H1rm9MFDqx +FV7JyHdS0drF +-----END TRUST_ANCHOR_UNCONSTRAINED----- + +150302120000Z +-----BEGIN TIME----- +MTUwMzAyMTIwMDAwWg== +-----END TIME----- + +SUCCESS +-----BEGIN VERIFY_RESULT----- +U1VDQ0VTUw== +-----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/intermediate-signed-with-md5.pem b/chromium/net/data/verify_certificate_chain_unittest/intermediate-signed-with-md5.pem index b1a808aa296..46dbabbdd95 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/intermediate-signed-with-md5.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/intermediate-signed-with-md5.pem @@ -18,30 +18,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:bf:20:16:45:28:21:d2:a5:63:de:24:67:38:92: - 4c:f1:a4:c8:45:30:94:b8:aa:5f:7c:1a:3f:6c:28: - 2f:31:7e:a6:bb:af:45:46:68:a2:f2:5d:a4:94:4b: - 9b:c9:4c:e0:5d:be:ce:34:5e:08:df:a7:50:c0:30: - 94:98:0f:52:ec:ec:91:23:91:bc:24:60:65:9d:b7: - 74:38:7f:9d:d4:20:94:5c:1b:6f:71:82:e1:b5:98: - 95:3c:33:48:7e:6a:c6:e0:59:e6:a2:c5:0b:95:78: - 0e:7e:e3:a8:16:93:0a:43:df:ec:d7:03:c0:f1:60: - 13:45:9d:52:b5:37:66:03:79:78:8f:d6:53:87:7c: - dd:50:8a:16:54:33:bb:62:f2:42:a0:fa:49:c3:c1: - e2:c4:c8:d7:db:49:16:43:c8:69:0e:88:e2:f1:2d: - c6:59:c6:5a:e3:d8:57:e9:a7:10:48:73:c8:c8:f7: - a1:6d:57:25:b3:04:43:05:6a:90:1d:87:36:67:7f: - 3e:97:eb:5b:66:03:3a:10:56:32:1d:04:cc:43:90: - 82:9c:ed:d2:b4:4d:ba:d0:ac:23:26:f9:25:5e:63: - 6c:e1:83:07:2b:ec:38:9a:d1:82:bc:38:a0:64:58: - 19:c2:77:3c:e9:bd:20:d5:45:43:8d:ee:51:ba:98: - 95:65 + 00:c7:dd:eb:5a:f4:88:03:0a:d7:b6:29:95:e0:58: + 03:c6:35:36:b0:9e:e8:09:94:21:ba:07:cf:70:cc: + 52:c7:2c:fd:fe:c0:86:50:b3:0c:7b:46:cf:eb:a3: + bd:5a:29:32:58:81:09:ff:85:f8:b3:77:75:58:61: + 22:f1:59:99:1f:0d:58:dd:ff:f5:a8:51:62:0a:58: + db:20:8e:fd:5a:43:96:8f:cd:8c:98:ca:f4:ef:4c: + f6:1e:48:dc:48:46:60:8c:67:0f:9a:41:2b:6b:72: + e2:ce:11:25:3d:21:99:fa:3f:ca:34:b8:ae:f1:29: + 7a:ce:bc:1c:ce:98:50:d6:70:93:0a:a5:c4:7e:05: + 34:46:f1:ef:36:59:90:62:c2:b8:b9:71:ed:df:c0: + f8:fd:ff:08:fa:db:05:7d:99:35:2a:65:08:e0:a1: + 66:cb:7d:55:bc:72:d8:1f:7d:0c:11:e2:8b:11:51: + 2e:88:b1:d1:72:5f:c5:6b:ac:f0:1e:3f:97:b8:0e: + d4:49:9d:a0:b5:be:23:79:b1:0f:19:90:c6:00:e1: + 62:b4:d5:db:25:8c:11:01:92:9d:17:16:fd:ee:bf: + 37:6a:2a:d9:b4:4d:83:0c:24:2c:f8:28:7f:52:9d: + 6b:b3:ac:b2:2b:86:e8:fe:f8:a5:3a:cc:9d:eb:08: + f0:6f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 7E:D1:A4:40:CE:81:CA:14:BD:C9:25:39:E5:F7:21:B6:24:90:61:1D + 4A:A4:1B:84:D7:FB:A1:F1:FB:D4:71:87:01:11:63:87:06:5D:A6:D1 X509v3 Authority Key Identifier: - keyid:60:72:15:4D:8C:1A:E1:CD:8F:EF:00:AA:9B:37:4C:00:57:29:66:15 + keyid:A6:86:14:22:AB:40:E8:07:5F:13:64:F3:8D:60:DE:30:B4:0B:B3:31 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -56,42 +56,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 6f:98:46:c6:44:e8:ba:f3:06:49:81:74:87:9e:d5:a1:0c:54: - 66:56:88:7d:89:5e:cd:2f:1a:06:af:d8:c7:ed:9e:ad:8c:7a: - b0:3d:eb:93:3a:59:49:89:ba:ec:27:15:0e:08:d0:cd:ff:40: - 57:3f:c2:77:c1:08:cb:5d:4f:40:ec:20:b3:96:9b:43:fa:96: - 00:42:cd:dc:db:27:3e:98:fd:8a:45:80:ef:5c:86:20:12:a5: - 83:b3:74:66:09:57:1c:4d:7e:0e:00:c4:57:dc:86:c0:2b:db: - fb:3a:77:1c:5f:7d:8f:ae:47:16:96:85:48:a7:95:4c:bc:b1: - 18:09:34:c4:78:76:57:46:db:1e:b7:12:16:78:54:ec:2d:eb: - 44:00:54:48:1d:6b:b0:d1:98:a8:58:ab:3d:f2:f2:5b:06:44: - d1:d5:d6:f5:d1:f2:c4:46:93:9a:9b:29:a8:9f:91:3d:e5:16: - d6:d6:ba:55:76:1c:2d:90:76:2f:92:a1:e4:52:a4:f3:f3:2a: - 3c:b3:11:78:f6:9a:ce:17:c3:8f:da:57:fc:a2:02:06:59:9f: - 18:10:ba:45:b4:0d:3d:64:aa:6c:ae:5b:a6:c8:f3:8b:d0:b0: - b6:1b:4a:cc:6c:fe:f9:d6:e4:15:da:28:1b:22:b3:ce:b4:6f: - bf:39:9b:34 + 61:e4:aa:2d:01:8b:0a:7c:52:13:9e:da:f5:76:c4:c1:19:d6: + d2:d9:6a:fb:2d:4a:1a:b9:65:f4:78:9e:e5:a1:c0:f1:ae:2c: + ec:ef:91:91:d4:21:03:77:32:42:73:10:55:d1:da:4a:10:5f: + c3:9f:ff:c0:47:94:22:31:0b:e0:46:7f:7d:e6:49:16:3e:d2: + 2a:15:35:76:be:54:a8:86:09:80:6b:8d:ef:d4:7a:e3:ef:c0: + 29:82:3f:95:61:62:33:b6:d7:94:b7:c0:75:99:64:5f:be:9d: + 53:44:90:87:77:8b:c5:07:6f:a6:ad:bd:21:d0:55:7d:83:6c: + 24:aa:3d:d9:44:85:c7:97:30:2d:3b:c5:c5:6f:ca:95:8c:b8: + 8c:84:bb:53:d1:80:12:99:a2:20:08:0f:4e:98:6c:15:9d:2f: + f1:04:ca:7a:a9:d0:52:21:7d:9f:7d:91:f1:33:e7:5a:9e:c7: + 06:ce:8c:52:62:11:09:85:89:2c:94:78:8f:b3:28:ae:00:f7: + d7:99:da:09:ca:67:3b:6a:ba:e6:60:68:04:b1:14:e7:dc:a8: + dc:c6:98:bb:6d:fc:99:2e:2a:69:01:14:08:cb:db:a9:b6:69: + ed:8e:16:c0:e6:93:91:1d:98:ef:be:51:09:9d:02:11:ce:dd: + 56:6b:23:c7 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/IBZF -KCHSpWPeJGc4kkzxpMhFMJS4ql98Gj9sKC8xfqa7r0VGaKLyXaSUS5vJTOBdvs40 -Xgjfp1DAMJSYD1Ls7JEjkbwkYGWdt3Q4f53UIJRcG29xguG1mJU8M0h+asbgWeai -xQuVeA5+46gWkwpD3+zXA8DxYBNFnVK1N2YDeXiP1lOHfN1QihZUM7ti8kKg+knD -weLEyNfbSRZDyGkOiOLxLcZZxlrj2FfppxBIc8jI96FtVyWzBEMFapAdhzZnfz6X -61tmAzoQVjIdBMxDkIKc7dK0TbrQrCMm+SVeY2zhgwcr7Dia0YK8OKBkWBnCdzzp -vSDVRUON7lG6mJVlAgMBAAGjgekwgeYwHQYDVR0OBBYEFH7RpEDOgcoUvcklOeX3 -IbYkkGEdMB8GA1UdIwQYMBaAFGByFU2MGuHNj+8Aqps3TABXKWYVMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH3eta +9IgDCte2KZXgWAPGNTawnugJlCG6B89wzFLHLP3+wIZQswx7Rs/ro71aKTJYgQn/ +hfizd3VYYSLxWZkfDVjd//WoUWIKWNsgjv1aQ5aPzYyYyvTvTPYeSNxIRmCMZw+a +QStrcuLOESU9IZn6P8o0uK7xKXrOvBzOmFDWcJMKpcR+BTRG8e82WZBiwri5ce3f +wPj9/wj62wV9mTUqZQjgoWbLfVW8ctgffQwR4osRUS6IsdFyX8VrrPAeP5e4DtRJ +naC1viN5sQ8ZkMYA4WK01dsljBEBkp0XFv3uvzdqKtm0TYMMJCz4KH9SnWuzrLIr +huj++KU6zJ3rCPBvAgMBAAGjgekwgeYwHQYDVR0OBBYEFEqkG4TX+6Hx+9RxhwER +Y4cGXabRMB8GA1UdIwQYMBaAFKaGFCKrQOgHXxNk841g3jC0C7MxMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAb5hGxkTouvMGSYF0h57V -oQxUZlaIfYlezS8aBq/Yx+2erYx6sD3rkzpZSYm67CcVDgjQzf9AVz/Cd8EIy11P -QOwgs5abQ/qWAELN3NsnPpj9ikWA71yGIBKlg7N0ZglXHE1+DgDEV9yGwCvb+zp3 -HF99j65HFpaFSKeVTLyxGAk0xHh2V0bbHrcSFnhU7C3rRABUSB1rsNGYqFirPfLy -WwZE0dXW9dHyxEaTmpspqJ+RPeUW1ta6VXYcLZB2L5Kh5FKk8/MqPLMRePaazhfD -j9pX/KICBlmfGBC6RbQNPWSqbK5bpsjzi9CwthtKzGz++dbkFdooGyKzzrRvvzmb -NA== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAYeSqLQGLCnxSE57a9XbE +wRnW0tlq+y1KGrll9Hie5aHA8a4s7O+RkdQhA3cyQnMQVdHaShBfw5//wEeUIjEL +4EZ/feZJFj7SKhU1dr5UqIYJgGuN79R64+/AKYI/lWFiM7bXlLfAdZlkX76dU0SQ +h3eLxQdvpq29IdBVfYNsJKo92USFx5cwLTvFxW/KlYy4jIS7U9GAEpmiIAgPTphs +FZ0v8QTKeqnQUiF9n32R8TPnWp7HBs6MUmIRCYWJLJR4j7MorgD315naCcpnO2q6 +5mBoBLEU59yo3MaYu238mS4qaQEUCMvbqbZp7Y4WwOaTkR2Y775RCZ0CEc7dVmsj +xw== -----END CERTIFICATE----- Certificate: @@ -108,30 +108,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c7:04:ea:a3:74:51:66:9f:f2:6b:5d:9a:3d:96: - bd:5c:b3:9e:9c:df:64:42:c7:85:1e:56:7a:3e:d5: - 3d:c9:f3:17:46:a3:a0:98:f6:80:df:f4:54:ca:e2: - d5:e9:15:b8:3a:19:4e:1e:26:67:00:80:96:d5:bc: - 1e:af:a4:f3:23:de:15:72:89:1f:50:3f:8c:e1:62: - 6d:e1:0d:42:9f:67:76:aa:f5:20:b4:4d:58:fd:3d: - 63:57:bc:9c:23:fa:db:31:0c:09:37:0d:7c:f4:d1: - 06:c4:7f:b1:22:d1:df:05:43:a4:12:94:e2:02:ee: - b7:ae:cd:48:04:00:39:4f:dc:40:f7:62:a7:d9:3e: - 81:9c:5d:98:6f:8d:0f:da:b6:0e:ad:1d:5b:ff:b6: - 50:90:ab:55:c7:2a:db:d8:67:6c:0f:87:68:8a:2a: - 79:24:a7:64:d8:c1:72:15:ff:6e:ca:31:f1:92:42: - 2e:78:a5:ce:2b:07:8a:4b:a0:80:88:14:76:d6:e1: - ad:b2:75:9d:79:9b:d6:c2:cc:ac:74:67:d2:5b:90: - 6f:c4:8f:50:4c:ce:50:89:a4:69:ab:ca:d4:d1:a4: - 47:ae:0d:46:f3:5f:28:91:66:27:02:f0:7a:da:aa: - 80:be:c2:e7:83:89:06:49:de:9d:60:03:a3:fc:11: - e2:2b + 00:eb:61:9e:9d:4b:23:cc:8e:39:d9:ac:07:05:da: + 32:34:de:2a:dd:2f:62:ed:87:ce:7c:59:c4:9d:8e: + 28:76:d1:f2:65:60:91:3f:7b:63:a4:2f:50:c4:da: + 12:5b:71:a0:97:4f:26:cf:e7:b2:01:84:67:57:f5: + 86:36:54:68:0f:28:f0:ea:7b:ca:1e:1a:bc:7e:67: + cf:fd:14:63:ee:c1:33:92:01:70:bc:12:6b:7d:2c: + 8d:02:34:8e:85:1a:e4:f5:99:b6:c8:d5:18:d9:04: + a6:f5:40:fc:96:50:e2:3f:87:a0:d6:72:be:a3:a3: + 45:89:07:74:d0:2e:9c:0d:88:12:02:a3:ef:17:ad: + 2c:2d:71:66:11:89:3f:cf:57:77:28:77:70:bb:0f: + 39:b0:b1:34:9d:e9:f7:a2:56:af:57:7e:ed:44:f8: + be:78:3d:28:c5:0d:37:15:2c:f6:99:4e:05:70:ae: + c5:99:45:a7:3f:bd:83:79:6a:a3:67:ff:71:2d:60: + e2:08:91:23:45:40:b1:40:52:e1:3b:1d:5d:d1:e9: + c2:b0:b1:c4:fb:7c:af:9c:c1:95:f1:a5:23:16:19: + 75:9f:ef:be:b8:79:a7:f4:c5:b2:47:ae:6d:1c:15: + 9c:26:0f:b2:0f:ec:92:8d:5a:79:c9:9e:16:e0:70: + bc:ef Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 60:72:15:4D:8C:1A:E1:CD:8F:EF:00:AA:9B:37:4C:00:57:29:66:15 + A6:86:14:22:AB:40:E8:07:5F:13:64:F3:8D:60:DE:30:B4:0B:B3:31 X509v3 Authority Key Identifier: - keyid:60:B4:95:7F:EA:F1:29:B2:E9:9D:64:83:A9:C8:A3:49:6F:3E:18:53 + keyid:C4:01:16:E5:A0:16:10:29:62:67:7B:D1:22:42:6C:6F:15:2B:AF:96 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -146,41 +146,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: md5WithRSAEncryption - 0b:ea:a8:1e:f0:70:66:9b:e0:48:9a:fa:62:3b:80:b0:9f:41: - e3:60:35:9c:b4:6e:0c:32:17:9d:38:72:b3:de:69:45:69:b1: - 4b:87:2a:e1:68:59:d6:b9:03:c4:88:7e:e0:77:26:3d:c5:ad: - 55:3f:13:bc:13:42:0f:9c:be:f7:70:3e:19:79:96:3b:b8:12: - d6:8a:a2:04:d2:17:ee:bd:78:db:cc:9f:54:87:26:89:61:c9: - f1:3e:8f:2f:19:55:49:05:c0:35:b2:ea:c4:ec:9a:11:d6:88: - f2:4b:ad:68:0a:32:75:42:42:a0:6a:51:cb:0f:63:32:20:4a: - 59:89:e5:f9:61:ee:63:80:e0:71:03:d1:58:ea:d6:31:24:11: - ef:03:44:02:76:86:67:99:a5:71:18:a8:4e:be:fe:78:63:20: - 67:b1:5a:1d:52:2a:48:fb:8a:ee:99:af:8f:57:37:43:67:1c: - 54:00:d0:50:8c:ce:18:e0:ef:7b:cc:e1:13:d1:cc:3f:ea:3c: - ce:cf:07:fc:6e:4a:09:b1:1c:54:70:a4:21:47:5d:70:7d:b4: - 04:3e:30:50:1d:86:2a:a6:67:3f:bd:b0:cb:57:e0:26:81:45: - c0:9a:86:8c:e6:ab:d0:87:9a:05:ee:2c:c5:eb:c6:c7:c0:94: - 68:4a:48:20 + 0b:7f:8b:bd:5f:fd:d1:b5:85:b4:09:59:6c:06:df:85:e0:ee: + e1:e0:01:b7:fb:d0:6c:e7:53:9b:1e:d4:0e:fd:7a:4f:94:60: + f3:fa:ae:7e:ec:bd:c6:25:24:ea:0b:89:fd:fe:4c:6b:ee:48: + 1e:24:d0:61:6a:7a:0a:4e:1d:9e:60:d0:4a:dd:83:a2:bb:c8: + c1:37:55:53:13:c0:30:ba:56:53:d7:43:8b:64:48:94:94:3f: + f7:90:8e:c6:6b:3b:08:b2:04:aa:54:d8:54:4a:a1:5c:7e:35: + 94:ef:ec:66:78:53:67:5d:75:3c:1f:8a:ac:ad:d2:8c:8c:d8: + 97:22:94:50:92:8f:d2:00:33:ad:49:e9:bd:79:2f:b4:75:ae: + a4:d8:df:6b:7a:b4:5f:a1:86:d7:2b:c5:5d:32:28:5e:b3:58: + f6:2a:5c:14:0f:29:e9:60:77:cf:db:be:46:69:2c:80:4f:ff: + aa:54:11:06:72:c5:56:1e:85:8b:8e:57:3f:03:51:78:6a:3e: + e7:4f:3a:4f:ee:d4:23:c2:36:78:96:d3:4a:c5:d8:45:e0:4f: + 8f:98:cd:68:b7:6b:05:10:7d:9c:31:9d:b9:9c:18:de:f7:6f: + 2a:62:28:8d:07:f9:d7:ce:e7:9b:40:28:f5:36:51:ef:22:09: + e2:85:86:5f -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQQFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwTqo3RR -Zp/ya12aPZa9XLOenN9kQseFHlZ6PtU9yfMXRqOgmPaA3/RUyuLV6RW4OhlOHiZn -AICW1bwer6TzI94VcokfUD+M4WJt4Q1Cn2d2qvUgtE1Y/T1jV7ycI/rbMQwJNw18 -9NEGxH+xItHfBUOkEpTiAu63rs1IBAA5T9xA92Kn2T6BnF2Yb40P2rYOrR1b/7ZQ -kKtVxyrb2GdsD4doiip5JKdk2MFyFf9uyjHxkkIueKXOKweKS6CAiBR21uGtsnWd -eZvWwsysdGfSW5BvxI9QTM5QiaRpq8rU0aRHrg1G818okWYnAvB62qqAvsLng4kG -Sd6dYAOj/BHiKwIDAQABo4HLMIHIMB0GA1UdDgQWBBRgchVNjBrhzY/vAKqbN0wA -VylmFTAfBgNVHSMEGDAWgBRgtJV/6vEpsumdZIOpyKNJbz4YUzA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA62GenUsj +zI452awHBdoyNN4q3S9i7YfOfFnEnY4odtHyZWCRP3tjpC9QxNoSW3Ggl08mz+ey +AYRnV/WGNlRoDyjw6nvKHhq8fmfP/RRj7sEzkgFwvBJrfSyNAjSOhRrk9Zm2yNUY +2QSm9UD8llDiP4eg1nK+o6NFiQd00C6cDYgSAqPvF60sLXFmEYk/z1d3KHdwuw85 +sLE0nen3olavV37tRPi+eD0oxQ03FSz2mU4FcK7FmUWnP72DeWqjZ/9xLWDiCJEj +RUCxQFLhOx1d0enCsLHE+3yvnMGV8aUjFhl1n+++uHmn9MWyR65tHBWcJg+yD+yS +jVp5yZ4W4HC87wIDAQABo4HLMIHIMB0GA1UdDgQWBBSmhhQiq0DoB18TZPONYN4w +tAuzMTAfBgNVHSMEGDAWgBTEARbloBYQKWJne9EiQmxvFSuvljA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADggEB -AAvqqB7wcGab4Eia+mI7gLCfQeNgNZy0bgwyF504crPeaUVpsUuHKuFoWda5A8SI -fuB3Jj3FrVU/E7wTQg+cvvdwPhl5lju4EtaKogTSF+69eNvMn1SHJolhyfE+jy8Z -VUkFwDWy6sTsmhHWiPJLrWgKMnVCQqBqUcsPYzIgSlmJ5flh7mOA4HED0Vjq1jEk -Ee8DRAJ2hmeZpXEYqE6+/nhjIGexWh1SKkj7iu6Zr49XN0NnHFQA0FCMzhjg73vM -4RPRzD/qPM7PB/xuSgmxHFRwpCFHXXB9tAQ+MFAdhiqmZz+9sMtX4CaBRcCahozm -q9CHmgXuLMXrxsfAlGhKSCA= +AAt/i71f/dG1hbQJWWwG34Xg7uHgAbf70GznU5se1A79ek+UYPP6rn7svcYlJOoL +if3+TGvuSB4k0GFqegpOHZ5g0Erdg6K7yME3VVMTwDC6VlPXQ4tkSJSUP/eQjsZr +OwiyBKpU2FRKoVx+NZTv7GZ4U2dddTwfiqyt0oyM2JcilFCSj9IAM61J6b15L7R1 +rqTY32t6tF+hhtcrxV0yKF6zWPYqXBQPKelgd8/bvkZpLIBP/6pUEQZyxVYehYuO +Vz8DUXhqPudPOk/u1CPCNniW00rF2EXgT4+YzWi3awUQfZwxnbmcGN73bypiKI0H ++dfO55tAKPU2Ue8iCeKFhl8= -----END CERTIFICATE----- Certificate: @@ -197,30 +197,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:d3:ee:d0:8d:92:7d:ce:5f:4e:f2:0c:55:4d:bd: - 2f:b3:ff:6a:ab:2c:28:5e:c6:bd:49:ae:80:f0:e6: - 2c:30:e8:0a:e7:2b:3f:d7:1e:a8:6d:f1:c4:46:0e: - f5:1d:3c:e1:05:5d:a9:91:69:57:43:22:33:bc:c1: - 18:6e:b1:48:1f:13:64:18:03:c1:63:14:97:21:5a: - 65:49:52:6a:57:9d:ad:7b:f6:06:6e:f0:af:a0:6d: - 2c:6d:53:9a:ad:82:56:2a:95:e1:a7:5a:a3:b4:77: - c7:d7:97:39:73:c8:de:a8:19:09:ba:69:69:01:25: - e6:68:e3:d0:5a:84:5d:3e:f0:8a:3b:c6:31:26:34: - 38:ed:8d:40:80:0f:5f:84:d7:e5:4f:24:ca:ff:c1: - 48:f5:74:3a:b3:1e:9f:b5:ef:bb:24:cb:91:f3:81: - 47:bd:80:eb:ef:dd:45:39:fd:d2:c3:be:3e:ba:e6: - 5b:09:e0:88:98:27:91:e5:9a:5b:88:d6:5e:17:7f: - 08:e2:2d:f4:3c:3f:08:54:7b:10:53:f4:7d:ef:67: - 04:6f:d6:74:08:d1:b9:03:2d:89:5d:ca:cf:de:3d: - d0:e5:e2:e5:2a:7f:21:29:23:7e:b2:75:d9:ea:5c: - 73:45:7e:33:83:b6:62:5e:01:3b:dd:11:99:c7:c5: - 7b:65 + 00:cc:b2:cd:77:8f:be:c9:a5:17:ad:e5:ac:2d:b2: + c0:1f:33:5e:ed:d9:96:57:14:9b:a4:37:d8:a0:3d: + e4:2c:56:95:4d:75:68:4f:77:06:24:e0:0f:e9:b6: + de:6f:dd:a7:f6:93:dc:f3:48:10:fa:fb:90:b5:43: + 42:0b:9d:d7:e9:0c:2c:69:7b:3a:4f:73:31:00:0c: + ba:15:cc:dd:77:a6:a9:f9:21:b8:97:aa:b7:a4:99: + 6c:08:a0:8e:9f:b8:29:47:df:db:b9:b0:39:e5:4f: + be:47:2f:93:76:5b:6b:02:fe:ec:66:31:c2:de:8e: + 0a:67:89:a4:70:cb:32:40:db:63:00:57:40:b4:8e: + b8:24:e4:de:33:62:24:7a:e5:b2:18:41:54:f7:98: + d9:f5:c8:23:1e:88:5a:a6:1c:7e:92:0f:92:56:49: + 0e:5a:dc:49:4b:d1:f8:1b:73:b0:31:6f:37:7e:cf: + 91:f4:40:e6:8b:36:11:fb:0f:79:ea:d2:80:f5:8e: + c1:24:d2:fe:2f:c1:58:6d:32:2e:04:64:b2:20:d2: + cd:a1:79:8b:08:25:8f:1e:89:fe:43:3f:bf:de:49: + f2:fa:bb:d7:52:6e:19:8f:4c:b6:6e:4f:59:48:63: + e2:c9:55:0f:58:89:93:85:e0:58:ee:80:16:5f:c4: + 77:b9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 60:B4:95:7F:EA:F1:29:B2:E9:9D:64:83:A9:C8:A3:49:6F:3E:18:53 + C4:01:16:E5:A0:16:10:29:62:67:7B:D1:22:42:6C:6F:15:2B:AF:96 X509v3 Authority Key Identifier: - keyid:60:B4:95:7F:EA:F1:29:B2:E9:9D:64:83:A9:C8:A3:49:6F:3E:18:53 + keyid:C4:01:16:E5:A0:16:10:29:62:67:7B:D1:22:42:6C:6F:15:2B:AF:96 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -235,41 +235,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 49:67:dc:58:22:e3:ee:0a:e8:1a:3d:38:1a:13:dd:d7:e0:45: - 67:69:b1:44:49:e2:96:15:86:94:8b:d4:fb:8a:94:d5:22:39: - 20:48:97:d2:09:a7:16:4b:40:f3:3c:37:3e:e8:81:28:08:cf: - 4a:2c:3e:79:d0:0d:90:4d:63:a5:63:ce:24:75:03:41:7f:79: - 17:3f:4d:df:60:98:a5:a3:c1:39:14:4b:7e:b7:0d:8a:9f:d6: - a4:0b:0c:34:c9:fe:3b:c0:89:9e:5e:27:3d:d8:3d:d5:28:46: - e4:b9:f5:28:39:b4:cf:1a:ea:fd:d3:14:bd:8b:87:78:35:80: - a1:bb:4e:59:cc:2a:f7:f7:40:bc:b7:75:cc:35:f5:3d:95:bb: - 32:7a:0c:9d:67:c7:ff:b0:da:e6:05:e6:12:d5:1e:19:3c:69: - 5d:d8:08:5e:bc:fe:df:ab:36:a4:70:3f:2c:6c:1c:8e:e3:f1: - 0b:b3:22:e4:5b:fd:86:23:7a:bd:9b:b9:56:08:e3:a2:6d:2b: - e3:cb:42:93:6f:c8:5f:57:bd:66:41:51:8a:5d:4b:7e:0f:36: - 82:61:8e:e0:4e:2c:9a:7a:45:e3:21:1c:b8:86:cf:a0:35:1b: - bf:55:36:86:05:1c:df:b0:e2:85:3b:a4:c7:7c:69:f9:56:b3: - 20:28:e4:c2 + 89:b9:02:5b:9d:73:16:b4:7d:26:28:5b:41:fc:7e:1b:81:64: + e4:ad:bf:07:7d:20:44:d7:0e:61:31:88:74:31:2f:ce:b6:f0: + d5:79:27:70:35:20:33:66:31:20:ff:b8:42:ed:74:22:b6:08: + 8c:63:5a:6c:bf:5e:19:51:54:5c:ec:39:da:75:d2:27:a6:b3: + cf:98:c0:c7:08:cb:ab:40:34:a1:88:9b:ce:c3:54:85:52:a2: + 07:b9:9b:b8:88:cb:9b:05:c4:e1:68:a3:31:f1:04:56:eb:9c: + 55:0a:c9:7e:ad:aa:a0:7f:a0:20:9b:89:7e:1c:38:5d:2e:f4: + d0:8c:61:a0:dc:d0:58:70:d2:e2:01:86:d7:d9:98:2a:bd:e4: + 51:02:64:82:4d:ff:21:48:8f:70:29:41:87:58:da:f9:6b:09: + b5:80:4b:aa:16:9c:a8:46:13:a5:f8:cb:b9:80:3b:8f:ff:8b: + c6:3c:29:13:3b:ed:74:37:4d:77:4f:2b:60:98:d2:ce:fb:b2: + 86:4a:28:d5:98:36:7e:d1:a9:ae:7c:97:35:86:f5:58:e4:26: + ca:29:be:61:a9:52:a3:18:91:35:31:74:bf:18:91:f8:6b:d0: + f0:23:9d:78:37:b4:21:69:ff:e2:b1:65:16:b1:60:f7:16:74: + be:a7:42:a4 -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANPu0I2Sfc5fTvIMVU29 -L7P/aqssKF7GvUmugPDmLDDoCucrP9ceqG3xxEYO9R084QVdqZFpV0MiM7zBGG6x -SB8TZBgDwWMUlyFaZUlSaledrXv2Bm7wr6BtLG1Tmq2CViqV4adao7R3x9eXOXPI -3qgZCbppaQEl5mjj0FqEXT7wijvGMSY0OO2NQIAPX4TX5U8kyv/BSPV0OrMen7Xv -uyTLkfOBR72A6+/dRTn90sO+PrrmWwngiJgnkeWaW4jWXhd/COIt9Dw/CFR7EFP0 -fe9nBG/WdAjRuQMtiV3Kz9490OXi5Sp/ISkjfrJ12epcc0V+M4O2Yl4BO90RmcfF -e2UCAwEAAaOByzCByDAdBgNVHQ4EFgQUYLSVf+rxKbLpnWSDqcijSW8+GFMwHwYD -VR0jBBgwFoAUYLSVf+rxKbLpnWSDqcijSW8+GFMwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMyyzXePvsmlF63lrC2y +wB8zXu3ZllcUm6Q32KA95CxWlU11aE93BiTgD+m23m/dp/aT3PNIEPr7kLVDQgud +1+kMLGl7Ok9zMQAMuhXM3XemqfkhuJeqt6SZbAigjp+4KUff27mwOeVPvkcvk3Zb +awL+7GYxwt6OCmeJpHDLMkDbYwBXQLSOuCTk3jNiJHrlshhBVPeY2fXIIx6IWqYc +fpIPklZJDlrcSUvR+BtzsDFvN37PkfRA5os2EfsPeerSgPWOwSTS/i/BWG0yLgRk +siDSzaF5iwgljx6J/kM/v95J8vq711JuGY9Mtm5PWUhj4slVD1iJk4XgWO6AFl/E +d7kCAwEAAaOByzCByDAdBgNVHQ4EFgQUxAEW5aAWECliZ3vRIkJsbxUrr5YwHwYD +VR0jBBgwFoAUxAEW5aAWECliZ3vRIkJsbxUrr5YwNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBJZ9xYIuPu -CugaPTgaE93X4EVnabFESeKWFYaUi9T7ipTVIjkgSJfSCacWS0DzPDc+6IEoCM9K -LD550A2QTWOlY84kdQNBf3kXP03fYJilo8E5FEt+tw2Kn9akCww0yf47wImeXic9 -2D3VKEbkufUoObTPGur90xS9i4d4NYChu05ZzCr390C8t3XMNfU9lbsyegydZ8f/ -sNrmBeYS1R4ZPGld2AhevP7fqzakcD8sbByO4/ELsyLkW/2GI3q9m7lWCOOibSvj -y0KTb8hfV71mQVGKXUt+DzaCYY7gTiyaekXjIRy4hs+gNRu/VTaGBRzfsOKFO6TH -fGn5VrMgKOTC +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCJuQJbnXMW +tH0mKFtB/H4bgWTkrb8HfSBE1w5hMYh0MS/OtvDVeSdwNSAzZjEg/7hC7XQitgiM +Y1psv14ZUVRc7DnaddInprPPmMDHCMurQDShiJvOw1SFUqIHuZu4iMubBcThaKMx +8QRW65xVCsl+raqgf6Agm4l+HDhdLvTQjGGg3NBYcNLiAYbX2ZgqveRRAmSCTf8h +SI9wKUGHWNr5awm1gEuqFpyoRhOl+Mu5gDuP/4vGPCkTO+10N013TytgmNLO+7KG +SijVmDZ+0amufJc1hvVY5CbKKb5hqVKjGJE1MXS/GJH4a9DwI514N7Qhaf/isWUW +sWD3FnS+p0Kk -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -282,11 +282,16 @@ FAIL RkFJTA== -----END VERIFY_RESULT----- -[Context] Processing Certificate - index: 0 - [Error] Unacceptable signature algorithm - [Error] VerifySignedData failed +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Unacceptable signature algorithm +ERROR: VerifySignedData failed + -----BEGIN ERRORS----- -W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMAogICAgICBbRXJyb3JdIFVuYWNjZXB0YWJsZSBzaWduYXR1cmUgYWxnb3JpdGhtCiAgICAgIFtFcnJvcl0gVmVyaWZ5U2lnbmVkRGF0YSBmYWlsZWQK +LS0tLS0gQ2VydGlmaWNhdGUgaT0xIChDTj1JbnRlcm1lZGlhdGUpIC0tLS0tCkVSUk9SOiBVbmFjY2VwdGFibGUgc2lnbmF0dXJlIGFsZ29yaXRobQpFUlJPUjogVmVyaWZ5U2lnbmVkRGF0YSBmYWlsZWQKCg== -----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/intermediate-unknown-critical-extension.pem b/chromium/net/data/verify_certificate_chain_unittest/intermediate-unknown-critical-extension.pem index 3d65c7e2f6a..c53ac2a7a3d 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/intermediate-unknown-critical-extension.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/intermediate-unknown-critical-extension.pem @@ -19,30 +19,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c7:8a:82:ba:91:ca:1e:03:94:8f:9d:68:98:8b: - 95:3b:c1:e3:d1:5b:82:45:bf:72:24:cb:6f:de:91: - 2e:e3:49:ba:31:7b:57:db:90:36:32:e6:b4:41:8f: - 38:89:c6:6b:82:60:dc:98:e7:4b:06:55:41:db:9c: - a8:e0:97:15:5a:3c:06:ac:37:89:f5:9b:65:b6:93: - a7:2e:45:f3:b3:15:59:a7:6d:64:d5:cb:93:da:46: - b1:97:8a:79:f6:48:4b:4c:18:d6:38:cf:55:5b:6b: - 78:c2:f5:f0:37:54:67:8d:90:43:81:ec:15:1e:e7: - 75:55:57:7e:6a:74:71:73:6d:b4:d5:37:b5:28:40: - 2e:6f:a6:64:b8:77:fd:2c:6c:25:2c:27:cf:db:fa: - b4:c9:39:c2:d1:1e:e2:a1:73:bb:ec:81:dc:c3:ec: - d0:a0:08:1e:81:53:88:51:d2:83:d2:ba:33:3f:79: - 1e:2a:6f:80:7b:21:d8:bb:80:93:68:ea:f4:a9:d5: - 88:b8:ac:0b:ff:90:bd:cc:8a:6b:e7:e5:27:47:d9: - a0:68:5d:38:3c:b0:a3:4a:ae:5a:d9:a6:f8:51:61: - 28:fb:21:5c:01:aa:72:76:60:f6:e0:88:a1:44:b5: - fa:85:27:45:67:0f:c6:b1:11:00:81:23:3c:aa:a1: - 58:65 + 00:e4:56:5a:78:c6:79:63:15:7a:a6:5b:ac:09:02: + 26:d7:10:40:e3:ea:55:dc:1c:86:37:cd:9a:0c:7d: + 6c:5a:1f:d0:58:25:72:48:c5:7f:ae:7c:eb:9c:a6: + e8:45:7c:f5:00:36:16:a9:00:f9:8e:8a:df:70:2c: + bb:30:6c:74:6a:c7:30:69:a5:2c:1d:77:3f:b0:fa: + 89:e0:cb:07:39:ac:08:59:aa:4c:63:cc:62:fa:a9: + 8c:19:27:61:2d:0d:97:98:ad:50:b8:b9:e2:5a:21: + c1:70:cd:e7:2a:ad:6a:68:1f:52:bc:8c:80:f5:51: + a6:f1:3f:47:c7:50:81:27:e5:15:37:48:4f:4b:c3: + 1b:e9:01:b9:97:56:8b:b9:56:38:62:d0:c5:ca:52: + 21:6b:2d:42:03:7a:d9:83:d3:cd:57:b4:8c:ca:a5: + 91:bf:3f:e2:26:df:85:e6:6c:2c:80:56:26:21:95: + be:cf:a4:85:cf:5e:e4:18:05:e7:68:99:91:67:6d: + e3:16:92:c9:df:9f:89:3f:ae:ee:ee:a8:43:69:f6: + 6b:92:5d:72:6b:bd:53:1c:4e:25:23:4f:ee:5a:ab: + 3f:ba:01:42:94:02:db:cb:59:93:bb:b9:2a:ea:ad: + 5a:17:26:84:67:99:05:98:f0:b1:3c:e0:a4:2b:17: + ea:19 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 94:30:C8:2B:C4:EC:EB:81:5B:D2:2B:62:ED:34:29:BB:3C:40:FD:4B + F7:35:7C:CD:CE:17:42:80:4E:A2:57:94:36:6B:2A:70:19:25:20:CD X509v3 Authority Key Identifier: - keyid:C8:5D:13:08:EB:15:BB:7B:35:8E:74:DF:D3:C3:55:51:78:E1:4A:D3 + keyid:B7:0A:76:64:C2:EB:6F:75:8D:EE:42:82:82:B5:AE:9C:7B:B8:23:29 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -57,42 +57,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - ca:46:c4:08:c9:4e:1b:3f:96:fd:d7:9c:89:d6:ea:7f:76:53: - ac:03:55:eb:9a:d5:86:f8:66:cd:39:54:f0:7b:d1:74:62:83: - c7:58:46:b1:ad:da:b7:fd:03:94:3b:b8:a5:4a:01:45:53:2c: - c6:ae:55:52:08:78:de:66:49:a0:40:eb:7d:43:03:00:46:03: - 1d:6d:c5:83:57:f6:92:a5:c6:04:76:f1:de:bf:ec:90:8b:3b: - 99:70:80:41:10:93:07:2c:eb:cd:5b:b5:e6:12:76:41:db:81: - ab:f5:6a:a5:e4:67:45:39:fa:14:bf:0d:e7:e4:a9:f3:9a:57: - 4c:20:4e:68:fd:1a:35:00:66:b7:c6:fd:2f:14:db:7b:28:3a: - 59:31:5a:9d:96:d1:2e:27:d1:7a:c3:eb:b4:28:f1:e2:9a:d1: - 1d:be:6b:9d:81:4e:4c:7f:5d:fe:5f:20:8f:bb:f0:85:ee:bb: - 2d:66:40:bb:ec:40:c1:51:4f:f9:1d:24:4e:64:ad:64:1c:e5: - 68:3f:cb:b2:6c:c5:82:c9:e7:5d:7d:73:8d:ec:d9:b7:af:06: - 71:53:92:dd:aa:23:28:38:f0:06:d6:64:cb:f5:ac:f2:4c:e2: - 5a:55:c3:a6:d7:7e:32:21:19:54:c4:aa:cd:21:60:fd:b7:45: - 81:a1:53:ae + 41:e1:50:8d:1b:12:5f:32:0f:7f:d5:d5:f4:31:df:9d:51:f3: + 6e:96:49:51:b5:83:7e:e7:1e:d8:48:c2:60:0f:f1:59:bf:fa: + 8e:ab:12:59:20:2f:ad:41:7e:3b:01:6a:f8:b9:d3:c5:82:12: + 7c:a2:1e:b2:18:83:10:8b:75:d0:47:3b:51:20:6f:50:cf:fa: + 2b:b5:38:84:94:48:fa:51:01:1b:12:af:1e:53:a1:51:09:94: + ec:d6:7f:57:ec:27:13:73:79:db:fc:77:83:e5:bb:5c:6e:39: + a2:7f:dc:9a:ae:8c:b9:ee:bb:28:3a:bf:25:43:65:4e:2c:34: + cc:70:94:1f:25:3a:7a:6f:de:04:e0:eb:bf:e4:3f:0d:ca:d9: + 97:1f:bd:11:3a:8b:e2:b7:24:19:5a:66:3c:41:65:17:cd:4b: + d9:0e:76:2c:69:68:69:37:d1:17:08:36:0b:b5:c5:cd:df:79: + 37:7d:f8:bd:b4:21:b5:57:cb:b4:22:9f:b0:8a:cb:78:e7:e4: + 94:82:8f:bf:03:86:33:95:90:84:47:29:88:5a:ed:ca:8d:08: + 0f:6a:85:77:40:c1:f6:e5:7f:bd:3d:59:8c:e4:9d:6b:d7:f3: + 7e:47:04:9c:7c:36:37:38:40:7a:5b:48:55:07:27:76:b8:68: + 57:1c:e8:18 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHioK6 -kcoeA5SPnWiYi5U7wePRW4JFv3Iky2/ekS7jSboxe1fbkDYy5rRBjziJxmuCYNyY -50sGVUHbnKjglxVaPAasN4n1m2W2k6cuRfOzFVmnbWTVy5PaRrGXinn2SEtMGNY4 -z1Vba3jC9fA3VGeNkEOB7BUe53VVV35qdHFzbbTVN7UoQC5vpmS4d/0sbCUsJ8/b -+rTJOcLRHuKhc7vsgdzD7NCgCB6BU4hR0oPSujM/eR4qb4B7Idi7gJNo6vSp1Yi4 -rAv/kL3Mimvn5SdH2aBoXTg8sKNKrlrZpvhRYSj7IVwBqnJ2YPbgiKFEtfqFJ0Vn -D8axEQCBIzyqoVhlAgMBAAGjgekwgeYwHQYDVR0OBBYEFJQwyCvE7OuBW9IrYu00 -Kbs8QP1LMB8GA1UdIwQYMBaAFMhdEwjrFbt7NY5039PDVVF44UrTMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkVlp4 +xnljFXqmW6wJAibXEEDj6lXcHIY3zZoMfWxaH9BYJXJIxX+ufOucpuhFfPUANhap +APmOit9wLLswbHRqxzBppSwddz+w+ongywc5rAhZqkxjzGL6qYwZJ2EtDZeYrVC4 +ueJaIcFwzecqrWpoH1K8jID1UabxP0fHUIEn5RU3SE9LwxvpAbmXVou5Vjhi0MXK +UiFrLUIDetmD081XtIzKpZG/P+Im34XmbCyAViYhlb7PpIXPXuQYBedomZFnbeMW +ksnfn4k/ru7uqENp9muSXXJrvVMcTiUjT+5aqz+6AUKUAtvLWZO7uSrqrVoXJoRn +mQWY8LE84KQrF+oZAgMBAAGjgekwgeYwHQYDVR0OBBYEFPc1fM3OF0KATqJXlDZr +KnAZJSDNMB8GA1UdIwQYMBaAFLcKdmTC6291je5CgoK1rpx7uCMpMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAykbECMlOGz+W/decidbq -f3ZTrANV65rVhvhmzTlU8HvRdGKDx1hGsa3at/0DlDu4pUoBRVMsxq5VUgh43mZJ -oEDrfUMDAEYDHW3Fg1f2kqXGBHbx3r/skIs7mXCAQRCTByzrzVu15hJ2QduBq/Vq -peRnRTn6FL8N5+Sp85pXTCBOaP0aNQBmt8b9LxTbeyg6WTFanZbRLifResPrtCjx -4prRHb5rnYFOTH9d/l8gj7vwhe67LWZAu+xAwVFP+R0kTmStZBzlaD/LsmzFgsnn -XX1zjezZt68GcVOS3aojKDjwBtZky/Ws8kziWlXDptd+MiEZVMSqzSFg/bdFgaFT -rg== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAQeFQjRsSXzIPf9XV9DHf +nVHzbpZJUbWDfuce2EjCYA/xWb/6jqsSWSAvrUF+OwFq+LnTxYISfKIeshiDEIt1 +0Ec7USBvUM/6K7U4hJRI+lEBGxKvHlOhUQmU7NZ/V+wnE3N52/x3g+W7XG45on/c +mq6Mue67KDq/JUNlTiw0zHCUHyU6em/eBODrv+Q/DcrZlx+9ETqL4rckGVpmPEFl +F81L2Q52LGloaTfRFwg2C7XFzd95N334vbQhtVfLtCKfsIrLeOfklIKPvwOGM5WQ +hEcpiFrtyo0ID2qFd0DB9uV/vT1ZjOSda9fzfkcEnHw2NzhAeltIVQcndrhoVxzo +GA== -----END CERTIFICATE----- Certificate: @@ -109,30 +109,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:da:1c:0d:74:40:2d:01:10:9c:e0:0c:aa:01:c7: - ed:a4:03:b5:a0:b0:1d:c0:70:70:9a:76:6d:5d:4d: - 16:ed:39:87:76:43:e1:c1:3f:b9:f8:20:63:40:02: - d4:0f:f4:f5:4a:97:eb:46:ad:8c:29:cb:45:a7:33: - 16:b0:10:b3:bc:f6:9e:fb:e6:61:d5:7d:43:ce:27: - 43:ae:4f:b1:d1:47:6b:13:e5:20:66:09:b9:10:83: - a3:d4:40:6d:cc:fb:cb:28:1e:6e:bc:75:46:7b:9d: - f9:b4:5f:c9:43:24:d6:d7:c1:a8:6b:d6:52:1e:6d: - 9d:89:d6:41:eb:9f:db:32:e3:05:21:b1:b7:77:78: - e1:d4:f9:95:c5:84:63:91:88:ce:31:66:2c:51:89: - f3:a4:a3:0d:11:b2:a2:45:fd:59:1b:09:a9:bc:48: - 38:0d:25:c7:dd:c9:6a:15:5f:c5:5f:60:5e:c0:28: - 5d:19:ff:51:17:86:ea:b5:56:f6:1e:cc:ee:80:93: - f2:82:7b:2f:fa:96:1f:4b:15:b0:34:23:81:bb:b9: - a4:83:1a:2f:e0:6d:ee:48:96:4d:f1:7b:09:3e:1f: - 43:c6:76:8f:56:fd:1e:5f:21:6f:6f:49:b0:94:fa: - c9:be:76:61:f6:f8:51:72:40:99:d5:f2:f6:09:f7: - d9:8b + 00:af:53:c1:dc:ae:32:12:ba:12:d0:12:d6:5e:18: + 4a:ca:26:ef:e5:b8:b4:b0:9e:f0:6f:99:7d:d7:f5: + c5:2c:e3:3a:d0:61:35:51:a0:ea:eb:76:02:27:9a: + 7e:19:b7:3f:9c:09:ee:e9:5d:60:64:82:19:94:74: + a2:b6:04:6b:ba:dd:51:c2:33:6c:9a:b9:eb:91:b9: + 3a:07:6d:9e:36:3e:17:b7:38:27:1e:11:1e:06:35: + 50:4c:02:11:48:17:28:87:14:0f:d7:28:65:4f:12: + 80:da:4f:74:36:63:de:50:97:2e:68:dc:82:bb:f1: + c0:6a:60:34:1f:86:2d:61:13:0e:39:9e:14:d8:ba: + df:55:8d:bb:7b:38:77:85:d8:37:52:97:20:c2:12: + 01:f0:e1:40:25:70:76:f4:89:5f:50:15:77:f9:74: + e9:53:e0:31:b8:e0:a7:f1:22:72:76:b1:07:13:b5: + e9:a8:f5:bf:29:0f:1f:95:bd:a1:79:74:56:7e:ba: + 28:18:aa:20:8a:af:7b:ae:cc:cd:55:b2:8b:b4:f3: + 5e:f2:bf:2e:09:9b:6a:b8:26:bf:79:58:c4:ca:2f: + fa:e0:28:7d:f7:85:71:c3:c2:03:b0:47:b9:11:d5: + 4f:dc:5c:31:78:06:0b:06:09:bc:ae:95:0d:ee:71: + 02:23 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - C8:5D:13:08:EB:15:BB:7B:35:8E:74:DF:D3:C3:55:51:78:E1:4A:D3 + B7:0A:76:64:C2:EB:6F:75:8D:EE:42:82:82:B5:AE:9C:7B:B8:23:29 X509v3 Authority Key Identifier: - keyid:3F:B3:AA:13:E1:86:96:B3:E3:8D:20:EC:BE:70:71:D0:1B:F8:67:9A + keyid:79:19:7C:D6:62:7D:B4:D8:E8:6E:7C:D3:E9:C7:2F:3D:F2:B2:40:A3 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -149,41 +149,41 @@ Certificate: 1.2.3.4: critical .... Signature Algorithm: sha256WithRSAEncryption - dc:d2:aa:62:74:fa:cf:eb:4f:b3:cd:aa:a9:52:b0:fe:7a:0d: - 96:e4:07:8f:b6:d4:6d:ad:33:a6:4e:ad:2f:a5:ff:83:a0:75: - d1:ed:fc:c0:80:a6:73:73:49:6d:0d:3f:84:b5:d4:cf:07:74: - 3e:aa:bf:38:59:e4:fa:b6:d2:45:07:b3:a6:0b:b0:43:47:03: - 7e:45:c1:7b:f1:84:10:c3:0b:d7:2f:c9:be:ff:96:da:1b:4b: - cb:fa:05:ca:22:d2:e4:f0:f7:32:91:4f:95:05:6c:5d:be:6c: - 64:7b:cb:6d:a1:a9:d0:9c:5b:1d:3a:bd:4a:50:69:e2:06:fa: - 89:2b:3b:2e:12:f6:3f:d7:79:f1:36:ec:e3:6c:12:67:b2:a3: - b0:89:16:8c:2c:02:04:0d:89:e1:ca:69:d0:86:7e:fd:14:9d: - c8:ef:06:42:fc:46:b9:88:25:e2:b5:b7:8a:6b:ab:d6:1f:ec: - d1:12:b3:28:cd:9e:9f:56:8d:7c:49:6c:06:96:93:66:25:43: - b0:76:b0:9a:59:f8:9c:35:29:8c:db:a7:74:d7:ac:e7:99:ea: - 11:34:0b:6f:cf:bb:5e:28:2a:ab:9a:13:83:44:d7:01:3c:61: - c8:10:dd:0d:ef:66:3d:be:ee:72:70:d3:27:a2:b0:f7:f1:bc: - 50:e1:ac:3e + 8d:9d:d7:0d:67:cb:88:b6:bd:0b:f4:bf:3c:10:2c:e7:4c:6b: + 93:71:de:cd:15:8f:cf:30:0a:6a:ef:8e:78:b3:54:b5:1e:3d: + 4e:4c:13:69:09:5d:7e:40:5d:7a:52:6a:72:b3:9b:2d:0b:30: + 45:95:28:9a:45:21:b5:d0:97:4a:ee:cb:5e:cb:84:f0:6b:b0: + 83:1a:10:64:63:41:49:44:93:7c:81:4f:9e:12:76:07:73:89: + 3d:e9:e8:87:09:1d:76:f1:8c:31:76:23:df:80:00:95:63:e4: + 97:b3:c6:01:24:ff:1c:fe:3e:58:43:6c:69:0f:86:bc:cb:c4: + a2:df:18:a5:c9:07:c1:7f:1d:6a:1b:04:35:a9:f1:91:f5:a8: + fc:08:87:53:20:62:c3:91:a1:15:d4:b0:bc:66:48:2f:1d:5f: + 54:09:06:af:df:b9:a6:f6:9e:2a:99:f9:73:40:9d:88:21:18: + 79:0d:04:f6:87:9c:1d:32:a1:4e:a2:41:8b:51:ce:f0:f9:59: + fd:68:63:31:f0:ce:d4:4c:53:d4:6e:1c:2f:4e:3b:3d:d2:35: + 16:ef:65:c7:2f:6c:e6:65:ca:f8:f5:71:b5:0d:7f:08:84:e2: + 09:5f:fe:2d:45:6d:cc:f5:db:7f:25:1e:ff:ce:8a:96:fd:60: + 72:85:f0:0f -----BEGIN CERTIFICATE----- MIIDfTCCAmWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hwNdEAt -ARCc4AyqAcftpAO1oLAdwHBwmnZtXU0W7TmHdkPhwT+5+CBjQALUD/T1SpfrRq2M -KctFpzMWsBCzvPae++Zh1X1DzidDrk+x0UdrE+UgZgm5EIOj1EBtzPvLKB5uvHVG -e535tF/JQyTW18Goa9ZSHm2didZB65/bMuMFIbG3d3jh1PmVxYRjkYjOMWYsUYnz -pKMNEbKiRf1ZGwmpvEg4DSXH3clqFV/FX2BewChdGf9RF4bqtVb2HszugJPygnsv -+pYfSxWwNCOBu7mkgxov4G3uSJZN8XsJPh9DxnaPVv0eXyFvb0mwlPrJvnZh9vhR -ckCZ1fL2CffZiwIDAQABo4HbMIHYMB0GA1UdDgQWBBTIXRMI6xW7ezWOdN/Tw1VR -eOFK0zAfBgNVHSMEGDAWgBQ/s6oT4YaWs+ONIOy+cHHQG/hnmjA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1PB3K4y +EroS0BLWXhhKyibv5bi0sJ7wb5l91/XFLOM60GE1UaDq63YCJ5p+Gbc/nAnu6V1g +ZIIZlHSitgRrut1RwjNsmrnrkbk6B22eNj4XtzgnHhEeBjVQTAIRSBcohxQP1yhl +TxKA2k90NmPeUJcuaNyCu/HAamA0H4YtYRMOOZ4U2LrfVY27ezh3hdg3UpcgwhIB +8OFAJXB29IlfUBV3+XTpU+AxuOCn8SJydrEHE7XpqPW/KQ8flb2heXRWfrooGKog +iq97rszNVbKLtPNe8r8uCZtquCa/eVjEyi/64Ch994Vxw8IDsEe5EdVP3FwxeAYL +Bgm8rpUN7nECIwIDAQABo4HbMIHYMB0GA1UdDgQWBBS3CnZkwutvdY3uQoKCta6c +e7gjKTAfBgNVHSMEGDAWgBR5GXzWYn202OhufNPpxy898rJAozA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDgYDKgMEAQH/BAQBAgMEMA0G -CSqGSIb3DQEBCwUAA4IBAQDc0qpidPrP60+zzaqpUrD+eg2W5AePttRtrTOmTq0v -pf+DoHXR7fzAgKZzc0ltDT+EtdTPB3Q+qr84WeT6ttJFB7OmC7BDRwN+RcF78YQQ -wwvXL8m+/5baG0vL+gXKItLk8PcykU+VBWxdvmxke8ttoanQnFsdOr1KUGniBvqJ -KzsuEvY/13nxNuzjbBJnsqOwiRaMLAIEDYnhymnQhn79FJ3I7wZC/Ea5iCXitbeK -a6vWH+zRErMozZ6fVo18SWwGlpNmJUOwdrCaWficNSmM26d016znmeoRNAtvz7te -KCqrmhODRNcBPGHIEN0N72Y9vu5ycNMnorD38bxQ4aw+ +CSqGSIb3DQEBCwUAA4IBAQCNndcNZ8uItr0L9L88ECznTGuTcd7NFY/PMApq7454 +s1S1Hj1OTBNpCV1+QF16Umpys5stCzBFlSiaRSG10JdK7stey4Twa7CDGhBkY0FJ +RJN8gU+eEnYHc4k96eiHCR128YwxdiPfgACVY+SXs8YBJP8c/j5YQ2xpD4a8y8Si +3xilyQfBfx1qGwQ1qfGR9aj8CIdTIGLDkaEV1LC8ZkgvHV9UCQav37mm9p4qmflz +QJ2IIRh5DQT2h5wdMqFOokGLUc7w+Vn9aGMx8M7UTFPUbhwvTjs90jUW72XHL2zm +Zcr49XG1DX8IhOIJX/4tRW3M9dt/JR7/zoqW/WByhfAP -----END CERTIFICATE----- Certificate: @@ -200,30 +200,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:e7:de:8d:6f:81:af:35:2d:99:eb:62:b4:41:d8: - dd:55:5f:5a:12:02:46:8f:41:14:fe:f5:b0:32:ab: - fa:96:2a:e2:ba:e6:3a:1d:89:80:8f:20:6a:40:4a: - 5f:97:d3:5d:7f:e8:eb:26:f1:f9:1b:a2:a7:cd:54: - c0:d9:64:77:dc:ba:90:a4:b7:86:3f:8c:72:c2:ad: - 96:6c:f0:c0:30:d8:e0:71:f5:ff:f3:8c:18:34:3a: - 07:b2:79:32:92:91:d4:51:95:c4:bb:62:78:2e:30: - f8:b5:f1:91:26:9a:28:07:27:cc:57:d5:a2:1c:e9: - 20:ac:fa:3d:db:3b:70:81:17:3d:4b:54:a8:fe:2f: - 18:f7:7f:de:cb:4f:ec:70:c8:fa:a9:ed:64:41:36: - c2:74:a7:dd:e6:27:2b:af:79:ce:76:86:57:3a:2c: - d9:52:b8:bf:87:de:f1:5e:80:81:70:10:78:e7:89: - 0a:d1:14:74:f4:f0:93:cf:89:68:66:8f:d4:2a:8a: - c8:ff:96:fb:f6:cc:ee:dd:a6:62:f0:73:43:a6:29: - 7a:51:7e:63:e1:8f:d9:83:10:23:ed:1b:d4:26:2d: - 40:62:c5:ed:c5:af:4f:d9:9b:87:5b:3a:7e:2c:43: - 59:e3:f4:91:2f:ab:d0:04:a3:5e:da:ac:b0:c1:e2: - 15:99 + 00:d4:ae:26:50:c5:ac:e1:7e:b7:9d:20:24:3c:b5: + 5d:00:3e:9e:20:03:93:41:ed:70:e7:cc:a7:8f:67: + 48:1c:79:41:b4:e1:e3:7c:e6:35:31:74:43:61:cc: + 7a:2d:15:b3:1c:fe:a1:75:1e:82:6e:39:30:10:39: + 7c:c2:a3:84:ea:99:b6:9e:3f:ce:41:46:9f:43:03: + d0:8a:0a:b4:fb:e7:ec:05:b7:73:1f:c5:06:85:0d: + 13:41:d5:f8:3b:b8:f0:65:2e:93:88:9f:c1:f8:81: + dc:c7:38:50:cb:fe:c6:cb:dd:6d:39:c4:4e:40:9a: + 64:4f:a7:72:fc:98:cd:b9:4b:32:99:0e:0f:33:2e: + b6:2e:80:f2:e4:51:bb:14:e4:67:43:54:2f:a8:1e: + c3:4b:4f:4c:dd:4a:df:84:1e:e9:e7:50:bf:83:2e: + a6:38:a6:c9:d8:60:98:94:b6:5c:4b:1e:80:c4:39: + 32:11:5e:ae:4d:c4:ac:10:be:cd:fe:a3:9c:38:2e: + 55:be:0f:92:cb:06:87:d0:a3:d4:f8:a2:e7:ca:05: + c0:41:91:a4:b9:93:da:fd:38:3f:ce:c2:45:2b:06: + da:d4:91:53:e8:8e:c2:c3:39:c1:c6:dd:ff:41:fa: + 94:66:c3:c9:ee:6a:e2:91:ac:ad:42:5e:7a:d4:8a: + 43:9f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 3F:B3:AA:13:E1:86:96:B3:E3:8D:20:EC:BE:70:71:D0:1B:F8:67:9A + 79:19:7C:D6:62:7D:B4:D8:E8:6E:7C:D3:E9:C7:2F:3D:F2:B2:40:A3 X509v3 Authority Key Identifier: - keyid:3F:B3:AA:13:E1:86:96:B3:E3:8D:20:EC:BE:70:71:D0:1B:F8:67:9A + keyid:79:19:7C:D6:62:7D:B4:D8:E8:6E:7C:D3:E9:C7:2F:3D:F2:B2:40:A3 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -238,41 +238,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 84:9a:7d:63:f9:44:d8:2c:4e:b0:24:86:af:0c:ba:0e:29:33: - 67:68:7d:a2:1d:46:99:b0:fb:9d:65:69:da:f8:46:67:d9:c4: - 30:72:eb:57:79:4a:e8:2d:7b:57:d4:c2:18:13:19:d1:36:8c: - 45:9f:49:1e:a6:83:c5:41:41:fd:29:ac:a0:12:c7:0f:6e:a6: - 45:70:64:c3:9d:b0:22:2e:ed:c0:8d:6c:68:c0:94:d9:ba:e0: - 2f:5a:1c:29:ed:d0:d6:ec:0e:bb:41:ce:1e:e3:93:c4:85:80: - aa:a1:67:31:76:80:24:a4:70:ec:f3:6e:a3:63:8c:71:fd:38: - 65:1f:56:e9:75:74:15:3c:69:f3:e3:d3:9d:9a:9c:7d:f6:00: - 71:98:61:68:13:7c:23:79:e1:84:68:a6:3d:ce:19:1c:0a:62: - 48:d9:f9:4c:92:ff:b7:5b:e8:1d:e4:66:00:50:4d:38:c8:3a: - e3:e1:8e:ae:aa:32:30:65:78:25:b3:d0:eb:4f:de:ab:9d:51: - 40:7e:6f:d4:15:87:cf:41:7d:be:3d:32:45:a2:f1:a8:7c:11: - 97:90:a4:ea:d8:aa:c2:b7:08:34:a3:62:23:4b:a5:e3:9e:4d: - 90:7f:d7:4c:dc:4f:c8:ac:b2:b6:de:42:fd:05:98:f6:33:90: - 54:c3:6a:3f + 61:d4:f8:35:7a:0a:20:22:4f:45:99:27:f5:e9:d8:2a:0c:ae: + df:86:e5:39:ab:c3:f5:00:e2:70:2c:c7:93:e6:56:ae:f8:d0: + 84:4d:f6:0a:1d:5f:f8:c2:4b:40:f1:78:1a:e6:ef:07:a9:b2: + 2c:8b:d3:fc:15:89:9a:eb:5c:a2:be:07:32:c5:1f:cc:1f:16: + 47:03:5c:6a:11:b0:2d:15:ba:08:62:c2:df:6b:32:85:28:35: + 79:a7:99:bf:b0:41:50:cc:53:c4:dc:09:b6:af:fd:d6:b8:a6: + 5e:9f:60:69:1b:ae:fd:46:2f:c8:5a:86:23:8f:5e:3d:fa:38: + 03:24:5f:89:27:58:88:5f:00:15:18:9a:25:ce:22:97:31:17: + 82:34:c3:10:32:81:5c:5c:41:1c:6f:c7:3a:37:f2:60:dd:70: + 55:e0:b9:17:cc:dc:3b:3c:a7:c9:01:3d:9b:6a:01:67:9c:89: + bf:a8:46:df:df:c3:7c:c1:83:8d:44:e1:f6:c9:91:3d:36:f4: + b8:44:fe:e2:13:7b:9b:46:b4:2e:2a:79:18:28:88:de:d6:24: + d6:8e:46:64:65:46:d4:2b:52:28:67:41:37:8e:ce:20:f9:8a: + fa:cc:fc:c6:df:06:7c:bd:c7:fc:ab:24:31:03:94:e0:b2:4b: + a5:66:40:1d -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOfejW+BrzUtmetitEHY -3VVfWhICRo9BFP71sDKr+pYq4rrmOh2JgI8gakBKX5fTXX/o6ybx+Ruip81UwNlk -d9y6kKS3hj+McsKtlmzwwDDY4HH1//OMGDQ6B7J5MpKR1FGVxLtieC4w+LXxkSaa -KAcnzFfVohzpIKz6Pds7cIEXPUtUqP4vGPd/3stP7HDI+qntZEE2wnSn3eYnK695 -znaGVzos2VK4v4fe8V6AgXAQeOeJCtEUdPTwk8+JaGaP1CqKyP+W+/bM7t2mYvBz -Q6YpelF+Y+GP2YMQI+0b1CYtQGLF7cWvT9mbh1s6fixDWeP0kS+r0ASjXtqssMHi -FZkCAwEAAaOByzCByDAdBgNVHQ4EFgQUP7OqE+GGlrPjjSDsvnBx0Bv4Z5owHwYD -VR0jBBgwFoAUP7OqE+GGlrPjjSDsvnBx0Bv4Z5owNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANSuJlDFrOF+t50gJDy1 +XQA+niADk0HtcOfMp49nSBx5QbTh43zmNTF0Q2HMei0Vsxz+oXUegm45MBA5fMKj +hOqZtp4/zkFGn0MD0IoKtPvn7AW3cx/FBoUNE0HV+Du48GUuk4ifwfiB3Mc4UMv+ +xsvdbTnETkCaZE+ncvyYzblLMpkODzMuti6A8uRRuxTkZ0NUL6gew0tPTN1K34Qe +6edQv4MupjimydhgmJS2XEsegMQ5MhFerk3ErBC+zf6jnDguVb4PkssGh9Cj1Pii +58oFwEGRpLmT2v04P87CRSsG2tSRU+iOwsM5wcbd/0H6lGbDye5q4pGsrUJeetSK +Q58CAwEAAaOByzCByDAdBgNVHQ4EFgQUeRl81mJ9tNjobnzT6ccvPfKyQKMwHwYD +VR0jBBgwFoAUeRl81mJ9tNjobnzT6ccvPfKyQKMwNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCEmn1j+UTY -LE6wJIavDLoOKTNnaH2iHUaZsPudZWna+EZn2cQwcutXeUroLXtX1MIYExnRNoxF -n0kepoPFQUH9KaygEscPbqZFcGTDnbAiLu3AjWxowJTZuuAvWhwp7dDW7A67Qc4e -45PEhYCqoWcxdoAkpHDs826jY4xx/ThlH1bpdXQVPGnz49Odmpx99gBxmGFoE3wj -eeGEaKY9zhkcCmJI2flMkv+3W+gd5GYAUE04yDrj4Y6uqjIwZXgls9DrT96rnVFA -fm/UFYfPQX2+PTJFovGofBGXkKTq2KrCtwg0o2IjS6Xjnk2Qf9dM3E/IrLK23kL9 -BZj2M5BUw2o/ +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBh1Pg1egog +Ik9FmSf16dgqDK7fhuU5q8P1AOJwLMeT5lau+NCETfYKHV/4wktA8Xga5u8HqbIs +i9P8FYma61yivgcyxR/MHxZHA1xqEbAtFboIYsLfazKFKDV5p5m/sEFQzFPE3Am2 +r/3WuKZen2BpG679Ri/IWoYjj149+jgDJF+JJ1iIXwAVGJolziKXMReCNMMQMoFc +XEEcb8c6N/Jg3XBV4LkXzNw7PKfJAT2bagFnnIm/qEbf38N8wYONROH2yZE9NvS4 +RP7iE3ubRrQuKnkYKIje1iTWjkZkZUbUK1IoZ0E3js4g+Yr6zPzG3wZ8vcf8qyQx +A5TgskulZkAd -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -285,12 +285,17 @@ FAIL RkFJTA== -----END VERIFY_RESULT----- -[Context] Processing Certificate - index: 0 - [Error] Unconsumed critical extension - oid: 2A0304 - value: 01020304 +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=1 (CN=Intermediate) ----- +ERROR: Unconsumed critical extension + oid: 2A0304 + value: 01020304 + -----BEGIN ERRORS----- -W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMAogICAgICBbRXJyb3JdIFVuY29uc3VtZWQgY3JpdGljYWwgZXh0ZW5zaW9uCiAgICAgICAgb2lkOiAyQTAzMDQKICAgICAgICB2YWx1ZTogMDEwMjAzMDQK +LS0tLS0gQ2VydGlmaWNhdGUgaT0xIChDTj1JbnRlcm1lZGlhdGUpIC0tLS0tCkVSUk9SOiBVbmNvbnN1bWVkIGNyaXRpY2FsIGV4dGVuc2lvbgogIG9pZDogMkEwMzA0CiAgdmFsdWU6IDAxMDIwMzA0Cgo= -----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension.pem b/chromium/net/data/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension.pem index 7c4e66447a3..18d55a5a418 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/intermediate-unknown-non-critical-extension.pem @@ -19,30 +19,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b6:04:af:e9:58:68:65:f6:6e:cd:e3:fe:93:35: - d3:c0:06:53:75:df:15:59:23:d3:fd:42:8c:36:a1: - df:6b:35:3f:7d:63:57:e4:17:d9:2a:63:77:7f:d6: - f5:b0:85:00:70:ab:f9:5e:f3:00:4d:0f:5e:28:b8: - 56:7b:15:f1:4e:eb:32:e0:bf:e4:83:2b:49:ff:ac: - 3e:09:38:40:75:73:11:ee:0c:8c:d9:e6:c6:d2:44: - ce:99:74:78:8b:90:19:b5:32:75:45:ba:e0:76:55: - 5f:c9:44:27:e2:91:8e:9a:21:aa:3d:be:e7:cf:1e: - af:08:4b:b0:cc:03:b8:c6:2b:92:ae:d6:1e:61:fa: - 18:4e:b5:98:cc:0b:55:16:77:4c:9c:26:99:0f:3b: - 91:22:87:19:36:b9:4f:72:c9:40:bb:d0:2b:8e:d7: - c3:1b:eb:2e:e4:82:a8:0e:7d:45:a1:c7:6a:e9:db: - d2:f7:30:9b:ad:4f:a7:04:17:2b:78:85:15:1a:8f: - f1:77:6c:51:c0:a8:fc:53:70:f0:32:8c:86:09:8b: - 00:9c:3f:32:ff:cc:86:4f:4c:32:6a:f9:53:5d:36: - f9:55:34:8c:e4:0e:56:af:bf:f6:92:25:8a:4e:d5: - 66:53:66:7b:b0:16:08:04:d2:56:de:c6:b0:75:2c: - b5:d5 + 00:c1:45:b7:c7:2a:57:db:f0:c6:44:38:af:69:b5: + 8a:33:9c:bf:ba:bf:19:8f:a4:96:5f:61:74:0c:3c: + 95:c0:24:0a:a9:55:c9:3b:a3:1c:93:b3:d8:d8:40: + 92:4f:c9:c0:9c:51:41:bb:ee:eb:ef:83:4b:d2:a5: + 2f:da:74:90:bc:45:3a:62:7b:5a:e2:0e:9e:b3:83: + c2:8e:67:02:a2:4f:4b:8a:5b:33:19:16:3e:0f:f6: + 01:f6:b6:c2:6c:17:8f:63:d2:91:3e:6a:2d:08:c8: + 7c:51:f8:24:2f:dc:f7:74:24:0e:b6:9b:85:c8:2b: + 82:81:0f:04:5f:d6:53:1e:53:2f:7e:1c:16:fc:3a: + 77:f3:7f:51:1a:16:e0:7a:a4:05:89:d3:4a:9d:91: + 03:db:a5:6d:6e:60:cb:f9:40:53:0f:5d:f8:b4:70: + 23:5a:c7:ff:bf:45:1c:f1:21:8c:4a:9b:11:f7:8c: + df:9f:8a:94:be:2b:16:f1:9b:07:90:0d:ff:28:1c: + 0e:4c:21:36:4e:18:86:50:2d:24:c0:d3:ce:f5:66: + a2:96:28:01:56:ba:97:d9:f9:fe:c6:0c:af:2f:34: + c3:b7:e1:b3:8a:85:3d:52:ef:fc:61:10:97:17:35: + 95:fb:c8:e2:ae:49:1f:b4:8a:a7:70:76:b7:c7:df: + 6b:71 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - A7:25:2F:78:CA:01:CA:68:1D:8F:FF:93:D6:FA:FA:A3:9C:BB:C8:0E + 49:9D:A7:97:77:91:95:74:7C:01:DC:46:BB:A1:09:4F:19:65:53:D1 X509v3 Authority Key Identifier: - keyid:D5:16:02:7F:4F:D3:7F:21:1A:9D:CC:55:09:30:CF:EF:6C:08:1F:53 + keyid:07:F3:ED:92:2A:F7:2C:67:60:A8:EF:86:B2:9B:CC:97:5C:FA:CF:5A Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -57,42 +57,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 6a:e8:e9:eb:26:54:d4:51:72:d0:4d:a3:7c:e4:5e:8d:bd:c7: - 5e:0a:ab:46:a0:88:20:15:68:56:3f:43:0d:13:60:30:eb:65: - 86:45:5b:0d:8b:c4:b0:7f:2f:18:fe:27:a7:6e:4b:10:99:05: - 25:f8:4b:9a:80:a3:36:f6:35:5e:0a:dc:0a:81:3c:fc:be:32: - 71:fc:ed:8c:d9:77:ce:25:3c:74:af:b7:ad:50:ee:dc:fe:35: - 91:15:cc:79:91:f0:48:74:68:8b:a0:e2:70:95:df:1d:b3:e5: - c5:48:bc:9c:c3:4c:95:50:94:8d:3c:42:9a:13:e3:03:b3:df: - 43:32:bf:0f:cd:50:d9:2c:52:1c:30:9e:5f:30:02:69:66:bc: - e5:92:63:43:ca:62:e8:d2:ae:dd:2a:e1:ac:ce:00:f0:d7:54: - 81:6b:b8:1f:b1:0e:e7:57:2b:71:17:50:4b:fb:e4:f0:37:2a: - da:37:e2:80:4a:87:9b:d6:d5:6d:6b:b4:af:4b:43:c9:08:9d: - 57:f1:98:3c:2a:b6:58:7d:a8:83:d3:f0:b1:df:c5:bd:8b:0c: - a8:48:91:0c:c8:eb:29:f8:54:70:b0:49:b7:f4:e3:80:cc:2e: - 37:23:23:f4:49:21:8d:22:12:8c:3e:24:a2:11:66:15:cd:68: - 96:19:3b:5f + 38:a6:e1:64:87:86:9f:16:1d:a7:04:47:da:aa:a9:f3:c3:ea: + 48:26:f2:1c:0c:d5:eb:91:cf:fd:e0:f4:4e:26:59:42:92:62: + 22:37:08:e3:8a:12:de:e5:b4:0b:9a:7d:4d:09:d3:52:a4:d9: + e4:f2:18:a9:9b:37:ff:3b:4c:1f:23:ff:4a:ae:1f:d5:88:5b: + f5:9f:3d:5c:d1:dc:c4:36:3b:ec:8a:59:df:8f:98:9a:13:68: + 01:8e:5e:92:a8:6a:7f:99:96:6c:b3:22:1c:45:c0:b5:b3:7a: + 27:2b:13:be:6d:e2:28:6d:40:a8:b8:1d:e6:16:ba:81:01:dc: + a2:7f:c7:eb:f6:e7:47:23:f0:6b:c5:5d:9e:48:ed:e6:65:4c: + 41:0f:fc:ad:4f:5d:a5:f5:f7:69:80:ca:af:a0:b3:c1:7a:db: + ef:5a:f3:a3:61:f6:21:04:24:58:81:87:98:41:b9:a7:5d:59: + 4f:e8:89:89:ca:b0:df:67:4d:8a:66:bd:53:9b:06:19:22:8a: + 91:fd:df:21:44:67:27:5a:df:75:04:d8:ef:ee:d3:2f:42:8a: + 53:36:ea:67:ca:b0:cf:03:f6:6b:b1:1a:49:c1:56:fc:1c:f6: + 89:23:b5:d9:c4:2f:29:71:f1:5b:81:39:3a:8a:4f:34:23:86: + 78:f8:b5:35 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2BK/p -WGhl9m7N4/6TNdPABlN13xVZI9P9Qow2od9rNT99Y1fkF9kqY3d/1vWwhQBwq/le -8wBND14ouFZ7FfFO6zLgv+SDK0n/rD4JOEB1cxHuDIzZ5sbSRM6ZdHiLkBm1MnVF -uuB2VV/JRCfikY6aIao9vufPHq8IS7DMA7jGK5Ku1h5h+hhOtZjMC1UWd0ycJpkP -O5Eihxk2uU9yyUC70CuO18Mb6y7kgqgOfUWhx2rp29L3MJutT6cEFyt4hRUaj/F3 -bFHAqPxTcPAyjIYJiwCcPzL/zIZPTDJq+VNdNvlVNIzkDlavv/aSJYpO1WZTZnuw -FggE0lbexrB1LLXVAgMBAAGjgekwgeYwHQYDVR0OBBYEFKclL3jKAcpoHY//k9b6 -+qOcu8gOMB8GA1UdIwQYMBaAFNUWAn9P038hGp3MVQkwz+9sCB9TMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBRbfH +Klfb8MZEOK9ptYoznL+6vxmPpJZfYXQMPJXAJAqpVck7oxyTs9jYQJJPycCcUUG7 +7uvvg0vSpS/adJC8RTpie1riDp6zg8KOZwKiT0uKWzMZFj4P9gH2tsJsF49j0pE+ +ai0IyHxR+CQv3Pd0JA62m4XIK4KBDwRf1lMeUy9+HBb8Onfzf1EaFuB6pAWJ00qd +kQPbpW1uYMv5QFMPXfi0cCNax/+/RRzxIYxKmxH3jN+fipS+KxbxmweQDf8oHA5M +ITZOGIZQLSTA0871ZqKWKAFWupfZ+f7GDK8vNMO34bOKhT1S7/xhEJcXNZX7yOKu +SR+0iqdwdrfH32txAgMBAAGjgekwgeYwHQYDVR0OBBYEFEmdp5d3kZV0fAHcRruh +CU8ZZVPRMB8GA1UdIwQYMBaAFAfz7ZIq9yxnYKjvhrKbzJdc+s9aMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAaujp6yZU1FFy0E2jfORe -jb3HXgqrRqCIIBVoVj9DDRNgMOtlhkVbDYvEsH8vGP4np25LEJkFJfhLmoCjNvY1 -XgrcCoE8/L4ycfztjNl3ziU8dK+3rVDu3P41kRXMeZHwSHRoi6DicJXfHbPlxUi8 -nMNMlVCUjTxCmhPjA7PfQzK/D81Q2SxSHDCeXzACaWa85ZJjQ8pi6NKu3SrhrM4A -8NdUgWu4H7EO51crcRdQS/vk8Dcq2jfigEqHm9bVbWu0r0tDyQidV/GYPCq2WH2o -g9Pwsd/FvYsMqEiRDMjrKfhUcLBJt/TjgMwuNyMj9EkhjSISjD4kohFmFc1olhk7 -Xw== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAOKbhZIeGnxYdpwRH2qqp +88PqSCbyHAzV65HP/eD0TiZZQpJiIjcI44oS3uW0C5p9TQnTUqTZ5PIYqZs3/ztM +HyP/Sq4f1Yhb9Z89XNHcxDY77IpZ34+YmhNoAY5ekqhqf5mWbLMiHEXAtbN6JysT +vm3iKG1AqLgd5ha6gQHcon/H6/bnRyPwa8Vdnkjt5mVMQQ/8rU9dpfX3aYDKr6Cz +wXrb71rzo2H2IQQkWIGHmEG5p11ZT+iJicqw32dNima9U5sGGSKKkf3fIURnJ1rf +dQTY7+7TL0KKUzbqZ8qwzwP2a7EaScFW/Bz2iSO12cQvKXHxW4E5OopPNCOGePi1 +NQ== -----END CERTIFICATE----- Certificate: @@ -109,30 +109,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:94:b0:d4:b6:63:20:79:6f:d7:5f:3e:0a:32:b1: - 79:0a:be:db:d4:86:23:8d:f8:17:0d:3e:b8:49:ed: - d3:6a:39:db:e4:16:6b:f6:c9:03:d6:0f:60:a0:ae: - 6c:86:18:2d:50:06:70:48:5f:9b:14:17:4d:2b:d5: - e4:e9:8c:19:0b:78:19:0e:d9:82:39:8f:92:f8:bc: - 7f:cc:7a:6e:06:7c:75:e3:7e:7e:24:71:7e:19:ba: - 64:2f:7b:60:e5:ab:c0:1a:9a:44:9d:a4:db:eb:d5: - 5b:69:31:ab:9f:86:9c:ec:90:2f:c2:29:ea:19:15: - fb:85:50:89:71:67:28:70:46:f7:e4:1e:6d:e6:81: - 49:15:7e:e9:2e:9f:14:d6:f9:02:c9:91:8f:d1:a9: - 65:8a:cc:29:57:7b:e5:a8:08:db:19:a6:27:2f:89: - 4b:e1:ca:3e:1e:c4:f6:65:4f:b0:26:c4:29:13:44: - 3f:6c:49:ba:b7:99:2c:70:0c:54:7b:c2:9a:06:ce: - 95:51:62:16:a3:0c:9e:2c:34:d0:04:65:32:41:d7: - db:6e:38:e9:12:8c:91:a5:0d:fe:b2:c6:b7:74:f4: - 23:65:d9:ae:88:af:0f:12:6a:28:f0:7b:db:2b:e4: - 6d:1b:74:de:93:e9:f6:72:f1:1c:28:8f:8a:32:37: - a2:65 + 00:c9:47:61:13:ce:5c:97:1f:40:92:f1:86:de:28: + e0:4e:e8:70:01:3a:19:75:23:4f:bd:7b:ec:b6:45: + 5f:aa:5e:2c:58:bd:ed:17:3c:ad:fc:74:4e:97:48: + 71:a3:ce:04:90:0f:cf:78:62:89:58:18:66:c5:b7: + c9:a2:80:48:57:ee:64:a8:17:90:8c:e1:51:6d:a3: + 79:21:d0:67:9f:82:ba:89:70:6e:54:32:67:e2:f5: + d7:8c:de:f8:6f:21:86:26:11:89:e7:7a:52:ab:25: + a4:e9:53:0d:01:58:04:a1:8e:ce:93:52:36:33:82: + 17:6f:4c:cd:5c:9b:ee:42:96:2f:5c:ef:e4:c1:8b: + db:78:ad:af:e3:9f:b6:1c:be:f1:1d:36:9b:63:92: + 37:be:ea:27:49:b7:7b:89:73:93:2c:b2:cb:bb:74: + d4:a6:c2:fe:08:ae:e8:bc:e3:40:a7:4d:97:db:14: + 26:6b:c8:02:d3:95:4a:9b:7b:12:69:d3:3f:e9:88: + 07:d7:49:26:6f:87:85:aa:0f:be:88:3c:a7:f0:9f: + 7f:21:f0:96:35:26:71:f1:f9:33:3f:f8:c8:92:64: + c1:7a:6a:6b:52:a8:54:dc:88:5c:75:93:81:7f:4f: + cc:c5:cf:51:4b:87:ff:4e:3c:e2:76:08:2d:fc:4d: + cf:0f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - D5:16:02:7F:4F:D3:7F:21:1A:9D:CC:55:09:30:CF:EF:6C:08:1F:53 + 07:F3:ED:92:2A:F7:2C:67:60:A8:EF:86:B2:9B:CC:97:5C:FA:CF:5A X509v3 Authority Key Identifier: - keyid:99:38:AC:DE:DD:17:19:E4:9D:92:02:FD:01:4D:40:C5:2C:4E:B7:4A + keyid:5E:73:41:09:27:46:17:12:6B:62:FF:2E:78:20:DE:7A:59:ED:29:84 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -149,41 +149,41 @@ Certificate: 1.2.3.4: .... Signature Algorithm: sha256WithRSAEncryption - 0b:1e:08:36:25:d9:1b:97:a3:07:63:ca:17:a1:df:42:14:a5: - 6d:75:63:a8:ba:b5:94:b1:59:0b:5c:18:a7:e2:8f:a7:8b:40: - f0:0f:cf:4d:8d:87:a0:77:44:b3:0a:b6:b2:a2:aa:25:0e:a5: - cf:4b:6b:77:6e:e1:e2:06:19:0d:97:d9:a9:95:72:26:24:07: - e5:cd:8c:c8:e1:c5:1f:6c:8e:42:dd:93:da:4c:6e:07:e5:6e: - b2:e0:e6:c2:04:1d:1f:e0:4f:f0:5d:00:63:2c:ea:35:e3:dc: - c3:14:6d:8f:86:23:ab:a8:d1:29:81:98:1e:b7:fb:34:4c:65: - 18:27:fa:f5:5e:54:e6:3e:1e:b9:24:4c:86:cd:94:81:8d:60: - 49:d7:a7:a7:de:a5:4d:30:32:88:0a:95:a9:36:01:51:20:1e: - 2f:e2:1f:b8:fb:fb:14:77:9a:37:c3:96:21:e5:8b:96:a9:a0: - 97:24:b8:1c:f5:dd:a2:1b:bb:04:c4:f3:b0:22:56:38:cc:20: - e1:5b:51:90:7c:14:5c:5e:ce:df:b1:a9:57:a2:3b:d6:0f:56: - 3b:96:94:7e:c5:c7:a8:6e:eb:77:fe:50:1e:21:c8:0b:c2:3f: - 6f:48:d0:dd:d4:f5:29:39:3f:e1:a7:bd:c8:ba:35:d3:28:72: - 92:d4:e6:33 + 41:01:a7:f2:bb:ba:fa:3d:28:60:6f:c4:09:1f:0e:21:6c:72: + 90:ef:0b:f8:03:b4:00:92:1d:ef:40:04:50:db:0b:06:06:db: + 01:51:70:6e:b4:67:cd:1f:ac:6f:fd:ab:78:f0:97:82:69:c6: + 77:22:78:f7:b5:e1:a2:f8:5d:ca:56:1a:88:e6:13:5c:97:14: + 13:b3:16:c8:60:b4:f3:dd:5d:7c:f5:a3:44:50:23:45:4a:e1: + 0e:d5:5e:7e:16:3d:d9:92:09:d2:9d:80:3a:8c:3c:1b:20:1f: + a2:5b:ab:f3:e9:22:f5:92:b3:a8:4f:b8:91:4f:50:cf:d7:f0: + f7:df:1f:6b:a5:fb:71:28:48:9f:e6:ba:46:36:8e:3c:f2:d2: + 16:7b:5d:2b:9e:ec:49:b7:1b:1c:6d:c1:76:95:d7:e7:cd:fa: + 05:01:00:ba:84:04:e9:44:f1:8f:7d:bb:07:24:55:4d:41:56: + e7:12:9f:0b:bd:85:d0:c9:1b:d8:68:27:88:84:e9:27:1e:58: + a3:22:0c:a8:f9:0c:ad:4b:a7:1f:a7:c9:dc:9e:b5:4b:0f:6f: + 76:63:13:db:80:6c:79:90:5e:d8:bb:68:5d:42:7f:38:65:e8: + f8:49:e1:0e:51:b2:b1:31:45:47:f2:1f:8a:15:f4:7b:67:82: + 83:d8:cd:70 -----BEGIN CERTIFICATE----- MIIDejCCAmKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLDUtmMg -eW/XXz4KMrF5Cr7b1IYjjfgXDT64Se3Tajnb5BZr9skD1g9goK5shhgtUAZwSF+b -FBdNK9Xk6YwZC3gZDtmCOY+S+Lx/zHpuBnx1435+JHF+GbpkL3tg5avAGppEnaTb -69VbaTGrn4ac7JAvwinqGRX7hVCJcWcocEb35B5t5oFJFX7pLp8U1vkCyZGP0all -iswpV3vlqAjbGaYnL4lL4co+HsT2ZU+wJsQpE0Q/bEm6t5kscAxUe8KaBs6VUWIW -owyeLDTQBGUyQdfbbjjpEoyRpQ3+ssa3dPQjZdmuiK8PEmoo8HvbK+RtG3Tek+n2 -cvEcKI+KMjeiZQIDAQABo4HYMIHVMB0GA1UdDgQWBBTVFgJ/T9N/IRqdzFUJMM/v -bAgfUzAfBgNVHSMEGDAWgBSZOKze3RcZ5J2SAv0BTUDFLE63SjA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUdhE85c +lx9AkvGG3ijgTuhwAToZdSNPvXvstkVfql4sWL3tFzyt/HROl0hxo84EkA/PeGKJ +WBhmxbfJooBIV+5kqBeQjOFRbaN5IdBnn4K6iXBuVDJn4vXXjN74byGGJhGJ53pS +qyWk6VMNAVgEoY7Ok1I2M4IXb0zNXJvuQpYvXO/kwYvbeK2v45+2HL7xHTabY5I3 +vuonSbd7iXOTLLLLu3TUpsL+CK7ovONAp02X2xQma8gC05VKm3sSadM/6YgH10km +b4eFqg++iDyn8J9/IfCWNSZx8fkzP/jIkmTBemprUqhU3IhcdZOBf0/Mxc9RS4f/ +Tjzidggt/E3PDwIDAQABo4HYMIHVMB0GA1UdDgQWBBQH8+2SKvcsZ2Co74aym8yX +XPrPWjAfBgNVHSMEGDAWgBRec0EJJ0YXEmti/y54IN56We0phDA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wCwYDKgMEBAQBAgMEMA0GCSqG -SIb3DQEBCwUAA4IBAQALHgg2Jdkbl6MHY8oXod9CFKVtdWOourWUsVkLXBin4o+n -i0DwD89NjYegd0SzCrayoqolDqXPS2t3buHiBhkNl9mplXImJAflzYzI4cUfbI5C -3ZPaTG4H5W6y4ObCBB0f4E/wXQBjLOo149zDFG2PhiOrqNEpgZget/s0TGUYJ/r1 -XlTmPh65JEyGzZSBjWBJ16en3qVNMDKICpWpNgFRIB4v4h+4+/sUd5o3w5Yh5YuW -qaCXJLgc9d2iG7sExPOwIlY4zCDhW1GQfBRcXs7fsalXojvWD1Y7lpR+xceobut3 -/lAeIcgLwj9vSNDd1PUpOT/hp73IujXTKHKS1OYz +SIb3DQEBCwUAA4IBAQBBAafyu7r6PShgb8QJHw4hbHKQ7wv4A7QAkh3vQARQ2wsG +BtsBUXButGfNH6xv/at48JeCacZ3Inj3teGi+F3KVhqI5hNclxQTsxbIYLTz3V18 +9aNEUCNFSuEO1V5+Fj3ZkgnSnYA6jDwbIB+iW6vz6SL1krOoT7iRT1DP1/D33x9r +pftxKEif5rpGNo488tIWe10rnuxJtxscbcF2ldfnzfoFAQC6hATpRPGPfbsHJFVN +QVbnEp8LvYXQyRvYaCeIhOknHlijIgyo+QytS6cfp8ncnrVLD292YxPbgGx5kF7Y +u2hdQn84Zej4SeEOUbKxMUVH8h+KFfR7Z4KD2M1w -----END CERTIFICATE----- Certificate: @@ -200,30 +200,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:a3:83:87:29:55:0b:8e:0a:7e:d7:d3:74:4f:6c: - 58:a6:8c:5c:09:8d:13:65:8b:94:04:8e:52:13:93: - 9e:8c:75:2b:37:f7:9f:ca:64:92:f2:42:e9:8d:d6: - 36:19:ab:14:e4:f3:76:16:65:68:3d:3b:51:eb:e5: - d0:33:af:8e:26:5b:f2:5c:4e:3d:7e:11:46:b6:2a: - 6d:fd:3a:54:57:91:8b:6c:e1:fb:8b:08:b8:80:d3: - 0d:2d:d0:b8:2e:1e:f0:b3:33:c5:15:0b:b0:ad:de: - 27:68:a4:3d:3b:6c:8d:4c:a6:d0:5c:7e:58:52:01: - 8f:fe:fb:86:5e:ce:ea:fc:33:77:28:c5:4c:ee:d0: - 0b:cb:a7:97:7f:05:70:53:a3:61:06:fa:b3:9d:7e: - d5:dd:3f:ef:58:04:f8:3c:91:fc:8d:fa:ca:cd:97: - a4:3b:44:ac:dd:64:a7:32:08:87:0f:73:36:d7:14: - e0:1d:b8:29:11:97:cb:9d:79:1f:bc:c8:cc:28:ae: - 8e:9a:2f:39:62:1f:28:aa:b9:c7:81:7c:34:96:44: - 39:e6:00:4b:5b:0e:4b:7a:fd:ca:bf:5d:67:50:91: - 3a:59:89:1b:3a:12:7c:7e:b9:58:54:e5:4f:97:00: - 35:c8:a7:b9:fd:3f:5e:08:5e:ac:0c:ba:61:e8:42: - 34:33 + 00:d0:c9:04:2a:e3:2c:61:f5:b8:fe:95:cf:f0:4f: + 49:3a:13:bf:16:40:fd:16:d5:31:53:5b:2c:16:94: + 96:7b:63:43:b0:04:9f:0c:9f:f9:30:48:94:ad:03: + c7:84:48:a0:9e:eb:7a:a4:d7:09:f7:48:4d:1d:d8: + 05:59:46:52:33:43:a7:6c:c1:66:b4:8e:5a:3e:8a: + 5b:bc:18:09:ff:c3:5b:c2:d7:1f:00:e1:5d:85:b1: + b6:8b:aa:ac:7a:9e:30:37:d8:57:c6:d8:82:f5:23: + 80:16:2b:ff:95:5b:dc:24:61:0b:0f:62:14:e8:dd: + ee:5c:30:86:6d:4e:e9:99:b5:61:d1:94:cf:4c:f9: + c4:92:be:22:59:2d:be:ca:2c:d3:8d:9f:8e:ea:d3: + 88:dc:cd:69:21:18:64:d2:66:23:50:d4:ca:38:76: + 09:3d:f5:cc:42:91:a2:12:f1:f4:cb:86:83:7c:0d: + 87:f7:89:a7:eb:ff:99:19:c6:04:22:b5:05:18:ca: + 04:60:d3:61:b8:b2:b1:64:cf:c4:15:af:a4:62:f6: + a1:c6:cc:f9:f9:3d:3e:25:7c:03:a6:a6:17:d6:43: + 90:7d:d8:04:f6:27:c7:79:cf:c9:96:b4:b3:b7:0e: + 0a:fc:c4:ea:b4:ce:7e:67:e7:21:33:92:cc:11:af: + f2:9b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 99:38:AC:DE:DD:17:19:E4:9D:92:02:FD:01:4D:40:C5:2C:4E:B7:4A + 5E:73:41:09:27:46:17:12:6B:62:FF:2E:78:20:DE:7A:59:ED:29:84 X509v3 Authority Key Identifier: - keyid:99:38:AC:DE:DD:17:19:E4:9D:92:02:FD:01:4D:40:C5:2C:4E:B7:4A + keyid:5E:73:41:09:27:46:17:12:6B:62:FF:2E:78:20:DE:7A:59:ED:29:84 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -238,41 +238,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 47:a7:24:e7:1f:29:34:d7:8e:3a:e1:af:aa:d3:3b:32:f4:d6: - 7d:ec:ab:7c:34:59:0b:b1:33:80:6a:d4:36:4a:78:d3:3a:d6: - 97:0d:8b:81:54:09:91:b5:30:79:78:e7:52:11:ba:e8:57:af: - f3:f8:f0:ff:17:9a:e3:d0:a0:89:81:50:e8:67:47:9b:b5:68: - ed:99:10:1b:d6:31:58:24:dd:74:3c:8b:76:77:46:a3:b9:ca: - b6:4b:3d:ca:b9:5b:ac:e7:92:8c:d3:f2:4a:ba:4b:2f:c6:11: - cf:38:15:59:5a:fa:2d:d2:72:31:8f:54:a4:7e:44:a7:26:9d: - 1b:38:e0:ac:75:72:9c:71:4c:78:54:80:8f:74:b7:11:b0:5c: - c7:69:a5:03:1e:cd:5e:c5:cd:60:0e:80:32:19:02:e0:8c:b4: - 76:e7:00:a1:e5:bc:29:31:61:a6:55:f0:72:92:78:69:6f:26: - 08:96:71:b9:42:a9:eb:cc:54:8e:d6:55:1a:26:2c:a0:b5:a6: - df:52:86:a1:df:26:da:26:86:d5:17:5b:c9:9b:90:c0:6c:ab: - 23:1a:82:2d:ff:b6:83:ae:3c:c1:c3:85:5e:49:aa:d6:ef:fd: - f4:4a:22:7c:90:b8:46:2e:15:63:93:0c:c5:2d:9e:f6:32:03: - 53:10:30:36 + bc:0f:f0:2b:80:e2:8d:60:5e:c4:04:a9:09:5c:a5:c0:4d:cc: + 90:d5:42:48:73:e1:48:8a:0c:4a:94:95:e1:1a:a3:9f:5b:3e: + 7f:be:b7:f1:ba:e0:31:a9:98:d2:82:b2:8c:82:5e:b0:ed:f3: + 3f:7e:21:54:b8:d4:55:0f:5b:a8:49:e4:22:85:bd:53:c3:9c: + f5:2f:cf:08:0b:12:95:13:fb:3d:00:33:ba:40:96:08:4a:99: + bc:cd:f5:3a:0c:82:c6:79:34:65:8c:c6:36:7a:e3:37:85:2f: + 72:c8:88:1d:5f:eb:5f:90:55:09:c9:2d:78:40:ac:33:cc:00: + 9b:f5:c8:07:1e:63:01:98:ee:f0:66:72:79:15:71:a0:6a:59: + aa:f9:f1:44:06:14:1a:5b:a8:05:e6:1e:cd:81:d5:f1:67:18: + 7f:41:28:07:37:2f:30:ca:6d:11:2d:96:7c:ba:1d:ba:cc:b7: + 30:20:e8:7b:43:1e:2f:d7:9f:c8:df:fc:d0:a1:13:7e:04:9b: + 3c:03:64:5d:00:5a:7f:7e:d9:d9:f7:16:0c:e7:09:8e:d7:eb: + ac:7b:f0:4d:4c:57:a8:cc:dc:5d:01:2e:68:00:da:a4:c0:eb: + e7:87:8a:d3:59:cb:e1:88:a1:8b:97:22:81:3d:da:f6:be:d8: + 26:ee:1b:db -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKODhylVC44KftfTdE9s -WKaMXAmNE2WLlASOUhOTnox1Kzf3n8pkkvJC6Y3WNhmrFOTzdhZlaD07Uevl0DOv -jiZb8lxOPX4RRrYqbf06VFeRi2zh+4sIuIDTDS3QuC4e8LMzxRULsK3eJ2ikPTts -jUym0Fx+WFIBj/77hl7O6vwzdyjFTO7QC8unl38FcFOjYQb6s51+1d0/71gE+DyR -/I36ys2XpDtErN1kpzIIhw9zNtcU4B24KRGXy515H7zIzCiujpovOWIfKKq5x4F8 -NJZEOeYAS1sOS3r9yr9dZ1CROlmJGzoSfH65WFTlT5cANcinuf0/XgherAy6YehC -NDMCAwEAAaOByzCByDAdBgNVHQ4EFgQUmTis3t0XGeSdkgL9AU1AxSxOt0owHwYD -VR0jBBgwFoAUmTis3t0XGeSdkgL9AU1AxSxOt0owNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANDJBCrjLGH1uP6Vz/BP +SToTvxZA/RbVMVNbLBaUlntjQ7AEnwyf+TBIlK0Dx4RIoJ7reqTXCfdITR3YBVlG +UjNDp2zBZrSOWj6KW7wYCf/DW8LXHwDhXYWxtouqrHqeMDfYV8bYgvUjgBYr/5Vb +3CRhCw9iFOjd7lwwhm1O6Zm1YdGUz0z5xJK+Ilktvsos042fjurTiNzNaSEYZNJm +I1DUyjh2CT31zEKRohLx9MuGg3wNh/eJp+v/mRnGBCK1BRjKBGDTYbiysWTPxBWv +pGL2ocbM+fk9PiV8A6amF9ZDkH3YBPYnx3nPyZa0s7cOCvzE6rTOfmfnITOSzBGv +8psCAwEAAaOByzCByDAdBgNVHQ4EFgQUXnNBCSdGFxJrYv8ueCDeelntKYQwHwYD +VR0jBBgwFoAUXnNBCSdGFxJrYv8ueCDeelntKYQwNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBHpyTnHyk0 -14464a+q0zsy9NZ97Kt8NFkLsTOAatQ2SnjTOtaXDYuBVAmRtTB5eOdSEbroV6/z -+PD/F5rj0KCJgVDoZ0ebtWjtmRAb1jFYJN10PIt2d0ajucq2Sz3KuVus55KM0/JK -uksvxhHPOBVZWvot0nIxj1SkfkSnJp0bOOCsdXKccUx4VICPdLcRsFzHaaUDHs1e -xc1gDoAyGQLgjLR25wCh5bwpMWGmVfByknhpbyYIlnG5QqnrzFSO1lUaJiygtabf -Uoah3ybaJobVF1vJm5DAbKsjGoIt/7aDrjzBw4VeSarW7/30SiJ8kLhGLhVjkwzF -LZ72MgNTEDA2 +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC8D/ArgOKN +YF7EBKkJXKXATcyQ1UJIc+FIigxKlJXhGqOfWz5/vrfxuuAxqZjSgrKMgl6w7fM/ +fiFUuNRVD1uoSeQihb1Tw5z1L88ICxKVE/s9ADO6QJYISpm8zfU6DILGeTRljMY2 +euM3hS9yyIgdX+tfkFUJyS14QKwzzACb9cgHHmMBmO7wZnJ5FXGgalmq+fFEBhQa +W6gF5h7NgdXxZxh/QSgHNy8wym0RLZZ8uh26zLcwIOh7Qx4v15/I3/zQoRN+BJs8 +A2RdAFp/ftnZ9xYM5wmO1+use/BNTFeozNxdAS5oANqkwOvnh4rTWcvhiKGLlyKB +Pdr2vtgm7hvb -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -284,3 +284,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal-anchor.pem b/chromium/net/data/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal-anchor.pem index 6ecd8bb41c9..2e3e137e494 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal-anchor.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal-anchor.pem @@ -281,4 +281,7 @@ MTIwNTAyMDQ1ODU0Wg== U1VDQ0VTUw== -----END VERIFY_RESULT----- - +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal.pem b/chromium/net/data/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal.pem index 1611b2f1bc4..d4232779484 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/issuer-and-subject-not-byte-for-byte-equal.pem @@ -461,4 +461,7 @@ MTMwNTIwMTUxODMzWg== U1VDQ0VTUw== -----END VERIFY_RESULT----- - +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/key-rollover-longrolloverchain.pem b/chromium/net/data/verify_certificate_chain_unittest/key-rollover-longrolloverchain.pem index 7446d9f4a2d..fbd9de89f32 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/key-rollover-longrolloverchain.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/key-rollover-longrolloverchain.pem @@ -48,30 +48,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:d0:14:31:90:c4:c6:d0:b9:10:9e:e4:7a:e2:bc: - 16:ab:d2:5e:d7:3d:00:11:bf:25:0b:32:17:57:c4: - fb:f6:60:0d:5a:7c:43:08:88:e6:35:f7:39:0f:dc: - d7:ef:22:18:52:5b:de:27:35:10:93:ab:c0:ae:98: - 1b:e1:c7:40:a8:be:84:2a:e6:69:7c:c4:68:1e:c4: - 0d:29:97:55:12:fb:30:86:a3:8f:03:0c:d4:4b:22: - 76:ac:a8:db:fd:20:4c:46:ea:21:9b:59:4f:ea:9c: - 20:6f:ff:e1:7c:7d:64:5c:4b:91:4d:ac:56:1d:19: - 12:6c:af:f2:99:40:21:9d:06:b9:a2:90:2c:7b:bc: - af:fe:c0:40:a1:06:89:62:f3:f3:fd:a0:07:61:aa: - c2:f9:e1:0e:13:96:92:ac:53:ba:ed:a5:36:c9:b9: - 04:e7:13:67:bc:0e:63:dc:22:29:53:e2:e3:59:ab: - 5c:25:cd:d9:fb:46:4e:91:70:dd:41:4b:35:87:a4: - fd:2c:66:be:75:7e:03:e9:12:61:66:cb:19:88:a1: - 61:b7:13:b4:ab:51:a6:d5:58:9c:db:8c:a2:1a:da: - c3:6f:cb:b6:b1:65:d8:a3:a3:d1:87:d8:b9:bb:b8: - c1:83:f1:83:38:2a:fd:a3:f6:a6:59:f2:27:f1:e3: - 50:29 + 00:ef:77:94:e8:68:c5:7e:1d:9b:ae:10:cd:d5:bb: + 96:27:0c:05:17:f4:ec:bc:da:7d:28:e5:b7:e5:8f: + da:d8:ae:7a:2a:d2:e3:15:9b:12:62:79:02:61:3d: + 3f:8b:64:4e:fb:7d:e1:59:bd:2f:83:ad:d3:b8:e5: + 45:33:c4:13:5f:79:ef:8a:3e:c0:39:20:81:e2:98: + b9:e6:c9:60:b6:8e:b4:bf:b4:2b:55:ae:b1:7c:21: + d3:fe:ec:f0:56:31:fe:0a:19:c4:2c:54:a4:97:aa: + 84:a2:83:f8:5a:9a:f3:11:b8:ad:3b:14:3a:68:5a: + 72:24:49:6f:6f:5a:02:39:91:07:09:cb:18:57:13: + 1e:a4:54:03:31:5c:b6:e9:7d:78:2d:e8:ba:2f:70: + 17:0a:03:11:aa:90:c7:5e:f0:1b:7f:56:39:f5:e0: + 1f:1e:33:8d:23:30:e6:7a:ba:5e:ca:46:33:13:04: + 5c:65:b0:be:53:7f:ab:a7:9f:8d:fb:bd:46:e5:87: + 44:31:55:e5:9f:97:7e:a3:ec:69:a8:d7:8b:47:ae: + 48:ae:74:50:5e:57:55:31:ca:36:ec:43:a1:dd:61: + b2:18:12:6a:29:0b:63:24:d5:71:4d:da:e7:0f:0d: + e3:2c:aa:76:6b:f9:2c:93:c2:fa:f9:40:2c:1b:34: + 65:53 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 01:D0:19:F4:6B:86:BC:17:3B:FB:74:95:0F:53:BD:BD:4E:CA:10:D6 + FA:2D:AF:E0:5F:8E:8E:18:7A:FB:AF:FE:D9:C9:A3:62:AA:B8:2A:18 X509v3 Authority Key Identifier: - keyid:D3:97:C6:F7:B9:E5:17:69:6D:78:39:77:3A:0A:AD:32:2D:40:AC:07 + keyid:CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -86,42 +86,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 0e:b6:ad:85:34:3d:cf:9c:2f:8c:e7:90:80:33:f6:12:99:40: - 6d:89:7b:5c:08:c9:a9:fc:40:24:1e:14:ac:6c:6a:11:aa:3e: - ea:c1:19:32:75:67:26:fe:c0:f9:55:e9:b6:04:74:c9:e3:22: - 59:3a:06:5a:5f:25:6d:1d:df:48:62:a4:ee:d0:87:df:20:9d: - 9c:95:aa:4e:77:05:28:e6:66:ac:ae:23:e4:74:df:5a:b4:21: - e7:3d:0f:95:61:84:11:7e:d8:72:66:dd:85:c7:41:fe:44:12: - da:4c:c7:1b:ab:7d:4b:3d:c4:38:2d:b9:54:8a:26:1e:76:1b: - f6:0b:8a:e9:fa:9f:0a:e6:cc:6d:c5:55:f1:a5:29:20:42:05: - d4:5a:4f:27:ab:b6:e4:c4:ea:4d:8b:97:53:67:03:75:32:1f: - 9d:1e:b8:72:e1:c4:5a:09:15:d7:ce:a3:59:ed:cc:4d:0f:ea: - c0:1d:57:1a:43:d7:7a:63:86:b0:b8:5c:4f:34:29:a4:be:90: - c4:6b:39:20:c9:25:96:7d:a1:cc:ee:f7:57:04:69:d7:21:66: - 1d:cc:4e:6c:10:1a:6e:87:11:f3:e3:ae:9e:5b:64:04:ee:ac: - c6:0a:24:80:e4:0a:0e:89:49:9d:0f:1d:74:b2:f6:db:7e:25: - a1:d0:6e:7e + 51:34:ff:18:bc:d1:50:95:2c:2e:0c:2c:6c:30:c2:1e:d2:c7: + 35:76:25:c3:4f:81:4a:9a:f2:40:e4:f0:26:35:2c:50:79:2f: + 34:91:0d:b6:ee:5b:4f:e1:cb:81:2d:4d:a9:65:21:3e:05:c6: + 71:f0:ea:45:83:43:a1:45:8a:fb:84:d2:19:09:d8:81:6d:81: + 19:4c:07:11:a6:cf:7d:f1:e1:b6:15:0b:c8:e1:ef:f9:97:6c: + 17:db:8c:5d:a0:86:6c:dc:c9:1a:fa:c2:f8:ce:24:c0:8c:88: + 23:13:0a:1a:88:ad:8f:7c:9d:c8:82:cc:c7:05:02:85:dd:f8: + 7b:32:bb:3c:88:11:1c:35:d9:08:51:15:9e:e3:94:f4:d0:04: + 70:8b:62:6b:4f:98:ac:13:8a:d5:b0:07:73:99:1a:87:b4:c1: + 30:36:f2:27:24:7a:40:2b:e9:70:99:39:27:98:95:75:23:d4: + 0c:3e:92:5e:2b:86:14:ec:94:f5:76:95:e2:38:0d:63:01:10: + f8:a5:0d:67:d8:ca:61:b0:db:7c:9b:b9:6d:83:9b:cd:1c:e6: + 78:54:6a:21:46:8c:88:d6:ae:a4:ad:47:44:f9:99:c0:4c:5f: + 0c:8a:6b:f4:f4:14:68:df:c7:97:91:db:55:1b:64:ef:30:d6: + 6f:3b:99:1f -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQFDGQ -xMbQuRCe5HrivBar0l7XPQARvyULMhdXxPv2YA1afEMIiOY19zkP3NfvIhhSW94n -NRCTq8CumBvhx0CovoQq5ml8xGgexA0pl1US+zCGo48DDNRLInasqNv9IExG6iGb -WU/qnCBv/+F8fWRcS5FNrFYdGRJsr/KZQCGdBrmikCx7vK/+wEChBoli8/P9oAdh -qsL54Q4TlpKsU7rtpTbJuQTnE2e8DmPcIilT4uNZq1wlzdn7Rk6RcN1BSzWHpP0s -Zr51fgPpEmFmyxmIoWG3E7SrUabVWJzbjKIa2sNvy7axZdijo9GH2Lm7uMGD8YM4 -Kv2j9qZZ8ifx41ApAgMBAAGjgekwgeYwHQYDVR0OBBYEFAHQGfRrhrwXO/t0lQ9T -vb1OyhDWMB8GA1UdIwQYMBaAFNOXxve55RdpbXg5dzoKrTItQKwHMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvd5To +aMV+HZuuEM3Vu5YnDAUX9Oy82n0o5bflj9rYrnoq0uMVmxJieQJhPT+LZE77feFZ +vS+DrdO45UUzxBNfee+KPsA5IIHimLnmyWC2jrS/tCtVrrF8IdP+7PBWMf4KGcQs +VKSXqoSig/hamvMRuK07FDpoWnIkSW9vWgI5kQcJyxhXEx6kVAMxXLbpfXgt6Lov +cBcKAxGqkMde8Bt/Vjn14B8eM40jMOZ6ul7KRjMTBFxlsL5Tf6unn437vUblh0Qx +VeWfl36j7Gmo14tHrkiudFBeV1UxyjbsQ6HdYbIYEmopC2Mk1XFN2ucPDeMsqnZr ++SyTwvr5QCwbNGVTAgMBAAGjgekwgeYwHQYDVR0OBBYEFPotr+Bfjo4Yevuv/tnJ +o2KquCoYMB8GA1UdIwQYMBaAFMxyYPCNjMupbP8JV/Nq/ilGJCZbMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEADrathTQ9z5wvjOeQgDP2 -EplAbYl7XAjJqfxAJB4UrGxqEao+6sEZMnVnJv7A+VXptgR0yeMiWToGWl8lbR3f -SGKk7tCH3yCdnJWqTncFKOZmrK4j5HTfWrQh5z0PlWGEEX7YcmbdhcdB/kQS2kzH -G6t9Sz3EOC25VIomHnYb9guK6fqfCubMbcVV8aUpIEIF1FpPJ6u25MTqTYuXU2cD -dTIfnR64cuHEWgkV186jWe3MTQ/qwB1XGkPXemOGsLhcTzQppL6QxGs5IMklln2h -zO73VwRp1yFmHcxObBAabocR8+OunltkBO6sxgokgOQKDolJnQ8ddLL2234lodBu -fg== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAUTT/GLzRUJUsLgwsbDDC +HtLHNXYlw0+BSpryQOTwJjUsUHkvNJENtu5bT+HLgS1NqWUhPgXGcfDqRYNDoUWK ++4TSGQnYgW2BGUwHEabPffHhthULyOHv+ZdsF9uMXaCGbNzJGvrC+M4kwIyIIxMK +Goitj3ydyILMxwUChd34ezK7PIgRHDXZCFEVnuOU9NAEcItia0+YrBOK1bAHc5ka +h7TBMDbyJyR6QCvpcJk5J5iVdSPUDD6SXiuGFOyU9XaV4jgNYwEQ+KUNZ9jKYbDb +fJu5bYObzRzmeFRqIUaMiNaupK1HRPmZwExfDIpr9PQUaN/Hl5HbVRtk7zDWbzuZ +Hw== -----END CERTIFICATE----- Certificate: @@ -138,30 +138,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:bf:ca:00:55:10:61:e4:0e:a3:f8:57:b8:7b:19: - 34:5a:77:b8:06:39:88:07:0c:ec:d0:3b:4a:53:02: - 3c:d1:d3:da:48:ae:8a:1a:1c:3d:30:bb:b3:36:80: - a1:6f:cd:32:fd:54:26:b9:77:d7:1e:11:30:6c:eb: - d7:11:9a:d9:af:54:7e:0e:37:c3:8d:f3:0a:5d:ec: - 82:d6:6e:f3:46:f4:2a:82:24:e4:28:38:c2:fa:6a: - a6:f7:38:cd:94:50:20:bd:ee:50:9e:3a:a3:40:1a: - 49:77:eb:b2:05:8c:01:46:e6:ef:8f:55:91:0a:7a: - 44:10:62:b8:9f:3e:81:31:ae:08:95:29:37:47:53: - ec:f3:c7:9c:f0:be:64:70:b3:81:f0:04:f4:a4:aa: - 41:ad:16:8f:13:31:af:9b:eb:55:dc:93:6d:56:cf: - d6:f0:0a:fb:11:9e:32:59:d4:07:28:e1:fe:60:73: - bf:43:bf:ff:c9:dc:f2:ca:3a:e1:0c:bd:90:0b:c2: - ab:91:d5:2e:72:5d:5e:f0:f8:45:7b:3d:37:89:d1: - 16:bd:9b:4f:c9:c4:34:c7:c4:23:a4:04:4b:13:db: - 1a:b5:82:d0:f6:cd:99:fe:f3:0d:98:81:65:5e:2f: - 9e:a4:c1:5b:2b:67:b5:07:2a:24:a6:e7:06:5f:49: - d6:d5 + 00:9d:2b:d3:86:6e:f6:af:a0:b2:08:23:93:2a:c0: + 1c:02:49:c6:ef:a9:64:39:4e:80:6a:36:56:e5:a5: + 93:0e:45:12:ad:05:41:9a:5d:cc:ed:af:2e:7b:b6: + cf:bd:14:79:8f:a5:59:16:02:fe:23:5c:2b:e4:90: + d2:67:7c:bb:74:cb:37:20:40:c4:62:fa:e0:23:f1: + a4:89:70:fe:54:ea:ea:3b:d7:1a:7a:9b:0d:a1:74: + 44:89:c9:58:3d:d6:99:42:6b:e5:da:f5:f1:0c:33: + 26:11:e1:d4:2b:33:d7:2e:be:b9:42:5d:e7:b2:ce: + 52:37:51:30:17:80:a7:77:e0:ca:55:ac:42:12:23: + 17:d6:42:5a:6d:55:1f:f8:f1:13:7b:73:7d:b6:ff: + b7:67:72:d8:55:af:8e:60:71:cd:b8:a4:72:9f:84: + d8:6f:a6:62:1a:0f:79:de:3e:27:a5:08:bc:90:20: + f6:a3:b2:64:21:92:3e:1c:8c:35:f5:38:16:96:18: + f1:5c:de:fd:89:b6:4d:ca:00:0a:59:91:84:9a:28: + ea:1c:8f:0d:14:aa:4b:e5:56:66:9e:40:36:35:ff: + dc:72:f3:ea:e3:7f:b4:73:64:66:ff:81:16:b9:93: + 8e:61:30:7f:15:2e:1d:6c:23:90:76:56:b2:60:11: + 91:19 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - D3:97:C6:F7:B9:E5:17:69:6D:78:39:77:3A:0A:AD:32:2D:40:AC:07 + CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B X509v3 Authority Key Identifier: - keyid:64:90:93:CD:AC:C7:37:36:4D:6B:14:D6:67:D0:54:3A:59:45:3A:FC + keyid:01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -176,41 +176,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - d2:35:f4:84:23:56:e3:2f:d1:54:fa:eb:85:02:e1:b7:aa:94: - a9:73:95:1d:29:9a:35:64:ac:4a:28:a3:87:24:e1:cd:3e:9f: - 53:14:92:ce:86:d6:ae:d5:3f:1d:97:59:ae:c4:1c:ae:78:29: - d7:45:a5:14:58:b6:ac:28:3e:20:e6:27:56:22:b2:bf:80:24: - 8d:bd:ef:17:67:8f:59:74:8b:7e:41:f1:fc:4d:a8:7b:d4:cf: - 0c:ec:41:c6:7a:2b:fc:c3:c2:92:dc:49:f6:7a:3d:bd:b0:41: - 0c:d3:0c:dd:58:1a:42:62:80:10:ad:95:ec:a0:8a:cb:b4:b8: - 8e:5d:45:c7:d2:82:4b:eb:cb:1a:0e:f5:40:46:0d:dd:35:a3: - 9b:d1:3e:55:95:b1:ab:96:63:31:ac:01:b4:ef:20:bc:0d:86: - 88:b2:e5:94:64:6b:f1:1a:73:3e:09:b0:4c:57:87:3a:65:5a: - 84:17:af:1c:cd:a5:4e:72:8e:19:8b:50:0a:97:4b:df:69:2c: - 4c:21:d4:d1:7e:81:74:94:60:5b:b0:5e:56:53:14:b4:52:3d: - c9:45:a5:47:10:74:15:86:a0:52:ba:ff:b5:32:01:ef:dd:0e: - 17:d6:73:35:aa:1e:ca:9a:8b:2e:28:cf:fa:1b:79:be:a7:87: - 4b:b4:0a:26 + 62:11:b8:11:cd:f2:bc:8f:e4:1a:93:66:fc:d3:d3:48:1f:11: + 66:8b:6f:e6:ba:e3:45:56:6f:66:0e:04:5a:ef:f9:a9:91:0f: + 6a:3a:5f:64:7d:7c:7e:a7:17:f4:0f:e5:20:14:71:51:2e:b1: + 61:97:fd:96:6d:ec:ac:f4:56:c2:0a:66:59:b4:f8:59:73:33: + 90:63:be:da:68:b0:42:4f:d9:3c:e1:11:b3:7c:d7:be:b7:e6: + 7c:7e:7b:c0:ef:ac:3a:c1:d2:9c:72:f2:da:30:fd:e4:76:b6: + cc:c3:11:89:dd:3d:9a:fc:6b:6f:7b:a1:58:ba:bb:88:38:4c: + ac:7a:ef:7b:1a:b5:cc:ba:2b:88:77:a8:41:21:8e:46:b4:fe: + d3:bb:f9:4d:c4:6e:8a:7d:f1:88:70:04:ac:e6:86:14:54:dd: + cc:3c:69:62:4a:b9:d4:54:5e:89:77:a9:9e:24:21:94:6d:bd: + 2e:60:61:95:76:7c:6b:d7:96:41:28:cc:3c:6f:56:13:ce:5c: + 82:3e:3e:cf:60:22:88:7e:a6:ce:1e:80:9b:ec:bd:16:04:cd: + c8:0c:db:98:b1:35:ff:16:c3:5c:f5:59:a1:15:05:b9:b0:55: + 81:ca:ba:73:fb:18:de:98:73:22:01:7f:61:64:77:0e:5b:50: + 6b:22:09:d1 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMjEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8oAVRBh -5A6j+Fe4exk0Wne4BjmIBwzs0DtKUwI80dPaSK6KGhw9MLuzNoChb80y/VQmuXfX -HhEwbOvXEZrZr1R+DjfDjfMKXeyC1m7zRvQqgiTkKDjC+mqm9zjNlFAgve5Qnjqj -QBpJd+uyBYwBRubvj1WRCnpEEGK4nz6BMa4IlSk3R1Ps88ec8L5kcLOB8AT0pKpB -rRaPEzGvm+tV3JNtVs/W8Ar7EZ4yWdQHKOH+YHO/Q7//ydzyyjrhDL2QC8KrkdUu -cl1e8PhFez03idEWvZtPycQ0x8QjpARLE9satYLQ9s2Z/vMNmIFlXi+epMFbK2e1 -ByokpucGX0nW1QIDAQABo4HLMIHIMB0GA1UdDgQWBBTTl8b3ueUXaW14OXc6Cq0y -LUCsBzAfBgNVHSMEGDAWgBRkkJPNrMc3Nk1rFNZn0FQ6WUU6/DA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSvThm72 +r6CyCCOTKsAcAknG76lkOU6AajZW5aWTDkUSrQVBml3M7a8ue7bPvRR5j6VZFgL+ +I1wr5JDSZ3y7dMs3IEDEYvrgI/GkiXD+VOrqO9caepsNoXREiclYPdaZQmvl2vXx +DDMmEeHUKzPXLr65Ql3nss5SN1EwF4Cnd+DKVaxCEiMX1kJabVUf+PETe3N9tv+3 +Z3LYVa+OYHHNuKRyn4TYb6ZiGg953j4npQi8kCD2o7JkIZI+HIw19TgWlhjxXN79 +ibZNygAKWZGEmijqHI8NFKpL5VZmnkA2Nf/ccvPq43+0c2Rm/4EWuZOOYTB/FS4d +bCOQdlayYBGRGQIDAQABo4HLMIHIMB0GA1UdDgQWBBTMcmDwjYzLqWz/CVfzav4p +RiQmWzAfBgNVHSMEGDAWgBQBa0kfIY+A3dSXwKi7Kn7c89r94TA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -ANI19IQjVuMv0VT664UC4beqlKlzlR0pmjVkrEooo4ck4c0+n1MUks6G1q7VPx2X -Wa7EHK54KddFpRRYtqwoPiDmJ1Yisr+AJI297xdnj1l0i35B8fxNqHvUzwzsQcZ6 -K/zDwpLcSfZ6Pb2wQQzTDN1YGkJigBCtleygisu0uI5dRcfSgkvryxoO9UBGDd01 -o5vRPlWVsauWYzGsAbTvILwNhoiy5ZRka/Eacz4JsExXhzplWoQXrxzNpU5yjhmL -UAqXS99pLEwh1NF+gXSUYFuwXlZTFLRSPclFpUcQdBWGoFK6/7UyAe/dDhfWczWq -Hsqaiy4oz/obeb6nh0u0CiY= +AGIRuBHN8ryP5BqTZvzT00gfEWaLb+a640VWb2YOBFrv+amRD2o6X2R9fH6nF/QP +5SAUcVEusWGX/ZZt7Kz0VsIKZlm0+FlzM5BjvtposEJP2TzhEbN817635nx+e8Dv +rDrB0pxy8tow/eR2tszDEYndPZr8a297oVi6u4g4TKx673satcy6K4h3qEEhjka0 +/tO7+U3Ebop98YhwBKzmhhRU3cw8aWJKudRUXol3qZ4kIZRtvS5gYZV2fGvXlkEo +zDxvVhPOXII+Ps9gIoh+ps4egJvsvRYEzcgM25ixNf8Ww1z1WaEVBbmwVYHKunP7 +GN6YcyIBf2Fkdw5bUGsiCdE= -----END CERTIFICATE----- Certificate: @@ -227,30 +227,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ea:cc:2d:c4:88:54:07:90:da:62:ef:77:23:b2: - 83:c9:54:06:25:70:65:43:f2:29:a3:f3:22:f2:09: - 92:31:25:77:79:63:4a:7f:d8:e5:1f:16:1a:25:bc: - d4:4b:9a:b3:a0:61:7e:c3:a5:90:32:97:5a:5b:59: - cf:97:d6:ac:2c:86:a7:70:ed:2d:e0:bf:e8:44:6f: - 41:29:55:b0:40:a8:10:d6:4d:67:2b:01:1f:7a:33: - 2b:ce:8f:c8:fb:54:99:e2:11:2d:75:7d:ff:f5:fb: - 53:e5:6b:7e:ca:b8:fc:1f:bc:8f:32:29:6d:d2:6b: - a1:9b:d9:7f:b2:f6:e9:18:72:fe:45:a2:23:dc:bf: - 5d:1e:43:5d:2b:80:2a:71:b4:cb:67:30:cc:aa:54: - 76:fc:4b:a3:2b:ab:99:31:66:bf:5c:09:44:e6:c9: - 27:42:3a:58:b5:fd:db:06:0f:11:04:0d:2d:36:4a: - 02:d5:50:4d:4d:7c:ed:a4:51:49:e3:fe:44:54:30: - 84:b6:1f:54:28:1f:9e:41:b2:20:23:75:e5:d4:e4: - bf:79:a6:ab:84:aa:dc:56:38:cf:2c:d3:8e:13:48: - 43:5a:eb:eb:3b:a0:36:d5:89:0c:68:e2:fb:8f:3a: - 82:ad:01:4b:f8:bb:b0:2e:3d:b7:6e:91:a3:70:9a: - d0:41 + 00:c7:04:19:c8:b2:fc:28:77:e5:99:8e:f0:05:8b: + 0d:5b:e5:38:f1:8e:d1:07:d2:f6:d8:6b:bd:c8:c3: + 2c:f3:05:e9:1f:4c:b6:c1:39:d4:0f:03:2f:62:ba: + e7:c4:7e:9c:7c:1c:be:df:6b:f2:34:b2:45:ec:b9: + 76:a5:3a:25:1c:a1:b7:78:76:0c:e8:3d:76:d1:46: + bd:20:e1:ef:1c:80:22:12:b5:8a:de:78:4f:ed:05: + 25:5d:b4:83:4c:9e:b2:ee:64:b5:df:d9:d1:b7:5f: + 3c:e9:8a:e1:e1:49:bd:d6:7c:fe:4a:38:f1:94:9a: + b5:cc:cf:85:aa:bd:bb:2d:93:b9:a9:2b:c1:f9:82: + c0:ba:68:a5:90:4f:e1:d4:30:6f:99:c4:d9:6c:e8: + 6a:0c:71:a8:ff:c4:7f:b5:9a:e6:07:a0:ed:f4:3c: + 3a:4b:a3:88:b1:41:cf:f1:b8:ea:f8:b7:43:b0:9f: + 88:05:eb:cd:ab:27:f5:ed:62:55:05:3d:62:59:b4: + 1c:07:ca:c4:49:3d:07:80:93:13:ff:0f:31:4f:34: + 41:9e:5b:a9:0a:79:fa:13:91:da:7c:35:c4:7b:56: + 9c:a1:89:05:7d:6e:12:e5:e4:83:be:9a:5e:14:cd: + fc:27:58:ae:f5:26:83:36:a4:04:61:a7:4a:01:2f: + 1a:4f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 64:90:93:CD:AC:C7:37:36:4D:6B:14:D6:67:D0:54:3A:59:45:3A:FC + 01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 X509v3 Authority Key Identifier: - keyid:64:90:93:CD:AC:C7:37:36:4D:6B:14:D6:67:D0:54:3A:59:45:3A:FC + keyid:01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -265,41 +265,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 77:d8:b1:3b:e5:c4:ce:c7:37:c6:fa:d7:a7:a1:cf:66:0e:19: - 49:ea:06:f2:ec:8d:92:7d:e2:de:43:32:22:55:b4:84:f5:30: - bb:44:91:c1:81:2a:aa:ae:e1:3c:86:17:20:28:15:a1:d0:dc: - ce:7c:62:67:4e:d5:a8:e0:e3:44:91:af:96:24:58:0d:eb:26: - 1f:42:37:82:de:d6:84:40:36:c7:78:7d:6c:f7:fa:54:a0:70: - d0:b9:41:a8:f2:3b:19:f1:cc:36:97:69:78:66:3c:ad:03:1e: - 70:e7:81:23:11:d6:98:d7:ba:e5:98:d8:12:c7:4b:1d:5b:b1: - cd:91:5c:49:f0:d3:99:dd:9e:ab:db:7b:32:f6:8c:be:fe:0b: - 2b:1e:96:8d:6e:7e:4a:69:71:f3:b6:f7:44:5f:a1:2f:62:67: - f0:55:b0:a2:d1:db:7f:58:3b:10:05:4f:e1:00:9d:45:4f:5d: - 1e:b8:a8:83:bd:33:bd:14:07:34:23:5e:99:bb:16:3e:ee:de: - 84:96:53:bf:29:e7:a5:52:a9:b6:6a:76:db:a6:ee:45:34:3f: - f7:48:d8:8a:12:46:c6:6c:ba:31:85:e8:45:07:85:23:37:85: - ff:15:de:0b:a8:97:40:60:11:9d:20:a8:fc:53:38:66:ea:9e: - d4:1b:9f:34 + ac:6f:d2:b3:2b:51:36:e5:34:6e:14:1a:cd:fd:9b:51:24:ab: + c0:11:ca:ce:a3:2a:16:a9:b2:52:a0:01:a8:3a:9c:d0:81:14: + bb:dc:9e:52:9c:ed:bb:42:06:89:11:7f:ed:5a:c0:c5:be:60: + e9:b6:1c:e5:4d:b1:06:d2:0c:2f:19:07:01:9b:6a:bd:2a:97: + 71:5d:a7:dd:da:28:00:ae:f5:44:bd:67:7f:ba:98:b8:d4:d3: + b4:e7:47:3c:82:60:e1:6d:40:db:a5:dd:3f:84:ef:2c:84:53: + a1:8d:9e:4a:29:b9:a9:5b:8a:b7:79:a5:70:cc:ff:aa:75:01: + 40:dc:e5:ab:93:16:29:9b:ce:de:56:8c:c2:4d:62:f9:70:1a: + cb:92:cf:67:5a:ad:11:1a:e4:33:21:e9:28:16:23:82:1a:ee: + 91:e6:b9:24:cd:a9:e6:63:46:4b:04:72:2c:d0:79:ab:ca:fc: + cf:a7:c8:e5:94:e7:f5:4c:0d:99:3d:cf:4a:4a:ab:c7:a6:5e: + 5e:eb:12:b8:3f:35:b5:e6:99:d6:30:ec:aa:33:44:81:20:77: + d6:13:f4:78:72:a8:20:08:94:c1:4a:b9:d6:f1:d8:05:11:ad: + 03:8b:62:d8:80:8f:96:b5:34:6a:7d:a6:11:52:e0:c4:ea:bf: + 83:3c:66:f5 -----BEGIN CERTIFICATE----- MIIDZTCCAk2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMjEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOrMLcSIVAeQ2mLvdyOy -g8lUBiVwZUPyKaPzIvIJkjEld3ljSn/Y5R8WGiW81Euas6BhfsOlkDKXWltZz5fW -rCyGp3DtLeC/6ERvQSlVsECoENZNZysBH3ozK86PyPtUmeIRLXV9//X7U+Vrfsq4 -/B+8jzIpbdJroZvZf7L26Rhy/kWiI9y/XR5DXSuAKnG0y2cwzKpUdvxLoyurmTFm -v1wJRObJJ0I6WLX92wYPEQQNLTZKAtVQTU187aRRSeP+RFQwhLYfVCgfnkGyICN1 -5dTkv3mmq4Sq3FY4zyzTjhNIQ1rr6zugNtWJDGji+486gq0BS/i7sC49t26Ro3Ca -0EECAwEAAaOByzCByDAdBgNVHQ4EFgQUZJCTzazHNzZNaxTWZ9BUOllFOvwwHwYD -VR0jBBgwFoAUZJCTzazHNzZNaxTWZ9BUOllFOvwwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcEGciy/Ch35ZmO8AWL +DVvlOPGO0QfS9thrvcjDLPMF6R9MtsE51A8DL2K658R+nHwcvt9r8jSyRey5dqU6 +JRyht3h2DOg9dtFGvSDh7xyAIhK1it54T+0FJV20g0yesu5ktd/Z0bdfPOmK4eFJ +vdZ8/ko48ZSatczPhaq9uy2TuakrwfmCwLpopZBP4dQwb5nE2WzoagxxqP/Ef7Wa +5geg7fQ8OkujiLFBz/G46vi3Q7CfiAXrzasn9e1iVQU9Ylm0HAfKxEk9B4CTE/8P +MU80QZ5bqQp5+hOR2nw1xHtWnKGJBX1uEuXkg76aXhTN/CdYrvUmgzakBGGnSgEv +Gk8CAwEAAaOByzCByDAdBgNVHQ4EFgQUAWtJHyGPgN3Ul8Couyp+3PPa/eEwHwYD +VR0jBBgwFoAUAWtJHyGPgN3Ul8Couyp+3PPa/eEwNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB32LE75cTO -xzfG+tenoc9mDhlJ6gby7I2SfeLeQzIiVbSE9TC7RJHBgSqqruE8hhcgKBWh0NzO -fGJnTtWo4ONEka+WJFgN6yYfQjeC3taEQDbHeH1s9/pUoHDQuUGo8jsZ8cw2l2l4 -ZjytAx5w54EjEdaY17rlmNgSx0sdW7HNkVxJ8NOZ3Z6r23sy9oy+/gsrHpaNbn5K -aXHztvdEX6EvYmfwVbCi0dt/WDsQBU/hAJ1FT10euKiDvTO9FAc0I16ZuxY+7t6E -llO/KeelUqm2anbbpu5FND/3SNiKEkbGbLoxhehFB4UjN4X/Fd4LqJdAYBGdIKj8 -Uzhm6p7UG580 +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCsb9KzK1E2 +5TRuFBrN/ZtRJKvAEcrOoyoWqbJSoAGoOpzQgRS73J5SnO27QgaJEX/tWsDFvmDp +thzlTbEG0gwvGQcBm2q9KpdxXafd2igArvVEvWd/upi41NO050c8gmDhbUDbpd0/ +hO8shFOhjZ5KKbmpW4q3eaVwzP+qdQFA3OWrkxYpm87eVozCTWL5cBrLks9nWq0R +GuQzIekoFiOCGu6R5rkkzanmY0ZLBHIs0HmryvzPp8jllOf1TA2ZPc9KSqvHpl5e +6xK4PzW15pnWMOyqM0SBIHfWE/R4cqggCJTBSrnW8dgFEa0Di2LYgI+WtTRqfaYR +UuDE6r+DPGb1 -----END CERTIFICATE----- Certificate: @@ -316,30 +316,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ea:cc:2d:c4:88:54:07:90:da:62:ef:77:23:b2: - 83:c9:54:06:25:70:65:43:f2:29:a3:f3:22:f2:09: - 92:31:25:77:79:63:4a:7f:d8:e5:1f:16:1a:25:bc: - d4:4b:9a:b3:a0:61:7e:c3:a5:90:32:97:5a:5b:59: - cf:97:d6:ac:2c:86:a7:70:ed:2d:e0:bf:e8:44:6f: - 41:29:55:b0:40:a8:10:d6:4d:67:2b:01:1f:7a:33: - 2b:ce:8f:c8:fb:54:99:e2:11:2d:75:7d:ff:f5:fb: - 53:e5:6b:7e:ca:b8:fc:1f:bc:8f:32:29:6d:d2:6b: - a1:9b:d9:7f:b2:f6:e9:18:72:fe:45:a2:23:dc:bf: - 5d:1e:43:5d:2b:80:2a:71:b4:cb:67:30:cc:aa:54: - 76:fc:4b:a3:2b:ab:99:31:66:bf:5c:09:44:e6:c9: - 27:42:3a:58:b5:fd:db:06:0f:11:04:0d:2d:36:4a: - 02:d5:50:4d:4d:7c:ed:a4:51:49:e3:fe:44:54:30: - 84:b6:1f:54:28:1f:9e:41:b2:20:23:75:e5:d4:e4: - bf:79:a6:ab:84:aa:dc:56:38:cf:2c:d3:8e:13:48: - 43:5a:eb:eb:3b:a0:36:d5:89:0c:68:e2:fb:8f:3a: - 82:ad:01:4b:f8:bb:b0:2e:3d:b7:6e:91:a3:70:9a: - d0:41 + 00:c7:04:19:c8:b2:fc:28:77:e5:99:8e:f0:05:8b: + 0d:5b:e5:38:f1:8e:d1:07:d2:f6:d8:6b:bd:c8:c3: + 2c:f3:05:e9:1f:4c:b6:c1:39:d4:0f:03:2f:62:ba: + e7:c4:7e:9c:7c:1c:be:df:6b:f2:34:b2:45:ec:b9: + 76:a5:3a:25:1c:a1:b7:78:76:0c:e8:3d:76:d1:46: + bd:20:e1:ef:1c:80:22:12:b5:8a:de:78:4f:ed:05: + 25:5d:b4:83:4c:9e:b2:ee:64:b5:df:d9:d1:b7:5f: + 3c:e9:8a:e1:e1:49:bd:d6:7c:fe:4a:38:f1:94:9a: + b5:cc:cf:85:aa:bd:bb:2d:93:b9:a9:2b:c1:f9:82: + c0:ba:68:a5:90:4f:e1:d4:30:6f:99:c4:d9:6c:e8: + 6a:0c:71:a8:ff:c4:7f:b5:9a:e6:07:a0:ed:f4:3c: + 3a:4b:a3:88:b1:41:cf:f1:b8:ea:f8:b7:43:b0:9f: + 88:05:eb:cd:ab:27:f5:ed:62:55:05:3d:62:59:b4: + 1c:07:ca:c4:49:3d:07:80:93:13:ff:0f:31:4f:34: + 41:9e:5b:a9:0a:79:fa:13:91:da:7c:35:c4:7b:56: + 9c:a1:89:05:7d:6e:12:e5:e4:83:be:9a:5e:14:cd: + fc:27:58:ae:f5:26:83:36:a4:04:61:a7:4a:01:2f: + 1a:4f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 64:90:93:CD:AC:C7:37:36:4D:6B:14:D6:67:D0:54:3A:59:45:3A:FC + 01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 X509v3 Authority Key Identifier: - keyid:5D:A1:03:3D:8F:13:F9:08:AF:1E:83:6C:BC:DE:6F:A3:B5:C2:1A:EA + keyid:D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -354,41 +354,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 08:18:04:78:4e:5e:99:54:0e:de:99:06:87:4d:3f:7b:98:bc: - ac:92:ec:e2:60:54:35:c8:65:68:09:3d:8d:d9:23:ed:c3:f3: - 7b:fd:8a:60:fb:8b:dc:66:96:3f:69:81:5b:7c:cd:1d:cd:44: - 8d:3a:93:e4:18:94:c4:a8:56:6a:fd:ea:07:ce:b1:a0:05:b2: - cd:fd:bf:05:e6:52:2b:26:36:9d:e2:f2:25:f2:c8:27:5b:52: - 13:c6:3e:55:5b:72:58:34:a1:1c:5b:17:15:69:b1:82:78:a8: - 6b:80:81:cc:73:40:5b:c0:ad:de:a8:ec:53:4f:72:f0:1b:a6: - d4:ea:e6:c0:35:96:df:ef:38:15:c5:0e:e9:92:22:c4:97:0d: - d5:37:6f:7e:af:1f:6e:53:45:1e:3e:21:8c:25:d3:4c:aa:0d: - 5b:08:e1:5f:aa:dc:49:1c:84:b3:30:21:ea:b6:9c:95:d4:16: - 1c:9a:0b:17:47:a1:8c:7d:04:a0:e5:df:7d:e7:69:b7:81:2d: - 31:09:9b:ae:da:b2:1d:13:36:ad:f1:19:7e:92:6a:1b:70:01: - 8b:ee:88:5e:54:56:d6:dd:6e:78:b1:53:06:89:3b:e3:7e:45: - 2c:b5:9c:c9:92:5a:0d:c2:85:d0:e1:89:20:94:c7:ef:3c:01: - ab:25:5c:4b + 90:af:1e:a1:3a:88:46:5e:09:6c:7f:b6:52:fe:b6:da:a2:04: + e3:d7:68:05:17:f8:9a:02:ca:c3:e5:ca:40:2b:ee:25:53:71: + 01:8b:17:f1:5e:c9:50:d5:19:7a:89:d4:84:df:f3:5a:ae:2f: + aa:ee:74:db:1a:da:51:e3:55:09:9e:45:f0:bf:fd:bf:34:83: + ec:be:30:13:5d:44:50:af:d2:76:d8:64:92:4e:91:31:d4:6a: + 29:f2:29:19:a5:c1:91:2c:c9:18:b8:00:2c:a0:6e:1c:52:a3: + 70:c3:03:32:01:37:b0:67:dd:de:2e:f0:2a:2c:67:35:f6:cc: + a4:a4:a6:28:8c:1b:a4:e4:6a:dd:c3:35:05:f3:0d:02:77:c5: + 6d:2b:b5:ba:d1:10:49:9a:db:01:2c:dd:3d:f4:35:b7:87:f7: + fd:d2:23:a9:98:76:0a:ed:39:3d:44:9b:5f:24:94:7a:57:04: + 9a:34:8e:fb:aa:85:b1:51:24:e8:69:b0:25:e2:4a:73:cf:6a: + 48:41:2c:7e:74:f8:c9:d5:e9:33:c6:43:1c:b8:d3:f0:37:db: + 65:e6:e4:91:6f:e3:73:44:f6:ca:da:aa:73:85:8d:fc:0b:a5: + 0b:33:a4:78:a6:30:77:d7:af:10:6e:48:9a:0f:23:7f:68:18: + 50:58:ce:5f -----BEGIN CERTIFICATE----- MIIDZTCCAk2gAwIBAgIBBTANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMjEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOrMLcSIVAeQ2mLvdyOy -g8lUBiVwZUPyKaPzIvIJkjEld3ljSn/Y5R8WGiW81Euas6BhfsOlkDKXWltZz5fW -rCyGp3DtLeC/6ERvQSlVsECoENZNZysBH3ozK86PyPtUmeIRLXV9//X7U+Vrfsq4 -/B+8jzIpbdJroZvZf7L26Rhy/kWiI9y/XR5DXSuAKnG0y2cwzKpUdvxLoyurmTFm -v1wJRObJJ0I6WLX92wYPEQQNLTZKAtVQTU187aRRSeP+RFQwhLYfVCgfnkGyICN1 -5dTkv3mmq4Sq3FY4zyzTjhNIQ1rr6zugNtWJDGji+486gq0BS/i7sC49t26Ro3Ca -0EECAwEAAaOByzCByDAdBgNVHQ4EFgQUZJCTzazHNzZNaxTWZ9BUOllFOvwwHwYD -VR0jBBgwFoAUXaEDPY8T+QivHoNsvN5vo7XCGuowNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcEGciy/Ch35ZmO8AWL +DVvlOPGO0QfS9thrvcjDLPMF6R9MtsE51A8DL2K658R+nHwcvt9r8jSyRey5dqU6 +JRyht3h2DOg9dtFGvSDh7xyAIhK1it54T+0FJV20g0yesu5ktd/Z0bdfPOmK4eFJ +vdZ8/ko48ZSatczPhaq9uy2TuakrwfmCwLpopZBP4dQwb5nE2WzoagxxqP/Ef7Wa +5geg7fQ8OkujiLFBz/G46vi3Q7CfiAXrzasn9e1iVQU9Ylm0HAfKxEk9B4CTE/8P +MU80QZ5bqQp5+hOR2nw1xHtWnKGJBX1uEuXkg76aXhTN/CdYrvUmgzakBGGnSgEv +Gk8CAwEAAaOByzCByDAdBgNVHQ4EFgQUAWtJHyGPgN3Ul8Couyp+3PPa/eEwHwYD +VR0jBBgwFoAU0kVkaIaOB/Kvvwvz3X9hHUtrSs0wNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAIGAR4Tl6Z -VA7emQaHTT97mLyskuziYFQ1yGVoCT2N2SPtw/N7/Ypg+4vcZpY/aYFbfM0dzUSN -OpPkGJTEqFZq/eoHzrGgBbLN/b8F5lIrJjad4vIl8sgnW1ITxj5VW3JYNKEcWxcV -abGCeKhrgIHMc0BbwK3eqOxTT3LwG6bU6ubANZbf7zgVxQ7pkiLElw3VN29+rx9u -U0UePiGMJdNMqg1bCOFfqtxJHISzMCHqtpyV1BYcmgsXR6GMfQSg5d9952m3gS0x -CZuu2rIdEzat8Rl+kmobcAGL7oheVFbW3W54sVMGiTvjfkUstZzJkloNwoXQ4Ykg -lMfvPAGrJVxL +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCQrx6hOohG +Xglsf7ZS/rbaogTj12gFF/iaAsrD5cpAK+4lU3EBixfxXslQ1Rl6idSE3/Nari+q +7nTbGtpR41UJnkXwv/2/NIPsvjATXURQr9J22GSSTpEx1Gop8ikZpcGRLMkYuAAs +oG4cUqNwwwMyATewZ93eLvAqLGc19sykpKYojBuk5GrdwzUF8w0Cd8VtK7W60RBJ +mtsBLN099DW3h/f90iOpmHYK7Tk9RJtfJJR6VwSaNI77qoWxUSToabAl4kpzz2pI +QSx+dPjJ1ekzxkMcuNPwN9tl5uSRb+NzRPbK2qpzhY38C6ULM6R4pjB3168Qbkia +DyN/aBhQWM5f -----END CERTIFICATE----- Certificate: @@ -405,30 +405,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:a7:67:cf:1d:f5:54:e9:96:54:bc:65:8c:b7:9e: - 72:39:05:68:3d:44:e5:93:d8:4b:61:b1:a4:b4:b4: - 4c:c6:a0:92:b6:4d:06:3a:5b:b2:0a:8a:27:cb:b1: - e7:c3:35:47:ef:ac:2d:a7:d0:9c:b2:50:6a:58:3d: - 12:a4:85:dc:77:a9:08:e5:f4:1f:c0:ef:00:51:cd: - 68:62:d5:e5:cc:01:be:be:42:8b:35:fb:00:9c:30: - 84:0c:d7:35:7d:88:d1:1b:43:78:19:79:aa:06:b3: - ac:5c:69:a0:23:f0:69:dc:89:59:97:05:df:01:ae: - 5b:8f:01:a0:78:4f:05:4e:36:ac:00:b4:8d:e8:79: - 05:07:f2:76:a4:63:3f:95:21:06:57:61:a9:f0:43: - 04:d1:92:d3:9d:bb:b3:8f:5b:ef:ab:81:a0:23:11: - 38:b5:02:b2:95:1d:ac:da:b8:36:60:d7:d7:01:6d: - e8:ed:32:21:b4:84:97:33:7c:67:88:0e:44:c7:12: - 87:85:6a:49:80:82:cb:1e:16:2b:2f:6d:98:82:a0: - a0:30:cc:55:df:93:65:e0:9a:08:24:8a:47:cc:69: - 53:3c:b7:62:fa:df:11:64:d0:3f:52:43:80:f8:cf: - 7b:6f:d0:65:20:fb:22:d0:43:ca:fc:fc:0f:bd:1c: - 42:b9 + 00:ef:5f:3f:57:00:ad:2d:82:81:56:19:c0:da:98: + 72:8b:7f:4b:4f:37:f2:d9:0e:b3:3c:7b:73:d3:8a: + ad:5a:94:9c:37:0b:bc:68:4b:40:ac:a9:d1:1f:1b: + 35:6a:74:50:6b:91:c2:30:e5:a6:88:87:90:f4:dc: + 8d:09:49:6a:3e:f0:fe:cf:bb:b3:3b:33:c1:2a:2e: + b9:fb:9b:6a:db:2a:a6:9f:87:46:6a:b0:7d:87:c6: + 63:27:cd:58:e7:55:7d:c5:6c:d8:ac:c7:10:fb:6e: + 68:40:9d:69:bf:8f:a0:9c:36:d8:7a:dc:fb:14:48: + f4:96:5d:c2:0e:8f:e9:2f:1d:08:13:04:a0:1d:03: + 78:b8:a6:97:15:13:0f:91:4e:9e:18:00:96:9f:94: + e6:ad:02:2e:c7:60:c8:ed:50:54:02:2e:b2:6b:6e: + d5:78:7f:7a:74:20:20:f6:9c:fa:98:17:b3:8f:fd: + 92:01:3d:ff:e6:56:fa:45:28:41:b1:3c:ba:4a:ef: + bc:ff:4c:1e:d3:96:bc:5d:a6:06:7d:27:d8:66:13: + e0:40:74:83:8c:f4:89:c9:8d:8a:13:b7:98:88:32: + 6c:51:6c:15:92:1c:1b:e7:f7:08:a6:35:81:b4:24: + be:45:10:1f:ff:c9:e4:4d:35:b7:4d:3c:ae:54:d2: + ee:6f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 5D:A1:03:3D:8F:13:F9:08:AF:1E:83:6C:BC:DE:6F:A3:B5:C2:1A:EA + D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD X509v3 Authority Key Identifier: - keyid:5D:A1:03:3D:8F:13:F9:08:AF:1E:83:6C:BC:DE:6F:A3:B5:C2:1A:EA + keyid:D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -443,41 +443,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 7f:ec:13:f0:46:53:d5:75:08:a5:37:44:9c:47:19:9e:05:ef: - d6:30:68:1e:0b:c8:3c:84:93:51:36:25:48:60:56:d4:79:1f: - b6:2c:91:e3:6f:61:f9:e7:7d:c8:b6:7b:70:7f:27:6d:2c:38: - ec:73:e4:8c:86:f4:48:8e:1b:09:0d:9f:f8:5a:1f:95:ed:f1: - 03:ea:99:64:d6:2d:46:4e:b8:0b:67:10:98:8e:19:2e:31:e1: - e3:d6:fe:7c:97:e9:a3:7a:18:25:9c:d4:4f:ce:a9:11:1d:f0: - 53:32:8a:e8:8e:8d:80:fb:f1:c1:c1:6a:c1:cf:d2:36:a2:b1: - f9:32:9e:05:fd:73:1a:b9:37:e5:55:b2:1e:78:84:a5:04:45: - 4a:d5:24:ad:20:39:fe:ab:ce:38:dd:c0:1e:2f:dd:ce:b4:5c: - 49:1d:ab:7a:e1:bd:e9:a6:d2:02:64:8a:a9:97:36:89:42:c2: - 82:14:ec:aa:dd:77:be:b1:d6:d2:4f:8b:a4:fe:5b:06:28:1c: - 2f:4e:83:15:1f:10:a9:c6:ce:8e:a6:ca:bb:2c:01:6a:ae:99: - 59:44:05:fc:a5:7e:fe:73:5f:df:b5:0b:48:b5:43:b6:10:9f: - 42:2e:8b:65:f6:47:25:27:66:ef:a6:a0:ca:d3:cc:9c:ac:2d: - 22:5b:87:5c + b6:c1:5c:d8:13:5b:e8:b9:43:d0:d8:44:dc:85:82:03:9f:f3: + a8:ed:60:da:86:74:14:69:76:69:de:3d:27:c3:f8:c0:84:40: + 7d:e4:ab:93:48:51:fe:b3:d3:9f:42:5d:df:66:86:9a:b3:77: + de:84:f8:07:b6:a0:fa:01:96:6b:01:3a:21:06:30:cd:47:2f: + 39:bb:e0:8c:78:2d:4c:53:e8:01:0a:7b:8b:46:c1:a8:b2:45: + e3:99:fb:e0:ea:53:e3:d3:76:0a:28:38:f6:f4:c6:90:18:51: + b7:af:ae:8f:68:5b:da:be:e9:e3:62:6d:dc:39:0d:27:e4:a1: + 87:d3:f1:6c:c5:84:9c:c4:55:88:b3:25:d0:2a:70:a8:15:de: + 7b:51:fd:d8:3e:db:08:04:1c:af:97:d3:2b:ce:6e:a5:cc:05: + 48:82:f5:46:05:42:29:a7:e8:e5:f3:ad:4f:90:4f:9d:4e:76: + 94:85:c6:26:6c:1a:b2:86:50:13:81:68:e0:3b:5b:51:2c:be: + f0:9f:ea:98:fa:9d:16:7b:59:8f:e1:91:39:3b:a0:22:e5:13: + 04:ee:d5:28:63:bb:df:ab:58:84:02:95:2e:1e:66:42:b1:e2: + 49:6a:62:f1:e0:1d:fa:86:b0:fb:6d:0b:05:8b:8a:ca:f6:0b: + 85:96:d6:ab -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKdnzx31VOmWVLxljLee -cjkFaD1E5ZPYS2GxpLS0TMagkrZNBjpbsgqKJ8ux58M1R++sLafQnLJQalg9EqSF -3HepCOX0H8DvAFHNaGLV5cwBvr5CizX7AJwwhAzXNX2I0RtDeBl5qgazrFxpoCPw -adyJWZcF3wGuW48BoHhPBU42rAC0jeh5BQfydqRjP5UhBldhqfBDBNGS0527s49b -76uBoCMROLUCspUdrNq4NmDX1wFt6O0yIbSElzN8Z4gORMcSh4VqSYCCyx4WKy9t -mIKgoDDMVd+TZeCaCCSKR8xpUzy3YvrfEWTQP1JDgPjPe2/QZSD7ItBDyvz8D70c -QrkCAwEAAaOByzCByDAdBgNVHQ4EFgQUXaEDPY8T+QivHoNsvN5vo7XCGuowHwYD -VR0jBBgwFoAUXaEDPY8T+QivHoNsvN5vo7XCGuowNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO9fP1cArS2CgVYZwNqY +cot/S0838tkOszx7c9OKrVqUnDcLvGhLQKyp0R8bNWp0UGuRwjDlpoiHkPTcjQlJ +aj7w/s+7szszwSouufubatsqpp+HRmqwfYfGYyfNWOdVfcVs2KzHEPtuaECdab+P +oJw22Hrc+xRI9JZdwg6P6S8dCBMEoB0DeLimlxUTD5FOnhgAlp+U5q0CLsdgyO1Q +VAIusmtu1Xh/enQgIPac+pgXs4/9kgE9/+ZW+kUoQbE8ukrvvP9MHtOWvF2mBn0n +2GYT4EB0g4z0icmNihO3mIgybFFsFZIcG+f3CKY1gbQkvkUQH//J5E01t008rlTS +7m8CAwEAAaOByzCByDAdBgNVHQ4EFgQU0kVkaIaOB/Kvvwvz3X9hHUtrSs0wHwYD +VR0jBBgwFoAU0kVkaIaOB/Kvvwvz3X9hHUtrSs0wNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB/7BPwRlPV -dQilN0ScRxmeBe/WMGgeC8g8hJNRNiVIYFbUeR+2LJHjb2H5533ItntwfydtLDjs -c+SMhvRIjhsJDZ/4Wh+V7fED6plk1i1GTrgLZxCYjhkuMeHj1v58l+mjehglnNRP -zqkRHfBTMorojo2A+/HBwWrBz9I2orH5Mp4F/XMauTflVbIeeISlBEVK1SStIDn+ -q8443cAeL93OtFxJHat64b3pptICZIqplzaJQsKCFOyq3Xe+sdbST4uk/lsGKBwv -ToMVHxCpxs6Opsq7LAFqrplZRAX8pX7+c1/ftQtItUO2EJ9CLotl9kclJ2bvpqDK -08ycrC0iW4dc +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC2wVzYE1vo +uUPQ2ETchYIDn/Oo7WDahnQUaXZp3j0nw/jAhEB95KuTSFH+s9OfQl3fZoaas3fe +hPgHtqD6AZZrATohBjDNRy85u+CMeC1MU+gBCnuLRsGoskXjmfvg6lPj03YKKDj2 +9MaQGFG3r66PaFvavunjYm3cOQ0n5KGH0/FsxYScxFWIsyXQKnCoFd57Uf3YPtsI +BByvl9Mrzm6lzAVIgvVGBUIpp+jl861PkE+dTnaUhcYmbBqyhlATgWjgO1tRLL7w +n+qY+p0We1mP4ZE5O6Ai5RME7tUoY7vfq1iEApUuHmZCseJJamLx4B36hrD7bQsF +i4rK9guFltar -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -489,3 +489,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/key-rollover-newchain.pem b/chromium/net/data/verify_certificate_chain_unittest/key-rollover-newchain.pem index 7afc4c8c46c..8ef333dce32 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/key-rollover-newchain.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/key-rollover-newchain.pem @@ -48,30 +48,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:d0:14:31:90:c4:c6:d0:b9:10:9e:e4:7a:e2:bc: - 16:ab:d2:5e:d7:3d:00:11:bf:25:0b:32:17:57:c4: - fb:f6:60:0d:5a:7c:43:08:88:e6:35:f7:39:0f:dc: - d7:ef:22:18:52:5b:de:27:35:10:93:ab:c0:ae:98: - 1b:e1:c7:40:a8:be:84:2a:e6:69:7c:c4:68:1e:c4: - 0d:29:97:55:12:fb:30:86:a3:8f:03:0c:d4:4b:22: - 76:ac:a8:db:fd:20:4c:46:ea:21:9b:59:4f:ea:9c: - 20:6f:ff:e1:7c:7d:64:5c:4b:91:4d:ac:56:1d:19: - 12:6c:af:f2:99:40:21:9d:06:b9:a2:90:2c:7b:bc: - af:fe:c0:40:a1:06:89:62:f3:f3:fd:a0:07:61:aa: - c2:f9:e1:0e:13:96:92:ac:53:ba:ed:a5:36:c9:b9: - 04:e7:13:67:bc:0e:63:dc:22:29:53:e2:e3:59:ab: - 5c:25:cd:d9:fb:46:4e:91:70:dd:41:4b:35:87:a4: - fd:2c:66:be:75:7e:03:e9:12:61:66:cb:19:88:a1: - 61:b7:13:b4:ab:51:a6:d5:58:9c:db:8c:a2:1a:da: - c3:6f:cb:b6:b1:65:d8:a3:a3:d1:87:d8:b9:bb:b8: - c1:83:f1:83:38:2a:fd:a3:f6:a6:59:f2:27:f1:e3: - 50:29 + 00:ef:77:94:e8:68:c5:7e:1d:9b:ae:10:cd:d5:bb: + 96:27:0c:05:17:f4:ec:bc:da:7d:28:e5:b7:e5:8f: + da:d8:ae:7a:2a:d2:e3:15:9b:12:62:79:02:61:3d: + 3f:8b:64:4e:fb:7d:e1:59:bd:2f:83:ad:d3:b8:e5: + 45:33:c4:13:5f:79:ef:8a:3e:c0:39:20:81:e2:98: + b9:e6:c9:60:b6:8e:b4:bf:b4:2b:55:ae:b1:7c:21: + d3:fe:ec:f0:56:31:fe:0a:19:c4:2c:54:a4:97:aa: + 84:a2:83:f8:5a:9a:f3:11:b8:ad:3b:14:3a:68:5a: + 72:24:49:6f:6f:5a:02:39:91:07:09:cb:18:57:13: + 1e:a4:54:03:31:5c:b6:e9:7d:78:2d:e8:ba:2f:70: + 17:0a:03:11:aa:90:c7:5e:f0:1b:7f:56:39:f5:e0: + 1f:1e:33:8d:23:30:e6:7a:ba:5e:ca:46:33:13:04: + 5c:65:b0:be:53:7f:ab:a7:9f:8d:fb:bd:46:e5:87: + 44:31:55:e5:9f:97:7e:a3:ec:69:a8:d7:8b:47:ae: + 48:ae:74:50:5e:57:55:31:ca:36:ec:43:a1:dd:61: + b2:18:12:6a:29:0b:63:24:d5:71:4d:da:e7:0f:0d: + e3:2c:aa:76:6b:f9:2c:93:c2:fa:f9:40:2c:1b:34: + 65:53 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 01:D0:19:F4:6B:86:BC:17:3B:FB:74:95:0F:53:BD:BD:4E:CA:10:D6 + FA:2D:AF:E0:5F:8E:8E:18:7A:FB:AF:FE:D9:C9:A3:62:AA:B8:2A:18 X509v3 Authority Key Identifier: - keyid:D3:97:C6:F7:B9:E5:17:69:6D:78:39:77:3A:0A:AD:32:2D:40:AC:07 + keyid:CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -86,42 +86,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 0e:b6:ad:85:34:3d:cf:9c:2f:8c:e7:90:80:33:f6:12:99:40: - 6d:89:7b:5c:08:c9:a9:fc:40:24:1e:14:ac:6c:6a:11:aa:3e: - ea:c1:19:32:75:67:26:fe:c0:f9:55:e9:b6:04:74:c9:e3:22: - 59:3a:06:5a:5f:25:6d:1d:df:48:62:a4:ee:d0:87:df:20:9d: - 9c:95:aa:4e:77:05:28:e6:66:ac:ae:23:e4:74:df:5a:b4:21: - e7:3d:0f:95:61:84:11:7e:d8:72:66:dd:85:c7:41:fe:44:12: - da:4c:c7:1b:ab:7d:4b:3d:c4:38:2d:b9:54:8a:26:1e:76:1b: - f6:0b:8a:e9:fa:9f:0a:e6:cc:6d:c5:55:f1:a5:29:20:42:05: - d4:5a:4f:27:ab:b6:e4:c4:ea:4d:8b:97:53:67:03:75:32:1f: - 9d:1e:b8:72:e1:c4:5a:09:15:d7:ce:a3:59:ed:cc:4d:0f:ea: - c0:1d:57:1a:43:d7:7a:63:86:b0:b8:5c:4f:34:29:a4:be:90: - c4:6b:39:20:c9:25:96:7d:a1:cc:ee:f7:57:04:69:d7:21:66: - 1d:cc:4e:6c:10:1a:6e:87:11:f3:e3:ae:9e:5b:64:04:ee:ac: - c6:0a:24:80:e4:0a:0e:89:49:9d:0f:1d:74:b2:f6:db:7e:25: - a1:d0:6e:7e + 51:34:ff:18:bc:d1:50:95:2c:2e:0c:2c:6c:30:c2:1e:d2:c7: + 35:76:25:c3:4f:81:4a:9a:f2:40:e4:f0:26:35:2c:50:79:2f: + 34:91:0d:b6:ee:5b:4f:e1:cb:81:2d:4d:a9:65:21:3e:05:c6: + 71:f0:ea:45:83:43:a1:45:8a:fb:84:d2:19:09:d8:81:6d:81: + 19:4c:07:11:a6:cf:7d:f1:e1:b6:15:0b:c8:e1:ef:f9:97:6c: + 17:db:8c:5d:a0:86:6c:dc:c9:1a:fa:c2:f8:ce:24:c0:8c:88: + 23:13:0a:1a:88:ad:8f:7c:9d:c8:82:cc:c7:05:02:85:dd:f8: + 7b:32:bb:3c:88:11:1c:35:d9:08:51:15:9e:e3:94:f4:d0:04: + 70:8b:62:6b:4f:98:ac:13:8a:d5:b0:07:73:99:1a:87:b4:c1: + 30:36:f2:27:24:7a:40:2b:e9:70:99:39:27:98:95:75:23:d4: + 0c:3e:92:5e:2b:86:14:ec:94:f5:76:95:e2:38:0d:63:01:10: + f8:a5:0d:67:d8:ca:61:b0:db:7c:9b:b9:6d:83:9b:cd:1c:e6: + 78:54:6a:21:46:8c:88:d6:ae:a4:ad:47:44:f9:99:c0:4c:5f: + 0c:8a:6b:f4:f4:14:68:df:c7:97:91:db:55:1b:64:ef:30:d6: + 6f:3b:99:1f -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQFDGQ -xMbQuRCe5HrivBar0l7XPQARvyULMhdXxPv2YA1afEMIiOY19zkP3NfvIhhSW94n -NRCTq8CumBvhx0CovoQq5ml8xGgexA0pl1US+zCGo48DDNRLInasqNv9IExG6iGb -WU/qnCBv/+F8fWRcS5FNrFYdGRJsr/KZQCGdBrmikCx7vK/+wEChBoli8/P9oAdh -qsL54Q4TlpKsU7rtpTbJuQTnE2e8DmPcIilT4uNZq1wlzdn7Rk6RcN1BSzWHpP0s -Zr51fgPpEmFmyxmIoWG3E7SrUabVWJzbjKIa2sNvy7axZdijo9GH2Lm7uMGD8YM4 -Kv2j9qZZ8ifx41ApAgMBAAGjgekwgeYwHQYDVR0OBBYEFAHQGfRrhrwXO/t0lQ9T -vb1OyhDWMB8GA1UdIwQYMBaAFNOXxve55RdpbXg5dzoKrTItQKwHMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvd5To +aMV+HZuuEM3Vu5YnDAUX9Oy82n0o5bflj9rYrnoq0uMVmxJieQJhPT+LZE77feFZ +vS+DrdO45UUzxBNfee+KPsA5IIHimLnmyWC2jrS/tCtVrrF8IdP+7PBWMf4KGcQs +VKSXqoSig/hamvMRuK07FDpoWnIkSW9vWgI5kQcJyxhXEx6kVAMxXLbpfXgt6Lov +cBcKAxGqkMde8Bt/Vjn14B8eM40jMOZ6ul7KRjMTBFxlsL5Tf6unn437vUblh0Qx +VeWfl36j7Gmo14tHrkiudFBeV1UxyjbsQ6HdYbIYEmopC2Mk1XFN2ucPDeMsqnZr ++SyTwvr5QCwbNGVTAgMBAAGjgekwgeYwHQYDVR0OBBYEFPotr+Bfjo4Yevuv/tnJ +o2KquCoYMB8GA1UdIwQYMBaAFMxyYPCNjMupbP8JV/Nq/ilGJCZbMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEADrathTQ9z5wvjOeQgDP2 -EplAbYl7XAjJqfxAJB4UrGxqEao+6sEZMnVnJv7A+VXptgR0yeMiWToGWl8lbR3f -SGKk7tCH3yCdnJWqTncFKOZmrK4j5HTfWrQh5z0PlWGEEX7YcmbdhcdB/kQS2kzH -G6t9Sz3EOC25VIomHnYb9guK6fqfCubMbcVV8aUpIEIF1FpPJ6u25MTqTYuXU2cD -dTIfnR64cuHEWgkV186jWe3MTQ/qwB1XGkPXemOGsLhcTzQppL6QxGs5IMklln2h -zO73VwRp1yFmHcxObBAabocR8+OunltkBO6sxgokgOQKDolJnQ8ddLL2234lodBu -fg== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAUTT/GLzRUJUsLgwsbDDC +HtLHNXYlw0+BSpryQOTwJjUsUHkvNJENtu5bT+HLgS1NqWUhPgXGcfDqRYNDoUWK ++4TSGQnYgW2BGUwHEabPffHhthULyOHv+ZdsF9uMXaCGbNzJGvrC+M4kwIyIIxMK +Goitj3ydyILMxwUChd34ezK7PIgRHDXZCFEVnuOU9NAEcItia0+YrBOK1bAHc5ka +h7TBMDbyJyR6QCvpcJk5J5iVdSPUDD6SXiuGFOyU9XaV4jgNYwEQ+KUNZ9jKYbDb +fJu5bYObzRzmeFRqIUaMiNaupK1HRPmZwExfDIpr9PQUaN/Hl5HbVRtk7zDWbzuZ +Hw== -----END CERTIFICATE----- Certificate: @@ -138,30 +138,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:bf:ca:00:55:10:61:e4:0e:a3:f8:57:b8:7b:19: - 34:5a:77:b8:06:39:88:07:0c:ec:d0:3b:4a:53:02: - 3c:d1:d3:da:48:ae:8a:1a:1c:3d:30:bb:b3:36:80: - a1:6f:cd:32:fd:54:26:b9:77:d7:1e:11:30:6c:eb: - d7:11:9a:d9:af:54:7e:0e:37:c3:8d:f3:0a:5d:ec: - 82:d6:6e:f3:46:f4:2a:82:24:e4:28:38:c2:fa:6a: - a6:f7:38:cd:94:50:20:bd:ee:50:9e:3a:a3:40:1a: - 49:77:eb:b2:05:8c:01:46:e6:ef:8f:55:91:0a:7a: - 44:10:62:b8:9f:3e:81:31:ae:08:95:29:37:47:53: - ec:f3:c7:9c:f0:be:64:70:b3:81:f0:04:f4:a4:aa: - 41:ad:16:8f:13:31:af:9b:eb:55:dc:93:6d:56:cf: - d6:f0:0a:fb:11:9e:32:59:d4:07:28:e1:fe:60:73: - bf:43:bf:ff:c9:dc:f2:ca:3a:e1:0c:bd:90:0b:c2: - ab:91:d5:2e:72:5d:5e:f0:f8:45:7b:3d:37:89:d1: - 16:bd:9b:4f:c9:c4:34:c7:c4:23:a4:04:4b:13:db: - 1a:b5:82:d0:f6:cd:99:fe:f3:0d:98:81:65:5e:2f: - 9e:a4:c1:5b:2b:67:b5:07:2a:24:a6:e7:06:5f:49: - d6:d5 + 00:9d:2b:d3:86:6e:f6:af:a0:b2:08:23:93:2a:c0: + 1c:02:49:c6:ef:a9:64:39:4e:80:6a:36:56:e5:a5: + 93:0e:45:12:ad:05:41:9a:5d:cc:ed:af:2e:7b:b6: + cf:bd:14:79:8f:a5:59:16:02:fe:23:5c:2b:e4:90: + d2:67:7c:bb:74:cb:37:20:40:c4:62:fa:e0:23:f1: + a4:89:70:fe:54:ea:ea:3b:d7:1a:7a:9b:0d:a1:74: + 44:89:c9:58:3d:d6:99:42:6b:e5:da:f5:f1:0c:33: + 26:11:e1:d4:2b:33:d7:2e:be:b9:42:5d:e7:b2:ce: + 52:37:51:30:17:80:a7:77:e0:ca:55:ac:42:12:23: + 17:d6:42:5a:6d:55:1f:f8:f1:13:7b:73:7d:b6:ff: + b7:67:72:d8:55:af:8e:60:71:cd:b8:a4:72:9f:84: + d8:6f:a6:62:1a:0f:79:de:3e:27:a5:08:bc:90:20: + f6:a3:b2:64:21:92:3e:1c:8c:35:f5:38:16:96:18: + f1:5c:de:fd:89:b6:4d:ca:00:0a:59:91:84:9a:28: + ea:1c:8f:0d:14:aa:4b:e5:56:66:9e:40:36:35:ff: + dc:72:f3:ea:e3:7f:b4:73:64:66:ff:81:16:b9:93: + 8e:61:30:7f:15:2e:1d:6c:23:90:76:56:b2:60:11: + 91:19 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - D3:97:C6:F7:B9:E5:17:69:6D:78:39:77:3A:0A:AD:32:2D:40:AC:07 + CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B X509v3 Authority Key Identifier: - keyid:64:90:93:CD:AC:C7:37:36:4D:6B:14:D6:67:D0:54:3A:59:45:3A:FC + keyid:01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -176,41 +176,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - d2:35:f4:84:23:56:e3:2f:d1:54:fa:eb:85:02:e1:b7:aa:94: - a9:73:95:1d:29:9a:35:64:ac:4a:28:a3:87:24:e1:cd:3e:9f: - 53:14:92:ce:86:d6:ae:d5:3f:1d:97:59:ae:c4:1c:ae:78:29: - d7:45:a5:14:58:b6:ac:28:3e:20:e6:27:56:22:b2:bf:80:24: - 8d:bd:ef:17:67:8f:59:74:8b:7e:41:f1:fc:4d:a8:7b:d4:cf: - 0c:ec:41:c6:7a:2b:fc:c3:c2:92:dc:49:f6:7a:3d:bd:b0:41: - 0c:d3:0c:dd:58:1a:42:62:80:10:ad:95:ec:a0:8a:cb:b4:b8: - 8e:5d:45:c7:d2:82:4b:eb:cb:1a:0e:f5:40:46:0d:dd:35:a3: - 9b:d1:3e:55:95:b1:ab:96:63:31:ac:01:b4:ef:20:bc:0d:86: - 88:b2:e5:94:64:6b:f1:1a:73:3e:09:b0:4c:57:87:3a:65:5a: - 84:17:af:1c:cd:a5:4e:72:8e:19:8b:50:0a:97:4b:df:69:2c: - 4c:21:d4:d1:7e:81:74:94:60:5b:b0:5e:56:53:14:b4:52:3d: - c9:45:a5:47:10:74:15:86:a0:52:ba:ff:b5:32:01:ef:dd:0e: - 17:d6:73:35:aa:1e:ca:9a:8b:2e:28:cf:fa:1b:79:be:a7:87: - 4b:b4:0a:26 + 62:11:b8:11:cd:f2:bc:8f:e4:1a:93:66:fc:d3:d3:48:1f:11: + 66:8b:6f:e6:ba:e3:45:56:6f:66:0e:04:5a:ef:f9:a9:91:0f: + 6a:3a:5f:64:7d:7c:7e:a7:17:f4:0f:e5:20:14:71:51:2e:b1: + 61:97:fd:96:6d:ec:ac:f4:56:c2:0a:66:59:b4:f8:59:73:33: + 90:63:be:da:68:b0:42:4f:d9:3c:e1:11:b3:7c:d7:be:b7:e6: + 7c:7e:7b:c0:ef:ac:3a:c1:d2:9c:72:f2:da:30:fd:e4:76:b6: + cc:c3:11:89:dd:3d:9a:fc:6b:6f:7b:a1:58:ba:bb:88:38:4c: + ac:7a:ef:7b:1a:b5:cc:ba:2b:88:77:a8:41:21:8e:46:b4:fe: + d3:bb:f9:4d:c4:6e:8a:7d:f1:88:70:04:ac:e6:86:14:54:dd: + cc:3c:69:62:4a:b9:d4:54:5e:89:77:a9:9e:24:21:94:6d:bd: + 2e:60:61:95:76:7c:6b:d7:96:41:28:cc:3c:6f:56:13:ce:5c: + 82:3e:3e:cf:60:22:88:7e:a6:ce:1e:80:9b:ec:bd:16:04:cd: + c8:0c:db:98:b1:35:ff:16:c3:5c:f5:59:a1:15:05:b9:b0:55: + 81:ca:ba:73:fb:18:de:98:73:22:01:7f:61:64:77:0e:5b:50: + 6b:22:09:d1 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMjEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8oAVRBh -5A6j+Fe4exk0Wne4BjmIBwzs0DtKUwI80dPaSK6KGhw9MLuzNoChb80y/VQmuXfX -HhEwbOvXEZrZr1R+DjfDjfMKXeyC1m7zRvQqgiTkKDjC+mqm9zjNlFAgve5Qnjqj -QBpJd+uyBYwBRubvj1WRCnpEEGK4nz6BMa4IlSk3R1Ps88ec8L5kcLOB8AT0pKpB -rRaPEzGvm+tV3JNtVs/W8Ar7EZ4yWdQHKOH+YHO/Q7//ydzyyjrhDL2QC8KrkdUu -cl1e8PhFez03idEWvZtPycQ0x8QjpARLE9satYLQ9s2Z/vMNmIFlXi+epMFbK2e1 -ByokpucGX0nW1QIDAQABo4HLMIHIMB0GA1UdDgQWBBTTl8b3ueUXaW14OXc6Cq0y -LUCsBzAfBgNVHSMEGDAWgBRkkJPNrMc3Nk1rFNZn0FQ6WUU6/DA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSvThm72 +r6CyCCOTKsAcAknG76lkOU6AajZW5aWTDkUSrQVBml3M7a8ue7bPvRR5j6VZFgL+ +I1wr5JDSZ3y7dMs3IEDEYvrgI/GkiXD+VOrqO9caepsNoXREiclYPdaZQmvl2vXx +DDMmEeHUKzPXLr65Ql3nss5SN1EwF4Cnd+DKVaxCEiMX1kJabVUf+PETe3N9tv+3 +Z3LYVa+OYHHNuKRyn4TYb6ZiGg953j4npQi8kCD2o7JkIZI+HIw19TgWlhjxXN79 +ibZNygAKWZGEmijqHI8NFKpL5VZmnkA2Nf/ccvPq43+0c2Rm/4EWuZOOYTB/FS4d +bCOQdlayYBGRGQIDAQABo4HLMIHIMB0GA1UdDgQWBBTMcmDwjYzLqWz/CVfzav4p +RiQmWzAfBgNVHSMEGDAWgBQBa0kfIY+A3dSXwKi7Kn7c89r94TA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -ANI19IQjVuMv0VT664UC4beqlKlzlR0pmjVkrEooo4ck4c0+n1MUks6G1q7VPx2X -Wa7EHK54KddFpRRYtqwoPiDmJ1Yisr+AJI297xdnj1l0i35B8fxNqHvUzwzsQcZ6 -K/zDwpLcSfZ6Pb2wQQzTDN1YGkJigBCtleygisu0uI5dRcfSgkvryxoO9UBGDd01 -o5vRPlWVsauWYzGsAbTvILwNhoiy5ZRka/Eacz4JsExXhzplWoQXrxzNpU5yjhmL -UAqXS99pLEwh1NF+gXSUYFuwXlZTFLRSPclFpUcQdBWGoFK6/7UyAe/dDhfWczWq -Hsqaiy4oz/obeb6nh0u0CiY= +AGIRuBHN8ryP5BqTZvzT00gfEWaLb+a640VWb2YOBFrv+amRD2o6X2R9fH6nF/QP +5SAUcVEusWGX/ZZt7Kz0VsIKZlm0+FlzM5BjvtposEJP2TzhEbN817635nx+e8Dv +rDrB0pxy8tow/eR2tszDEYndPZr8a297oVi6u4g4TKx673satcy6K4h3qEEhjka0 +/tO7+U3Ebop98YhwBKzmhhRU3cw8aWJKudRUXol3qZ4kIZRtvS5gYZV2fGvXlkEo +zDxvVhPOXII+Ps9gIoh+ps4egJvsvRYEzcgM25ixNf8Ww1z1WaEVBbmwVYHKunP7 +GN6YcyIBf2Fkdw5bUGsiCdE= -----END CERTIFICATE----- Certificate: @@ -227,30 +227,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ea:cc:2d:c4:88:54:07:90:da:62:ef:77:23:b2: - 83:c9:54:06:25:70:65:43:f2:29:a3:f3:22:f2:09: - 92:31:25:77:79:63:4a:7f:d8:e5:1f:16:1a:25:bc: - d4:4b:9a:b3:a0:61:7e:c3:a5:90:32:97:5a:5b:59: - cf:97:d6:ac:2c:86:a7:70:ed:2d:e0:bf:e8:44:6f: - 41:29:55:b0:40:a8:10:d6:4d:67:2b:01:1f:7a:33: - 2b:ce:8f:c8:fb:54:99:e2:11:2d:75:7d:ff:f5:fb: - 53:e5:6b:7e:ca:b8:fc:1f:bc:8f:32:29:6d:d2:6b: - a1:9b:d9:7f:b2:f6:e9:18:72:fe:45:a2:23:dc:bf: - 5d:1e:43:5d:2b:80:2a:71:b4:cb:67:30:cc:aa:54: - 76:fc:4b:a3:2b:ab:99:31:66:bf:5c:09:44:e6:c9: - 27:42:3a:58:b5:fd:db:06:0f:11:04:0d:2d:36:4a: - 02:d5:50:4d:4d:7c:ed:a4:51:49:e3:fe:44:54:30: - 84:b6:1f:54:28:1f:9e:41:b2:20:23:75:e5:d4:e4: - bf:79:a6:ab:84:aa:dc:56:38:cf:2c:d3:8e:13:48: - 43:5a:eb:eb:3b:a0:36:d5:89:0c:68:e2:fb:8f:3a: - 82:ad:01:4b:f8:bb:b0:2e:3d:b7:6e:91:a3:70:9a: - d0:41 + 00:c7:04:19:c8:b2:fc:28:77:e5:99:8e:f0:05:8b: + 0d:5b:e5:38:f1:8e:d1:07:d2:f6:d8:6b:bd:c8:c3: + 2c:f3:05:e9:1f:4c:b6:c1:39:d4:0f:03:2f:62:ba: + e7:c4:7e:9c:7c:1c:be:df:6b:f2:34:b2:45:ec:b9: + 76:a5:3a:25:1c:a1:b7:78:76:0c:e8:3d:76:d1:46: + bd:20:e1:ef:1c:80:22:12:b5:8a:de:78:4f:ed:05: + 25:5d:b4:83:4c:9e:b2:ee:64:b5:df:d9:d1:b7:5f: + 3c:e9:8a:e1:e1:49:bd:d6:7c:fe:4a:38:f1:94:9a: + b5:cc:cf:85:aa:bd:bb:2d:93:b9:a9:2b:c1:f9:82: + c0:ba:68:a5:90:4f:e1:d4:30:6f:99:c4:d9:6c:e8: + 6a:0c:71:a8:ff:c4:7f:b5:9a:e6:07:a0:ed:f4:3c: + 3a:4b:a3:88:b1:41:cf:f1:b8:ea:f8:b7:43:b0:9f: + 88:05:eb:cd:ab:27:f5:ed:62:55:05:3d:62:59:b4: + 1c:07:ca:c4:49:3d:07:80:93:13:ff:0f:31:4f:34: + 41:9e:5b:a9:0a:79:fa:13:91:da:7c:35:c4:7b:56: + 9c:a1:89:05:7d:6e:12:e5:e4:83:be:9a:5e:14:cd: + fc:27:58:ae:f5:26:83:36:a4:04:61:a7:4a:01:2f: + 1a:4f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 64:90:93:CD:AC:C7:37:36:4D:6B:14:D6:67:D0:54:3A:59:45:3A:FC + 01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 X509v3 Authority Key Identifier: - keyid:64:90:93:CD:AC:C7:37:36:4D:6B:14:D6:67:D0:54:3A:59:45:3A:FC + keyid:01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -265,41 +265,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 77:d8:b1:3b:e5:c4:ce:c7:37:c6:fa:d7:a7:a1:cf:66:0e:19: - 49:ea:06:f2:ec:8d:92:7d:e2:de:43:32:22:55:b4:84:f5:30: - bb:44:91:c1:81:2a:aa:ae:e1:3c:86:17:20:28:15:a1:d0:dc: - ce:7c:62:67:4e:d5:a8:e0:e3:44:91:af:96:24:58:0d:eb:26: - 1f:42:37:82:de:d6:84:40:36:c7:78:7d:6c:f7:fa:54:a0:70: - d0:b9:41:a8:f2:3b:19:f1:cc:36:97:69:78:66:3c:ad:03:1e: - 70:e7:81:23:11:d6:98:d7:ba:e5:98:d8:12:c7:4b:1d:5b:b1: - cd:91:5c:49:f0:d3:99:dd:9e:ab:db:7b:32:f6:8c:be:fe:0b: - 2b:1e:96:8d:6e:7e:4a:69:71:f3:b6:f7:44:5f:a1:2f:62:67: - f0:55:b0:a2:d1:db:7f:58:3b:10:05:4f:e1:00:9d:45:4f:5d: - 1e:b8:a8:83:bd:33:bd:14:07:34:23:5e:99:bb:16:3e:ee:de: - 84:96:53:bf:29:e7:a5:52:a9:b6:6a:76:db:a6:ee:45:34:3f: - f7:48:d8:8a:12:46:c6:6c:ba:31:85:e8:45:07:85:23:37:85: - ff:15:de:0b:a8:97:40:60:11:9d:20:a8:fc:53:38:66:ea:9e: - d4:1b:9f:34 + ac:6f:d2:b3:2b:51:36:e5:34:6e:14:1a:cd:fd:9b:51:24:ab: + c0:11:ca:ce:a3:2a:16:a9:b2:52:a0:01:a8:3a:9c:d0:81:14: + bb:dc:9e:52:9c:ed:bb:42:06:89:11:7f:ed:5a:c0:c5:be:60: + e9:b6:1c:e5:4d:b1:06:d2:0c:2f:19:07:01:9b:6a:bd:2a:97: + 71:5d:a7:dd:da:28:00:ae:f5:44:bd:67:7f:ba:98:b8:d4:d3: + b4:e7:47:3c:82:60:e1:6d:40:db:a5:dd:3f:84:ef:2c:84:53: + a1:8d:9e:4a:29:b9:a9:5b:8a:b7:79:a5:70:cc:ff:aa:75:01: + 40:dc:e5:ab:93:16:29:9b:ce:de:56:8c:c2:4d:62:f9:70:1a: + cb:92:cf:67:5a:ad:11:1a:e4:33:21:e9:28:16:23:82:1a:ee: + 91:e6:b9:24:cd:a9:e6:63:46:4b:04:72:2c:d0:79:ab:ca:fc: + cf:a7:c8:e5:94:e7:f5:4c:0d:99:3d:cf:4a:4a:ab:c7:a6:5e: + 5e:eb:12:b8:3f:35:b5:e6:99:d6:30:ec:aa:33:44:81:20:77: + d6:13:f4:78:72:a8:20:08:94:c1:4a:b9:d6:f1:d8:05:11:ad: + 03:8b:62:d8:80:8f:96:b5:34:6a:7d:a6:11:52:e0:c4:ea:bf: + 83:3c:66:f5 -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMjEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOrMLcSIVAeQ2mLvdyOy -g8lUBiVwZUPyKaPzIvIJkjEld3ljSn/Y5R8WGiW81Euas6BhfsOlkDKXWltZz5fW -rCyGp3DtLeC/6ERvQSlVsECoENZNZysBH3ozK86PyPtUmeIRLXV9//X7U+Vrfsq4 -/B+8jzIpbdJroZvZf7L26Rhy/kWiI9y/XR5DXSuAKnG0y2cwzKpUdvxLoyurmTFm -v1wJRObJJ0I6WLX92wYPEQQNLTZKAtVQTU187aRRSeP+RFQwhLYfVCgfnkGyICN1 -5dTkv3mmq4Sq3FY4zyzTjhNIQ1rr6zugNtWJDGji+486gq0BS/i7sC49t26Ro3Ca -0EECAwEAAaOByzCByDAdBgNVHQ4EFgQUZJCTzazHNzZNaxTWZ9BUOllFOvwwHwYD -VR0jBBgwFoAUZJCTzazHNzZNaxTWZ9BUOllFOvwwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcEGciy/Ch35ZmO8AWL +DVvlOPGO0QfS9thrvcjDLPMF6R9MtsE51A8DL2K658R+nHwcvt9r8jSyRey5dqU6 +JRyht3h2DOg9dtFGvSDh7xyAIhK1it54T+0FJV20g0yesu5ktd/Z0bdfPOmK4eFJ +vdZ8/ko48ZSatczPhaq9uy2TuakrwfmCwLpopZBP4dQwb5nE2WzoagxxqP/Ef7Wa +5geg7fQ8OkujiLFBz/G46vi3Q7CfiAXrzasn9e1iVQU9Ylm0HAfKxEk9B4CTE/8P +MU80QZ5bqQp5+hOR2nw1xHtWnKGJBX1uEuXkg76aXhTN/CdYrvUmgzakBGGnSgEv +Gk8CAwEAAaOByzCByDAdBgNVHQ4EFgQUAWtJHyGPgN3Ul8Couyp+3PPa/eEwHwYD +VR0jBBgwFoAUAWtJHyGPgN3Ul8Couyp+3PPa/eEwNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB32LE75cTO -xzfG+tenoc9mDhlJ6gby7I2SfeLeQzIiVbSE9TC7RJHBgSqqruE8hhcgKBWh0NzO -fGJnTtWo4ONEka+WJFgN6yYfQjeC3taEQDbHeH1s9/pUoHDQuUGo8jsZ8cw2l2l4 -ZjytAx5w54EjEdaY17rlmNgSx0sdW7HNkVxJ8NOZ3Z6r23sy9oy+/gsrHpaNbn5K -aXHztvdEX6EvYmfwVbCi0dt/WDsQBU/hAJ1FT10euKiDvTO9FAc0I16ZuxY+7t6E -llO/KeelUqm2anbbpu5FND/3SNiKEkbGbLoxhehFB4UjN4X/Fd4LqJdAYBGdIKj8 -Uzhm6p7UG580 +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCsb9KzK1E2 +5TRuFBrN/ZtRJKvAEcrOoyoWqbJSoAGoOpzQgRS73J5SnO27QgaJEX/tWsDFvmDp +thzlTbEG0gwvGQcBm2q9KpdxXafd2igArvVEvWd/upi41NO050c8gmDhbUDbpd0/ +hO8shFOhjZ5KKbmpW4q3eaVwzP+qdQFA3OWrkxYpm87eVozCTWL5cBrLks9nWq0R +GuQzIekoFiOCGu6R5rkkzanmY0ZLBHIs0HmryvzPp8jllOf1TA2ZPc9KSqvHpl5e +6xK4PzW15pnWMOyqM0SBIHfWE/R4cqggCJTBSrnW8dgFEa0Di2LYgI+WtTRqfaYR +UuDE6r+DPGb1 -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -311,3 +311,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/key-rollover-oldchain.pem b/chromium/net/data/verify_certificate_chain_unittest/key-rollover-oldchain.pem index b9f9182007d..cf548745b0c 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/key-rollover-oldchain.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/key-rollover-oldchain.pem @@ -48,30 +48,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:d0:14:31:90:c4:c6:d0:b9:10:9e:e4:7a:e2:bc: - 16:ab:d2:5e:d7:3d:00:11:bf:25:0b:32:17:57:c4: - fb:f6:60:0d:5a:7c:43:08:88:e6:35:f7:39:0f:dc: - d7:ef:22:18:52:5b:de:27:35:10:93:ab:c0:ae:98: - 1b:e1:c7:40:a8:be:84:2a:e6:69:7c:c4:68:1e:c4: - 0d:29:97:55:12:fb:30:86:a3:8f:03:0c:d4:4b:22: - 76:ac:a8:db:fd:20:4c:46:ea:21:9b:59:4f:ea:9c: - 20:6f:ff:e1:7c:7d:64:5c:4b:91:4d:ac:56:1d:19: - 12:6c:af:f2:99:40:21:9d:06:b9:a2:90:2c:7b:bc: - af:fe:c0:40:a1:06:89:62:f3:f3:fd:a0:07:61:aa: - c2:f9:e1:0e:13:96:92:ac:53:ba:ed:a5:36:c9:b9: - 04:e7:13:67:bc:0e:63:dc:22:29:53:e2:e3:59:ab: - 5c:25:cd:d9:fb:46:4e:91:70:dd:41:4b:35:87:a4: - fd:2c:66:be:75:7e:03:e9:12:61:66:cb:19:88:a1: - 61:b7:13:b4:ab:51:a6:d5:58:9c:db:8c:a2:1a:da: - c3:6f:cb:b6:b1:65:d8:a3:a3:d1:87:d8:b9:bb:b8: - c1:83:f1:83:38:2a:fd:a3:f6:a6:59:f2:27:f1:e3: - 50:29 + 00:ef:77:94:e8:68:c5:7e:1d:9b:ae:10:cd:d5:bb: + 96:27:0c:05:17:f4:ec:bc:da:7d:28:e5:b7:e5:8f: + da:d8:ae:7a:2a:d2:e3:15:9b:12:62:79:02:61:3d: + 3f:8b:64:4e:fb:7d:e1:59:bd:2f:83:ad:d3:b8:e5: + 45:33:c4:13:5f:79:ef:8a:3e:c0:39:20:81:e2:98: + b9:e6:c9:60:b6:8e:b4:bf:b4:2b:55:ae:b1:7c:21: + d3:fe:ec:f0:56:31:fe:0a:19:c4:2c:54:a4:97:aa: + 84:a2:83:f8:5a:9a:f3:11:b8:ad:3b:14:3a:68:5a: + 72:24:49:6f:6f:5a:02:39:91:07:09:cb:18:57:13: + 1e:a4:54:03:31:5c:b6:e9:7d:78:2d:e8:ba:2f:70: + 17:0a:03:11:aa:90:c7:5e:f0:1b:7f:56:39:f5:e0: + 1f:1e:33:8d:23:30:e6:7a:ba:5e:ca:46:33:13:04: + 5c:65:b0:be:53:7f:ab:a7:9f:8d:fb:bd:46:e5:87: + 44:31:55:e5:9f:97:7e:a3:ec:69:a8:d7:8b:47:ae: + 48:ae:74:50:5e:57:55:31:ca:36:ec:43:a1:dd:61: + b2:18:12:6a:29:0b:63:24:d5:71:4d:da:e7:0f:0d: + e3:2c:aa:76:6b:f9:2c:93:c2:fa:f9:40:2c:1b:34: + 65:53 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 01:D0:19:F4:6B:86:BC:17:3B:FB:74:95:0F:53:BD:BD:4E:CA:10:D6 + FA:2D:AF:E0:5F:8E:8E:18:7A:FB:AF:FE:D9:C9:A3:62:AA:B8:2A:18 X509v3 Authority Key Identifier: - keyid:D3:97:C6:F7:B9:E5:17:69:6D:78:39:77:3A:0A:AD:32:2D:40:AC:07 + keyid:CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -86,42 +86,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 0e:b6:ad:85:34:3d:cf:9c:2f:8c:e7:90:80:33:f6:12:99:40: - 6d:89:7b:5c:08:c9:a9:fc:40:24:1e:14:ac:6c:6a:11:aa:3e: - ea:c1:19:32:75:67:26:fe:c0:f9:55:e9:b6:04:74:c9:e3:22: - 59:3a:06:5a:5f:25:6d:1d:df:48:62:a4:ee:d0:87:df:20:9d: - 9c:95:aa:4e:77:05:28:e6:66:ac:ae:23:e4:74:df:5a:b4:21: - e7:3d:0f:95:61:84:11:7e:d8:72:66:dd:85:c7:41:fe:44:12: - da:4c:c7:1b:ab:7d:4b:3d:c4:38:2d:b9:54:8a:26:1e:76:1b: - f6:0b:8a:e9:fa:9f:0a:e6:cc:6d:c5:55:f1:a5:29:20:42:05: - d4:5a:4f:27:ab:b6:e4:c4:ea:4d:8b:97:53:67:03:75:32:1f: - 9d:1e:b8:72:e1:c4:5a:09:15:d7:ce:a3:59:ed:cc:4d:0f:ea: - c0:1d:57:1a:43:d7:7a:63:86:b0:b8:5c:4f:34:29:a4:be:90: - c4:6b:39:20:c9:25:96:7d:a1:cc:ee:f7:57:04:69:d7:21:66: - 1d:cc:4e:6c:10:1a:6e:87:11:f3:e3:ae:9e:5b:64:04:ee:ac: - c6:0a:24:80:e4:0a:0e:89:49:9d:0f:1d:74:b2:f6:db:7e:25: - a1:d0:6e:7e + 51:34:ff:18:bc:d1:50:95:2c:2e:0c:2c:6c:30:c2:1e:d2:c7: + 35:76:25:c3:4f:81:4a:9a:f2:40:e4:f0:26:35:2c:50:79:2f: + 34:91:0d:b6:ee:5b:4f:e1:cb:81:2d:4d:a9:65:21:3e:05:c6: + 71:f0:ea:45:83:43:a1:45:8a:fb:84:d2:19:09:d8:81:6d:81: + 19:4c:07:11:a6:cf:7d:f1:e1:b6:15:0b:c8:e1:ef:f9:97:6c: + 17:db:8c:5d:a0:86:6c:dc:c9:1a:fa:c2:f8:ce:24:c0:8c:88: + 23:13:0a:1a:88:ad:8f:7c:9d:c8:82:cc:c7:05:02:85:dd:f8: + 7b:32:bb:3c:88:11:1c:35:d9:08:51:15:9e:e3:94:f4:d0:04: + 70:8b:62:6b:4f:98:ac:13:8a:d5:b0:07:73:99:1a:87:b4:c1: + 30:36:f2:27:24:7a:40:2b:e9:70:99:39:27:98:95:75:23:d4: + 0c:3e:92:5e:2b:86:14:ec:94:f5:76:95:e2:38:0d:63:01:10: + f8:a5:0d:67:d8:ca:61:b0:db:7c:9b:b9:6d:83:9b:cd:1c:e6: + 78:54:6a:21:46:8c:88:d6:ae:a4:ad:47:44:f9:99:c0:4c:5f: + 0c:8a:6b:f4:f4:14:68:df:c7:97:91:db:55:1b:64:ef:30:d6: + 6f:3b:99:1f -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQFDGQ -xMbQuRCe5HrivBar0l7XPQARvyULMhdXxPv2YA1afEMIiOY19zkP3NfvIhhSW94n -NRCTq8CumBvhx0CovoQq5ml8xGgexA0pl1US+zCGo48DDNRLInasqNv9IExG6iGb -WU/qnCBv/+F8fWRcS5FNrFYdGRJsr/KZQCGdBrmikCx7vK/+wEChBoli8/P9oAdh -qsL54Q4TlpKsU7rtpTbJuQTnE2e8DmPcIilT4uNZq1wlzdn7Rk6RcN1BSzWHpP0s -Zr51fgPpEmFmyxmIoWG3E7SrUabVWJzbjKIa2sNvy7axZdijo9GH2Lm7uMGD8YM4 -Kv2j9qZZ8ifx41ApAgMBAAGjgekwgeYwHQYDVR0OBBYEFAHQGfRrhrwXO/t0lQ9T -vb1OyhDWMB8GA1UdIwQYMBaAFNOXxve55RdpbXg5dzoKrTItQKwHMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvd5To +aMV+HZuuEM3Vu5YnDAUX9Oy82n0o5bflj9rYrnoq0uMVmxJieQJhPT+LZE77feFZ +vS+DrdO45UUzxBNfee+KPsA5IIHimLnmyWC2jrS/tCtVrrF8IdP+7PBWMf4KGcQs +VKSXqoSig/hamvMRuK07FDpoWnIkSW9vWgI5kQcJyxhXEx6kVAMxXLbpfXgt6Lov +cBcKAxGqkMde8Bt/Vjn14B8eM40jMOZ6ul7KRjMTBFxlsL5Tf6unn437vUblh0Qx +VeWfl36j7Gmo14tHrkiudFBeV1UxyjbsQ6HdYbIYEmopC2Mk1XFN2ucPDeMsqnZr ++SyTwvr5QCwbNGVTAgMBAAGjgekwgeYwHQYDVR0OBBYEFPotr+Bfjo4Yevuv/tnJ +o2KquCoYMB8GA1UdIwQYMBaAFMxyYPCNjMupbP8JV/Nq/ilGJCZbMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEADrathTQ9z5wvjOeQgDP2 -EplAbYl7XAjJqfxAJB4UrGxqEao+6sEZMnVnJv7A+VXptgR0yeMiWToGWl8lbR3f -SGKk7tCH3yCdnJWqTncFKOZmrK4j5HTfWrQh5z0PlWGEEX7YcmbdhcdB/kQS2kzH -G6t9Sz3EOC25VIomHnYb9guK6fqfCubMbcVV8aUpIEIF1FpPJ6u25MTqTYuXU2cD -dTIfnR64cuHEWgkV186jWe3MTQ/qwB1XGkPXemOGsLhcTzQppL6QxGs5IMklln2h -zO73VwRp1yFmHcxObBAabocR8+OunltkBO6sxgokgOQKDolJnQ8ddLL2234lodBu -fg== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAUTT/GLzRUJUsLgwsbDDC +HtLHNXYlw0+BSpryQOTwJjUsUHkvNJENtu5bT+HLgS1NqWUhPgXGcfDqRYNDoUWK ++4TSGQnYgW2BGUwHEabPffHhthULyOHv+ZdsF9uMXaCGbNzJGvrC+M4kwIyIIxMK +Goitj3ydyILMxwUChd34ezK7PIgRHDXZCFEVnuOU9NAEcItia0+YrBOK1bAHc5ka +h7TBMDbyJyR6QCvpcJk5J5iVdSPUDD6SXiuGFOyU9XaV4jgNYwEQ+KUNZ9jKYbDb +fJu5bYObzRzmeFRqIUaMiNaupK1HRPmZwExfDIpr9PQUaN/Hl5HbVRtk7zDWbzuZ +Hw== -----END CERTIFICATE----- Certificate: @@ -138,30 +138,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:bf:ca:00:55:10:61:e4:0e:a3:f8:57:b8:7b:19: - 34:5a:77:b8:06:39:88:07:0c:ec:d0:3b:4a:53:02: - 3c:d1:d3:da:48:ae:8a:1a:1c:3d:30:bb:b3:36:80: - a1:6f:cd:32:fd:54:26:b9:77:d7:1e:11:30:6c:eb: - d7:11:9a:d9:af:54:7e:0e:37:c3:8d:f3:0a:5d:ec: - 82:d6:6e:f3:46:f4:2a:82:24:e4:28:38:c2:fa:6a: - a6:f7:38:cd:94:50:20:bd:ee:50:9e:3a:a3:40:1a: - 49:77:eb:b2:05:8c:01:46:e6:ef:8f:55:91:0a:7a: - 44:10:62:b8:9f:3e:81:31:ae:08:95:29:37:47:53: - ec:f3:c7:9c:f0:be:64:70:b3:81:f0:04:f4:a4:aa: - 41:ad:16:8f:13:31:af:9b:eb:55:dc:93:6d:56:cf: - d6:f0:0a:fb:11:9e:32:59:d4:07:28:e1:fe:60:73: - bf:43:bf:ff:c9:dc:f2:ca:3a:e1:0c:bd:90:0b:c2: - ab:91:d5:2e:72:5d:5e:f0:f8:45:7b:3d:37:89:d1: - 16:bd:9b:4f:c9:c4:34:c7:c4:23:a4:04:4b:13:db: - 1a:b5:82:d0:f6:cd:99:fe:f3:0d:98:81:65:5e:2f: - 9e:a4:c1:5b:2b:67:b5:07:2a:24:a6:e7:06:5f:49: - d6:d5 + 00:9d:2b:d3:86:6e:f6:af:a0:b2:08:23:93:2a:c0: + 1c:02:49:c6:ef:a9:64:39:4e:80:6a:36:56:e5:a5: + 93:0e:45:12:ad:05:41:9a:5d:cc:ed:af:2e:7b:b6: + cf:bd:14:79:8f:a5:59:16:02:fe:23:5c:2b:e4:90: + d2:67:7c:bb:74:cb:37:20:40:c4:62:fa:e0:23:f1: + a4:89:70:fe:54:ea:ea:3b:d7:1a:7a:9b:0d:a1:74: + 44:89:c9:58:3d:d6:99:42:6b:e5:da:f5:f1:0c:33: + 26:11:e1:d4:2b:33:d7:2e:be:b9:42:5d:e7:b2:ce: + 52:37:51:30:17:80:a7:77:e0:ca:55:ac:42:12:23: + 17:d6:42:5a:6d:55:1f:f8:f1:13:7b:73:7d:b6:ff: + b7:67:72:d8:55:af:8e:60:71:cd:b8:a4:72:9f:84: + d8:6f:a6:62:1a:0f:79:de:3e:27:a5:08:bc:90:20: + f6:a3:b2:64:21:92:3e:1c:8c:35:f5:38:16:96:18: + f1:5c:de:fd:89:b6:4d:ca:00:0a:59:91:84:9a:28: + ea:1c:8f:0d:14:aa:4b:e5:56:66:9e:40:36:35:ff: + dc:72:f3:ea:e3:7f:b4:73:64:66:ff:81:16:b9:93: + 8e:61:30:7f:15:2e:1d:6c:23:90:76:56:b2:60:11: + 91:19 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - D3:97:C6:F7:B9:E5:17:69:6D:78:39:77:3A:0A:AD:32:2D:40:AC:07 + CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B X509v3 Authority Key Identifier: - keyid:5D:A1:03:3D:8F:13:F9:08:AF:1E:83:6C:BC:DE:6F:A3:B5:C2:1A:EA + keyid:D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -176,41 +176,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 9f:f2:71:1d:88:6c:57:db:19:12:ed:da:7c:5e:ef:81:90:30: - 2f:f8:9a:df:de:90:bc:9d:6b:26:64:10:87:b8:45:78:8d:8d: - 37:fe:c8:86:75:d0:a2:c5:88:78:b6:8d:30:f7:8c:63:5e:3f: - 8d:7d:54:81:68:80:34:dd:cf:37:73:24:91:ef:42:7a:5c:ed: - 94:9a:b9:6f:a6:13:1d:04:9d:0a:e6:53:eb:6c:2d:7b:24:06: - b3:d4:3a:79:94:17:68:9e:c2:36:91:b7:30:f2:cf:c3:6c:22: - 2d:73:2c:e6:ca:d0:97:db:a1:f6:7e:2e:e2:5b:27:d5:86:a9: - ec:92:3b:f9:5d:ae:bd:f9:a7:d6:a9:dd:f9:93:49:2d:f1:99: - a6:98:10:43:0e:2f:98:97:e0:17:36:86:57:75:22:63:65:39: - eb:69:e9:cc:4d:9c:9b:35:63:5b:1b:04:fb:7a:b4:91:30:a2: - 5c:4e:c0:a8:7c:94:ce:4c:d8:eb:f2:fe:34:be:e6:76:bc:fe: - 8c:9e:d3:3b:6d:ae:62:92:8b:0f:41:9c:d7:65:0d:7b:1b:c5: - e9:5f:11:a2:f1:18:22:5e:0d:e7:9b:b7:b7:c5:34:77:ef:32: - b5:94:ef:dd:a6:6e:a7:07:43:c9:7f:b8:04:2a:88:53:44:93: - a2:db:05:93 + 29:c4:ea:ed:96:59:cb:8d:42:6f:15:e6:73:c6:90:51:d1:95: + 4f:f3:17:36:3a:2f:8b:05:2f:30:30:51:14:62:3e:c0:cb:89: + 9c:b5:33:db:17:84:a1:e4:84:98:c0:11:61:74:0f:83:b0:1a: + 94:8a:64:2a:65:51:d0:88:28:f1:9f:54:29:17:7b:1d:d2:7e: + e7:98:46:97:83:7f:3f:b0:6a:d5:ed:64:65:41:2c:94:40:6e: + 77:96:83:f8:60:43:22:cc:b2:0e:ee:4b:31:61:cb:03:05:ca: + 24:0f:4a:c2:70:c0:b9:4c:0c:a7:1c:be:f5:24:3f:b9:78:ed: + df:df:f9:f9:23:fc:17:80:3f:85:66:b9:c9:3b:e8:53:3f:3e: + e7:ce:fe:e5:b0:60:9b:20:cc:82:91:4e:a3:be:b0:7f:f1:e6: + f4:be:58:97:7c:55:00:98:49:77:76:5a:32:29:ba:2d:14:48: + 90:d9:ca:c6:5e:7c:3a:f9:e7:c3:2d:1b:9a:fc:3e:61:3e:4e: + 1f:e1:ce:e1:bb:10:71:ab:aa:5f:c3:7f:60:08:8b:b8:5a:0d: + 46:8e:7e:a3:f6:15:ff:15:3d:e3:a6:18:2b:bf:06:7d:d6:a1: + 03:74:cc:55:3e:0a:97:a2:cb:39:0d:43:c2:b6:14:1b:05:fe: + 58:b5:16:f2 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8oAVRBh -5A6j+Fe4exk0Wne4BjmIBwzs0DtKUwI80dPaSK6KGhw9MLuzNoChb80y/VQmuXfX -HhEwbOvXEZrZr1R+DjfDjfMKXeyC1m7zRvQqgiTkKDjC+mqm9zjNlFAgve5Qnjqj -QBpJd+uyBYwBRubvj1WRCnpEEGK4nz6BMa4IlSk3R1Ps88ec8L5kcLOB8AT0pKpB -rRaPEzGvm+tV3JNtVs/W8Ar7EZ4yWdQHKOH+YHO/Q7//ydzyyjrhDL2QC8KrkdUu -cl1e8PhFez03idEWvZtPycQ0x8QjpARLE9satYLQ9s2Z/vMNmIFlXi+epMFbK2e1 -ByokpucGX0nW1QIDAQABo4HLMIHIMB0GA1UdDgQWBBTTl8b3ueUXaW14OXc6Cq0y -LUCsBzAfBgNVHSMEGDAWgBRdoQM9jxP5CK8eg2y83m+jtcIa6jA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSvThm72 +r6CyCCOTKsAcAknG76lkOU6AajZW5aWTDkUSrQVBml3M7a8ue7bPvRR5j6VZFgL+ +I1wr5JDSZ3y7dMs3IEDEYvrgI/GkiXD+VOrqO9caepsNoXREiclYPdaZQmvl2vXx +DDMmEeHUKzPXLr65Ql3nss5SN1EwF4Cnd+DKVaxCEiMX1kJabVUf+PETe3N9tv+3 +Z3LYVa+OYHHNuKRyn4TYb6ZiGg953j4npQi8kCD2o7JkIZI+HIw19TgWlhjxXN79 +ibZNygAKWZGEmijqHI8NFKpL5VZmnkA2Nf/ccvPq43+0c2Rm/4EWuZOOYTB/FS4d +bCOQdlayYBGRGQIDAQABo4HLMIHIMB0GA1UdDgQWBBTMcmDwjYzLqWz/CVfzav4p +RiQmWzAfBgNVHSMEGDAWgBTSRWRoho4H8q+/C/Pdf2EdS2tKzTA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AJ/ycR2IbFfbGRLt2nxe74GQMC/4mt/ekLydayZkEIe4RXiNjTf+yIZ10KLFiHi2 -jTD3jGNeP419VIFogDTdzzdzJJHvQnpc7ZSauW+mEx0EnQrmU+tsLXskBrPUOnmU -F2iewjaRtzDyz8NsIi1zLObK0JfbofZ+LuJbJ9WGqeySO/ldrr35p9ap3fmTSS3x -maaYEEMOL5iX4Bc2hld1ImNlOetp6cxNnJs1Y1sbBPt6tJEwolxOwKh8lM5M2Ovy -/jS+5na8/oye0zttrmKSiw9BnNdlDXsbxelfEaLxGCJeDeebt7fFNHfvMrWU792m -bqcHQ8l/uAQqiFNEk6LbBZM= +ACnE6u2WWcuNQm8V5nPGkFHRlU/zFzY6L4sFLzAwURRiPsDLiZy1M9sXhKHkhJjA +EWF0D4OwGpSKZCplUdCIKPGfVCkXex3SfueYRpeDfz+watXtZGVBLJRAbneWg/hg +QyLMsg7uSzFhywMFyiQPSsJwwLlMDKccvvUkP7l47d/f+fkj/BeAP4Vmuck76FM/ +PufO/uWwYJsgzIKRTqO+sH/x5vS+WJd8VQCYSXd2WjIpui0USJDZysZefDr558Mt +G5r8PmE+Th/hzuG7EHGrql/Df2AIi7haDUaOfqP2Ff8VPeOmGCu/Bn3WoQN0zFU+ +CpeiyzkNQ8K2FBsF/li1FvI= -----END CERTIFICATE----- Certificate: @@ -227,30 +227,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:a7:67:cf:1d:f5:54:e9:96:54:bc:65:8c:b7:9e: - 72:39:05:68:3d:44:e5:93:d8:4b:61:b1:a4:b4:b4: - 4c:c6:a0:92:b6:4d:06:3a:5b:b2:0a:8a:27:cb:b1: - e7:c3:35:47:ef:ac:2d:a7:d0:9c:b2:50:6a:58:3d: - 12:a4:85:dc:77:a9:08:e5:f4:1f:c0:ef:00:51:cd: - 68:62:d5:e5:cc:01:be:be:42:8b:35:fb:00:9c:30: - 84:0c:d7:35:7d:88:d1:1b:43:78:19:79:aa:06:b3: - ac:5c:69:a0:23:f0:69:dc:89:59:97:05:df:01:ae: - 5b:8f:01:a0:78:4f:05:4e:36:ac:00:b4:8d:e8:79: - 05:07:f2:76:a4:63:3f:95:21:06:57:61:a9:f0:43: - 04:d1:92:d3:9d:bb:b3:8f:5b:ef:ab:81:a0:23:11: - 38:b5:02:b2:95:1d:ac:da:b8:36:60:d7:d7:01:6d: - e8:ed:32:21:b4:84:97:33:7c:67:88:0e:44:c7:12: - 87:85:6a:49:80:82:cb:1e:16:2b:2f:6d:98:82:a0: - a0:30:cc:55:df:93:65:e0:9a:08:24:8a:47:cc:69: - 53:3c:b7:62:fa:df:11:64:d0:3f:52:43:80:f8:cf: - 7b:6f:d0:65:20:fb:22:d0:43:ca:fc:fc:0f:bd:1c: - 42:b9 + 00:ef:5f:3f:57:00:ad:2d:82:81:56:19:c0:da:98: + 72:8b:7f:4b:4f:37:f2:d9:0e:b3:3c:7b:73:d3:8a: + ad:5a:94:9c:37:0b:bc:68:4b:40:ac:a9:d1:1f:1b: + 35:6a:74:50:6b:91:c2:30:e5:a6:88:87:90:f4:dc: + 8d:09:49:6a:3e:f0:fe:cf:bb:b3:3b:33:c1:2a:2e: + b9:fb:9b:6a:db:2a:a6:9f:87:46:6a:b0:7d:87:c6: + 63:27:cd:58:e7:55:7d:c5:6c:d8:ac:c7:10:fb:6e: + 68:40:9d:69:bf:8f:a0:9c:36:d8:7a:dc:fb:14:48: + f4:96:5d:c2:0e:8f:e9:2f:1d:08:13:04:a0:1d:03: + 78:b8:a6:97:15:13:0f:91:4e:9e:18:00:96:9f:94: + e6:ad:02:2e:c7:60:c8:ed:50:54:02:2e:b2:6b:6e: + d5:78:7f:7a:74:20:20:f6:9c:fa:98:17:b3:8f:fd: + 92:01:3d:ff:e6:56:fa:45:28:41:b1:3c:ba:4a:ef: + bc:ff:4c:1e:d3:96:bc:5d:a6:06:7d:27:d8:66:13: + e0:40:74:83:8c:f4:89:c9:8d:8a:13:b7:98:88:32: + 6c:51:6c:15:92:1c:1b:e7:f7:08:a6:35:81:b4:24: + be:45:10:1f:ff:c9:e4:4d:35:b7:4d:3c:ae:54:d2: + ee:6f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 5D:A1:03:3D:8F:13:F9:08:AF:1E:83:6C:BC:DE:6F:A3:B5:C2:1A:EA + D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD X509v3 Authority Key Identifier: - keyid:5D:A1:03:3D:8F:13:F9:08:AF:1E:83:6C:BC:DE:6F:A3:B5:C2:1A:EA + keyid:D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -265,41 +265,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 7f:ec:13:f0:46:53:d5:75:08:a5:37:44:9c:47:19:9e:05:ef: - d6:30:68:1e:0b:c8:3c:84:93:51:36:25:48:60:56:d4:79:1f: - b6:2c:91:e3:6f:61:f9:e7:7d:c8:b6:7b:70:7f:27:6d:2c:38: - ec:73:e4:8c:86:f4:48:8e:1b:09:0d:9f:f8:5a:1f:95:ed:f1: - 03:ea:99:64:d6:2d:46:4e:b8:0b:67:10:98:8e:19:2e:31:e1: - e3:d6:fe:7c:97:e9:a3:7a:18:25:9c:d4:4f:ce:a9:11:1d:f0: - 53:32:8a:e8:8e:8d:80:fb:f1:c1:c1:6a:c1:cf:d2:36:a2:b1: - f9:32:9e:05:fd:73:1a:b9:37:e5:55:b2:1e:78:84:a5:04:45: - 4a:d5:24:ad:20:39:fe:ab:ce:38:dd:c0:1e:2f:dd:ce:b4:5c: - 49:1d:ab:7a:e1:bd:e9:a6:d2:02:64:8a:a9:97:36:89:42:c2: - 82:14:ec:aa:dd:77:be:b1:d6:d2:4f:8b:a4:fe:5b:06:28:1c: - 2f:4e:83:15:1f:10:a9:c6:ce:8e:a6:ca:bb:2c:01:6a:ae:99: - 59:44:05:fc:a5:7e:fe:73:5f:df:b5:0b:48:b5:43:b6:10:9f: - 42:2e:8b:65:f6:47:25:27:66:ef:a6:a0:ca:d3:cc:9c:ac:2d: - 22:5b:87:5c + b6:c1:5c:d8:13:5b:e8:b9:43:d0:d8:44:dc:85:82:03:9f:f3: + a8:ed:60:da:86:74:14:69:76:69:de:3d:27:c3:f8:c0:84:40: + 7d:e4:ab:93:48:51:fe:b3:d3:9f:42:5d:df:66:86:9a:b3:77: + de:84:f8:07:b6:a0:fa:01:96:6b:01:3a:21:06:30:cd:47:2f: + 39:bb:e0:8c:78:2d:4c:53:e8:01:0a:7b:8b:46:c1:a8:b2:45: + e3:99:fb:e0:ea:53:e3:d3:76:0a:28:38:f6:f4:c6:90:18:51: + b7:af:ae:8f:68:5b:da:be:e9:e3:62:6d:dc:39:0d:27:e4:a1: + 87:d3:f1:6c:c5:84:9c:c4:55:88:b3:25:d0:2a:70:a8:15:de: + 7b:51:fd:d8:3e:db:08:04:1c:af:97:d3:2b:ce:6e:a5:cc:05: + 48:82:f5:46:05:42:29:a7:e8:e5:f3:ad:4f:90:4f:9d:4e:76: + 94:85:c6:26:6c:1a:b2:86:50:13:81:68:e0:3b:5b:51:2c:be: + f0:9f:ea:98:fa:9d:16:7b:59:8f:e1:91:39:3b:a0:22:e5:13: + 04:ee:d5:28:63:bb:df:ab:58:84:02:95:2e:1e:66:42:b1:e2: + 49:6a:62:f1:e0:1d:fa:86:b0:fb:6d:0b:05:8b:8a:ca:f6:0b: + 85:96:d6:ab -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKdnzx31VOmWVLxljLee -cjkFaD1E5ZPYS2GxpLS0TMagkrZNBjpbsgqKJ8ux58M1R++sLafQnLJQalg9EqSF -3HepCOX0H8DvAFHNaGLV5cwBvr5CizX7AJwwhAzXNX2I0RtDeBl5qgazrFxpoCPw -adyJWZcF3wGuW48BoHhPBU42rAC0jeh5BQfydqRjP5UhBldhqfBDBNGS0527s49b -76uBoCMROLUCspUdrNq4NmDX1wFt6O0yIbSElzN8Z4gORMcSh4VqSYCCyx4WKy9t -mIKgoDDMVd+TZeCaCCSKR8xpUzy3YvrfEWTQP1JDgPjPe2/QZSD7ItBDyvz8D70c -QrkCAwEAAaOByzCByDAdBgNVHQ4EFgQUXaEDPY8T+QivHoNsvN5vo7XCGuowHwYD -VR0jBBgwFoAUXaEDPY8T+QivHoNsvN5vo7XCGuowNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO9fP1cArS2CgVYZwNqY +cot/S0838tkOszx7c9OKrVqUnDcLvGhLQKyp0R8bNWp0UGuRwjDlpoiHkPTcjQlJ +aj7w/s+7szszwSouufubatsqpp+HRmqwfYfGYyfNWOdVfcVs2KzHEPtuaECdab+P +oJw22Hrc+xRI9JZdwg6P6S8dCBMEoB0DeLimlxUTD5FOnhgAlp+U5q0CLsdgyO1Q +VAIusmtu1Xh/enQgIPac+pgXs4/9kgE9/+ZW+kUoQbE8ukrvvP9MHtOWvF2mBn0n +2GYT4EB0g4z0icmNihO3mIgybFFsFZIcG+f3CKY1gbQkvkUQH//J5E01t008rlTS +7m8CAwEAAaOByzCByDAdBgNVHQ4EFgQU0kVkaIaOB/Kvvwvz3X9hHUtrSs0wHwYD +VR0jBBgwFoAU0kVkaIaOB/Kvvwvz3X9hHUtrSs0wNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB/7BPwRlPV -dQilN0ScRxmeBe/WMGgeC8g8hJNRNiVIYFbUeR+2LJHjb2H5533ItntwfydtLDjs -c+SMhvRIjhsJDZ/4Wh+V7fED6plk1i1GTrgLZxCYjhkuMeHj1v58l+mjehglnNRP -zqkRHfBTMorojo2A+/HBwWrBz9I2orH5Mp4F/XMauTflVbIeeISlBEVK1SStIDn+ -q8443cAeL93OtFxJHat64b3pptICZIqplzaJQsKCFOyq3Xe+sdbST4uk/lsGKBwv -ToMVHxCpxs6Opsq7LAFqrplZRAX8pX7+c1/ftQtItUO2EJ9CLotl9kclJ2bvpqDK -08ycrC0iW4dc +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC2wVzYE1vo +uUPQ2ETchYIDn/Oo7WDahnQUaXZp3j0nw/jAhEB95KuTSFH+s9OfQl3fZoaas3fe +hPgHtqD6AZZrATohBjDNRy85u+CMeC1MU+gBCnuLRsGoskXjmfvg6lPj03YKKDj2 +9MaQGFG3r66PaFvavunjYm3cOQ0n5KGH0/FsxYScxFWIsyXQKnCoFd57Uf3YPtsI +BByvl9Mrzm6lzAVIgvVGBUIpp+jl861PkE+dTnaUhcYmbBqyhlATgWjgO1tRLL7w +n+qY+p0We1mP4ZE5O6Ai5RME7tUoY7vfq1iEApUuHmZCseJJamLx4B36hrD7bQsF +i4rK9guFltar -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -311,3 +311,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/key-rollover-rolloverchain.pem b/chromium/net/data/verify_certificate_chain_unittest/key-rollover-rolloverchain.pem index 2ae242ebfa7..0c5da6f8726 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/key-rollover-rolloverchain.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/key-rollover-rolloverchain.pem @@ -48,30 +48,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:d0:14:31:90:c4:c6:d0:b9:10:9e:e4:7a:e2:bc: - 16:ab:d2:5e:d7:3d:00:11:bf:25:0b:32:17:57:c4: - fb:f6:60:0d:5a:7c:43:08:88:e6:35:f7:39:0f:dc: - d7:ef:22:18:52:5b:de:27:35:10:93:ab:c0:ae:98: - 1b:e1:c7:40:a8:be:84:2a:e6:69:7c:c4:68:1e:c4: - 0d:29:97:55:12:fb:30:86:a3:8f:03:0c:d4:4b:22: - 76:ac:a8:db:fd:20:4c:46:ea:21:9b:59:4f:ea:9c: - 20:6f:ff:e1:7c:7d:64:5c:4b:91:4d:ac:56:1d:19: - 12:6c:af:f2:99:40:21:9d:06:b9:a2:90:2c:7b:bc: - af:fe:c0:40:a1:06:89:62:f3:f3:fd:a0:07:61:aa: - c2:f9:e1:0e:13:96:92:ac:53:ba:ed:a5:36:c9:b9: - 04:e7:13:67:bc:0e:63:dc:22:29:53:e2:e3:59:ab: - 5c:25:cd:d9:fb:46:4e:91:70:dd:41:4b:35:87:a4: - fd:2c:66:be:75:7e:03:e9:12:61:66:cb:19:88:a1: - 61:b7:13:b4:ab:51:a6:d5:58:9c:db:8c:a2:1a:da: - c3:6f:cb:b6:b1:65:d8:a3:a3:d1:87:d8:b9:bb:b8: - c1:83:f1:83:38:2a:fd:a3:f6:a6:59:f2:27:f1:e3: - 50:29 + 00:ef:77:94:e8:68:c5:7e:1d:9b:ae:10:cd:d5:bb: + 96:27:0c:05:17:f4:ec:bc:da:7d:28:e5:b7:e5:8f: + da:d8:ae:7a:2a:d2:e3:15:9b:12:62:79:02:61:3d: + 3f:8b:64:4e:fb:7d:e1:59:bd:2f:83:ad:d3:b8:e5: + 45:33:c4:13:5f:79:ef:8a:3e:c0:39:20:81:e2:98: + b9:e6:c9:60:b6:8e:b4:bf:b4:2b:55:ae:b1:7c:21: + d3:fe:ec:f0:56:31:fe:0a:19:c4:2c:54:a4:97:aa: + 84:a2:83:f8:5a:9a:f3:11:b8:ad:3b:14:3a:68:5a: + 72:24:49:6f:6f:5a:02:39:91:07:09:cb:18:57:13: + 1e:a4:54:03:31:5c:b6:e9:7d:78:2d:e8:ba:2f:70: + 17:0a:03:11:aa:90:c7:5e:f0:1b:7f:56:39:f5:e0: + 1f:1e:33:8d:23:30:e6:7a:ba:5e:ca:46:33:13:04: + 5c:65:b0:be:53:7f:ab:a7:9f:8d:fb:bd:46:e5:87: + 44:31:55:e5:9f:97:7e:a3:ec:69:a8:d7:8b:47:ae: + 48:ae:74:50:5e:57:55:31:ca:36:ec:43:a1:dd:61: + b2:18:12:6a:29:0b:63:24:d5:71:4d:da:e7:0f:0d: + e3:2c:aa:76:6b:f9:2c:93:c2:fa:f9:40:2c:1b:34: + 65:53 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 01:D0:19:F4:6B:86:BC:17:3B:FB:74:95:0F:53:BD:BD:4E:CA:10:D6 + FA:2D:AF:E0:5F:8E:8E:18:7A:FB:AF:FE:D9:C9:A3:62:AA:B8:2A:18 X509v3 Authority Key Identifier: - keyid:D3:97:C6:F7:B9:E5:17:69:6D:78:39:77:3A:0A:AD:32:2D:40:AC:07 + keyid:CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -86,42 +86,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 0e:b6:ad:85:34:3d:cf:9c:2f:8c:e7:90:80:33:f6:12:99:40: - 6d:89:7b:5c:08:c9:a9:fc:40:24:1e:14:ac:6c:6a:11:aa:3e: - ea:c1:19:32:75:67:26:fe:c0:f9:55:e9:b6:04:74:c9:e3:22: - 59:3a:06:5a:5f:25:6d:1d:df:48:62:a4:ee:d0:87:df:20:9d: - 9c:95:aa:4e:77:05:28:e6:66:ac:ae:23:e4:74:df:5a:b4:21: - e7:3d:0f:95:61:84:11:7e:d8:72:66:dd:85:c7:41:fe:44:12: - da:4c:c7:1b:ab:7d:4b:3d:c4:38:2d:b9:54:8a:26:1e:76:1b: - f6:0b:8a:e9:fa:9f:0a:e6:cc:6d:c5:55:f1:a5:29:20:42:05: - d4:5a:4f:27:ab:b6:e4:c4:ea:4d:8b:97:53:67:03:75:32:1f: - 9d:1e:b8:72:e1:c4:5a:09:15:d7:ce:a3:59:ed:cc:4d:0f:ea: - c0:1d:57:1a:43:d7:7a:63:86:b0:b8:5c:4f:34:29:a4:be:90: - c4:6b:39:20:c9:25:96:7d:a1:cc:ee:f7:57:04:69:d7:21:66: - 1d:cc:4e:6c:10:1a:6e:87:11:f3:e3:ae:9e:5b:64:04:ee:ac: - c6:0a:24:80:e4:0a:0e:89:49:9d:0f:1d:74:b2:f6:db:7e:25: - a1:d0:6e:7e + 51:34:ff:18:bc:d1:50:95:2c:2e:0c:2c:6c:30:c2:1e:d2:c7: + 35:76:25:c3:4f:81:4a:9a:f2:40:e4:f0:26:35:2c:50:79:2f: + 34:91:0d:b6:ee:5b:4f:e1:cb:81:2d:4d:a9:65:21:3e:05:c6: + 71:f0:ea:45:83:43:a1:45:8a:fb:84:d2:19:09:d8:81:6d:81: + 19:4c:07:11:a6:cf:7d:f1:e1:b6:15:0b:c8:e1:ef:f9:97:6c: + 17:db:8c:5d:a0:86:6c:dc:c9:1a:fa:c2:f8:ce:24:c0:8c:88: + 23:13:0a:1a:88:ad:8f:7c:9d:c8:82:cc:c7:05:02:85:dd:f8: + 7b:32:bb:3c:88:11:1c:35:d9:08:51:15:9e:e3:94:f4:d0:04: + 70:8b:62:6b:4f:98:ac:13:8a:d5:b0:07:73:99:1a:87:b4:c1: + 30:36:f2:27:24:7a:40:2b:e9:70:99:39:27:98:95:75:23:d4: + 0c:3e:92:5e:2b:86:14:ec:94:f5:76:95:e2:38:0d:63:01:10: + f8:a5:0d:67:d8:ca:61:b0:db:7c:9b:b9:6d:83:9b:cd:1c:e6: + 78:54:6a:21:46:8c:88:d6:ae:a4:ad:47:44:f9:99:c0:4c:5f: + 0c:8a:6b:f4:f4:14:68:df:c7:97:91:db:55:1b:64:ef:30:d6: + 6f:3b:99:1f -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQFDGQ -xMbQuRCe5HrivBar0l7XPQARvyULMhdXxPv2YA1afEMIiOY19zkP3NfvIhhSW94n -NRCTq8CumBvhx0CovoQq5ml8xGgexA0pl1US+zCGo48DDNRLInasqNv9IExG6iGb -WU/qnCBv/+F8fWRcS5FNrFYdGRJsr/KZQCGdBrmikCx7vK/+wEChBoli8/P9oAdh -qsL54Q4TlpKsU7rtpTbJuQTnE2e8DmPcIilT4uNZq1wlzdn7Rk6RcN1BSzWHpP0s -Zr51fgPpEmFmyxmIoWG3E7SrUabVWJzbjKIa2sNvy7axZdijo9GH2Lm7uMGD8YM4 -Kv2j9qZZ8ifx41ApAgMBAAGjgekwgeYwHQYDVR0OBBYEFAHQGfRrhrwXO/t0lQ9T -vb1OyhDWMB8GA1UdIwQYMBaAFNOXxve55RdpbXg5dzoKrTItQKwHMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvd5To +aMV+HZuuEM3Vu5YnDAUX9Oy82n0o5bflj9rYrnoq0uMVmxJieQJhPT+LZE77feFZ +vS+DrdO45UUzxBNfee+KPsA5IIHimLnmyWC2jrS/tCtVrrF8IdP+7PBWMf4KGcQs +VKSXqoSig/hamvMRuK07FDpoWnIkSW9vWgI5kQcJyxhXEx6kVAMxXLbpfXgt6Lov +cBcKAxGqkMde8Bt/Vjn14B8eM40jMOZ6ul7KRjMTBFxlsL5Tf6unn437vUblh0Qx +VeWfl36j7Gmo14tHrkiudFBeV1UxyjbsQ6HdYbIYEmopC2Mk1XFN2ucPDeMsqnZr ++SyTwvr5QCwbNGVTAgMBAAGjgekwgeYwHQYDVR0OBBYEFPotr+Bfjo4Yevuv/tnJ +o2KquCoYMB8GA1UdIwQYMBaAFMxyYPCNjMupbP8JV/Nq/ilGJCZbMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEADrathTQ9z5wvjOeQgDP2 -EplAbYl7XAjJqfxAJB4UrGxqEao+6sEZMnVnJv7A+VXptgR0yeMiWToGWl8lbR3f -SGKk7tCH3yCdnJWqTncFKOZmrK4j5HTfWrQh5z0PlWGEEX7YcmbdhcdB/kQS2kzH -G6t9Sz3EOC25VIomHnYb9guK6fqfCubMbcVV8aUpIEIF1FpPJ6u25MTqTYuXU2cD -dTIfnR64cuHEWgkV186jWe3MTQ/qwB1XGkPXemOGsLhcTzQppL6QxGs5IMklln2h -zO73VwRp1yFmHcxObBAabocR8+OunltkBO6sxgokgOQKDolJnQ8ddLL2234lodBu -fg== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAUTT/GLzRUJUsLgwsbDDC +HtLHNXYlw0+BSpryQOTwJjUsUHkvNJENtu5bT+HLgS1NqWUhPgXGcfDqRYNDoUWK ++4TSGQnYgW2BGUwHEabPffHhthULyOHv+ZdsF9uMXaCGbNzJGvrC+M4kwIyIIxMK +Goitj3ydyILMxwUChd34ezK7PIgRHDXZCFEVnuOU9NAEcItia0+YrBOK1bAHc5ka +h7TBMDbyJyR6QCvpcJk5J5iVdSPUDD6SXiuGFOyU9XaV4jgNYwEQ+KUNZ9jKYbDb +fJu5bYObzRzmeFRqIUaMiNaupK1HRPmZwExfDIpr9PQUaN/Hl5HbVRtk7zDWbzuZ +Hw== -----END CERTIFICATE----- Certificate: @@ -138,30 +138,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:bf:ca:00:55:10:61:e4:0e:a3:f8:57:b8:7b:19: - 34:5a:77:b8:06:39:88:07:0c:ec:d0:3b:4a:53:02: - 3c:d1:d3:da:48:ae:8a:1a:1c:3d:30:bb:b3:36:80: - a1:6f:cd:32:fd:54:26:b9:77:d7:1e:11:30:6c:eb: - d7:11:9a:d9:af:54:7e:0e:37:c3:8d:f3:0a:5d:ec: - 82:d6:6e:f3:46:f4:2a:82:24:e4:28:38:c2:fa:6a: - a6:f7:38:cd:94:50:20:bd:ee:50:9e:3a:a3:40:1a: - 49:77:eb:b2:05:8c:01:46:e6:ef:8f:55:91:0a:7a: - 44:10:62:b8:9f:3e:81:31:ae:08:95:29:37:47:53: - ec:f3:c7:9c:f0:be:64:70:b3:81:f0:04:f4:a4:aa: - 41:ad:16:8f:13:31:af:9b:eb:55:dc:93:6d:56:cf: - d6:f0:0a:fb:11:9e:32:59:d4:07:28:e1:fe:60:73: - bf:43:bf:ff:c9:dc:f2:ca:3a:e1:0c:bd:90:0b:c2: - ab:91:d5:2e:72:5d:5e:f0:f8:45:7b:3d:37:89:d1: - 16:bd:9b:4f:c9:c4:34:c7:c4:23:a4:04:4b:13:db: - 1a:b5:82:d0:f6:cd:99:fe:f3:0d:98:81:65:5e:2f: - 9e:a4:c1:5b:2b:67:b5:07:2a:24:a6:e7:06:5f:49: - d6:d5 + 00:9d:2b:d3:86:6e:f6:af:a0:b2:08:23:93:2a:c0: + 1c:02:49:c6:ef:a9:64:39:4e:80:6a:36:56:e5:a5: + 93:0e:45:12:ad:05:41:9a:5d:cc:ed:af:2e:7b:b6: + cf:bd:14:79:8f:a5:59:16:02:fe:23:5c:2b:e4:90: + d2:67:7c:bb:74:cb:37:20:40:c4:62:fa:e0:23:f1: + a4:89:70:fe:54:ea:ea:3b:d7:1a:7a:9b:0d:a1:74: + 44:89:c9:58:3d:d6:99:42:6b:e5:da:f5:f1:0c:33: + 26:11:e1:d4:2b:33:d7:2e:be:b9:42:5d:e7:b2:ce: + 52:37:51:30:17:80:a7:77:e0:ca:55:ac:42:12:23: + 17:d6:42:5a:6d:55:1f:f8:f1:13:7b:73:7d:b6:ff: + b7:67:72:d8:55:af:8e:60:71:cd:b8:a4:72:9f:84: + d8:6f:a6:62:1a:0f:79:de:3e:27:a5:08:bc:90:20: + f6:a3:b2:64:21:92:3e:1c:8c:35:f5:38:16:96:18: + f1:5c:de:fd:89:b6:4d:ca:00:0a:59:91:84:9a:28: + ea:1c:8f:0d:14:aa:4b:e5:56:66:9e:40:36:35:ff: + dc:72:f3:ea:e3:7f:b4:73:64:66:ff:81:16:b9:93: + 8e:61:30:7f:15:2e:1d:6c:23:90:76:56:b2:60:11: + 91:19 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - D3:97:C6:F7:B9:E5:17:69:6D:78:39:77:3A:0A:AD:32:2D:40:AC:07 + CC:72:60:F0:8D:8C:CB:A9:6C:FF:09:57:F3:6A:FE:29:46:24:26:5B X509v3 Authority Key Identifier: - keyid:64:90:93:CD:AC:C7:37:36:4D:6B:14:D6:67:D0:54:3A:59:45:3A:FC + keyid:01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -176,41 +176,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - d2:35:f4:84:23:56:e3:2f:d1:54:fa:eb:85:02:e1:b7:aa:94: - a9:73:95:1d:29:9a:35:64:ac:4a:28:a3:87:24:e1:cd:3e:9f: - 53:14:92:ce:86:d6:ae:d5:3f:1d:97:59:ae:c4:1c:ae:78:29: - d7:45:a5:14:58:b6:ac:28:3e:20:e6:27:56:22:b2:bf:80:24: - 8d:bd:ef:17:67:8f:59:74:8b:7e:41:f1:fc:4d:a8:7b:d4:cf: - 0c:ec:41:c6:7a:2b:fc:c3:c2:92:dc:49:f6:7a:3d:bd:b0:41: - 0c:d3:0c:dd:58:1a:42:62:80:10:ad:95:ec:a0:8a:cb:b4:b8: - 8e:5d:45:c7:d2:82:4b:eb:cb:1a:0e:f5:40:46:0d:dd:35:a3: - 9b:d1:3e:55:95:b1:ab:96:63:31:ac:01:b4:ef:20:bc:0d:86: - 88:b2:e5:94:64:6b:f1:1a:73:3e:09:b0:4c:57:87:3a:65:5a: - 84:17:af:1c:cd:a5:4e:72:8e:19:8b:50:0a:97:4b:df:69:2c: - 4c:21:d4:d1:7e:81:74:94:60:5b:b0:5e:56:53:14:b4:52:3d: - c9:45:a5:47:10:74:15:86:a0:52:ba:ff:b5:32:01:ef:dd:0e: - 17:d6:73:35:aa:1e:ca:9a:8b:2e:28:cf:fa:1b:79:be:a7:87: - 4b:b4:0a:26 + 62:11:b8:11:cd:f2:bc:8f:e4:1a:93:66:fc:d3:d3:48:1f:11: + 66:8b:6f:e6:ba:e3:45:56:6f:66:0e:04:5a:ef:f9:a9:91:0f: + 6a:3a:5f:64:7d:7c:7e:a7:17:f4:0f:e5:20:14:71:51:2e:b1: + 61:97:fd:96:6d:ec:ac:f4:56:c2:0a:66:59:b4:f8:59:73:33: + 90:63:be:da:68:b0:42:4f:d9:3c:e1:11:b3:7c:d7:be:b7:e6: + 7c:7e:7b:c0:ef:ac:3a:c1:d2:9c:72:f2:da:30:fd:e4:76:b6: + cc:c3:11:89:dd:3d:9a:fc:6b:6f:7b:a1:58:ba:bb:88:38:4c: + ac:7a:ef:7b:1a:b5:cc:ba:2b:88:77:a8:41:21:8e:46:b4:fe: + d3:bb:f9:4d:c4:6e:8a:7d:f1:88:70:04:ac:e6:86:14:54:dd: + cc:3c:69:62:4a:b9:d4:54:5e:89:77:a9:9e:24:21:94:6d:bd: + 2e:60:61:95:76:7c:6b:d7:96:41:28:cc:3c:6f:56:13:ce:5c: + 82:3e:3e:cf:60:22:88:7e:a6:ce:1e:80:9b:ec:bd:16:04:cd: + c8:0c:db:98:b1:35:ff:16:c3:5c:f5:59:a1:15:05:b9:b0:55: + 81:ca:ba:73:fb:18:de:98:73:22:01:7f:61:64:77:0e:5b:50: + 6b:22:09:d1 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMjEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8oAVRBh -5A6j+Fe4exk0Wne4BjmIBwzs0DtKUwI80dPaSK6KGhw9MLuzNoChb80y/VQmuXfX -HhEwbOvXEZrZr1R+DjfDjfMKXeyC1m7zRvQqgiTkKDjC+mqm9zjNlFAgve5Qnjqj -QBpJd+uyBYwBRubvj1WRCnpEEGK4nz6BMa4IlSk3R1Ps88ec8L5kcLOB8AT0pKpB -rRaPEzGvm+tV3JNtVs/W8Ar7EZ4yWdQHKOH+YHO/Q7//ydzyyjrhDL2QC8KrkdUu -cl1e8PhFez03idEWvZtPycQ0x8QjpARLE9satYLQ9s2Z/vMNmIFlXi+epMFbK2e1 -ByokpucGX0nW1QIDAQABo4HLMIHIMB0GA1UdDgQWBBTTl8b3ueUXaW14OXc6Cq0y -LUCsBzAfBgNVHSMEGDAWgBRkkJPNrMc3Nk1rFNZn0FQ6WUU6/DA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSvThm72 +r6CyCCOTKsAcAknG76lkOU6AajZW5aWTDkUSrQVBml3M7a8ue7bPvRR5j6VZFgL+ +I1wr5JDSZ3y7dMs3IEDEYvrgI/GkiXD+VOrqO9caepsNoXREiclYPdaZQmvl2vXx +DDMmEeHUKzPXLr65Ql3nss5SN1EwF4Cnd+DKVaxCEiMX1kJabVUf+PETe3N9tv+3 +Z3LYVa+OYHHNuKRyn4TYb6ZiGg953j4npQi8kCD2o7JkIZI+HIw19TgWlhjxXN79 +ibZNygAKWZGEmijqHI8NFKpL5VZmnkA2Nf/ccvPq43+0c2Rm/4EWuZOOYTB/FS4d +bCOQdlayYBGRGQIDAQABo4HLMIHIMB0GA1UdDgQWBBTMcmDwjYzLqWz/CVfzav4p +RiQmWzAfBgNVHSMEGDAWgBQBa0kfIY+A3dSXwKi7Kn7c89r94TA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -ANI19IQjVuMv0VT664UC4beqlKlzlR0pmjVkrEooo4ck4c0+n1MUks6G1q7VPx2X -Wa7EHK54KddFpRRYtqwoPiDmJ1Yisr+AJI297xdnj1l0i35B8fxNqHvUzwzsQcZ6 -K/zDwpLcSfZ6Pb2wQQzTDN1YGkJigBCtleygisu0uI5dRcfSgkvryxoO9UBGDd01 -o5vRPlWVsauWYzGsAbTvILwNhoiy5ZRka/Eacz4JsExXhzplWoQXrxzNpU5yjhmL -UAqXS99pLEwh1NF+gXSUYFuwXlZTFLRSPclFpUcQdBWGoFK6/7UyAe/dDhfWczWq -Hsqaiy4oz/obeb6nh0u0CiY= +AGIRuBHN8ryP5BqTZvzT00gfEWaLb+a640VWb2YOBFrv+amRD2o6X2R9fH6nF/QP +5SAUcVEusWGX/ZZt7Kz0VsIKZlm0+FlzM5BjvtposEJP2TzhEbN817635nx+e8Dv +rDrB0pxy8tow/eR2tszDEYndPZr8a297oVi6u4g4TKx673satcy6K4h3qEEhjka0 +/tO7+U3Ebop98YhwBKzmhhRU3cw8aWJKudRUXol3qZ4kIZRtvS5gYZV2fGvXlkEo +zDxvVhPOXII+Ps9gIoh+ps4egJvsvRYEzcgM25ixNf8Ww1z1WaEVBbmwVYHKunP7 +GN6YcyIBf2Fkdw5bUGsiCdE= -----END CERTIFICATE----- Certificate: @@ -227,30 +227,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ea:cc:2d:c4:88:54:07:90:da:62:ef:77:23:b2: - 83:c9:54:06:25:70:65:43:f2:29:a3:f3:22:f2:09: - 92:31:25:77:79:63:4a:7f:d8:e5:1f:16:1a:25:bc: - d4:4b:9a:b3:a0:61:7e:c3:a5:90:32:97:5a:5b:59: - cf:97:d6:ac:2c:86:a7:70:ed:2d:e0:bf:e8:44:6f: - 41:29:55:b0:40:a8:10:d6:4d:67:2b:01:1f:7a:33: - 2b:ce:8f:c8:fb:54:99:e2:11:2d:75:7d:ff:f5:fb: - 53:e5:6b:7e:ca:b8:fc:1f:bc:8f:32:29:6d:d2:6b: - a1:9b:d9:7f:b2:f6:e9:18:72:fe:45:a2:23:dc:bf: - 5d:1e:43:5d:2b:80:2a:71:b4:cb:67:30:cc:aa:54: - 76:fc:4b:a3:2b:ab:99:31:66:bf:5c:09:44:e6:c9: - 27:42:3a:58:b5:fd:db:06:0f:11:04:0d:2d:36:4a: - 02:d5:50:4d:4d:7c:ed:a4:51:49:e3:fe:44:54:30: - 84:b6:1f:54:28:1f:9e:41:b2:20:23:75:e5:d4:e4: - bf:79:a6:ab:84:aa:dc:56:38:cf:2c:d3:8e:13:48: - 43:5a:eb:eb:3b:a0:36:d5:89:0c:68:e2:fb:8f:3a: - 82:ad:01:4b:f8:bb:b0:2e:3d:b7:6e:91:a3:70:9a: - d0:41 + 00:c7:04:19:c8:b2:fc:28:77:e5:99:8e:f0:05:8b: + 0d:5b:e5:38:f1:8e:d1:07:d2:f6:d8:6b:bd:c8:c3: + 2c:f3:05:e9:1f:4c:b6:c1:39:d4:0f:03:2f:62:ba: + e7:c4:7e:9c:7c:1c:be:df:6b:f2:34:b2:45:ec:b9: + 76:a5:3a:25:1c:a1:b7:78:76:0c:e8:3d:76:d1:46: + bd:20:e1:ef:1c:80:22:12:b5:8a:de:78:4f:ed:05: + 25:5d:b4:83:4c:9e:b2:ee:64:b5:df:d9:d1:b7:5f: + 3c:e9:8a:e1:e1:49:bd:d6:7c:fe:4a:38:f1:94:9a: + b5:cc:cf:85:aa:bd:bb:2d:93:b9:a9:2b:c1:f9:82: + c0:ba:68:a5:90:4f:e1:d4:30:6f:99:c4:d9:6c:e8: + 6a:0c:71:a8:ff:c4:7f:b5:9a:e6:07:a0:ed:f4:3c: + 3a:4b:a3:88:b1:41:cf:f1:b8:ea:f8:b7:43:b0:9f: + 88:05:eb:cd:ab:27:f5:ed:62:55:05:3d:62:59:b4: + 1c:07:ca:c4:49:3d:07:80:93:13:ff:0f:31:4f:34: + 41:9e:5b:a9:0a:79:fa:13:91:da:7c:35:c4:7b:56: + 9c:a1:89:05:7d:6e:12:e5:e4:83:be:9a:5e:14:cd: + fc:27:58:ae:f5:26:83:36:a4:04:61:a7:4a:01:2f: + 1a:4f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 64:90:93:CD:AC:C7:37:36:4D:6B:14:D6:67:D0:54:3A:59:45:3A:FC + 01:6B:49:1F:21:8F:80:DD:D4:97:C0:A8:BB:2A:7E:DC:F3:DA:FD:E1 X509v3 Authority Key Identifier: - keyid:5D:A1:03:3D:8F:13:F9:08:AF:1E:83:6C:BC:DE:6F:A3:B5:C2:1A:EA + keyid:D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -265,41 +265,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 08:18:04:78:4e:5e:99:54:0e:de:99:06:87:4d:3f:7b:98:bc: - ac:92:ec:e2:60:54:35:c8:65:68:09:3d:8d:d9:23:ed:c3:f3: - 7b:fd:8a:60:fb:8b:dc:66:96:3f:69:81:5b:7c:cd:1d:cd:44: - 8d:3a:93:e4:18:94:c4:a8:56:6a:fd:ea:07:ce:b1:a0:05:b2: - cd:fd:bf:05:e6:52:2b:26:36:9d:e2:f2:25:f2:c8:27:5b:52: - 13:c6:3e:55:5b:72:58:34:a1:1c:5b:17:15:69:b1:82:78:a8: - 6b:80:81:cc:73:40:5b:c0:ad:de:a8:ec:53:4f:72:f0:1b:a6: - d4:ea:e6:c0:35:96:df:ef:38:15:c5:0e:e9:92:22:c4:97:0d: - d5:37:6f:7e:af:1f:6e:53:45:1e:3e:21:8c:25:d3:4c:aa:0d: - 5b:08:e1:5f:aa:dc:49:1c:84:b3:30:21:ea:b6:9c:95:d4:16: - 1c:9a:0b:17:47:a1:8c:7d:04:a0:e5:df:7d:e7:69:b7:81:2d: - 31:09:9b:ae:da:b2:1d:13:36:ad:f1:19:7e:92:6a:1b:70:01: - 8b:ee:88:5e:54:56:d6:dd:6e:78:b1:53:06:89:3b:e3:7e:45: - 2c:b5:9c:c9:92:5a:0d:c2:85:d0:e1:89:20:94:c7:ef:3c:01: - ab:25:5c:4b + 90:af:1e:a1:3a:88:46:5e:09:6c:7f:b6:52:fe:b6:da:a2:04: + e3:d7:68:05:17:f8:9a:02:ca:c3:e5:ca:40:2b:ee:25:53:71: + 01:8b:17:f1:5e:c9:50:d5:19:7a:89:d4:84:df:f3:5a:ae:2f: + aa:ee:74:db:1a:da:51:e3:55:09:9e:45:f0:bf:fd:bf:34:83: + ec:be:30:13:5d:44:50:af:d2:76:d8:64:92:4e:91:31:d4:6a: + 29:f2:29:19:a5:c1:91:2c:c9:18:b8:00:2c:a0:6e:1c:52:a3: + 70:c3:03:32:01:37:b0:67:dd:de:2e:f0:2a:2c:67:35:f6:cc: + a4:a4:a6:28:8c:1b:a4:e4:6a:dd:c3:35:05:f3:0d:02:77:c5: + 6d:2b:b5:ba:d1:10:49:9a:db:01:2c:dd:3d:f4:35:b7:87:f7: + fd:d2:23:a9:98:76:0a:ed:39:3d:44:9b:5f:24:94:7a:57:04: + 9a:34:8e:fb:aa:85:b1:51:24:e8:69:b0:25:e2:4a:73:cf:6a: + 48:41:2c:7e:74:f8:c9:d5:e9:33:c6:43:1c:b8:d3:f0:37:db: + 65:e6:e4:91:6f:e3:73:44:f6:ca:da:aa:73:85:8d:fc:0b:a5: + 0b:33:a4:78:a6:30:77:d7:af:10:6e:48:9a:0f:23:7f:68:18: + 50:58:ce:5f -----BEGIN CERTIFICATE----- MIIDZTCCAk2gAwIBAgIBBTANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMjEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOrMLcSIVAeQ2mLvdyOy -g8lUBiVwZUPyKaPzIvIJkjEld3ljSn/Y5R8WGiW81Euas6BhfsOlkDKXWltZz5fW -rCyGp3DtLeC/6ERvQSlVsECoENZNZysBH3ozK86PyPtUmeIRLXV9//X7U+Vrfsq4 -/B+8jzIpbdJroZvZf7L26Rhy/kWiI9y/XR5DXSuAKnG0y2cwzKpUdvxLoyurmTFm -v1wJRObJJ0I6WLX92wYPEQQNLTZKAtVQTU187aRRSeP+RFQwhLYfVCgfnkGyICN1 -5dTkv3mmq4Sq3FY4zyzTjhNIQ1rr6zugNtWJDGji+486gq0BS/i7sC49t26Ro3Ca -0EECAwEAAaOByzCByDAdBgNVHQ4EFgQUZJCTzazHNzZNaxTWZ9BUOllFOvwwHwYD -VR0jBBgwFoAUXaEDPY8T+QivHoNsvN5vo7XCGuowNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcEGciy/Ch35ZmO8AWL +DVvlOPGO0QfS9thrvcjDLPMF6R9MtsE51A8DL2K658R+nHwcvt9r8jSyRey5dqU6 +JRyht3h2DOg9dtFGvSDh7xyAIhK1it54T+0FJV20g0yesu5ktd/Z0bdfPOmK4eFJ +vdZ8/ko48ZSatczPhaq9uy2TuakrwfmCwLpopZBP4dQwb5nE2WzoagxxqP/Ef7Wa +5geg7fQ8OkujiLFBz/G46vi3Q7CfiAXrzasn9e1iVQU9Ylm0HAfKxEk9B4CTE/8P +MU80QZ5bqQp5+hOR2nw1xHtWnKGJBX1uEuXkg76aXhTN/CdYrvUmgzakBGGnSgEv +Gk8CAwEAAaOByzCByDAdBgNVHQ4EFgQUAWtJHyGPgN3Ul8Couyp+3PPa/eEwHwYD +VR0jBBgwFoAU0kVkaIaOB/Kvvwvz3X9hHUtrSs0wNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAIGAR4Tl6Z -VA7emQaHTT97mLyskuziYFQ1yGVoCT2N2SPtw/N7/Ypg+4vcZpY/aYFbfM0dzUSN -OpPkGJTEqFZq/eoHzrGgBbLN/b8F5lIrJjad4vIl8sgnW1ITxj5VW3JYNKEcWxcV -abGCeKhrgIHMc0BbwK3eqOxTT3LwG6bU6ubANZbf7zgVxQ7pkiLElw3VN29+rx9u -U0UePiGMJdNMqg1bCOFfqtxJHISzMCHqtpyV1BYcmgsXR6GMfQSg5d9952m3gS0x -CZuu2rIdEzat8Rl+kmobcAGL7oheVFbW3W54sVMGiTvjfkUstZzJkloNwoXQ4Ykg -lMfvPAGrJVxL +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCQrx6hOohG +Xglsf7ZS/rbaogTj12gFF/iaAsrD5cpAK+4lU3EBixfxXslQ1Rl6idSE3/Nari+q +7nTbGtpR41UJnkXwv/2/NIPsvjATXURQr9J22GSSTpEx1Gop8ikZpcGRLMkYuAAs +oG4cUqNwwwMyATewZ93eLvAqLGc19sykpKYojBuk5GrdwzUF8w0Cd8VtK7W60RBJ +mtsBLN099DW3h/f90iOpmHYK7Tk9RJtfJJR6VwSaNI77qoWxUSToabAl4kpzz2pI +QSx+dPjJ1ekzxkMcuNPwN9tl5uSRb+NzRPbK2qpzhY38C6ULM6R4pjB3168Qbkia +DyN/aBhQWM5f -----END CERTIFICATE----- Certificate: @@ -316,30 +316,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:a7:67:cf:1d:f5:54:e9:96:54:bc:65:8c:b7:9e: - 72:39:05:68:3d:44:e5:93:d8:4b:61:b1:a4:b4:b4: - 4c:c6:a0:92:b6:4d:06:3a:5b:b2:0a:8a:27:cb:b1: - e7:c3:35:47:ef:ac:2d:a7:d0:9c:b2:50:6a:58:3d: - 12:a4:85:dc:77:a9:08:e5:f4:1f:c0:ef:00:51:cd: - 68:62:d5:e5:cc:01:be:be:42:8b:35:fb:00:9c:30: - 84:0c:d7:35:7d:88:d1:1b:43:78:19:79:aa:06:b3: - ac:5c:69:a0:23:f0:69:dc:89:59:97:05:df:01:ae: - 5b:8f:01:a0:78:4f:05:4e:36:ac:00:b4:8d:e8:79: - 05:07:f2:76:a4:63:3f:95:21:06:57:61:a9:f0:43: - 04:d1:92:d3:9d:bb:b3:8f:5b:ef:ab:81:a0:23:11: - 38:b5:02:b2:95:1d:ac:da:b8:36:60:d7:d7:01:6d: - e8:ed:32:21:b4:84:97:33:7c:67:88:0e:44:c7:12: - 87:85:6a:49:80:82:cb:1e:16:2b:2f:6d:98:82:a0: - a0:30:cc:55:df:93:65:e0:9a:08:24:8a:47:cc:69: - 53:3c:b7:62:fa:df:11:64:d0:3f:52:43:80:f8:cf: - 7b:6f:d0:65:20:fb:22:d0:43:ca:fc:fc:0f:bd:1c: - 42:b9 + 00:ef:5f:3f:57:00:ad:2d:82:81:56:19:c0:da:98: + 72:8b:7f:4b:4f:37:f2:d9:0e:b3:3c:7b:73:d3:8a: + ad:5a:94:9c:37:0b:bc:68:4b:40:ac:a9:d1:1f:1b: + 35:6a:74:50:6b:91:c2:30:e5:a6:88:87:90:f4:dc: + 8d:09:49:6a:3e:f0:fe:cf:bb:b3:3b:33:c1:2a:2e: + b9:fb:9b:6a:db:2a:a6:9f:87:46:6a:b0:7d:87:c6: + 63:27:cd:58:e7:55:7d:c5:6c:d8:ac:c7:10:fb:6e: + 68:40:9d:69:bf:8f:a0:9c:36:d8:7a:dc:fb:14:48: + f4:96:5d:c2:0e:8f:e9:2f:1d:08:13:04:a0:1d:03: + 78:b8:a6:97:15:13:0f:91:4e:9e:18:00:96:9f:94: + e6:ad:02:2e:c7:60:c8:ed:50:54:02:2e:b2:6b:6e: + d5:78:7f:7a:74:20:20:f6:9c:fa:98:17:b3:8f:fd: + 92:01:3d:ff:e6:56:fa:45:28:41:b1:3c:ba:4a:ef: + bc:ff:4c:1e:d3:96:bc:5d:a6:06:7d:27:d8:66:13: + e0:40:74:83:8c:f4:89:c9:8d:8a:13:b7:98:88:32: + 6c:51:6c:15:92:1c:1b:e7:f7:08:a6:35:81:b4:24: + be:45:10:1f:ff:c9:e4:4d:35:b7:4d:3c:ae:54:d2: + ee:6f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 5D:A1:03:3D:8F:13:F9:08:AF:1E:83:6C:BC:DE:6F:A3:B5:C2:1A:EA + D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD X509v3 Authority Key Identifier: - keyid:5D:A1:03:3D:8F:13:F9:08:AF:1E:83:6C:BC:DE:6F:A3:B5:C2:1A:EA + keyid:D2:45:64:68:86:8E:07:F2:AF:BF:0B:F3:DD:7F:61:1D:4B:6B:4A:CD Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -354,41 +354,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 7f:ec:13:f0:46:53:d5:75:08:a5:37:44:9c:47:19:9e:05:ef: - d6:30:68:1e:0b:c8:3c:84:93:51:36:25:48:60:56:d4:79:1f: - b6:2c:91:e3:6f:61:f9:e7:7d:c8:b6:7b:70:7f:27:6d:2c:38: - ec:73:e4:8c:86:f4:48:8e:1b:09:0d:9f:f8:5a:1f:95:ed:f1: - 03:ea:99:64:d6:2d:46:4e:b8:0b:67:10:98:8e:19:2e:31:e1: - e3:d6:fe:7c:97:e9:a3:7a:18:25:9c:d4:4f:ce:a9:11:1d:f0: - 53:32:8a:e8:8e:8d:80:fb:f1:c1:c1:6a:c1:cf:d2:36:a2:b1: - f9:32:9e:05:fd:73:1a:b9:37:e5:55:b2:1e:78:84:a5:04:45: - 4a:d5:24:ad:20:39:fe:ab:ce:38:dd:c0:1e:2f:dd:ce:b4:5c: - 49:1d:ab:7a:e1:bd:e9:a6:d2:02:64:8a:a9:97:36:89:42:c2: - 82:14:ec:aa:dd:77:be:b1:d6:d2:4f:8b:a4:fe:5b:06:28:1c: - 2f:4e:83:15:1f:10:a9:c6:ce:8e:a6:ca:bb:2c:01:6a:ae:99: - 59:44:05:fc:a5:7e:fe:73:5f:df:b5:0b:48:b5:43:b6:10:9f: - 42:2e:8b:65:f6:47:25:27:66:ef:a6:a0:ca:d3:cc:9c:ac:2d: - 22:5b:87:5c + b6:c1:5c:d8:13:5b:e8:b9:43:d0:d8:44:dc:85:82:03:9f:f3: + a8:ed:60:da:86:74:14:69:76:69:de:3d:27:c3:f8:c0:84:40: + 7d:e4:ab:93:48:51:fe:b3:d3:9f:42:5d:df:66:86:9a:b3:77: + de:84:f8:07:b6:a0:fa:01:96:6b:01:3a:21:06:30:cd:47:2f: + 39:bb:e0:8c:78:2d:4c:53:e8:01:0a:7b:8b:46:c1:a8:b2:45: + e3:99:fb:e0:ea:53:e3:d3:76:0a:28:38:f6:f4:c6:90:18:51: + b7:af:ae:8f:68:5b:da:be:e9:e3:62:6d:dc:39:0d:27:e4:a1: + 87:d3:f1:6c:c5:84:9c:c4:55:88:b3:25:d0:2a:70:a8:15:de: + 7b:51:fd:d8:3e:db:08:04:1c:af:97:d3:2b:ce:6e:a5:cc:05: + 48:82:f5:46:05:42:29:a7:e8:e5:f3:ad:4f:90:4f:9d:4e:76: + 94:85:c6:26:6c:1a:b2:86:50:13:81:68:e0:3b:5b:51:2c:be: + f0:9f:ea:98:fa:9d:16:7b:59:8f:e1:91:39:3b:a0:22:e5:13: + 04:ee:d5:28:63:bb:df:ab:58:84:02:95:2e:1e:66:42:b1:e2: + 49:6a:62:f1:e0:1d:fa:86:b0:fb:6d:0b:05:8b:8a:ca:f6:0b: + 85:96:d6:ab -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKdnzx31VOmWVLxljLee -cjkFaD1E5ZPYS2GxpLS0TMagkrZNBjpbsgqKJ8ux58M1R++sLafQnLJQalg9EqSF -3HepCOX0H8DvAFHNaGLV5cwBvr5CizX7AJwwhAzXNX2I0RtDeBl5qgazrFxpoCPw -adyJWZcF3wGuW48BoHhPBU42rAC0jeh5BQfydqRjP5UhBldhqfBDBNGS0527s49b -76uBoCMROLUCspUdrNq4NmDX1wFt6O0yIbSElzN8Z4gORMcSh4VqSYCCyx4WKy9t -mIKgoDDMVd+TZeCaCCSKR8xpUzy3YvrfEWTQP1JDgPjPe2/QZSD7ItBDyvz8D70c -QrkCAwEAAaOByzCByDAdBgNVHQ4EFgQUXaEDPY8T+QivHoNsvN5vo7XCGuowHwYD -VR0jBBgwFoAUXaEDPY8T+QivHoNsvN5vo7XCGuowNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO9fP1cArS2CgVYZwNqY +cot/S0838tkOszx7c9OKrVqUnDcLvGhLQKyp0R8bNWp0UGuRwjDlpoiHkPTcjQlJ +aj7w/s+7szszwSouufubatsqpp+HRmqwfYfGYyfNWOdVfcVs2KzHEPtuaECdab+P +oJw22Hrc+xRI9JZdwg6P6S8dCBMEoB0DeLimlxUTD5FOnhgAlp+U5q0CLsdgyO1Q +VAIusmtu1Xh/enQgIPac+pgXs4/9kgE9/+ZW+kUoQbE8ukrvvP9MHtOWvF2mBn0n +2GYT4EB0g4z0icmNihO3mIgybFFsFZIcG+f3CKY1gbQkvkUQH//J5E01t008rlTS +7m8CAwEAAaOByzCByDAdBgNVHQ4EFgQU0kVkaIaOB/Kvvwvz3X9hHUtrSs0wHwYD +VR0jBBgwFoAU0kVkaIaOB/Kvvwvz3X9hHUtrSs0wNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB/7BPwRlPV -dQilN0ScRxmeBe/WMGgeC8g8hJNRNiVIYFbUeR+2LJHjb2H5533ItntwfydtLDjs -c+SMhvRIjhsJDZ/4Wh+V7fED6plk1i1GTrgLZxCYjhkuMeHj1v58l+mjehglnNRP -zqkRHfBTMorojo2A+/HBwWrBz9I2orH5Mp4F/XMauTflVbIeeISlBEVK1SStIDn+ -q8443cAeL93OtFxJHat64b3pptICZIqplzaJQsKCFOyq3Xe+sdbST4uk/lsGKBwv -ToMVHxCpxs6Opsq7LAFqrplZRAX8pX7+c1/ftQtItUO2EJ9CLotl9kclJ2bvpqDK -08ycrC0iW4dc +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC2wVzYE1vo +uUPQ2ETchYIDn/Oo7WDahnQUaXZp3j0nw/jAhEB95KuTSFH+s9OfQl3fZoaas3fe +hPgHtqD6AZZrATohBjDNRy85u+CMeC1MU+gBCnuLRsGoskXjmfvg6lPj03YKKDj2 +9MaQGFG3r66PaFvavunjYm3cOQ0n5KGH0/FsxYScxFWIsyXQKnCoFd57Uf3YPtsI +BByvl9Mrzm6lzAVIgvVGBUIpp+jl861PkE+dTnaUhcYmbBqyhlATgWjgO1tRLL7w +n+qY+p0We1mP4ZE5O6Ai5RME7tUoY7vfq1iEApUuHmZCseJJamLx4B36hrD7bQsF +i4rK9guFltar -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -400,3 +400,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/basic-constraints-pathlen-0-self-issued/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/basic-constraints-pathlen-0-self-issued/Intermediate.key new file mode 100644 index 00000000000..485fb15bb50 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/basic-constraints-pathlen-0-self-issued/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAz2w86bsJdINN1shYltk77m3y/Z4R5YDlNVBRcA2VqfkOlt8z +25Rvo30qgNKkO/o04L1E5QemCQJAO28Rp1SIDyIJWCeXSn9V4wNcwhP7YksLsPtb +IMFX/KQyTZdx91zxY2whe6huzp/lUGZAsekj31K0tt6qmXXw0uwmYDeJyaLcsPUz +6Q4PDr3zcmUeT5zGGzI0mN4EwN0oJOz33OVUeqUasBoxltND8N9LUkGcjjQiUPxE +u6X7wMVZirsyQin8c8uhhVR/Wtu97A2ZdsDFcp8NKOnKZZ+habYHIAFkxwMP/6uh +8d9bpNp+5XloGaJj4Ic3BV33iF0Rxh3YGAoMIwIDAQABAoIBABZ6RkeV6zpjGEZU +Q7VlKSd3ZsOxI4NZan1SjOC1uChJQxl6aqY6+bYf1EFNklqljKFmIVcocwe65LcM +HD+j23K4X4bcE3sRPX9yV9T4UV+ffk7ZjlCIYz6PlJvv83u46Le7eg1qfUeK8FC8 +I/qjpy2GSuseSiKDM2vIB4iZvCbLe2dfuwJDAQJKImQw3kj3DkCuFa4svC5Z2BAK +v/1VFd4icgpbeT1mlQtsHK1nVUdCAErK1rc9TtcZOFtDiioOv9BUGLqI7+QyJJbW +mDMrWTvq9MBTfrLm5NlMVeyBD3iBHm7OuxgHzjlwopTBFaFNF7lRUPbs0O6R6mAS +wSpIFSECgYEA6p1o7GgmzQkdvyBNjgBtVE7mMJ722j8JFdW8eBAeBX/QXJpW9QsF +0Tl1QcoGMcyGrLQ8D6hu2xfK09jo0xDyG7T9JNS0jZNa/D2Q8bvFz2rk7lk5AigN ++x/wKBR815Rz8BKvYYufgE90l1T6hLzrvLr9KplCzx/Bj8eKmrFGyBsCgYEA4lRR +cCn1oWz3DRc4Id6sQ72T82K114/QPFfiIjiXCRQNVCcCnsbHzxEOMB544yEnYkNQ +xS9UnEipOMEuYd/LBef5fPSetBl4gn5JXC+kXROdjDOHlJuqBpi+VGGPgrAM9tXy +KYTIwEEJeztLZnv5u+T6pYmr/x8v1v3ito0knJkCgYBlF6SRUSN+77GonDOuv1Jc +pI6dXrHBQq4YgXtvRIqbFgLjFAHqHnDIQXjb+0AGDznsitDiclIqB6t28x0HbWLV +O3xkdV7DLj5jN+gPsTg/8rBoX3uoCThU/+MMch+FCMuYI4T8hBwbPqFfX9d+gKUX +Mn9J7rYR534RBQsdMsvsBwKBgAvF2QqdlCJWea9botbYL1vCs7x4SP8yguFwrNmc +2fZl7Z+P++noayJRP8yu+RjPc63/1Ga9ZIhQm0TRf6klq/jdrTObwdmabZNUIFrE +O6d/yrUtRQMs6bY4IcZf4MgqgjIgxNz2BD9D4stfNTfagQ4OBh+wPpshsypawH1A +cEQZAoGAL/XciLPh4VG14rE+vXEGw5Ua55DaypKWo+yfIUP6j6Q7Fjpn+scO8ZVQ +xHkr8FJTKxeqGH0tHz/PLernAaXo+vDGnpGZsb1UegjaCmM2/RpWxXsU6ihrJ31J +wo0G8tMaNNfiX2rxDdGnHoTk7RpMV6AFBlIQEntPYsA/5FC1oug= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/basic-constraints-pathlen-0-self-issued/Intermediate_1.key b/chromium/net/data/verify_certificate_chain_unittest/keys/basic-constraints-pathlen-0-self-issued/Intermediate_1.key new file mode 100644 index 00000000000..f0b56fdd413 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/basic-constraints-pathlen-0-self-issued/Intermediate_1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAu82EFGwLaHaefdX3VaxaK21xrao0Kty0sMI3I1sFAQi2m/uX +zjzr/i+yXmsHu18p+7ElVVzdn96JvSk36KeKmcNQgjIQuy0ZvKhHIT0KZraNq0I6 +lFB/wxl/6iiJwp2oh9UbQmOan54GckHuZO6sHiH2Pj3l9tEE3X5hy+VlmcFJlxPE +EZY7YvBGrSBdUlwW1lkp4p6RFfEjDfs8hpBQBS1jgcw5JWLMABi0Dhqg2MpL4Lbq +M4OKLqtsb0Ge7EOS0YO20EXnqI0oa6S191OLitw+sN+f1HBOwiwapU1sXS6UNYS5 +XenfIv1VbgX/67YQDCijW0nBmGOPXfqDThHNEwIDAQABAoIBACVV/U0mEbqJ4oZ3 +1D0nD6IUlwYEkWx4BkAhzF5uCPekqNEn2o041V3qU5arxpS8nZcZJ6fp13GiB1Yg +7KmHLWnWR5oqo+LiW3yDI+j6vqee4VlLyGOWAWBjIGgH+SNEvq2Kc2nmbWYQP43V +h7RvMq6m59KF8cL42PPD3WNwzpsbVz5KplWCJwXOPGo+S5QxmJCaOn03n3al89Pe +oRep1XjBuVyp9Q5Xzytt6VFhQol7RXeYYDnyTIz5cJlbXaqK3qryRxeZXztGlvO9 +f215fYXweIqt+AHY/x4ubvmlkG25Lxjr8YXE8aBbi99QBiuG/Kf66nkWBj59j/8b +qo0LJLECgYEA+co7QHk9CS9gSRar236mm6aaQQcmjd2pbuSXZpakobBuuadlVqPK +nMJZWRIteFMYV6IKNt/IqsKHj1NnsRWSTkWDOfZjTwtyPzMhCd7wx0NuIqjYnIy8 +gaHhYy1T3vb9I6MyB3FPYELSje1NsGlm+xUBAvbqH3FuReYBCMVAuxkCgYEAwHjF +o6N/y3/pTudBXZrw5yanDfbqX3vX0OQoz/pa/KhsfcEbqAG+llUCesUEZ3EWb/lR +jgIemUCZaMYvQw5Oh7B4deXhmO9bbqCfbqevCsn5ho/8HTM1e12Ge/izdvmBX43N +lmcBHKCZ0/Z0psHPSNuTpRuQ8dEPDmRkQVLjOwsCgYEA3UjEmOdOpPZtbBJDiR13 +52f+OyFkjEUUNoMXhPBrRDoSvTGIWuqbMagSkw/BbFjgtbF9LwOst2nBwbz3nS8o +/2IhUJXvgDT5rvdSi3YPA9e+l8HQs08SKB0KmFutc1aHBq0qQuGkmfhYoxbYvjGB +42jGDqRC4DwSnqWVwPlN0PECgYB+KGt7mDay37PAmUo6Hc4b5TUIrTjwv081x+eM +c1BiXc9HGmWTWRlglnYanLsHRpPrb2Nqjq8ZysMDbywZau5EeIJs3PJjeTjYKYZ3 +VIgirULWVdhuF1vN8f6tkdWofWC0jlEcbYXICujpi5jomQ7SdcKwLYJzTpHs4Bbq +znbNAwKBgQDTNFEkbUlnGuEkO/VxdKo58CoKpsKwvCniNgI4lbog8+7h4fDX17r1 +NcLlBjIG9+1sg6l3cyqC/jAcoF5EMsASaPN4UFrClZXBJFtspzZGNZdIZAqYWd72 +Gexr/WBe/pOoYNkJXyLyu6dBEzSk89jXDQOq/dGbb7ePM/9aJgGoZA== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/basic-constraints-pathlen-0-self-issued/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/basic-constraints-pathlen-0-self-issued/Root.key new file mode 100644 index 00000000000..e67b78799d4 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/basic-constraints-pathlen-0-self-issued/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA3mEefiBhwOscE+51PDbwXUvv0oMgG9W7bnDPL0pOE7GnZpwZ +/n9caYUKZD4FTqNxv3Bwmt1FGBSbtkA5dSRnw78YYL7JtAepgfcb2UyWZuvc73v9 +xSdo/ZuUflKsrE5lYHsS1GreD4HMPM3POfX1KJ/h7mUCZvgN37AgRQMTFtLH8vfJ +x8kNA9DsXHmkVJnlYlJsqoPfQtX3gynOkDIGcYB44fum1CUCxbG9Q2j6jcbMEBgC +WD0y32WoR3XLiA76DjNgvdH+DOQpYPMo+5FF87q3/OxjurktTvyVjj37nYfdC1z/ +qHU9ZizN7Er9yCRLD6kNqoFpVgDE75fhfThvtQIDAQABAoIBAQCeFdJ0fRag60JJ +lQH4bWHQIRR6xUaFIxqcN0vB5YO9klRbqGr+NZH/XVl2y3RAZAaPviH+pX/hz3ym +Qd/Wu6ucRvPQirCe77d7saw1fLGKtu+Xu8A6cHq9luUoLCOeVhjRToyjPtlfkrkb +HH/NR2EhoQ8exuW/R2Wtd+poxPfEB35iTTMDmVcpx7pC+NZFSmNnJYW6//EmBZmd +sKhker3RQxj5MXOJ13QoSsBvO8Izk3EIRvr5a6x+GSduu5uQfLEC9i9p1xHbfvYd +QCaaylZcBTEkcx22AOhZBG+NOst0zuOWrcALNGSYpGSJLWm3EWojvX5cWknKZ5WO +ey0OOjohAoGBAPHyLZ0/q09bkemwrd3GOup7LY1wzzTsV1AnShE/Ah3r0Ug5A3qR +AvrYYoLofhM/NCtRgML5AwRJC0QXtPsdMV+AiIkGXyCuqQMHF5baKwIu4gVLapgM +Gj/v/M6piHbcBgMOJneYDHda0m6Lk7PEgBcNp5Q957RnUwgHB7cUGlu9AoGBAOtL ++mrF6M9nqmhALbsritd8UDoijsQ61yq734e/O2FCvxXdkcLdHYwTAp1YWbXiYu3f +M+Yr9lDBb0p3OX7/5VOmTiMGBFv410WaxytRBKtxqCIxCSkdtPy2kP9YC1P5hoJM +jSo77+jnToqJaqtdL1fEfMGk3TzgeO663/btU+dZAoGBAIjcRZE+AtnRIqjemHtr +NsiNBSeNOKjnSDy+/NbknX3vd2MzXRRoExdyb8c9XJPmnMwkPoIL+fjimMzb3DRw +Pw2W16UrRYRnSJO930ol/04s1w3Hq3R25CJmzsrYe6lArOXtizT7fZHGfmKp8dMu +xIZF4xWoLvmNuRpBX8vgQ0jBAoGBAKqvmf+cg474/3fSnpn5MyWwCy6w5OnaWT2p +vbRmd7fNSHqfGV7HMejr3Wiwr5sul19BHA/rcioQuB/HrxC+pufwaxwjAESLlfXr +GnIEuqN3tmTfN2r5HtJ3yWVBxC3tg7K/v2OUySslqCb9GkEnPvGnGm0KoGbJ21Aq +hc9FSCk5AoGAZ+x/GCqAq6dt3WYMrqcA5IozcGDZnh2raNEY8MnX0DyUBlZk/oR/ +VorR3/TLkpOvKjDW2B9A3+VVxeL5HEoFfp4raUyzi8pWPcwMdDRvcegPVa1bswTU +gXvTQ20P4v0ps11rqQH/8QisNkx0izDC9tsgtHrYCdsv5IcoxbTIoYc= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/basic-constraints-pathlen-0-self-issued/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/basic-constraints-pathlen-0-self-issued/Target.key new file mode 100644 index 00000000000..707e8780f82 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/basic-constraints-pathlen-0-self-issued/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAvmyGISZrFiI2K1ux1FIodC128xs7ARfd4RjjAganiJOtMllT +/13FzRp4cPsu2br5+nVT/AKoPJvg9FAATzALs9YEarbvhQtCNSl3+pEWDu00ivPS +XulmZlebb3EwFogYevP8YXkG1ei5GNa5IL+5mt3F3mR9RP0/KqAjMU2nTEJlrZs4 +tjVR90pYhLOSy5g2o5IMM4VkGPIGxBGmEql82uo2WZCch6RgOZ0p4yGRxK6a+fLs +rfhEVVw6IVKBWKHgOlueLWFif1FYRIeAQQDpbO2n/6B8tBczfHhUypKB0VZ1sTq3 +J2p36Awwcb3bsQYZ6daZ1kHSxpA9cjH85wM4NQIDAQABAoIBAQCjBXGG68b9ueg6 +ElQZewSbAVk2IvfOpcoULSQa1euTZyn9UrAwjO0L/D9kKgYf7IyZuNxfgT7aNHDP +d7XsFSvPl8dMPLStZ8gUjx3h61fBC53R348YJiS+NP4i1/ndMEIU8M/9+oi5lHTy +KNFwkfKp/HarP8hmyY/MRDAcw2gYRb1yO3UeJQ9hGMA1FOK/DQqslojkja5Q2N4q +VZqhdbA+bt4T7+fOWAFPnkZiaiJdMucZDyQP1u03u9G5xxEeSFDV+MY7BqtEYVRW +2IFlGYq3mVlTzlwadQZmE6of2ELNEEbVijTszPfgkbe5AJ4+jL/810mtBJhvPriX +D/fvwul5AoGBAOJOW+HZ+hCePQwY8sQiI9bmd+3+FQ2cmQvuxJIbBYFSHLDv1EIo +576ibcDQzM040YJJ5Tt46wlfPyccXVPL258d61xv2q+SSyidEaTaUO96/PdXxcIO +Z3iDr4x2AtZ0U2YEJDuZD2jUt9Z8Y5yvaGR03YtuFMtJxiZ3qjoLu8VnAoGBANdo +4UHrO61d3qIqaLNXGN99SlldbKysqYIrVDphlk3+G2yGHcwS3hr9a8ayazs8miiv +XjO+hiq2/w24IDXIvcDZhbp2rh6/vYQOTUZDdVhmFx9vW/5PR7/iro4Ad5ou1OLh +JP/Tqj0NY/3HEOXqwtRI9qdlXS2mwLDv9dj/F9gDAoGBALUnPpvLLkaRNJLzgZmJ +LqE++a+0HUw5F7YampXONZjwjvD/+iw/rErIoQyg1+BLZEJkPrBdud9VtCrtpLOI +UzTK8XWcQDUc6TcIjHAnJnSdQdQJGc+eUiuBVkwcx2a91WirVgmzG0eyR7rU9bQe +IXWQqyuKofCdDJYMYmJ2tAdvAoGAbsAGqJyoBx+vGpNRV3udVzKUqlOlTzZKxJlA +ae/IlnriYK6n3UeKGDhZVERha4hh/i8D8PixBH8nrUcQkHaQUPnFjrP8G+UbLC0q +P8jpKTT8CHZ5xsu+KQMEGhBVbdlMLQXyvvF1ooQi99SEdKF54ClPX4t3F8SXZ6FI +NnQZLz8CgYEA0kzbldS6AWOVBEdzjZFfjynI/IBCn4Xqc6sX92EwDUtDgRT/dFd/ +lB5INkw2H9pbMifXh7FCgepRPwygQbEBhgKnGaPz3AKGwtIzL1lovaNMI9IQdSgE +QD4gl74a8dvYzH/9bvI+Mm5fH8HfNJRzs8eXUnmFa52FmEMHCZvvTF0= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-non-self-signed-root/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-non-self-signed-root/Intermediate.key new file mode 100644 index 00000000000..1dc07f9ff1d --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-non-self-signed-root/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA33w9ZUUUAQlIoYsMy5F+nGXxG0Ddt0yxrBuer7WKA1nxd9Sr +FRRTtZT6NCD4NWUY2sU38Dm/87x+c4p3HNtNqvGCN3zKtfUjgXEPIWN+c2SF1n13 +QWmJXsI1QYN3YWwDMaqtg91LQrgg+Avs6wqXt1u50hY79MJh05MP3b4ZEzo84T1n +RwJTncGAXCTjuuUWhRCZO3JqbEATS9C0hCxNH+pQRADrjHAtq2dopBUJnEYJYWQ/ +usMb2b8phPQUiiX+4or6Ha7aVvjo2gIxWpbAIXk8OLcOXXTCLRQW8QXK8Rsf3/rX +M+LLoc/vMbUQ6/joei6bL4k7c76ouPZmHLg78wIDAQABAoIBAEu10S7PmhlHxd1E +OA92uMfPGUE8VmBUkRRXPwkTnS/Jdq4708GOY1VupNyoFq4wE515lpvBVLADuWr3 +C6cw/DzfGFgn5JyD8YVWgeOzyxDYiybA1nfIgwshC92n5feRGfvncGTtwSNXMYQW +tipiKkepwWfUtHcUqwN8HLHoRqJmRBPKhO4zzLIpAELuFqNCLWEkiyirP6odNlVm +/9SQn6vTTKpzlAIEgSqcpYw0uWs/Nf3rxz/oRXtaVV9nZOqj/xX93UnatsXraVV+ +0c2MqCQZsGdw9ecK3sPoULFCVMY6TW5Vq7O5QEU1MeKl5PtH+8ptM3VgUNkjuvU5 +W+KeC6ECgYEA/B0tC/+nYL46w/TYi1WJP6Ky2Mlzzp0izWRcyKLOkoYeODKZRn7O +4PUl5iGj9QJmjEBYVi/IHz1jg2/nvnCOGPXdbeuPIBfhYoH0H9QqoEzXXwA+EERR +tPe+kOD0HCAY8PyESQkvuHaMq+s4UgKte+diDl6A87nElJUrFHxXGjsCgYEA4u4Y +4Xw/ribhaCmbJlCj/Wdn6wxKebWNe49YMBmJlpMHeGtuoH3oeasBGT/WpTeCuSTO +4SEXA02DvlKFGl8if3EPYXGoLBFzuzB1HO+fC+uUdbugtg4+RAnUHx+ZsjkX6RlA +bkfKnsZgiaLfRDyCtkWIhX/iIn1AKO4JEDnOEakCgYEA2RxvDKQvChsIFHSofuU8 +erar+hEST932eJZzaLz71Cb3o0G/yXuuwP+ckaBqx7Y3hZRr/lzLpEuDhU87bT8U +v94LwHtZGDQ4flKXX0mhI8bIuiFFUVDkZEntrGptDkN99xoe+Z6Vn+9HmU3JhKaV +q9xJD0LHHhzec246WTvy7r0CgYEAoOwLBMthNRQpP/5RIWiKAga0MIA0x/4w6HAM +L3/Mi9STtZcpifH/S1gynT8h7WNh9fzeH9OhSBxN0kceUEcqZYk9SPKaOTXfBd0l +D3H1LTTPwHVfT/rluMXngHKeQT4vcIMRp6KNUu6GQtQW04K9hpfkahb3u1FqkBvM +nY8ATJECgYAc7Xrh9WhiP2K4r+DoQDl7i1fVZON9iaMazYRCtUPVwyZGb6Pd+PoA +rXCzEwTNBrmHUmZsqtjhf9OIF85bmQqxzXGoxBXcOU53vPo1I/fQzekllyC+iSox +CSv5QZ4tXW+fVmuNIxFT48FPDdf3KunPqs1/Vi0KTU9mqdb+HOKv6w== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-non-self-signed-root/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-non-self-signed-root/Root.key new file mode 100644 index 00000000000..f437ee277f8 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-non-self-signed-root/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA89wSA83b/X5yfewjMAfT9hO+ct+Ccz+76smT5nSZgeLdoABa +xkNu+nkANv7X2GpdjwoZUzyqtZ8NbIojrgTa8/Aj8rJ7q8zR17bZejrjKrnK1UI8 +vmaDii4MU2wQ6c5e90+D98Qye7cz/7GJCTn99HuY9QKKW5yJBAcPjnIT8TOhrmyS +UagHh98yyUuG9YrPsawEF7FrCUEXUQF4yUq4PTFc8Zc2bTyZz2ayiyKxBGbem8sc +13UodZ+X9UbgU2qcTiYZWi0ta8vdN2sIzQ3e32zNHYGL6DXeKxbB5fhYQVxlONjB +5Lffsa154MUFpZpUJUEzYW5cSxsIByXOwIQaVwIDAQABAoIBAQCtFlY/Fv3/xqGT +WWl8bQH41vjF5nlcPi+urddpqvdOZu2x5K6JrVF3PS1225nvBUhU//EL0LLGaReJ +I9/BY7bZkGijmiYHwkBroWBpzqRxLiCXEAW3i2HwUVD0YW771Tw4w9rCoSLIBzhE +VAoVX3Eu+A+QUHZOIiRqlGxpSfV3rDBsLmyp3JNB0k6o1DhoQ2tW8BdabyFJoN3w +C9Jx3FEG9IfRu/xntK76q624nYnCrXhQhyAQICqasNW19KiEskj7UzOubxjaMAJv +zeforITYfGbX2WNI1XjmyCxeYhLr4uDskGdq6RWOM3ZWY990qfYOZhU096XGgvsV +mTL5d8cxAoGBAP00YbulAhD+uPs4r3/iUlddOGqjBHlpUP092mggn+uj06NGdx9v +W48yiYCP6mbodbNuu2VfCibFHhpw3KRJx6vD81UQzeuiA8oGbJM+DjH6eJdwInU8 +vTVvpomrLC1zUyjQQuzcyaXrjNUH0AoMloNIaZKEFY2kMj2yFJx2/c5JAoGBAPaN +RwYzK9TrRAJ2UKhjFLNKfPQcG3VcMM1CY6jwTkhj6KuBwIuN/sRQ+uOlEwTFZRdw +40/x+Zx7v4cLcvGY4Q7PfBJPT7r8u4HhruBrczzXH2SMShkVpimR7nuFkb3ni5b2 +xh5n1b6ApFYjoYZvAsyeGmnzqIkwCbrvqocsRSOfAoGAd9bU8uTUJ4sHrg9UMOjD +JApA62egdH4+EL23o1Tdm798KWjudHhWE15N6gUzYeVf377m/sGOom7lIoqMQ02Q +LWGex4IelAmoVXPY64+RVGJBtRsjk+1dd+8SGVJkpFZS45w+MLEG13q2uxTph/gR +PK2HGgtd0B4IkV65lpxS39ECgYAHxq7tyCFixsTPWxHyLaXSfc/xFw3apry3TJe+ +FU4yxEvrVN1QyXq2kGNJWMR/ywYENkBFHjmkMNb6mGbYrdyzTeH45d165Uu4rfiJ +BXqN+a74yd/waJlkCEFAThcpqSri6QeYn+fC6WXFfbwzdD7fW0E0BEZVhVlZNwPm +3YOUuwKBgQDPIAkDEX3Yrzlj7xZUNJvAET2HZ4Pr2nb4Q0MwRg0/DUCLKqnW2E/B +lYDNK/tZc3cd+Vnx7bHJCh5mWfOhRt+PZBuu8LJTGuexMnNOLzBha8RBvL1FuC+d +Rr6Taa9ZmhU5C0okldbF+ynWBwJs6C32ZOCAQfjZNuHf/c8WnUcHzA== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-non-self-signed-root/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-non-self-signed-root/Target.key new file mode 100644 index 00000000000..24a6e84cd2f --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-non-self-signed-root/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA76b8egqSewDS3hex03fJux4b/tvXXV4NTr4IwcntT9dADNzK +eDQV+qvrG7j+wvnEJyOC7PnlaX5AnRQk1LAZzy0/iNz7WfGokRnntOmZDb9i+HON +i4DUhBSaOwZbgSo2oBC4lH/HqqEaaU7hCgBz+X4w4MqsKgnjCM4nzAgni2h9/tjH +HDiP9TlJ/Gr6lUVcq8JgqeYlT8Zmr2ElO3IXF0xDtnQTg3yRDPRKgvvihG8qAOF+ +lHE9LyoWRyJnqbUWT+EfWqArhybQtAxt+eTdMqAHwiXsiXQMsLj9Gj2awe99Fj3J +78PvcbT3pttkTFt7bBx1rpQmKGwestpR2lQy+QIDAQABAoIBACEES4Jw1G931JVe +hFRTC4rpAghht1EYtRKlIcW5ESXPzPY4sPhQjLqlVtXR7d9k075kqRQG9bFMAJDj +hpN604N0g21SrJperc+X1xFYoYqAVJ1QJi8TB7ROtlTtckvgSfhRdWyYEiUS3vWl +NWHQYCn+VbOSmJeOFyZOaLM2aGRPM9MUJaumeQ1uMerNrQLMSMy63aw9DGBLJ5mX +hyiEzcmTzF5R+946ZXq5RZ+Y+qnrDRdIu2WOe5PDKZO9dHP1BOdeLd/FjVIqrC/2 +H6er/+sHyZ4JYzMotzPZawD5Uv7NDz5wdRty6i4PidYfVG6d3e/L7OCXjiU4LJNF +FioQMMUCgYEA+xMYlaOHRFji1qPCQmSWNaY/8VJtE/vBsoEXd/0KhGwwwJEpZ/Z6 +9+97z3xL4i/nMGFdoP7Zam5IJky0xHEYT9l4sXldprsObdoSMpTwENwcfy69zB7O +mYvrHulWl6jyeqqH0qllALirjNFnFEeyB8kYhkEekzqwZky/yOt3c0cCgYEA9FqG +7VhAqC+ugWGSzs1wpTE9THblYyyB6gCM9zc0N4CeMXUCtGQV0nhSKmwIXtV9M15r +402xbBu7tTR+llZQJAuK9NeNDm5cMlmHeDevqBoSyIRZ4v0B3t6Vl1qZuPNj/JDc +n8Bm4cQhffQSKrUCdvawcdZL9YTKGeR7ocQfx78CgYEA0pCyVpT91blCDMbsHWhk +fXv/NnFtX4wNZ5pSR2QlVOezf1x+wFz7xkHHsTxKG9kW6AFQV7xENLlmsxAzrmg2 +/oihax4hB7rrH//6sQctysX+9D8MGEth825f8t24rJqZOX0ZSfic55z46rGX5G84 +hMUHV1j3vnxDApitY2DvHfMCgYEA01WMRrBCU3PRwHKMTzHdT/HzKzPVlt2Cisjp +IlLrZWlm6C1kJnI9cWfA4JHI94Q7IXdzZgbnATJHOSRqq0mBTHtzNelLRQTr1lwa +Tz4SPRg30JavSyM5P/FQfbPNKenPOzxqo/v6vx4rPU0ffTJKLGuVFQ+baH/tb1Fu +H+2I8u8CgYA+nZ0TIj65F5bGH/Dx/CNRH63UNAyKNyemIh7jr0GLn0/h+MaxR70I +Ya1HtS997ZeFznX143Bmr9WoD5c1ULAtXi6i5f0URyanJvOexD3BdSInwGQe7YUi +nw7fGbmNv0o/39YPBOhRbOdG87EsANra0M/kUf22v3iD2TS2GimkVw== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-non-self-signed-root/UberRoot.key b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-non-self-signed-root/UberRoot.key new file mode 100644 index 00000000000..fd34c3c2df4 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-non-self-signed-root/UberRoot.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA0Z+w3c6ZOoqCimKyAC9zsGpJBInUFbuo564y5ukqdflvzKnJ +hje50IODsZv2Q5+UHXYn6U00pZ/PnaC3Mc7EvDU77PIOcr3C+wsNwDkW9So+6jGs +S/N8DZ0pTgwXyCYtcP/c8uoHxZWAvcMBoU6PI8fZWHNuzGhhAo6weYgyiTbWyFzv +1ABAxyl6NWdMojBZSs0iWjqOyDyUrgozFmA+But5SsoeJ/CTvzPuYYb7I34lA3aA +noJMsC8aWFSVQ6Tx2l44j/vDRJNP18IYDUEn4ibHzw64I8p7mOW0FOywo5juIzmV +vN2JDm9LSoVZpQWo2R8K0xPmLJTf6Cqbov97UwIDAQABAoIBAHxHqC2pGlGJ4yE2 +qH/Rok5ahVXqfVIxQ0+wiL88SA9PxofZtgAcM8862a5IYDXxe3gIIFuCiY8Uc5vp +uBMQmrVW/mNZk1VVyi7ae9mWP1U1Kb3hm1wgTFEp914tb0Ab2l8fYxilxdvP6lcX +MXU4RUcaanK1ZWBNFg7VGC3FoOiWBj27/oeBpMtrlCdigd7oETrOkFzW8zkTUwTi +ynUI+7g2OkkH9ZY6j1495bLXVkd9BtGcpKB79NkeUhq7eJKteC9GzTk2KyZX3O3d +yuQMY3SOZaYn8XEWuzVtvrI3XZlBkok0YLwYjPwsVEGOgpjce8QnAT2rDhkZ8Tvi +tjoHyskCgYEA+g+0W+NFuNaVjYmchSDoA9EoJGe1XpPJk2DMbFGT571PHk9eEC3p +HiWu6DpFqTOauEcsRY6RxiMoTB3a6CBSx31S077gzBF7UC++wSDet21RX7XBBr34 +RxVc2ZyQVzzGuI+94vMq5MKVbUOs0ggSYeOoGwYbWPmU6o5mJ1IDItUCgYEA1poj +eSk2KFGqOs404xNYeZ1NqLOOvBm1h5ATyqg71Lix4+eYawvFcbvFodmpNwK3cZ66 +/+VTxige/1iYNmQDnfta/nTNljSYilkcHUEhv8UyG1uYFLUdH0O3vK7wtmb3BxoC +gGN5TPkLIJ5TaaVMKpqaTT4JMHayikfM91G0KYcCgYEAtSzJtUWuT2SRyJGqqL4V +vCY/WlkVjGexRal9kwFsExwTBdflQ/2viBsvZaxKqnPsJpXSmrbYIWF5oeSDpWk9 +8LF5YFdM0i3cVVWydIUXOHjo21p5dyQOjZoJwtTvs3UiWbgzkQozyri8wQSmYypb +/zaNpr6+87Eo1uTDWLvP790CgYAZ0CKSMVXVVbVfK2yLH8mVn0k3EJoLoCAItVjc +GI5R0QF8w1+/CIRwYMCt7it/dXExVoFxxFjmTe8kkbiFWlRhDVntn4kXFy59/af3 +EN2JXqPfTI4nd32QRCn2pShJGGuATC2e2dg+XPpsqv6nh3145m3G+r5KOQzSuz45 +RXehQwKBgQCytIAtyYQkyXp5H/KQZSIEcj9wjP90xFKJZfoaJkdkr2eUnNZJw3K/ +LCMr8Qvc5omLnK0zjnvZRiJMzuP4R+t37eP7lfO2RLD84GRG+bGSAu5geg/qTd9l +zuFjDqUxQOOhMmSg0la+Cgydge9IyZ6urVx0fjJKiAGHAQ1kG/za/Q== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-bad-eku/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-bad-eku/Intermediate.key new file mode 100644 index 00000000000..4118dab75dc --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-bad-eku/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAtgrzC0Mq2OUV9kiUIekjYQ8OzFqmukWwi5lURAtWTrET4s65 +WArcd0E2hqzrtFQEdx/P9h0SxVg4Zf8gQfBDnaS/+mE7dVLwOZ1b++KI+2kysrlN +qDSI487hL/QD1Rs/GquVmKFvhysQdgJPumd/miNckIrcsyelKBSYHrIGkgpgN/5W +thaEWQGl6R0E1UZm5DD6Dg7C12YhSvyZT4UzljZ93FwEFrxc7vNtTbaiDzn84mOW +vz1aYQKP29cHxCQC8AJS5ywIeLmN2V8tzGwenvmRlei+E3cCs4aryyTtSr82KS1m +Nh78PTrFDyNd6S5B2HmX7ovMdS3HOr5N5f2iMwIDAQABAoIBAQCjf7AMZHYeOZqB +CWyqDEdvS+PhnGV0lVTb/IlXV8tbf+U5ZqvGrHKYVSTQzowf+PnNt+/Cvxf10KdO +zFY/grhn5OlbympplGUXigJsd2jKTRBwvsdFlHGCEXPk6sdqZj9GB+ejHxMZFo+B +PdA3ve84FBx14ZIZAjluhxidMQ1/qXgisxdfDB90OcR+3KKAwsPNzNqmlWf0H2Wo +ntCB2qlgihzcF+WnmZRonDED7GZ2PlBO+CuDFVX5wFoHD0Qa+Q9Megk+WRofPnfx +i/Y4P9wf1LJh0MUibA2CSIUxNgeiFETMmrc4D6483sZ80CfjKhZkAwaOpaLeAO/V +bjT2oF0JAoGBANzUmwLwGoT2YvaeyYyfrso6HH+qYiDk2eQraV+YudLMUwMv00K2 +LpEiqTM0E7lgL0R1C5YlzAj23JihAdWQbCK0Cc4bNrtl5uxO9eliybX7g1AN3vGK +FfsZ8Apzeq1S0AHp/ujdx8xQJRQffBkz/cVz6km+1V+ngoXxI1nuVmctAoGBANMI +8d0+Q7bWrHozbl9QCM10t2gue6dSH/zFpfutlh3NCQmTYRrDxHqZ9mAcpgjKk+xU +YImsRoV3QWW1CCWIHCjF0XJMOoEDzoHTdhXe4FGCuvxl7lM6Ip915gPA7bCQsnjT +dSgcHx/U4ZcWC6vxrJstHS76TIKllCBkh/v6ugrfAoGAMWlA5f9jb6zRp+0Pm+9+ +5LDr/4TYQBP0zSEJiuJZcdlWGbhxxNOOx9rBkTttzmS/LsohtY7vgHH8GgqspmSS +TZGLQBrGvFeou+dPDtGT4KxOTXNNFy6WjIDZPP1pza5h7Iu3BdPaCNVF9qK02c7Q +UYYGPkn85FJO2jmCd3Tk0GECgYEAyWxILbs4NlM/3IMqXZ6uSCuWwsFbFKC2FzUu +78EG/vqsHY+lpz4jUkGRfrrZXpq8BV2jpsPfq5Pfv4vCctAu0Fu/RTCsxmczu4Zx +tv47bJEyl6VSi+15DmohWIPUWipBrkFmGRp+Ooudpe9MxJiu/o1YxXXxgOE5OJG7 +mS3+VFECgYAWZ4DZUS8jTIRwmRkCgNOfWPUCvY6UL7JmnwhJvBnPBR4pA2Y48Uii +V428PV8LjtWiaS6iz80chAz+DQSm639My5VX7wDhlSh2fl3JWaMk0pCwFn7PCC2C +mCLSXcny7p0KfbTGEMtvQ5PyMM5hipY6aePKxEB3OKpdot++KahXPQ== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-bad-eku/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-bad-eku/Root.key new file mode 100644 index 00000000000..f1ce6e390a0 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-bad-eku/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEA2eIIrEZPPsksDhsuDcsFLrJg3Tk7MZA8ie5vMj9OnEqT15fl +6Z0KcqV3yOZn2+Di1zWr1XsmKpc5TATjMpPfaZ5ex/s6U3AYkTl2I6plW+CHMsss +bG/nOJ952yPqPIab8gPT3xVczli1RnddIQn5464WzubVlUHV7sd0ib/cyIBH4Elu +/yZrCtTCBCGgtbAHTRsc4ahTIxM/ATHZP9wtcIthSbFtb8ZO9zVFF0A5nSgdd2iC +wnWawp+Qq0zJij5oKiy6YqvhWMg7/sCVjlUzU8o/+5qulRNlP6aa1pjxrXJ0zthl +Ep9j/WPFP5A92LIr/kj62qvyScYdKrr4c+FQoQIDAQABAoIBADZsYWI2xcCXG2wC +mgRT+91oLQ3VJ9X/gz+o0Rmp+obLkhY+GO27jkqIzlzeQH8Js1+yRlOyyRvGXkeA +yQdvLFUDfAVT2YPR8jEEO2A5RcwnT13+pgAIC6d3HkcAt5eawAU5s4h7m4znV5Bc +bGS+Sy714ziXLC52HWvhYliuFgX2nv+3BRCvN1kntFwezoxpWo1+s01n/sjLwfoW +JdWco+rdI+XMQf4XPlS19bNP8fzfqyiCfblynlj96rlOvRJassn10e4PkWWX/lhA +45acCzl5ob2HHPOcVesNYm8JGZCTSaRh4eQbvPwCJnzBzlVPhl2ZaMjdvGFoA/Ym +saSo32ECgYEA7nUHhZFdO8blZipnBpMB928BNM+RdJ1CVaurSfhGMMOI4Gw/3Xh2 +kpd7Ctw1jVyiPJEO43OVE8OSxU/TVxB7/EupcTSGDpWUAtwFmFGVV2iglCCv+bfO +T01mFJaUh0r/x4SPtgWsbg2qQowbsWymewyVgp7li9V/zAzth2R5lp0CgYEA6emF +dRWEwColgaKx5Y5N/v8EGBwr4lt9e/469w8/w7KHeuhjVbErcr/OFO3LMSpSZYKl +NuhItpsF2vn+RgOpgdivk07W+6+CWnkI7uuflYWwDGNlJbsQdFFYHXdqZkraGwuc +4F/Gj9poTvSBmuq/+a0dXdznkLjzwZW9DkxjANUCgYBDsN0NwZIh4fhE5EySxTCN +uOkywKmd3PZzs2PQf7YNKbS1YIVQrV2bh3zaPGDHXECByPvc/XaYQbBsapin4noP +yLq09CAKC9QUa7j64E3wnjbXVeAel1rtkB8mQQiwz02EqdDR7xJfu2lVssg5uYoY +7B2VEt4+r8CzgAf9ozwQ0QKBgBTxn813+8bo/yq4Uo1nTHyEgO1XuGYwIvAzNzxf +1SnElnTe0eYeUvGXUvB0yjjAvVfxdrGP4tLW1pNgxu+l7EuAB1h9OqqWcGmBZNdf +qY5NxhGV5LyYH0UK84TP6Gr4UMcTJxy/9ptyxtwq8F/anQ3R/kslOGaw6MJwkdjx +5ftxAoGANxbKqR7qdhOrsR+oeESl6xBTFVxYv0lQPul70rjV4/GHQ5jY4+N61FFj +5K5MHWEngoBVmIwVDNmo5hAgdDssslzMYp22d05alkgkcear7pk5dZd5BcYV+AmY +qbAXbA6Gn/s/+juYQQiTbR55xxeQr3W3V/D38PVi18++TYKmFzs= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-bad-eku/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-bad-eku/Target.key new file mode 100644 index 00000000000..37b771446ae --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-bad-eku/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA8AgA6l2T+589/bWub4kCuX9LdblRy+9v3XtQtiqn+pxBiG6h +viuLVCoCyMAs7citdZ2EIsUS2GOsYIVCPeLFWQABx01jCL+iY8/d/EjmVeYsXNa/ +4dEZCVaLQ/K+ugSBM31c7iY798IV1VcRTAj8SOT1i9Fiy3IQfv6uhP/41jUggPO5 +WaN/Hb9v9W1rKeSxXi4gzIAE+G1nBBhxrMPPU0vKGqEGwX3X/iSoa9JSGEp6rcQv +cOGoZpqU3BOyJk3gYPFnVzHxANWyPDFqNFJ1K9Lz07DW91S+nLqZOYJQAu622MS3 +zggwp44tsGt48RknzcXDpPLHkbNeYZTmp5Q7xwIDAQABAoIBAQDYFAxm7sjJ6keO +/p/CTk/Cl2Jh3utQsAI/GsTEyM+hHkssO5OlM2Pg51TMTZvkjxP/3kXWWxyk6c2C +slO4jE1l2ki/lt3BQWo5eiX299VKnMNw6+2epnJoYp1KFNs3b9izdnZS+N5hIjov +bIrorOoX4O1e6aaLSOqquDB5EEl84mY/pdUvbDaIParYrTUAw8Rpc+InNYB4jMGP +M1uWWkVzfRwg7BdwGYC5g7Dd/1vAlT9PUwug8fDpkhCM1+qaMzaWIvt1WMyFVzkt +7tIhgd3FVQvHtb8XPLNvMnaSfoqfjiQpw/YUR9Cg49XleCP7oU32gVhp0370gvZL +jBnLW2sxAoGBAPtavP2uay8uBICyZkBCpV74JmnFyA5sjCkKJyK4sxsb7T7uxK0z +z60dfrvVN318QiNnpAaqFfpdJPOMxTkSAOMVsDsOeterHXXdxK36pq+Ppsv3Mr07 +s2H7wzijXwOXiRSMIjKvsvI8yQMjeL6KGKwTyvMbhz6xXwRuvlaGhN5PAoGBAPR3 +sNAeTpOv0lF1+ovWP1IzzFkBBLUmaTKStpvMLyqBB3mO8PASJvMyYSwTmDcNoyR4 +7ouHNxNjzUOfWHAsvFAISh4qzLVyHdTolcH/1FRJWvDFloW9eJZ3ah/LLgh/XxMH +JpAI7ZtOxGzVvhMDpDzpuhzzDdSc2vD30ECYCSUJAoGBAMg43qVBhDYf9QxDj/oO +XMcK6yaEmzkKNJgYc1ZQRLQKifEAqADEbeEbxrF/ReWazuB/FYUNhdZazi2H7C7q +7XP2+dwBS89yilQypRJlwNPGnXqKXouo+9rIfxkl4nDtDBAnFLLFjMkzrHfokK1P +OhoQ5jDDs/c3uVXBlbM9Eqg3AoGBANYZjOx33nFRZmyZWpflRweC/dBlJ+5OeYsl +GnBP3m7nGdjH6xMVkq8izB+B+akddGeY0bG49e8xVK+IejejtjiRSfgpm6a9DotM +Nvv0Rcybgd2j7jOqwFVmt7aohuRCSM2tUYSLjSybS0PV3eVhJxGB0NFRvCccSFMJ +dYVcoYWhAoGAZTI9EAk+bdmt59VzagxQlPw8lCO9Xr7k1fLsy/NBGS6WK1DonMPc +K3eofw5F43kAef5RGewWA1lkrMm0uKt85mrBc4VDEMI+Rziwvb5sOA/mtBvJ1N42 +JIQ5DewZVQujBRdoWk+JOEtI5s97kHURj93EJiuHzSKOoFw1pjhU63g= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-basic-constraints-ca-false/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-basic-constraints-ca-false/Intermediate.key new file mode 100644 index 00000000000..548328bba64 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-basic-constraints-ca-false/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAu768KePAoisSp7J3/zChA9e5qgt9tCpL5Mtyy17/NBYGUeLl +v6CuCxk0w0WxK9+UPJwAHL8faaWmCAQgyQoNwmkLpmNjq5t2W9Ae0SAyArxNSwJ+ +imyQNLErrojamf3gd/aXVNz1U2SDh3D5A8SqRSx4vLCb+hHroIykYhLCgu5wg6iP +GSYc8GDkFyC/TNh2kEINzYL+6Tg5ythywI/PmE2vR4J3Y6duwOis+EyosbAgCQN0 +Z8wkX5EkSjgFymQ+t+ADpXlEcTIZMcsKAoQ5iqcQx2tgcoEWP5ys+K9GxCH0iDCo +jWKCHDaNsNkAu7WM5XqJ3mz9P/DhElCMHAIf6QIDAQABAoIBADB8QKHc1JnM3+N5 +Hq5Dw8F3S9aTYyJNLg5nUD0fSm8MJROuskC74VayasLnU6sN8X15mDnUTet9wRQe +5MymkQkdEcolrs7ZtkZdyCef1eqI8LknasCa6t8AxlQrubC9NOQmRcy/x4eC1Mj8 +rwJ/Hq4AnymzvoRlbmGnEKjXSW6AbYBFmFP+Rn87Pedo2kZ7cZZ6fq0tM2vGGvtW +oFTCgsMnnzoN0X7CffEM/ruKodVCZGR/m91W9BCovIhHh34taqaAJGmR8kiMi1Lr +wBbqoRuU21rhmGlie5i6fw8HGFdk1pZC4lPDXAdT/cGpEE4Rt7AwNBBMJ0gDgkpP +ldKco4ECgYEA9oSy3/aJ1vPi+F9BgLBIU5XSEKKZ+ESkvbzZelO3gVkuqw74kBx5 +tICKA+ljOULaW6u0+7h7UBero8lfysam0WdFqaKeJnQLXSBqVPzRGZfvK42/BeYK ++iaxsZOJT92R8/Wmnkt6H9lPFbG2KaMF+PQ1E4fmJ7zlzitNQCDGopECgYEAwvdV +wKglE5xMHDsuQAc/cNSnDwkun+z1hFoVXHmRY5/ApHNkO4TFI4wel4EmT1pxP3U4 +Unac39e2mEALvIoGpwUlCgQ2OHdab4ppTFvEs0hvdci/Ip1bs2kBnPF3On1FU+Hp +N14AKhMbbHnptialekp7xjk9ht8hfD1OWQggo9kCgYEArH7aM4Dtnq11alotGYFA +esxg+ybsGh7eL64Pd1tREn92+lc1cpGaT8WJzYbn2U+AP5j8wQ6rqrWFcswb7WXn +oKtkwXh6tWmJ8hYWkXV+UyxPPOioe9YmZDfjKuCTuoDN+ikv95/UyqhigEmjr6rV +KQiogwwa7j9thkAig/brRyECgYAgOJ4sc92Eyyzs8X7oSApdDFf7rSnOdmvxDq4/ +FTxI+artwsBK8dtez5ZytX5uWOUkdqvzPPUaLV1Y9iS6aRlGWxxO9nk7hcYlbvuO +ChCNDKiXD7E++ECievUwSdvJh9CAV3Kimt9uFLBQkilk2Cg6+LpR/T3E33V6QeuD +3Ur/qQKBgQCjC4YNlyBE8PE0NX+nRk0kVpsINLPEgDIuv4R77UTwXpcJqMc5LXIM +uzL+0eMh3yWHfY3+UiUslWKPBGs+5+VeKObr2zXZAn1D+8yVXkun1QGFdbaYySWF +QebCmhR08CPbjI+f/GrzBEd66P3GbWI3vTfoHAdhbvsLuELclMN5FQ== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-basic-constraints-ca-false/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-basic-constraints-ca-false/Root.key new file mode 100644 index 00000000000..ad0e1ed7450 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-basic-constraints-ca-false/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAqKUOBreZUa39V1C6ADzOS6X4oW0ArjKTMOyjG1jjCV5OYfp/ +8SEapo29ciHmbYIzfiC+ZlSmQpIY20PvCZPYtG5keM60O59EYp9z3ekPEc6aoYLd +MgRx8kYD4qF8Ni943pe4e9o6ariBfNF2F3I8prp0Szjba0fTUvHgrRdPSP4reqUo +qlISTPbCTiO1suuc4WuRBbCnP2RvvAiWeN6f7Sdb2DO2gKqAQKejxJY3cZrvpitd +B+mN5ZuESqzbUmi5gHS+zqfC/rdFN7LC6Q/5VBWrfunGhgVKJvi2P+ynCk4AoXM+ +89t3OA+8N5t8y038q0vRov99HbHSFA10vKSNEQIDAQABAoIBAGRNFpSEKdncg2ql +BpsRjxiK897+d4MjbUuR0kh3i0CNKE05sVJ2f+VDM8NnyiajY4DGdLdj7SZ2wfXW +55popmBZr8PyHFvBk+icMUtwS5gpquoYbPpMjoCrh7AIn1mSzm6FCiIPXuMOLWVR +Js03Ej+PcY8zl7yskVEprpkD3hHosbLzKQDlc3CiWCGq8uifyiQUdT3KrcBOaJTl ++RN2Cumo1Mcu0HULGVSNVbu9UcjgxGQEp7fDQQWrr+wV0JxVSEBNre4a5SBn9vDr +IX+Vx4f0cfHOGlLx4r9TAeFavaEt3/0GBDka2Dz1hSzzThXdjaYF272AIGx+Tb8l +HXrpyUkCgYEA3nlcJzUv1IuIOw6cb0/R4M2sHGYgAH2PF+yqUBh6q3iXnPC2H6Iw +zwCuONjpFYdU7CSz/Cgoi8ejoigVkJ0q2vGhsB14E85HT23LHgGbajX6jgTPoic9 +XZFi5YhvuLB88wqn8qUvCKKIgYPGO7DuMiDyHQ9IS9f+GliKpAaEZc8CgYEAwg8P +DToInIdLgPTEO8oa/ZyQg2mQp4aT2yu1PvjE9X63jpCqtmiZaZWTIPXFSsChRYiG +ww9dOZiINP7+xQaeFXsK6+/MXvl/PboF/3F2e493aBlHeOQbJ0eI9fQvAQ51+efu +y6L4jqLjhO3CB7SxmlydjWkrkxN0GbA4yr9ndx8CgYEAivyIjNoWgpOVTUfohUX5 +mZcEUk2e6o+GiOzKzfUtFdjl5x8euI6MLZaAQXWJ0HBWppybcQnposHbQaAHMOxv +bI8Oc0dF0CHLvRybi6h3XphQas8opGYdWUpN3ZYqLdjchr3+hIGb66oW28rmWj5D +4T9h4rO8d919mxn7q1OC/VMCgYBWX8GBT51Znlaa9VcKjbBpxXAFLc12402YNeIc +PznbUyV8TSPOwMvX1P2BpCLGXOrrOhNRattBsYSeogjfxUxDn1qDHV7HvyFFZjEZ +O3VTFc4+BVJsmosDdrGdV6w8OiWEsBj3hng/dHz0Q6cjKugKHsL5mCAO/I+mh2sf +wwXYXQKBgQCkfXXZi1g51FoeU0Ck9izD5sEEiL7pY+ngsu6xb+QmWJDhGZ9bXh3c +XqP2nWfBMF1WCun+4wX/DXvI9sAUqqUH9JGodW6ZW/aQmBAQlWy+TBVdDrlHiW66 +JwC1eoL9rG5OBDexv+oEpKL+UzRHGBsHmU1CHYYqm48aLfOTm8R76w== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-basic-constraints-ca-false/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-basic-constraints-ca-false/Target.key new file mode 100644 index 00000000000..4aa97b998b1 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-basic-constraints-ca-false/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAs30HKTPf6ut4f4jvE3j/QhCmrpyNnsZIN3ekLCeBzamyVLWE +zQqhkBEoHYUPmoikoXU2QlMZcU3aFwKfgJRYVYcjR0e+imQV1hVv/nOi5+haAUgz +riGhfKM6WPwsJfWr/7s9/+EvYth57OXWsDPczmjK9Za3Dl8igAnoymwUZISXqcC/ +V+StQkbGWActEhii0R9dQA6TGeugS0n1HvaL+W83luQHBHG82tTgPz1OPnFA6Dkn +q8gttCJFUTKKxCEQhP66dD5yjmRmJPaievkQKZ1IWVepClm0AGBc4ZNPUyOhLqOj +60ksitEturtXw6RfeIVLjbBqifDMur5giaicSQIDAQABAoIBAQCVgTY+xrvkFQFI +0gm6IZYVNINyfGqmbyjmMtzn/nxrj8dAMfaNSCatNu1AMX5+zQS8jEKG2msd6qgX +dJLhai9uBmOHUyZOZfGeYjroKu/t1adq2/ZYPCEkDV5jkqE/eTQsjo2lHq/22LQu +dH/wQzLQJ4+vIzwVV38IQbjLK12NH1NzxW0P6BN4J14zAkqu2eiwkbqVvElw1NK0 +KoYClz3VUNqym2srpY5kRvpmtUlbYt9xgYtQFvhSjZYb+qzRmJuKhrtVXOdEYp5a +6dC4+pekhJ6zoDUZHgiMZZvKb2Pqec432147Vsk0RSi2D3+gY10yIkwD+S2SXqyJ +zbxRHayBAoGBANuf9I+iIKVHoPpp2aFwoiUK74QohQH0WSkGxa9GkVCMRmKHumQL +fsEeWC6KaXaevs8RtrBT1Bwv8BroAq34ZyJfqsD3QyNXpudNHofLFhQx21Z+LL+J +bvarcp5zAr3Hyajf7umcftgUtNYweBUADp1OKb1T6znLvApmEd7v0QJxAoGBANE3 +S+wUc92ViUJAa+/quvAh22bf88fZq33hSK5vycxjbOWbS+GLm6O6P5hStWzgUFba +LUylhcbXc18NtnzLQCoXmuG+j04jeKKAErA0ycPyCPoYNmJX6Rq/EUMO1whcQ7u9 +AJrbJ4TWwu4p+tOtcz66XjC/LvnBRtCAHe7LRnNZAoGBAJagugbY1zMEUW/tsQl8 +SnjFa0hk0fRpNc1hi6uO5pMr4goptLhw+dpRiYFCBNsKPSufpoCAvfUnG7IYdd4D +hBibLG10KGPQ9fOlfM79hoMLPrevidlD1Qrww4fQsYyfvbtI+n7WiliAuxY739/n +Th6tQQtMxwO4q5smLhOMvvjBAoGALFATA6DdXayDkwXEFt/X0m7JYsPChazj9tiV +pWTGEEVq1kMLUm1YfNhBCglSpgno2kyB1b8lU5VkuVhVM591KrUvN+s9vSYkMf8A +dlPn/Fmybw5bzn6iP+kCRfrJrtqj+gqxKxuKBkfap8k6eEU/qKSeuKJ1166JSjYo +oOBrPpkCgYAXfwU+/L0OqmSp66DN2CaE69S50eY4vPl7JpXG7OdyfBSfbvKQ5bL7 +ADmMyAsa7zGvZOlpSAdKxABnHFUdLtuWuKhHfaCX7oNXJF2E6W/CLoWo2bFBMpBB +jEhLiS+6YoA9Kr+8LKkZ0MTARc+SbhCUkyJU6gY+dpLrhRYt1JwscQ== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-lacks-basic-constraints/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-lacks-basic-constraints/Intermediate.key new file mode 100644 index 00000000000..5ca202507c4 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-lacks-basic-constraints/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEArCo5gFOe3hJZ4+F3TWLzvF66iuOgcoEQtVU36RaL8zlCcRHn +2FBeCPVg+LtzietzZTBJxxBf+vcNoq5+jsu6uGS6NpLhwBYVppMTYnEOX6apT1TR +YtgUqbVK7yd0gyoz7Z46uuTE2QRzNBv8aOpNb9I9uiUEGCw9xIHdAbi0/joJxipy +hOb6AKfbf0ygyUa1nPwV1EyYjmBDL0Etbaf5mdjvksVs8szSUMBEG6TCDKh6ZmSu +dk0RA7TQCm8B1OJtkEIzeBd4i+GzVXeb+I/SXwgIv/lR/o6Lq+r7MRXLsu38FnjI +7PtDxDVL2nilUw56XmOT5PYCk6qapMDhf0UbOQIDAQABAoIBAH2nc8BNR64dBq5j +aId6qRnaqZuk9v2bZW5zfBMK+anTKMMNpoEiZv9y2AuyBGmtBtPbon0/Xk308mbB +pGzkFKtwGNir60ge1j51Kbi3ex4krX3REeFqg+o4/y/9Q/RXYP8UdRjizyj1Ln/h +zR9loo7yi0rIqWxbHdnGTl9rR+4jiviLV/3wkHx0kEJok1EhNAvAM7h+pwNNRFhw +uibPMefe/Syh7aBeGrch8FfKk+lgnRHBAC2MK9DGjE/vdyJkWsuRbtFmvYbyUeJs +uAD4Kof+imLiPo7eNQVWEJdQ2449J8IXjiOX1bPrKHohTToVRl0aex7zNOPEzYbP +SdqYAYECgYEA3mlvy9pSfKiv1/qeZN4wMqN3WnEzxxYb7FwimDZ87RlJVpjcLQIx +EaEaHXfMRjCzXvDD+8VAdefGjaW1ciMsX8wxWM6TbrMuQg2JLBG24QmYvuT/jRNO +ScL6YxtEWbOtAaDblc72d4qEFBXqZwYyjd5zKbY3iFgXNcEoUZ6as5UCgYEAxio2 +8c1uAYjAq2hJ7VdC14LD+Y2O6Kp3w4FbBqOSiFUj4xJ+HFjYv+4i4Nb+6cp2zoxf +pj1g54KXkkwVywcnfWOT3CVEwulxajvSYRl/m9QJliWUgBtZ7TMqyvccZtOprOw4 +Mbrzv/Wx7BUrbR+Wr+bSnP+GwKvf24OpQcUq4BUCgYAC41WbTQtzKPGXmV6DKstv +bOX4261zcVsNd6jPVy3KGmD0aem5/+RJOVFQfqS9aJZ7rh6tX0NWBJt0bWlswP4r +hEhDwfLyJgt8uhZE5zn7tBcyq2CSIWUL2idMMCd0Drw5YDBZwqU6qibK5/nyOodf +hjrymLYh5BrxDMAMR0X0/QKBgFMxweN+NWLbgNf1bqP/8IX91jzc21R+zMz9b7O3 +1Hr8E5bvWpaYDld1qJrwaBDK+Vn5wOZP+nD3eJ7o5nVYSZHwzlCsLNQPoZfSCZ7O +T66iNGwe1tt5oCVfR+XyHLBmyGNawLTQIilDAzF0Kckka+TpaR6UgIQ/JDpKajK8 +jiWJAoGBAJBA5yY8jbL+nQUTD2BAY7KeRFzx+4564QyaLdTFQkqZTAFSy9iqoQ2m +Y2hQLAbn8eO93yvmcVZo0LMhOtBzUE08vyvCMIG/VvU7w21EvC9EXTjQSRBn4D/J +4zqlnFhCKSTgnDUwbeIjKzxbNDIsZaR2zNGP4F+34bbBgFdxbi1D +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-lacks-basic-constraints/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-lacks-basic-constraints/Root.key new file mode 100644 index 00000000000..cda85e8161f --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-lacks-basic-constraints/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEA1aCFlwGJsjHx9fuZZvlHpv1lvh4174utdb+BYZ6qVNYCh2EH +1E4KxS2aeOCT7rmxqgYUkRMj7N2isYCe1K+NdzjWO/ZTpsLPrzdAnsRwI8na5TF3 +yBujndwUsnl3hh0OSFhgsEZpHWpLGxm7xuLFs+oaedy62xAPMVKbc1UJ0ZeooQLl +Esg5bcB1DpAvSBwmtRnyywCsQvA75d2OVbXVYeNHxPsPeYOuasrsS+OJ26/sRxDF +QoKQi2Eex/A5i2MxHIzVkEiCmqCkhKEtf006fTox9QO8zs+k5VNDI+3cRs+MKNHd +l8iTD2zPD24cqMLEUXNq8TP7Iib7w+LmuTdy5QIDAQABAoIBAA4pw1Gcp31p9EnD +sYrzMf3vROSS6i6Eiy6IUNKhC1fujGJfW36G4g3qlRg4g3ZLV20XVBu+Mh6NHzE3 +ftBJB08FNKbrEOa4eb57IkykZ27n/hw96FwbAQEBS1n91Z/No1nGijqFoIhzuKEG +Vr274TGpbrHvoW/Oo8M4X9gIpkr/7QY/I+NWVGWMfxniMN5hqflx/lEP0Yimv+xQ +D7PcynujOkyHIChhwkBwfwEZvIpeI9QTFXgiowZj1uHw5Mjel2ld2K4r0L9kiVpG +QGDIzOWn7Un1sRdjiglZCSFkAl+GCwTKdBjGh/YS3aQeZ8dPW6qdpI8+dB+2RXiS +4QjjMwECgYEA8fR2BMREcqbxwfUMktVf+zKHeEHlrw4BBgjzs4b7fXPkUTbGMElP +7uub+WEMj2+kjXzs+4gGrgNaInuuEZ3Xgnma8yx1BtvUZeq8al1Oa7PVaOoQALCP +B1zvhR+emls+xIfl6kz4+WdPbOgX8jvW65sEPtcMgoZLFfrCTaNN7MECgYEA4gcZ +GAPpTvGlto2vDGsLVc6UJHPjCmB1VWFr8gacvwLt0lXL9PVJ7ENWVs7AQcQWUUjg +0yR4wLXuwQn9D5vNxZ37A49WZ5U+YmAtT6acI2zm/31udWlWCVwjQejnhCv/ZXsC +Z6RylXAX+s/XFcMNQS0i6/JiMOU/dXAFsgWT+yUCgYBqOf7apuS6RYtcsV581MtX ++N47MQtLKOXQJXwBNOETOh9ifJ7UsksyxSRsf2xJSSXArLlK0XTFT1lyTESnHVpx +wTwDSWBzy23b9QwV0rNMW971OdYex2V0QRwzoSc785WCKXwKuxKQRQg880UYJ6d7 +N0rM4BNw9s7eboKCHZFnwQKBgDz1Yxwp+eNToriwT5SOzhjPRP7rzkC/MQXc52r3 +w5B0bsV6ZC5ldRFmO8PfsNRL2SUE/bWUMYjvyDuBwSFTiNSSPd+A6fG3u4J2o+HG +cnfPaCFhp8e8p/qQQeYFtWLdJt0spsJjBJAvEhiPs1doKov4a2GtFjRPr6SxmKeh +f36NAoGAI91xdaBDOBiJ9TeTIfPLvdwJ3kxU2jtg11p1OmOnSR8Eb5hE8FjorHLI +1PewSI7OZpJ/RDbbm+e0+tlR2czTerjp4sYphYZcAm/wmcBmLSi0LMOuTLPuDJ0Z +0S3wD1WbmvNJZe+80EoCLEt26WshDyBqTy5MOTE/lhcWOA7LBbM= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-lacks-basic-constraints/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-lacks-basic-constraints/Target.key new file mode 100644 index 00000000000..341337acb64 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/constrained-root-lacks-basic-constraints/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAtuzvJH4spLtb4bGg1v2gPb7qaRvcZdA1qxrPCgj1uvOWmVWH +FNX7Q+Cpq/fm0fwJU+OBWxq6tqmTPiHJZRFUynd05dzTonhyuFk7S4Uf8rg7OB5W +Vcn6++07C1URdiQjTb2S+yyHzgwqHRZgkV+S1uOmxQJOJCJ2XUUONZ70S/Wh0l4L +FZA0ZMcTOpcyASUGVTQ0wZUX5pMDblkvaAqm6oNwnzwOsSny6xRpGezvQ2SevxUo +2ebQs6nantqohjYhpJshyMLc2AT9qRo7FWTr+lChcYWbnxThb5wymC2CZHEcSo+8 ++wuYGO/j2T+a3x65Cau/sNQJBeVHFMG4BVnMLQIDAQABAoIBAHX4HU3ClVXzgpDt +9hVQYbwQWKpKjnuWqFXdpzIIjzjvCOuALepxCWdABwxhhplbWkSgjvbLKSjN+ahz +L6efYrhkC56GKHI6DXn4CfZtNypYR9CsN++Bn/xChPaM+QLg0We8X4LeuAJY8/vo +R4TZRyCQlietkelZ1E3YUA6ioVguTADw08W/CfRPbkgI/gPPpCABpN1QhkhFgg24 +Ea//16/j11CBtXrnM2e/m1m6z2L0oVRHZy71+fIY6XlQuqpQoTgVnGjz3vqTkqaK +ST9rxPPB3CAjl14q7J9YWCqeGKW0+WslxL5+X20CP3GuVxpvgBYv2+GNn6CXbaWi +EkvZCF0CgYEA61mQECrCpI9+bZXKRyDLGCb6y0RDy72HxqJsY8fPfsab0PXAwGwh +gxN5hT2fof0hQyhj/MgPqRWBKrwbEqXNdAJNqbpHIvrjDl7RozQ+hpk3zMm7+Z2o +P5TB1I+g2xAiayKxbpXv1nXWlYZ51Pbu2Yvr3icznR7PQVvo6Hav6hsCgYEAxvnQ +arO9X4zuKebsXYApbRhwRXNTwlP3GI5ZO1dX/wVQSascYVPQY6+iepsMd3/XT5cZ +ejDhuAEvn/wT3nhAJcIxoL6F2pGqL6CN2b0/+oYw+xGtnbTfuqHt53ep9LV+nUm4 +Th1f2ZQE0w0fyat0pbcV66sjGDYl4l3qINMnh1cCgYEA2gIo9RDnJNDXaGOs8J5s +A394KfqeYoi60UF77iIVD3ait7ouRxDjKixMESS4TrHQsgkkNfCMsS/+aru8yFVW +L/RCRMsNQlXtJk6nGus2UDB2A/mLavqj8+G0e1Zgxwv3Fg8ZFTtG4/5cPD5JdQEY +1+RJJYxiv1Te38hnw47N/akCgYBWRG0mNfN+/90qcaI9D5nmYNgcZFoGQN062ky5 +u669NJKQvg057VrGPZnWSm7nSJgTO9Gh9puGaY06cdIzfDNjq4RUywXBs7HzoEqg +ArtAZPnLgOijHY56nkZFOs6G+EGC9DliNL4f2VsWHfSQPTP/vRdV7Ab1MlTOhiVC +Qgo7VQKBgECd6EihKCU1642VDAMTM1opuP4kDYQHvsf1o1CU6m3vjYFfqPSkZWRd +Ah/DyF/pry30Kxrh/9a95pYMdHI9eyik7gPt3MEYz67n8URzCo9h+seP3x3U0LzT +cuWXbkPNENe0SeZDxD4H6hTW7YvIkQlB8cJrBhTNmmHwlnOAMWBO +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/expired-constrained-root/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-constrained-root/Intermediate.key new file mode 100644 index 00000000000..4e93deb9be4 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-constrained-root/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAnd+ADVPXSaZERzQMyupVmuDeOWHfGrWXTjdbEXhRc/Mtmorp +s9dE+Sc26RvWep3HfRF+y22SKnNzuXZ7MrO5oqWu6m5f+qq0VYthac4fo4fu8fvQ +GArKNCpXmhiSdSFSIe4j5FpBkDRPCC4rGzUliKFMSy5rIfVr9mNjo3rTmD1v0LuY +0IzL1f3POx2dmdFGL0M6hhu6J+PYhdIDVn+Ep9I6VSyEArhtdfkWny98kxZIFrZl +38UPbNzYfiT58ok3kPPaM0i+CNFN9/P+Ttz9eKHc1UUvv6J401uRkD7YcdSXJFFE +Xyi77LrHcK/6vfrPh8qkhxWQZm95wpw8y9V0rQIDAQABAoIBAG4Xm+6vVuSPQ/H7 +hChE/emBgra1X6X6mEb9J06pfvPC0zyAPrUhG4I8LHim5wye1qyK9Mbb5CAiXsMo +soUK/BtGOxJUYi4luJgnGIl2Km4ZrzGkjtsVOyjhljFpjUiNMf9jWDg4EJyFPc/Q +klLo3wHGqbOL7T3DLcSmTqeEUeZJaTrHYMnvbMbfFYToe9PgwoXYmgxRl4tXta6L +Oea2MURqmL0TSlkAQ53IA1y+vgk52/PLor6DiYdV2WHy7qhrfkWDVsIcGM1nJBcr +a/FsuFGPyXfapssZO+imICGfTfW4IBhDr1WJhse+GwdKB3WBPkDT0vkGi3we/gad +kCfmzSkCgYEAyXqHp4j8ABRKizGiWS5+2BB5C9FEFzpALU0MfHvx/dKxuFG4+K2Y +dtfmXLsvGZtAEFFveYYvqUrorcsCtTYnBuXIFvs5pZ9qp/cLPD38uI+7qQ68RjyW +9sIwFltXxGapEE6ONavep7tPihYLjghQN8e0Qiev9T6roAr0DWThxt8CgYEAyJgv +az1HsTnrqNd+YKj1KbBa+2FZKppLCTxrLuY0FPvvWpHL8HMC1QIYgB+oLlBrabcv +m1Q0XpOwssAPdIrxnk6Ozo88auna4e09TQu1Lw/zzAPne/4e/uREmvI5uanIIncN +jGnnouDxVdvDI5zTS29ei0JFkuUdm7BD6fUrMfMCgYAnRuO7HVFDErGVgQ+NIytH +I671Rs5nWMu6CRMuEVuTh8dtj0Dn+a+HO3+FBFiiPUm35Kg+oJIaBqhlePYGLZBe +H91p3X/XccRxCg/+pnbl499Jjb3WU2l6oVCOizAI8Zpzu1ytyduWB0XyPWnzPlul +BCF35BTBUn5SrM/27Hu3MQKBgG28++wSCT+GbUrgIS4mIIEfDpcJaatp33T9DbIJ +lCKKtSX6LvSrJrh7PgYRy4MS0cByy+ORDFlVOMyBT7M1M/ukBHIyYB4pM2p3zBpz +Njq54mkRFbl6i2BsZq/RpgzROkDImqvfYC52GvEamcXIzLsvASz0I3W6TBlZM74x +NuFLAoGAJ0UAI7UeK/sZ4plQQKDRk8tE0fuYjFaxnYfr2xDvgdvYbyjlJ97Lv5Cp +nwOGJW3L4uwqqQLgS2PUcwwjE+2z2dc0VrDs4vh9XnoP8cmJqyRsVgXkjIMsFk/f +NmLMLaZiZKIsaUWGUN2kBe4g5SIWR5jSmp23K4NspiGwoDa65Ug= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/expired-constrained-root/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-constrained-root/Root.key new file mode 100644 index 00000000000..8a5f3d1d8fa --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-constrained-root/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA3ybJprBxmfnWoDhcNVJQiQo2rOP2jgocAKQlXfUl6SY2pIuu +rKWd25Ujm7K2La5wZn90XTEX8i08rLIVaXDXU3peKpGydwNtKCaj00HGnywhAojj +aAO0J64W6xRZLA2PRIMi2dX244BiCy87q/TTdlUuOdhKYh76sW9rbzsZW/4sBNJe +ZH04Z13lcU+flPkjxXKxxw38X7Vejpd/AJTCKMdOHxViuuD7t4ZZIn74coPtG1ky +TETrVHiFXG2HCkq5sp9galCdzm5Mj2RE3qv128RJx3IwjLyfzTKOppzTE+kgNNk8 +cZ9k7fBHKSBT8NFFvbCnhxJ0ts6MxT92khdzrQIDAQABAoIBAGiFuYRLNxrBLGel +noMXSEO4Nf3rVSwYzh76w8nrrtMzI/sUtj+F35fflmsyXSSuhVVtM6sG+MllqPrW ++zKFOUaPlZXo4qfeQf3Bg5DLSWZ6/Ac86Q9qVLMVVwTLZi09OLMFnYhdMSREmSfV ++uRDa90MbveHOOgWzKPZpX/XNbyhRDgHJaRoYmer38Eyiw8/sE/7iYquLw1nhyw6 +qnGpCcV0qcBm1cshIyFcIRJcK5mrDC+LcYummN6ObELpouU8fDXO9RQCjGlnHhtR +zI8CP2UNqTUCjTyDGjxcHbPLV1PujUSFV8Uh984qBp7owfeR+kZYhRDyQI5u8kcL +oy2xvsECgYEA88CJ/nT1k3VWRxkMOAlv21UnbOydRSAn8nc9aOI365G6EeF+N7Ug +wr/KHTPVEXQN4Nb4JF6sFF9Fr6xpXxUop3uqh8ZJ8zLcJc6DYS84NBNvpUBNoe68 +HJWh5kl6NxzFs6FkWztq/PmtJeyZ11kT2kLq2w4V2l+si9E8d/c6Ap0CgYEA6l1B +ttRVkzcLt9JTw7uEFS2SADmfRySLRi54djzjy0TlGF8cV1S4CguMRyc8wzoVbUKB +fHwvmSTBuf9Tk1KEOWiCQMkfo9P5sxz7Rt6bEx/P9TUs0/GNq5wv/jy4CWlmYYRh +wTEvvIZSr1fmqOPMHY9qMYCwmaJVvq/cg409IFECgYEA2qDRpPgG5HIUJsUinoho +WdQw/pPkJAJJkkK9Q/vTqGkW+b7FVPYTIlqf0D2TWIo9gHOQMh7wPX2OpZkBEhWK +V16mgA2seoQdzZNDZ8HQqXTdaN0aRKo683CKvGEfS5t1AD88IlBTEABp+2ASRINT +OStYN46Urz+tJeNQV1HaKEkCgYA2zK987JFF5u0agleLwODVgt5MpyyTGfxm4J7S +JtKsyOM4m6So1uphjumyCX6vt3kjHxXf4bnPeUTDFOyZ2gWI1uL9+wkm6X3NX81x +eMOR6TJbB5//vs99fPvL2q69pKOH0ch5v+KFlnLnBQquGvWzQ8F06b5hbg/WkpBh +Qjk0wQKBgC8/UWyYPc19IdrgG4lqosqnPx5zycm+TwY+MyJPGYJYV69VjON6QSpl +UUmSw/Q+oVBmgrE5GfbJi4Sn1h/fXnkYuzpWN/dht8rloxiqsPlvrBB8SVCFsegl +l3cGoZz4sP3d2f3KuOpHwDfOPKHLjp0Y9yn5wokTP7awrJOXYTuP +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/expired-constrained-root/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-constrained-root/Target.key new file mode 100644 index 00000000000..c44412a0071 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-constrained-root/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA2ajR6+5WHtU8obm/G/fQH0mtr620r+Bk8/kZa5XJq7ElZXSR +3IS8Aw1zld0Nahu4jHWjA2/IAf8jsOkmA2wkKtTla2oAB/2z1Eyrw0IVWkpoZliL +YN/SIvbgTu4cydA9j788kNivVJ7rG3ZV3PYqqYCXhJNhViz0uNOsp9tHN8mLT9K8 +eRhSv+fKP0dvuRHaqlMz7gW5jy9Ow6W25IeNIeQ5P6ILtIfixLAQ1wzdvc8vHyuk +r4laaQBNbHR0TG9nzKJY0wnWqJOYkxHLqWoV8rzq1xqzrk9FqFgvpw3WvzJlvqkn +vgDBLIW/F+O3lWGlzLrHUMpeJQM8+TNT9r0YaQIDAQABAoIBAAdmSdyveZYKwcjt +u6WDwzuNEa6LRT1Fb6krqsWRjg2cNB1C3UKV8J5Z8rgBj9cvohKEXUpcnnwS5G+7 +PWOYZZJfMn14WQ/sfBSXlq9Iq9kp9mqkT/i3Izm1EuMcDTZ/MdiVM8Xo1+0UigGh +AEJGzCR/DqefKwv280rlR1VdiwpGa7U4rnwAFeEJbXJiM/2XRso6btR1OVEWPXJq +yhrlvomC+ODXlAR1XHeiqV5wLvOPjxCJSy5OUZvdwqBjRVyo4VKFBd2bN3AOufzm +0tAL4zbNVMz95B0LlHxQ7iFIobmKLIknc22SKvERCMaLXrDVxzGun9RZ5mRRItTZ +45eqdgECgYEA+0PbnY6ccEjjYdMbG4qGIzq6UBWKI5sIlV2AMXh4eojSQhMvGArN +tKorssDIKyMoJrJ2whDmJZoLS7GWqcZmMkOY5P5H6kWbbZdR8NtuwhX2Q0LSaQvi +2uuU3a3cRlq5UUx/CPfTW0BOeSNG0x1aS95L8E0SEzhXrbf7p6XehhkCgYEA3cLX +5sQKmxjgu6H8t3rspkH0sH9QLdFFr6v6t8jqmVkC+8qALnz8t2k1qOBQ8oTDOg0R +TF/1fEF4oIGoRp/50H28p3bfrYEN/nHGUm6IguSG0K1AWex0g5FlvURAYqRepNbR +zyUh2V8es9l6vWD+nY4qpQkJU9yjYnHaUoOmTtECgYA8rgeUhkNLbp7TGhtazFpW +mbEy8/C3ZpJtF/aEe/aEiRRV9rIR2VISRmJlOd9dY5Env0Ok3FXoUMpXjly3RX2a +t+5tpucRMZw2nCuiwit+XbVqSvHrgn5Xpjr+SiV/LBvDAXlQXiFB0UbiRF2vUFBl +MBsgvkwWLi4met8gfpM9yQKBgQChYoDY8eZ+BNbX9gUCSjUasXkvURe6oEfElrX5 +NgB05PBk6XPrYQ5RNAHXCpgeRjwFbSkfmd3/NW5h8LnT2+xjrH20qbASho72kzov +Fz3FdCYgi1T/nDMW5KNT3+2zW8d80tERnQZLOQwQ+r52P7ZMVv/15uOg4jsNE6o8 +zo4jYQKBgAcx/PAlX1VRDTKgTpmElwGxPkXLQM8wj87nbIUZk5+kAAYzgsS+JNXj +bO0cpmrrsfrsX98XAIfezuaMM+4pExTqZnZAi48ay/a8j3+dpL5wcStJ0TeP5Lai +Cm+iZm8BYARqrgwaWMWAU4D6JL86S/SQdjjBehUMLSENnKVVRXk/ +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/expired-intermediate/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-intermediate/Intermediate.key new file mode 100644 index 00000000000..2c00e4218c9 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-intermediate/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAwvN8CdwFeJZD2aWQox2k2C72LcROje43HTAoRPZQ+ZkSxLa+ +RA8HSCJn0WBCYConYhXS0S6aFgJO+0Q3jLp6fXKvVc/W9Xwfs936uFfkeHJykPWF +y8N+jR+JH1BD/1Pkp/9lt6/avbGAdw3VouNZNZfQ/DkmtZqvPHysWgWvyphAPyAc +rjyyNedS/wGqgxpnqneDZy6VbnlJ6CjddIKywBeBnvcqHcIUfCoQtBYZ4VkQSDY1 +yPm8NTaRLcmBpBi0L/95bTLKI1LA0zksfsKhmVOd7h5QS12v88rfOWvcVCQMFHs+ +9/heuK/qZ2hLCB8lWxT/Med9UMcVslMqo1qlwwIDAQABAoIBAB6y2MV0sCfdAbI0 +MCJ/eIXSX1G1p+kRqfweqTiy0O18/UecvzlYZH0nbdG6prkd6jW32gq2m+z7UBSh +GV4/vyoh9Ro+MEtX0GYyflio/oE5BHFvODJuBm+Sl7Umno6GV2tc/FeAiaF1YhVd +SFbuFg4qae5N0ZqnURDlUP6cBqKQMLEcXOfnI3jnQoUEU+p1hoXkp4mMf/XmLgRZ +chTBlGvPidmiBcLP8dXB9b3J+FnT/n/cZH2h96c8JBQ1Im/n9r9tgtc8vSqD5FV6 +W1BwoId8IdOrjCsmlj70WeGMbXPnk7KzTFOIkkcn/6rehdNG8o5Py9jUvVKSbp/R +3Y33GoECgYEA4cyppwnECQzwctocSxJq7BKnmENyKht2DYk82ovPCGEwagDH7u/j +lvCt2+V1PsawrjCgCJ26eY27uoLtAZYJoTTg/UDKJ6iRaxxDqgwO3zfXhacnO9uo +3PXdCLjCT9SiIqXOCctUGgaJqLq+PiwvvOKxR+N5qr5W0etufklKEf8CgYEA3QaU +RrPZnnFUqEYQz2VWjZEvPPIGAbCHTl3xaI9PBbjmjhAya+C6p3mH0/hPVtesJUVb +U9D9pBAqx/k4BOQgX2YtHTJfZZLwmClMaSzy15y0ntS5KuS5J8p3V77RqRELcoEo +RUccyBOIHxK2Vj2nBxl45YeRZA17vsKD5RzTpD0CgYEA0QKZp70qcRZBHI840WTj +BFLgP9luu/tfc3gtlD8GDUOphPXkHBCCIx32US49MTbKJPNtr4wRKKNBuoumx2kS +0N4ZxVNLzRoEQZmQKL+wpH8USOtJLedOj/ol+ATOGQdCbb/80KQd3Vlf44e4weQ0 +7CsK3vh5jstRok7DoLJGlhECgYEAm8OJN5KD6P9hc/1810xJhRcuPTsrNIGduYLH +ILLuM9As2y1a+1+y61fge2fhMghoTxPj2tvMBJVIMQnXisribZjqbksTo9e8Kt/f +87czpPPQ7qZnoGz0d7BeDr5xrz5N3PJc2QXWqMHrCkr7qSdl0MEIzGmP8vz1mmgm +345DMNkCgYEApaV0NwADnH+nRv7igqe02y3rhA18OJp4qQYR7pwZUcqi4N3t4TrM +YXLs7zDh9SFeRTS5zXDVido71M9D1IXDM0Bv6IwZSXFLJrSpywU48fV3PBDDUJ6G +H5XB6l4zIYBa0ggoOrdkcgwtjjb7iVFWu5KUqEdjuGhSKu/47FSc64s= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/expired-intermediate/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-intermediate/Root.key new file mode 100644 index 00000000000..7d1e5c9115b --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-intermediate/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAxZnDWqzu3YhVnuQ7AumZv358IC6tNZYGdPgGYmwwVbUW+eLb +mWX4t1gAAXA/fCP/pzlLOtj3cmU+/WbAaUPMhSI71yJdH6rUOYNYCM3jwYvxd0qS +alyD3xtZ3bWS/bBqsCmmE34rDsunDjDEti/3G+POPDgsGL0MId3h3SoYd5QxEokK +7oAwmC86/HJ1nPH7OTHHrGMk1BFAhknkcs653/NRvdfye0nNl2VKj2XAh2GZnIbJ +lpX8vNLEwsyCxBs9GLrdExyAz5o050SQKcXl+VMvIOIclf8Bu+qJ0UdZ/VpEdVjf +Qim8UIm8HWzjNfiFzlfExUdYN10fGwNmYQ0veQIDAQABAoIBAQCsw+e92/1sy8qw +hbPitAOtHhXAvY7Lj0RN+Jz8aMNJ7G8ORH7j+/gdtV8r4sxe6cqYlstjxFd1OXh9 +bd1FK/YhYPEZA/6PtXigYGoUKI+9pXGVbyncvM6/vtYvtpWyIRDmvUNrP6C96ulA +yvryn7VaOS8UD7jeWEvHQIw+JpQF141e9NLMxyYS6KmnsHbwezsNKMYGYfGD/xSu +xlY18QOj9EPC51bDxq4WkwE3ytCNGhRUn/tm06Wf99gXmrIdMXVMLNnkf9Qa35+t +VP+3GRNq35NqB7Je077fp5O5dF63sXbQt9xGKyrIC8kNsWP9SnQakZo4mFEg0blY +QflgU65BAoGBAPEuvnqVlv/d5a/TQXoiKjKR1f/6G/fhkJrTelscYIxaaWx2tBmB +4D3o0+alpPXPi7nok4Ce0zOCzjRxGafKt7N6R2Q31vGhodoQo8vAX9hnPUe2/A1y ++iS0xuDDWB8lhFBPmeSoQ7Op6i2uAhAEAQ6gZHVru0vKs4D4FRwYC8W9AoGBANG9 +ktWt16Vzb1sWM/kQFOqf3xS0p6273mB58zPJ4StxvPjHWX0IXSH3lVc2WPFa8uhX +ILHbcJiQ5jyUKnCAB53b/RqrzI2TtcrZQIKXybCNliu1en4fE/Tn8ZbJKsHEjWMG +vvl3W1DjbSNGZIt3q4IYEaIeJp+s3BxwVSEwltZtAoGAAxG3NtQkgckPHTexA57f +rpkQghtqs7LZJj8+tV4dFGwqH0k7bX+rnN4TpEHDYaVsf8cn6WEcCvHFMgGmc+4u +fEg4FFxpjdWiu6Wuj+84yQY3T2xStNEbwc/TIBUcT/koP+Vjbfd+NREae85VFGMY +qFj+Lkhar9I6io+dpSfhLnkCgYEAtNngCLvznEhjFomYmwQQ5RahRrtXcmjyIQJG +gLtsmwdhyKosMbHKjIVtklvcaZDgrxKhsHrlJcibnlSsG4FqD+Ym4p6MrO9W6+hU +xcaYNNKBUIMVcjbeAGkXWctwQNB4kZC5j2YpqR/RdX83J0My8eRLIB0bdMearDL4 +VLwO9CkCgYBXhGpo90TdZ/DxKbA1GX35u2oSM0JHxVUTXaU/tL8GJW99m+QOarQ2 +8n4T66yFxdFXZ2r9YvQG/uaLqXY+cbEropWSpklB8u7TCGaXoNG7VN1F7QZeBkUl +OHiA4gXzBFlZlAw6dwxl5VLoLraMXDsrHxM2c5VmwNK+MWH1MB+fUw== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/expired-intermediate/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-intermediate/Target.key new file mode 100644 index 00000000000..91cb76dff96 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-intermediate/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA5V1SeOWdkPjmiTPydi8En6jx25Lxs0MZo3wfoUYvqrRI/vI1 +zS1hdudcUsl71pA6kRFEqL051F0Q4BdxA7nipfsIFdJQ3U1n7Zypmz69OpFXSVNz +iys+wOSqycJoMYK0DkCp59HE9ltIPYh0H0Mu+LNm2EG0C2ohOAVlBZmPhHUHVzob +ey0hCvx6ItnTiUMMGhj5ktlCD4bYKNK0yiiahSkbCtcBO73Lgzag09NMWlQGoKDG +URIzAF+FLgq1Yy7g85UD+dgXJBmFoSPMReovLok8BVLwaZUO/HEajyyQVG8URjOZ +vYunXgutrQBPeItpNqU4Q2P0b/Go9iEiOFafewIDAQABAoIBAQCA5KG9GOQkHQuI +nO2rZp7Fjm5kAz7ai2G0EsO/oK6W0nuW8cw0QkVcSYYDbACwwhp3fWnFHZmK8sXR ++Lpk6qgouFqB0M/qnV5DFF/nwykZ6aVQqpnq4mGAisBDY4GkGRxQShxxDtwNyZxe +H/mJu/qAfmjULJAePgTu83Ei5XnWZ9FGf/EeeKl7j4YO1okgrmU5SUbq39x99j7l +m4hJc/GJpaFgYD/IQImgNYZZBgqI++fsbOjJjxShQ0FGcQwdXmhfjLAr2kdLYWeT +ml1+fav0ZPFR0pLAorkvnFQu2lwySDtO7pZaPl6vkFt2MrR4ZAqRs5OxcLVLTjTl +QJUkA6OBAoGBAPkAun5XmHzKn2rQaQV7oe6DawNRhCCbTKAn+mFnPO6XzjlMGhPr +Vrl609+RRxSd6ACKhZQdK4SZZcgqRdu16Yw7TruUJFsmNebfgXR26JdWWD5ZSUR4 +I8zgBmh6ZzGP3Pr0SAbZgMqb43+S3drWf7sJ+fDQB4oHtY45FRkzhvPBAoGBAOvP +Ue1hA/aAZ0fRTpXMA8sTMKr+xViFe1K+t31e7djqy70iRcj2rSNHsd/x63wexrNm +wN9tK/J1IPBAwxoKZbQob6hIfZzMPzNQZSU0vZS+bnfKIvSfLjIg073B89Sjojii +IQhEbXMReZq8cLg+wNwPY+cttXCEXLekJSH50PI7AoGAaizGWOMvEV8w9NHjRkQ+ +ez6sXeDfbyvpU41YdToZQD+Y3tO1dvLtqu9V8sm2vnLKn5hxdwOtL8BdJynnWdVK +vdH4M4HqsrcrWsPJJokhio512DgoRrrXwR9xfBFdeUO33YZWRB1wjnREYHyWfx7h +njaVzfpWjKPW5csvVOykycECgYEAv4VG2TFucoqfV6kb1nY4rnsLkBYUWm0vWGkl +xmGPdBpfF2H6o9oVjQ3x3h0yUUD9yT+vbsfQZb/T3M38p+3B5Kzi4x7dRrhsrFSj +kbBgOarhNdGqyltuvbADyZ75Vr8ARlcH1RseedK7nX1nX304ToMBdQWe05/tXgmn +Tw0DM3kCgYEAiUinfK+KVtWHZPsoFFD+8ToP5Q8YMJhu4hkOci0wzZStfzPNlxG7 +Yo2eOCga+aR34THIxdTh0zvkON0S+yBhM2IOzHnm/D3WJ4n5AcAvL55ppeJvnBXi +Hcfo68KRoT65Mm42RT2IzedRXiuHf6WdNqPhw/Qr9FMSoibttJC5p6w= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/expired-target-notBefore/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-target-notBefore/Intermediate.key new file mode 100644 index 00000000000..1871a3434a1 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-target-notBefore/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwBH70W0c2V4dTEnzSBBOUjF6Kk+XiA9KxAb9bP2ajnezdGs1 +s8GWP/79L+1LrFWzGHXgW0V9gz4AKeib3hinaOoE8mZOTi6is2pRNZ126Hy7ijyi +hSwdsVu5U2g/UocbkinfcahQBDGeCh5Y791yvzcjqJicDOImWgzPs8cAVWVKciIM +tKS5VoRhOElswidjazPXvNS4tofmUdnC5LUq3aHIteqIJhUrYg7gtYOlQrKgCIHS +nxW5JKza5s6hOj58s5rbqFX2nUML/Qk7zexqPFJlTVRx0u/YdqHEUX3vCnB2YDrw +QBHBGGBZU6i6UgXOeVGMrtrzsdMdkoOyXTPhxwIDAQABAoIBAEVJt4gTTqbzlqog +u0yx5S8tfh6pW8bPjW8t/lpFGm5urCRBULwqB+PKPtf9SKFAwTz/uRHz/ZVM1o5H +xYLXbf0g/uvbEECP/k2u+uDWj0DLTnRN72sPQR7sMezu3HkPGFkgFeVQjJ0WsSaB +UCAnyO9GGu0FMLZNFvzBRmRaU7p6Ec2wJd5fPq3tUL0ow0xRXSlnq6MkGs4aETRL +CKgJdE1iVLLKbFIrsSD0e4sYFVVe8oznfjN/nFHOvdPibrDIaSWnZBOMGjgONQbg +zvk60b3C9CgszPVQY/VjLvHfqqmjwc650s0ks2r/bKkahDxmAM/B0kePurJ9Svrn +IcpZi1ECgYEA5ZgspSkGOgBdJ3vllo3rOMd9ivMqouEURiW4RNWreRHnUqDOkqpM +L8WvvQ53LPoHGY0zswA/pBUDMMsS5TFP7636nv6TB+Q6qrMuy3JL2oK9+1O4veD0 +f5b+tM0NJfH/thSvmwQwoTdXtfDmdw0kG5NHgSeXZQbmlmgyLu7PBOsCgYEA1ikB +QVwMt4s2Hi8Q3cAbO5waCbWMZR2UYKwH4mGRsWARUvcf6PWwTVtMZq8AKhavHwJV +CqV3E+Xl1HCUh75FOG51Z1DnRkGSUcVRa64CofQLX5FYFFYmTLSBulTVTwEcqloZ +8f5yFhJsPVXRNntd0e9NItZaVkWoqaPf2m40z5UCgYEAovj59+K/ALzxYu2Xct8a +cRtqCg/B3AxZD9IGkxX4ud/zi7uJ5qHrop14uYJjJhH0qDaK1C0A/7/KnAAKUZZH +X6Lnm6SpSZi/7Bt0xAVFwr27jYNIR8A+zbKo6j4Db0Pwd5cHb8nxmv5lzEhLz4YM +c2aAAzXPSW80jt83gAkT+jECgYEAkiULYUHiv8I1XSW7OchmDSi6sBN/SmWEIvBi +tP7mQIgRam+QDBbViAScv5n+37n5KY0a4ZgHCcIiM/XbtkKG1Dq0zZttKAmJQ1oG +9RebXk+/DymNVNtxaXjo6nIH2tEkca/o8rYzvpI14SlWCvrnDGNkXTiwDx2cOp/F +HDeGvH0CgYAHaa47p1KbKXe89Xn2GWjlh37EXFdpmcU1qdTEXyOMdyMZoKpNFzRg +KATwwarMJSd5q6tf8294wxlRrzLlnfQI7F7ySjCg7/PiEDnOpktzJ4KuveDLpyLX +Ofmr9eoZ5W1iQt/QyWavtl4oR68Pj8TpKh9z+OEZY1Zur5wCLRwQmQ== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/expired-target-notBefore/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-target-notBefore/Root.key new file mode 100644 index 00000000000..fa6750bda58 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-target-notBefore/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA2eyBP3HChrIehGNp8Bc6gziA4OwYfkEa3DRfMdMd6ChAHaDg +fB4dDrQ06umWkv4XR6Jlc/4C3UWFDNQW78Ro/7Qus6JQhYKUxs/9IrQ4CeL9jIdO +WF5q2I1tVnG9IlyiYZPtXEemhX19ziSSTKGWNwXZ6lN+WeQMwpuX5MWJljasTk2h +YvUZ5DiBmy2VGZocqsLoHGMGOj/NC8zjqCb/GXu9wdGoxFXXTxbZZZXn001vyKgr +w5uhfWWGt0NfDXc3PS4GKNxU2r5jZtVkOeJt64Qlr6R1nUzwmBg+AcdwSGTSHCcR +Y0q5xcK9Y/U9gVOZgj71zRJe/0hhlC1Uq5UJsQIDAQABAoIBADsrLcSOHKT5w7Nq +Up8vj2GFe+iV8eiFwMc9KQOcMKiSFSZ2Qb0xZ+5QG3YUyh9LAgMfIrClrR1q/L8I +7tlW2LNktrFrRrWZSM/aNP6xM+3rRbBcJHd120jEzYUFCLdFs4kO4wmFIr9n3TqV +T2ujC+gQnKQ02z+I3bYRDOK+h6bS3Ruupo3j1j1sLy56V+iVSw5u+rQdpwKmB/ox +HPqZHHRnEyDwNFifVKV3F5ppjAVjGHl2sFYVJvR4N0LhxsPh1BS94Zp0nSdBVM+j +19c1TI0bjzEc+zLWWNGBNP8GuExAlXHxNn9WdD40p8ReFEN6FeSVDs7o7JhrzuaU +F+1zrOkCgYEA73vL2USJbNzhDPjHNPiy10EokaXgp9JwJsX9A7wj229cCWKO4KBf +gPQwyuo8YGXM8Pn02ytVJV6ZHj+s8LWC92AuyuqtVUDypnBcCbSeWLL6L5cSNUQo +7KqgzwOcbSaTyJ7Ul9ioBVpidsDDU3xrfv0JSlDBCFRCsLCEQCuNaBsCgYEA6PQP +hIzgnEsC6N7q/PX8Ba6+5I+Ji8cCKs0l5C9BVT+q8o1O9qB/6kT6EVZqnUhICxJF +8t4d12Vkc9ElNh/k8T7FTg5bxqjPC9FRVjfZImS0fA6ON/LqAy5+rWZVQwZL0akx +UjMtsB9mhS1ISoEAttaniU2JFJWNHCb6Csf4SiMCgYAQp91/mOKt7ZbBXjQMnRdj +HScDKjQ7t8kRCUgVkGo2AsK17GLfgIfj4hfapPvaAHqGb/v1mkfrt26Syf7vJtCa +/9eBSV0QxtmZdcsQ6bzxklEQKkOb7Mej3iIdA7VHah1xIIrMnMbiyGx8sd9j2Q1o +4ZRZ1M/4ElQpEb3A8MZ+7QKBgQC7JWdaC3te1HxP7NZHxq5jOlGteQr9OjGphQoN +2VDZVb7WAWQQijx5TlS/nPclyC3ohxOe24aJxrD+wmTsqI7aqJ0F6k8ct/0t90kq +xM8x7El66I6ksAgD6lRmpbGVmPdMRmqTKP5pYbCRCSHsiNq0CJqrmZio6sRke4Oh +Kal0lQKBgHlnMvpIDlFYvEPYg13pxm1sKrmf0YscP5Md7cSwtN1ysVe7hSQWnGTL +NqDPmK6upcCE//j450/V6RhTz9oZshrSF4OtYwfGYs/PxlFIzn2CXwr76zM9Uzc5 +1LdosFIsQDbFV53JcFT/YUImnLfEns92phTj8fAPSouyRjLKtGTP +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/expired-target-notBefore/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-target-notBefore/Target.key new file mode 100644 index 00000000000..83937c00c7b --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-target-notBefore/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA55ir2tpgknwf+kgTI+WAdM/NmE9VORSiOOJvaP4DbppAnitH +iMe1B/YnAq0ieFVzhG/wRDKVzJRX8b/X9E0dZAwHSepuspEn4Enz0mJljCxDsJGR +EMgjlsxs2hHzX9qqKHKR9NSLztxqxmF6+pYfGUDEXkUJyiAMJBl6MCDJr5Sqi8qJ +S3kNlu5TUotauNqoJf6XBSmHhF5zh6zub7U+yYpfhh1aoHhb6sBfdKRNo9kl685w +UmiVAgvChEYLRZIZ1p5pmgwu2rYvmkQwcSKq7hwnBOR3u5FE7zlHXBWkIHCGsuUA +d2Vg916cCNBMu7TjV+B1iSajleBOsAm8tDoxQQIDAQABAoIBAFywUI9teNsHjHDJ +qcdjEa8uf7UmgxAuPuKPVVFq4ArC93uWDLIkY0KFdIVwr2wDnxDxD/LrX+KZuDzL +r+1Zc5rX6Y7eoWEcER6F2mxn7wZTrN+c0rcpsnym4iXAq2vAgvtfJyUab73hn2Y4 +G1TxAg9ESZMFBG79tn44KBvc83suPLQqAWkhTY8KSxJUnPSLREdvntUwPmAJzFUL +Wwx1Df1TrhZUec6QQTAxgp3vBOMIVjF253uKAuJ+YEvt0w/ErhTJvMMppZPe7Y07 +l+ieaYfdGDROpy/Ni3IVfn66fwWKBDokH7veWFj0ERSEkfthJ9CzoYi9T0lYGn23 +NmJh6XECgYEA+9BbBorwVwxr/Drflw5d89HJYKcMZyL/Hu5CrTMUaMIFsVFPytEe +WKofR/jpOFCyqQaudJa3RsmevLNOKhDowdSfgXbBce6++2gZCIoltUEMXLm3kcAk +3MRCBF4uzzm27177Qgghp0diw83wgyCOzoUvuY71ud00BEl1a5GGOX0CgYEA63JG +qyNv0934T34x71JetowifV14BwLI4h+hZiRViqXP7/Dn1bjJE4mv7deO5pKv3r4r +yy6Bs3K7DrbvyeIBRljX+k/zWQfp9IdYJiI1trXZeV41ioPTIWZ77SEWVkCxqwq1 +TbladufCW1e4DIW7yn2lPoamxtoCkAMbPaX+ghUCgYEAnnYCIf7iuVSWy5Xcx/kB +hII6oDje5DQwqS00BjwDltypqmjJto6b8x2zK55mXMrjctxCghmp4cDUxFhtUqlr +XzZG3bh2iRS9WAWs4yPUENiLR/qSmwR37fkOtiLyf/MIvF9f67CkRNj2PNNmi428 +cBd97d4ZocmihyQW4QclmR0CgYBpKH4lu8sbjr10C8ITyO9iiw5wfcm5H+ZHEKeO +rlXCejJ4UVnKnCC66Dk6epdppkSEsN1wf1IQqwKfHNfWjGnTWKUGOKVQs3cr7zNQ +vODOvUPnsEsrlZs8BMD+9VM7rONtqHe3wjyEdRjaoUAj36szUpD2bz+X+xE/7xNA +op4czQKBgQDcXa5GuObsOqpCxrVDN8aZWYhGHEqMea7VgWoISEIt7eWICggpi2Sg +l4NZ4qHE5xA2GDyDBlYEa9I6AwgRhHhUxyRv49ECQnDvc0PZFaqSmJ/qGXvWywuH +PKSFNEe0lap4YEj+1JGQNtqo5P0iWfJ/01t2q2xAKHjm/uQ5u4wLgA== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/expired-target/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-target/Intermediate.key new file mode 100644 index 00000000000..db734c20f89 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-target/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA1+Ywq25QTDeXEgujh+tomd+DvuVw7nS4ZCehYM4CSWqE2Ihw +rVPPdpQ4e5Gt7aQdWJ+Z/8Y+XxG+F/HjoAU+EAC3EEwEHOb65HDJAa+9tLx8oo4k +eXJ58Vga17nTPPzMFvAUZ/LlieXPN+sW0ovmIaqD1NiUzz+j9Arh3Dfo6SRCYBQg +nCw7Je+B1FoJqIbXdgwxEpbKJAFqVKjVAGp0WuchOQygtWP+qRGs3cqyMHqUhULK +DP2t79GUVyWT1IPl3ujBlptDUl3hobjckZcVCYBYQgFuKkfK5aG6R+HSesYgs7vp +eWWIlFh/rpYB0+MXkNQGdJKWcfxHNoRqrYVxuQIDAQABAoIBAQDMQCDRPkbHJFxO +nSYzo1lNIXExOz1wyonbbsa0n5D4RcayV7pJsB14sFcTSEoEpZuByVRW7wT4yf9O +BfBz5iHF3/dQeqn1cevwDGeNqeZOQ3eiDdmh79Q/qDuU1V9rtjmahby4bsoLgJde +7pCj1eh89yVLSy7VNv70FQuCXH6DeKT1jUwkXNCtYAXqAiT+T7gPaZKllzV4e4xR +CguewZ7FrdSRTbkzD6y+tSSC5oQLnisakmVRJfddC8Oza1EBfPSV8YidG4Tc66xw +2i6acYy4sGh8wh/PJy56Yeh7GBGFhY3A6Ers2n6TUhER/3+Pk8KSHU0BWRcgV4g/ +354gS5C1AoGBAP6us9LXAb6k/ptHMpo82RR0mos4zKgB42vdflb9vvEEh69H6k2j +P59xakW9Mdnvajjx4W5/QhuQSsyNmUYY6oE7COaPD+yC0vLAsS8vdfyJPVPMPkec +Tmb5QbAAig13OnFV1P6WozYY7TzrCQgHMzPm64QznHEWc+sClpXmi08XAoGBANkE +H6yicyXQtKMb1ZdDZMSyrmnhhyHh9yD+XQQCMbPF5uct4eGz5zCSJh+/7fnZ2vrG +/YULGntw2eGLA8o/KA1+nkf7Ykn/KOwggIOCRtq7D9WDUsySJgrgMGFL76WcUjmm +989P22Q5m9+l1QlLldsGw9wPadzDsPybe+m6XUevAoGBAI9UnMlUzZuQWeXjrNvW +0MjNUsh1f+Axp97luZuVlKcpyH7h90AYVs8R0iBLeMnRDrPblOZN4lOG4kG6kv87 +OIbgRYMUEn8lpTiPL2iBymIEjqohcQ92LT2Qm+JEe21Wo2JzTrq05kekwaceE2gc +PTnBhNxS+4E9hKFHRJ46MD6jAoGAcHQalbJ4SJglgn/h5kgd529Pwb4D8CLPlGE6 +geFBMA7U3+Z+rh4zJpAVAU7LWjTxrBGBPXfLeTu5K46FoD+p2ZRLILG69O0rn3AY +KA1R+fYE9nbeaPMyk2AoscJPpFmkogtLTjnrTbwscW/VPMPWG3Ed/OJf0O32wG8x +fqP7wjECgYBu7DoUo0xY8F/jmBx8Ya6S9mdbwI1+3CQxRxkd3sJdfEsMTIIjgMe3 +iaD9XxVVjKP4tgTUwpfWHdBW3zLSymNzaO7cNSAeAnrNvKPEPMd5WnITbA1z9778 +Hkszn0/mJoiHlxtk/K8ImAsGCn+x04rfkxG8pM6Mg+VuBCdldZrKFg== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/expired-target/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-target/Root.key new file mode 100644 index 00000000000..8662db112f6 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-target/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAqHVEDrW/AoT2onEY/gLMiO6a5sfSQlLid1qJ4Njz2zlNkNjw +6JHWBAj8/7YohHq+aEy+t6U0FI7ejZ5CqYNLzp9v/plA/5BnliJyPW3ifPnkKNbL +SB9VLGjqg3QvxNJ5kQxRTbulbeALJylxwwVzy4EEQ9pcF7SU0PZxctEkD8MxX/Bc +aWIUa6NVLcTWTBAx86tAOlLThAjDV98pJvSYgRj8SPgrLmU1gfoJPb9js/Lm/SM6 +vE4aR/ZcMYLl/qEJzsUMKVU5UunZYobHLMPa2bzwOJeTVCEuaeCgSdgnG+apCnRk +NPftIGGfSNuHqkNBCfvs9K6o6PTye2re3LZSmwIDAQABAoIBABiMLgSuu0zUr1Pw +gyHQqplxm6TxjVQY2+NkkB7xvmc9rG3lDwX06mjgHm3sz26urDxqoogETNiKESg1 +3aTx+wP6+8jv8CbNliqsjlUhRBXOHE9PLYQu/KxiBXpuXd+ihBB86QQYyfx+32Ev +iuJOUxdej46LrUvPBriEkPeYPlcFcA/ZQRC6DuIX3Y8q6Q2KC8qGsZ5kaSdrT9D4 +tJGFcMTHZpIjiQsqXM1mJ0nVGpZxZ8rs4PRSEY3ylmlWcDE/Vadg6XyqVZWcCDnh +uZ0+0sZgnw9jjsT9qyFAauVRX1GWzjF5IcGsSxCrcYKycCdRXOaWnwd+BRH2Wqs5 +GrkeaPECgYEA0cEix3+McKyka05RS7CziAHZDtSTxhOcejIxcM6UoSI6yvUBrCyI +RYFCDMhGu6nmdwiz8wVcpungwMMbRO3BdYxKW7buztl5ir9aJnVqeeRewueVNgvi +YMexUoStORM0j2NeL2FTiWvKcwTCe0xVUV3EWdDEpChEWA5/NzOxr80CgYEAzZlM +nnT7jd47WCBPWNelipDgZXrQtASYe6SDDoxTQJl2QV7X579Yg+0f3m+rry6PFbdM +Ya8/yC6iK2/GpKqX3/7AXMTcaRT6ocr0xup72eBQd5+I+zXKdfPLlJl3XUEXwWYg +XBpozl5eLYyHoNOfOiRSceW/wbzKpFrprDYYlAcCgYBs9nTXyBWvzq+XItcuh7ur +0rHsd1fQ1Q07mWl/nYEud7atCjv1MikUWkJym3PLN0aG3ZmFjGqGNwbPfEtlMlGG +e/uAy3YhNG5kOmVdhy9p5M2pWF519hSCjBo8sLm/5Y8vUcJywI+B2uIPgBB7trq3 +iwteUQpl8JkYWWeSyKLsnQKBgBC6LDWoJt8/+WwOFOaRhPJlHxyihWBgD1ff5pnE +aPGUir5+zOoZ80WogTNDuqAiFZoas6gu7e2HfcIy8eJrzrd2rofdrGEQR+Pp80hL +w4/SZDmXTTnDApneH+4THlcD+L7PZEqaC3Te0KK8EDzRet7sHZkOrC9DAOmmS+Sq +8gz5AoGAAmuNtXb0QA++9fWvEdvn4ibWkDu2bJ6it96G0/9HUExK3Tr1uyDPZ8ZA +pPiPOJvhkFM4EiMoSsDN6WuBGp+uViVz9gvMmUgAKzc8snMtFFvBjmfPeNJM/oFo +WrCtKzqs2t6W4qq0foTFv0wF5Pw5FLiUQinyvBcj+i8vmz4ksog= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/expired-target/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-target/Target.key new file mode 100644 index 00000000000..5224a642ba7 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-target/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEA0boDgZ+eVZ4alY/9G0VR/pE8rBSbCLcO2/IvP4O4Bll7X2d0 +5KE2QLGgMsUT163LPKfoXXO9QIsN8Tz8OKHnoQmUROZ9hs/9zetHkClTlyI/QNTU +c6IXAPyBqVdf1iGSBo5yXvD39ZCqorXGWJyQFG9y9fCKJ/ZOIrI6KUfhP7VpOOHw +boF+nrAO0wGBV5V4BnVmTB4rLdFoR7mUR1WoCKgNZJXmorXOdHSRPyDbBXdrDO20 +bpV90YzQbD8vqw7QqcFOLwIb5TcCYattDi+o1coIHDx1F+BW/AdoiUrjHPSv8eum +s15onS/nCCOjneWkeK7MOZWn4W4xc1GZGbIXhwIDAQABAoIBADKdy0TYijUtsErS +corHYy+mS9dYLcafr6VjwQV6O8rEg+MVq/+V7OsWM4ytRcmy9y8PcyRCz7UpGldT +maftY2LZVgB/BGKqBh5Rn3bqknMSX+O8uf2ibBzf1EdTgBzFA2IztOS3EZEhth0I +8/Lk7l0QPNWglSdp6Ze0HhdicrmWFaZLqJyML1y8u9/ra6jrnuGJm02fpoqnzhcn +7KJVQb7GER2AjwFy6J63j65oVWzVwOKwUf2blxOaM3lQa2wNtYzy8/dpdlK9e3n8 +yNMNtqvjDdtvjGSqWYakjaRWIQJvwuV0t4bIZGZI8zFCamptCL+fV60gbsuv97dU +83HQekkCgYEA/NldfDKilkCFG5WNoqcJDsINiMVid0DAgWERDfbizne2+9FUXrSY +TzXFwAfMrtv+gU34N/evoN56Y2QXfTOK3E8AaE/fCuRITReJ907HP9DFYLGn3fW0 +rsYKAdYyi9eJYnX5pD1vd7ePAFXcBAAUd3Lhc4K77gKOdDsJ9jwcacsCgYEA1FcU +eIDfBb6+KPrxdP7MijOMk2UNf+86rgsXO/jKs5AirYaawFXMaJNYI7ZRJgqScQe5 +UKsuv/FRyhaDU0pr7Q+AMPLPpxGbNKSFNj1qnaj6VP5oomUVfx30I4AyVB9CI3bO +A6JUmMY1IgcUd7TfpH2WMvJgqaKOTicYvD9kgbUCgYAh380ScoYtsv8iLusGu3IP +NBg0Fp2WdGpV6vcp88V2+7rcCbNP7Mnq8r1HeMQHORnjoNp8RQaWerfS0PoEn/8e +fMcFMo4jG2pESb8GDtvKxOFsjuB6cAyAza9Rh6zF515UfpGvWzuvwju6Q8ZyEsCr +MAzcOMuMm3MSR0aSYoM7+QKBgH1LUOH2MSNDtRObV4TQoMLfvhBvLXMTJ43xL2mM +2Zbw8vVvmrrpJa+DWhvghaury1N02k2WZQSPkdJsTFuGa367icnYTN1pTyrV9WDX +BqU3Q1eJsxY4DWIvu5KDH69xrmYcwV11mPN46XtFsDcefGSkUk+Ho7AVImFNQpQ5 +18WNAoGALsz7V4ugxAJXn/PJNtwwIZHorc3d4dXOU12VE/Va6dMyzTVt9Mds/XSD +VtGGP38SI7Zh74R4O2qHUQ5UvC3UXMeK+Pam7bgFrAMuyLvLfEEMwUK0L9Pto7cQ +lSYs8uM9lrW/u7vc9DBlrEa1YQvT9qbHNU+00D1JZcVhLFY6roU= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/expired-unconstrained-root/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-unconstrained-root/Intermediate.key new file mode 100644 index 00000000000..2a9120796b5 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-unconstrained-root/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAuOrcz+eBPMGZcL1xTJOUM0m+h78oK9BsOJBmfTfVo/FcoaVB +NQtcp7yPrLMJ72Jon2A+nkzLf6S/Sg+nslqT7LgUMD/ZhritMYq/IKvHQNwoWz7c +ObIARDQB1oETp+bR2NNoIpXuv73k0Z8I3an/Zf+Bamgd7tPVxHaFVENzv/A8wWa7 +pOsiHoEp3U9BwqRzY0MkYO/i8K7mpiXIqe4bf6u+ccv3FcsttKdWSys1CJsScBUz +U8qntJc3NNP31fgZVANQtPVHGvEQA7VUZMGctW0UClooJEsRtv5wwg+Ags2UWRb/ +dYvakT1fFpVNYXdnKDc7bqakiDMBEqAQ/FlJ0wIDAQABAoIBADsvcN1aS5MWo/Xh +rJHF6nk/8Suhk0nyu7CfBy6s4ERIzE0wh15i9JT7VUEBTPzBkprwQxqHmdqQ8GjT ++eir9QyfHlcTGJx2H3jr36ClWnD4BjKuO+57enpZ6vys842Z4zBy+bGYK4JTVRmC +vWO1NXl//fwAtxPp2VG4XZRKwpF716ZsbyjTT1mWPPW/GIx5+mOU9ziHqfufTI14 +eCsKgFSFwpOEN42JS3uoSZMZ8YhmXq/ebe8kJEmyzFJZy7V3nXXzp6QwKoI+BlNo +Ab18eXRR+cAkh5lOT/LjJd9/Q8ReQWGMBg4Jko8DzcnXgNSmQR8s+Agc0bbRxt1k +N8X6xYECgYEA3nW+63NXvvsKGYAYB5qu3PyJlkV+g6wOD6mJwjt6uyrcdLP6IM+o +WNhs5zq1yZy3etZtLqbnsZSTf2X5fX1dnwWoCL6EbFKXnqmg0v63p003yA755z/w +bvSO0iSt3DEUmoZQHRZzYzd6TXaPyi4Vfp1j72UTkGL5hxUulESD4n8CgYEA1MwY +Bpwp11zOdyAk5Hx7EaWcIfUu8wxG6lulIk/0s7lMwrI3PiL6GubsEQADUy3kSWpv +nKArK3XY4VZ98XhkWh24dGOAff/lvOd5+8QuY7mxHz00Bx5G/umlzEaeVMy37eoL +uNns6d6p6v193UR61STq1jojQ41C4LZsvNZ1xq0CgYEAnnfoCdd/cSdpOWMbOweA +eyFWbXqRtgBxf8y4umkec4gDxQqUKp1ige+iHFGhP75ooZNv8WSp9cEuFPmycSdF +8srXuWrl8Dghk7+oNcWHVCFYlCW+9XGBt7h0qNPCGfHIiI8XMLFWfx38/INxyIdt +fmVl1Bn/hsJKmGSJassn28cCgYEAn0v5YFle6R1MYdjqRTD6YAd9jd4hO0ihfacF +Q15fbHr2f3kx6Y39dE4RwdgkpQvhrSPEUZeFOY+Kv4Uj2rOpS9ybzGUAN1JtBLCz +nEkMARNtCFmkrP95XjJCL11eAVUPC0b9Z2+b7qcExCjnI9CzswNj2OLEqzkAK3/k +fqh8mjECgYBZ3Qan4Q7g7rmOZNzPOC8w+1MHa9BL7UpAtPQmrEaLCXCyCYi1O7s9 +VIZxYIanyrtlFKVo/82MARLXYTFIdXOtJu6VeNvBYFhHPCSaTrJCcYGAJn8JNFHO +iLY+A+p4YACKiNXdVP9qFK5s3Txu7WKm3mHOpi0rKU6a23At79S7SA== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/expired-unconstrained-root/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-unconstrained-root/Root.key new file mode 100644 index 00000000000..c35b3c47faa --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-unconstrained-root/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAqZHgsMyu9CrBMhfPz8jxGdiC0K7kIks7lK9K7no2KWAYOY/y +UdccoBgp8ZjLjfrgCdYNf3QIy1guD4scnQUxiuJBthgPmO5weNMrUNSHp/Y2a3FA +N5epND+hQDf341u8TyG2gO/Jy+iU2vrQIzPm4X9XclnGyn+TL1xe2ahVjvKgRXcD +KWtV9jjC+kK8mnNKWyonWt2rwGjQs1Fb57hOAo8JNTE2k1KjvWlfWPTeP0RKjeqa +CI8e9lyx2yELBwqPm9HUf8sFltUEsdJe2RNqM1vUmAUcwDMHp4R8aspdZV7qGGzv +TNZlpsEHuxF4w/uRvjYJCJhCm2/rrYDgFBMRhQIDAQABAoIBAEDbrjCRqZ10uP6b +Av574lQ7bxW4v0OquPhO7/81OYAr5DgoKcxJ1gYaF/jzs2/z9Dtu5yzHyhFVAhEp +6WDZurBfiDjJDTY2hUiBpMC++cAxuXDxGVnqJWr5p4izn5oT3Xv67h51GR9oL39u +javZT0cS+PShCBsuHrLvxsvDyi3pWf/xSH4QqFx4SIJNaW+8bxN7mOnEYP/SZqov +/970EBnWK2Hkgao6oMDE/cp1sDRoDOPlXQC24+FLjpszXWQw7//r0UeeTbcwG9qA +hMpbbgGmD8xRHuMtgSK8yWrS5F1tKXE1iWVsd38JNgsD/9Ph95giFYDWNnQkwBRQ +VmplI6UCgYEA2b3RgbVGqZi/+fBeR87eYPmG9kpwkJVama+c8AjPff5TL1W5DXH7 +kfzaMF1n0h3vvDwy8JdYHrshdYvp0MaaLtt9cSwaX+1yVva898JClm3LinzyOxEE +60rAg6TXukbl0XUaeiTLRO3OxWkqsMWVKzIJNjXQ9cdAOmonxxa2yTMCgYEAx11C +3h6ZyZJq7+wflwwBGJCJhfVB8y8GLswpZW/wjZ1zfLus3MNMmgFKIVV9G+CJ7JJ2 +gZ9WD8iHZGV//yffzlWRlHxutgHO5sW2DfmYW56M+dx7O24KOwnkDE3DLVqcHd+O +cMFThAj+89qeFt36HHbQRSouXO43WYFa2MPjamcCgYApiXJsAf7G36LPtTDnFemK +Kk+6sBylGDi+VKflimi6qkeIIhw5GmNZSBj/XPIvPRK8n+c/yj8/LYeGevhRoXFM +OwbFDhrB7fP/7vXBdcdqFuvbMVasOeTsVcg/1LRqjpfMy0APyPEV5x+ovRUtv6Nj +KBplwwJnwGjaO+H2sriPzQKBgQCiaPJJWupzkIj3TQdrGIdoCI9QBr2kK4HA6+cp +UKjJ5SOo0IcBDUTBDR3jy+3woNobVDGgZTpJ/1V0z08XgNdNEt5W9YuHUC/KRfSK +q/OXZ7F290uY3YsOD3+tGkhPEUqu92jlqEit/locM9On00umlpASWEuOvy1uB/gH +MIV6LwKBgFMqHo1bzlwgjv9odFzgnnp0Ix1IsCsyP8ARqLG65e3UMS55EFHOCJaD +D8eKjBC6g05x5Ob/8UtiaKJQmDn3wfNd6S8orxUqn83sznryJEAJTrNcZYwtvQK4 +hoGnDHHalBur+O0M8erDO1iJ1QLtsI2C+YFQu+9niY6KP9cwjAxK +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/expired-unconstrained-root/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-unconstrained-root/Target.key new file mode 100644 index 00000000000..73226c01631 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-unconstrained-root/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAyHyXsw35Vkv5bKNLBfPWNKr5O7lZfwJ7ibXQm744yeZiDnk4 +x6q8LAtrPrUiuoojL+7Ei1pZp55NoLuiE2Ge1rAfNHS2vP/97pUAWzpx4cFciV/0 +cGDxyhwtM0kDonihtJbx72q6A3eJvGQ0mbEgVBh4W9eYycLS8cZkLxgvuOfnJXiR +elk0yi/iyUditv8NORED9Zfl/TMUUk/MRm6xjFIA+92+593+k0kVrpiGv+oTyisp +Sharg08m5b3oI0BVqaOq9AxWVBOg8d07a9F7K6hGNzr6ayyUDhcKG/D6Nx/hFHTY +UEP2hpyZuwNuRh7kZPVPT2e49ozCXp3vwQ+swwIDAQABAoIBAH8wk+jzX5CA6H8k +ZU8kb2vAYBeksgNips8pumtj1ZE5CFJYU05QocprgCErNxoS0tnw513k9uXhByyG +fP9Auk1HNLTJqrjiys1WWACIZoErc7JvXpsA1cQ79e0IUDb9wtDXxir2kYXri0Uq +aThr56+SSqExeOvfHoZmL161QGlUDPVTVUdfS7JvOKzLoDm1rtzs/wmIbEt+Dv6i +vQ8APg28NGc1PvuetxFMT+RdS/5ItFOMnZFUeyj3gz6OuBexDFHmNHNi4J4YUsSX +4iRomFncDjGy5ctTr4Vntp+Meoi3b2Sk+dJis0Vu0Kl6Bz4DSOnaGJNFTeY/z/0j +bW1otOECgYEA/CfipdEFTC9c/ruHh7aEXd5/X9fcXiR8c7933vCCSfGzed9ammSW ++1JG++Knls/H1w0v+/7BSM5Q6UKSn0ipDNvjju+Y3OVMQGvKDxT355ljZgVBJOKU +y8sS0GHCBn0NOYByKqHOkacxbVIebT20crhS5VhqM/W0glpOXPz/6nMCgYEAy4sN +hXvSeHCXepYIO9wI+CdC6718WJPttpG2UQkSrYaecNNkE//4QEdC+oHq432axiRP +/50s56CA+fNGbx5gEOu7pkGfD75i4qn0kS/jcRzSueYM4B3SvrrUOTCizm5hyXLe +r7rIPF0FFe8Zkflrbf3RVfBta50ReV2jPZ5GEHECgYBl4ffB5+KsFbcNddgdDbIN ++4ibwSxZHYTrf8F/Ys5B8lcCNyz0lRAsG+Jyg/ITDYFBcyKgPx75u+MVXMDBeypS +98XKSyUIm91jaioKTf6cpW10G0tnC+XzMeo4KEetN3nQcgWvFBHS6CsgcL26heQT +NkbIRCElPXHh+XsQN2lv4QKBgQC4LPGmOB2BN7gJh1qZ94byLGyEbWfnqqstSPok +p0YMWERjqRPkePiECTdU/1uwT0ZORitRC0LHsFckVHoGMAETLosUbEpmb4qAuPKA +sUlnX4JaDgzWeoXoaZuAyD549i5rnxJbBnMLE8x3RWvoxzzrQQE7dxs7hdt66zy7 +k8yoMQKBgQDmQSU9/MGG7ocSI4LmZRWG5QPT6TnL2KDpMp7gWWvBHIeMfeo8e73P +Q/c98fdRNnM87KlBZcRAL9pFxeJP1U8PLtXeKbZBe19joFsbJ1nURZgEh4MEoCzz +MDwnAqeG6/PpT77sg8P8wCXrk0ErHe42upqcmEBhtWa7OTcVsWit3A== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/expired-unconstrained-root/expired-unconstrained-root_Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-unconstrained-root/expired-unconstrained-root_Root.key new file mode 100644 index 00000000000..bdb14f7e330 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-unconstrained-root/expired-unconstrained-root_Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAxsUlVMX1wkKr3CKwUQso+cIMSC1nW/PE5DClRKoMBAu7LBh+ +QBKul7/2G4drCaabSEtJi+3lepRb/simQMfzzE86AV8TutgzM4l/qkQb3ZxK+HRi +T0iRRXRek5dm+/54Rg0j+rQYxy98ElMB1u7h2AaluFtub4xxKOzdRd+2UUpVnrDz +CZO8wQzH8xV4kkfDYfxB579i8pQtRoZ/zUykCdCvsw0xjVVIhsc/1mUGACwwchuA +gH2gNct21UHwTuUDNJ8qJEov3EcxcdohMZSkaVwRnDXLUv6HMgPDX+4rCCJlN9Nc +iSpoQ5XxO8/FhSaZD1NOEb2kgD6LNSCB7BQiVQIDAQABAoIBAGeIWKGHWzMMNyg6 +iUwtW/J7uJn/zE6A8pVJIUxapleVJLEbMOd+06IHQtGj/4TPWyKU1IImL9lhXWmg +abhkbgCFY9lDBKvV4RV/ERhG0Zzkw8gWFv7k9YYPzxNhUSsAqPUT8yGqnR1jBmUl +B1hEpS44iCk2tpczt91xQvAaToSYH0xqUDGaoNm5iSuysgxfh22m2xFxbD0xDoFx +GHF5OLIPQWR827oQeGatzAXFIefosxXScQHhfiqBSFeUZ9LxLJJt3cROL/ORJ0oN +KrHrw4MDmiyCgzNEs3HV6M80tTnkRYAuNCBG6GLm4+qdC8428rWLx+8rAOxqGtqK +UKIt5gECgYEA+P67CyPGr3rDT8G754oCuNwjLPbVf0to9j8PFnZp6pikd1LKIPbd +gmYf6ctGpUh1HdTZWHo5ErLFI7VBCBcG/12YAlHwBMO5HTOzrc9SbDImVoo5Fn40 +AlLb1TuZ0Xmjy9GTlCQZzfKLa+j6FgRHIqfyr4UXz6IRPjD6tLIQc5ECgYEAzFyx +mLwF6LRrpSZm16ddjPlKtSBWFAUFkfacWr3D3trDzW+xonHHfT1YTVE+mQPzGwZU +Kelzh1zAeAQCl2jQ4TIVIgu88t39xNhOAxRWGOhDQDLzDJ753W+N9mIF9nRyATfI +9bPgPdmn5bmKGnNaciuiJzJVMncFtZz6Ge1KmIUCgYAZLJf4nlteLolErQ+0by2r +RwZ/a01Wm2c3TlTWLo6y20/1iHdLMepfXrfnSVgRKew9YeG/okvW6iAoZhD3Imzg +sLPHuEUOFkPHAg0ui4GH0uIxabQv4/6aJYp4WphIp4W5+6xyE9xQCC+0b0+pnjEa +/eP5fvlTUs1vfkA6uK4VIQKBgQDEY3+4C1iSXG/l8ZV7QLdCNn94uG6AJqNHtfpj +qWGF1C2+SswmE7llvYISKzVAzu7c1aQj8ti3CIddzly/LFcvUnXElgsqSfMJK+Us +SGrE3M9j7pJrWos8JWwDjge05Ap66SUSGZ4xUe1rcnYpHRmaBhx6FoCRUpgGA6jF +Kag6EQKBgQDCNt7OGaTa4tXM18NVHimtnaNeWZKp5VLKTcOAvc8uqiFjdC33MGJy +2WiWkR9ZVEFhRCr5xOI4HGdwmULgMtwjVj21eu9oz8U0BvPejNMOdNlEjLfEOksJ +ZufkyF5TP2PaGe/89mITvhVaI0v7b6kbL6M9yeFbq1qIDPrq2YNrdw== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/expired-unconstrained-root/expired-unconstrained-root_Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-unconstrained-root/expired-unconstrained-root_Target.key new file mode 100644 index 00000000000..060a7e69f31 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/expired-unconstrained-root/expired-unconstrained-root_Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAzaPp5MQEjjqcrkJw7j/PVJzMjHoLX0jIWKhQSKzPuhrAhy+U +vCPmsSvI97Tmuc/s/5d95BzogrEJ81NFmgqk0aWi3sMJNRUPRDh6zHAkT/oZzgzd +Xiu875jZXPcEQWCMXCaWnwdPGr9dTjxBSG/vUDNDgH5AXlw/LFCSAyidwXHheitu +NB3lrDjSTWhWrMMHdWW90U0ckwKZMu4SkPKEvLsfmO5TI88XbbFi6ITsZ+cQBzCk +NN0hoYqmPPs2YJMZ0KI3L/ph8AfPtkMWiF4Rww088Dq137neo1ZFYsg/CYixjn16 +njuFTVryUHFubLlvG/DViXQG+9gTaxmdklTDQQIDAQABAoIBAFj0tTMu0EGufSSs +vSlzFP8nLRz/lnfLhk9D0CcACoQZGnvgS1jvttWheTgeW0i5923BXMYW80XFy+Yk +eZFfVVkTa9ctS4hY6de7DvPs9uhZ6lvGGOSpyvtihXS/rmmRmGYsky+L+944Neao +Dh2FvmJVKrgk5TdsdC95UxBmu4d4M2nERTS/8MDxJCOqqjDL+ZLeAxgJX4rLzdKg +z26Cx4rpVwJfvvws34hamrLyNdM4gpZU6UVDrk4crFR3cEnHw6EhcjkWK+hd68U2 +mMnb4tY1Ls2+EWMA2VtjP8072/7/E9131SXblLW2uIk9z5000yJYQ+W0nj/K4LPi +pQ3GKlkCgYEA6E9dMsT3KdqWDtdnbEVGU1yHsvFzRdKyFTlffB8nRAhHct+PR6Kt +2fS3MwkVbwRE/mCQbosRpVf1S+YxO7M55rkC9A+XrVspIs+gQf/IH1A1omv+HxVn +D8ARgI4+8aVPf2hCyNXFC5veWlr97WZqCC8+2/nHAQi8okAGEh9HUXMCgYEA4pxQ +uYUHla+zuulKh4NDCOGNrQ1uGNAkFRnObdoR/j88FjumJx5qVNlhUWVqB1q5+2lV +t0KONkC1BqzK6Vi8rd+3gShdUIZCx9FuKtaGxTnBJVprhETpkcnszlyMisBkTBi5 +IHBzM44Fpf3hznmCvlMCpYKrBNzBwHZyTABAm3sCgYBsC+WL5GIUfE7IjlTS3ZFs +2h9fEb+MXQdoqauIXjD0Cmm4utO3/KihM5k1SmdGoBS6vwzN7S6C2VsENwb0/lHS +xn/iJZJlFX4Xa7vclmtsbPDVHyctK9YoVCuPwBj0aO+FkWdmY05nLNKI8cMidDyi +m96/jveIupiJWf+41AVmkwKBgQDBOBd8l/lHoHDXRmPN+BYIVInArFrbvV2GwGJL +OE1vQ+uv6VxaroxrnI5mINqvOqSpwb7ca1tm1vWDo4HARXFbsA1/izNFnbUDO4d7 +7z8qm3wcpWRXe4rMTCgmLLOI+1KJr+rpxff0VXxrdHY8306jiZQQG8JGexSZTmVW +eECeUQKBgAyX3/PAn9i0MIuv6azCAoIOqpHJGD5+Mq7ZvERMMskSlmOCvE8m1u7C +I5wYTt2p5q7ZMJdc31tb1JPeT3G9fm1uVuw0v7kFYVeXHtuzLoceB0ljX7QonLjc +WZZdTMJVI3TgNvyLXn87uTSX6mJ7WiPT4LaAz0gPMH3reO6+wVul +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/incorrect-trust-anchor/BogusRoot.key b/chromium/net/data/verify_certificate_chain_unittest/keys/incorrect-trust-anchor/BogusRoot.key new file mode 100644 index 00000000000..7020d305d82 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/incorrect-trust-anchor/BogusRoot.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAuMgv3DC1PmUCMf521c8YSRiamWMC6h+c/DQFBPXclBVIDAvA +GLkPpaCPZicCC6kzD6gn12HXd37Vq9vUoDLQQJtmkVvsB99nExRxHyGY2ImuFd1o +Bz07Ylw0+Og52iojAWoJp5GhwZSrukJ/JCBXyGcq1s8ke7YUrWlhxVBra9J3DAxu +MN8r6MTeiamUv41wTu7hXQ8RD4BxPWeQWcXH1otqKX2KQ3qYDXWD2zwJJxkSd5ks +K6KU3H14QeJKmjH0+ovv09NC3R2lvl0vHJwzT33IvRLrGM3ggNV6Gi2T/B9ZjnL4 +5SHh8v63asHhOSAmYJj9AvBbom0TxxUgm+/VMQIDAQABAoIBAAHSR1Z+TGsPB9SC +U52L6wtdaLi2VyMDqMJ7qMkBu2jiRNGJlB0qRdM2H/O70rNWuaAf4jSnTD5rS6Pk +CNaDabYZUguAwnTZaOSxQOQzqpQH12Vzx0C7A8jWa9dAQsG5xJqQ9wNl1hhYZNDz +MtmiT/szuSJg7FUj2FRVQ5d0UXrAlgZa9jJc+1ARYz5e34QLKwiYvxTO6/MSVJv0 +Niqzu1/xB1GRH38slTHgTHAz29mTYTyiKnyV7OmNjsML8f14Ftd8io9bmXoBHw2H +8eDxzRQWPNovUmVZG+G8Un+NwPNhpkfQ7mP46eqexyN3cNECk2fRI/vZArLtxyO6 +VhzHvNkCgYEA9QGLiNe1WEgTsowBXVVQvQaxtCW+nmvZIOAnvglnB3mJak2y4V4h +3v24pgrBjhdWiJzKWCaVWAbpFxaMXDbrIewCqTWVD+QcpfKNjNzZPivvW1ao6WRJ +Ntk+rXJT0FipAlXYLvu3ZvDBke1Dd2GSAt8vZFyaKSFulgJvBLSCV/cCgYEAwRLU +sIN+wpFbDfgQFo5snsTCdLlLZGAsl5UyTMzX++95LZd0pAXPdk3CSjKjrGzLujI6 +LH1b5qahun17kE3YiLku54y+Q8YK4jZpoE+9ZoVQPBfhdFy9PYfOL8apN7JIgXBl +msrIDDvSPsFs3WDpHpguO4cITw93ujMGEr5GAhcCgYEA8dUElZ3VMb5zMtlev3Fm +sC3bWaWn8VciioC2ua0uNQKR0IvA9RKk/CYUDFCxnD8M+utIDpqG7sxjZparFJpg +nKsINVzeNUFDxckUTuXuyJ81M0LmlviWC72DUFB4yj25FMUHDdkHvmQFrLQ007FL +HeqOLNH6mH6XWRot2scRoSECgYEAuR3I94TcYMjlOLuDEV11H7UfjLKsao0btCrE +k4ZD/7ZXxTLWDv3TMGbVxjZPX97gZqIJzOZU2w0hO6Fce7tnxY9oPXJgarLTdJkf +JSnPOyDPEQ8Eh4DzoK85Le2YCWLSyehuQr/ylmg06R6jto5YdZELot+RQ9xcuxZ4 +2De+//kCgYAHsqUCeb6TG9tjEopnoEpx2ZYFbo5hCshfOcAuyRaco98oAVFc2Mbl +c926rVcOPe1Byh/SeV5HmQ9CraguHSVkxc0xvKvreAcYGW91ECDz+ZtlDIlreQU2 +sQVzkzMz1aJw4n7+vurnTSuZt9+Mcy9C09S+0XiN1ZBGCUXI3CgJnw== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/incorrect-trust-anchor/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/incorrect-trust-anchor/Intermediate.key new file mode 100644 index 00000000000..726b1ea6c5e --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/incorrect-trust-anchor/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA5ECstfPHsNzKB4W0+l8NKKQNiBLLBaNPu30BiN4Ms7kMzD+0 +bp/WtqcqawPFvDsQF2n9KVzT/Tj+tl6yBI8Qk5Kq23YHomAPPge7jfHKyPM4aWE4 +QU5pLXDC7a+FgZncjmUDRTKbAZV81cCQvfQIpURL5aLn/hfk8z1ZNY5tO3BNuEms +Y/8+1HE26StQyVy8u7DGG8QKAeyuP7e9EFcIXuyKB87l2kYl6MoK4MLMDUSE2wyI +1Q9lvOppELrck+80+S/Hm8VJJ3Kco/1AnEnjWXwkzJmaAbYN+0HLNoBBiMd1n9UB +b2PV9XWFzSY+pv6Nqe+osASLfonzX3U6VmnHBwIDAQABAoIBAQDRJV3cH3Nj4PuR +5vdMz1nMWn43qBi1os4FWubUFbsH11EdumXHU9i3ZvdcNYmzD1+QRML/apqoldf3 +HU/7E2g6AJNkIoOeSmzNBuLZjqukdBDFppqYZJPFWmSSzFkFxwksxOw5NMSJsANC +DX/TPk/Jt4nf8eSnlBdqtlUO2OHIKkVYOHUXYEtachJz9Mdsk2ZzbjX9KYSbMuT/ +NW3aT1ZJ7+VSz/NxE73AI5jUW0EqWpvOMG1MmBzHkbQf7C+oO2UXFZr9MRZiF7Fg +tiH6fhUJBq87ZbXWipGeNo7XnJWtrlbh3stndfhUAVLcsgu0ilzUp/YV3wceYEaA +BOGZw53RAoGBAPQ8FXunISScEmgHpkrBJjCbTb2d9O5+aBlvi19vBk9ropsngC/C +n5PyHdL58sMpPH4uRQ13fV/vvtxaoNfaoVNQ7mRNAWjaIWqDAr8/b6wxK3r1tO4e +CUbb1aarnJBCaFVymJPz1ZNL017X8IlgK1fIhROHdpmK8llNp/Wx1vTJAoGBAO8/ +f70bkccudhJtwXWHzFVir+gmgQW1oLmerovIb7vJ0kbjUf0ODKzQDn17svVjlSLq +B5Zji6F58ebeJbfRF38X+VnH2AD6PAGpGpYG+06leZeA9G5QGXNdB/t4vnzXs/Hv +QLX6lqnsEw0IwZkhKj9YKyZQ1MrtCLE/FzzhodVPAoGBAPKizmTuAMsyEkcvclFJ +2froDy+VwUM+aYT7f+brkcVNFVo2v+6y135PRrnWfwrL6MEijo92aiPpNiAMGUbY +ePUgrfUPW5sjOZdrWEtPZk4W+y9I8tqtFGJE+9h9HSlkD+rz0gkKcN/IsNDEjr6r +v+OR3kMsjPK1S1bVA0vfxcGhAoGAMrPxXWF3XpABI9yw0DisXDgi8X8fftdELbJs +aWFcFJ8r+iv41zlgBEu/lmZdwdWN6K1SWFPWZq1ST8wqkC823I93H8jThTmC+BMf +eEYYgk1dXHdO1gYRrro7k9a9//UyxIYg37Awt+g5DV0aslot+uizlFYzEqJzYiTt +xtBGnM8CgYEAyW13ewnz6UwCriBkaqxNda3lo7dK+uV5TGG+5TQpP+dUe4UfHLGt +Tsnn9Xvzp+0SmwMM4MNsWehPVMqV95E4JscYEfgvyEVBRlvd+aLMYa5+vp7Z/jSX +uZMtBCfSHsS3MQsOjxHC6vyRZHmk3yWAP4ea0X5nFj64WaSelyjXUlQ= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/incorrect-trust-anchor/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/incorrect-trust-anchor/Root.key new file mode 100644 index 00000000000..94e442a3729 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/incorrect-trust-anchor/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA6vikfz365oAynxvTIaGfnMdOEqLXFSCKUOSj36Bgx3C0WePQ +RzpjQ1LeexmdrgT/uIX34o7ArEOPzCTxcjZajev9AtUMIcElbKbu6vChc87kLCBe +PtE70Hsw4OzLxalKEJPx0kHHI6GqDPfCuJljDtHRrccnThd121lNQ//eKcuhLHs1 +QVLqXw82S5LPcSsmgUK+thdefHNVCUS2ILgtHCUJkrfYM+nc5vPZCQNBCMbgatlY +gw3eJQdVQC1cYxhUa/bGv1o+How9DWbaiMfO8R0Y/BtjaUxnOD5FjusnIE/xnzxF +ItFLSKNHP8RZsnCD2LPoas4tbUmSHfYuBZH+PQIDAQABAoIBAQDIO6qyY/bzhjud +KvD4r+p8h7sYVnxDHL/Bv5WGc/0E+B44m9JZYIBGVtAQxvt/1/KzJDbhchTut4RK +yxCV64uvdXLefv8fpKBnvrnKq9RqA9ydXdfyYAtA1joI8sGTZ3geOHTSYAt7acCn +3FqrRMsNTfAIzrXH7mYYzjjxwZFouuREHlVMzbxcA57GsyeaELkJNtsMjvyZiWBx +dDaRrdgEk/sdEAMdrCkujrt4g/xn5QLYRXbH3dsYBkjPYKe3/IuhfVlo866plREJ +7cvbLTa0RX5rhTNiBPmNq46FZJLZwpbTQ4Dx+kObTYFBssrWXJrWCzRtIVXOBi9x +SdKUs3thAoGBAPmGHGm/M2mjdcbe/XJYRWQHCVInaaEPnQ8lUfn1ZpWxyFdXD/FV +Hx94ohxPYd2BVELqAh6UaIJ6VzeAj2PnlxIUa1wAR8tUz/niZdW2SbKclPInTIua +gWWo6pa2gNvam9f2BRpIM+k+yaX7T4FWqv/vWMl/W6IIq8YBIJ1Bb1lDAoGBAPER +10oLoBDg224hSgM6vkmZ3zGl6zH2i7Y8vnEvzxu/+HBwxxumgV3am+nMFBKwQYl0 +69b4Mh/UVwB+7DsJjHbA+BivPlhlwNWQJdi9QVaX81Qdgokm8scYH3G/SArP9vxC +vwOXRa1VymP+btjUdU91vcqAakezjPoZth7o2hJ/AoGBAO3CU2qTzLp5De2sZxXA +dIZGiiQk9+qHRSG8butdYR18ZKiMhd1wPZKwUM/m+BqndBG6hsB6q0bAqkBxmLAa +aYHJwS7N+ZsOuomhp2VHJ9wwhWBj//T6CRhEJxvq1Mgo+tyCSQRtDkHPGTe2SmC0 +o4Xxm8mMOFUiLAMk6d3ODvqfAoGAads1uFQGg6LZeDCx+V0QNe2Vbo23C4eBrhJa +ZgViYoMXqvg61k91OytFj5KHtfUjsiJfdVQjXoq1cYhKX1pADd2Kk/xP2i1EUgMs +O1JPoKC0vtj+ew9ZSEe1dxNRpT3Q7NC6Y+9HL2geqW4OarRQlwXSw1tEUBvt6dzk +dgo1yC0CgYADV4MP479pDaG/2YyjJHp5EWMhE+EjUy6TFKntWCz9qkR7NFiWWMQ4 +qp2FFFIw5ARPcpdEwi+lao79f04KFVMSQJY4FTd6qTYeUxHc9tJaE3MGYChIcSw9 +TJrUQUGq6UdB1OJq4Vt5kjPm+5sdGaBdmuyHdDveaDIzwMwB3KOFcw== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/incorrect-trust-anchor/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/incorrect-trust-anchor/Target.key new file mode 100644 index 00000000000..c280e8a9be9 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/incorrect-trust-anchor/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAs9jhyNbO7Tu3ilsXwp4MBPROuq0bz8Bjt8kB6Xoo1NgLcTav +AvZE/M5ehFD7X++guLV3YsBsn49PZFJnBAvTkjGlefONEQMDosDa74+1aPhV8Kyb +BTrf6ns7BvLe47LFJz65OZDAJw3ebKKO5C75lRM33yASKK6CXpE6y3WuVfsH1kBI +zW+cPgcPSNGPutv6snzOKRDga0g2gNtMEBmhKPvgtU+yiUC3a5qvoZuwUgMjFvsP +XcbJ8pgIxQeFdjBXRr6FRu0UdGAAYc73iGJsC6JBnFonP+UpnDZzowSLq3QtHvWW +97TCUXepnO+s/byqz7qYz2wb/OkgjNwXRUkSRQIDAQABAoIBAQCrPRW95Mmhl/pq +AdHdvB41mWhc1fZlGQnZM8peQ7Ic9pfuc+KvL00AaH4V/gVakw600BOcMxs50XoG +S29KqvgHer3UH9FxIS2VCYtsDajtCYbKYY44rJYG7M6HDziqFM0jUNWLugc7KDlf +tmfXW+LHzkSkbiTcF0yKPj18+8/CjGk1cOfByDQmAdTCA7yIhJPKZ2/aAFtpTCVe +pTqCD+J4AqIqnR1At6DHTehjFTk+E43h+3hX8fWnJPPaNFNKnLidEXLoJb+iC1fS +/djeLoKwiu/hIzTUSItP/3ArJz7Y+dU1M61/HGaVc8RLWSy+Ci76EOUSjWvzkP7F +hj30bJUBAoGBAN+ZXCPIFekf3G7QTDO0ENn03/V7F9hMbJJMv2xudWaJzcAxzZun +auxoZsYfcTKJAPVIhr+LVq9DZPSnJ7XR69I0yfEAg5beFUTNEg8N6jcJze+YZnWJ +bhaeO514Kr98SzHBCZsy2Yey49EzMi6k3tznIVE8BQDxruWqTo8Z92RzAoGBAM3o +gEAen1IKxyLzCbKfVrIjxQrSy+oEcHSA/yagBgP54Am/YC+0EDUXwPnZWNlXRAiQ +tqHsyIhVSx+sSB/9muPhmjENVaKTnwp9BKu2CpU9o1m2J5d9wxaRO/OpkrukSzA2 +PPkykUs4EcU/3yJavdlxqGFsmULzFYbvqRY8/7hnAoGAfqY+I2JUzswmLno7f1mx +5dKm/EOxuOlo4eEo2AEk7GSHryJGhLDqhmeINxZeJrKlYUmoUVxaSEGTMGRxwLHb +siAGdkTFRDIct/C0FuTZ0jzycZDQECk8uwD7YXFMPVPov5DIoSjHP+6azccC2Jq4 +RUWBgKLPbr52Q04Y20No9nMCgYAgAZLl5JypOQmpMhQA0um7+Plo7ElMD/KW+XIv +w9ILjiy39ypxX9DhH9ccPx+jcQAfQLdSxiaJopBx1OrFJjuMToYUN9lm0wF2tOYj +9sEAX7tjd4AB+Ud424xxHJu1VR1m2hdyON0Czy1b9sitY2N9SEB/HE1abcSb2+bx +kPvC4wKBgAdO73Q3hIopDET07tWHyot3egIF8v0U8E+L9C9l1N5C4ncnDvjrEA75 +a2HRRhW30qU0tqK4g41Ga30FJh3JlmcKz+PpmvJEXDYHWxz+i0qj5/M4GZ2EidcR +24AsLr+5PsFF66aFDoP7tu55jPaTZwawnAHCzPEgOX1JDbDudsKj +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-basic-constraints-ca-false/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-basic-constraints-ca-false/Intermediate.key new file mode 100644 index 00000000000..db706599efc --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-basic-constraints-ca-false/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwgJ4weegt2OHUuTUEXE+y2Wc2S/LSDCOYimuySI2pmfS6hBY +0oKrvB6jEmRu/XmvLmzAi/02aOrgCglTmYl1kmETrKrZ4vGsk3KUZZmeUp2PbR6x +PoP7+sTdtLPSC7v4IRCpUY6etMioY3lQYgNZP1MZAnyk2UXdB7d2iaysb7EdqoxK +5UCiBTIvuqipivPr8PPZnpfmiULdlWfeM2IsEFkLtt6aPlQQuKSpMwVN/OqLVjgq +EYjNdR906k6tPO/a1AByVxwW0yC2mcx/qlj6SOjpqb0ALofOOZscFyOsKFV3gees +9tZtdyf756AicliDTRoavrYAjtERx3Eokwl0ewIDAQABAoIBAQCs98Ert1OdTLnw +WJ0Nc/Z1JoHBTJAjK082C02OetdYYsYy8iIOhHuR+4qNskcV67AYZtL/u+APiB/4 +Mrp674eH2s7MqYIaiDbBOm09a8kwhNLDiZKiVs+Hko7LNWq2FX6yFAWw9cNfEGq4 +TQcyayPdhjuM8Q2TvGrEH3gqZG1UIXlD5Hi5ZQ1AhtzHHFnJ8ws2vUrL1HYaQsOY +lMpW5YtGq5Jja/2ptVD9PS4MAr6AeWa5SrtY/fiom1A2n14unybN7H3X8poQFqrr +ZEmrGml81BniLtn3gUiW7Xx/eO3T+sxRl065kVFqX1ZmlT1HoXawfnQxPgTKN3q6 +ZtFCHGDBAoGBAO3gJ/ZR5mrUBShx1ShhtJqBDfDu07OMc6QKJl2X8UhaKetzNGAS +u7iWzVYGk/TNC91QCpjPUNJ/Wr5DbIkBIC4jbxhWCtpNltiPMoSby0SnJPalu1zg +Q1fxJjMFwJ1RvW7dBOH4FKTPrnHh7m9NJn1ARVXV928aShjCX/mpY5NhAoGBANDK +sgS2V9ephfcB+6WxGglDc3pZgArphw9B+Jrvsg62yhUOh7yQ5+3YmeNKKaGxjy29 +DhfWqbs8EED1mebwJukVGO4h7P9356Rh0iHcbz0e7ibs0R9GhkClKp4mmYjokEcE +CuB6Rb4R88kCZ8F39x1Po0vCwuEblXvvpgU6frFbAoGAJHlnh0R9oUnLVK1Hsv5w +U/SP766fNXvGy5Nm2JkQvTheDyVGFakpsZ8l8xflHfdG53N7fHzldrFid6QdA1Dx +30E9qqye02RsSd6DL4Q4AdnjOBKnjREyIkzuv4oVQ8oh0tr/AaspdzAFHp83EUfy +K+hr+UJqw1VzoSJE1yJbC2ECgYEAmLH0eR/FpFI1SA0qNeYMjYPH203DJ7fb71um +7eCojrw9lCK5QD2VcMu8143wXnFVrfSabvKt1OG7XVaAxHUTb9jfD6C+C6NsRDrK +C7uDmuaY8ty0n7PbEUH5pgnCtW6nvVgGgF7LzJKigHoC2WnbzpLkcM6x6SFcNHRy +LVa3OwsCgYBCkNi2hqgHPK3NBeNST05kWHi5RqF04J6RNS+7x+gzv+S0rU/aDma5 +dwCE9kNJN+wlokihqq+Sxbl89T8W/TVbBhqTxVWGsiV490bNI5WQTFNQIX8wmf3i +0ANSxBw3sB0RCdJKpDpSPzx7JHV0vhPXtGg0yyr9Ua2DtRBRnrdqbQ== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-basic-constraints-ca-false/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-basic-constraints-ca-false/Root.key new file mode 100644 index 00000000000..852ce89cc92 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-basic-constraints-ca-false/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAu3QG+qYD0WTG+mKM9kCTvk59cYs8+1eyZHoInc7DQP/rhEPp +DOCALOOcOEOQneGlTqEQn6y0vyQ4etc3IQ2u3vCZN0Nq53/QSrrTpPTfzvrRsAP5 +XXmlxYKwz2ICh4Tsc9JlM4YC1/RXjZiiKo+JxiMpaP9WRtLcmuPSJNjp/hgMT2ez +zV4xSnAuTLJ+EOE4x6H6vI+bI+kZVsU4Suh9MeJuA3DO8gtSfW3X11PY4BxulfMc +tgRQAyM5hkIoaCZfyqcT4lHt8FW7rE6dz+UHREFF+Fxlz9d/CuDuXl4sDBMQ9tTj +up8W9IyFslNM4VZj8AgRhN/c4aB/+3hd6yH55QIDAQABAoIBAA+HRBC9cfGFrKoP +QeggX1zTebbPNwUHNcL3DQGtoCUhTixNx9+GNXgCfu12Q2OgzqXd19eyYeK3qGoc +q/dz/7l+KuMWFaQJxYJ7SY8Prf6ibn5rRdwFeMMM2YLEdrstOr05f6KuBkxHdH1J +WJ23+EzOmt6U0FvbmeTG3KCqy29+AAFSjkpWKzYwd/tJB/n1aPvZDU8Z5bVZrQhi +7d3Cf4NfPBSlL0+y5olSAEaGiNxfOVLSHhNKYkK4n5mFGGPAcPBCJxRXD/SC/R4o +YP+JpGPnCOK0h2dp7qSuAncj/o2HnxAjcOA1mPuhuiOiN96n3e/BYgOVcSAQvKc0 +ies74j0CgYEA8xvXW1WsowhzfsH2tNglXayTq0GFgnMXYgTfqb43ESdyrLf1VB67 +/sroGP42a4kBlaWG04Q5iYIZWLnRlgyrQIniZhDU0N1szQOhC38JaM1K1yUDCNJM +XHxSl7akTlYoaaQUbSTsOsgYQ6K8OYVnKqUHqablFJO26haNGldD1D8CgYEAxWSs +Cxe2k0lPnzDnfFBK7KKHNNTPrnDQGEQVE4n88zznRQCKtm8M1BZ2xQAe0tIIJD4E +mUpKZVB5qmA8PB6c5inY2FQBOcOBQfkxpJ2YPTUFZAofZ9asL/eJncGvsflWwAsZ +0dg1/JrbEKBWKvEwmUT/eTiuyJxKB3G2WeRqmNsCgYBL8M59AW5EH0e0uPJP25UQ +hfA69uS1sy4CuHMFmx2ohiIUQgKonFEtbkTCSebGAK42CNbtC8jNY453YNRPgvWb +23aVW3yfIgvynseXx78wtbBDNJSWFNs1qMBEFBGPRuqo1VBsJ7SDSC4MMrGJZlqr +v5F9NV0p6FqjFRhOuiO+EQKBgQC1jOtj5HKLMxFldEBkqSDQVogOwnElmyL6Ppw3 +9WFOgsSfRWlPdAITi3m/pWW0N3M/ij8GkjqsxoCwgITGMs3SL8j+5vydmUBoYn8T +TdN48Cw+H8VU5zBFieHr0/n5sj/ksBEWXUsCQ5eayi2Wn3E4dyqV3tl7L6wy/pZe +RWT5owKBgQCrqz+lwGA/vuYX+iL+ls+LpdJ0lRxjomVahv7+GJbpCkpJDEryrAMa +oSXHGtufOB68UJhznvr+7v+b6NxrSZTMLSVvVVYVeFdGk1ssrtPEezVKzRs6QTEO +UcBjwakKVtRG5OtT2IsqaIUmA7m+2jXTXZjVvhPy3MAcHeKHDLksRw== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-basic-constraints-ca-false/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-basic-constraints-ca-false/Target.key new file mode 100644 index 00000000000..59b04222e36 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-basic-constraints-ca-false/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAltRrRwDtmnIDH7wUQmMojclaCCdZBi5h2Siq7VgXX/K/7jOr +dAscwwC2OJaW0NyRRKsd+uWZ7f7uQ90hsLgaMXC7xqXrbi55z8PJMvc55f+fHv3I +jI+dQuZdzLF1+pTz+N/4R+p6T0wdZ/03LnWjE4QAksVshmaAOXsPLq8UzoIc5Hh7 +89j0s7HRfV/tGW8d636+OjPhtIaCIgUoh4W4K3DxiEVrtPvQ8ArlRfao4hiIdFZM +p0vLE45hixrCoistJHrwTFNJi5i+UjFyXTjnjTZ7uzRNZi2zi4KFn+b52FjaDenV +0r5TS4itWIo7PB1TYO0VUJz9w78M/FYCjwarnQIDAQABAoIBAA31UIw8oMCHRpS8 +Qh+2r30XojZY9dsllbaUFeVrHpapj2uK6pYNpTbCrRpljUV89BCnyVl7wBgPXJt5 +LnH9R6dFqIsEtdn3gRxiIQ+PY5NOabpjgBjJ/aLAUPPthF6RRFbG22JEZ9dI0vvZ +qi6pglL/B1KN5LI3cCxhoBEQ8Nr/eS9/uoS9cSLaj84dFqKmDjZ9iA22GtNWbn8W +NozZanNmyQHi1GRWwjTrpKJa8QVivW5J0BdVqsPOwxbN7yoGs0Rjgxm6m1Dh2mZX +Ec09E0jf/qGo4IO5sgtjAjnN0C30nKGur4EM5fFLqOIJgk/otWoa2ddf3nPWKwGJ +bXxhtf0CgYEAxxK8uQV3f5I6AdmdXcdGgEkalNuI3YHJowtYaI0ctguNoWISmNV1 +B+LsHKURPRM/vAkykbQs/heljAv0AUZ3BFW3zWkYpYqlBtWFcne7zD4vjb1WAZlH +Qp1QWGp7Bq8GheL1rc7arYa573jlWkA2xri1rFz4tz/PtW4LTSr1z58CgYEAwfX+ +tG7+kO8qyxhDLrb3vj054xS14j5ABeY7DZk+3uMuTUr4RH5ldYhLKiHdIdfjx9vU +EKu2VAi4C1T7s/rBJcPMEGPE3+DS0t9sC97zkP2X5caCpvJ/92f3xm/LrnRLVuYj +l4BZCDwxSwjduFxj8J3n+WH9Qpox/071nQtKi0MCgYEAnqYzGuzdaCCb8/9+p075 +w6D++yTeNVGK5VJUWbYj7HzWmYe0NHLg+rEA5G80hs0BXRSjZXUG6lTkDPE1u5Jx +pVW+zof0KXGNxR2DZU9Arivc8AO1OD70iIUgk+YAN7pi426Vxrd0lRgqtEtP1RYZ +0VNBDaVmXXwQR5H0lcIn9hcCgYAswqwoz4SHxenGPK8kVK0PhemZ8emXcG4t7leq +Z7cOkLbat3ZbuB+J5A4UhwQVD1FNifmCb14APpLaap47hp6ULH8nOR7x21xLtaul +gaoLx7oKGKmGBWhqm9+eN6Z1d/j68Nk92SyyrdFiU4V3Sjr2CDrEXkyn1hW7qWkc ++MIXKQKBgAgmVY+lkzPk+sOUm1Efu0daXn7npryiWmwFk1MZ/35hvLgWXLfnmRwN +aU3j33s2Z4vVDBbs5x48QBPKz9akgztUMJj66/phsQHFjvVbiAj3ROFMpVa5HAqf +Zni+PDjAVeAteVAcpkDM9o2JVZrqQks2TEnx5VJcw9iIgeA5+0XY +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-basic-constraints-not-critical/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-basic-constraints-not-critical/Intermediate.key new file mode 100644 index 00000000000..e2c2a26ea73 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-basic-constraints-not-critical/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEA+6/dEquqBuByvUNMPlvNApzKwUJtzUdubExrPy7BPy6IPXdP +HDRguvf7WGQ8wnZdMIhIIoEvJ8gftO2WB133fEo3vv5Pex8ZgiEkGMmup6VYYp1r ++ZqIVg9/tAwa1U+rLMSXbuzbsaBDhjQILiEW+PY+KujKmqT7kX75QxlCCBB+kq9g +RU4w5NPT6b8yz8EboFJupKrtE23of2jGiIRnII9rgpxJXbSVY50K3J+re7Pr961I +NfVE7IQj4VvKSRbgwlqPPtIr+lAIvxI72oyWZpNpWydOuOeNERTmKSO12few+eKQ +4ti+jR3cifXrFd9YiOiRFJSdN+MQGt4wPBjXbwIDAQABAoIBAQDOnr+U1kzNPHG1 +oovzHZYeMO3a3lgaECw8yDe7NPz8i4zZORs/Alju5Sn4lMG0u0shzp+5g+hcdlRh +SjLCdYf5B0zghRJm908Pn3lsyBWUF4+J1caQsSZ/0FV8T/uvZqoWJIZVUCnDltgY +Uprsk8myNSUwQNAjSJImDeFADnpA9vjMKx9X8bYpOCcbxOFFkeN2Pe0USuFsLN+A +mJ4olqfVqOls77rNDbGFgkZspiqSUFd6g98U3hndMsV64YhySqEM2492qyjLXPP1 +AEbLMGV41ASk9IUN20aXE/tynTxnu2o7aHotu4oaucyHzaWP6C3ut7tpG4/SDIyh +sg6oTUmBAoGBAP5h3ormnN1fyTrdCromD6FYJPCq9sF2AbKy5QY97EZ19DSRiKLX +rIXvbtDZQ4BRzr6049FG1C0MIesKI8bG67ifwApIxNFc7sapFErHEnn3S3iSkBmv +jajrPVfVdYcRBZ0kcg63HVqBbYW9WQDvWi1xyfwbT0GL2gsRp9kUfnghAoGBAP1J +mzYFy5JoszxoeK88tMtBk4U3YS3ukUJJce7SGoJqyTO8Q9BpMcvkMHQpzaoja3Qu +rpUu4iOTUSpbwg+6c+wPjITudvNBQzpKzoXIEEa9GU2mM9PfX3JW/cpORZfLJQ6O +yVr2XZHT4qCLJiJgFgIgqA4L6xwiDjjNzFra2B2PAoGBAIAPBNkn/w/yiHr5i8zq +HDQ9C1uctVvu7CvpoyHhSnCuMKHGIeLYcCF8x2yb8z9F765Rod5YqbeDxA9uq1QG +D+SBh0umFm7POeUIeQ6r6ME9nOC155UGq2m+AsOU0fWMvCa/kiuWQ1Csl1YcXBH8 +bIk0H1qq5Ns6bCnmWXkOuBwBAoGBAJFDL6Lx++iB55mTiPNna4DOoR5bvn4rPl+3 +44HGObHmMHJdXL8gNZDr0+YrO2qCWdQOGc4xTzx79qbGbSu8EVOnLz3lzY6BNV8v +G/aZ4MvRE7v2v+6ZQxI+Vds6vKrrtNr+hPiIJu3FiUntw/cfCEA8HmW/7Bz8Yw+s +57CLpjp9AoGBAM1/xQ43uadmGBN72Fw/LythooJo0bicegEioaGOlY5VzDIW3oNi +JEH8Q5h/eYxyA0rl4SFMpWU7jLAD12bU3uu1bdM517WTTVD+MsK8nStLTefM15bl +IYUbc04iyQ7ne35tde/P/4+bRLhXFn10eKaBfr1D9BbDHVTITBqgU2D6 +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-basic-constraints-not-critical/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-basic-constraints-not-critical/Root.key new file mode 100644 index 00000000000..94d47bb6830 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-basic-constraints-not-critical/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAqpQdZYx5BPDJ0Twjduk+LMlS4fy5vzWNZuQ3ZrVL/xqbyzDh +1DBU+27yQ/12uIRReRJaZZWH7D0ZsKsElGSqvOW/4nf9Byg8tSDaVSx5BPJxbjG0 +YxSATsODHup+WsBNSEounlKAgJgiEEoF19sTjzdnIGMZAZIHRpS1ybrnaK8GVzVp +UFAiIwuSoZgyCIhci0x8pWrzMe6/TFmwocvoKB36TNMb5isDGk+1jZNdGJXHk8GL +b1UXNBfp2HBHyEyyWvqnqma3o2IXCnwnFe/CvFt6fYjHKkUM1zuRfnLGMMsSOR6i +iog5MPBUtBlvtl7oAWAsKyfL5ZNJq7ie8CnmxwIDAQABAoIBABKWzZVRd6bILtY0 +fZDp3jK3RecGyZ9C0MQTvs3cmAmW9r9v9kxPcBNuhcxPBO8azF4rV9qWLxfZmMEe +AgPB7LFlQEIH3XU4N1Vt3R1HGXEmkqH1nLjndQwgVlu6JkbxifqEywvJ5eMdsSih +SH27jCghW4W2BvWa2lwgvKbdTXak3rlYOc96675dsjFv6x/D8h4Kp81nIQ1qZQSQ +RFszv6u2HOmZiMUOCcJEuW3Icayf1a3HS3Rub7BIVk18vD43MaDGnDP3eY2p7oN9 +BNFpgKZx7D1obQnO11HUWbmh2KXuGCH/cRPCNnebeWyYrn2jsoB0rizbQOPowXfQ +YMi85sECgYEA04Mllbwrmjy46sn49nOIplbD+0edPRtEHx7105pdd+ci3ZlI4BQY +wsTFHm4oHOblHfPuABePGYZbSL+Vek5bDX+oJxColPCWmZ8GcZI8fimCizHXE12I +6v4ArsDiBbpynMySoV0z9JFs7z7J+Rzizx57m9eIMzbTGWjmtnWYEfcCgYEAznTl +odZbVCqE0U8x0NlZ+M3rTD46KOoGOmq1oIr56ckNupHm6e5b/V2yURCVfqsTlP3r +KEduq39s0aL2ICvAeKA+CTfmOgcw2es5xDH2uX/mrKY2hnvyN3l3Q3Lz9XK8CCrS +3bhJgbVPBtOmGIhYLRjU/BdakcJDQfKbHdjHnbECgYEAyr5XdKQel4XFKynW/0XX +orpguaj3y+8q6TngIalCFwDzpr6b4E7jPS8oU/b7dFjPHlsHtAbhIHJtZdpfChG5 +rcLECE4rijjj4vVQU+T9H2HixFJN+z4ZVEeNl/VDsoH6AtsFYq/YcYJEjT/+kk9i +CW8KxWNgJtdSmnS3UgZ+chkCgYEAya1/tHxFcw6l+CG4tB/euCHPvQb8oYMa2m3r +Rwz73Ni+RIbKX7KswfCJhI8Cul48Hst8sDg3b+hmUNM0Q3D579v5PeARUpY7rmUO +ZQ25yrOajwU/NlhV4MMTMhxVHGwcKo5KtrSTedW3gR+3nTdzi3o6dJgLrV9rfDyW +Mq3VMcECgYEApnRlJ0TEoYGAaSRAl6fKUkkzkcTdcs8HzjpOIu2TSYyeBXxOCTnl +iSOhhq3DykvPVJXdN0tXPaKGsl8JV8lfNlxTsqzMObiqiqf4ICd1Uvda+/o6QyXX +kVbzmOVrenw/3DKenAws2QrMpu2+mI/y40IYLbCThbqtCzKVJNAnRgo= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-basic-constraints-not-critical/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-basic-constraints-not-critical/Target.key new file mode 100644 index 00000000000..65d3032876f --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-basic-constraints-not-critical/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA2Mz27CPrINIOfikE7Iy5ve5HbgusqfoipPxBdATQtYo3VinV +vufgRYgw2Vrgp2n90cNNHEJorn3PVNuEuZHmaMXRbaQ0Sn+PPqOoxA4/kEKpuITC +/VHt6+ltzFoi9/vrKX1dl50m6xApvyq9sC8zm+ejF5vbtM74XmYlfIzjyFPPwsOA +z+ZomMq947jTvOID0DFb7yFtLUJey5o6TXq953V1/2OVqggg+6hvlanqRQfEpzKJ +WJSYdi9d1IWQ476WMxxT171Yh3VOjMnJa8i2P9NGGp9M3qVIza2H/nqC8gxlhPUJ +zs/9bGZXkdz7hdH/skzOL6NzsdweE1wDGqaZEwIDAQABAoIBADXg4jCXUJTMfzuN +OCMNag+wiuHnVta7SibUZfPOSowDOHNaXDtgZtUA3pr1wcT5S1H5Bk3Sly9eJsuA +7oArqSY6myxzVWd6QgAgLg3jOJrCZmlr3QWVedpaHaZedDhKzAt4k2zdalGap7VR +iuihImNJcreoTTanBQR4wDIu1WDwNb870FmiO1RXtA6o6Isq+FTVTnTLPRjh05op +mETd0u+fmlAv0Z1udW0akbn7yYhu2o7g33qrJz8mj5lMvdwkheCzQLPE1MiHdyKy +69jiRt2eEvvX2amJLXu27gxUI6YvKEjlzoRg8hDCxBXxc2xz7FCcXSQMR8PDoHwB +TUHSVpkCgYEA//EKUi8VsA4fWOLC0irdyHf2/w7wJQEJriemr7la0Jo3ec6sJg+f +st6Kb7hTnSjdYzo7wYyURj48LrvBr6OpcaICKk1Zd/5cDuwffBNa46BUuwziBqGu +7fcQ6bvfowEhip0ImO2wf/TLVQZ+LvXesx7nvrE6COZREif2Osw7rY0CgYEA2Nmi +7pHv19vWSGgqkGo12ItFLBnd6kFlFf2aohnuWvWnE7k5zfx0vVbxqVf+JW8mm75s +hNBQU9EoKGMnQz0PBze6LnXCebPM+V2ETZGL5TQT+yPzmo83qb6ioFCvdzzu1xHj +rfDtmBEYUROPED7rGRM0DjbTO+xTKjrO/rhlKR8CgYEAg07P48AiWVO1g227VAYI +COx7PPoV/HYe2Emhe/AVhoZIRebhbRmA7ky8K3se8rdfdaQPukn8XFlbmQJc6VaG +/TSH9dn/N8+4vTMpKAfqDnRYZCrE33AeBhpGhBQONVvEMJBGM+dmMQ+PLg0JueAM +pEsLzEqyopQ/LZhw/FOBnpUCgYB7JPSa6HM8sRH6InVxd29GnqhUiAf2vNZL663B +uloae4A6+ifyaxhcYaBw25Bu77UMItJ7hdToFFHqxYwJagY7whDPy336IPoY7ltw +tWOtcKqcJuly7zvcAG9X/Rn367lyly0lnTk/7w1RFXtb7W8S2U3peIbyc50y0Ry1 +mD+SXwKBgQCw00Y4YiTbX5weLqZzeC+/Yeez6MT85d2k5MmG1n3qPmM5oxDjmb5C +Kg1hSvr7eAfKw6K/uIsLhb5IyTUuckqOYMF5iuFkbRQqZnxE22zr37gjorC5dw0k +tAbYmeJXIK2jjI2lGMtCcwuY/WwGx4K0xV3b+lk5eZCHif3KaH31Fg== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-lacks-basic-constraints/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-lacks-basic-constraints/Intermediate.key new file mode 100644 index 00000000000..2455b35df6b --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-lacks-basic-constraints/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA1NJYWiS5ncQHYu0KJAlG1Jeo4eb6wo26MdrqlW/KecwQCM2O +XTPrBECUehWUcf5Qc+qgQea/k6p/YMLmVRokzrX5X633kLVJHDBFre0S07Cd3gMz +AabAEk6WE9efsGlnuc/Vqc6dfE5fDXvRpGWTEiJC6AKfGAsDrx88seCsp6eHsSLB +yf4dgRPd59khaIZqBhOCc+V4eOCZdnU4aHPLizMlU3LRWPBAZDYDMh1yw4zv3nYH +35q3uUwQlPvIe2m606kaIYz3xbOxG3JEEIzdw3Y25c6ooCkb+kcM44nyRITMiA9I +CckOHqnup1W6Wm94Zti9TZzVUpWDsYC1r871cwIDAQABAoIBAQCjdJbVTUWezXOa +4FIckV9sYrscHgpUqQPrzKbFdaH+X+OkzzPbk8eacXtYNQDZeKkUDo1dcDuNz7Kb +f7XmgPjqJsvMV9I/u2zWkKDDz8TY/9qQLMbdKtR0exU7Ui3dEWfQR7dj/0PnuE27 +DnFaoYUOtW/LwE+u6K7Aru4v9E7HSDbJvfBZ/3XR3/P8Qe5LOPRalD8BdCCRMWib +pHOzzu+ldcLPd+aPqQzIGw9q9/Nd2YdkyfaCKlr4B9ZS0n/K/b6H0wtk0+Qgu3kW +AhV5A9rJqms8uzvdk5jOKRsvEsZXZIpH9yltV9YzBXk6Ap2Xl/N9KBGHprMW4Gx4 +XlX+23QBAoGBAPOF2OB8vrAe80pTH7oJt6vyeA4L8zlypBNYvU++A+u0ZTGA74oL +pnMF4oBr6uszAbfxR6Mcz4L/4tVECcTb9gtiqh66PbUDbkxXaimYLxD3Ry1YwHNi +DQu4ZKmn5jMWkDEca8zkRPHNfzDJ+0d94wO9eCy7SQ/POaarObcfnzNzAoGBAN+5 +zsj0rBlh6jA2Cj3jhgVg57hi0vZqhAXX/sJU8xV1PTiNZYVH/aDKH4j9MySrerqJ +V7xN5P2sGNtnCND5h/M39vH2+GNplGTqdxIbwVE45PIwyhLrLmgP3qsGY+Vfu2b8 +snO2pD2gIKpJVqV8WcjDDZ63i3vsBPvd2vpI9LYBAoGAfdusRgFS0FV+qegiGpVR +HwX2tFPKxeMRF4qidOcgwZ3/OsGHi5IP2Zyt/m9H/3ziI34I5y1JtkunoU9DuUFx +fVrlz3Gz2KzIQZ5gGNU1ZhBW8gHPnRKM6YTIScKjv72mkis9L6y+UTZCySVqv/04 +6cLvrDazQP95rUELWDB4qC8CgYBoWdpBkR3UmP8KjaopQ753M8PhFPchSH1b3GtP +aSAYmh58CjeX+wQpwx0CYFdCe1k7OGRbyFlOmL7fVyedkUYAA9KC+ZbRh6VXjKUN +JTT+FXN0I52dRWTX1M8fJlPh4M0gNC1oG4Bv3gheZOatOVsHcTMhHKtKmcOZVtmU +dALwAQKBgQDZb+JbBsTe675CQCU4Hkgb1gNTTLMsi4Jvw4EusW8W6rK+cV0PsRtM +f45knS61UmzAsFqybyBiwXKydATuqzcge5SUDCK9OOkHeFrZnRfHoIAGahovnyCM +96EyEQBJmcDsiaS3WlYJ9EMvH/MJwJve7BAIwnuBDOwsqvufZlCJxQ== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-lacks-basic-constraints/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-lacks-basic-constraints/Root.key new file mode 100644 index 00000000000..4ef859edb94 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-lacks-basic-constraints/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAqfOoSFBG/rH67q8aXMHy0OH50bSOgseR0useBron5T7Vrscc +P6a5SAXEkFcjqyoBzcp/34y2Lm+DiOmO87Dol5qRza3Q7/tL12G98V0Al3BblR5t +PKcDK+wpzLbtseKa2zjOcwIZPyADcM2IKfmtQPcWC7STm6wT2rs56S8vFzkaJ0d1 +zQqBouWoWOcIFaMzhg65upAjOyoq7QTXgIVR2N260JY074whGc7NCp78qz3tadFL +0isfd1x0ltclzgLgSe0Y7sQ30eX1olyuyf4rzWimpTGadl6iEL6qFMpXwzGskr2b +U99pj+ImhTYgJ/Vg+2Ztm6fs+OQa36I47u880QIDAQABAoIBAHZK0mcC+WduGmro +FkFZ/djGcUw1kLwWjLlyTYQBLqOyCKmOjWsAcRZgbWDKRlls87R5rme7WVMY60Tw +zD9yc3KSc8nlofhnwXI45iyJv0+pNRWmCAKffOWli7Kh4PBf+cl80LXcUBZQAhUR ++iS9VIpTcVTUa6l/LJKinrxfyzcttS3PuIAW06ZQEmkTEvYzd4Vgz39peVFtNlaQ +8S/9gACek/wRhcIDB0RIQBbv5YruemnGNaopzZkS6bH3IX2Eky1wbupTc+2aWbzq +5YtV/4nVh7239tFySKj6E0v+ZKCgu8d/pc8vhQdJW6UZ9IenErURDlVIK8oLaXeD +u2SCZQECgYEA17zKySbEGg98+PJelYApsw7/zE+J7qFiEl3E1A61L/dCzuw/dFuV +jGbQK12uOjhCSM2tOTx6+IcTtU9UPTPF3lCOw746Rq18mbfAZ9o5URPnKnqafMVV +A+SE/J+DCvzDhmQDswncvuJAQlixHWt8pISDcT2l1P4jZhPoGVWv510CgYEAyath +QIosbvR0Ty5KsTUXMPLWD6DCitSmM0v0Rj7RY7XLS0g/ZVQSL18hclvyfEKP3IEz +Ejk0SK9FaMgAJoia1mnE5ZszHzM8sNHkMAEfwPR4rSzWNwzYQ8caXFdHNOVJ+5MM ++yb2EnDZ/tng55wUvQZa1yhGgo0qMYB/BfYbGAUCgYEAka/jfX1ZVoP5ECCUcP8Q +qePKKE3aRrTjBqYeAlpATzj5+8ScgVZLonnXwEFOI/DUClgiz5EhNe36CCmfKIlq +6Nub3WH79ri3eRMWsssyg6ceJ5iN9Q5JgAx1JigOFYBmBb5KpUBWuu0NGgDM8qIg +lPUL0pAgCbrpasisp1cvJ90CgYEAvptiodN2x6/4tlX0dqTNNJBwTfkNppXyOA2T +5Ui+M1XBvXedo7HgNjHdtO6+sz9eJXVfxduXVRODsNNHgSQf5IO3e6RCnzyYIi9f +Uxfc4UyvOk5kcUeMqBLpEVnUjWQhlsuXu1FJxogvIjbf4UieOUJmXXFNo1q1BHCE +nifL19kCgYBFbdWBDpgjfhR+2Ca50IGfi41jvvrClftF66lbCaFPpKBMooyVP0Cc +0grTw74/cYC9SZP9xoZVtv4TnxWvkzs9EzeTKMxraE/q2lYCdp9LkLZJxi67whIn +vLDW8oKfEv61K7M2if81GqBckOGwISPBBfZahBb/05RNEab5XtWp0Q== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-lacks-basic-constraints/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-lacks-basic-constraints/Target.key new file mode 100644 index 00000000000..ff24922bc76 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-lacks-basic-constraints/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAzZfFskkgi5c8XbUBW42sryoqtc8autgcLWgSHx8QjFBN1nVy +y2LVX/9rRUSmdhUxbn0OIS5TZVfPfySrLQXbfpTne9zsAm1YO07bwJUCv8StTCYg +SRGl0bcB6ScVhe8Zmn25Mmr4DkWL7vQxrebvv77XrEQuEVkVW4KBN4hGWJiWW7Qz +xcMUEXpT/Ol6xd1h7QGkg/45Zo00jYcJlHj0/gwO6Mrx0HrW0FUdSyExbFQ5/x04 +xFjAEAJ4q3M20ysJpGLp4zJBAurWmQoOATzfaD5Yy37CYYTJJzeDC1zoYF5TZOZQ +zyoizb5XknJsa0d37ruWSLBLG+s3uA8rxpeYswIDAQABAoIBAQC66jR73c4v+wSP +8WNVmF2aN0zzVGJp4tbjVU28a6LA3rWVt9vxG18A0xf0tvBcRPJXEG0LL7H0Xjww +zOavnTasQ7adPwJ3RnBEI3LZCOCh9q7Tn4oUxG2sV6TuE3GW/gWaFpmMRAJX/1S0 +n+CWyXHJMzmjzazQatxnASR3l3bVTen+c4rZ2Z8OczqNxevvBX+aKg63aH/n5aRf +WKRvnvLoG69Ha/guMV+ZMR6n5y1LjP0WzSlgt2HZh4OkDYryygBg+i5Gs59SL3im +XUXs1tzLKjVvxtC0F0EeC4uYmSXKxOHR5FPYGDHwc9QgKfmrdh4Csc4Kv6sUFjYY +x1hfTMFpAoGBAPrHBSTkTgWoAaC17VeKKA1eL+RjcXOK92ex/598nbV2JIvfi2nB +cwEeME9JVUlkxCL9suU4YF+BFzhj61Kd3kzTdZlXQq0o9lNJ9dBMREx9uslowj5s +xixIKlPVlZsVWqO/4WwJI6kUGXN14Ylx3HaPi141kF/NS4ZiBugD8AElAoGBANHf +25ygMONTfCRNPi9ja1U0LU0pt77SmC8DAnsVtxGzFyrS23v3s873D7AclyK0P2cS +fRjca2Ann+OnBk/9TabpmpaUnYJs7WYJkN1oin1mIRkpmZ8M4w8wDi2vJviVQoHl +ajLEPxG3YpfZJyvYh2uqGEV11rG2levvuuV+/yb3AoGAPo85hEuD/zs7NLlNvSHU +/gi6D9KS8c0ADRlFeKbgvOz9Dvu0TqyYoPXD/XOA2C9QEp6Ra0dWG10bytB6WwDQ +/P9ffeJb2tC2Km7v6IeuHhrbZvVAR8xg35kdHg7RJH/+PY1Xkdjx0XMXKkuE+QGz +iswia10XaB7RsXNw355j2BUCgYBwlTllp7kR+TLa9mSpXxewuTCj+AENaEMi1OZ7 +yIZQBFYlLr92nMXj/Dx6KJwajb6FODHLKFKhXiAzKuID/smtBBtdM5Pa5zviRLdl +TjMcWbDfoqU54NvcxdaVQyQQrWDj9YEmgoeipVFKS77rklfytWgXusLUyjFaQ1tq +yNluuQKBgHn+EGLg5FuCjM+VCLGuk5f8BxOXl0i24XjKvtRRYoyUzOE0Qq7N7Zts +ssAiLy95lDzFkmVECHtIJjYaw/2vZUa+zkbqQS9omjWLDQ6EiEupYVjPdqTv0uQk +S4u1hamDNCHvCtCyaynENvihaGwtxTAhNXjR+15bdVLJCeSQzbDM +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-lacks-signing-key-usage/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-lacks-signing-key-usage/Intermediate.key new file mode 100644 index 00000000000..e7bce7e2da4 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-lacks-signing-key-usage/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAyVzAZj3Hcu4YI9dWgDyywleBo3ScBQfnGnC6DAj8FNtSFgMr +kLsBGmFlUhmKmwgu7QApMaOKezAyics9Th6iTPYh/14CnH964A0cy9fp7p5kP7PK +F3nBNp1RhwYtwfQo8otJqdISibRgYGUAbwmD+JWUyoxwLR3ge0L8U0tAjNNnoSwK +x1OKrzGRWxLNS9AZESLMgpQQifCyrvARbpG7pXeJyf036rAJmnq/e+nV9VYTr7PZ +P8SQWrHt7t5vhhZh9i0VyW6U8nJY516r8SpCsWzHzf2xLUjgs8QJ5r3h+TsbpVzc +DblALVWvcLIBz4M1hU+0qfwz8zz3MAzAxSIFhQIDAQABAoIBABN0frJiLa8RCgwM +djMVqj/UrJXaYmiqBs4rLg6Tn6d0OU4fKEpnhwfBeUShax7nf4EujsxY/LxCP9/I +Xzf5Bb1h2o8NyjrMplaXbbzUM6n2a8Er4c662MwqDwJ4ulsO+BXXF1rtDRV49Abc +O1p/FN0jtqiLQRta06GVK0Pw9V+lsXHzoFxaZgCHyMvG8txH5iuqxPO2FQtNdT/s +cFoZ7fE4dImIeQoUrhRCsM/8o784M0Csl6NHtWPFNkSNDEpXm9sBDxLwytnJi68P +c0X8CyL1kcXboycv6CW915gHAG4Q5a3RuhfX3/10rK9A4tWSbVBiGzmQKIljfVQn +Y5sVpoECgYEA41gSRaULN32+RYlTrb5T2JQbmEnuQXrJweLB7MMXLa2SforjoHDJ +RZcnbQs3xhtGP+VRp/Jroe2OK4W1Ydad07IX2BMHoY5YxktuwnKFtrVjj1g0WIl+ +l/Qsk29B64wTy1xplCBTgTUG4WdTCru+B0qnRZTPyN6CIaRADyvSub0CgYEA4r5N +lo9Urpt3H7Ael5QqfC4SVme/KwVZDQrb0UhA0cM9RWJ5tcal6QIpjirvr/Vk8+/o +kV4xSIZDNkqfjxWuUa18frkoIbMqAiuT9jZh36IXlXij8s4JYZYcgL26Cz6v0Grv +Zzy4ttSKjdZdv6uSm5lJXANo0OajmT1WU2D7I2kCgYA8brPkuXui05UZjOimfbpy +DuTK9ZQU6dvp4yojkrR9mu8fHjJl+rU1/3kmfl3kFmn1IDM1jrZXw/sPzKoriM5J +cMTv1hcoNduZUoHtxF2Q9OSzPQIlKt9w6yJSSrfeMk0suLMEAhfQd9UNY9bqOn/I +Fmsiju0w+xzibnPs1HxejQKBgQDE7G5KMpVjSBY/aSBImSAE1aaLcHMxE+XxU9rx +egUBqMUP+6Sk4K+7HGum01dzxHY2/cdIaTv4NtMs1caZ6ESLH1ceYASgsA/t7pcE +oNqD9SzyXeJVv+eZ31tF3IE1vu3G3vio+q2Z7CGhaenly0b66Dg0N6nStFylfAX7 +SCEU8QKBgQC96DF04JiF2BsWXk7khEQTXyOWX91YcAxLNRQhwNGO1vKDwz5nbLBd +WzwOW65ddih6TAFQ+jN9FRsLxEOL3zmTt30JPSE2e0jDghVrBrAO2Va/KW5Iu9vY +tcL4SWsrnHZOHjIpKFCKk3dw67n4gUxzWWVAqkUB8Ak/tmQcr6cmsw== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-lacks-signing-key-usage/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-lacks-signing-key-usage/Root.key new file mode 100644 index 00000000000..b37c528d6f4 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-lacks-signing-key-usage/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAy7hB7tXa0kXWSWAgFPssqd6XUI4cL4LA9a2uWMpGy+XMGU/j +TxV/QdS3NPM92oZtGtCr8HaC6qXb+8LjVqxK8DNX1YKectssNqMb2bHmJxyYfkI3 +tiG9WhhhvG931wwHEzlwoUYInxIFyaykV3i1j7xtyrKwJP/9nGGfKC9+u9LjKoHt +9beEyb76BDwp6B/KaEQIJ+P8us50GVnFzZ7Lo0rlD9l4OLSMyF+mk0gTg8yp0mBF +YQ0AIoSI6uPd2vAFyAk6sj5bbj7GGEf/GFS2wG7833VLLyMwoY7iS4tj/ICDYuvJ +pf7tJjetWe95ai1n1vlciF4ZYgVVmiblYbP2ZQIDAQABAoIBAB3SmYRXNjN2Gcqg +EdJAeudbOJeIVkP2Rj0w8cb5xadvupMyCLq5EOoYM8HCohlteGdmiOUo1D15jlyq +yREVI9tKCN+uwXda8nwFILybuG+dVg2VsAYvpkKcMyKcxtRqZFbCH+TcFcMDpmlB +psVPXHTwRrpXskWYXA4alGwTl9/y2oRXdrdhEfqTTIYQV/kFRTdCroxY26lgPbR6 +qChuYRi4X4zti1eDjxnHK3wB2aF4AMMrD33a9C+dqZH/04YMxNj5Lj1VQvkf+R4Q +UcOcyIWm3oFs5Ms/oImv4BJl1+EVw7XP+3/upNJF0htoF2Qb9UrhTFsBblaoMTdS +ch5R9gECgYEA5ygu+DYBTHDHdZCIg9tZyWCcunVFupBKC/lH85EI0ORIILuUgMjf +iQ4Q/5W5Dcn/KkwNVtwmhvv11e5k0O2R9Z8OG+AEgixEUxFiOsuo5dW9FWC3cDCD +2fgE+Naiu3QgJbkrHLlwqU5NNmTDk90Vuu0Fwugj/X3RbhZB6iQaH8ECgYEA4Z0x +2ClG3Gf7b+w75I8rIKmEdc1RQAZxpWykIrzrHKhzarEZJTJ9XrxT9I3hRSTCZEbE +2hvPNErZzsykeSh9azXlGdgpuUfgdAo4plzTn8EjduIuBsBiuDwgQJjhVvax45JH +jSxTOKpS1vwoPxhX8eUGrCLSKwuSvYdRpqJNP6UCgYEAwmhrSFmzMeTP+7I4/hxn +IRRd+/tRT5y2ied3egOKlJTJjK32MXG/fncUGMCFSHGQZrRbq6evx2r00J2UsJp9 +XUQOC6eWYxxzwiEmqihKvjHKusYCwRosag9LrzRk3J7HwrI+7gOQGvQ9v/dy/VK9 +Sd66L7gpPLKqhpm1igQe7IECgYBXs8egg8sr+q/fPjG6E31sYPlA4eNnxBmBeM4F +QvMSXNkg7F8d+paJsSPhuRWMz1FRscDsGEtfxIkOvrZg8sBuYLECbukpQSubcC29 +XfBV9bpXiGzj6v11KMpQ0h0mtRdJo5903XosWOmC8NqkTE5DlggV+iNA4GrWijfP +UuA8kQKBgQDEfNUkHeUaHz3mTfFd1shI9reCF5ubkXhF135hERs0MLNjAdyBMFjV +SYY1RMrpxekoWwbuhxBbkqrsKfGzL4TylCPAeW5dlWjep0flYS3y8HjQq4bgm0AO +r72qY/j95wfg5tj/YzA9EzG9nBEf+XCya7a1crendz7ufh7xFMjLag== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-lacks-signing-key-usage/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-lacks-signing-key-usage/Target.key new file mode 100644 index 00000000000..24d4d1c7f39 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-lacks-signing-key-usage/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAx/PJO7j70MbZnX6mDDf7Huep7JCxogYqsPHTgVOMhurDgAQY +BCawcE9rfGtfMbiN54qToZ1pIKleChOhocd76eS/0WdQ5Hrk2wCmy/YsqEede5pu +aYYGog2taIZn/9oOoa4wVygnFfOLtuI+yDAmbvQF7Ou1vMs3vF3bwmr4T+V/uPJi +qlk7QM5AZ32Du2YgpXOCfkDOh649NtwGJgnJPmsT7chE7s/z2zih7s0ClBh/xtd4 +ZY00u6PUxSfhubVnrfs8zpo99sdULnv6+InpVivpeC4CFCsaGOTO94Bn9w+IvHhw +jxzVPyI7OCJR2P1tk94FDByot7HTqYNrixCtYQIDAQABAoIBAQC2dHRZ9PCDkBAf +MOQgHi0eBFMANQCCUpI+KEzRpAWFT0/ZzuKDVzKFKVNxkyCoZDnI4KDaRqMZVLMl +CsjgsQEXas7GLDqaYrHWTX/medpCLCc+FKtPyybeVRC5Ynwf8UCMtEAUJ+WSmEwT +M9wKHDXV5QJLMMMDZYSUdCkF/Upcy/XpX2wBEsbBcIoWharvU1vLE2bSTwm8Utdk +TMvSCJLFCOxXgjNfiLyrGJQge4KrPgpjBxWieJ7nNDo2+4Xzzncpo45Uwjiarsa8 +l6dTyrgiqjINPyEldrhP3V1cXQ2a6y1j2BEalAxAGIz0NGsNvXBuMsOPmlCU2egt +eDr3bFUJAoGBAPevT+36qd+6K5TsAWXR3x4PlQGCRu/Zue5y75iRdmRKXIGcHtuE +fhpawkFZsuQQpdQaYR8iiZUa0qVtg1cRndcgZpcSqmqpff4PQN405mTl6gx/sMGf +ZBtGmdas9DJUOf70CVPWltoaf5NczJ2W9Fhsh56G8k/IOcu4WWgNr1zrAoGBAM6q +PocTDlT5spZ+TXnD5eBR8enUqW7832A1fgAMZuwKLD14yTBI9GqJKgl0htiulALR +R4XETTRaLeAKLbp+OV7Gia4dVMCKIuW6aqNYnmOmd8OLjh3ODLALNi+IHvAorsC+ +dBusa8Da7w4HC1vF9Xehbd5qQcM2xrdWXm8yLZvjAoGAWE+quRhhz0Jq3ZtUWEB/ +RBGcOECCGGzSDYHvib97rgCRgSjwG6be63imwHRCA20oIzsQm/BNi9tXdeJZLQc7 +9wM3cPAX0RYDtT0tDM1hxGHxlGlG1ZKGN+9xVIiwPO2pDA1o8fqWKMe/6wPwdNPo +5Uo1BMHqzaV/bfKZ9i7C8ucCgYBmTYwqXVqI4hpvuRItJrZStv3j3KwLDw6cl55J +89m3GsoPnA0r49FqM4AlshNWjAUk5+hZ5XS6Z7Gx6Bf+66EGs41QLaDYtwjTY9aK +CcJOXgeHOzwcsPVC6CnomZ+HDvyC2USstkuY6kfQT9hlk7cRg03Z/guT0TfJZe3V +aad+NQKBgCwzBQi29pTpYZdXtOq2VHF+8n0pUCY9RZzZko/U9PKbmSDUeQFd821Y +h+59Om3nqBoU7aZf0+pubhhHjGYQ4TX9SwSPYxoxJK3ECYqbLYUkUeOQB/ddM3fK +9eaphTdIrmCgecfBZPQMkF+DiVGzhkYHE+JfgP5rw7TgsClj4pdc +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-restricts-eku-fail/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-restricts-eku-fail/Intermediate.key new file mode 100644 index 00000000000..33a66f3b2c8 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-restricts-eku-fail/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAvZoIZ3KlTbo5xArVqUJGeqDz8isfg5FYpwA7sxdR5R+DE0QQ +FH+EbZdX3jIAvRUY5MeJi25bQVGt08n3PnVRdFxxQC6blb6POxczpTozF5cF1zAM +QJTBjeeAX/PUPuRGjOOA7JWRh+CgozJzbETCnBKl02uR4GA9oWGdCW9fe7HFmGo6 +zIV2RfJEDj/PuVZaI1VoMUsXMK2g4rGFP24ufqc4ud3NPft0GoOHwuzsamMLXsh1 +B7VPP5NYpf4+dhjuFt+xUrga8Hdlo7ctFqPmyBFn4SDqL+0Lk+bIKqD8NLf6SyEz +YAKGz7S98Mfs9Xq0/4QY9HOhKHox3gi2/b4KfQIDAQABAoIBAQCOacZqPXjgm0KM +eD7odbmOnprdiXqQTnoyZkBxUtDWswa3T+ZsHyQPVSBQ62oWnGQoY6BytJ+ivoE8 +lXU62tAmANGoDdobbhkTn2fRcZey3mMqsRJi59lCh2Krr+/6lWhQpwnNqsK3Nwgx +zNFZv4QVywP3e9MEoAVq1HEqBxfHRgBRFPb/Z+GS4Qz/QgXfGx4x492tcJJlL5x+ +VOBk8klsozzvWnJAyrDTqMlz9pamqpXV/CFO+Sxvcvzo9VcO50tjOqO/nGNg/SdN +JV/xXQMHPkK6lgMLPG9Q6OhOMoJSKdEEh2zE1N7u0gFlVlw6oPEg5wt75Cu467Yi +SKUNpmVZAoGBAPwvtxk2ubZ9rwru38sO51hAYCs3zDy8XP9esMdLQBAdIyXr0Rzh +wUQSZElQ1CDNuGWYPUPxiszn33t7yA55F2JTVLhHIgdh5mGaX9Rq+f31VMjqZQc4 +GHO+Ew6OPpb3bzdeRVjdR7mCHU2/8P2fmu0gPrebMldGLVnnD9nxlv3vAoGBAMB4 +CNhxfeclaSgAOqmOtbTnSNKrZJ9zYPukApRHJTv6NaxCHhzWGfT2a+oUR5DEVwqp +kRJt2BLnKAKWhsY9cD4LdzdbPIdqvhzvWHbJvQuXqaujYwW2G/OYqv+v5x66Oxae +zq3bmQf3ZL4br2nQBHoNeK0QKJaV8waCX25mZ6pTAoGAMwwtkgsD2K7kSeBEqMPh +jHmrfdQToY+3e3HdctoGo7xiKwDrGV+RUYgviK+14NYDp30DmcdBA21ETaimvFdC +poKbuZmch8YHbmZjU4o8BG4utWTNAoMWYAdvsBiXDtQTTS/l9bEFHcX6zIw36f7u +y2UljOD7dbMc5v/gs4s1tz0CgYBdBGX5/PeFE357t4iiU3cbw79dGTobGY7gbsZU +VQH4t5bi9l1JQGvxCHrk+QIRQ+JxI7wZ9P49PHwIrCjce+rYAYCPP0fEhmD06POP +DTaQ+K4mZmM/6mAd3UWfJqsDHava5csrGPsfb3+/pO+kqsTPG92bfjivdi6qka1/ +VHx7QwKBgQCXy+GHOOXHBfudpPKaSvwEk/E8nVsvuv0NrvQNUs2zKcwgMlYc1Deo +wh/OBT77T8t/3UCUO2+PPgLhBTIpjF3qOzXQO48j+gWtq8vp+aYz09VVnY5d/z+b +xamk30UedaJvwPY8M0XG/m9vCF8Vz5FqGwiZToJSzreZURKMGeEGiw== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-restricts-eku-fail/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-restricts-eku-fail/Root.key new file mode 100644 index 00000000000..39d20f4c301 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-restricts-eku-fail/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAtjBj2LARcV8DOOUkp4ic/vWmKlljexg51TQvJ0z+GCfrfnEl +Ta9xl3/wGLAZp/2rUtkBqhP/P8nI1If6aVMot1JPkaxVyzh/YTK22SD0WG/DTE9k +1xQ0jNOs9ZeKnfbQC2S0OlVxC5Kxjt8ud4r+NvYPvkkDPUL8TORQ9j6G0OQLFc0n +Sa56vtcFKGj35zUb/CpQwWbzMRHz+UCAUTpgmodH/EaZ4xrJXHbZNEWwgtYG1+pd +E87KTp0ugM2zXEcR3fGKl8eNN2oax5cTrb+chTLfIAqpJzvmJsadmNPR16AWTbGj +Ox8Zw8WB3TUlPIaOi3Zp8uU1XjxsP35HV3/rDQIDAQABAoIBAGmzo4pJhKU5Eb6F +u4Fz0lpeHTz+xafaQ1t+PklX8ygCqS+f55utyYKzWJKKQShlFWwouT17AqF4qgsc +pV1MQRgzKjUDPnd8XPMAoHNTGlDg7vcsLP5YG7EE8pk+hc7mLogdsi8R+VdUka2p +sOTsgFdU5YdqBvYZEhZudMaZOlCgshYnbpz1QTs/9Y0ev+YSoS0+NDzN0EQaBAKf +m7pq+zSgyQ4tvg2wzIDrkydN0rw8kUa2kZtOumpdGC01TFKev56Ko9PfEKVCTyjD +QAbYSDuUeN9ceMPu/1lci6dK7d1gx8/Gnfy5jpPTDIY294McARfvgUCK5O0sbHvz +XDftiqECgYEA75t+bveSjrliAGhg3ELk08qGXem1crYqZFAgLq7NzKFFeELQrc/4 +3+eYZDC8gqL3mpZsAdiS7Regm/aR6zc675QcU7c7qGcxYr2ULg+j7aUKUGAtAuEf +J04PHMz6X8a9SdnTNTZHbtj5I55L8hkFsENRv2AoBO9EQsdaEEaKqHkCgYEAwqdD +8vsP4DH3VSVDdsOqH1OtwUhYfoV8jnpljK/48EThK+H//wZJj1VmRRxp4NgxAqFb +ExPAKjQPp/tXP3hYPwrHXNHPJNi2PeZFYmpg0kVMz34tumpj2S0NWj7cgE2+7NjR +LK6NOK4EdNv9ZKakCDvtC6+yFybHPndeRUb02jUCgYABUeDzaYe0I49Ho0uNSw0J +oZ7123i1Zg17uflDaJEXpHfGfs+5dWDQku0C+EXBjnZAsr1rkS7WAYBP+564Jfi8 +Ixu41lSMy+y4t4SecFWd1H/nC3CUCHtscwCgTvy+FFEsm/eO3nqsQKO2r4OJlNu0 +KdrEbBosVMkSeRik6E6ROQKBgFVrwc3nj1f7lWawK6L6yrVkq2Oes/cR7U85N0c+ +EiiekZIIY6cuwyk7eN3rUitxtFBLLwR4LmRW5Gf7TJZ14YQI3uREznqE/7S6UMiX +llWwQ7zqynZ8KcUsmCd6XpmPhLG7lE/faents9b0k4aP+nwCkEwIlkbCpb0r9RrB +wMHhAoGAOEKKGPSOR6B14ar4JQpifQXUhjTgAMsNzJKq/Y311YK81XdauLS5z/ze +Awd2zrs4ep8r056jSFp9UMFTTofBBxrx/V88yYDVdfxSpLtMkpON+5P7gyI5FsJa +8PqJwJCW/EK2n3+IWJR55zU9kkCAbTVTa7JETCAjgenrrKLX/Tc= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-restricts-eku-fail/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-restricts-eku-fail/Target.key new file mode 100644 index 00000000000..ea50af86271 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-restricts-eku-fail/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAu9M89Uzfc2HJ0L5WuH/mUlacO4SDI9jqMMvMAbodNnDTTFhi +dC+WV3zlsCdv+nLAWwsM9uweO8cERbiJl776SSe2wgopuJjNpKRUKc5VxZH/idNR +h4jQw+8M3kOw4LnZI5LwBEK2UAYrGnuXPmek7Xcj5YN2dmMJbb4FbvyqoMiRl5ct +hQKVwvzd3PRLCMO+O0N2lszsVXoPAP4pS4fK31C6XGDlb4zwVntbID2H/YF/YVFs +RGFVOlIoz0lNcj80sKMEGOZHUMfw4aVPjFnjc8q2pg00o0D7QZeMZpNkKSATG/Wr +aXQRiBON3BXIIqIrFnTy8YsnwVqcxQ6VeLr+nwIDAQABAoIBAQCW4tONm/vGDUC7 +WK0B+n1kl/9aMNHI8nDwUkfI+2KMYYbdRgORosj773H1WTkz0QuGGBKKKpT/IJnm +CKFALkOSkTzYFKH/kYFiSkDydLeix+6pIgHVB6vuOxPzWh216pbtZRU71vvuvYXS ++IY/s7NisNs9faak5FqmtohW6NOJ5TL/vfIr+cxqhPxW/vdBFE3HLDiTcgdLKOk0 +tYs7TWA/ZUV1RObhZWA6oZsvmUqZX0Yuyp5vNHAczHLwf7uA7Bbh3cjgb7OWE95S +aw0ngSHS+zi6NO+J8sXuE7keaWnpPY1qTGE6ihzD/XbZF0WchKvlqAmj/IT0WOhd +3bbbY6ABAoGBAPnXNuVS7q6BTSV+cCU2X9VvjVSjY0O9GETThwn+TUzGbRO7PG4R +7hQXOkTpA5g2BDAb+pnq3MK1O5KnGAxJfR33FwYsGORZA7Zr6yG5Tqq+sy7GJOGW +PYW1ooMAB4mXPIm2GdkOo0Zh5BCKjB9f3Lb8ZacFVDuxDlEy/xEl//4BAoGBAMB0 +oitIntAXFZDJ5xQfRyr8hWRurHmoIqxGcfLprke7HR8NE/3P2UewP9pD4spORLZn +X2SkqI7bdm/k9d+2PSs8Jl9C2JH4PGhUxbv9r7j6qMPK/aIP14q0P9hWY/rYByL5 +q1/MxqThhDMaxp8iVlCJN2ffRRO8wGNsEJVHNDyfAoGASsqtiVsZTq4wjQ/bvJgZ +ekiJs5Ox7J5X/IqiO1CgjWI9VxHPFlhRwDvv2p8yz0ckW86UZ61SZwtgCRfycAMz +7FuCzfs3fGxVWy/VVOQnc5/g/hidA9c5FaT5QGQq3Xqjycn01PC32iMF5hnDtsS4 +yyKlv6ktvSzUz2QHzXdlugECgYAVCyvIS9KBsmR7Rnhr7NedTatQRgG587aG29UN +2Jtj4IPYp1duQ1Hg0tbIiO+9az18LGVz3cVIiZqztXdlFMovdg5EEE0Z+OiyB8Lv +QVf7g/z8G7AMDmtlETyB7UBVZ1Wwb1hby0pVMQuBgwYA1IJXoAlc5D7rX5IxzNkr +WXPOxQKBgCvcgzMhBK7GPWRnVn/8eNrsUm/tmSQpuPbLbbLvpBOxNdUhVbkzl4Jo +mFan2qX7GEaK71kGtT9mXONCU9nYueCPDI5xAE9NXP8+C6oNKQr2L/SxE37CTjzA +B6ONmkgeSdBKDRW6AzXGwIz3KFi/qQ3vS5gDEWg9nIJtcxuko+pm +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-restricts-eku-ok/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-restricts-eku-ok/Intermediate.key new file mode 100644 index 00000000000..f399b005b4b --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-restricts-eku-ok/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAx6aYqb2OJ6vn9Z42pKT3t1kPAgpapwoE2dLfQ+QTYcdBM88b +PuX2dDZr2yfFzwA9xt0q3Rsbyv3QS6OQkmYZNku7m9x0pvsj0o9udDUa3xN6QN+h +EvMJonA5oOJcDraaTFP4LhL76tudam4OQSo9s9o+fpsqGirlcBsZshDREj3hnPOw +BUB5w/tEQYABEC6Zcl/1OR5d9CwitcGb7CEpUPk2Ow6KqQvS5850FhB0Tvf1vBSu +r3lKgvUq4irk8eEs55EE/aU4CfYhzmIuZQ0fMDwR/uV5hVEYleadFYL1ItF3tU1k +goaEjFmQhrRkHqbMINibCblPfVdStgCfttKz7wIDAQABAoIBABTJ3AuQmUS4Oabx +mm76XnDQ7SchPN83w9mKg4TmMr5zqO5kGkoqV8cyA3kGYypys/wI+3WaZQJ1+0Jk +/aDA0M8+g4JvKhZZABnkpXOkM/AWbxxiLLt0YwRu+xEtgLhnexmHhMgHYgPKalGy +s/lFFLeteeRk87VV0h4iNEK+TYbAi2MAeDhbdKkPuMNnNMbUU7QO/b3dm/0IVfqy +yExsahEww7XJYTSVIeelz1GJklIuSrj9QcbrQILGZCC+OyhvSHF4YCbdwqOjnm26 +jn26K5MpfvQ1HCn9HZFK5LpFNnNFy4tkpRR+dzqMWorShnNe+yrFEHcOflZrA53U +vPkyVIECgYEA/UFBg5/LN2x/JTQBQOgqf8b6uyP8ubkykD3focqvRS9pYw40bCK8 +/2XC32KUdjhphQyiz6tCsCtZH6h/Pgt/Kmgh+LZsYj85TYBqlOTn1BOsfafrNN/O +T2zSd1+3t7tpsqApTu9kCOIbK0HmZdO3iaYOJG3KMBQANiOQCVdBfGcCgYEAydCY +17t0K6naSicBmFB9jYAT09xIllNsGpuRbufyGQqljLO2vkNxslDWMuMrapb7zIxU +9MSzLEXxnlCw6GAjjWx+5LDxDPYFFHqlzzX97eAMDHkJ3D1Se8o5b6U29HUNLcdn +SvPwhiGOVf5jGpUo7+G472baNlYVAm4cv93xVzkCgYBfioLAuUPdAN1ml5vxdKSz +18k3WHg7SJa+u9jmHKTKoPxNFkrIkMJkR2uhAnunrdiBDSdO2PkrpO7WdqaqLYQn +52kJfyicV+WyS0PqMAEVjOaB8RtWsygN5qvvxPh2JAnYDXwH/1/pygMd6pqUx65y +C2dCbvjb8m+x/PCV1Ykq+QKBgE2cNZsJEKTV/gd0Nq3PjmkDLxzTYurEjBczaltf +QYAV0xJn7kf/AdNUOPt61zB3fb/s26MBnfHRuBhs6YuDpUh2x9nEnf6hAdUdUXR9 +S/jVp2yIg505y+WlIC9qNtcNyJKpU3TEmOPMNcOmP5Byejq98HPIdvRcaFn15IJ4 +pJ4pAoGAY22ERQ6O/hRwXcgHItLZmPqJz4Ryekbw49ThmPLf9xNMIXzdm2+ADtaj +ELxcocUaRWmVNW68gsPflUCPV2Fl1xa/efxM8flKJ0rs1qRALue9x1Ufy/mVmZDy +aoAtwUweViQtR180e1HWyAbRqWncGKrbvcFmYpcNBgUZOgxqpW8= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-restricts-eku-ok/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-restricts-eku-ok/Root.key new file mode 100644 index 00000000000..a7701c31ec4 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-restricts-eku-ok/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAszWDdHvnxFa7M8O1GYZ5SFTgAr4QitR0nFExGnxcvccpTOdl +LvRBfbkCEDicTdw+R7x2ULwSFsrWl+k1HIj2kopmL3+K3Y2bK1XNXNMYti8+wqFZ +j8sYrciqo67SmJKgUETwexNzR2l98xpJNymfSkAfGygAgvidgAL95jfYqWtaO+LO +2KBAeicwTOsKQqYavCC/Pzqwq+44e8kHwmuHVMueHGA2pdwB0UQN4v8jHUfXF4ke +OPoJMPQZoL5gSqn4Ykq/8coBMxfwePP6GVgRy+/1IC6RgIUR7KxVUZ9kaodoDZ/X +kwp6ihx9ZxBzkfIMgcbok1rXsWUs6VQzXjm3nQIDAQABAoIBADT3ehTxkjzbjZTt +IRecQTh5rYPh/S2rQZP6A1NasmZ8+N37/lH0a27nQY7dzITOtbGqKCYQkCAgb3CS +wtneOVJyiWU8gyScd+JFB9+JnOIr8JbB7aCsXGzwxE6Am0nw/GT9Gz6lLwtKSKmT +eVROfwAJF6iFGDGdnZ96QuTKWMUpsKuh2xb/bBtW0zV0XtWsoqmhJAy5Ncfxyt0X +34NLyyBQEq+HW6kSPVB2qMPXWBNRFVJ0QK9g5cpOXN9co5hvP30lK40XpbJWRjdU +bKW0MhnXVDkQ143PlUZTg1yk401w6RsXRLYVHCc4x13h1yY0BxOCMFxSwq+jvKKo +zqLt55kCgYEA5NtTB0X6q3yswttc9eIypVK2MU+BdPw6ihNwM1MXHWZ9y2LhG9vN +Uc4F4a2PtpqrDKIMOLoUkhnxyvGo5LSg6k48C4eYJw267l83KJ7KWCthjraYkH7N +rYWhlck4xpBkI24y8MYv/Uq31WHK73nvyvMGuobCBCmP5eMhqArpP8sCgYEAyHbC +EkKaHz/JDq3M7rxxjRDDh+lc8z7kn7MJLih/3QsnD0l5dXKRExlrkVVWhoLcibSC +Rg8Xg11588knJ03+zNZhpCD8qMUfXClnVeDIrCVjQtr3xSDQA1fVMyWlLu+6++7Z +ujDFa1kt2o0RAdVNwdde75vLTJz5P6Tux8EAqTcCgYBtUj+lN854YIP+SN9tLXJX ++tzBTWNfyKUGFCcCvWxLRQxOPZuevS6lJy80EL6X0eZnkHkaF/l/mRkhgrLVHVvI +0Tppn4oVDb//4kftBX1PBNoDXEIgtBH4E9+ON6MBZzQOoLOAxItkCW8rZR2Vq7/a +SKEsNPc1Gc19WTRYm220ZQKBgAjzNGr4SkVG5cUgAVxPUYqIyxIQWzQJBNAUgD5t +VHgb/VxzXVbfDJcbtW/BraFHymzjgEV8ewJEdCNsQbFBjDS9BZL8Xgty8Zl9x71P +0eXNrYbYm+NTObZMf5pO/fcAgQqqeVIUx1upmaB+V9oLGfOjl/t+qy76ey5aQMbu +WQc1AoGBALTrAwE851rv1/b6+Aq/oHMGoXeGBnKUotUOpHtbU7mnKrMXghR97HFY +QT6/xLlGDL+AoRmVbNcQ3P/9CESZI9YCrRyS7tMSpj5sM/GFYp/GlBH3mraQIAkr +TokFfo1SFXLyPN3/WYOCO4X8z8F9EyIx/77wRl1kMjRRLiCeoF1f +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-restricts-eku-ok/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-restricts-eku-ok/Target.key new file mode 100644 index 00000000000..21dbe3d2ef7 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-restricts-eku-ok/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAsk1VNrndJWyj41wvlZesOt8tamMD9+myp03zfSF4r4DPNGpH +ugUNkK1dWoadwlt/R4wKRLbe18EX5w9E6ogFcF2BlYFEJLNwOPyrUx5BdQ5yTTyJ +Fj65v+WdXq9W71Cg4Nq9lMA5B1K0+z1qT3EOTVW7aUoxW0oWYPr9QDQwcOsS0DMK +nSdoui+/UXxf+wT9xgglHESgqEsCfPyMq7TpjMm8qxM8HnUNCc/JVtsqElzg4Vhw +ld+Znskhs7o8UFomopUSi5+O8XbqhZSs7xREtNlEKKPxYMB76B8Bvfd4v+/Nde7d +Leh9Xpc8twawFmwtC/IHf9lD8HlY/lNBwon2nQIDAQABAoIBAGADir6kibSscvhs +3ObmPQWaxp8CYNGwU9cJ//NDAfUoHOwxyxwdundNE/c6hFtz3+9MNv9XplpyjYeM +TmUpCBzBDZXPfT1yLx1Q2oUwxrjdJan3zi5farEuWXbyXpMSTP+oauxeMpeB7xlX +shbDX5s/bmM9Y6SwGarxnUxkji1PUsItxLGAmj5mq3TAiQijrS+INHJKU73UNMHh +8pEE42h08lSsHAOZR+zkx/Afm4+McGagMrL1Ql0KmyeV7DfqqP0nydBFIMCe61SP +ygH1Qbnp4kO28RGNFcDx+Yq5tboLbI1YAPt8hUS+lkbABVbj9PKGYa4sq9PeL/p3 +uTlFP7UCgYEA1cJyYvqZ9IubvdA9AgPBOLFJRrDadCBykH4mvHaCB4dgDM2PX+yV +Rq5ToWhInx0DAhQE/VqESSQVGIFTjvbHD8BkciW9HA7z8W3GvbdUUWWn7qAuTRR6 +ONX92YYxu1tPqzCVpjfwy8RLySosg+U8EQMXsp9bAbsIsqtGkbucwjsCgYEA1Yku +rxyigbfEFDltDdvlyAgqE1G5CfbeMYWACCS4wHvH1nz7tmsRzxcCdRBqX2H1In7k +RB+YlhunmAxJw6R8u7tAki4FqqmVtdwTCBulX8i20C3MQXzs/gyNnW/fcdKsqha3 +RkymHgpa7IeP2uILf/gWJ1FkOV6XezlK+POIhQcCgYBZC/CkxOp/kezmDKptfWzv +lgMFfMT0HVQ8VyEB34hZZI6hprw0ZJTm5dYW5h9ikS5gnkBZ3mw/H9Xd6HoLk0fn +iukNGCWIW75Jc8aX35gzdFqZsIa5O2+S36opBJsRBn/Qu6OLo8Ae0n4Tpgr3QvZb +y+MCWRoLRYPhEjKKoRIzYwKBgDvaog1Pl3WIzxtkJV9XHgd90l1r8NQMMKfs5cBi +mq7Jg3BpxByT0oAb0QKDQW3PBWlP7Cf0O08IHWgPObXvK09r42OWJtx5gI9jSqph +JW+90RB1ZeWNYNitKBzTOOyswt1CVMkNvxp4iJf4P6h46ARMw9jthYxXKVrO6mbx +zHiNAoGASPhvVK+gdJsDnbM1Rx1oITr+1LnObnG3MG6h7ur5AGWXUVjlrGbsdJbo +fSz3zNwpxC1KozF9dzker0mkoGGtQO0CaudwI3dCcY/hf6AodGyxLKZGXyPpRKWr +uGzvZU+wVGVyCZB/ijD5HZlEXO6n3lwKucTkal1PS7aLIb0YStw= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-sets-eku-any/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-sets-eku-any/Intermediate.key new file mode 100644 index 00000000000..f6ce1db291c --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-sets-eku-any/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA0UFAb8slBdkp0KPH/i/wU61GNhmqsR8/eqLg+wMrd2Vqeevz +oxYTNIM7Qt6iu+K/2NJ1PUg4hrsqfRSjiPd8APQKa2uqm0QkYv7bo0JVFWcqMv+y +TYCT0ITvG9x8rFYtVAgC9hhutYCod1IfuCwJbcz4HASRYm4e3R2JsvEjC01MbNpJ +PWGDcg9mNhI/8/9TUnNToco4vcNIv3ovExnXwijhbzIAXmSsSwV6d2JXValZg9Xt +oy4oNHF5L7nDnt+zKrFZzQQAHYsRVq7GZ/ZPHVgHZeCwL+9Xbd7BoHxuOKhFJiGW +4PbvDijPAXBX3CAVCK3o45h0jFQywSgX4N6hiwIDAQABAoIBAQCfjcSHOXtyWSLE +Ho3Y6E60TvOxPqLjSTNK3DT10HXtJRwp+Nqd6LAeI04lb8LfxkaIGfkhEBdhzAba +tsj3H9WimHH1dHPyzeN8xF1Ov75GgpIvrr4S0E5k+Wekc9twQIlxgGZZpUmNBZvu +12SuNo299kLcgjMkvVi1OteK5MjWzOiqEw8BJPDBXJlmdPo0YIOxTR2+H+xHpuwo +aMf7siXmryJ1uh7gOo8N6U1X0GpQ5UzmirU1vfauV81YYjc7EreenqvDye2D50wA +tWTLpv36txOwWrpUJiEk2a2SlkTlAFOb3vDbYwrvf7XHkX4YKEt4d4jjbB9GlTOD +al4OsJZJAoGBAPs9xCqsnhecW4JlQYxpMZ4bPRCn2dxI14aDUoterDSg25r12E38 +Ph9fM9FGBB2pprLGj+nJxfHocLcmLCzBAfblky14wafm7F2Xp9IyprcB5Jri/FXI +FGckOD9iFzF+3UzzGnnUdpNJyqRhOpsrCk636Ut6T9DWhq8/szM9vP+/AoGBANU3 +5jq9pBBksCletuiuU+IdRSyjkTxabdOqsDnjK2ol7C8ajpvgW54tlKuumGAeQ8vL +a4bWEOYtWtjVZfsA//AeK+qG/6b1nEJK+Cat9T4Bg1LRQDb7IMihgVL2ZJWJRFWv ++refYKP3qnyzE5A/I0+8PNlld5KUmS6aylJEvhE1AoGBAKKqmxgGK1WeJqGGbao7 +caSsfh0KkEPP5btxyz/xTA3HGGh8RFA5wP8O5L3aV0/dR9D4PrVfromxtUjfrjpL +vLneaixGwxuyp9bxGfc+VDKpRxoBXN8tbAhbqw9esyWYvi/UNpAqv5sda9aCHS/Z +7hKJgMMdrg/I1eshkyTaFESBAoGBAL9H2MmV3BvA2LEkgV8ZFbPiom47h03nqmOb +22DzRb2Cq/JOFuYMTuUG6zth9N02CYhIw/xBCwQUaE3ilAyshu85ghhyZ+O2sCpg +62J36W1pGhEwHDW28WBMU6LD3NSyQpXEvF4DI0W2KEKavNBJdDpSGxzFBJKBsTK4 +Nw27EfCJAoGActUtucQW5DM9EG3IaHBMM8jl/TBX3Le8UrKbnDpzglkbBeqw8WIa +pwol7FbBpgkjF2F5fqF+Sd5OWCyHVglzrDSPPc72v8oDnJmX+708Z6YftHRLW4Z4 +m4YhijjwjfCLBFgtNLAh4dRM+t5qPjTA5hyyh8hb9UvuSv5Fd23aKTI= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-sets-eku-any/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-sets-eku-any/Root.key new file mode 100644 index 00000000000..5b7e3bd29d0 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-sets-eku-any/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAw5Zmx+f9IRTs30oFGowi2o8+t47Kot7X4wgFzSgc2tSZuq3e +kgdEGFXntUFrOGQYBqtsuK09uE7I+oz8WCwsqEIIKLSFKqpX4qh2Sm7+OC/RFMZS +bwWkiVTCD/CTgwm3VVaUe1dlhwndYeoaAjwkpcwt03wK3C5non+RrbR2dgKsf4Vf +YYYMYBWggn+FFvQQjUkn5DNYdVVrWqvH0b09qDtoG7TeaInEh/6HBNRS84/6LkR5 +wWJGt4hMu3Vh/ebFavuoO++n5hoeRC1hp05jXma494VgdIvqIIKEhHH1HcYMwu4R +eAGuRFrje5cuAdAYkXcBI3/SIXP085qUrZMuoQIDAQABAoIBAQClr91176LRyYY4 +Sd409Q35lGuO2Bn1C05bd0pi115KStvH9s6baihXbT6Sn86SwMhRrhq1/5xPa/55 +scF7eECEcRu0T+iXkiJNUmSS/Z/CPU+jh7YBcwhFhlW3ZxevZCW411WFfy30zXiL +H+PUjNqG0YbopyYUDAOi9uqT+lJ3+KGzDV2ZMEC5FvPAYqybS2HWUWMkDsQWypf/ +AmngsckZKf0LtL6d2x27YXlA0DBkPtE5BHbIO1IwY6qBaVIvoxK9HNe9M01yjv/a +mmnvYuK/oksi+cwkYuCxqSx9gLuKyYRQl6dDXMzZIEpmyevOh1qZ4Sc/b/E5QYaf +R1qeK6mhAoGBAP4jb1mz32vBwTmIWaVE/VF1/Zg/UsFDolUoOlq8gRv1AP+/qydF +31yxhAQgTuoH9incoIfKhKUuwKSYdeozE5AK4zdpF0UK61BO7QJR7PcDB8KxSyp3 +DeVDOAh8dJAXp6cOBehm6XO3BNmNIMRlPX4GVFudiY7IspQxci21wLK9AoGBAMUF +K7gW0A3ZgqEitu96y5vdCrjZ/3A0XvB9OWpWvfHcKR/M5o8IzGtLOfr7t7Yp60tt +YeDFV4TyW1GuuYv8DCnM9OdNLGN0zgPo8EP9kmblHAOmYiD4zXtlMxr94sZBkdFU +YxpJvx0BIA3T2H9bBl/Y9oD2sGbPVNeQlEZxhHu1AoGAPSQbSvJ6YvtXWFcUci15 +4FpJq5I4f6Sc7m3iNCg7y5UTK3RaYfVuemd+wltfgPBvabzZpjGz3eW0lSTU4YZu +Q25LIe6XmZW57TU/0hoRr4+8EzwCQHIqFqkoVupSRMRcIlW+WB5CNgOnGAvbAUT2 +GVa+ftgU2xQv2nVW6eZbOOUCgYEAlxZ6CnhkINrW1F9czpXqoqKGYG+89f0TeXVu +nF/c1icx2lM11Ca5LObJlfGHVskaygMd9lMf5LI+2YsWe4VUhpHIlcCW88ZVXqY5 +6soAhavZKetkgUiLu79Fy8M7LzKFcnQ2c6huSP3d6Py2oCPb5ZDqqMeFS7Jfq9gR +/Vt8b6kCgYBSLtyqxhc7YsQZMmLOSHG2VX+Arcn2D/mvHaY1bWYklM230/7zBNhu +Vqy9Iia4W884pSz/g/WpVRX3xWuCjg4Hx/VCEM+4EL8GNq3VDoJ+8c1F5vzBgELR +zaMgUu0rh3a1YBcDf3vTURmyphKjFj41gb2+WidlvrsnyJowGCm7wg== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-sets-eku-any/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-sets-eku-any/Target.key new file mode 100644 index 00000000000..01f91e8f32c --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-sets-eku-any/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAri6LGI33diyUDD+gtupwH17ISMWqrVVrvVVoDY7O5ZknxSyy +mimpj47DxpeJbTHXpI/YNjdPM8fWQgMRCMR/NYzuDxt6MXQEqgHTHotbAZ1gS5zR +jx6r5dyPF3dJ4/bVgqUvCujcn5YeKqFB0WcsnvN/lAxuz19VUjcF0Dk3Gm4R7dv6 +qpKnT1ApB2mvHaeZ+uFW8AM4sK5r5xkL3cMHMY6EBKW067i8I/NAsBe0q54/BZaJ +/IQjzNEGwuSLxmX1JOtyMbxBfTrJVQgM7qauH3gX+Kede7GC9c6Ca6iyxoq5vqXY +OfRJ4kxTMoUmU01EztU7oGvn2QKhWu/hpYGn+wIDAQABAoIBAAxviEDFigBm6F8D +f+7vR/gFZVlEu43KhnmrClXFd2IPEDbUnR/Cj7ePIs0f7pDcOSAnoPEl+8Kfpt1p +qKKunMJvAGQVuyCivt6AaNlKa8HuwXxEgvWr4+vyVkj/nEfpTI8aSgSGYZIHProe +bzuLGTVz/wzL4nFtxgKrqP+XxiZdzUKadOHgkRbqEIyLq5ONhyhuzr6ruXgoT4Kh ++mmnrKPjTrQPA/igUysw4X0gojeO34byUxLCCkkSX1J/MWVqFvwAS6E3aQ6fkwNP +vIH0BvqRPsCN/H0Vtmtux7fTfgZlb/tVpk+HQaFT81LyKVoyOBSRUS1Xlaus6tAj +LykCnDkCgYEA2E2iWRf2498AlB12t9BcltgPCDW9GGAim42+d1EQyidwfEC3i/uk +bB/jk3DYc3YmUBv1gTwcspTZS9GoQJnsOXd8HFN6Qj+lhxJXjCw2DtOeIubjYYvt +7mWS4vmKhIN4H5MaQbceJlEyy/yTPPbAEbKgzPqVRJkWW7FnL38DpccCgYEAziX1 +RMMPJ21LEeYNcLJlZkb9Bz8zIiBpQPNXyZYMHXCKxDrkCVVkCjqpYb5IbXX4OsEK +WtDdyHqgVS8kVd05pJV0m6dE/cLwC/3t9H5ZJ39837AQckMiiKDMxFf0K2xM9bd3 +JRUNVdDO3VV8z3aCPfR2Ne32bMvmciP7FWNmXC0CgYEAtgO+FZKg4ueIqRqSB+OB +xj1RiOsPkC91b8g6+lRw+GtvsF8VFOpQVdwPuMZAnghR/R9J29Ilo/C1WaO3HYVo +zoLJIVztiEnelGbO3NlnM9rHOz9nH3KMaQt4Kx8pfJDUyF0Uvy/EYyH4yMZlb+uD +fGEABvzmFq9rrQT/e2w6OYkCgYAMx7+n7qve1uDDkE6fAQBWUepX66wg3n+H/k4f ++kRwAs0nkzsV9QxJsg9UNvbIinrEMbmRncdSKYANJ+oJxLhRIs7i44DcdpxpMenx +sW+XikjUmVa7rrvSWp23QnipxIIU7bXeP6re+h4JDMa7Ge7DJoe5mjIf1phH1UE4 +tzveVQKBgQC6g1mIw/zEzE9C4M51bM+t9qyjDLHdJA+xBkdNoFhRUMf0+ZWqW/Qx +LxB9H0gaZQLTkb2Q1ctl3mnXfigXTw15H0Yho6wd7Pkrs1uH5EInM9vFPeRAWzky +YbjjCmkZnrhftpWrHISNdrcBR/Womab0AiIdZimr7thVvkvzLc0oNg== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-signed-with-md5/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-signed-with-md5/Intermediate.key new file mode 100644 index 00000000000..6d4ec3ce2e5 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-signed-with-md5/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA62GenUsjzI452awHBdoyNN4q3S9i7YfOfFnEnY4odtHyZWCR +P3tjpC9QxNoSW3Ggl08mz+eyAYRnV/WGNlRoDyjw6nvKHhq8fmfP/RRj7sEzkgFw +vBJrfSyNAjSOhRrk9Zm2yNUY2QSm9UD8llDiP4eg1nK+o6NFiQd00C6cDYgSAqPv +F60sLXFmEYk/z1d3KHdwuw85sLE0nen3olavV37tRPi+eD0oxQ03FSz2mU4FcK7F +mUWnP72DeWqjZ/9xLWDiCJEjRUCxQFLhOx1d0enCsLHE+3yvnMGV8aUjFhl1n+++ +uHmn9MWyR65tHBWcJg+yD+ySjVp5yZ4W4HC87wIDAQABAoIBAETCwrw+fBnAnqO4 +/mA2Sp5pHGp68lJjbu2ip65DHgz/7eixmhzKZeRLsjOfZOdzvS8Wf0cS70xEKpBm +eCuc4r0y/5XwTa4Xr2LZ3seW0k6n//GyHAXE98OcZSD0y4GUxrf8jIoEvnp/Qmq4 +7lDXFhDrBRBAevKAusp59CTwyMOmoeATOaE9Ng5MhFnlW/EVMT2qKJA7fuTy4VXz +G4Sy/d/7wyf8dbgbD7n8tllR1EzYoEZpf64IQMklTBhAIc5nhO0RN0zpGMFgQeSp +8XAP6bwzrViwKfSt79qDAzSVqn3Cac0of3g4Ku9qhW1QuT2uhAOPpcwvjSimrY+C +Gas2Y8kCgYEA/p0JeF9Eh+FgW7vAdqZlF8GalkVZKLSThOcBz9ETLGLTsJ6D9TeP +4V0qUWi4+/Ny9KMdJEO5c0/qj93gXQ9B2EJMnZ0MqBmLkpTOGuyd4JDSm5dugxOl +Y9wCMY9acp28ekSF/DwE7ApQkrsU5JqRr5BLnBzGE6awqzMwTb0l9WMCgYEA7KnF +SJ9CQuDAYyhI1bJWq0LSIFJGi5HvT0s7hX0D/RRIx5koE7Y0ABuKsX9BKJjfcy15 +KKy+uS4KiMY0vFSvRZrqD7vqdSyF4ziC6iR+NVOhoqyqMnM6d1oRkIrgW2hRiqc9 +W4PUIA/Fithto9ve6KqF9NEuhwc9IgLBzB2U5gUCgYBusEBstyXo2J72YlISgtYS +FNWqnG1dV9uF/JN6EA+AzVnwP4locoY3WDRMffVlevmvxrWljVey/LwhXTjr2/Up +GfGK17qn3asix1Quuk0MUolsoNGnZEQTfJLrjsGocFB+6wlAlasiHn3WvEQh+dx5 +8YYdURj/dAj79F38fc1htwKBgQCrQS7Bnn0UaA7PshcCjEqrI29qdB8YYEIL3yTz +M8PvHv6LcQjPOsnmSgfS6YL9HaKUdhN2m4pn9ikpUERZA+7RL4iwWgsPP2ijRAF3 +7XBmpl4QmWGPoFJui36qWdSAULyw2NRNpNebW85W6sZsDG8BbmQBBF3m2BYkxln2 +mnFlAQKBgCO2b5ie/kU6mO/il+mfC3jkCBtMPBkzM+lj4UA2v6ozheRmF7B6OBu5 +Yt6btEjGkm2oTVPuyuYXhvyEdi1ineycDGnOdacHLLxNQAO0z8JDVEKJLbMo4xrB +XDz2FX1tMbXcRp/4734+3vACSCHgG1BzVTbi3P8voR4tT8yh5eZq +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-signed-with-md5/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-signed-with-md5/Root.key new file mode 100644 index 00000000000..24e21c30f47 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-signed-with-md5/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAzLLNd4++yaUXreWsLbLAHzNe7dmWVxSbpDfYoD3kLFaVTXVo +T3cGJOAP6bbeb92n9pPc80gQ+vuQtUNCC53X6QwsaXs6T3MxAAy6Fczdd6ap+SG4 +l6q3pJlsCKCOn7gpR9/bubA55U++Ry+TdltrAv7sZjHC3o4KZ4mkcMsyQNtjAFdA +tI64JOTeM2IkeuWyGEFU95jZ9cgjHohaphx+kg+SVkkOWtxJS9H4G3OwMW83fs+R +9EDmizYR+w956tKA9Y7BJNL+L8FYbTIuBGSyINLNoXmLCCWPHon+Qz+/3kny+rvX +Um4Zj0y2bk9ZSGPiyVUPWImTheBY7oAWX8R3uQIDAQABAoIBAFVU1EJbMfVtVQmx +DK2gLmbTS2drpTh35sn2Xd+u7UducJ7xqqI1w+HrZbbP/Lo1dKddzGW+TRXTeOeX +OhkNm8wSvxDZxd0I8AxNQeWEmW4flAu++ux+xj9flaGjDNGYO90yfK5TwE7Ph0q1 +kotsYJfHHVUcuVd9bujqgBplGnXePt3GAV8hULMJjp/hliOuUfwaZjVUkIRXH4uH +1o7le/BitASlm+ln0FetYfmiJSdC0bCOtsWT7W4LiZiHrTiVd53NcbhmpbJN90d8 +bbFzmMVeUvzJKrnsgIM3HdmqC6ZBO+FEEcqh4brrtv3ztVqBybLTt4IlV8Tio6BT +saxsi2ECgYEA/qsdkvziIllxzIPza+vSTFkkVXRQsHYHSxNpyCD0i2Ih2JKETxAX +Yq3uM5wXtKNYtoHVIEgqTXOgOwDlh47Bc9yq7bGZY3PsOv1/NhO0XW6Sqi2y6BEE +HhX+Xfk0wRwqLp6MALD576yGi3BUgqrB8aLPWyPxF42NOifft137vScCgYEAzcTM +1vlkUm/StPEsZZmalA0b7UybiqSjfy/bdeVfBX+Nbm6+q4LOjgPJSj3NfRQfamR/ +vDh4LBOtm0SqYU2Sz5i65oLQX6dVSZ0XmIgaTupBtZoLFS48Z9DGr/MC7J1FdCA3 +dL2bB1uQZrjpymnXRspXbfwaTYv64i17i5vs8B8CgYBfUQpbpny44INgSY7FONlY +LBEWTteYhESMi/KOrg75UDxcw9HziZFHJNQ/ys9wk6azgHqVf40dugYhr185UmwD +gncTSeKgP5YOKiz/v3ZFdgo82afZhezlmdO/tnNRR8pd8odyBss1MnyVGfD3ixPV +7drwQM6OwzM1rhDkn6+GBwKBgQC4xsf3J7659GavS39FwTi5SEhSwJ9QUeXr2arm +ZNH+WvtDNrmLxIv9pVLFk1gKwN4xKQw3ljH7yrP0ISYq+IEkYI89Xi0GKHqC/0lo +FJgjU2MsU6cuHvXpd+ZjrAJtPhFXZXLHJ1ims8epJtXyiTbi/+KhBmkMR+5D2vn9 +dUjAmwKBgQDzpPpqTv3kgwtqsd1mmp9niiCp3p8uf5LRzvdewgmg3ke+y5Qs3ZGu +d9UQSZ9eH3crpUlQWTt+1EM/XsHcNXFRef5AhIEwNZDeY93Vy568FNxtLs+tm+R+ +swQj6m2bDoJqFEuQ2cEwIuGeARwlyOLwgeDB6w0k08edlAGXXb1X6A== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-signed-with-md5/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-signed-with-md5/Target.key new file mode 100644 index 00000000000..7c45d679f41 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-signed-with-md5/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEoAIBAAKCAQEAx93rWvSIAwrXtimV4FgDxjU2sJ7oCZQhugfPcMxSxyz9/sCG +ULMMe0bP66O9WikyWIEJ/4X4s3d1WGEi8VmZHw1Y3f/1qFFiCljbII79WkOWj82M +mMr070z2HkjcSEZgjGcPmkEra3LizhElPSGZ+j/KNLiu8Sl6zrwczphQ1nCTCqXE +fgU0RvHvNlmQYsK4uXHt38D4/f8I+tsFfZk1KmUI4KFmy31VvHLYH30MEeKLEVEu +iLHRcl/Fa6zwHj+XuA7USZ2gtb4jebEPGZDGAOFitNXbJYwRAZKdFxb97r83airZ +tE2DDCQs+Ch/Up1rs6yyK4bo/vilOsyd6wjwbwIDAQABAoIBACgWifNnYrSBgzzF +YItr++3QlJSeetoY/R7MHD56rQvIKXXkdcxP7Wv4ixGvePZRlwiLcU7wNy8AAehl +K1YPa5f/3FhC06ocELcUlXcVVxm4vsU/LDklVDV/UUpHwO86NnlS3p1I/wWBOJ6u +b7KwP6sjClLCzEwQztIShxClGmm4NfbnHBB0t3Sh20i8mTFzvjVUWbOb4br7nHrY +P7MPaEwzTMPHTsgY7VdBUXVmnVrFs5YYNMtOe875QOH/TkZmIgNEarb2t/Mz6BVQ +TCRdwbxcNQgW7RK11UQzYtXkIyQLFJwA/TWsIHgyHM+k/kfyJbQEKo4kkuojsoT9 +KspAfFECgYEA5Nc4KHL+PAve98pUXB8KtViQPhzlPOKU+qbeNubr9Z/6BRYgBPu6 +zYcWa5nZqVdcyYF4UywMKCHUdvTNenPmxPkWIvVUoTeirGm0ES51No/N5F8qg+DY +gcMos2Y9fWvUZjl42uZ2EqFQKJjcYxYZDa4hfyCYuGygWPV08+/VhvkCgYEA35Zm +K7Mj80b8nFhLWtL/jUK5KIbnFQhwW1zVoco0q8V5bVMzGc3lXU0glSIPiRtBD3xW +TE6ykjVRGSf5w+ITo8OoFe4cQ/L16VuBVe7PVTV7xmL9t6NfIrBjgT2Tvdq54g3S +v446uGkQaMBnZXbCOhs91U2XVGlRhvmSK+QyBKcCf2FvQXn3fEgUxdq7Sy/uB6Ev +FDteEjzaPJR8eCDoMY9jjhCcWwXEKMVZvzIRT5vKlrc1aQYAuyxbOxtrIBIDRz6W +z9YSnvYFuj2uw/yMy1tv3zpdSrzb/1NAxROddJDyWH0t+0c42Q0VogunCi8mOYSZ +n6mBN4VOuvcli6ZRd5kCgYAcTmUm+Sn+/aizfnYjzHyv/JeGavXMcuIOnwUo03mx +mXGTBqp8hNWZ507Nsp82421sMXiXdosi+X8H6Ui0pOWJoRahmCCZ9aNuZLhOEcrL +5daCujuWyScdNCmUzh/rNEq+NLPOron+mMaMDHfKn6tdQd+lJoqXFDJPHT+FMQGo +FwKBgDAhLAVS3fwqk2x0lFmMdrRT3aqF7SLIJL3wCNRJGkAAEjvo2VLqNjg9a1gv +9TE9GkkXWsmCmlCRr0gKUv9FjDUIvxIRxVLu2XDOUDGt77XDoNZ9/pQErAgFYiSK +NbhYVKakLoPUT5PnZTq9v+bpmfwaDAxAqc/YWbVDcaxUOsg9 +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-unknown-critical-extension/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-unknown-critical-extension/Intermediate.key new file mode 100644 index 00000000000..6a7f0ee97ca --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-unknown-critical-extension/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAr1PB3K4yEroS0BLWXhhKyibv5bi0sJ7wb5l91/XFLOM60GE1 +UaDq63YCJ5p+Gbc/nAnu6V1gZIIZlHSitgRrut1RwjNsmrnrkbk6B22eNj4Xtzgn +HhEeBjVQTAIRSBcohxQP1yhlTxKA2k90NmPeUJcuaNyCu/HAamA0H4YtYRMOOZ4U +2LrfVY27ezh3hdg3UpcgwhIB8OFAJXB29IlfUBV3+XTpU+AxuOCn8SJydrEHE7Xp +qPW/KQ8flb2heXRWfrooGKogiq97rszNVbKLtPNe8r8uCZtquCa/eVjEyi/64Ch9 +94Vxw8IDsEe5EdVP3FwxeAYLBgm8rpUN7nECIwIDAQABAoIBAQCdZHJnOpXHC/Wx +hwecJvCU80lvD1ZeLACqHr/DLGXauw5kXK+x3OSnhiO/C8jiKwhWevBX3LSY5dYy +2FXtUqCneuFXljSL3hWklwSKAJUEGs/NcgJj0ngCmL/BzCVZczi1soPZ4fC4gGLe +GG+6GANOk7lc94ABWrAijsSb/Ccmuah78/NSlUmoBxd5dwj6KjnuujDPnyxr/kby +Ero4RSxeNEnbqnuc6UDQx6ch19dI0LECVlfcYnnxz5T7c5z97J1g3pb/EaIW7t3A ++LltCWE8MoX/y2ptU/fyBdnbCa4Q7s7On/is1mRtXpK+YmKFQTkzpsOyUpyag3OQ +73SGtCepAoGBAOEMwsrQLN3/tNYtFwX9McQVskGwY9391fuq5oWr3PqFP/NGdR9a +Mx6CRxwkFxSeg+yWabaEjpVhx2hoMz9CgRlSLrJSU29HjUMjmEdZx94RvwHNYlM+ +q4MWFMCCCFlDWFx7+e9qcGAKUyO7Ob4NJb6hjAwyMz+CCXf02cwDw7YNAoGBAMdw +bi3deWRemmisQFprN5U9NypHGeirwO4fCoflOiONOJ1VBc47xvmlGDrvKts7pIRW +yp4Bxzmz9CdyFGM1cSR6cAECVgIyw6fLTVUvbaEjWNXpGGzXQh8WCaRZyljq+84l +HFmFzEVWDcQyNiktr1N0c1XQwlI/rB9oNtG/izzvAoGBAJTAUIiprN5Xw/nE9/DX +eGt5Q8ezhW8X9rZQMeqsvHVCWhC8w3GjtyI1TjdFi5PvapeYm+suFuiaJqnWJfls +RdSsw3zOeaOWEcMM5fxTVY5tAGl6jcEkLU2J7NGJoWcO4nrO31bmbbytVmLJv9Lk +8cvdD6qIC+OwWf3V85er7VKJAoGAdMJ9vpxK1VgNTfqKMmVSxSxxf27g3DaxXLcP +kz/AKdAjtPhxzatxcfYVmWsry+2/AztMo/SmjkGsTuuaw/oloxWLPQwBDohpw3Ji +c9ywcgYfnBw7EH11WH2uZ2mp7SSlBqrzTfXnATDAHnzG+JSmcFVcsIDnQv/D5R89 ++M4K1kECgYEAuOvvvxxPoXqpJHlIELkVo1wQhvhM5IIUZJdvJxUKySr2fVamy+QX +AN9crar9/koPIWczcsRK8zabj0NhqjWxufKyeNbGACIVpOKX0InsTlaDYMvloKW8 +eMDD5T55tzj3HhtnQxak5Kg+xv0f3aYfzEhcpi76ARLmjOhIZx/V5b4= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-unknown-critical-extension/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-unknown-critical-extension/Root.key new file mode 100644 index 00000000000..da4b0eef04a --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-unknown-critical-extension/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA1K4mUMWs4X63nSAkPLVdAD6eIAOTQe1w58ynj2dIHHlBtOHj +fOY1MXRDYcx6LRWzHP6hdR6CbjkwEDl8wqOE6pm2nj/OQUafQwPQigq0++fsBbdz +H8UGhQ0TQdX4O7jwZS6TiJ/B+IHcxzhQy/7Gy91tOcROQJpkT6dy/JjNuUsymQ4P +My62LoDy5FG7FORnQ1QvqB7DS09M3UrfhB7p51C/gy6mOKbJ2GCYlLZcSx6AxDky +EV6uTcSsEL7N/qOcOC5Vvg+SywaH0KPU+KLnygXAQZGkuZPa/Tg/zsJFKwba1JFT +6I7CwznBxt3/QfqUZsPJ7mrikaytQl561IpDnwIDAQABAoIBAQDID0lbkZceRuTR +mPp9YN0q7bwwwSw0R/Z9FbZI3w6mOinkzNgBFUvUSVlZFc+XuWHTVHLsiNaIeKMN +oAYL0WWmiRGPqtWJ8bS+hUgVkhzNGUyb1AUnTV7kqXgD5hKrmzwG8dk2G5GLAh18 +CS13tyGpg5DLVi2F97WEeC9iDRr3wFxUmsyGvzmHXDCVTEcx63BmKFrwTtKiBl1g +t33uO4tZLq+7IC48H9BY2IdQ0DNQb9pFo9V+FIVir6gXpbZdoAFVQ/yzuKa07vul +r+CfjGWySKhde5EVx2A7lD3vxfUbBHBJBcxMJeyte8i5frbiFlfFb4ZCQk2lA55W +g0qh1ZIBAoGBAP0vd8HYaV+Pe2OovbaWZ5+bNjtRMR0jpnIzEEFg6y+EqgA7zVnz +DCOGGj7VvZJgdUr+8KYBov1yvy89vuqN8rNsIUOKBZ9oLSpWaVnHLbd+bWIL1aQ2 +97g4zITQo2sKf74spUYvggVJ0vUw1/LGUkH4LU2LUojBJvMPm8pvck1PAoGBANcL +aNnwWU2OyUOMpm+9EIlk6HbckYxwPje4bWKD9+QGUnZI+Zwmc3a2kKG64z6V70L4 +QIcjBrBtTiFNuf//DJpwvO8oDp/yAeRmtpF0HHeXvocczWppqLwaPrW6ImtuW5yz +IB8wXrFNHcEA1L9XQksCDuVsj4w2o1ivqgjOvDCxAoGAZ4ALHdRBJ055a4EkpMqR +a97AablEMZxMQ6z6PS/IlPFPqa7IwLepw6/jdMJdr8P8zv6vE73himhpHX/JVwtW +JuDSLFD1AXhN1lviz0+sMbHeN1GNMYdC9y1I9hZwZ6awF+caXTm4lj7anV8tOFK4 +d71jj6qfv8XuDTjZQAUVHeMCgYAuv404q5ZOVPcN1zqrWdeJdsVOaZ6+f/wWkuI8 +o2G1UWaFzlFtD7LUINYKQp16EpAj5+HnPscKfYiZltMTgreTr2RzPSsIvEyLAYU4 +05wIp5VEvA8vze5fjfkJ+n/XCPOjehFGlnZPZutL9MlLG0YPFlB0sYf3PD2AXxfA +uGiS0QKBgG0p4CYL2YmVvNPDGMKQGEjtP+RJkxx1rfU/ZhXujMjYX5/T+QJvl4oA +bYuI1G3fGYhL8I+c7RtXlfotDatywygRX1qsDHoAAZLW3QOLfoFtHWCoBYG9hP86 +2ghSnOAdOcFBwUtHPZyEXVNMnt7azUdAwUtflFcN1H+F4lY0AWvT +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-unknown-critical-extension/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-unknown-critical-extension/Target.key new file mode 100644 index 00000000000..ed2fca3ea55 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-unknown-critical-extension/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA5FZaeMZ5YxV6plusCQIm1xBA4+pV3ByGN82aDH1sWh/QWCVy +SMV/rnzrnKboRXz1ADYWqQD5jorfcCy7MGx0ascwaaUsHXc/sPqJ4MsHOawIWapM +Y8xi+qmMGSdhLQ2XmK1QuLniWiHBcM3nKq1qaB9SvIyA9VGm8T9Hx1CBJ+UVN0hP +S8Mb6QG5l1aLuVY4YtDFylIhay1CA3rZg9PNV7SMyqWRvz/iJt+F5mwsgFYmIZW+ +z6SFz17kGAXnaJmRZ23jFpLJ35+JP67u7qhDafZrkl1ya71THE4lI0/uWqs/ugFC +lALby1mTu7kq6q1aFyaEZ5kFmPCxPOCkKxfqGQIDAQABAoIBAQCdKD4+0EQuCVOQ +epoO3TdEYMB43gnYZJ2QfOdhX1YbNbhdYvCk26JEw2AbQtmtMhMi4Rd5nN0m2bht +6auw6YS7FXvhyrhxU2k380jAupyvehOJO2g2bC9X3Sg7C9qberZzdB6R9gawCHmu +nVlVC2SoY567fW0o69keRHKv4V3zyTCerzHMzdj3xZ5HJo/frtwkNkIWlEkOoxq5 +KOqBrtyaMChYYRXu91VgWMOr7wkefFo4zwoAmHJAJlDmoJFOgg/H53cjTgoCkaVI +jSJk+dyVlxCJ3pUYX9kXn3GNsw+1CWuA49pyy1uBXSJI4XEfD/o3VLbalSf2kiSB +PkBMckLtAoGBAPLUFk09GwatVGCRc8/TkgbaTWAJHBqJDO2aZZ23hCkPaMqGX64d +GNAeT2UoaDvq5ScF13p9nFGB11IS41Bxj5cBS+XpyK+x0jAnEO5qX1VrCRsaecqZ +erNDtoYAyoUo8w0uZEHQ3FQKetL5/6jzMvH9wtzh5aPj2ygKMvea0TFzAoGBAPC5 +Cts+RPsCYAJFLbeWqJhUzW/dEFJWjltGtYl315Uz3aoe2kmhnKgwbRlpTl3ZYnDX +pIewfxZw88Ekp1INzns4IGqpCMBLU9az7u72TVYV7PqPbKjmX8mgKhpAF5WEu5gM +S48kljb0U0bGgT9bgDAzUg9C2DHh4pTxn2z+xeNDAoGBAPEK5MRxNsWvAwYE/IA9 +lUPmKU5+XH5esw2c6OfhRnh3yl7Xelzcl0fn/on8zVNE/Yl5/Aakb6pdB/95rlmp +EI8mA1BLfCIjkvCnpt/ziYTCBjz4UBNzvN/8BFAKsv3xwyq/dVf72uo1qOyKq2Tr +XRPoASm/t3OzeFXLogI1lRjPAoGAKcvHMcf/DCIeb2Z5iJ3VChX3UYvtkI5My1Zc +oNC5EsPdofMXbZ9s5tr5pmbdX3gmGnemrpSbjFbyS7/EeX/CMSzOnBZbWZ/6n5XA +T6deSCsoaVzLvgu55/UyOjqUnbZdKApCeEke9822Q9ylhk2p1TSj89hkV0zkHX5S +cwdNbqcCgYA4gBIDjYllCxvjwC9XDn2oMiniK6GGDsC8NvU58CANEAo4D5FwoJCO +5U1kEm53HEmp4C9Y+S+KLyqz1JR2EOilwhHUUYpKaiZt3n6Pizc4X9Aj4QuC5rFn +azKPHNeyqyBfQoqMQgDTdIxgDSd0e408NMvnOLaQDLuQi9tFGdSYCg== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-unknown-non-critical-extension/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-unknown-non-critical-extension/Intermediate.key new file mode 100644 index 00000000000..d8700893ed0 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-unknown-non-critical-extension/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAyUdhE85clx9AkvGG3ijgTuhwAToZdSNPvXvstkVfql4sWL3t +Fzyt/HROl0hxo84EkA/PeGKJWBhmxbfJooBIV+5kqBeQjOFRbaN5IdBnn4K6iXBu +VDJn4vXXjN74byGGJhGJ53pSqyWk6VMNAVgEoY7Ok1I2M4IXb0zNXJvuQpYvXO/k +wYvbeK2v45+2HL7xHTabY5I3vuonSbd7iXOTLLLLu3TUpsL+CK7ovONAp02X2xQm +a8gC05VKm3sSadM/6YgH10kmb4eFqg++iDyn8J9/IfCWNSZx8fkzP/jIkmTBempr +UqhU3IhcdZOBf0/Mxc9RS4f/Tjzidggt/E3PDwIDAQABAoIBACVxwf2NRmxWxAyS +IiTyNch4NV4FEPdZulvl0gOWpFVtb5KSwqiwAS4V9Qjv0TRH/1FNn6slqadZ4sSl +jD1O4CZ7kv4yZBHRWPSslLxVqPFjwJAQ+nVvayQt2Au87zq9YddzK9SETRzJxAQk +DydQ2Iu1pXiCstKiQPnTr+CqoYiBU2nAtOD3+7Xftef0kRT3xuGgyeIgJLssad3R +Wf2Xc6OkI0pUFH/9yGIrKHYzMqTnMRabFuNHArP8mPZTfx9Pkoswf6uV6tpxlRg8 +25o7gp3SyqpGC4RrdVB7M4xmkPCKgLAm34by1RI7m5zp0G8949cIYskpy8HbBIoA +3RHyYQECgYEA8n6/X5lCVds2izXJmcNLETKPR+DWeyf0jbsM5myi9TMWARS3Cfe8 +8cAVuyC2XZSL90wJUCIDJh70AuBhUxMmPcWpqlK3s779VWNK3Kfw+RjseGlhssLU +oGx/U9zQqgIMl5GRRz/x+ldiPRWrPfbtkZjrHY9jjkwlkHdLHgHMLPMCgYEA1H0C +28yi9Ny4vmMIppBdHd8R601xApE5W4a0KUrPlVfadlurAK/7yxvXcXHvjpPkxud6 +w4JBCoA8OI0mED7Zpt6Y7g/fl00ry0hoacpPG9U76zvnH7MDVfle6U5zbglijXci +uPK/LA0ymSYCMDFn4LMElXdXvVyoUeO/mf+OrHUCgYEAiPEO/du83GNpUABWEyF4 +eQPGal8MgIw1zPw+8rmS5UmuOXoLS/O9ngBNxVlZ40sKJ+Omtrwebx63yhAQpiuA +Qw4nHGqOF1HaGqhyFF469VEf6XgJljv0e4wJ88AVjoyNs+Ke2k/ARRGoBrr/84RI +8RocXJsnK6rQ496aax20wgUCgYAueyok6p668Y14GDHMPcggwKsqzcXqydnCK7U9 +UyAViyI+wc6mV9i8lVqLdmDwz2k8GWbBXbzcjzCdLkMlSppR5l+Ns+s1Laxmy3AL +tDWZ4Qs6aeAlDwOryuD4KDEX4PWt/GGcE32+JSTsW2QfJq+Sd5aJG5IV2i73utou +1bhgAQKBgQCLt/cnb7AtyLVdNH4Oscd3U+i8QOjnxKud7mU+K5VsPS/2wzMOZY6p +hdMo2BwE3QU0K7jBQTfYhabWGWkm5NJ9iPDkHoIHITTII/+J8z9dWxRhIokVxmEa +kOgKdToAqlb3+IOFFxbN5K5m6rZU77ojFPEInUBSUsj+lDCBExuOMQ== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-unknown-non-critical-extension/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-unknown-non-critical-extension/Root.key new file mode 100644 index 00000000000..e36703a9c54 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-unknown-non-critical-extension/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA0MkEKuMsYfW4/pXP8E9JOhO/FkD9FtUxU1ssFpSWe2NDsASf +DJ/5MEiUrQPHhEignut6pNcJ90hNHdgFWUZSM0OnbMFmtI5aPopbvBgJ/8Nbwtcf +AOFdhbG2i6qsep4wN9hXxtiC9SOAFiv/lVvcJGELD2IU6N3uXDCGbU7pmbVh0ZTP +TPnEkr4iWS2+yizTjZ+O6tOI3M1pIRhk0mYjUNTKOHYJPfXMQpGiEvH0y4aDfA2H +94mn6/+ZGcYEIrUFGMoEYNNhuLKxZM/EFa+kYvahxsz5+T0+JXwDpqYX1kOQfdgE +9ifHec/JlrSztw4K/MTqtM5+Z+chM5LMEa/ymwIDAQABAoIBAHVq524bLqW05KJA +rJ3QaTVBT7D7QZqqsT/YwXW9gNfJnpKKNsyJ10GBQCQBQR6zHanicqnryc4JGl2T +VIa9lpMAFFOEfPdEK5qKg0bIGi99tchg5S3AkLEUnb30cWXQOvvdLphEwXmNyoYt +nmJoM+k9rlOrbGj+DwRHwgINZDCtnkdg4GFp+Dsvh2PX7tnFoc+VPnd1HCk7vycA +9mKbBSzcP8zEPaEXwXAIRuWYJx4K3Yhya239SSUIx/MFBVUg6Qh8gUYIGZFmBDW/ +LHQYuc5Nr2k87hVk+ehtiF1PVFJcVMZcVZs+mMFjLCJizO7OxAnHx5ulR9si+A9z +olK8a2kCgYEA7HoqVFy1Tmcp9t/CmpbeX/zedSilTO8dgiHScmLuoupE8mk+KGa2 +9kl29aOb+LSKrXVKbq9or4mIkVY7+BGIOWoYqTuj1pmHFrBYnEr2Fr/3A7zKh5Jk +rF1vHEG2UkKUpaogUfIh5tJIRTmqTfqBW7nAfA5l8BNMKxvganF/aT0CgYEA4gWY +ASK4EcEWh+YjaF5BdXQE8IYKSRTTvyo5m8+UV4aQpOWarAz5pwAWL+X0jTMGHmRk +LcaevHtttY/lz+bfpBa6ykC+cQCR93zzxmH0JDa17L34z5V3LIJovDo6rzTstLNp +fX6dQObnK6Qt+K1HJQtT05jIF2qHATd9W+SWGLcCgYEA02C7957K/eMfUqpe1Dop +Wlm5K7aCU4ulr821xEOEliGcMac7RXfS8cFnUVjGsYAIOdaPCvNGOypP5cHUZwCc +6N1aX+OMpuWjJ/fHrSUgZeN/1FpsGtUTojL+f56Jb2xOXOr+auFpxl6O9Tn/biaO +fMREN1/TZM6LFjmb1unO/u0CgYB+1rjI2l0FyaAFP8dbCJofea5T9ETNYly6CM4v +fDw5KhD+GMPGDboEV+4bjybAHoQuhhQaBD6Mc4/Ltic3ls6mXQMSAWdeLv27L2n2 +SH4j3HgXlTyN8cjhN4XjK6JHNKIpfg2TGXzSMUJFoWsTBNrKFSNDuZeAXI3KxwMY +kJ0S3QKBgQDE/XspOkVAYDtFxO226HVCMG4ko8a9yn58aoVF3e5TmFMixZ2xHc9C +ZWFtvnCzesP6YjKtMax4mlJdXvnxoZltiXzrZDo3CMl/zYe6C48TPq/qKvjnRlp4 +4MO1VSnJ4GU7niW9L8gojrfhOMDgt6oHtSsrO52uVXGI7kJ/KKeHMw== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-unknown-non-critical-extension/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-unknown-non-critical-extension/Target.key new file mode 100644 index 00000000000..f37e280137a --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/intermediate-unknown-non-critical-extension/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwUW3xypX2/DGRDivabWKM5y/ur8Zj6SWX2F0DDyVwCQKqVXJ +O6Mck7PY2ECST8nAnFFBu+7r74NL0qUv2nSQvEU6Ynta4g6es4PCjmcCok9Lilsz +GRY+D/YB9rbCbBePY9KRPmotCMh8UfgkL9z3dCQOtpuFyCuCgQ8EX9ZTHlMvfhwW +/Dp3839RGhbgeqQFidNKnZED26VtbmDL+UBTD134tHAjWsf/v0Uc8SGMSpsR94zf +n4qUvisW8ZsHkA3/KBwOTCE2ThiGUC0kwNPO9WailigBVrqX2fn+xgyvLzTDt+Gz +ioU9Uu/8YRCXFzWV+8jirkkftIqncHa3x99rcQIDAQABAoIBAQCEf4hDOQsslD9I +S9gtzzAkvARRQWuDp2ETmJrXPL2pEMxiVJZ1lRglRjmV34auvnCWebpn3Z7P/6H+ +khJhYGJNP+SL2Wdv7HfuN5ksyP/sSBJQkr9QJoh7prqn6ZkWQ3yhAZ1jPaUMDW31 +P/mG+qSGcaXImIw5s2Jvmdz02tj2wv0IDaxPaKlh2j2gRh5221Wf0oXsUE0IeH/x +kloJ8krzcadxiNcl8gh1S2lYPByNtRhZtT832Ah33mN6NgimMUM2Eyloiu3dDsQB +iEegOU5VOOesa/RgChueNkvdkClH6buYXWKf/SoL7tDkhhDWCdpz/jorPpH7H2uh +PsYJg0wBAoGBAOzeuRU50mYS9aqwBBlpC/66dMEj1u19zmQtdpT6P0U8AI01MlTD +Qr5Z1x74SOXLF/wCG4oV63EgBEV/7tnsz0MphN6WUojg9L1MtOpgaphGnIZn8kbn +2H3Y1OdSNmInGm5m5rhOEzoSGGx0MX6XZXoN/zNg2PFNYZ7FqDdldFhBAoGBANDh +nWh2lE28cCY56pSgI4rIjcSnk5LMUxOcpilddi+WSqbYVmmJF6vqi1OqGs3QgmhL +Usyz12vGuh+ZMiLeDalzoOpkN6z3Af2gRg02XGyk9ZRtOwRc92EhF+gBzijWmvXB +s58H6YCyfiKO6ecL+hDDC05rNJX7Ey8UGeTsAMcxAoGBAIHDlkORlLkEw/8JRIWj +LcYT4ah5eOJMXIg2+9KrsYO9VlQFg5g6DFN5pkc6H7174JzXjry8O2qS7qQgbPqI +KBeUJE1Irth73Lfj0OzheyQG8vMS+QBtPQXchu5e9Joa7/jxeI4Zf6D9jtHDaeX/ +DMGr71X3RYIUMVmo0PngI7fBAoGAecVtfH7UilT2lHJjHO4WikvMyf5fe87+B4rl +G2xPAAL/1jB8f93aHPEI9GdQZPfPbnmq9YdKaJxb2Rv4LHeDQ2wTPVHbW0xMrs0G +yaENVJD+Ud8z7qE73jXqt+iFhS1G/UpFKsr0B4EHI6JpHbbPu4HZT4gUCfNrBaEU +T25+LaECgYATmFhygnGkLyHqlzIj1vPxJQFcVAEDX1CCqvLjraRbBbE/Ue0VbOHY +pybCl7kWhmTGW+UlASf4o8/Sn57UTzGipjH0HgD/R9ei7EW1f6v7Y9Iwh3xxCsTa +/IrnRYTPUkfMkz9fxTzPV6ctPCtYIj0aXr1DFbkWDJVsQOSnoqvTgQ== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/key-rollover/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/key-rollover/Intermediate.key new file mode 100644 index 00000000000..69ee17c3226 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/key-rollover/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAnSvThm72r6CyCCOTKsAcAknG76lkOU6AajZW5aWTDkUSrQVB +ml3M7a8ue7bPvRR5j6VZFgL+I1wr5JDSZ3y7dMs3IEDEYvrgI/GkiXD+VOrqO9ca +epsNoXREiclYPdaZQmvl2vXxDDMmEeHUKzPXLr65Ql3nss5SN1EwF4Cnd+DKVaxC +EiMX1kJabVUf+PETe3N9tv+3Z3LYVa+OYHHNuKRyn4TYb6ZiGg953j4npQi8kCD2 +o7JkIZI+HIw19TgWlhjxXN79ibZNygAKWZGEmijqHI8NFKpL5VZmnkA2Nf/ccvPq +43+0c2Rm/4EWuZOOYTB/FS4dbCOQdlayYBGRGQIDAQABAoIBAGDKpLGdlH4EUJ+C +iRdCx/0AwmrFvtsr5RmD7W/vz+hx0VaMbiJKsfGOeOnnY3fmLBaylXJg1XGhScax +CWKCBk+e9ov+VvM93NtF7TZXR8m0AhxoE/59jp9nou3X+WfbyPaGzD9URuZkeYV5 +tdgFTPeUrTKZ8h7DwQ4gCaXvrTK9Xa9AFclABI4DLI1VCi5beuCJKXWR8TGbAWQ2 +jT1CY6tatpK5SYyoMaxDwyVqfgLtC2E2uY7Rti+OBkryIji5d3C5lM0sGrMmuRU6 +Rs7SU8uY3yTsXfywnLV7BqeERkhvVxvHQgkJAR8SAmhmZlmOVQScSXZUpYJEKAKB +5x+ZcoECgYEAzuyibLZOXoxWGj1FaH6wEERnIgiki+ps2t+aTAyv6GNCdtTTCsXK +kjAIzXm+V7uxIbAM3CcXpVeCUNbYI2OHKl06VTN0ZmJi6maHujPPDZh7lCY0O6uZ +0ebdC/gCZSVGwJMv7T/ls9d7dvmM6+gsO7muHkGsxuyMbMQBnE1lzPUCgYEAwnJw +qH4/tGEQQyCtEyYv53vUoRsg0qpCggH7kuIlPs7sWSz8N3nyJlo8XRLESzvu1K7Y +G3dobUmarDaURkInJ1L+8v3SdnrKGckjZNgDgE5FF3Xmsugva8xKY+tV1QtPAeyq +LSII3OKgUIWRbb+qHDAnGm255G8wkqFFPnSAHRUCgYArT0ILyPiMN4lKAqsFXQbS +0M5ZRD/UfSN9iDGOW1VyKVxe7NqjNZTZli4xe5rIWCOR7nwylAgR9kfzTZR9i7Zd +upeb/6IMT+luMDmWUoOyz8iF0J08JAWU9mIrwCQYMX4mjmgIm0gjpSVVWJQTSEwB +0DJOaOaV2CroFPpVUanOBQKBgC7BtANgMFNgj7eEkPms0hIYvb1rt43QsSNv9J2S +UaBzw3OCFLgGU8sTIbbDv33T0I9F5+Na6Dp3W4ETsr3eRGn5VCL8E/K3fgeLTT5/ +jv/4Ujbc+/eDS3vhaPXz7fTHvlzZGua1a2op+KDELX81emNC1PRO9EdQ0V5A91SY +UQItAoGAQncUFbP1y1jrIPcg8+lbmnaFICd6MHDdmyYalUyyGc5S0uhe9+Yj9i1l +pJmJ0bdN7lYW/hRVBb9qRK1hTIwZdiefEtyTw1W5eSF7vf5CxJjmvIBHC1twvqsY +5HtmJySEfM+f66qJJnqZYk9PEhImvC6ihwfg2eYXkass+pkpluo= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/key-rollover/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/key-rollover/Root.key new file mode 100644 index 00000000000..376ccdee77d --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/key-rollover/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAxwQZyLL8KHflmY7wBYsNW+U48Y7RB9L22Gu9yMMs8wXpH0y2 +wTnUDwMvYrrnxH6cfBy+32vyNLJF7Ll2pTolHKG3eHYM6D120Ua9IOHvHIAiErWK +3nhP7QUlXbSDTJ6y7mS139nRt1886Yrh4Um91nz+SjjxlJq1zM+Fqr27LZO5qSvB ++YLAumilkE/h1DBvmcTZbOhqDHGo/8R/tZrmB6Dt9Dw6S6OIsUHP8bjq+LdDsJ+I +BevNqyf17WJVBT1iWbQcB8rEST0HgJMT/w8xTzRBnlupCnn6E5HafDXEe1acoYkF +fW4S5eSDvppeFM38J1iu9SaDNqQEYadKAS8aTwIDAQABAoIBAQDFlGSkxE1jP+VK +VoYkerCAk0m9R7RuuBspMY3xSxPNEgkncdnea7MEVH0u37BJfAmPjlpRJbIIbxTM +uDP6RYeirUqg5VJbHupfSoNpqeThvrQVLvb3dyqifYFjTlssLkImOwX1fyKdkoe+ +tIscR0GZN+6dcXsltZLYCw8BO+wgic8SVBvAe5+lsYq+cCf5t/KLmDLzKA+AgndD +MQm5uNWX2oCCq2jn1/VbvLIQj06QNi8olvkbwoe7kz6fR+GgO0fV9PKYfVUTZ5nu +3DQbzY69LFgIKFAfz9UM+1eWm+CwH8Fblj6UNupmZfzMXHM8CMuVivKtoTInwE02 +k3QkcL4BAoGBAPT0jw6G2bZPunHa1MB0aaxtqWvmUpbh4k9vifhYAmiFb1erWXO2 +zjrVtgNXyCh3fUm4lVCEABQWXvmUcySkOHBCJ+QWVZ8iyVnw4L4xrFgYWS/y5OXn +I30WOlyTgUvxTzMjP2o2AkPqeLPY41+4wl3/3xgu895KHcgY3hW4EgChAoGBAM/9 +R4BHuoJ+wgfUmZsmbRmX528eKko9iFzovWvH+hIbfB9Ya38VwiVVIeuVz8aRMq0j +nGtez1nGCM/UVDGzV9LUrCI7/qUZn1i81288RaDMGyqlAoSHx7jm/eQjPOzUcCkk +TBWupKEhkcKq+XFHcZqSiHHxtwEtq+TAhUxdngTvAoGAOScSdcY659GkY8o2F41R +1pxjijxcCr47amNQ4rPOJAr2FpNxNJFzfsC8Tf1eQyrV/axmkjmqNwWdNUhQsTzr +ui2FVy9q3M1mA2kzVs0KNCfCL3DRvV53pkjYZx83bLupyfmwYxyk3KnJbdTuADiA +iSQZLnBOEBBk8Hn030ZqVOECgYEAuOub0rXzYWqJ4KRpHcSAY6znG6haOT+UKebT +4ywdblP5e3UFviv+PWr/iZHc9dLKl519yQi2mj60PvOtF7M4dj6X/KgSs3+gaSkc +8c1IqrpNvRCQuHxwWjklqtyZoocOYcXfz7dCr/BExCt3M/wtSRzXK1eZOfb9SZjR +6x+hCwkCgYBAcS65HbyZgDNBEl6hvhUmgNQrc7CXcUwmFdMrxfjC3N/FzgT0A5Cm +atdAFvF47a9FlX1RXB8X2IGTyxbX6ywabBjCbvP9vRCtkyavdcs6Pdi16VXJPCnB +4Rb44dmUIxVSA38B5OwEbovYo6flgy4d0J0i9MrImO4uDdPwBbw1Gw== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/key-rollover/Root_1.key b/chromium/net/data/verify_certificate_chain_unittest/keys/key-rollover/Root_1.key new file mode 100644 index 00000000000..4a93a23cfaa --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/key-rollover/Root_1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA718/VwCtLYKBVhnA2phyi39LTzfy2Q6zPHtz04qtWpScNwu8 +aEtArKnRHxs1anRQa5HCMOWmiIeQ9NyNCUlqPvD+z7uzOzPBKi65+5tq2yqmn4dG +arB9h8ZjJ81Y51V9xWzYrMcQ+25oQJ1pv4+gnDbYetz7FEj0ll3CDo/pLx0IEwSg +HQN4uKaXFRMPkU6eGACWn5TmrQIux2DI7VBUAi6ya27VeH96dCAg9pz6mBezj/2S +AT3/5lb6RShBsTy6Su+8/0we05a8XaYGfSfYZhPgQHSDjPSJyY2KE7eYiDJsUWwV +khwb5/cIpjWBtCS+RRAf/8nkTTW3TTyuVNLubwIDAQABAoIBAD5Rh8X40R02CsIF +tmWypq+Wll6rbDgCUbt/UGpUgklAw2K5VXW5kb7h/yWgCcoLOhynN+1O/Ioy8RQu +jzFJwbVdPJmMfl79XF7FB3pvveQNOI/zwetow2WjypDEL08avMG3Urm4ob0zw0R/ +Nta+Z8wDo1xpR5zCWZsEEc+Eu+qdnVMlmiJ97csUZOR9TyqAe/+GQncngAchYT1i +BYZS3aCR52m4YNitniTAdXaoZh9Rju5+9b2XLgmRuqUvTUG7ASXJpC57aKqrwced +YYpA5dsMKWMKffE3LmVNwVt7hXxTHxekMc4272ClsLtAEXFRriG2nTZe+BnQhD0P +B5vDj/ECgYEA/+huzZ9DYAMgcKwv5+QHy31NydFSiR7caUSwULS3wan7yFGohCq5 +lDNZyRhGblmq6epZhPwTxyvGto8HxJy/NY9AszCK2K6ktf7XgIXrDUVOGuXiZR/K +Ln7awErDd9tPmU/z1m/DD/wFTeQmri4YVhiZz86klOxN0Qw36Et4V3UCgYEA73VK +sUVN0iy2u9Zars6AQDlgwftFpguuRfbVCTcuA2TW4SnzxYJ9kTv25K4ln2xfT2w8 +m+k2powsolBHpIZ80KwJoi/82mI3Pz7M8g+RS4ECM2+UDfx/b4pA5ayNfCwzpSRK +OOqU2+owEN4S1kN5MeXfJeVIQzalIWBjYSMVVdMCgYAfdPrp28H0c23xa7kX0DgF +E4oUXN7AbEK7ze2+ffh4neSNYzxLwtS9GvLWfV1rAyq3Rk9qwXHM8dyjZEGYMYxv +kQRrAnSO3ijxFjp3Wf7iyronJEsIEzhPLtjE+mu8uAC439MhcOuRc3FTedAnaRMk +wjFmEgi5JbMLF21n6J8KYQKBgQC+4Y7i9M3uJnqcDWlIQ5B0ociBmV2R2WnYl8SG +jhf92Jp57slFvpl99oD/Fdsj1G29kBhYaHWKGd9SnBAgFJzWcu1S/lHfe79yiQsy +QjqeJ36rpdwtsgOb1GebLguy2kFo+R65dDWpgGtEZuI5LpwjrIxPVxBdk+faTU2r +Fx5gxQKBgQCe+ze4NdhMbnI/GtMw9v8ojlW9kLdB3eVdP/0AFizVixuWxM9Xwfp4 +Ss64poFtnQ9k6Lda+J5xIoNHQBoAengwI1fFB1Gd6O/Lglloa4ni36PSDbwWGNbJ +6y1tlYrcvpT8CLZdvav4XLNxM1yafAJxHPCg++WlmejFpFA7NFAa5g== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/key-rollover/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/key-rollover/Target.key new file mode 100644 index 00000000000..3abcfb39ccd --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/key-rollover/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA73eU6GjFfh2brhDN1buWJwwFF/TsvNp9KOW35Y/a2K56KtLj +FZsSYnkCYT0/i2RO+33hWb0vg63TuOVFM8QTX3nvij7AOSCB4pi55slgto60v7Qr +Va6xfCHT/uzwVjH+ChnELFSkl6qEooP4WprzEbitOxQ6aFpyJElvb1oCOZEHCcsY +VxMepFQDMVy26X14Lei6L3AXCgMRqpDHXvAbf1Y59eAfHjONIzDmerpeykYzEwRc +ZbC+U3+rp5+N+71G5YdEMVXln5d+o+xpqNeLR65IrnRQXldVMco27EOh3WGyGBJq +KQtjJNVxTdrnDw3jLKp2a/ksk8L6+UAsGzRlUwIDAQABAoIBABmFzEgtCoeTjkky +H04dbTaCMHTKNQU34EkgmsYL3A5mIj04Nt3Rplb6gMduaLxpl4V0eDVBVbQaLcuy +G/sVdd8iNuasI36zOUS2dHHlmro6YYdhI5FBSkdpr5enF0KIl4PqFR+IcfZ8RSCx +IiI+C5Qi88utL0B6C1pUvVzH4h7SYnptZEbj3zLOOn3uPMpPhRxBWU+7vVSR+eRa +EFPvJa7kGF5eToA//3pWSbqSNfzcqgfgsbTOeTJE6wSHbF4fvn5AmLd3qYVB5bpi +sXL7a99W6iqBjuvPMzhBKEZ8iBxnUr/XQABpEBDPbbHPSG9k6s9i55AT2vUAhay7 +VJ+3rQECgYEA/lM9FPPMlw26Db3xvX+Ij/OpSOL3TlxiApj0Oe1JEf7E7YpULTFc +wOT2LD9n52V5jI9rMSkNn/c+sjnfYvYjilBUL/8WesWQ97hAEq5VmAnwqUMPJAiW +7bUPrNA2ES5tRHboOL5wv2DwCMQp10C7DSTFACF8oEABzJJdlmecfoECgYEA8QtL +UjYnaRt6gJF7Eub1VN3DXJamQ6Ck0R5LRk5zfBGQHb9p5ujmM2aEK+zR83zkJaIH +IlAEt6PTtdRtfVFQtRHXv5G0/ayjNMcUwvYT5UlLErRy3Vc/8e8i02wtSDqTQ3ng +RpzP6Ut7njiozniMvEqcFzi7jFUX1WgOxYcpodMCgYEA5iEf9mOdT1oGbwTfR9+t +DMUo+2EU8v05WqxY4knKgtQMEf3HqZUvHwSPlP5S4Nm7oOrtzfAd+g/Z1Z/0eTHM +ew2xADVMfA9l3CIHKGBD522nLSIXAz4ahEIASxmksutVyEvoWeBJWYM38FbAnZxf +JceN00553O/OMPSIZt6ehwECgYBukj6//KWBeqBsP9AUMKwTfRLz8wtb9GIGp33i +R3SEUk4oxzieOvH2XC1/NMhuiDjj5nqdS9WOI/Gm9EYxeU6rcP7mGsHKqBnJyRUG +BfnEcSWl8+7JCBAGPCtejr4K5wvMpSizW5WoL/8J6nXNGNF+Qj9uC5FE43fmZjB4 +ffMkDwKBgQCksLccG3hYRq1+OFc9idOiovQoCOQUShbGR8y3Ikf7EazfguxD/9QW +NC5tBeI5D5ZcAauuzRY5//4sAyodMZJ1B+XwF+1/GJq61kS+69QBfWog4BQZbrCm +tjUPSwGX2C581+tjRZpO7SjCXnYxHbkRxVWNfa7DoWXkEwiWtK5Fvg== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/non-self-signed-root/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/non-self-signed-root/Intermediate.key new file mode 100644 index 00000000000..41a394e98be --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/non-self-signed-root/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAuLUEGrbOE4Vrm54tL6W0tQVEckuLgCMeCx4dMOvA9cGlF+YT +XbQvv3yplTjMiJpuJuI6Imj+saPkcARzcHi3aHrHDYbArTykrYOlAKijwllTOncz +x/JWFRuFei+0ROFAXQSazgxNXDNATGjeuVhI8bbMpAJIhkZmMg8OPf39r9+WJ7Fg +Ww2+JbXdhOz4ndohRJXfRhY/d2mOcLyaeOxFiRMPvjR+AE2DzdP0/j9sztBvNmRs +wWHdwmgduXgtLQsylnU61qXTPy1VDueeqn0xoE2skSAeRkGFPwNF24+YwsK4feHy +57hvqMu51n6KKZizs+04pKf8ncHhY2gAZKXhvwIDAQABAoIBAQCs3US9F68gF/MQ +zmWtvSC1dfuMGGWzg6o/b2yUd1+84QF4r2wae2Ngi/ROYr0Rb659l6YexDLx39gQ +einr7h6Amr+mSiITP7lDZvxK9Ilmf6DkC+GbVJL56CrwoqrM+B77ry6Ofnb8Pj8E +A/XGcvi5t4IoULa9bC+C1BJZNFdze29SaJ8GLlMfYCSsZgejo8zPSsYLHEToWspW +v7DbQS/bPWX8GjMhNwqzlq8oKaGp1a86GUCqTtAJm81rb0tzlewix6l6cqUOrBDL +nqs19HDgNWuEvaN0bfWzVqYJum8XPcGLMZl8M6Gu/5PpXR29ahlUgfQxJck3dO5d +N800sHZ5AoGBAOD+lqj0eq13mkLFCeUfOiwlG1Vb0SWaSg4vOE0Slshbr2w1hD4q +HK3taZ0ObrzBmN5DPnIl66YjKy7jBqiHOz0JXo1uqKRCsb+YuOFUeYT2Z02iW2zS +LBxwzqhcv7dH0KNyTdZPUz4civ889qwfAwm0y228O6cVBs7oQ409SzbFAoGBANIp +KKroyYcd+iFivuj3CYCvo6dHPXEpDMZBs0jGgJU+7j3MtlioEuBTP18CAWevMUJk +Nd2K8r/eqetJ+KID2tZXN9uls8kAl+r1hfS9lrFufjK2/B7T3LysLePAWNlUhsVC +U2Cd1VCXB0w8glc/C7iV7zL11n5BwTImtKpUTZ6zAoGBAIlAZVHeCfRGENGId5fQ +6+DAJiN1Jmnk7CYpAhRqMZc57xJ4txphACvNt266vizhgMqdhLuHjHBF5fLtRUOL +c0SxsX9fsPq7QMlbdfTnXlYRJkWCtHj24TfcTQUBx2YcJhd/BCKnM2Whbd10KBop +tOW3550ihdVQC14u6/5+FKLtAoGAWkEEzwkz6wwLrKTMmh3lfddwL9mfYGahrs7u +YNWmyPGCvRWaRc7AdIgr0fB5i/6n5/xDScZvY8kLLhnRZjrDk4NXYMPzxuGzXFte +0PFOsxphpgQBmHeh94D2IDYtsf/j9Pj796Uww/BoWOwviapwrS/uzvLWz9gLUS9g +LToRL5MCgYAmy6Uei6LhCgZxpRnC+H4slDBxXoIaFfyfPAvomROFwHUIFuCeFBjG +x5d1iccGSJxEIKHXiQgs1u9oMKfpg5gf+/jpa5/YFCgddUs6zK0r4Bc6+TvLeEVu ++17EAMlbJnQOfRGFsmpodIuBu28ZxoInyVdhVUNcL6NS7Dk0Oc5NTw== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/non-self-signed-root/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/non-self-signed-root/Root.key new file mode 100644 index 00000000000..58abc8a8da0 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/non-self-signed-root/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAu/qHOctD2STpLFTNGOq4h+wv01fjnCO+lDwmQdthQLitB1Px +acW0LGqt3uVKveMPd8RZ+u7VOhqTys2xIiokQloBQuhXdPmJVvjBE/bJQptFe/+3 +qsEfG+gCJBKXDYS5YnCDk3LNmxomJ5I0RlHFt8dKtHqKhJji95BNzM897oWRjXVg +OAzlCwDm/unDGWQ/LcgU8dmpdgVUqFqeZFbtYEPFmNt6rtosVsuHAG89gzujXPVV +DWyr7WjBuB2l0Hcdt+ZS7yx1OpjsUW8VX2SC9tGQve4BKOWJDgHuVAcdDnrwgpzM +wcVK9qlYM8XMo4YXchmSLK5qRqioJSrPunDBiQIDAQABAoIBAFTGY33ZAbxIPTBU +/joigR4rklYJ6QhdxnErv0UsHuwFXWNUpCdDlkIBynAfkFmasTsePkZAt8EAg26O +3Te/MaMK3E7EYczLTPkALnNGdPWo+Ok3JinH9rOrKmwCRkU+eiy++VfiCn/MhzCJ +azHbZwO+yR4jtZyfJpznY27ed9u9czMkhIZRmaVTn81opJtwzUOqXCGro8CxexJY +qgBXHB39VJYgomqVqGJthWZStG4AT87nQDzPuNk0D72pZw6XgIRViEsYWUmpqqG4 +5OapPHfxyGGIh/vlqoBP7fKtCBODZt6Mbu0sX2tPSDslh/OaFpckV5g+px9ufBWj +6+6Fz0ECgYEA4o9XLXE5X4mR8K512CUvGwIwT+SlwZl59FfX510WFaHjk73vNrbm +cY5BJ/EZNIRYqrUt6Hx57HYnHBEvmj44SR42IsXwOAla9TXksfjml/FxsXkoyDsh +PurtLZyszjlIE0OpXaij+JLi1SV6c3a9euK5gff7z/RE7JXqKANmSR0CgYEA1GfB +oHntnD4jxTY4y0lj322qjLd9hC6KgxnFpfBpcaqvKmBVnpwJC8AjwEc4JXf34cLY +gxXrmLBYZsElpV2GzFJDz0kADjHf7ubZFNyMGIkmFGMT7NedFYbx2DfmC+RPFIYw +d7YMY/VEAQrrG/rpBXUxKdbArLNrW+aPh9qkWl0CgYAfhGtPQgoGNWAdCFgSepHE +AxjvdFJuzUf+6t15LSTuW3gKTIjjpqwGLhD4Wnz0JlkjXlMFnZNkhsdIC0gBABja +ax6C1eBmGz8RD69B5utFRexYEQ/QUxF77DiUeNA9XBCfxXDhO52b7esqVa1kNKeF +WdcOso3QTx3rf6t0Z4yqLQKBgQCoyA3vpBOw/RvVgSGeQCIxj+ZfTQtbNtRwGtGY +67IOVbA9fzFqCNmTUcnW54DxHSSHbBo6B/gfa7nDZSWyAuCziYdCtuJpZS5pm1zS +m/JjKNBukNBremXjjkitJLYTqwc/6uWmqq2r3GB+Z5utrzLtWFOJyJFwal4cN9jD +/nRtLQKBgFvOpp9F399nWKYCgh1BkeALrqcF1QADZofQFePQkkvo8vkMYkqwFWmp +CSfJwG01bQImPN1gML/s64Hh+kSDAggAM6A2MOi529aqsc0pSRiCGmBuvn6oNdxw +W63fwbVRa+zxt5KRAf1aQ1TXwvCWqfMP+jEm42Zfp37nebc7HDHX +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/non-self-signed-root/ShadowRoot.key b/chromium/net/data/verify_certificate_chain_unittest/keys/non-self-signed-root/ShadowRoot.key new file mode 100644 index 00000000000..b7d2d1d56e0 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/non-self-signed-root/ShadowRoot.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAx0wIdVMhGdDlAaN/cK3t/urZSI4JfB8ul4qpbgFHvrMUt82v +0dIM1oYYTJ6L6KuC/LM7ZyrfCgY/lmxKjZdPDkB5peIabFpGH5/hFRoqUiduc8St +goodoa6XtgqcSXfpVniPqcLhA+fIedCcUX0cVIlpOoYm7Ix1pnelhfaXy0ZBV8xQ +m9qrx5fO6NmwVin77wV0YoW8teQjsDIDDExv0vcDieQ/AaaN6Z/amlvOOhb4sbdG +152K+oDkFsgY+FonDtvvMDmndYu9R5kMw2ogaAEQWve6HpXA4L9GT7sLhS1BaTSq +/2D0MYyMacWWZf1yTOKAecb3STVm8wel+HBbZwIDAQABAoIBAEBsWpuaeKvAtBZ4 +hJynDLUHs59ZksVVyxjfkO9naIrDluHnknsv/EhoZnh2E+Htd1U6luw9loXGCU4V +yW/Fxp9jxi8STNpTwDE+3GKW57FQ38p6fGAjR3rZVl9ZRLYXFg2GwWHuBhDeHxcJ +kU5iNAM7vBFYBkMXEHz0VkRctyrVA/p/SxjX4SqZF2o9kNxOZbBsFW/XRWPnNZVN +rAIASbT8/2FEKGoaSHaKmz7afzwZicx2w/bAe9ymqlLHl3P8roqIYMQtaZHZAUXc +Pr7+p2DlneluAfA77WaqEECtNOibmyQS1Xfnru3Pk+2DucbXgbJUSNSYEITUZV6Y +jTkVPPECgYEA6A2LylaGvmLgTQ3TVC19XV+TE9tjMR1UbEe4WZCIAF67mbnmfV5v +yXF9kaCswQ7Dg9P2LGOeZIy+rG+3YjqXXRxsrUzQn6JBsPRTJxJt8KwAkp8PJphe +zYyYuSu9Ued5yxJckTf/NH3vLcMo032+FbYe3g8oWP7JZ5gTx6EHkC8CgYEA290h +Ss2+oQ2KIa/ZTz4btTU+B+FhxzdmC3uHVl+evJtvrBorJdjh+qf5RkNQmgaFVBgm +Si3CSZ2kKixs8seerOgRRr1IdIGCfbxG5JOj6H4PLPCPPymtRQJx5W353PniQS98 +njwl3Mgp3Jn6BbaBmYrvJaaCYGji/58I8ft+IkkCgYEAyPJyC1XCeTvGYPOH/W0n +EqShCKEC1JVBdkLlMSonm6ptakHBhu8wfpD43BL3hnbyeEYk92uMziXTOB/F/hoe +2VK0CZ5rStGHcWUiXMNo0PEhzdZPmGx6LCWEW1W1LCf3IBNWdaq4JQypAkfuIrbQ +1JxRPpqBpg98+WiIOGcJ1aECgYAuDt/njLxPfseeEPmEGS2yw0mQWw2hryBIbYNH +e9aECkfVlNHPJuUIHmIg7v8WlSEfIcP7rCRUSZrXXuEf5uN9s0vTNtnT1kGg120+ +exNOJAJH1skbYT60AzQa7PP3770PDMSdXVpNKv1iAjuXMMlrgehhScVsLuzGwekc +0CN3SQKBgDz30CFdF6ZoC80WQtW5/x8Wqk7q+XQSYy1TIWJ5nSx75+aKg0gQb1gF +iuh77WWP4oZwPU5RX6863Me29YPrLUE3k7NKLMUu09jnJNce5PCtPyOzO4fcXwqL +JFCh78fubCVR9pirVKmJ9/A7lunD68U6UPtVvTtAeo1iEWFKZd4u +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/non-self-signed-root/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/non-self-signed-root/Target.key new file mode 100644 index 00000000000..d83183f7f2e --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/non-self-signed-root/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAygWAbs8fY2bPBePcUSwSQR+W9aWUlsVeNDa8kN+Fc14m7fMS ++5Cg+wW0jgVxB0zMMq6ViYeMmggi8KFH2r5cEscYMaoZYVk9Onvp6RqfVtlbMbQ/ +vK3aHOkN3EBcTV2MWq14l6vPKPtSfXRv0yfaWuQ3fhpWi/OFVcWq+JY9UVJfvmBH +l/2C7yi3zVBk4nBDex9d857Rwt0ipgiFlOiAaWJnAe0Su5aWg7QCT1qgM2OZ4hyI +Mzj6tyBwLZHnyiebgS8pptbw6ux7pIZhVq+9MCaR59kY6U6QbmarGkhwYp25DhH6 +SdU8jCBSm7BqcYWlkmYi6nkMU7Fmq4I9fBZ4/QIDAQABAoIBAQDC15uPQ+SaEkYJ +AEM1ZrQUa0tFkHVHFQROh5xGfc5P/ra9OHtOdadNc6s4brccu00WdJt1EW7iAIby +XhrXNlHHKo6DF/NymIcdKPXpBOw471mtDpOKfoKm73+WtdxQIbGEo1pzrhkXBY4B +wZM4rG9EymdbEDv4rt4iY4sKRpzNGFbcY9b+EVZyFoYAwc92+uVCamAkNMY65S8d +qAnEqwBrfg45FMmbls78UFC8sq98X5uXrvRuXXAb7753EO3AXtiRfSqCIFnp6+VQ +4/dQpWSiHmm7MAKHE8pBkv++dpSjQZB8Hg4Ye4DsbMeJpqPJyuH/+pqQzyErsHN3 +X31JWRwBAoGBAOXpaosSTMg0DW7ydX+s+sALLT7zu4MofZNswYU1WrfvYH8ImejZ +/9UXpkwZ5QF0bTRATN75luNTy7Tv47cLfnmGRUY9vQNcE97kuIimyhUI61co3Kmx +qks6xyVCk5IIYLWdT/hrO6NbFEAfYft3u950VDfWb/GxljWhpLWASTyhAoGBAODx +6lmYKFXinZnT7AjYwBVROyzGlUaRpMKAwd5EtN7W3/Fn9kJXqAPMi+SefVCIqYJ4 +x/9sK803de7DZtLwUA8GMsY4W9Ct9b5tRg2ckSqJZNlf6iMcds5uLstmy8Nzxw8M +pRB0tQlMmOc0SVMTpkiMNvE4etLJ8+zNhdXW9+LdAoGBALw4pJ3oRG3el2TOID1/ +SuVwAQG5njiZLH1GGwRIEtXkpjY5v27vEc/NhbpltKLFQyX0wjoFUW8YSfv+LInN +YiRxNUN1Bcm7VxUyYJSXH3erDqgTbtuJ9OWT4Ddz0sZKD4p/mFnCyFdLGEAKsTei +5W4QBGaWKp1PCq8rf2GL/ekhAoGBAMlqlAapYeSVR70Hrx+0xTnRRIUxQ1Su8LJg +jDczmii2ikskZbK9vmm4a8LHzzmfRPjYoWwqNYZJlMW4HYffOjBZwnkO2defDJ34 +RnPFr45A/BZP9dx+jjsFGc1zPBzEvIbTMbHsbnXnKjpL7SQAQjJPqpqPkhrQTiPJ +W39APzHZAoGASmTfmDOPRj/s1z6awTRisp2S92KldWwMEaczvjaPthEQqL5GkDSi +rECFVQ6SVCGKHMCf3iEZzReAB0d53UlTb4AeYbddxJAjpuYJqB/1/gOVamVzL+Bl ++Bz5IJAuJ8w9yEBGmCgBc6yffFpZqAKle+RYmLyjZKlO1jh7S2ZrWiA= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-and-intermediate/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-and-intermediate/Intermediate.key new file mode 100644 index 00000000000..5efa9d78fac --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-and-intermediate/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAvO/KipU/GRsZ607+Pf4CviDbiaMGt5nYr8eaqU24gl1qBmb9 +TbDJ9gcnlr0xHHf0BLr+1CVGApqKiL3nw9xhCngm27ae/0PN7erAZ/A94/XZWuzb +rO8GLW43/I3F06Cw1GBODfir+mgaNivOu5EUOw4WHAvJxEbnwhqGzK0HaOvLbpM3 +zBrMWd6aEuw8D+u/jPd2D371ifmFDCGVr6w8op2eutMGqlAtJcACqKWXz3qzrXjF +MJW+zgomvU/iX1HG8LmhvSQyBw23Gyyy7MjI73ePq2/p4mbZMAJJlhEW7eLohc1I +1qmxIAKV/xt5nWsha73TJ5QZZ7GfqgbWjGkRMwIDAQABAoIBAB4absEJ6pXLdaPC +YEvsTu+QOKqDaSyTvKy1NvVGxuEulRgUDMP2KRekKDCiUFLi4eRnDvcqQS9lBDGp +YGYalPOgFUDopgix+vuvbZyh8JqDr3AHUTEKnIdcilsZE64WalZMSeN7/ZrWP2bm +L/g+s2R9aBRr5Gf7jC2nIFc4MngK44Ksh9/MLsBviTWYBcyOD9AUi6q8L7odWo8c +3JWhZc3/1Z4IXQS5li+AbQSM9xiNcjf8nYwZHfq0i0RoNFj07UMvtfDpP930anun +SV+xBZPUi3N6kSkCS2ylfyvUzRogLG5rpryxo9e1oPN8Afq42CkIwKu2GnaiHmwN ++g/lv2ECgYEA7X8/lk+E7cBBYp+BbaCaxuJvLZ+MgGM04Tzk44AuF8rl7HIjrsBj +APnPOnIzOgg/NoQOqmrMbockjIlN+Z7dFjB3+sCYatCOdeS+OjlNRrdGvgL7oB+g +3h01G3do3s6OUuTwKmo0vhP1bfU7zXKnsnx0uRP0hCy77QAxpFzw+isCgYEAy6gI +NHqS3XUHVQn3cnv4XDL7UesSamfn+dm+iszW26bKrnZu1u5TFt1gBlAweZd2EGvI +zFoLjhAEMxBfpCzvHq3+Drl9MkVY2fKshZKe7aEeJ7W93uE8buouBjk7yPFB46yI +EVLNr37ytihAIhKrCtyhd1NY0wrktOona81PaRkCgYBUpWvGaOUZz9H+EpeQuRMx +G3dArYLoJ3Ora4awxvimpjw4f53UJOGkcWS4kgdMAbB1/68ycgoWwrf2FuHhvAtU +Y0X/6zDnsRl1T2e1XML8F0pxYqLIOT2erI5HEdIgx0HWrZ4jn+LYdEifPi5oVRsL +9Gutoz0c9syr9cu7pxyELQKBgQCO5s8rE78uCcolT6MEAB0bhOJ4brwzUcmitblP +57/zzKt3k77ercg7yQZyJ558E11S1G7HhX+KJY7szdZueuEm4+vbJSjGN4bLF88a +wvElyOJB9vLOC7m+EjBNSae7rh4PxaaMkU+mjyt7ye6GehbuvjXGZwNywrgMgik7 +KYtJMQKBgQDjOWu5ITFCDrChbKCIKuVB1FX5M3MC8Bv86dz2zLTi9ITG5YVa+ZMK +QWLZxEOapD86DP4hKHRa3p00UpKJkSbUBKsqjVKCURStYX7X/xhCSUZQCdkasvp8 +5nT4i6lgEUOjsgIELs7rX1mHVCtEhtyK5S8K/DQrfZSXjm73qdLw2Q== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-and-intermediate/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-and-intermediate/Root.key new file mode 100644 index 00000000000..64fa7df8a7d --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-and-intermediate/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAm55Kjs1HDqYvF60kx9bHQF+6kLIsS1dcPvLegPb98igSnJJj +ShHGu3TXrew+nRp/CjCY3x+imBGmYG9pX90oNQY5tuKR31m+B8VSV4Skrstbm7Oq +Vnf9ABpVlgAnEm7R9jX/o/q2Cw4qRnVrWCemoUO6N3QdKBo9v+byEL8sziRnA05O +/KpRIiX45XVcw63aA1a0G4pvJuXI70Op14GLD7GL1s0R6UwMy6Kr+jQqE6qk24Oc +2KZF7PX60M2wa3obDsrTMUvLU/FcgoyW98q2QFPQJGcnGo0a92XJofz59IU8UTz8 +VocYv6PV3d6O5jtnKen9S0+6Gv/X7PHavVZIKwIDAQABAoIBAB9cz3noNSHmrCcB +ZiBAUPfQUzFGN1cXzCeDmwQywwtCuD2F4yzSWFL/QVhz/Ep9RI0xLh4JqiMrq3RT +/9CqKahGEOuizfNNitbWFbo9qVLw+Q1wMCwtEngq1oTckwNMAlS0nUjXBklEGZEJ +qRCjLRnjJGx4okeqwjcivDZT0RvaOdTaS3QHunNQI8icx9d2axFj/8Rjk5YVVtRU +G+TmwViDO2c5PJ1kNmLSLZc8yFMt7f2Z/ebjFC7+2D5/JzRIfnoJa0DqbUqb0yKW +OeKJO0hfzEeqzCYw1nre8020qQhz3hzlGM2pTphnIHxiGvxyYA9P8OD07oTwOxr+ +RtachgECgYEAx66h1NcLC9badax1qpTpm+ZzczNPcMIvyOGBhtGEfDkmJe/Nb9c7 +7OqaisCTktTL04qwYVIVKKOrGBhog/1RdyfL+tculpbm0WWGRW4YLG4SZi8H0ktB +/ZGTHBD7KPEYIhSjHcCgj4s5kxpCOZV6KuqsgxqsyWbpsj6CHZqIK6ECgYEAx4Iu +QR5F1Pk4Jd0J68gm9xmmSyIoO3Qy4aFQ8MPh9PUoPYovKU6sqNBGTMTSrtCohlq/ +yE0FgMsEWWQOOxgbj9nRT4vHB10xqWFg8MRnYLMvLpTxyWTTyPl8z75wjU8ngmut +JCcmBuxbg1rliFuBQ6g2zl5rv/qpc3UxhnYBgEsCgYEAhPyCHR1G5xCll99O0lew +qbq2Qw/2JVO+vVuqhx58zLrG9FccDBNdfrDUUfpljlGYmf9w7q/bFaDDLx36ZYVN +Pz1K9XlgNryzZtvlq9Hh2Z1JNbK209B5V6YfQn7wttiyyOfTptoGVPNVWeoQFwe9 +QF3gnMQkNVIL7EEDKTIk5GECgYAM6E81x0+dR8JqMLLDnl9m/THVCpCvyATCtD0Y +VpP31SSVVqtWcNCa216w+MropHdCufxOaS1B9+CAKAkDqbuewujXzKNDxrO/0Z0D +9rD5gJ481UYPUYaiKgH5Lsj5W3Wi6nR5Mk8zg3coOGlBOSpTxj5Fe7Zc5UqxPZPG +rzvJoQKBgGHdT+gEzGlKfNr49kyvWipvZahjfERPlY8G+bVP1EkPblcMSUs1C0zy +ffZQomLc+eS8cdg4hlrVPyNdvc1ShPui6B7Hf3SB6zIR3JxQLwaT2xmDVBQoYMov +jdSA5/pg6Jms2BUEAySxGWH4W+pVbsMCiwKCkSgwrRTiIDTTs4HU +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-and-intermediate/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-and-intermediate/Target.key new file mode 100644 index 00000000000..718e4cce6c3 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-and-intermediate/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAyhmxnY+F9aSoig3Tf/NnZ7HR2z1pjPq7U1goUBQvBqp+9cYG +TX12n+4z2MhsFuhl39DAmmJJYCrZU7ZtxicyE1iyw2RjYb9rQOoknKYVris453BY +EkaSX6VwbOpQPHubM1BUk6ScQeBAfhiHilLVHWbz8PdUP1Vh9WYcpg1zV6N4GkyZ +fXfgqsXFXkkhNU5HPWF9Q5vglCi3ZU3PflIsKrOTlIsPBPZFIIOXt6Td740fx8Up +1FWfo5A4FEb2fhOemW1BsMQAaVjmf6ylCuStyOPBoSqhd4Pp8NHCW0gQM1lOjQ7X +AQo8EeC/z+gvR0v21pVNwHOntSGkCpjc+psNhwIDAQABAoIBAG6vdcR6V366aIf7 +nIsmDssO64VsdAN/StsRnDqHY13+QLxwcQE9pptexUyEMBa3vxu+Y83p6I/fx9j+ +P87XpqhL2tQChh+By8botZaJq7QQ/gBbWhDgT8hMfm9YQQtvEwgehcO60s2NeSTW +YF1Ukl2hBhdCDgUFyTmybBxRn4suBZLgcpGeoj4YBAI6skW/g/cqObmrO7tUYVfD +7GmrOl3HiqN2+YJXoTz+inx/au5kn2XRHuCoZA2XbAhWTH2H5VoWKv0QKuuO/SDk +WfBNiyQeY/G8AiuirLx3U9hhnfnNuUidh49lIybxxzCw9DuScizHjWQvfedvkVEk +yGPQdgkCgYEA9BMXfZPOGbjMcc1H1cFDv9v07EVcVj7sx2CauKGqgPG21sXpO63L +ohVwudMU0U42/rblTh4Sl4oNOwxlRt3bu0sTJUKUkUMcb6LnDhdhlo/HdIAfpOHD +TzPuttezEgJm2crQQJ1fqPzw32b9S+Iez1zpYRz3BzaNtaPZ6mFPDsUCgYEA0/mV +p+tlGA5HvQI9Xdn6ROq2akP1rrQmbcnZVq9LyHU4Y6HAUtBi5HTTdthNjT+erjYQ +1LPVvs0QbpJeBlsf94w08a19lUCKca9oK/9gdc6ba4TaUQM91oi8KEuBJfcQO5y+ +fz7Z+qZD9Vx4erthOMxNJFKLBsPhD9NOWmtqb9sCgYEAmbPYLC3DMbGNlfD3VuYh +OxZSM+QuFOYFiD0O0kyEqjUNtkzl5r44qXalCXCjAHgn69nTp5EKlkHKuS/CK5GV +SWoqwWEfXCcOJkNJDDevLfiXW4c/5j6CF0OWBbDqROIcUPUGllpEno/DRHx/8KSS +UHWrRovOCM3TCdsIZTAocB0CgYAfz4W49Gdwa7wyTiK9cdfP/dUwL1CwThKySSdX +jej2hTjYIs8E3obot+uAG0fQGasLg8uU0AQUpRuBLG/1zjkG4kCTwDBndI8SLnuY +lrN4GnBSe1Zz7+OYzV5HQcV42BHUkFo6KEl4BvmN2bmu2W3moyo0eDqq4jxlLpXE +lfgcHwKBgD9dJRurAcxdDKxe2M8yKWcT9iGYtJ9mAXBGWivq42Kz9VY7lOI4/nQA ++RD59/nPHl9XTk0gyhcTfWhcqJWwAC6Huk1aMJUwb/KZkSR3IrAhum/X0j+dwbkR +hYLvkysISwwQ41/7BCcpQRPTBopkfYKRq8UGY1AdD1OSuddqUR0Y +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-has-keycertsign-but-not-ca/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-has-keycertsign-but-not-ca/Intermediate.key new file mode 100644 index 00000000000..6752b434e97 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-has-keycertsign-but-not-ca/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAxhS/ljINz7tYKrQ8l+VsIpL/0xTiuQvJ/g0J0Ma1SO3gKiUE +LhYIa1Xa0fOxwRpJhTP0u3zWOEXIr03UqUOnVs+cQKUruBN/7mv+mDvtdCpex598 +4HNsp8TY8eNVeWwCfLToPxqTV2I6hlsk23Dy/ZSRlWtocnMxRKU2MuZ3N7vhy221 +qiA6An7/RG155H3m03KS6VmSV/++6OLZhEf4qfYR7s9bf5LYGUR/lkBSGQmAry82 +ZRSa/u+qqskA+6zTh1kUq2lSTE+HD3RJq8Xy+3MjwJHJk4JvKI0j+S3zksz1aCCG +DTc110ba3Ur8kjsyome69bNJE3bpXnighj7eLQIDAQABAoIBAFDl/HFNNBLZQuL+ +BZlL2+QrAUymRQqqY+7cSFv6K+QDMwBDafegjAO6ZspEqx5grBI47AT+sUb+ST4/ +nVEcDmYIGJrWWoqtfBxWAv8Nyqcc/uSsoIXS3leOr8Pqwuf6UvG3uPq80dxog9qH +sv/km3kxilvqKBhGL6MHjqEvOxWJcEi0R5y7EAE0NbzDjfKPKEyeq/UZISY/Qf7f +wwo1FD1aQZ17JBXibJbFgj+ZZL7ab/lxIitsNGujT6myoB2Mi3LWGPDPbe21sj8a +2YlEHVfglD5hvMOOlnN+MlWUqzKSN9RmLhpH+qTacKDv8dsP7sFW01ar9U9gHf4s +TquESoECgYEA64AyJTZaN3QD1VekSSyGfsAnYSNmvGMRbMA6km44/y92U2IXI0zA +JAMMpW6YfKcyoF3x2a2MUw8hMdgRFYc69BlQ/GuxmjBLTS+AwtBVjB8qktQiUqak +/pQ7Hb1y16PACUg46J++cqvHF6Mp50yRb9ATEYOras2i6zEAu5MkAx0CgYEA11K0 +5RZXnGgRi4Kvflxxpm/syd47T+13go2j6spOufKkVA/+MlXXyYTICO7nbv0folJ9 +2VD13v95vQHoAt3lMMCE5I3plKwPPqFVGKysMUMGUnWDHjGZzOm+QaY664HP0kG0 +hGwEZLRHQuEPcFWeV8i7aj+1sPt2BPctlxjpylECgYBewgxrUL1oRrQsKcGe991+ +Ls8plNcHwk0Glyp6NQOWGoDf+D4bJAzD8L4r6p5MufHy+RoRXnVyDkprBeeJ5Ani +ojUl/CdQRVJnUk/bE3z4jqnQvq641vjYvsgypUIKZocktPzBDVXSSjAn4K1Btltm +xDCIAZT9upRtUiBbWU9KOQKBgEySgvX87gcXEzYzsUkUgu4XW3Ombh1Ma3Wn/STf +8QM7gKjMTy+DS4vEhoZ2vyK/LWLCRzLjEazN2XMXnHR4iKq/rALDXM+cKIezQ9nU +fh++oB7u30P7i6BNd3VNMiLSNR+mchWtfBp76eOkuaLPL9Iz9kIgifJ4Wk4FwNa8 +61chAoGBALHsMI1wXncmrWiIB/sP3VRlEPUesDNgOiYNjn8SqaWBvh2r2gztiVP/ +h57ViPOWVB1sUMHpu4n/Ratl4esyIbwVHuqJvlSyUL6CHqzWBokTl8em9IZZmgZN +iRtfDP3nNGSaUgDIIAElzVomvJ4fYGsGBYoqj/yKnHZyVSLoAUS/ +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-has-keycertsign-but-not-ca/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-has-keycertsign-but-not-ca/Root.key new file mode 100644 index 00000000000..b6f60bc0424 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-has-keycertsign-but-not-ca/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA5E6W9t4CBecWgPrtsTzzGep70v7tk7cJN33BmJtlqYQJcs3l +2NohRMIukpUS/jUMZjSt80/FL9AuV0EcO87JURcF6wb3T/tuJ50G2BCH9JdfD51d +1yvTOyFbWo8g4JcWexU51j//HQZTdGJ4aFvtwgXnhosaYzrT5Kkljw6SE9851jGC +v73v1CGdDn/JkO8dxfPEAB5KA2H0Xs/pWOUSSTcxSYlU2FlAeOviP3Wcpf8cM7hs +JiZajygSH06B5aaq3cbZyZRqFTyeelkpkst69WfE1N1MxW77s8JanfELNReStoXc +/UXFPxPzzfy8tlnAFwvOs+FH0S80dKRcuqnPDQIDAQABAoIBAQDRL3EDIMeZwPLN +mxzOmJnl1QM/gHUOM1cukPshaMDtYR2HI0DGQJba+VDS3eRZJyIFQ59eoGh8NrM/ +H1lPM1kiA4ZYojlX/3ges7HhpsPrSAbBt96TmIQiWZ3qi9oD7muauwgTVu/ZGEK/ +ELpiZFikveQ1Up8K7IvZp2HSgfc2XEbWicDU7CI2f8Grl+yg5Z5j18kaMlzmbYrd +3aO0sKeLiqlUB20pf0jk7YiRvGX/ituog7BavoHomgaDi0vDFuDl3CqCzZ8tJj+u +GNQQsHut1b1Mg4LwG4BQ+wOh2ZFRdlVX/CfxUF08xrKgJrlIa6pT+kzBHgqBpWVH +1N3d0OQBAoGBAPlFLB71lIsByY3+vHD4ZohZscAgiNIgcA5xne/0+LDpLcRdYnfk +Q3CgxW4KFEseYBjRayL9LAGoFdw+2/NPfvB0ryeIjvCDyU7cmpRWRbibEe8QKEYo +PRzAv31fqe8Qh+zavUuSFXt2aVP4X8NMkm0PsokS2gFO6CZZZtvvXBFdAoGBAOp4 +h8eoaN5uvvTAZDkuP99khgkeBGtMSb/ztRI1qC8v8BkYaxHzSCRozPhoG9h4eXLl +ef6/Un3X4I5KPJqqvnW8HoQUK96uR/EOQhYvVpJoLSIWjuXJ4WD5/R1gQmPJZase +NzVX2WRmFU+FA8xCrAccM68avbF3gB59N7++E2lxAoGAejyrmDsBrvEfb9x9eEC3 +tyGVAwxxS+nQSaT5uFQ/KDIQ2XyZ7wUm9TJB3uZecT/iDAmWKkBQtjdBERJaNgTD +0RLHWfGjdtqJe3y+6QMtiYuxzbP0rALLhTAYN1kUMkG/Bi12KnrmwfadTCo+e70v +CQBrosB127JgMX4h7LSCR5kCgYBfumgNPxfZwLNb7/S7V8OiLEOBE21QdWwi35hM +3/VTlqnbRRnp0T7iBpuwy6iav80t+LzPIkPGt02qKmsF5rIuFWkMGcQzfUpIA789 +mYQp8DiFE1qyPLM0ybvqs3NHlGFa9NIriDtsfzUyKyd6zLm5iW0cj7lk7Fo1mIAb +W7pHMQKBgQCHQ21z30euoIILqeaaRT2RlUx+AJOikGCPDUWQmF/E+1R+45RfbKXa +iH/Fj0J4rnmvYnjXBxUkPKBalGyFU2KI7POMKXOMKQuKu0FKYWHB4TKRd/pOzS8B +NZV8zsR9Gxo8Lfcah0KMlAnUw1MqP+/X/GDCQmpgcgiscNq4wtOYMQ== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-has-keycertsign-but-not-ca/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-has-keycertsign-but-not-ca/Target.key new file mode 100644 index 00000000000..4678f1dd020 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-has-keycertsign-but-not-ca/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA1ZdNzrmJewBP5B/2sB0mfcVCcCFAOqb5B1sRxvsPjnlGeK00 +cUa0+pZ1Bsg+x+karvBHf0tTSvJGg4mSsBERDAR8M+FLfrW1slSnKGQxe+JcSgAw +P4wh4GH2FeggA7/O07TsbieI+6mwmnN5JkZVowWsJbpvJDwXfRdsJa0UaAv9ptZf +WppKnW2G5Xe5UJxAK0CvHZJOInrB61cXFk36EuOMJY6NS3RPPmfNhCpjRkM8RX+t +vN1cAEZ+JTZD2ZgVofT2KV1UnSC4tuFM4/E8kUed69f4ovHF+Lx7v71AODkBO5gz +EtnexvnrS+OCjphLKBvNuiLVswIS/ECG7D7nUQIDAQABAoIBAHlaLK/eRFkpFTsE +WhE3jq34jEXO7oIkaeqe+Fu4Ot900fAwYFJXnO2e3ECNNvY335wzEjwlnN5BBoUn +fbshBzFvvu1u/IiyTthSNmLBgkfjlRHKR59jS8ADiGBr8PyQVr971LTFK5Pollk6 +cEOpxHAKAgOxiAHrTmEZFK3XR3fRBddMYaVsB5avjz3ILCxXfM4WJdj7/vxw29j6 +Ybg40GEW+gIwj7zLzyUygEua4w9VK1f0y9JwiazkS/fAy3gROwXxh1vdT8IZHgvl +tlKEk2WF8uwGPhEae2pPDCJVeKnTuugt4f2QzF7FgJFenSDxkOVALnTDloCmZArI +nPLzYu0CgYEA+0Bbiogs7NUZ+KenJXAQjy++jVMZ9voJT9aIC6JLjGdM3wA5faQh +DCcLZTkqvwI227tkDlqn/5Va0dqltIrX1SwKNanFcSxHszKuzXBBZ/THnreaNmHw +AGfUdHVhDFvm/u+fwXe2XINrWLje9a546I6Ea851vxEybuXOQwqHdDcCgYEA2aC7 +d0kYpj/oGI/zVteMXTXfZvD3N3B/MbPaNlR4EtXJU14eMLUV8vCEql0H+EsrZoUk +nC2aeXu3jz/29VER7BthQG/wzUIopJGApbfM9+pBt8Gyy6uvuc3N3Xc3jrjOlV9t +y9j0nry9sXVz9BU6qQ8N8r+HoxeCX0Pk5egpzLcCgYEAtILngd8WT81HDIP/LYGX +FBicUdLrq6q2d/rM4XbnymcJLoptw5vg9mcy47WvxW2k1jeKyllNq+21Q2JQfSbn +rEsoxqdDqGzE0rVOK2FETJjrtld43yt8D/6JAGa4o/V/P5gPciM9DLiKrkKcRWzl +h0elUgMSS4TidBR9HWN6L/8CgYAsjbxzYlKajpDMnoPZ7oz89C+FWqWyAuT3XvO4 +lbhzWrM5zxXtMNWKg/UVD7C3A2SiO3XQR4HNhyeAOz8q3+sEZGKXl5M74mSBtIwa +4TMkOiA0J4KcMczrBBg2U9ba8DjS2dOXnRYPfWJ0dzBC8ymsPLnFTbLOD90P9c1h +yBLupwKBgQDu8MerAHew7lVgbB292XZUvZUKMtRaEZexFL/oLMzFKWEYcDx5/lXS +hxLh0IXvGQtabATIT3ybSxE8XrqFUZF1pYDSq1ur12L+W1JovBOuNvFEF9i0LrlF +8RX4nRfhV1CcFKw2JBua1ZJCwATx+mNu9kjFohMQlhYb/kk4gtpuPg== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-has-pathlen-but-not-ca/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-has-pathlen-but-not-ca/Intermediate.key new file mode 100644 index 00000000000..221e09b00fe --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-has-pathlen-but-not-ca/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAsbt4l0q1VkL6+WtjbPMOVJJshNTHU0gkwb1v0IOt83pck/F0 +OLpG8RnbDvsbtPKei8QQjpex//gtA802kYos6NjapH5Yjfv/mSvV4bNjf+wsZrUN +yrrhdF6zrb9JZXRSMHjt6nwIJjLx1ePqAX46/A6E1heqmPiSY3dNXNMTYa/j2DUM +/x45kQwkqeyJqyiXl1brKnNw50YXiR5Cc6X2tt5avCRpXUEJMfYS01ct3JacCk1k +8MQkRI4dZjehARrViaicgYIA2fVW6Vjf6l0yfvstGRs5tPt3LC7hrvXqsK231C41 +hiaflsbjTCd7an2iTr/LWTOFb9GY5Cc8lT/9rQIDAQABAoIBADJWFww6M2tv4ua6 +/FjB6cAYDDX+kUlL+GUKgt16PczkTc30p2bdkvP7z6fJhIpV4INTDyFjYx1Mq2sV +Nqw3hwqXSC0oP2pPAY/e819N0BNNzzFze6l8DhhILfk6YM4kCJcD2NX9NM2kxgs+ +1mp/1rLGZebAoydZ1xPmmPl+KlIS5pQGU4qXtIcfCmvpAUNYUIGZG9O9VKK2UIfA +kfcrifXhCDe0hEPPDObkZKAaEiDzSH/fnfktD2dfWKnpEh8z57RdjMb9YBswYWyE +ed6Q0QTlf/roYAkf5XyLDULvSV/8eAT2P0zUv4QxHRJnddCR5yoFn+14y8HYaZHZ +meDLrEECgYEA4xa/h0l/IiGTLpIenm56pI6EUksiKEwgrlmJTrQkuybfDpT4FSa4 +uvR4ORB7ukI2Sh//8OVI27llYZemYopeRx0fXdMAigpfjzzZhXM5NW8V2RsVXw0K +3WCFTrCFCtMlxQQLD+9dNVktSMOIwMu/e1FOcdXGDxcPiebp+Dybbn0CgYEAyFwZ +r1mGxiHCLW25kqFM8yHY6H9qxEgTT9y3SQQZ3vRu7ncTcq0ErOJY/YSWwy9F3Cru +k+h2WfwmSrhEzmkxLAoRpjotyNcNx2K1sKAtW/imBdpZ1iqmpsgqXrUO2Q/cjP3s +m7SpDadBLVwo8G/9lkgXBjFBqxuA+wAenD1QAvECgYBnSUFz1wnsDDlVRUCH7tf5 +YJjulR3EFlwG8NJy6ZyLQvLRPxBXDnWXEvpbehPMc7EdpdBTUPYCeiCSctdKmoSm +86gAlKf6IR21mIeXGwE6PHxDcv4VbWkzp2L6l27rrX3QTjZ52PUb/qOKJOVeS02c +WS7Et+aNln+KyWxBa8+GQQKBgHVWouAzkR+F879BLFX4SyV0pCB9RpzPDShPPbPw +R+pvwmu7ptMZCszo/m7ycIy8qbAoIHLUyEMozZAi3ID50AdXmkB8gAXIFFS5tWhM +VmQveaOh3cz0S4cPYOj4Jkru5B5aM3B43CyX0C7tczhkjeGuNHW28RtxTxcwWbzs +l2gxAoGBAKCrSgF4pIMQP2KxjTxS87TAHK7xFMQwNhVDfz4WFHC4zStk/Kq3Rb7Y +JqhgyggQ8BAXyr5WRKAHR4b7YNQL7XZfuei1Q9d6ZsbHrBRL3rsfuPbREueNkR8n +A6jcPNY4kQC/fhy9oJgJputd7HEbsMpYsyoBSCUYfhtZPV97KD+D +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-has-pathlen-but-not-ca/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-has-pathlen-but-not-ca/Root.key new file mode 100644 index 00000000000..413fd20b0eb --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-has-pathlen-but-not-ca/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAs1nA1rDzyzFGne/eY/MaJBA2++juBXYhUVH9UkeXEhNGQryU +N17mQdLYdScsPQS84ay8qPbYdGOavql70huWhyU7ztH/tN36KWSu30wbtPueipps +dLoqdkUDt5F+kLoEPdwKF3ezX9xWB+tjXitUydezS/NCa54qgJxxUl0PbZfG0/bE +enru6iJPHOhCVW6yKlbPhjyU0efgfHiMlAUFsD+ycBjaktKauld8+1JLDzTL3KtA +oHZOzBG5V77y4voruiCwyO6NChGiAtT3OD30qEn0tIoI/9DDJSEO3PAXIvK/Bz3n +X0yyzRoY8f06WkJ5s4JHra3gAn8LGTRdO5CBIwIDAQABAoIBAHh7oPoY4Y3syl2r +GCDY3QTBB87uyYdNtlAk3iJ6CViRLjAC8ybHT7OEavk4mZVcK28HVa3ENeDqULgo +rw+UjOi48JadqEPeowFPq9JCFJLePcEqwBUiQwg0kKyuxvF+pP7RZM4jEZMiN4EW +dih6v3jguIgbINGe7Tp83fvQnF6n6IhjA7DoOoT+yPdGxcyK6iNp3plNw7aJGK1V +RFQe+yqJ3hC/E48i1KB1ankkTbZwU1pb2HrrHqNFxBL5x2/WZAYgc+zYRPyNv+EL +9KaGC10aQtCmwJQNOB65JnHGW1eicYEtLc4N7cmnzb4WNrnWHvRo9xg0bLrqxPTe +4jYn+QECgYEA6GSTtFZDe8MNhTVTNURzggoPKOhNwJ9NtlFbHwMPylWNFqsaj8+h +GkxaDroHBIVRnmt5fXXz2poGGpWgu5xPe+3LsgkeOYZ0Ep9+58Ufza4eLJpmtOUM +MYL9XwN2JYCz2dT+wks3yNJuO7LM3QXrFdfN9Fe0CZ5RlSAXr265r0ECgYEAxZHN +H6HloMeYckaqnhQVBlbkVb0WEpCcPUXu0ac4hjRZaCGIwEEFruHI2SxhNCvc3Sjo +/eP6orkJxl0vwDQzOriYD+UtnnYe+HetV2kB+YLI63lFDvxembpSRJLeeW5wAvtL +GCCtkEiIfacuGo143eUf76QbC71YA414auyt+2MCgYEAjaFGV4C/Tfz5D3cJSAx4 +rQb+aDrzr/ImhXedpg/Snsh23RrYbE7o60MfG5yKTFoH/RmZCDpLrK10DN2mANDp +rCinnNBryDlGIldsG0qK8GouX5aWA6cYQFCJpE9SwNZoRdjGjpkS3WRJ5D47FnTV +6hEEpuaQhdAj/lN5u+QqbEECgYBnXAXCHMKzQHiCoHG2Ta9KJ79BE7EueTUj4Sg1 +ypQJse1sSs7uNZYxjbGz3EHmN2RO14489T40TzXL7wiCN0zt1ZDIEA+zrPw65PFs +n2UHEeLnPgRg+KrNJerQMT3urVYwWSNKNh5XM3sksYevIIAxJiN1DZeQprga87Ih +zjyfHQKBgD97iv5W/AWvhU2he/sRW85Np6XKuE+SdUl5aK+x3oc3mdi1smhYPZ2M +txOW1dS5bq0Slpae7PK4KVaC5+E+TuC2MK0J8vR/26/7r0+uh1U0pfoyxxUfgbXG +cSqcqcQMdC0uaA00usPEcFVfTq4RwvNhiN/rDUGI9VyKX8l24u5T +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-has-pathlen-but-not-ca/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-has-pathlen-but-not-ca/Target.key new file mode 100644 index 00000000000..c204fc77d35 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-has-pathlen-but-not-ca/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAuoBc8Ncj8GnZt4/8w9RHokEpdwFQPISPUvcRbcR1BIRImIxO +u/ZL4stNvgHcso5Ittp2TbAodZQo10QsDaVw/rjsw9ANi3RKGLkTu7GZgAnQvQCj +IGRwuxgAfGEfXdLcI2pq44psE5ujxXvckXEpRk4cjoIq1rv5WpG+8KepstWM36LS +6zrkSTCLgyBt+6+QGT5EtdO7BaEVoQ1MYYJjXiSllN+pNVoPVuuMHaUOgEoW0e/d +z4T2RVVlVbhzrsoc+MfiZ+iKQl7r9iy/VRwYOVFbFRYbCga6sK28RS0jXDrKKwTJ +ok+mgOzSuNeYRGk8PC6rtETiUGq4plnb1GFU/QIDAQABAoIBAQCUp+htGC9PXC/r +/ttNBJGspR/1+ZgJBOhxCvpbcjKLzR1Iat3/OIy4U7C9+SH/OSaAiZWuyvEU92mu +XGp43hw5DRG76sRBGgpNtogiHafqxOgbHrzn/udUWgdZHNkxofdSS2qzwAvxfSeH +K/ld/MMXhP+CIAMhcmeJZ464qAu9vNndMB9S3640Zt+QMw3DUNojlbxLipLHYjCA +KLq0GhbLVS1K0+juBrOKHsmiA/0VDuQwVEDS58qH4JKrJFz5RJW70n7/fEke+9fo +4BKqiTO7f/Ec013tlidEWh5NKBtSEB7xmN49CY9ukF5pusjMRx5x5f1lCG5H4cy4 +eeoVZ+vJAoGBANqQPilJqsyIrNMIMZ01m/yplLlUyJNQDZeIp4c3gIWT8ksAibDQ +t+yIdIQxmxWUeFgA16heeAGkT5x2ogE5E/7dxiIRqyFDRlZwAGw3ObnLyv3u943l +PXfif4iwfac57JknXL48mkxeYDe3iZbtlj6glyofYev+CeRkaIveTakDAoGBANpy +PKQ0w3nGO7NtYmwGQJiPY8KD0HahJ8HemmOblK9zv9ofp8Nl1zjObxfV3Eh7okMF +PDuPzdaH5X8buSXk1zOtGBCZigEYtj5KAMohgGdS73/U+NoURUXF0CyqJfhsYugO +CXNZrGQzRW76KdsAR3c3ndJZWre/sRHCZTC30an/AoGBAKRezFDytP/DXe4LgHyR +n7Ehu9axe3LGRqKKxCr9w6sxu4tKaULPhTLe4Hm2cMKG+QZ+A7H88dWSQ8kQsv+m +dHI9SU+/5+pJFPHWo4q+8avYJt5YRFaza0nozi73RFhqSJRZtPbgzs3WQBhG8LPQ +FCkfTu//z/3R/JCGLtXZpqAPAoGAQjrsg+Szd5JQu3/onVPv9dFTr8ADTlRiF3eE +W7rqA6AWhO2gEbAo5sJAEHv4w8koUyWdM3nQMMEXJcikBAcz8CkE6NOEcfyqFIyf +XKl3otwUXS+XG5eVwSfOjBwyUvWZrz3CQ8TmbaLV5GXYltuoz05/fS02QgvOhdHo +mDLDUMUCgYBJBIAZhTvzaZP/c1STgHKBoGGv68g3/QAHW/untRBkFzXDwnoMUwA3 +dTb1807dnt6cNMt5XjRnsQP1YOQwUS51SmL++HF+xg5VWAsqgMP6z1iPo3SwLZ7j ++dQ6nzlzUUAnlyKPtFXktbjS0xjWWTBOhlx515i6wnKVpYFzb+yhXw== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-lacks-eku/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-lacks-eku/Intermediate.key new file mode 100644 index 00000000000..04e085410c4 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-lacks-eku/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAlj0GQ8Hmft7o59DgPtWoHwj+mO+5oz0PFKU+hSdqoqqMO/Yh +QxItyJyzz6juT4y3P39JSaPcFztLKCqTruHffiKyHZxfQ1mlTlXd21VGVYNtSHbv +P3ckWNN7eCgFfGZ8eZCZYbbMLbbvNsoRO7VlyHORsBASF6PhHOrH3JyzZj3su6M+ +meAEmE2ctWKtFnEiAGjv5kL2BShNiBYFUYL22IORDBNMPG7WIipS2jdWqSQYuo8u +Zdk6S+CjaZQ7Fl5KzKhuMm34dBUyyJ+vBhGB25plzwEFL2VLcU6SHAZRfylX6SSf +ifmAYyWXkEJW+OEmYbJIsyCbmps0Ti8DBqfcEQIDAQABAoIBAEa6YemiLiYKQPFp +ZziNk0FRFbLgIK/VvfTFOmKrRMthqPVNkSknNMCd7RTU/aQbpeVRwinV53ZUZrR5 +Ht+U3IdgRCQmir6FRIpVaEWqppr5bYhQ3Z8uMsFShmzxwmtnQDBmv5691O+skH9l +r6lBY7JzneGaHzpb302ixgZ5CwgVZGa6TpCipyuKsj8GRob6IAyLsB+jKkydon8B +zZL58iH+KFVmsxEWB/IwcWRVGMIjBASflMWykGcrfFOEA1RFtQVbBzH91RAsfUzF +ZH88IEbnCEgbUvrbOCV0VsCZVrviJjBv2YQ4KrmJOwMUjNZPtyLElxJG8TNNqQ2Y +idr+9gECgYEAxQLzjhPpSQjZwL1N9u4MUXCavMVatcdXkN2yq002jD9tx73SCj+U +LbXGZzfN7uEYbdbU2BslHyACxu3RMgLLjku+p8OgS6bcbMR2AMliqE5hInJpPC2S +XOa/ukz+DXQaZd0Bq8wZvGCsx9P1spjMvIKVxQ9mzIfaayWbo61gJCECgYEAwzji +OgUpSlcwXrBUMMIbMQnYkODXLObqyjfdYHc4u+nCJ29nHW5cpRYE86bOKPwUnGFg +/t40LQNTkHALCIsFvGuJ5Nv44zDtWrqEflj0ldYUp0cn2jbmnP0bpfmY5Ss0Gcdi +RSFjNrUMlXOzX33Jxk8YcydY90FtWjQSK3PKufECgYA0eL/DtJvqntfYVNMiFG7l +dfdQlcO+LJSu+c0vgMYpfm9PxsfdgOeHcSWhsiRAHmWyQ4i28ivl6VG0B/0ys7nh +cV0bM6hK3etRcNX5CaokJ5QJZ62NoJmd8rtX9E+p56VsQfvC9P5ZxOnf4x1KbxYA +k0sujBaWHQzYgtC8PF4h4QKBgAMPKiRknlAG68AgHUGiWRC8qcMjctvGRpmipHp1 +g9MWB6/chA4nA5amsK8sxwBHav9EW2PDEag+7BlQWCvrGczpFoEanVzaEG4ijB76 +v+J1N1+jstEtmRGOudcxAR9ePPPGdxjEPCzIS4kwBfiSHQ5ZgPWVAUTmppMKS9qY +du3RAoGAJo1XbdpF3eiSlSMP7N2ocfsbyLdunJcU4puKGYGHsthPhT132ZFwvvjB +N5fKCI/sYV552E7HsPnvJIl7qWQKCLIO9zqzLyYXSPxVqMHImvKyDTHur9AoDzkH +JMDnfHD0EsxInQqXJIWxY2gqo44rJ1IwBtwTDrhanFmJBaWU9Mg= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-lacks-eku/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-lacks-eku/Root.key new file mode 100644 index 00000000000..c6f1b8479a9 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-lacks-eku/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAzeUJqYmQk8gzblvb6I4SsUrdojpgrecmmLxfYxKNOZc4U5bv +ZdlDBvvnH42sMoeErlDMj0j6suJ+WDIseKDGgkE8TaEBQw/Ep51dJBY5tBN7CbHc +P+WsO9dTtllSgIeyEmVsnP4kkojKWuzkBIGkiLI/OeFNa5HbF3bDDmekXcjkdhZE +93au22N/N3DQ5fzfCA8u+Qhy9mVPrxWXo0wD+Y9fafiX2N3+5ywdo9hTRt9cxY7Y +OEHO1+p/8TsM3RPd5y9EJKol4+uhjkOxW+O4raoeSfB3QGTvkK1ypKDTlWmWS20I +NJfMXlylCMn6ZmDs+aqG2Lwht3i/8igBQT2knQIDAQABAoIBAHqErik6eNPXr/Md +qlBKKolheV1Ny7Xv9KGyhjhYE72PZK8pA6/hhucjArdeAHfY+HUaE3+396Z27KPi +x1/InBdqZk3zXuLfATCUjZYpu5CSfwaX1e4X51N8oI3DvTpKhQY5YFZTTMP9rhxJ +Fq4vzw6gssrobL9z/aGKxCtQNRiwnm5mrj/x26j8t1bh3xHzvBb8jcK4j9R/F26k +clZgTSXWjXTeAqgmwOfANtlDthNuLCXuC0DZkbm9wgDBJG1Wg5c9fBuSSRblP4cb +XPu/xtd0wfykD3Qoygr1eGhoFS36EBCfm7eWbsUP0foXDLYq72O5dDvzkJruuuP+ +djxJ80ECgYEA95xAZf46CfVnSxTBs13MrUMUcb5ns6NNMMC5OLqHgdgtNLdufvLO ++kAf9GfJBpoO2X0ZQP/rUAKBH9Gfg8n5ihHTGWYzmANryBmJ1gC99tx5yb4Qwzrh +2C6NSzL+f2tVEOHeyee53cDJdZP23dIAg5JRGdK9vkqaokJhvchG8jkCgYEA1N7y +yiWms6muh/Pv8jHY8+bE2nVqu0YhRam8qiU8KwT2HulXxwNGN9oSdYDxfPf9JAGP +6AW/NSVRPwxn1twttnWNMcmKkkfO712gX4RkuCVtIj2PTSRnGWgkTpT176mUZWmp +rjP14HdGLXzTl5bVgtfYWywK4ieyKWEzzzYcNYUCgYEA21iHk9KKB5hlUJWqogJN +9o6d5cUOiIv5LV8MtbxHnjaqlTCJqdvejsGPjSsDYd3HmdLANFyBT/dn+4/vBwg9 +DpqLrsximB8vs6sr92/g2HanTJgasVfQCXnzoNIjsSybxsDQY3vrow3NaWMSJZ6K +5gMP5RhTDed45JR5kW2Bq8ECgYEAtmJbFRXTUYXlcrhvckyBPOAQ87e8fb4ljcFT +U1hZx+YVVgDJY0sL45ilTiXvQgpbynjIKpyZ6dgSV3mykmXNiNII6opqftClnXLT +kGMnxJrUeYzS9d5ls2AGE4oPeYsLCSTR6967INowt5KG3A+w2c1Do0IGBSTLwiZ1 +NGmBG90CgYEAhPMpBUyTUMxfyfgItIVIN/1IKnOTVMMdJ8jnk0GUqQIP9v5Xslzg +/PJexDcm9aAUAhiN/Q8dXSHZ2dgx1HkIyf4B+jkeGLlHfYopYReOOBMjTDaEk25v +Rgc6fTtlmKCXa83BH3m8fGOoA49h0vA7r0JZqSFtMk5LKBf1GeE5hOU= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-lacks-eku/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-lacks-eku/Target.key new file mode 100644 index 00000000000..3f9b93e1315 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-lacks-eku/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwJ6ld3AovI8YzqI5ZYEY2TEK7iMJgc2CNpilgi6x/FmoRkkG +FmDrEkYshajAdXstRQ8Jutap/YgP1pd4Hl1RzBqUHi64gk7jDKpYG8bd/dKjkmwK +rl7KVoeabL2JMplb2jPdeu2nxeEC3iVbF2r1FYoxccfAJHxVxI7PTAP9f/ThkMwa +XrXxSy56L2kGKoZ2M4jvsuCEUpgD65h7FiVlaqZa+je1oXB0XpaHYnik1AVglzr5 +TIZJDVTbeY1oVliD7o8a2tc6BnhudfCpmToiowbuWKIr0epKp4rIvUP4sXBP+1G2 +InjPXMbcgDM99ZJtkckbfoc3KHa0/39tUpvH5QIDAQABAoIBABqPhceTerqNjOEp +c3qws4l3fsdZo3z3pqX6pI/v+nEOt+qBNUqusJuDe64ul+NbSeHE8hWGdkhUk8KG +fnTJb3cSjyweSykE0cA0WRPzdzcB7bZKGarzvTjzV/L4q8uDZCwRjM/fp4vcvDV/ +tzDiecsvlCPZZIBjeLwy6RjVUAZts3feWh5zhrhb+R+8xsVfY8ePD2JcF6NsQa/d +zDg/SEeejxfS0oAgUZn3/5/xX74fhtyWkVaDDH3IXKXtOn7cMhzTEw1W7CcqzGeu +CGitu660+B8ECRWBaxjlqp0RkYWlB2lcrofKh6EcdTM18zuMloeG005pOZyg3xa7 +6qAzmz0CgYEA91n/GiXL+9dHvkEU4dvrUk/5iuIiilXIPX9SHXukiLQSg7yVJJr/ +0TU7qtNdiC9ojxbDeGO7Q51ISI+NmQf21xJlVE2F1hxYMqVU5hFm5iC3s9V2IXfJ +00xuInvZPSFhTumGxPOCU0D3cDyvDcQr0v9hIIHdt84Y0KOt8FHIsbMCgYEAx1rB +C/vnzQ9uPdKu8mrQ7kP2/alLyVVz7sIuDss2mX5hHQ7z8ZGB1xQeyhdAD3wYjjD3 +YM+9evmrrhKKQ9hRujOw/RJYzFt3sbsRGIXPUR6MVj70LMFW+wP0Eb1KQIc7pcHg +eXS7orrXUU4M1HPrhDfGX74vEDK447fiVU/3ZAcCgYEAvIPepPMBkCL3Ds1TOP// +TXCeY3cNlBjkz9nln4rIT1fOdJCZqphnN+82Vm9Y7Z4UNlnHCE4aPuH0YTjnViZ3 +vlrK14Ft600W+yJ+ngnNPr7YwzqBGejN7ThnB+kUHD8Ahr/8csaUIRd2fhgB4qAM +Nndkcv4HGTr+NqVIv8vVBXkCgYAD2dr00k7uBShKBXHfuPSERcfVqpmOMBpnOFUP +cBmD6Y8SsqE/v2HUt8zIdp6ELg+DX6rHsfulDoGkgTMukFUz1Z/Lo7kXaYTsaAKy +iJMyq/ZmDB1HaAy4GKF0XkW67WHXl+EwN3MQd6+FII7a48pe6XzpiJD8LR6pN3ol +z7+lrQKBgQC6Sg3ccLIbxKMN8gP/Ox/kK88FNLsjeAuYk2DrSXa6SuE0wkozd7Y/ +yeXgFhkLhE1jrBM4NX1TPy+YRkNiY+cfhdoC+4hv9gLT2VQQJuDATgjMJ8DUL4jB +CQYbGDIzWS43E//cMNJ103X4zQyLILny2eIwNZqUIOCR1e+QlL+IZg== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-not-end-entity/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-not-end-entity/Intermediate.key new file mode 100644 index 00000000000..4bf5ec428b8 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-not-end-entity/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAspQ1i4V1onQetL1cm+J6hzKh32PUXBDIPMJ+qlMJ2PrOFL2A +p7PLS4Sv/MjelzjYF80damU5tSc2vGSaTy2RXzQr8oP6K+ocbl9gCcNwlA+9DOvi +oLpDWjrdPgKZUkoo4uTcGJU6vURvwaI+b0NXYKRwF65C0Zx8CH/wd5N4WbLEOdso +zRlCeMUAojpv71enItWHaibE0Z8YcAVDnHKhA3lHuvVk+Q9jwf5wP/BckkTmcYgO +7BMMRTOTuDzC/gd9DrK7Lxlp0NGcd3dIVMpdD45tjSc3YUUS3iJs2i8jn9EPOAN1 +tFO6gRdKg5MZS1ZOMWMSb4lcXHsbSfxqoIpUjQIDAQABAoIBAEty1OCaxWWam/KO +4ta1rED8wmloeytep8sL/YomxU1YQcN/gSDZlLXWXKh3kZvgl2QO9DOkiuofpD+a +XZvAS+AmYb73xbXSFqsHPsNBQIo90AjqjHiN2bEAl8MARBkBXh7mxJraSdP3WyQ7 +URefIwag0v8eT/rRm5HXxBgxRTLX4Mihcf+kknv8iw29AF0naoQj+PTwZo6sl8rZ +vNrO9rbO3/UQaydyvJ19q5jF4iS6SQDlMY0gKBoPDycZn4gg0wMT0F5R7sfHK6Q/ +hBW9FlfD03dDHm0XJ9UBVQHZrHeIJlH/VhwFLJbWBUL5i5ouSI3gYp7YW2Di3LGu +FAA8lIECgYEA3YmAwpy/OnKWjbDCMxf3yvOApZu4zbxbbsXLpc1G/Tu/k8XMpug4 +RnlACoUVHxeIYY6fRzdU5ygcwtYKJwOQhn/QoFiCr7OXU7YjzcomowUIPmVp8AVa +7XDfBH7F3ZHUFurFaKOxaHTmI/w1cFdJmZXMdbikTZe3tRRmoFh6+60CgYEAzlvw +a76gS9zhnjzPp0PwDoWRzNHdl2G24GBBelaZ14U3e0hy5iMhBdEc6e/phBwar/8n +Eo4W/hrLdBpgLxrnbxWCX089iyPk6CwcWCoMukhpjHEnIkhPBmzMrRr0Rw0fZHkp +c3JnMuY3AuMhNQ28HU/norQTN/lI9t6RcD7T2GECgYEAp4y9Y3LldjEACL2swrPX +5xjvLVFvHbrddBQIh6ePjyrHI94vf/SVy0cc1lf8t3022oHhmR0SC5nc1sbG+ubJ +QdAdW4hVnsk3JErXHWdMfXLq3zYYPz3tnTMGmQHAaGlIfOSm1RMotBXlkUXIrOR3 +d79B2a8CJOUgPcXmMFN7ACkCgYEAsi8nCRH//aGLW4Qs1cRO62sgOxhX25gvPc0/ +nLBchIFuJ9CmDdv1br1i1wkmvME7tg5+oYH5jo56cRU5SlNT1VJgUYXtoVBsHqHA +E8yzUsKmCPPHk82WFvkpPqvQk+1b1vjb9uio/YVVqPOQP+xNK45Md+w/0Aw7mZcT +RDWr3OECgYEArGFyqhzyE8zMLbFSeYVwtccqveYCiXET/mjyOJOPbBby2as0L6VD +7ZiUalARGCoxFLoh5UXvgJhjlhuOqHaZJJCrIksRPEBWDBNr9+UqgnG+oOn9XCit +FeXN3jqu69K7ehjXkCzbuGhml7rf+q7ZUW61TsRLbbxkCL41Xyl2Qyo= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-not-end-entity/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-not-end-entity/Root.key new file mode 100644 index 00000000000..ab235bcf1d4 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-not-end-entity/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAzc8ANy0wB7F5zhwv5d4UZvDEyWWU1diGm/g++o8q9kVZPyvi +yifa4WOLzT2d95z9qMA0h9N6/1CiQ4yW29epQ73p+azybIXnRjNLSzIvYvuGXvdw +dCS3p5v1HLrSBpPULH6U3mTU36XXB/BXMnbo2NwQN1QkczQdf/6KXyFAtM2qq6bq +m/Nu60UPUvILql8MvWm0vMW66zYpB2Kc8SZZiQS3h8ZbnumTr4HyKSGK/JmTLdmK +DlpDsdgxQuNwq13tfLwIcSfpj/KsCRK+KJExx4mk4woH5cD0bPpTTx9xOkLHsyVW +/GnOmJnW+rTiPcdMuPKpxzk+3WDmBt1o+exVOwIDAQABAoIBAQCtmE/XOp9LrfBO +4Mmp+3N8DNQACFXNNrD7+B2vHHmhdoc72JmX6JwgBuZR/Qo0ZNA0ucLVWpVhq7Li +hUBuOO9F+3fSqIVm8l9MgFGfILqFpCEIE3BgFuRuVQcf75jeAW0zBqYtHCHOb0T8 +JkZ2g4QN/zkSYj/IiInlf19ZtGOu3FO9ugigRZzMBmrLG3hty711wMVfvf+4TzFS +GrAjGOyqI1jy8b/5lSzRezJ1wWnDOIIuyE03IR8jVSuwEPp4yCFjt4KfFsqyJdfB +AMOkddhHi9UKwRu3EEml1vyPHKCf9HVIZmHFjXfhj84zolUy0Ke1W3eBANHkkg0B +/eWhLcWJAoGBAPG/GQz49K+APlOEwBzB/BDNktyXWcAxLWsy2k0lDihQ6ZtwdOPJ +LzmX6JloB/2GXdYlncNH2zOPEkBrLR+EAgvxb578nB6HMfxnVreM9gmPO3+eghru +Bk+6lRU/IhWfzQiuBWhyd9kBCe7upQEoGIFyvi3Un2jeYndkF+7gGsU/AoGBANnx +daE8saw7uUaEV6jx+N8iUj9WaqcckckN8+5/80/IqNe8Qlyq5jX1KZTEsbCGdsTB +YqnWq8nbhLUqcC+8t4PP9E34yKyGbE8IiW22aul41EbUsxga66HIiJpyZ0Cxudlu +e5WMgBknXMfb+H9xYNnaTPgdAFhC24s0YHT4I8UFAoGBAKjaodS9z6sGGIKdptJv +bHEQJhSOYtIrh13pFzHrQAhI++Lmmb7BN4sy3/THBU3AHKsHezp7ZlCNDmKQeeQZ +gJR2/1A9gY6RQAjc5WUvwGrM8PIi9R16RE5MNPWyM0yHYd8+LejWi3+3igiqB/bW +2scQLmY0rWPCcWSTNWRUhF5hAoGAWmnlVsKLItyT/EEi7J+Vk1v1qvj6veEISdRU +AflqwwqHoRgkn7T2VCQk3+bJoGXoF6/ycmrwUYmUAGReri8oIrK+syomdgw+Gnt8 +J9updrn9tnS+550ja7Z5lTkoxJn2c9F1y5DCA61kvDTxXk121GnPzI6begIiehl8 +eooGrNECgYEAsG+d777oPfrCphPE5LzbpzbFUEyE8VTabFP6scRBaimRh4p6kUCV +OCheEgcmltN+2oBmpk7cdqIjdXknWPxpVpTTbO2N2fp1aNCvg7vsi5Fn6d68HEmm +2T/otkPanmPIMFIfpYCXGub7nr9pwtKCDArDTdcpjqAg+XsVEu/kCU0= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-not-end-entity/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-not-end-entity/Target.key new file mode 100644 index 00000000000..949186b295f --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-not-end-entity/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEApUVOLcfJwqvpt/8vOgnyZOq86pw0+jnBLcI4w1HsewZuIcZ7 +oATs491acgoPvHM3fwF+Aj3Vy3otzLPH2ctEDtajHdxpCIBQziubo40/TnlV6syU +gXqd/FT1FZ4XmeIwm2dVTHnMhRPKOK/s36VQvLj/Ck4Svl7eZNOsffXMP5q1lDJ1 +ZY5HsIHXyCdffEQxU22TNm9UmdyCJHyrFOtnLzsQpMtWNAX0sfwSQt083BYP0Y/w +h/oHtPo9ekfA3JUJd5wos6OunnLTvDulV/cxO092MKJDVnT5O3v37ENkPlaqk1PU +SlqEi/toQxekIBMH4Kp/scM2FYuz7OLm1kpfgwIDAQABAoIBAB1LsLT6wi/oy1Ab +QuLV2oq69Wvc7qMgU7bpw6gTwIh6NlF0XnuaA+fMV/j5AZsVDVRNDmoVTe14pd+w +So+3sUO0Fkv3wwKHxEsXfco7AmrFpU4un3BoLNMKuDrxwBs99gHGCl+5A2DfhiwQ +OzvVkP8zB7pq5nWqWV+kCeJ2DJOFbxO61tara1HEoB/K0mVwBaqrTEW7LDMf9QZb +arkKKtajoYIytXwg6uekdSJqHb1XABAy1EOzTSJGGToHvaLi+OSotF51Oymkd6J2 +TZMkSMVzfFUYpFQahNkS4rBVMgl/oIZ5GZtM88Gy4td99IF3iAA+hNVZ99/4+d89 +KBNQMnECgYEA0kNG3tpiBNz3cbLpOx3lz6tNDHmM2uwgcRJOzbv0HAJtM+CO2rU4 +w7CdrdqNadlBNYrhzk/4Kas70Zj9wLYpCLYOC6RvZBzGukMyYoaaLJ/g5rmBh4yj +XV2ea7NIyRWyu1P+pSks8S7breiABjhw6sgosB3MJdvUszdjq4rEQJkCgYEAyTiX +9+mYJx9ChHwAPKW21Zk1gaszkmANSmGn255cpJqliDGOLehkc00lFGrL4ydlYd0E +SW6wmYkRDEKU6Ruh7nlIoZs77JEmcOTRo79RhEsf5O7JnPyYOfd6WAjxCLW0WfJd +7k+Y06ypgua6WL6T//fb+7LBM2W0DaPHZRDxxnsCgYBaCOLtBHhaesAeWK0UWl4Q +ydppUBcnm1rc8Cj8YdJKuCNIxoyFTHptGVC7pE1PmO8aXUkJziaGuUMZIjjub1Is +38At7hCgvs297o5BsD+OgjuMsLytbWR6017F4XR2Xqs1Ged9k58h+52n31oKz9pS +PrlliKzlPTfcMgik6PvWaQKBgBDbLs/Tv603TykuAg8Sirhl9zd/kfhnF3XtrFQX +dgdL9SXtkM2DtDZ8dei58Y571GBYVW2ZWi3ib40pXrQQXoZNnqn7CRAOMLwwTud6 +tWdxq6BP6I/AETh55MPPK/Hg1tTaGshF3rWMtz6B+YZJoLhGmSUCmnClymmCGMf8 +nWRVAoGBAMFuDnOxV16L27wkh0DCLGvRjgfWcVEXWyzh3SrJk+gOx4nF/T0u+h5Q +13UPvpnN4nVZ9QM7xdJG/e4gzWrDcB1OL0v+gxcz2n4FVErL7Fofmel2gUXAq8uz +7zqe9lzqRnYBI6+cMiniOpKirtW4zjIdg8EGiX5+1w+i8nj5K1q/ +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-restricts-eku-fail/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-restricts-eku-fail/Intermediate.key new file mode 100644 index 00000000000..d742eda5964 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-restricts-eku-fail/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAmotEV/vQRCTWIDiqGyDMZ0AmwZgqbpXP2yw7psnmWAYBxdct +Og31RZJs1xZ4WzodFvc8yZsalRf3zTB1RMS9Qu2ya+abqE4uzzYuPsPAId/tsgXK +ZVkSySo9vzrfXhf266h45oHH1l6sm+mqxa9v0gQISp6bAmhAs8qNXs9ITf1E/o0V +Gav9+34yNMmQFbKOa0qcY2iFu5G7G8uLwW8GMmdNDfOaq2yA83nxrLtIKuLvr4o+ +hopyPt+teq2QUORlaTcmShbOthGcNknahdqvX5HWp5Q6r5Zvb04Bo1EG53qrQaMX +Ibadpqp1/wZ7+uh3WlivHUe1yIu/wqFqTAGC1wIDAQABAoIBABsyOOO21662QMxI +zH6bpfzhiDB3Y7g0OvDZ9uFiFFwXKoazWC0oOap1mxu6w5FiR6478gGUfvgP0LbW +OTzR1nCJveVJHslegNRMN5UqA4yyiHTUmgp9w1WNTnJxnM9FLlnIOwZtfkpWPM/v +LfM97VKrDP58rNCeogxBr+EoXxQCIPjYSVoq7h9yTUYrBOdXwlzXInHMROYxHvan +aNoReK/Ise1FI6hoOPIbfrhhlzcrJgKd+Dm9tHCz9tK5S0G0NX9TM7piz8r+9hHe +BRRyGdQoGD9VhbgLgljtDEAFwuN/4sDVic6a0FjHgdc3Ihevoucx1N8bD2MeFkIn +mHIc1vECgYEAyI0XrbzAM/wVp4mkNtGKcPkr5HgEOCNfZacgVuPcvd4w3Zo9WYr/ +LC/SUWuk31KHphYtBMsQZgLdM0UieOGgVSPByyY41ExWPVEfaeNUFIj0WveCHwvs +MnIzBwP0cFqBnoCM7JWyo4HCFsdDkDqmb2L+5ImZplzutlGPQheW8qkCgYEAxUXQ +L5JG24wbWJp90zWgAiyhvfVouiDi6KwhmFIIZi2xK4HZnbidEcQRFq3NaXjVhfsI +PGyzVa0BqqZ63afKr1i7dBlPvBZubw77t1KRTDuAxfMzOZfI0TY1vrBGkgnyrHJp +0Cgoq42SE+iyFq8xv1zuT6Z7gZ7x6RhUclmLuX8CgYBNS6wDp0sA/jiuYOtswWg1 +UKPtI6CkrmV3PWnGc35Bo6B72JWqrFrbAfdysCVUeW+UwNlLDqTcXGA7AXte0b9E +8Uog7TNcB6v5aAnOevKOE5bydJCvPJ4ld0RZgNm2b/ujRnKKQMwgHsPamaRds20w +YxxQowQYTZsno9muJH9mOQKBgHIsR6Ngu5XRbvpG38/f122quymf4S7oXatgBEmO +IMJSa5nMm1BHStC/c0x25s3GW34hndCq8NgDO1Wy6KVkuU/mwQcepyEqslughlrB +dMp0HcFzUhBhIp7DCzQD/bQEAemAhnEs7OztEMBpCrlKSDaC6II8znpkrYnExQsx +fEatAoGAf+IMjbvgH3wm9iff87Go7pyPxpyBFcehuG1m3pyJFoTHuhc4ccf8lECN +dmremvpSiLzH60r4RO0dLcNLXkVQCY6tkdfX0TBDPnzCcdZ7/HwOBLlUyVBrTLsY +KTn9QYQsh2mNK6UBMxTlH0pKUe6mbvYeCnW+tUblTqUqA90m3uY= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-restricts-eku-fail/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-restricts-eku-fail/Root.key new file mode 100644 index 00000000000..9277b3a8de3 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-restricts-eku-fail/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAqYaCEYNyonpahkJYroDK3P1i8BqttB5lNBgyGxA6YWBXWkF2 +Ncg0nOes3aggYOwMu8r83rtVshBJnlDvZ9BMK2YmJaxI+oYuhjBmO4vTzQnUTBnl +fgH5jSmzWAmkT8FvpRkN830ifHSRq7I5tGp6osuZBdny9Eo5RyVULrc+3yeOsZYE +MMKqcEbWliNHXzRA7UIRrFGj0aDFFxkzXORTJoumIbKH40M/jloEBGJaQY2/x8Ri +7bt6AJtg3gAqXbJArwCinShasdlaTYLpnLJtVBaVJs8uWmmGnkAg2UJuP8ehHUDA +GeoVd5POArLLyRWKnEkrZQeXvdsADbIevbMOVQIDAQABAoIBAA0n8SQmzViqoifV +MkiomhW4XFtB1sUprrTyQ8Ex6zXvYhgRCHl4Bg0/NX0mNQ0QhJR2VlV6uFXPScdN +hKbL1X1wufkme6tlimrDisuIOHGrF5yoTdUPlixMViy44tWFr4JihWCmD20VJtDq +Tewgb0/++OspVN98eyF4ViYh9nEe4m/9/IUyE7pV5OuxCLY7dzGlOCrT9dbcJl/G +u+Q8nRkQG8HK2DzHX0ofuT/mL9q5WFEUeZMZIGuknJTrf/wElRC8LMzIFxJJKNnE +an2jTy3Yh4mUqyWaY+CZ/RbGovLcG8NpJVWlWYPy0Frd+pz0erK/hic9nqwknAee +mX0NwgECgYEA0obDalQMt7kXDv0Q3p/IvnMRF6GN3UfOAk+iujnsvM9lCxGLJH5O +6KXSvON+68dD2YgddGgB8U0ztw+QllPYTrFXyfXv7hT4O+xLdrtNY8J1JVagl/Dt +MQlgxDujrGal5JlYvhTVjFoqDeSad4t/3VBfkKZkSHIqs4xZhGCgcMECgYEAziSP +VCPacb0LYAfpA5zhuS9fskNVgou8jTorSmCmyLDi6ktREELY9EdOog0Vxzixb1Z2 +x3wGeA0//RUzoo8boJWbR4qvuU2kQfhBmnDBtkIEOT7OaZnUcgVTcrlrIM3Nv1ux +nAC3j2REYx2s8SLAen9xj+9FsUIPhcYr83j+7pUCgYA+c22qsA4pvgVCE/4aHEof +fODYIruDpdZNxzPdjGtWwysVMnoVNEbSKsat88plxPGyqPcb3fKdkypBJqPchDjJ +d0A0j/lBpgTROdJVAVD+w+OeVOlEyVqDTmXfMFXoQXb6riauFF4YyXJqNqM/zSj8 +DOicb0+WUg+qvXqck1FkwQKBgGnoMpLh0Kq6mwt9ROOMSBOiGSI2ocnuDLLp/a+6 +tDVLW2lPxJf8IAZwVB/BZTzzDYXMAD5Ao/otpIBb0ilkKKd59UruH5WuJAOYjevQ +nlUK2aynbdinJZRm1BaO2FEEKv5zF260l5ndw5zAdEd2uTi2HRv7q+yDqgHqbE4s +DZ15AoGAY8TfuGR8SLlA9hNaTZRPYL9BGiUQWFjI9QuinJCHifLoe9kmlE7eCSr7 +9W131MU2TjGaIHSeFnDKX1M4NqGevmaRkmYFmIMEtItm75Ts4zBSmOkBBoucFZWy +ESWLXAIS6IVlr51EwPdLFd+RnqY2qpyEUsuYXafAseEvz3SOAWI= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-restricts-eku-fail/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-restricts-eku-fail/Target.key new file mode 100644 index 00000000000..069cc10e3ad --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-restricts-eku-fail/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA4uulEJi7acMU2dbGVxrgmp4wtdi34/1K7wgBsLiUCgrGJF4/ +UNHnIffODF+voatuNdRWz71F+241XQ80fjZhq/LdS9UjgF1Vd/z7DiyNhhPh64if +afBFGS+Unvos4PyjI4yNz/B+ZZ8r/DQEdbhWqRk199I/K/DPGnbd2ggxm0yxgzEy +L6scYVEludcRO/p/ixvJdlZ21Qf2lZnbPuDlWwRgk9NKC04GZkiik95+PC8GOLIY +b7HYH6EQFgbQoWfP4n3gF8GylWw0snQz7OtxXqwlsoAfxqXqruJichgzUw5EV5Pg +zToj8wvpmr6sDFd7UXYkJCg4jg3IhKwxSYd5DQIDAQABAoIBAQCmbI7OAkYJRjMH +pRYoEiVCINy2sbAEfOM1NdkPg//G8anqSFkFbDyo0/aBargDyRf2ULoud7FYurZW +fu1P15CArIkSscnsvgcODjMObSyKdhCOTtAjwTzcQOIuSmsZww/e5ZmoNMhuvXNj +776Jm92q/Ttwevkrv9wUm7MP0kyXiSFpJvKMx33j6c1+M021bVx2TJjfKfcJ1jNI +MF3NcMG8iL/MAwWgUFOYIMc0B6aTiNkOt3wOq+XRO/LCrnbkT5HFVGMsZU9K3860 +Z6KZeO4iMBCNlINQybXfqVgrvoA5Zqu6v+mkSWee2GcbxSNwfXyGqJg6eAHBRYrc +RlSOqX+dAoGBAPH5EX/F3tla3c3LVqonK9Jd5jb5yhTO/1LmaPq3WX79ClEAv5FQ +YVwWN9XQ4kG42vRUmYJNO1SQ4R8PM0MWn8owwKy+QyOhtqDXbTX9g31EwWOFZb9G +NA/sbSNnmJZzQ5tsuplm1XuxRStDn66Z/WAxgP86UkWft53RKQIFwtlfAoGBAPAT +MeiU1S3z8aUbbFQ5ETNHi+8xuldGyZaQZE+8CUFNEw33oT0SY+mMIFWZ9CHSpIoC +DBkQ2YYdCy2miiEXxEGZA62vuMDV4I0K1o0D+QSRqGbYg2MnDQ3d+Ljx3e7oWe0s +uV+UWh9oAHUl2QkfnyoTEVdeD6PqoMY/CNQbswkTAoGBAMK8RygEj7dvWIhRt/qS +McNIjIj7+HVMrdEC28PCoUUA0jekmYeSH/ijbOYoCJ8J7TSrjSt/ilshifucGQ5J +++kV2UpsiM35TGgfV6YW06aSGe1FI0CPeEDEboUKz5NtSiCgnX/tcavtW5RZBP7Y +sUCkNoOxZRrhUj2xYgZdqpWTAoGAcKhxSTVefHv3L4WY5kUJX0j5z7tEOGSNgMwt +ZoVUyoICqRFFZsVUgWoyWjkuqRiSAflH+BNCIH9MmZWHSFRA0o+dfEnzpvo2r7kg +SXhNyOkZX3nG3iabJ6C8cP1/Kfd7C6NrMgEJ8ab6X/7sxC1EoZflEVygdklKPP2j +hPWipGUCgYEAqyJqcOOZ9nSR9WeZNIkU8E0B/G1dFMwX37XJT/po8OZC8Yorbai5 +flpwwwkm2TCkk+ppt3uGOqvtOktDi+OxyrZHrzszkRa+uGRWfFUlyI1AePnAXE6f +6euL6ffeV1Hy6urMWguXPB42BreM5/vkfVl+CKA9nBoRj7GHmi+Ov7I= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-sets-eku-any/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-sets-eku-any/Intermediate.key new file mode 100644 index 00000000000..2c027f45d0c --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-sets-eku-any/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA7Tu78osggd5CQcYkYxxL5WOwkwf9ImRQfe+P7WWquvTZrQxo +3VCw6gpeGJ7fSIjsH/prSj7b6iRusaO7CxLeHUnTMngk+ehPqoWQIaIsj1iVjHCA +jc2ZaANnD0jrlhdjkyuPcncjX5dPhr0X0nBbXBj4AdYR2MDcMrL0v93aZfuGI8Ck +vf/CpLaHnhCY1PQJyyZQHVaDcgnGwbfMUpxhCQS7qipjZqWxAmCFvDCRYrtvsCQz +6LWaEx86c5XV+7ypSN0UoqRi4ZcZV7Ea2sF5k/10y+H/DEnCeFeO79zfYJaO5qKX +YLlTaxeOrvk9vjHdRhi9r7amAvpIL9jG8B+8QwIDAQABAoIBAQDIGd2DTMTjpgR/ +FFF249RErZyvuEpU6wZV426kUF/9CDBfXZtKKhi/oHUUEVXHCe8ZXhGHc5PtYEOa +RL+tLIH7dFzXMi4GOWSRMc2MAQ3S72ZdKjvU4DnoWQ5h/yDv3dSYu2Joq4NDyw5C +WVcxoqH9AfaXHei5ypsxjG8TM19XKnyNq9MlO0o9LF696jabjnvcm8Ymq2EfrZWp +46XwPC/XSJeR4v3Bx4JQFDkuWeG6KWpLqmB1oX05WOoCvX7JonjX6QMim89L6zN/ +LKyZA8W9vlP9CBe5TwyaZC+JZOsJNZXajbPUMS0Pt3wec6hGyDNJK3DI8PV5p8Sb +DSHJlvjxAoGBAPj5J/8LdGqSsSG1WwiyvT0prcn76B3iH3h6G1yb+k+HYddYA/+j +5q2yE2AC4UtqVPn6n3sBka1S0ONuTOZXiEK/xyq/BdOW49AjjIOKCaXX89SaWG/q +0RHZrkMnhsxf1A09yh1sOIfznO1kmGkrFiyXn7w7Q8ZXcOwAeYcYRQZpAoGBAPPt +waIHhaoHVG1qJbq2bjU8jqSZ0oCmIIw3xqwhc8716lhXKH08uhNokym9r4sVfen5 +1Sdhmqk7L40P37A2wy7WBs6Sguh8tXJc3O00SnwCvoQU0w4YBnAHRx0Hhlw4JiEh +FW202Wiot+6bNH5xvA3Qn5LELGo5RNG9lDvod4/LAoGBAMry3uWJwtX0yar+mDxY +5uVqih2x2B4z6w9cCd3Nz5bwdpMBThEe27UPCbgj4N6GyMoUv9eXCdbNQTWC/fBt +vccbaRCxMeCuiPlrYOkApqinhjzxq9FfChmQ5fobyEfkfYhlq9GcG+DGdk8UxyBD +XQnwducLME4HjSbzpBy5bdqxAoGALKzX8PgVt/1drihpvpeY+bEcovL1RdCnV2cD +wRTjY/1QLVvRM5bCsblOcq+mDgAiro6uRmcu713CqMBGhLyS5OoYFw9oYHIuvUJa +yCrylWHfSMuTmBo4W55JnPx61DsIaLrpdM1RoER+Y3oTlDD6c0FJaJT7WX0hqJRj +KNG7zB8CgYEA3sjJXkYscwRAzxpaG31BiuBV28bjgEO72bi/LIby70nqc3CBEDs2 +O9CVCDNlA1aXJOKLHbEY0jPArim6d/rOUD4ca3YmyCdNmq/dntRq1+rv8b2Redq5 +0xQMbZ1rY39FzOwBQzSKnQ1prXS+2vQ6qEm4/vRbUvCvVxWO97qlFk8= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-sets-eku-any/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-sets-eku-any/Root.key new file mode 100644 index 00000000000..c4484505234 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-sets-eku-any/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA6Bcxtg6EEKSbv56unim3b4Gu199FidEpUQ4eOXqWa3/AeN+I +z9uzq41JD/twVYVPk58SoaZVXKmujXlNpjoyA5y/rZXEi0kfArUjoJ/a00XGjPzs +l0ZX3XdWxqJGeNqiWbsi6t5jlFAZkRwQzWfgVxC94N5pZ4BtMahDvEksitZKIw+m +ePR0x083UjqvnAOys2wmq2JhEm0iFWba7Na4H5sUuQScm161y4tilWdqoVdEAnei +gT7HIFKiFi66wimhVO0zZ/IqJqO22giNY2zKT8aEiLlgCM9Qjlo+ddfs12PB/hg/ +TvsI3jlF0oE0jolaSM5Jv8qEyyaswvcfaz8NSQIDAQABAoIBAAe7/iQbB7umQKp6 +F0eeDEbjA3ieMCsPlVjmJ4uy0iBy+W8Nw/lpUOt+odiugGfZMXWx72UDrgSQgwij +6jqH5fLI3npia1JY9XeZob5QlXJE+QDpzNidt3/h4jpsXfzZDGABJIC/OIJQyQlU +7hpqQ8ei/zDnOIwCc6EcAmXb6mgV+9MA9xXX8PIbp5o9t0w1VO3w/WNl6aNxsKOa +0eJWqGD59zfxSL+9nxNCaOyvEe6yvjEFOMSUqs4vn5CSNvHFP/j84lUuUmdufNoW +LwJdkbrkoE/sdm89KvcPpj1vjx0pnSfAL00mClt5BM3DoW7+WAp6Ovm+0hKz2W57 +AUQraCECgYEA93FCVO+BEK5PIlVcIyZsnSIUGPNn5TfyY4Fu0ehSroenT4+o9x5F +TyJ85lylxVgNDWvhBeGbETnEEtNfBIC29rTS7I0cyHYxmU6sPGpEgB+tB7wXGYpf +O4dh8lBaH3hUo4i5o+xRKaueyJ81MtMvUXcm9O9dsmjRFOE9MJNOaosCgYEA8B4E +Zk586QPUvvaemky5pZgm5sHoE5tC8JhAiOHBm+wSsT7d6OKQoaJRguRciHpxBlKr ++E9Los/ERhhnrkllVX+mjAE0JA/9Vb2kZJno+11Nn+ZUouUqbo2ySLy5SJkc6ckj +pCM1psGuJiJd6uszs2OsUYjyeC8Ato2/lsszpfsCgYBugyES+hz0rEUfmmwaLtEX +pN7A/gUK9N/G3Un3agFzfZaWDB10sQpXe5m48OwApYC+282WaNpu6RPPLKQlSK9u +o/gIOkX+qfsg82gtW3DYoE0RRUoz1/8MgTyXkpeNsppqp2fx9FuTdtjl1WVXG8bo +ZYT6o+V/Bx1KbAZ+KWw+XQKBgBMMXo77JP+bNTJdACH/ei6/zj46Hb4IcBwECAKT +3jcPWEBFW3dRGeYoqUy37vtIs1SsFEZji/2De++PmhICco6AzOaIZemCdzdpDvSI +HSprsW/A5u/xPBd/GCibCBvRQbDuKuynemcbMESIL2kmdXiCrLXfJlUQbX8N6af9 +wMAnAoGBAM16yiiEMFXwOtXTKOIYXdWDduOUAFtzUJxhXBLYbQRCxp64JKIo7n1c +5KTpBiSZ4P4yIzy28cpqmLjQ+J5RUlMCq09qqBND7+eqeWQ/o0oBfVE+CNYsun9j +AsDPqp1k4rAtSx16d54sa19cA2cSeqE9v6zLgnOVCVHjwgY3uRw7 +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-sets-eku-any/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-sets-eku-any/Target.key new file mode 100644 index 00000000000..ea8d5811ca5 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-sets-eku-any/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAw4ITZA41MwysRL5tkvXkl9iavWTxtWdiAXsMmFdKY2SwnWp7 +hKKR/nMLTIHOifmNjYpBGMjYZCc2MuY2JkQWEy6hrTgGCxs5YmqUrKBZvlLLR9dL +AAmRjhRpqWLfSdi2eXPeYNS4domkU4odS4CIMegFRoEbe11S0Gs7Uw0lPJWbLZmD +PAOMtXP7Q2yCs0hXODz/t3nYE3QG0Bd4qTgJdsr5t1qlim6Ffyc0eYLvogGTrvoL +GEfUFP9neCtTkvasJ0LHf479Bko2uXqYXg2U7xr6CK2NZCjHwQN2Y7kzWp8WvtPg +XOlDe5uDs5Ax51krHNKMcxWiOpQ1A4CX+F2jEwIDAQABAoIBAHZQBUQLhQ47oRSI +2O6Sd5+cqSfsKonI4npa6KhYSuATUv4wLkd5yjfdjvzhoQfGSW9aN0K0aJ9TS21J ++4L0uRcqpRSaTq3x76wrK4W8FBMlL3duRijjoX4FxFuJRe7+go7FG9IlaOvzJ8qW +TlwekE0DSA3+m47wTulpuyDrV5ltMMzWDY+M8IPv/WK/mN4G3ONKPWiWA+Qlv2Rm +pmCMmSuI2ZgA/UW0VNvjAwrs5wuSCMkf+gaY1UbKJ4Au06DDCtCoSYC5nZqw/Zkk +LUiTUrVAB4TpwfSc8VoDkV+SJ54Gw776bd99Poyi0qoxjlPd+frHgerIVMN3rFfn +RHYRxeECgYEA6eVjjqeOD0bQ3nRKUWKZneqpPePtxxEAAMhRBPflPB3mR/Qq4SCb +ZeiWFxJ1mWEHTvUsaM5jlF/jZvF+H0PfQiHTB3hyEdbOVIDSIiyy5qD+8ubaslph +FB2Syq7lIeGTiN0bB7Ogz1+tfecbzz0vV/Ce43r6PHQYv0qwID7CQc0CgYEA1fv5 +KTCMG35Hzm3qvCLNlcmRYJJvJUOPMEhwlZKurrl4jiBGYHmDOK7qWpUJc4ewrkFg +WHrg5KUHDDUL1XoJrlDPMNOVP4kjX2f5Qs6kej/W53isDmdUxD9BMVPhHME4kmop +9LbyfMW1sGg416S9RJe68xUCo75Lb9Z7wGyMGF8CgYEAw5y+6J2lJ42YPZOQXARU +aUfKByLKx8Ol9wGRENCp/N8cqmzAN8vnaxFcBSvBAmetjxFo9LY3fe2752psioVf +AJX9QbAv5k95/B5In6A2dr+KuWbs3GDN897P14bxxqY7lykj5AsMoKJqHHPeRDHt +mGR63dEJ2ulVkRZLuowCNrkCgYApOZwtFU9I1LFc0cxRZpsY6nZ5lnyXP0bM1Ifs +KRBCVTUmnI0ydPaU6w33WZMykMe3Kp03LqU5J5oN/gJDpHlM/gCMtZahYPhRnyRk +fI8vhjEO8y6ir8Gi9VTH/hL2iTsu6gkfPkfFRgnU7J9W3EQifODlh/y0MysxZq78 +yWzMHQKBgQCUZAspO30NRKD0+wXDPHpD4S9YMjzdIhwExbp0zAtk/+6vKB+eusn8 +EWmnQoadShchg5jaLAy5cH13ssLav1yegm41QidLCZrWXeYUi77Lys5y6/JtAAy4 +gtXNgvRGYV5SHR/2yd5DyZDfN4rQfX+CMO7TxFBY5+Mcu6OfBuYBmA== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-by-512bit-rsa/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-by-512bit-rsa/Intermediate.key new file mode 100644 index 00000000000..5f4989f7cd9 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-by-512bit-rsa/Intermediate.key @@ -0,0 +1,10 @@ +openssl genrsa 512 +-----BEGIN RSA PRIVATE KEY----- +MIIBOQIBAAJBANUTu1K/yhkaBhloBx3mhxbT8OASuqK1Kj3ts2QWBqNQ/LCkSfL5 +qzStT9sKPSslkoY/lN/7/FTyx22e0hDgzQ0CAwEAAQJAbZBW20b5QY0LI9dFCY/3 +WLqkemPHClFDplJq0wUsZp8XCIDjkx8RzNBOjN1i4WV25z5q5lOGeYopYgE4g5AQ +QQIhAO0ZkvzLX7A08d5guXp7AZYIbX3z43fzBaaAPkgRaC9RAiEA5g/uXR1+NxrK +a88zei/oADF6tixOoTI41Hkg3CCK6v0CIE6GPskcbfeEwWod7K/k1zSiW+jwAjDy +urdXF8l0gmXRAiBNtcnlKAYvJNyFCAsyVaY/EneJu3Of3W/2zSd9U3y5HQIgXa7O +cDEGpXaGf862y0kEzrHPnG8morJkL6zjUOtI6ZA= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-by-512bit-rsa/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-by-512bit-rsa/Root.key new file mode 100644 index 00000000000..3034b86cfaa --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-by-512bit-rsa/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAyj/4H0KPVZj4n/uUA0IqwUI6KyrzVBTz/mclJNOaf2YaYAud +2L1lcbX12f7r9gRyV5e8I7C+vc6UnlgaEOczCQtXqBxv+vfO0TE0kBq0YC3Sfymb +Tuz0bpkha5ickAn8vS9VwzQ4SEpz/ljiCbnZ+VP2hOJd/Os8upL1vJfM70NU90/J +tCyGlTKm6JH1jjH43rXZyT1N1yRMjFiqisV5q+fNO1yEZ1JaiDPDVdWpLslbYXyH +BcEL1xlK/r26r9flcNGkkgjS8sorsZTQhFf5MJL8OmeCEG7jiZ+z33VumUa9zrHo +rKI7IYDaERO935MODu5d9TmiqPdByMsAXKzusQIDAQABAoIBAEiBrGtQimBOifuY +zpRoeTl1i7MEH93p8RsoUTmlnsLDkPsTzw/vvlmIuU3gxSkaqP9cB3foGkmjsMYf +oaCjsjkw1skPANpBUuTONiDfYgEFDGzINsSR0IOB5GhVevNskS4ltSJZK0BHaNQr +e0WvWkS3ZC55lOZiUxA0NWLaLP8tSXdWoaUK3XBwCi+yg5E+enM88Hx69kAY5Xxs +1D3GxPpCPXTT6xVuutA7eaozb7QQuMQro/T279YpFN7DblFs4CxYpGFJHsJ3+y9m +4jj1vDSA5lZvj20x4EhiS40rsF/5pjBq0SZG39Gv9cUwJjgbgwAPRjufv5Hjd4vo +b2X36v0CgYEA+mm1qlKHLEtnDVZK+6gX5gO6O7YF+u/Nj+jzsZ7/2/O0LMDs37kd +jq+8KJz/xsSyU0s+1r+ddY8GuIGHqyGiRVKyIUcA90vd9SrxYcRbbV7G0QZym+F4 +fuJ3jRbFK6fDz9BwkaE7/uOFsckWNiSH7ChSQss8nIQ8AdH4bBjyJ2cCgYEAzsMq +V2Pc9dXYsKQVoCbSvcWqizh0GrOoZUKfytBNnGacS9wU1mfdNknTS3fwLWfaBu7e +mS3MdFQoM0g4kOGEhv09vb1bNiAe+x37cXQvFzKeH9Aj3LTnJQHIbnEBnZGM+VMA +9e2TsS6b/L1L/4+zz6yCecZHpezpQjcslk8A4icCgYBgrHDS6Xt/8Tg+oOLf1twr +E6NRLAuQ/gU5GrECEKUscCBN6slH8bpkfJnCgCIKxaMmnvUKiP0sBmSM1Izg12JD +KxLT4AqSbjqpTMPVf63gQme1CK00Ws5fBeUrle/W07S3xPvAbSOxWnsh0MT/cAj9 +de+UE8w5jJ9yAHLMoLDT3wKBgDOUUlK8sdmOAGGIfXCXXslCr1nNuoESwnaIWU6C +Cmpy2pi+DWCzRmcNoa1Y/UyGdMh3/IXf+/olKGYqpRnXeHUoZaeYvlFRUAk7IIfc +AQdbdEDhbqDXbDY6LKMIg+un7LAh+cJgAxEXXIh/PJ9DXQr4sQ/p2+PTpxkCpJfW +m5TPAoGAYIdAPSVITlwvEJZHOy0TJ5/1f8oAcNp16hhhfmxN8NCad5JaW8G5QSDG +ck7RvwV6Zt3z5LaXYCyz8JbMxTGnCMdf5xKrRkTN+i515BGBYQqbkNqrdIdYKzmF +wDHaQFVtWi7cH1j6fygW9luZt3Jh0+euPEewMmLzZ1AglSYDwUQ= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-by-512bit-rsa/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-by-512bit-rsa/Target.key new file mode 100644 index 00000000000..1cba9eb9fd7 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-by-512bit-rsa/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA8kLbRLJr8gpBBFN9CzSk/o3VOv/lqQxd5C1p/uPdikcv6J5a +VKsLlYQWr/opEUNcyVkVMFl3u2Ld1uQnOr+pgsu49DxcHXSHjVevCmmRaLSq9hSL +JRRgaMmNVgkGpq0SissFM7AeEQNSv699h7CXIvta9OpbFFbMrQMq2nVZNYuIOrdm +OxiofMQpT2as2h+67O/8VQEeMXqvylxdz3NJL1C5DTtMDNmw1iWG6j1N6t47nCp5 +s8YTmrsiU2J8qQWmo8f1KHIkwNbsb2brWoWRXs2llcyfYIihvJUzH/SPmWhWZDlM +pN/zQRAUUOW6QuXG7FA3RCbeDShxuGO7OH4EqQIDAQABAoIBAG/CCdcKHCP/OPke +7qtxsL/BfGGIVVED5HhzvtcYFUZKCr7b9j3i3iguVC0AUVumYLJ+BvlT/JkURdRx +UeuXKUKuanc5NSFddX7tuVErXCoaVlfJKFuFp+gPOsU6yrevVcNzXsX2dBhTGSRW +d6lV/JLls5MSXcvnMuqJcIZw5iN9ghfzsFjXSkliXLb7izq1cjexqQ19uIwbuowH +B8njrtmd/vMWRmuKpS77djrllh00JXrvKGATNX6ggPlaJgnIG0qvGGJCqDShtlJ+ +F9jtjVPNWKGFmmfSiNGpSftMWTUSGSQWmUFRLqb0zWqa839/FvQAOnoOF1PhVKz8 +UXY5VDUCgYEA/w+ILmeryXYGrWYGLUdg4Pch+UMYvfzlf0CXuJHEN4Wk2aINO1qo +TqC0qc2IIUEw36M5lu1ihXhd/L8221VuQWxjUOI7zu4U/M3ksky7V6C4KrxS9FCU +DaK1Z25aUDoKvEMpVL5Eo/rdgpbhvtEd7WiEtPfBf4vqG91ABePTxvcCgYEA8ydB +4MiDftZm3CauEWQeC2AvD5nFkuKfcl36OtRnECCq3DvyKU3rXh0VKqe0U96SZrVo +HXQHQyns53HrBx2igz6AqzTJIASU2L3HQ7kLCuny3Fz3VgTYsHuSdLfod3d0ChGe +pwccJwbUs/3NxZ7svTLRbHvK6LRMH9SLFce7iV8CgYEAg+IlGVGTuwzjMP/DC+CP +kGNY1slB3uMIS787dD0zBz58Wef4DYu34Ugpgm97By7tNYXxvj+qpLbzaj/4/npz +EzMXO3hvUnU6tulDaopQiGPbNoXAIwITO+W5BO1Dl54bdPMJSP9FAMEzjlW0DnWU +kvBrRiOhkvDmsVe6xhDirUsCgYEA0zSAVp4VCjF1uzil7llGd58egbCSG1paIV9c +IYmp1Cpr/0zateIG1gLxBdISIt+rzyc3vo2wWTirnQYonk+xf8rkvNHm+bbBC9sc +oMi0vNAlsh/Wf5NKHVHZDyVH+a16z9wqMO9OFuAqFgYZnNTE0jq4CkElKSijDurx +vQN29IUCgYAjhVZQWSStTO/v+PM6NuJ6kbdsYIcx6O3cAK25XsGErJdogyNKloqP +rW5U0sroKlWUOEodjod6dDuUaQUCmO0Np4mHZTRwkXKor9nYYqiSVBh6PJLZLBUH +X6U9dSsRaQ1EaM63wNPIGvM/aAe8KpiEcpVtTJmS/yMf1+vI0cEbqA== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-using-ecdsa/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-using-ecdsa/Intermediate.key new file mode 100644 index 00000000000..ebac5bfa442 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-using-ecdsa/Intermediate.key @@ -0,0 +1,10 @@ +openssl ecparam -name secp384r1 -genkey +-----BEGIN EC PARAMETERS----- +BgUrgQQAIg== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDAzb/UOUefhWzR7oqjNIN5Kp1Smw8QgXe6oBCNitxyprV2Qg/9O0mVP +e2ZPkkGcnbSgBwYFK4EEACKhZANiAATzj9eIn5hnBTapFnyFss+OAnIZ66tIFB5v +ahOTPoC5qn9TnJGRnrF5duwx75dGMNj0rZxgwKYAiGJaaJ4+APNstBoQC3gS8/5f +R0AU5y3AgszP35P7IY7tWbJwHntwDOU= +-----END EC PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-using-ecdsa/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-using-ecdsa/Root.key new file mode 100644 index 00000000000..e6ed5c15282 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-using-ecdsa/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEA9cZO7j/wfGTDXQkVAhwb80MZpcGpoPv5mO7kr3zirVFtxXQD +Tdvx4GntmiPYzTQLg2oyTh3AkfyIFwINvW3ZuZJxa48jQPlI/hZZr/ScM30/CGX/ +8eWcTejoe0rDFm1TnZLXhpuV+12Gba8A3W8lDVNwfrY2EZTRkLXxbaiw6C0NxYW1 +UEt+sFeNgm274IJkO6TWxNcKLIlhR5lnXnEfXGYUCPopiAk7OGBNAWdT/haFcFS/ +4V52uDPjnBcIpA/yxeGsmZR+EEd9UUNChd/imlMHxC/Iv1baC39BbY92QrAlPPsK +9NDQs3lycA0HlZfBEYL/xBPsD8+7TrhK7co8owIDAQABAoIBAQDMyBVQMnpgS1z0 +kfKtNVqckFY4ZGrANfM8WCC3j6kXnHeIRCfUoeShheFxw1iLckf9kWik6elgOjfy +Y8WrBnKZSsmyQyuuoYcOHvVPxNK5nCv/BW4C0bwwtlWvFRYEA8fdzVJDWDPZo420 +qlJgLpGCzvk2uv/GGmea2d517k6ow+9cl5Pna8sqfrea6v/8hf3iDnRzl/HHJUPI +2xDT5bHAOmlILvjvc4FhytYFR75+8gVjfX9G8FtVeBYc2UZJ6YLr0ImC90IS2Ubg +LfgEsofQoVpcNgbi0cW5GWm4Gd8ztQS2BwcflDC1L/pSvS/rKVn3P19Y5ECgQ4Ak +gVVhIs3xAoGBAP76VM3YD4vt8lRiab2pkeQjKV372FfkxhefIyLhtm0+j++8MaDq +oIeyAdEm9evrGo10iVdG+VAhkv5+XlX1AtXNzIEEe2eI03N4R5DiGENUpWGk9u8X +ENnakEdDGDLwXFwxp37eHQZvSiV9lb2a91Od3ppaPDz6mTwcOJ18rGzdAoGBAPbC +iEd6Vfu/9UeOjKqgo1wn/TMI8GtYBDH5GmtPTuhu/yMY1AreLZlLHC9mE0noUeG8 +apEnRAhSmNokONtTBjCH9sQlVrkAHCpbjZGd4Skin9eopejjyA5pLSW4i9Z3Fy9C +Yo2foIVCjzjU6g+I/8wtYSzJ+qtDqYqqFgRZI/d/AoGBAL1u2mZ8KUC6rZlH7Gt+ +eedWwDsVCqxySUHvdzlJHDGZk3J3DSAScOWfuH3dRkPaTcXeWNNA5aVE7GKrHAcc +mtihp1gLLmvDWeWl7PWVJJWRY7VhzBvhtSFFon9vN6FQti3ArkIxXrsTH7Eu1nsh +kLLMzT873xkmzYW9KcrHf4r5AoGBAN2bvVo8IwZR0c1u1yPR2oREIZ/40joFNNdQ +eQqQkjQqoxX5EU2lVVxLWUe0K3R/oTHSzf4IPpAe5clbKHjIalGheduUEPtafvEH +ge+Z04Hm55h9jGrITn2qtXIf9+4my/qUav/3sOic6xVGGeLTza6nvpLD3kx7GsM+ +l0FWcPevAoGBAMN75VPtZ3MemJFjvKsGEd1Dj7g3VEZrIoRPUjp67mNUCDxMD8nf +3w4KpbrHWbizf/IZxMInifAzdXkSsUAq5Lm3vRjR4QtpAbVfK0a4icdpWmduvhSx +w/ya3X1GAz2TxbQA6r4qYP7Jn7lSxkoKreTjOCuvX2fxg1uENsloPKQc +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-using-ecdsa/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-using-ecdsa/Target.key new file mode 100644 index 00000000000..5aba065edad --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-using-ecdsa/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA5pAU12xehSQhF3rO8oo+gyDkPuvPTAa7CtUh2SvhLhSKIBbI +yUtV7enqSO3vAyveJd1BmwwLvfhY4qC6kj8D3srmNUK+q+EzF6w+vPyQKtLHdh9R +0srpgOB2OauIZbTj6gXdxY7+TIbDBkkMq2mlTxTMgh+xPfb51dRhQTXl1PdPGq/7 +qP/veziVQMVWMqXPj9YE3yPrW/cyo9eh38tnNSXWY5LX2tmDIFJYHe9uPIiRFAjH +cIW3s5PBmlFX2NVMgYOWkbZaubV++5C9cS4JBG75C/9RQ9Qgd+4xNJj46I9aLnXx +D79kNaUAy0oAbkWjAdeXRklVwd8tMcSYriWyswIDAQABAoIBAGwv75emIjQXX+/E +kJb+h5bAOFnODNd/0QSkPd3J2T/mI2orRswtrYSV3nmaLC0wyGy8BazbWicqAYtW +IDW/m/FPA/a5+v5sDa1uBYJogL2XakDjMWHYFPmEWfV1p+sRlmCZoBazomAGXDz2 +yhsk14zkFZJ5jJGm8lSD857Fy7LB9Sr9wSyGww8q4UmzQ3ST1foM+tvhZ5cKG+MY +NV6m5zqy9DKY6zj5935nbX8Kk0/u7obv+c+vxd06eNkoPxApqiqYJfSaLi4mgj/6 +2KdZYOD23QnQkNlJ6Y2ypwgMMKds8LhrYv9R2GkMZechacFxRY4ahJV9eOva+bTA +XuJ5iwECgYEA+OMDuCQUWxLAKf+N4syDlWZiKmyLLLiUp6djsu+gw0yic+tExwY1 +2pH1LBN7rh/SwA1S0i/Z8IXydOwJxRE0QB4x2jAfMnF1+2jSdVTFI5xuRtdV/0Op +Nk1qPnJTigvox4lUpmKbLTFkDFZxzWW4WM9tX5/Abs7Kl49/57D7Z9cCgYEA7Sb/ +zwWFKBJPhkFP2VxZjFxO6uPX2Zs+9KH6yfxzlPoksUZhh8Hy58D8o9yy/4749Zsa +HTa8HWFOiPza84rR2EX/SKmDsBJD5/Kq5YdZHFRb0V4a2LYnscLr7xLTvuG7aqRd +AEO+hekKwOF4bNDrACVcedkhsIdLJeLIqCylQIUCgYEA5T/F10F0docI9iZsvPGA +aobJ+SXN9D14wAzRKqrKu9nE8V1OFrzDsjYrTJQNok+xwjEDjpOA/amDsOsR/LFi +HYUyijU1JzOXZyIgaO7SP4EBmsMSdXQPUvNv32FTTZ62pcT7cd717GTIMQ0W+giu +Cy/VIPV3PRnBRmVpfTJqADUCgYBamVSO9U/qgBxLcPYdVu+K9NTdXY/fvTRu5tbV +hZFub6XG59losMqoiQy7WRw1D5zCz69JS9jP7JXBNcA73GPQmOUvEDuT71Zr7UQm +je+YKA4vzSC6e9RsT8gsvGeSe9BKrGIvMLI/nEkUaM7F24Z7tso+bpo1Q2qNHbeE +sBGttQKBgQDpGOOyWrSnBWIc69/psIIsDvklRz26eYsbCzKqI/dlHhJjWshyKB15 +pZb5OaacfQykWxd0kIRVSghbbwxllOvlU/+sV2eag16zxotVt0l5mx1dCBOEDTFq +SeR+aKlGCw4Xowuh85r3Uy5Zanp8AE0h/e+OiSkYgOMYGOT7Sq8j5A== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-with-md5/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-with-md5/Intermediate.key new file mode 100644 index 00000000000..46ffc6c3af3 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-with-md5/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA2c+jchFDodF4WV4ny+72LlJOnXnRxB69u+nUy16Vn7oMfKqz +G5dXgqls8eaJSzf8aIyTK8g1WOT1asmdzKM/JZijb4Fsl2cwuHqrR0JqfJOhyR0+ +uQL7HHFALZqjRjVcTtupLZoJ1tGdfJmTqf0lmJC6hKd0v0+ajluiLmtdI8R3QncL +ivThVSFmGEOnpghBmULM8xyQkyESXWcdr/3w9sHOJoOFAm7cyprUgVUZnFegVhdM +pxp78InPmv0nVpu2JACkihuCWjn8OtHprgMNqo2VxDFQGLULxU+VhQAd3uTUH/rD +kBJH1GB1ylobNyJaIRQhiYoHGxBdnzW1UD/SKQIDAQABAoIBAQCQI7K8R+SD78U/ +DuozMP5FhT51RCqnKNjSxFmIBB3sSAj/b098ENlepJRuOOvelTw6S90Q+jsjitFG +TApbZCTj0nFF11Zvk2BQlQ1H6RHjQyermejqMqjPF7sq8szeJ23g2cjJXsjoGmuo +C1IHCnmYzx4/rzm5aQqU7tsS8QYAJkk2zfn1wh6Z0cICNlnEFkLCAKFmyAtQSj2X +LA7Vv2lidM7bD46hnUiVo+hqSB/3Fd9l781tGVRY216Z+1HI4DeqYsYdClnRz4s+ +D7snKD2GiWWrj3zx+e0QxyHMK1QxOcidPmABsJE36Vku79y583Z3WMlr053/0IMX +4eFj4loBAoGBAPRIy8qx2NIDSmi8P6Inq0kUSYdPuHUq3WNa5frLhoh6lBfo6gFD +1RSsQ4dKvsEoouZEWzM3myPTpjX8+rAiHoApaTbAbh+YJwoloLGXSHOT6Jz8rWbV +94ld6zSIF//OdEXHkBOo535crgKv214G6wbGVDfrDrz424kJya5iRC4JAoGBAORB +0QasM4/wmL2oXvJdxLAgj4XW5ritQfv/CSVuh3HrGdXtVRSgD4cNtE3fivy9ksKF +55IRziwN07maFDLfzxoILUufw/DYzZs4lD9VAYZSVr9+ceGgMs046cC41ISycfxF +aoCuWClcJtgn72xqu/3/J+/rZkDepyL+J1j6f4shAoGAdjcgP/fu6DrlcGfhF3TB +BD2IE641oqXauzEK6GJDuZowPp3dWD1eSYHPsBIw28LxiiN8Sv3W2vCal7fUDRaF +0hm4K+HVqP51rghlimueiSgDwqzYsVJMVzKXFzXg/08Gn5oilBEB7fmlz/EQZKFO +bVne+ayL1lFL1DZjXjt5qRkCgYBR70I+F/BGWgIqCldSvtAMvRNn4rVdU2wdLfY1 +hpB+FvtmLFRfG/mW7Bdt4LF+efpFc1WlvFh6vdfjhuh7PpWT7Z18yPPH77sWXd/x +P+1VLxdOk/ADIsM5oZVfBbnbjEaYXL6XRH4HEroq22L5UvL6gO3wFFrXLFVonTy4 +lurToQKBgQDE3bXuI4w48PRiIVIgZSMXUtj4Qo5uB0mZY6PUrtHA6XqeGeystlPd +DIrcNsRWarj1Dt+Jq9fYKC/5d60LAUzHz4j0O7B26PV37LIxBCIGIFXIPOEMpl4e +jG2bKmsncIpCEGTKot+klgMypIcmb9z7iKDFXsaoXJGkVrtJ0Xc+DQ== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-with-md5/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-with-md5/Root.key new file mode 100644 index 00000000000..0647c1ae2a3 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-with-md5/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA9iKozh2UiJe55+erVtocfAYnewaspXWwuItE2Y8HOI/IFUZJ +RsczB3T6TDCn5kjrXAMUC9r5Zr4L9ATi1th5zzwMHWEnTo4OIU+2K+C/3WcNMXs4 +NoyJ8FAsNfCmH0aF8nhZLuDwo6XX1SWpbtNub4BXZKDA03WUYnKZH6PfbrnjOWvT +lIPbmZH605jiwONmcRz/7kAUdetHeSEBtWCGgR5Ax+a4SJUsB1BJQGWfxJFsAO7M +mB7F0u/+CXTyuNmRSAFIJ9lQtU9E6PP6AxIIpfq5VbFFWXaHydTE12WttMWCeerw +t1x1GE0zTLz2BegiMGtb2CoUKmoRfEhqfA7n6QIDAQABAoIBAEtPB38pJc01Pzhp +dc85JQX9jA7kV+a4P733PrWiQX9Y3stDmiAByuc5L2woZvba0MhyWKvX7/8znsym +whEiYwK5SKukkjZC2Kfwj7iVJ59CbJL7NJPcJEhW/2/xlaJ0HX+2uvLQ+E/Z6lPZ +FiJGpr+O8S5k0RriGuiUT62SokZqGDQeM/nAceQhg6HSOW9p7EX4LcOIJC64ipwy +rzN51Zz0cT/PB7ybnz4ZnS0CcjBI+LRBR+kt7QAyZVCUbFrsysW4HsjRTe1sYqEk +btSCob8HBO1Ey3R2l4OVcLpSVY/t/M8nIxqvJZhMCR8Hr7sourzcQgS9wMF8rDnV +ub4wblECgYEA+5uyod2JuJEQEbQ96Iyo1zscrdwMNLSX4R4EZP6HHNqfHh2dE1o7 +uoHjEd1zHbUSk1xcr04B8lSKhqib0RA8ICFgzKHwCwciPY/jaYvCbpfpuKIIMLcn +t3hJMGWHCaOJBuqKLqc9HsFymaNk7MymF62FsLPG5LTiqqkXOJ9CClMCgYEA+m6B +rtR9E+j0nFNrlW1upuhSfby+KvDPHmSK7M+nm7Yy905P4VkjntjO9+Bfi/vYZ9HX +kFADUNYwSToDz85j3himCttYdijPUdXijZgg5cQ2o86NCROmplBBoWs+MGwXMbPK +IcpwHz6tpJoQgbS7jo0Fcle2ggtkml7wMQvoVVMCgYEA4RlCjx2sALuHLM+cM1jk +FOqFleWv5ddLqdM5C0HLjzzn7gGAbbfkh898XpdITeOZYszW/t9DTpHj/OULwdZM +dFJoT6rxHmybbYg1ZE/s+xRdvRj5StwRZErw76NlVHJCPTXHukVUoRdgd6N+v3u3 +fKd5W8T6w9Iwl43/gGC6rJECgYEAmtcCtd9J6qqJu7JUfZKo7OgOQRIXHqO/3BHc +V+lYv40a3A/+kd20iX2SEm8XhIzV0/NJ7j+anTuhpVUKkE0TMHpbB7Fxc7Vt4jJ1 +noimJop4IjYOu8L7si9DNRQC4puih6ebXeM2CguN/40Gkbv2j4AgEv+qp6N1s4Dp +z9mF8GMCgYBw3TY0vpuEGAZpLx3gqrUif8/KZome9cTB9GlPpnYtUhJt9lGoQNnd +bXyIbcZ99YTOdE3GwtQYo1qvliM5ixaXPWwK1w13E1xXNOP/JSP7+EJ5RriI55Jf +bUyE1xeNdmVvM/Y/V/K2RnOxSKfI6q67dE62I9Wnu4ZCvw0jETo0kg== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-with-md5/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-with-md5/Target.key new file mode 100644 index 00000000000..8faf8c55a02 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-signed-with-md5/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAp7i8knSxvI9b1TyBpo/Sv3649s1JW/0Y7gdcMs/xf1EGmFOR +Fk7ALDQWuBKdEF1yQuwA6WtK+xe/OjX5p/VQ34C/2Wo9dJNLzhNfVzyhYFUQ6TIP +hM7C11G+FrFUP4ZbnpzsXhCHEAiseO7al1qvUoTejS3kkTAJoecri4u4cKBDD9sV +SKXClK/5guSGV9Mc6AxxEQb+9V6tpibTUQvy8FyZBf5RoddK5n/zVOuCB/k6g7vE +tUEH33aVmu0ENEofvZEZeGvgJEzMrSGAYSADlhzo2MrpvO5fk+v4SO6TAevDpINr +PQMO+qeqIk1mQIv/5J45T7ETH+7NcCEQJpabAwIDAQABAoIBADUsGxRvTH3UETAc +G5pblFvDaA5ObMhuB/5GdRNi21QasvWN4LxqwQACj4VR2Vt71KKkwXE+46mREL36 +qKh33GjPH4Nk7BDONcUiXSKCBUNOFKtphIP9LMYokxQMqgHtrZQueb0kjj0mEs/Q +IZrEVDrcBtZJS2JAEX2zlRmLdTC3Crt0zjhJjp65pE0DdGMBswSy3bYo3Zvuh8h1 +HA2WPQWBR1tY98IHY/cq/CoSf5MuIx9/A7HuIZdG0bBcOZfu+EnxrQKKI+2AWpy2 +E1wrRlKbAovckedU7q4dgBNPRmnOFQyiGeZMJO5AObEZfQfJkk/RUa4KvzxbqckW +OhTkNxECgYEA1S6/tuIJB+6rBUg7h1Dzf7x40awQ0XG7j5vhmgbStsNUuOQoQft9 +Fwo8O4UD+37xGeZxL6bwgkNAYEBlqVJq2Txk5QMgqXA7ZxURKrQVlru2ayA9vZ3X +wkOJq5T/eAvOGYpwP5+EY+43YQBnGg6LQbVIZS+s5yoD6r2OPC2DMqkCgYEAyWiC +9UMLF58nNPteWUZaE0C4sUKNq9W4VpIKUlShqb1+l9XVlE0YS8HDESpldCfk31QK +FxI10LD31pzhTRrptXWHixyBKbicbd+E20K5fiQzcSedR3nZY8XaavQ8EVM7+gij +a/oTniSvXxwRxAEhD30M5IIKGEg8y777IDpmV8sCgYEAvsK6YtgY5LQ47N0aB5f0 +jFUGd/jUg9aV04fVdJKuc0SOx3PCYmi8IqXSCCCa061f6aE/nzhu9uFe9cIqNj29 +xu44CoWl8Hixbyh22BOVTfBi57FODiL0Mq1kv9jwUWee4VPz5brEKPe9LlvB5psl +GYMyaPkkayY5oxBD+q1vPSECgYAnfAWwb2RNTTYyfNUSS2h9PcL3fUSo2004K4k6 +erz2ud+HhLRKTpLkxyemxdj93JRR8/fGbht+vjLYMAk7RHtsx427B+uKcla4c4lo +MryKri4nkMyUpp6noLIhJaBhBSBM9ESVdoFCD48R5j7VXiNNFgbhBV1VRVQl3Vr+ +BnTp4QKBgQCJoF+gm4kkOQ9nrXjkorrFGNTrglNm4ABu2aKs2TJA6/v5mv9VzH44 +XdQ8D+cEq1BAmIkyo/mr/F2/CeLDhygYFFAyMerTEuWc7j8dupjBLXvZ4DKSoVg5 +hYdGE0ZGXaBRsHMgrOHWwGXJrYAZwfmU4e/gSwqCFfEHBeZUBUsUNg== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-unknown-critical-extension/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-unknown-critical-extension/Intermediate.key new file mode 100644 index 00000000000..c314ae48efc --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-unknown-critical-extension/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAuM+R3bV0B7qKkzzKDBFdNinsUx4yi5Cu+cDb0n546jxYV19w +Spaak1jTfkJgvXgHOGvkFo8yFzCxdpVWbX7lnvkP+FqZ7oDh5vzWrzNhqtoZmH/a +Jy+AvJYuUYH4GmMnC87uAhZVSpYKxcF+mZXocOdNKy+/09ItJX0PslCWNpXlLMoO +WbXUfDFXlvq+xtWag7WW8hxKIM++Dn9CT6e0W+IB9O1ZxG5RoaWqpx8EzuDSLP+j +dMfkKqjSf83xVoZn/nUiBfctOzvOXLmVTuXK2In2sxIntCJr+4P5Dt6ovjhbFWaB +O2LXUBIpaVvFWpmXqlHDNoiXycGQU0+z7Jk88wIDAQABAoIBAC5H7ON0uWXmFSXi +J0b2Yj1aKlB2U3oX9XmeDm6cNXOTQRxATkKfjH4x1GTeApPwJv6+JhRwL78W9poX +s9kf2ikBfjpXlgzgQbIyxyCA4YiDrb0+50bA4qBXi6nlvlf9VJ3kaD4lkZ5oDLKR +Tj7wB5GemvihsIw/KgclVnT1MWjhm6mtK2KhFEldi3FcTz2wa+Le3VgK51UUIQu7 +iliAfi5+gBf8HTvzCVCKqig7BJtjC2hYII1XSlCblnFZK4dzvBlpX0d58lgfWbOQ +Y7jxDg06Va94mjuW3YWVo50Rf1+WawhOLDg2LurQjNxS+XZ8aJcQgyfuBBHXwST8 +6RQ1j4ECgYEA5y8Qo918sdyWsVeaywQ5WPCl8TJcRjcSFhtvOpAqa8XPcxdWR33R +9Jh9I7/e3uXNoUsJx6QU7j7gno3iC31LDxOOqvj8NfH3GrSJLqhmSpCbGsK8ijR8 +BYyNfoMukqogqOwH6d7x8pvnV8Yd44giTtp0H52rR+RoYCVbuzNpP0MCgYEAzKYs +Y+/kq+nC4WneWg3crxX7XcOdVZYUaX7wfTvrfaLqNip0nHnk2ETudYNHL3tEoBPB +7vJ00nuxoZ4yE6K2JP0IpVVWZ/+uHj3midHJc/Qx8u8NBnD4bhnPFvxqUtUsDsX1 +Q1epX3p2MfWagiZ7Ct0TcyxIISpbsyGxHbSHeJECgYBDTiiCDJGpFpeoueCPCoPH +qQgm2IqUxqO1W/deDWrMRaLH1xt/ZNojY+HK7qlsK2tacgY+4T5WvmeWwaf1wFyB +3yfCDwseiXtvgvANbWmae88sU1Wgxvb0hp8LHhYJDQ7FHzKOnCHEiC8qFrvM6m1S +l7cHHVgobg8VLssuDSGvEQKBgQC+BDFFXbISWYuEZxt4vFRDEYMDDaVhmWc8iQvd +DCzcy87yGjuKKrfsgxxyakFHego/I/k211LXONi2+r7+cl7zOyqy8Oi4ybMvC0Sq +hOqrSnqyWXnbmDtjZ31cl2RVou80jGPtclCmgXuLacNbw0UN0jXEA8K5YK4iRk9B +CKWcsQKBgDg+eGqp3IUubm8spHDJuVWsX1ARHLtzDKwKIlKgyLNuBdiBP5W3cOI8 +n7Bv2wQeQCOEgf/PjQnlkHzHGbx3ggOcg8JsOQmlGMGAe17lqXaju8aB7/nGlGjn +gdyjpP26b1OYqDdnYmYFOWrqN1yqiNlzXOydO72m3Ra6j6R8KACj +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-unknown-critical-extension/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-unknown-critical-extension/Root.key new file mode 100644 index 00000000000..402ab760f5a --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-unknown-critical-extension/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEAwI6DfH4MauiTLPjmgBfmKpHyHRqxUW4+TZa9oSnzvc5GF9xf +7bcz2BcxgLES87uGHUqnYd1RFaidUCVPk1uMpkMwpUZ+gHRRF2ZhusCd9VPkTQJY +pCes7zXrAeYND6Jns5UdM9NwVW1zgN3H3CHGWJp9y+ad4q9/FAJ8+EX/XHR6fbE1 +H3QP5w2XUVgVQQf6EpkqhJJImwjurSY3FT5+e7YelDa+udi2bydxE9E+t56d1h7h +y3srqyBG4AicVFvG28JX02fuAM/SywtkMaecl/VLN9t91d2Rp+3cDC+cBEJQRopZ +0pwQ1wwl2Xne4Uw9Slo/LGwgoWCfJGkaCvlueQIDAQABAoIBAQCI58rMxMIHcPzT +SNR51oQrWEEQOF5CS2O4vqhs4esO1I45gNIjrdIKndLwcPXMnVOpl96SUkzIXW4c +AasmVj0WKUd4+zoOEqVlQcHSigjE2LTFnBlx/VOTcH56hxpaN1oL8MUmh/qigoNQ +6F6lQM5JSO6P/pPbDHQJwgsgaoQ5MsvHFBv8mrjRB+Dq78W4zYkN3IfBmsAjkAjF +FU2C5FEP8D3B59czbsxym0A6KtHc+Q9tGAcym6ANy9Qjv/pCYMBqViN1J5LH7ld1 +WtrRsdJi5CUyjbq4MH8bc1xwdHtShOCdxqEGl5QorPkBrGwN00Tuh5+Xsb5d7bzu +OUQ1385BAoGBAOZG6wVFPlnbQ+ugfHpBU4HzUyzLUFiVeVsgxBD55JmpY1zJGbdY +P9fktK0+xax9Y8f6tbwnBkafvbnaLZOK2swJN+UnMR/2/8FRSHcGrrISQ8v6Cp7Z +fsyIYzYeTzbGL63W5zCa3lPi7VHT+r23tXnvAllqrHCjHgKB4/6OH4uFAoGBANYQ +7o/tmZAYOPJ15F7NlNt6xfiirJ9EyQUoqpFkrOuAPDjey5RGNDKBAA5S0eI4w2o0 +xMkyQMvwnmGZsDxaJ/upm3KWtGu4Rm9hnnHx1LLw0Cc79C4AX8jnROWB1jjErO8H +wqMtt3tU2mhCCHLsXfvNueCeP/6raNtJ/O4Lt8dlAoGBAOOxx/2kJCzxdE1umObB +5XKfSOUH/GA7HI4Q7g3jKjkOlqNObdEuv6IYENclNIyER7+blUuAQuJeXVmB9ILp +T8NkchJyGE8FCor6dm7K+r409Tih+xJq+MgBLCh8+9KrUMXRszQKTkAgKI06z7n8 +BsOUo3wK0ItnnurXyLsRiPuJAoGBAKm2Zsxo/RRGf++KE/ItXtTa81V58w2aRRz3 +7rKydH2I/zW/PPti5UMdDuRMOOX3RsZO66zvUHvfWlHavOQ8PfLBtuIUJRo50G3B +oRKJPa5YSU6xs5c86LOo1vB2DVaYZtpi9qbUOeFnlniN0ZD7YE+f/Lvd+rJ3RvyE +HijD1YIZAoGBAJoEUyIjaN6rR25bD7nG1aVKaSWulMP4fOaZRjbClltWcMbo0szE +oCdyFh6XFRU2lOtiUxJTj6s/uSPlRFNVFYoVuR4qqiFlX4U6xrFAULQV5VfDf9D0 +2mwKGHBrJdajiCA43yCF+28YQXIVHbq+XBsnP+rgga5uFrx6Zc94twjk +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-unknown-critical-extension/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-unknown-critical-extension/Target.key new file mode 100644 index 00000000000..3618047853a --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-unknown-critical-extension/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAvQXqOhwUodutLBg9JZzcHA8rHkLfwny0OeZLRevTohwr3PKM +CPWB3736ohocXJnLAMcxAshEXzHPnIJtPAxd99bMkf7z53oIF4XVdWHu3WZVPOJo +mDYZIOSbzSRso12JhIAuxxFOwYKygM4P6WpCVBD7wApTvhkBOLoGxZOTHISqJcfF +mk0yLqQTXm0H1p3lsClj2hS3YlFjk9workq8NazABurqC9VwYTsFeOTTrcOtlfFI +5Xmm3BIfFE8hn8pvet3WRciKYJYcAgYWGIAhWGr2gz4amLiyqSJEwiXp3Kmqvx0u +Py6heAiTBEzEH/mzNJ+neFsCpsrTH/q6TTSiuwIDAQABAoIBAFlzgSK6wzDNqqfh +WJ6CGs/Uhc0uTIHXTdrQlvKh5Wcj+cX3qjlbJXjiiMdJn/5acW0O1qzAZUq/YcZp +GpR+LcHpjqnQg1AZudaX6SpBjC6ODOxhIKpXf5DHXsu33wl4bGmd14UxNZnx5dN6 +sKD/PiBWYSzCNlsRrjhQIIBDlCy78xwXdqEpc3wPpm7G5heo1h1bbLs/BTlKqexv +IQlZm5KDHDhW4acDFn/Zbcg3yYT7JBM0N0sKT+G+W3prLI+q3scmMzVsdHpuhlex +D4mUDAbmEZIvb4FfJaW9j8XTPkdpfUmQycITGcZQvjDZowlrSvF08mXRlE+MPx4r +VMeGMVECgYEA4afnmif4B6nrPqUL9i7xLNXXlBHO0I4re48gcZAYU4Ej8hqwnNn9 +k0jLgmyyMjTQhxmuqbkU4eLnzc7VFpG4RC91wS/cGNBmrgg0xXx6eXqEQR1If5mX +mUjB4DEaJmTdjwWZAHDNcYX4h0AQ4cfC+juqY/jgyogzlxfSqJ7OpGUCgYEA1nDx +0/p+3JXEHmpTHKliSU1W3NGRycVXOWWuFWDnNFJ71srfAjaTOYDWSAxutT5WrCMD +Dyyk/z+bGDo+1cINoCSNuBylOdsLOD0DSwH7q9ZsB1ybcAjMSSD07OZ4TqWtQ6q9 +jVnrnR9Ky9C3RVraOLGkOUoON+l+iDMPES3N6J8CgYEA1oKiq+yq374rntWO1Wwy +YAi4ck2raJ59v2uDz/DG7zqoTRIKKlEfuM9OhqGFlCyYvpUvcLA8pa7p5L9l2ZqU +rFzhd9BjTkNuGKo8YC/AzZIl/zAzJvl/H3wGsXR8A1uHMtqDY+PXqL9OTmQcqEUZ +mH73ryl7p4xqXouK+jhc//ECgYEAuUH2CbX850CTn9snVjmXadBg3IBIvNG52yJW +1K1U0MT5q8S0CMtxQVpmxPPIqNfkNO5CdFeTa9hdev7GzhDJiLJLpOVKcMMl3D4J +nEFoVTn3NhzxREa1he/s6MTq5rcHCtB01ar7fFBOY+o6irZElHoTcFLkGbWk1LGX +sLWrj+0CgYAtTDDY2yvAPEYaaNFLmx92xQHCBjzepyoB3mipr0V4nO/VcM1ycUOz +09ZRn6eRUK8CsIps2CQJc8jeH7LUzUn1MU0b4l1YYE1wVSuIt1aOaCFkZP2V+GA1 +8A6E0cvGBcD2foLFrWlOq8TOBKuzt7OZv95obn2prn5R31ZQixYZqg== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-wrong-signature/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-wrong-signature/Intermediate.key new file mode 100644 index 00000000000..32e8c7ae3a3 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-wrong-signature/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAv12slKRtkEHiuKgjRNMLoBYPqdGGpn0WGwp0eO9+/WZ0jdee +1GvsgqcYWRumNn2zaaxdcHSIN0kqW9Lr21beVPc1Wjy2smkjxfZzlXiAjGKVDS+N +DmTiZioFfv1wI60AOW0tM6cArzd0Qb9nSb1RwVTI0x6H8YcTesDkIFIV/PFMnoQw +cpPfDnGUVHwSTkoxpneUi5g1AvofquhRxqZsuUA7LaM/ATN9W2Cz2xLMHKF/lEs7 +uCoTotrUy1q3qWCQGbXSg8CihFJEYR8m/z7iQzIVpJYzNDt8kEvw233o9DRlYOEJ +BlociolszMyBx+XVViTWb6EsyJ93q4sXC5j+xQIDAQABAoIBACi3TZjywz0GR67y +V061eKu/BeYj5npV8vYd61ov2t0fh30Ge4zGybOiydNrxpmhdSLuwZLDuJfKwXB4 +GCa6/OMnFfr1IAolxK7CGSWcVf2InB4KGAEQBfumxTSXx9xPWtTdHdj3l3WwXtP+ +XYOa/GIeH/yLanFBRCvCDsexr2v5rO/miB7hynZJ5YFZwtf99iqu8S1ULEE+UZ5c +1C1DhB/BzoUUB/g3DeNLGAxLq6UtsQqZFYL1ZmwVjeecrVIuYjn/LAHnNGkjwabN +tpf5b0HYS18LAH+JP6p2yLz/Ur0EeJ+I+U3MPKg8Q6vJ0u8nWb/W134aa05Uni31 +vGrZQwECgYEA6x0CKeyq0q62AFqiw+IquCk1M7vJXK8GWxgUgkrGBIdF5TCntIlf +26/KJeXPfPpK3sayUY5049d27Oi1IrybAdH7mFf2g1HW3dJMUJjXEnIolpKBFUJj +TOQrA7Q1+YZipbbyCPiQzcSy+bZITyg3e3u9aYT+yPS0JD4HIvIekW0CgYEA0F3B +CKB1lNFVI0O9UsvelyVV12gqBjMm+Vyo4HuWprP/p6uRZ9/6S0QGQ4EqMeQKI88G +67RNeAdjbb0lkIom2g9NbkqS7bHRasUtpyY4rfm6rTNz284fSZnMRMRvJ7+kaH6T +oTJBjUI47gUVoCxX+RQdREnrgcazuZquNZggI7kCgYAsBLxY+RRqaYdtvYpnvjpd +TGnHi8sBbUt1VqbQVguI4YK2jEt5w5aM3Pat7b7RGVNXLkBIgLFlzvtXE6KGJGWp +C5VdSmq+312pHixnkpYBwBnVRwyf3FQXG0jqYp0QYJari/r4rwD9ZWxU0EnteAwb +NGmcDehd22K2vl47rrUGaQKBgGux2YCs9rj5TSjR7TurFZxHdsvEEdxsedtu0fZc +ymvVIvE1kwz+Te6y9Q3U58srkzYY3fnbkiLUpsZkedLwJM6WFC5KKxDh1Fx8F3GK +Jsd9CMhWjK5yJeezr0lnwg/oVICR05oAULNDJAuZ4yiLYtjhVZMjJa9I1UG8OgiH +XS05AoGAFz3V0aPTlD9isEUbz5KYm5t7nr3GpCKy5Ss+hkmQWDCeJb78vgW3P+H1 +OwV7nvVmOSM7AYIngp2q7VsGRx8nmsVwm/KDRnbnPxmPPLsHQS+TKHwbcOG9LWb0 +R0TkmMFIdwJrtBO997T9/gCGDxmw86OwvzeqkbYW7/RtrwJFk8Y= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-wrong-signature/Intermediate_1.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-wrong-signature/Intermediate_1.key new file mode 100644 index 00000000000..9dee1041fd6 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-wrong-signature/Intermediate_1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEA6Kf/fCGD1L3t9AlzeWkM7HkYeVQupofze2Xoc2qlr/0Aa8nt +hlAY8EzZEhc6I656ST1xfG7aT3vtVXPocVxyE4SPg6owTwq8OFF1R2fDbF7or5YH +Sgz3XcGC6gLiw9pXaCwDGqDZUQXv7GfM/cQJtPcvx1rfhH8VYDKdF05LPBVIp0Kh +9dQEgrvMGDqrB9FmgpsNsO/YRxhxeOYHR5cpJAx6EqsvSxTsNXrSoyoWDAuRWuLy +ZJOFHeInfn7N61+D1wcMBriPRJEMN9iGZSMa/o9pPrsgu+8bGBv9L79b077aLZ+a +V2tLcz80BJldoXO1CNG7mlyIoPhlHOd/85XQ/QIDAQABAoIBAQCK9DutAb9hAobq +J/Ll4o4rdi/d1x99qtkLLFRnCp0mvS7RMetBOvmKG/vRyDmbMgwrTh1HulV8/4FC +dlWvzwz7B0NH2g+8Racg49Xt7dVUFmNW634zBgd/4aG07kBNxUxLFW5NKyBgOfGP ++nb+YWWCxdetc2LoGZbEu7YDQ2m/2briCRdXWrGvNYCCXEyPDUo0zY1d1Jj9hnrM +lAFsQlOmq6JRGTN3WMdFTI/AnlLWl3hd0ofTTtLk38QxlIJlndT/fNvFTch3dY2T +TA38byGmXDbUmbu2ZiWlInCvdD+uadHS0thqkF76cz/s9mhAMDBuyly3YsNdtuEp +TDphQOsBAoGBAPWE7aW/N4N/t4up9I9jMqi4zBHGKnvuGOYqWMspZz61oHGDzer0 +ModOrH62FbixICCB8q+sTQegL6hvSkA3OCQ6kr1UYjIfOnoe40lFI/+1AqrfRWOx +SaZ+2sb34Dr2d6NV60sGfzWG2Ll65DUCpI2m648LUZIaf2KpU1R2sBadAoGBAPKW +gDHGf1qHg94eNyafNKmoHVKRHeyIuDoLGlx25rsB+cFKT+oeerNLARmKLUK0O1tc +U7pHAaH5hto/lfOgc/TMskm873/rQqEOXXgxlSPpJZUZLJ2vw2w7Vetl5WL0yYjT +0/73SffLIokia9WHU6E/bTVFpq6vAf8qxrp5nmXhAoGBAMt3phq+JRttNIciCfLq +mokI3NW+DGc4IppcbcmwPkfR7W0ldflI9rb7lChObiHpaF6IUr8TY6L2NYi48ifV +m0kq4YDV9arkBmo+Ps3x5qt7LwK8lZzQx+CbMGPD+KfkqbFK+vvqHnIVlnXgSk9E +KWra8kxRbQBPxVHWUaCl27hhAoGBAI9iBUNmX7/SeU6/7TkWwLnGdA5pV5aG+NzV +0y7z2EyQTl7A3ZsziLKQkoXV9gqHHM5TM+nWLlDee6ZkDu2A2QjINFkBI04ob6li +JDz2kYA4Pc5yorxRNuCx8YbBI2Pp63TEP3lkEIQ1vKPxhGshIX0dUB88m9iD+Fop +nmx5lfYBAoGBAONbYH0azDLsDim7E1m+em7srzXGXAsPWcLycGUiE4uylrMHB0f3 +9wUBF1JJMux41VBVydZueMjlPHhgRHiyiUp1s0af2fHXdiEi19I15S7G2j4HViWo +aNgPF1Kjyrtcc79AUieTX00Od/HpNy2Z11KxyrkmNOzbcjsWDiDA9bNo +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-wrong-signature/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-wrong-signature/Root.key new file mode 100644 index 00000000000..c8b05b8c553 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-wrong-signature/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA3/mzSV/IH6alvJ5dCBd+pYe20lOmws5zKcv0NQcmxbDvh8qg +ZNt/5CwF2oGOmLiA0vHD5dZsGqyQj/BNQ/0J9OsX+sTL2ipWfrbSzm1f1ewBZ68C +OtYYomFD9v9FEMSOwRUboIh3RYI5EPjXLCYT3yBiD5pdadGuTsIoMAzd1W6OI9BF +808smvb31P24bigydFeUXfg/Ue8RIQknPAVGhnhj9sUNfCjltxpm9JFZ8pEWonsK +NOcweHJzENy3YM3T6osJDnycAfn12M41ho9g5AA4mIGsNholfsZZvXlTW4PwclB4 +oj9TRfxkVkDtZF1932JPoAElGVmfhObHIQS4LwIDAQABAoIBAHz0n0zZThoybBbO +N1LzYKnTDHFNUCUw7tkru2P2SHBUpV4Z8uAyAaj30pA0ZazYiq6lSUiqFwfOrJxR +UZoTywFEQ82ZC638nuL09qlKJgSANcx1vAW9OmMlZrifdBXFw2r/brliSUCTRWkt +m0Y7PCzosSzJT0JhRCEWeztLglu21g//050d/3JtQE9/avKnBu9tzxJ0HMZnj0wd +j1CEWHV/FTO/dPgo3jgTBTmhRU22IN9IxRpJ9yTiK5/hNTRr9thnWQ1+pMrnD6AO +jJU2Yfo0qATJRBErpuoCbPKUADQiyU+6xZVTVeOJZeNGpV0zoBD/rozGBkfoKucL +fHaQPtkCgYEA8KMPLjV0ZBZgluEM/buBzrL64lcQBplyM7l2RD/rAxKBG5UNmQX1 +5sEPk8H363zHRW1jSKeYsv38m8KQHM2ajCKq9EmXPj24NcAnHtyLDKbhVs0oBnq0 +/movh9ZJJL91GVsMQxe2+5wTeHK9SqhMy9WFnl83QU7FBWnsI/sNzgMCgYEA7kZT +mq3fZn/V3waUnrR04IyEBR0AvyJOy9xeYrNfSRq6Abj8s+8ceBbkZeXdfNWk+HvK +ZHxyPMN0+e2xMDrm2xz27mMraI1i3w59/A17aUKutu8yStdMbCAucnpiLNSKQSeb +jVVtCN5SaWp7BrY0dv8dyiBqiNHhSPSHzN7de2UCgYEAjpMuNWS6l2qixAKHnfZx +DLUC7QREnIRiI79pETsF1YYrNNp1egsMDTKqNhOg/sepkbskLjIOyU6vUuJOXKJ9 +RTZtL9xCXkBXWpGFHEXzpQVjUfiwFFaz0mG707HlGH7PtLw7Ya01X5Kz/pONECTz +i3nxd0pXBLzVA0YlAZSIM10CgYBzSuYjPySMtShoTQfWrxyqlnM/AiSdV11nOQ8W +lRJzDhKYyMjFy9orpXAIeiwsvjef4E4zRyADlNPiJwgIfUe9GAvHl4amhVsk8R82 +udNQQGrHq3/bRMf+vaebzun4JTNsiVy0C3TByMl5poM24S0Lsy/X4M2LvHpU0bVw +BRqIHQKBgHy/NnpMumJTUDQdq48nSGbQkt3DJHLlDoSgZNGi9CcUa7dJ7gBpHn1I +Spp/RlN4aQ2Nn1nczQcKNHAgDnaoc7aoU6fo47ldjwf6kaUC5Yq0mmhB6KlFCV7r +nVbecPLicRBVLR6Xa47M/+zV87G79SvugEAAoKX0ids4t9BbFEEz +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/target-wrong-signature/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/target-wrong-signature/Target.key new file mode 100644 index 00000000000..ff6d46e0b9d --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/target-wrong-signature/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAoxBSNR2sTqUjQUCxHWYwJbzdpWJm0XTbX71dlgcIlMRhpOkH +MfnoalL1ij0cbQDIR1EwmUKLJxFI6cbe2/9/7m4pz0h3HmMRvCqB+zpdTtK4DM5o +a2Hyv2Taqj8GdEd3cgjSo8M1z+XdE/fTRSH1nM9+UFZTEcjrkPKi64+dwQfEuEs4 +BD1/vnM2Pl/EfjenDIiLqGN5dLQsxnxSYeED0/9PxVBjGYPr84mjkeWQq4BDGD7I +d6xpl88vW76pWYmZOl2HxE+XSmAY6uqltx5hV5hQVZETNA0DZaT0u2Pmuz6fA4T3 +5mPQ84JbDJaxMvIvKlVbJKa2M2Ju7Qvyd/j48wIDAQABAoIBAQCN9F5sqSlgybhY +TRYjTtupbrLSEEkMHRwBS9xWCEd7Iz8SDl9aLYIcVZ42Ox8s8ZppI5AYS+rSFuUP +xzYp9VKM4dB6CE7S4FIHKkY/zD6AqUbatzIGEZ3+6rDFttpKjhC48F9Xe1C0bRq6 +EGwW6gpk+emvzIbCm9QfOmuEgGFIMbRP9sm+HO9/VCMYRjVn3bCSIq+KDOfRnw1l +mJLvIzSPMHIohBeugJABWm1qCquMqqWGHoUP9SgiEIAB19b7TQg1pFIBmF1lHKXU +arg7FJZ8RtDuZ8QYUTJRRXB5mhgYDXViJgwLU3WGsg7dKFXL3SJe41lIHPRQbuN2 +48HIZ1iBAoGBANAD8OA1rWFvl3kK3NEW/+Kx7RQqupv7icodPK/cIY2Cju8zmx7T +UNxRA6vJQtHhky/TMQSR4O3Q/LI/Er2CNcYk4C0KVfLlsDbYjv2+HacxCYgQlCM4 +q9v4WbPGD21BwaUYbkE9Cjs+xOEv2KGtwsTElsGwimdPHowNNqYe1nszAoGBAMit +0uOZ/6DCT9uRWRQ669N8LaSeTQwOOL5vu86ojs9178keJJAP+g4kG4gQGuyGGU7M +8a4PvSbEtLrxLLthWoxg3YbsoeJl1eXPI7RCVep1eGHJ4xOHLUouexLMvxoOgVzV +LlUf7Vb3oWuiAq1IxG8mLXuYOKoZKqo57F4e5YtBAoGAXjLKq93i7BLKt2ex44XU +zuXgBJfs9aINHdfrmX/IOfr7m1r1ThpHrd2KGgsEFWNfcfLjabxd7ZQMOvPRGryS +eW5Njlf14A8fo1aiOkoTx5ivRkyrqN+LBAwNIxn39nQmqwrLMwPfVEDyiz9NjLnR +T6Xu1zuJEYuEu8toCgZA/n0CgYEAqYjf7tQ890zxNid2v/Z/IG16CeaKZLLnEUtH +uHECJRYXeyrx7Jryv1uVvr8MX+FyI/ZT/p7hR41Kudvh1HOMkaeLvt7ObHtn1vvF +yBV6i9at2r86DVdX1aGq69j5YUP72bdnqxaL5brSLiHybP5apSP1rMKOrHUSbDj/ +DQzBE4ECgYEAqI/Q6kwajIXA+G+8aFLPgERMUrpD0whP8lCeFS+s007KJ1mV/DTi +WxkBTNozSDElCgWL9Oz/n3Ls0f+gsEHvKqh5K9CFpCh3Y5gWgzTbej0PICYPwV5w +SM5OIE/d8HfUDjlJAANQS2AGjpbFz7L2ILHKh4zXb636rG5/HMwXUco= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-non-self-signed-root/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-non-self-signed-root/Intermediate.key new file mode 100644 index 00000000000..9c4c551309c --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-non-self-signed-root/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAwDDX9okNa21TOtIheSJBRzwa1dyp6hefoIS7s0HwrH1IgURx +QbmqMq1JEEQxAC2EAeEt5Xf9/sO8vaM9lcSUaPiPBUHTb5S51S6Eb7KK4fIgrlYb +fPBYPMaCrIWmGdOgGzp+/9jWWqN1VqkgJlJIDr4lKsj1OSKPxzviYItMMjSzyQ+I +uAQAYyXI+CVDebt6p0pSNvLdOsklXslVby+sf+qIhlN+3N5JOm7HM8SucxqFr03M +sBlAVIxplmyKfg6OF0crg0V21fAjSOkJSZn9U26BMF8ZCfWjsLAoJEAAbOjJzHyd +9jKfyEQZsUiP849mPvpbf9/Fr7KPDX6OgxAijwIDAQABAoIBAHR6ZbjF0TtFU8b3 +aVAH4bYxiDYK+XOlg5n+N9/pW9q+Rz4I4/codi0mdnyER4pLC5E0DuPeuDI6IN5x +27Y0IJoJ4mwWO/WJFqNMAPnNJHzRiNr/1sL+ywtyZ+n1SfinGIbICgY3PZpLLKcr +8w8mmQNOXCo1BuHsv2TJN2a5paFa3o6/UD4bBmD7kI/jaC22qp5b23AJwVsuL4Zb +JoI1z9P6LsfFok/pJz+n6yfE3Qq2xCzYZ7wb2jCMyOwiSqkCY+L7JpFa49Xr3N3f +fLhtcQsaoFDeDEmn/om0JAvS8i2kWlMYisgiG3MwD6mV/aKxgKm3QAet1YzhtUOc +sF6huhECgYEA+10NDzV+nYD0AOPcBtmWumGefIUpAliOWnutkUTInATqJvv3k4f/ +TldjICZiotJSEsr7EZEKIdnbKHwA7OmlQn8EW0CPGpYKSNJMMmr3eBYamJtTeR1V +v6UvmRsoR473VRo29xHQDKr63A+zVl4ldbP2iZaKoVJVKgG+nbMzJ6kCgYEAw7xg +bXKyN2xKlf8barpU68IeusXytYb8n475US+dYOSjuARdkZclEkcto8RnKgh9H6C6 +UNKOZ6mtu228ss78VQPvgTgJODjCKSlw6TNZvMMaBVGKqqUMRfn3dnxVk9QfpJad +wnk7p4FfHExpKeDoDvuQHAn/hYDZ0eKfbKL2+3cCgYBC9YyvCn8KEfnt6sUIBhqC +19JSNV6xQ0nYjK21zu7psN13ORPAdy/pfJnpTJBl80TtwKiVC1/5mIErDa1pbuwZ +BKDydgYo/OMMdwjZPWli0fCPyoC3+LqI7MX7MSLPvSPhxbPyqQoU9c8RpBUP4tBz +xFbeW/3d74LER+axN7Ve0QKBgDWTEAmlBSaqW1fm9Ygm7CuDfIm+uIn7IpZBufgA +wmDM9ArgFwRMjHcOSG20yk/09tp7UcPhfdzd0pGknauLgAF9DEcgIVXkIzDFCQSr +a3qBJFQkV4IRnuRgYN1rdrj5rJeOKiwaprtYa8IBIB+4UYwYSv+BtRDDjdsm3mAL +0vJNAoGAC5IALDVBNvxFXaL2q3YevF0bi07IlXHjsjNpvuTr1+uvR7wzhWuLw/12 +qia7JJuy+eg5FDttar4/JCenBt6oEnidjbuRud1sGaAUijGVnIL07Pkuz0DzHbFl +meETYwGfUa2sqtb5IpxFugtQznXKqhRepTiqFVb+Knxr4X0HbtE= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-non-self-signed-root/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-non-self-signed-root/Root.key new file mode 100644 index 00000000000..42f635e41ad --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-non-self-signed-root/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA6o0lzyK61UbGj+/5r0URyfGuWYVdCVg6r0n0PzYb/Ikg9zWR +uH4+dconpJKbP6jkNoRLOVVNk6YhDsbHCap7cAOJWrXSUgdo4va+5WuK+nUuq7RD +DvMnxHnuYGKYsD7/BeC1dCsATmwAf86mvfigLRuLxE7uR9J4u/a7rgnXcW7/R3Pq +KwB6S3Gknm9emCVA7HCB7grkxk1wQXRpEdHYdaZ/QonPnyWqaN33GWt2vnyomfw1 +9grL/zF6SJOhC1EdcJe7fMcwCQyPVm7940iK8ufc9wqr7X33DBdN7Hty/nxjSVxk +BtXgCY0mnSeW8ExBIlD35bvnuQlcdG4AzaVUwwIDAQABAoIBAQCW1G2b5hl/TSQj +K47ExwXJd0FHEBvkBni2gDgw7frRSt2IG0q5+XTxCi60BhMPvOwEos488D4S1KIt +fmZAMQFv5tZNHt9BIMKyMTpRDfcxWGnKwQDefD72efJwyPanX9tfTEFjksN/qrQn +fBx9zYQzfaNDef6A8Tfyp5fJM0r4Bc24iytjU83nqaupkiOvOlrxJnFgzHZM0lH8 +8Wc9PoJcBUeNu/LSxTRN1edEPMbngWwf8Kvb1DkCL9l1PgI6qyHrHQTcvfrc9hi9 +BF8X1lTTWm38FlxjJhwG/sPwol0zI9iXPW2ENsoOGYVOa6RTNUQRzpw+LttQzS64 +cNk7/9oBAoGBAPc61A6NSqLuFQmdIr6ZymR1KrD1aDM3aRbTHwFJ92J50VPlcW2u +9RVhC5+1fPQUisMg6zsy70sHjYrm5HaqZ1NHKyIVl8KV+wde17LeQ6p1Cb3qGnRA +4ccr0f2FQau4m3ZxMrX8S8Rxlc6DkrTQagUUW9zW6Yf/WzhXYLZeLFypAoGBAPLf +LrRDU/Z+Q2m1ssn4utLfEFia9PiMUAsycZC0xOMQlceH1nvlWlTE5Hwp+0WaJkKS +vn2BNjOpcgFtl+RAXtPwq97VxViucjN9V8EIMYH2rhncH02twt+2HyYhBAuQg77O +T1xkH4APGaG43wXlzX0hFnQzfg1PTVeXIDuVnP2LAoGAMeHNvW3mnD8bQYhR5VEU +U/aL+Y5aStMoQfGw9MqevmDDyoClxTKiwoCFHuE4Z+rpIHu42oXpYCMS/O6fNA4n +sNbQLh1bNGiccJ1DOhS8ZF0e7RGZ6tDYfR4rTVKgsGwb+ebXC37vLqCYUEWdyRuv ++HxmGIXIMqdkGVcP7VvM6ZkCgYEA4LaJAvaskAuhGgSoqOD/Eq6a9DBjajiAsut4 +Ufg/lwu4WYYgeD/sBTSrZwp815hZwA0APSU5XjFwL0wUVncMhjJPA31s+7FkLqnR +cOPA0svHqFuXhwq3nL9oMKIpmP2cOAWxPf3Re239PDnN+Cn4p8befKNMBMqT9+/3 +PcofGCMCgYEA78gV4dbFktqMYomIC8zbApZ7zcQUfil3cDcmKJ7S1ExflDacfYVn +n4AQ+9S91hUdrO8/Dubd0oqXOGce0/CNjGDj8LMn2DzaUK+npNnhv9ST2hgc5Rja +fBk8Mv0xLtKBjmzwhX+TGm83ymN7037tJ/QrF2X6cykZe++ca3CvcLc= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-non-self-signed-root/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-non-self-signed-root/Target.key new file mode 100644 index 00000000000..7a8852ecc4f --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-non-self-signed-root/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAk7PRw1pl5D2fa+h0j/ZJz4frDjQxDES1dIJO0MLByzaY0oKy +oDYnAfoeRqys/BVBclTIr+4VMb1EatrsTKi5xEfKcpN7EQIiQ7wcfCa3k9eIr3XL +Qz+UEyyNt8msDih4ZRyHadPw8L3EOX48d8+MgqQsgd4cl8Y9j7IXhk2FYgG7/bPC +4jthNs3MTU1ZAzm5XL4NVfFJzzOiFCJBaghotT/WnkkWiBRyavTtdPnVedK2Cirn +QmcxGhexe0cA2fq8Nb+MzTYWN8w7m5pdh4bAaKaToi8bAYnxOWfIOAXGjkqmUjH+ +9lyWYcY2xchdUzk+PVr1ChQO+K4gTkva6e3tnQIDAQABAoIBAEocjEAtd7rSgM+w +T+x8dATB+luiLIovX60aRVnSn1LMDlpyYhaplWEUk2R6+EF0mOY5TImaOOBAS7gi +KTc94hhuvVJIVhPusiqylMhm1O5F07vWqysPF8mXLXTuqHpiLCbv7bJYOilRzsfa +Y5Tqe2KB5iMzw70UJ4eWoN8uvqKx4PDo/livaKHJrncjLoYRkCgfzGgFffu5I2Mu +3VpBd5BPjIHrwd9HotI9xKLumXLf9TdH/LlWJqa3LfVZ6cScfOx0RvEGhoXXt0UA +8o88XRffd4q1mPwOGK1jzpmO7PkvfJzzlqeglySAS9jNz31RilcDDzG36PB2tGJU +8qjVrzECgYEAw8dUfINMQ9nRd58nicp+eD+An/IupLuRneNPwBPbo6WZ8TY/tM/C +Y/z4TkE5L2O197pWM/fEaly0/ZRYGoLM0/eH3707Dlew1jv/oAiXQqrPtId1vyY9 +UaLRrHPAL/Mz6fYpFmJgWZPxhM/AoBaJF6HPnerXkKVvWusxQXeGM+MCgYEAwSK1 +OfbR9ScImQ6LKA26DcBppEJlFdr/GZzELUAjGi7zTZ6nWvhdAE8Hf5cAO7OTOsCU +Hc90qI8BEwepfv/ImPwpI3IXL0Osr3sBeURmsQ7cU1UKOy2b3k7GOC/JGlt3eRge +DjN1OZ6IridHyppRPU3e7vQVZHHzp8PgPFs0EH8CgYAoohxU42NWycSB0VSBcreg ++X0WtUsdAZkNbfpFYVm6s0oqGBpMyroLyps2kq7tuQIxckkl7AymDqu53aoThoZA +kCVxOHMjXOvk6vr5Gg9a1NzbGSpFDAi6AtMFudhvm0hxDJgmfzCEJwJ/kCbokwTN +FNZkbjNjYBKmih3k+ouuBQKBgHKbkANHjiv178ozsSwhiSij54yLwcSIYhzmxBs+ +FhZxifujjBgVjcqjGwYBqyfCVjnlEX/nHYjw42hRgalVS8pMyHS6PTvU4uJ3EdbO +WknzUZc5vYqEdBwljsbExIeZg3oeb6dprcR1aRI/SQDXNiI01Xfi69bhL/974tKu +JGUtAoGATD4oHACxjYFT0+94EyhnYpzZtC9HiwxEuTv9ItP41lxLXjqIxHaUbhLz +651CePaErkGLA9OVoiur6jWIgzyT+vH3wxL9XcQHUkoJt4uaz3DtQ14Z4rAleZMa +l+YsqR08BM+xNM3dqGSQ32urELX01JDKMCJv+B9qhlpm5x+tPLY= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-non-self-signed-root/UberRoot.key b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-non-self-signed-root/UberRoot.key new file mode 100644 index 00000000000..f40c45cb222 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-non-self-signed-root/UberRoot.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA5QJWQBElpg0n0D+XxUiP/7Aa5ZPPgF6slNRodbQS+BS4KtBK +PGkKOEsAXV99D05e9Af9e0qUtee1G5EUaQfa0IfEaCj3Q179qsbhnVWvwVrwq+3I +ibCCcSehtBh9z51hmKRJh8ytefzcmFFgrF58+CLJeSldup0gJx9fNgKgHFPE+4RZ +dWS5WMOIkP2mBKh078dTCkY/ehHLOuM/YMtvkc3n4CvKj+pL2KNi+7V4oBt7zdp3 +smVAXE5Mf92cyuj8+XVr9ird33kNM+V1BbiVd8VU+uKtEI2Id7zkJGcZilsLheMU +CExNP/sDenCvYlI7Mq1gzFK6sPQm0hPjz8u2NwIDAQABAoIBAF7hzfxzXkbjMnis +sGQTwV2tiCdQS2ujThvHuZPyzN0uMHPEos1Os+ZI5NjK5FTAIsU2vkYjy2NmofnO +7Ubq8zTs22pQdsnaBH2KMxXt14jj9c02Ep1BnXnmcq/cadvoF/SXNMPoAIQHSRpu +tQAVke948kKZ6fSUfyrWa6tEATRalA0EOV63X9EJ0jnnoIH4KVjNS8DQXZ7xHnyx +y8nGl6lnibAH1PelgCHFieBYr8DX0BPnkqMrcyQ9fdWdZORgkZKnx5rqO6v2t5OY +5hDLk6Mvi8fb0NKS+3iCbfwNLdqX8EQwnrBjzwgK/RvxecLLnCu+7IfdZqoT4EUQ +OEzTnHECgYEA+S6Mia3PmtcIaCD2oeYMrBU0DZ2s4yaODRydl53aIoAamt0+0bHf +rtfQY9l4g5/C32cawAo3n1pkCY5yHaYJgtfNE9rfXTq0/fIZWtDvXTBiG29827Ih +DXkvwiWnlZtXv9EaM3Kx/yDYu1Rkb6KecJxZzHTARhRcbHm1jGwvXX8CgYEA60Z7 +z2mYvAlIEtq3d7rtxwQD09fod6VVb/rzsVNZOO5L0U9aoT93cYS5zuQ3DduvPJYx +tPjtwDxyqni12dgWJp2a3A4dtHVWzVyDDCuzY8qkrLa+B508PJXc9JqaDJYF/lQ0 +ajI58kszUR/xP/aPiAf9f6sYi7cgqGA6Fkm2c0kCgYBv8HJf8z39IDZ9mLlS96af +s5LDvx6ImKxdxYoiL15r+0J4aYWr7A1BXWAXSv2xm5aOh6HjvXNJWfDwvhYTraA+ +MDXHgp6vIg1mu1iajJvLME4SZx4fD8F7bQKAZCwJsFRWLlhn3lGJ/DaAySOpZtNo +YUSR7azmjoUKkg51u6/3fwKBgQCFYaYbRkBCifiER96vUBgxNYN9++9ctSykmV7C +bwAsGFx/Qz+cHsD2aEp2kkbr4lmMPZHciSswSpSvNFPUNn8IUV1T1+TbQ5J8RjA9 +HCFNN7r393nwEyHtLwDe4y7mZ77qGo7EjcjwJdXn7fX1TzC769u5HySBQMaQ7kzA +CfYXkQKBgQCVcXPYGsjmF/glLLiYgK7KKoFv0OHeINO0dbxcYJs5fg9b+j9bRDDY +ICqqqXwgih3r39PJTNvcMGSdR3GM4/zW6Su6mMkGA8BqqWqjVswQlk0T3ER8dX1G +XhSYaA1zycKtxFJ71lbKctj9jfYnqKeRrAbwtISYXHEUWA5gKlEJeA== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-bad-eku/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-bad-eku/Intermediate.key new file mode 100644 index 00000000000..17dcb987aae --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-bad-eku/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAqOdf+tCd8eHkh39ifhyJAmZkntWggfNlaNeNAjeZ2uiFAFG0 +aelXKQlRwnjI7ruHYkqoRsPUBuXwwjNoE/dVxURCFB7XZaShtmc44MJyZe6t9ZQ0 +k0/p2KWTmAU05fYPO3GEOXGbthBHN++H0pgppPEY5/Q7Uq80sTk0mkm0eu0hLGCy +AejLtq34AJWFqYeRkAVUCy6dTHnEyG1yqyNb0CuQPFtT7dpWOTg3RUMXPYHVSZcj +iIOfv4aNUq89hkXxHujdj0/+2rU1y+ACuo5rYUryxl3XApVxI557mZbPrN8gKi3+ +DEJyxrjDgYE+oI1iQRcU9SRn8WyvxgyUCftWBwIDAQABAoIBAF8LA5lRdu87W6tb +ZQLt77LoB0rRjyZQ3gmm8XQD8ZGbMexCDbFjWmZ/FgDGktqzr7UBqbtYSqEvFtFQ +uAo0LZF5nW1RBYfuogjQANOI13LAYidEpGkYmNAOLAVpOKEGWv/qGqtwYFyMwGab +ZOR+N0DXYlpztkYKzS3EsPL48pQQnXCEVYD/PetjzWkStjKl5AeTBX1LJf7ehtLp +d3P+HYgBHcuJm7I3mQbTnURl5WYpvl/+hDWIK+3w2BfaU/EF42gVZJCOTZDQtiaa +5t5CcNICs7pPjXYbIl2wvzH/dQNCMH2lgpJfXeaMW/PrK22Ddr3Yxdmrx7MtfEQN +f0l6IqECgYEA1ibuFrLCrNUCmk6Ry1t1oGZVa0gTkglvtfm1K0Y+pGeeKS9QaFq9 +6QT/F3IjHn5zY7CXbl3s5ezWUrislBLZ9rv6UnWVYAbfIMqhN39NAHUDkqEYiYRm +zUEkuB/kpf+YYXEKt73XfAcpQI/OY511zsLQ44q+a5/MAwhmkJC2zi8CgYEAyejg +dCXsW8G9L9+UafqSyorWX5NwUnT5m5545cvJs8UjP/M8tlF882LeHdbZ/FsLeAqd +vlRHVEcHGTToL/Iqn/n+b4OdAX2W3P09T94S0Rbghw3o2nEV9zjoRWETZYm9ZWk5 +Q8fC1NTJbjM4tkVzGF0/mbTNoZUw40PV1VTpF6kCgYBVeNI8EvrqGlZgmg1MmeNX +sqBTIkBVYBjLC7AIZo/n9EdG7tBr5hO4Jjtd8zsbF6McXcYC0dAUcLOV7olKzD9c +X+hn8vA8lGGH5/fye4eTMCDN7Cgr8sFJGL/8ERakPmBmO8ToUwfnQ8BuOTdJwPXd +IRpYRu77a5r0duzgtDGSFwKBgGoQflAlV8s/s91BKtqdOZ1SX5inf/qg3jqEfefh +LJzV81V1ti/kEKpeBmZQZgRt41F06jaAWVQJV85C/7GoGgIdti3oSoLs8WI3WYzq +EKJrzRjFEswlWa+b4lAH1cOiHq72HpHfjxZ0jTfpimIdi3+CBJX+54J5N8w650qA +p025AoGAGtXM2FylEgDSTUFy0OSECV82Gyvywh7ShjVjch7hL+3/rrqnCUonx33W +vzMiuSHo8wtVcPkezdo4nfRvhgDQVKTRRFRfukC2+uY9RL3v4q0yvLTxQuSsxdfZ +tFJzjY0HypYIoEurGE76rrLSNQxmeuDash0HthJGjbb6lWz3rVA= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-bad-eku/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-bad-eku/Root.key new file mode 100644 index 00000000000..aedf1e9390c --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-bad-eku/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAr53X0aWRbl0X1ImFlbjP4+P7lN3MwJlZJKzATcxLN4g4PKFg +BpaNG2vnK7hxnlRLzcRNk7Y7P3qixjvqnzaN5bAPnidYfPj7b+iuDLtpAmAh0b3c +4TMjjcVf3P8zcZWYdwdpwHEqv2LrtuXMLjqYHHukp8u65asiMvvVAxoDt9Gf2VZp +rrFR540Gyir5JUOvkqH3QGCFWjNnKmKtbkqaAhvE44k40wbro4zOqMhJWk4Isn4A +FpJgS/93LVPnLPMsUbMWh2coQxDTbNbClpejyI4LrvFWE7sbyn8tWcw3/Eed98kK +ZhmHPRNmUAtSDRMzbAv8+4jPNHufb25+NqzsOQIDAQABAoIBAA5E5/1L06ZBACev +yN/idVnR82YkI3feveSB+NoZaF8pvVAH2LKQVwTMXqspwGmZ9dLRSXBgFS5SO5mZ +0rV/DEaGaK50CfeVj3CHWmUEcULVJspQ//p4WkIxsFlXjwmCmzHIs2oEh/GnCvoA +b/etoSBnV3ie0B/LKOs1lRg8a+Lqjd1PdtdgJPun8cExfa9rmLPUAAuTwVrzKNdT +S3IcxKBYBOtMJjGO41GG5bw0x7JrzBACxqXl7B3dC4XohtdL5bWhLYIxEUTF9e4L +QGFYX7NRzWzbEze8V15KY33sbj4HRbRJwjsQ8YG+BSy6NgXdSrRJAm9oNTOAsf7f +/ipDoGUCgYEA5gLFzzsLnKxgzfiXlpV40rKiV/QmoOz1E2cFN+DMW7gWBNKVcMll +b6xKjMBG3ALuGobcf/EFkeZD8IIlB1GkI+W6qFSFLktT2TGSOHgYeBJrPuZ4l58r +xF7VBpP1CBAudUbJ7oACvag/XlrNUbx76R8fsK7PwA3ofXL1RXGsdNcCgYEAw3Wt +fTrSvLE/rDE7v/nVJRyKFa3UBjza6vvxZbdnhC9bmYr2sLw51xipICeOK/MQ978i +EeDGcpWPOvPeyxjC5MXUB+zbj3DgYAGd8Fiho27pmlIWL7q5BII5O8RCAIvTwFdp +CqXyzLiqvRGvIkzfwprRiJ0rct9VF4bJQ9CAdW8CgYEAn2PWfge1wUl2/+S/71r/ +Ukr10ytexW/PWTWv2QwPsZN8trTTWEhH4b4sHyNzNy1UoM9J5+M27+b4t6cIT+0U +aMfetJ11eSI8JauDX1xh4HsrFHiTosZrhvYMezV2vLKx7xUyA/NzcsgvuYwE8hpC +Z8boqABL+RPqQ1yxeQEP+BsCgYEAmmaJJ5WiBwCVZbZ2lo4KO4ix47Iu/MZxwJJI +/KrGkPrAByho+u+VWT7Xyti0TC90ReCsTycaXEWcoVsnsZPb0NAdUC1gu4zVEcH1 +O3koJmxlCEyzzfxYTyF3iKjd4oSSPyxNg+XXSLTP2w7vI89KKvYVcy+EtPeKxkzp +DDLWZu0CgYEAjSeoIVpnaj62BJgvdcTfR1nfa0StW1XKjETfzrSrH47G2NVdfHRJ +nQOJpgdg5hEr5iRyTATZcbV+EPzcvsiUCGxo+0pRlsjo3K5RkHW8FSA1aBufj6/Q +ISLrrhCbDRV9iPFvqPnybXx21MK5qnOBW4fbc9aqvVTCc0dRC3qsX4U= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-bad-eku/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-bad-eku/Target.key new file mode 100644 index 00000000000..bdf82099274 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-bad-eku/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEAwGSnAbKDbEe8LTAB+UOM/MxrfKTHHHj6qIy+Hppy0DQaVoBn +Z3ZIip/FOmieU8I1zml+T9XE+wuRPK8AJvS/d8rN7If5bgWbDJMb8m7IEDJOe1Ec +IndMuKO91tyVKZtLtdnOrpHYBcXFv0qct5Tb1aXmsUThAkoa3CHl5qa6VC4sP0D1 +/Vx53VVtnuKr2zxntITbuob9oLXYi9C4vIt36TIxUWjuGBcJ4vEneco8cqjzliUx +JDoFU9SJCkh6nC1taoSX3zTJIn/VBfIskenEf6vQrnYiZK6+4n+XCOyGipK/V/Ai +95H/hhdikuOAixmEFGAZAJHW/lGWd1siDTJQBwIDAQABAoIBAQCTaows2MOqrCyb +0zUv8XqOGXQixX9raadmjrD+cgmXTtT/gtO4iwF6doGBB7iJJT5lMp/+PCX61hor +DUxojRBIkbTHkEim7NSpBe9cC1ZwUpugEb4lCpRWxeAoSkxg3QVeCc48JLQJeEjV +Ei6S3BS117C0E7r1LiL2mWK3IPmUlZhPy3HcNHXOliMblb6lK6zSNH7y9U4KJQv+ +Fok2uVNiJ2aU/8MYHlpfVtLoRXs8FdTMheWnfdDTu7q3w+UvlEhlLOCieiwr4DAv +daD2Ga4+TaamKdLNzlWlIxip961jw4d+HvqZl1h3VcpoD9i5wK9jlEu9bNrPdKrR +64UyetYBAoGBAOM7neYQ9l1vdDDOr6KZDPa63U3JrfSZKp6DCldt8+BhhmL2ICd9 +EjgkspNLeFAQr1iSXY7zaE18MfDIgfFhc/K8/mIGmDFsnaZEZB8+TuU4a+MzW+yr +LEzAby4z5JA2be5eTZPzbf/fAkUXRbPe/9ZYORWJG8/MgizqhrQXw0ahAoGBANi/ +6quOZpcXZeYOrQJZ6OAKVBBpOE0Zt7s4rtn1oTTGTQVPjAcgSv7cn058a0XlK85P +DZETJtUTkGm+3dbSwlRVZ4Lj2ozUxoKw4q0jq6co7XACqlW96I0IXdQRWT9lTyIg +Yy1LlX1Qd2+h5qKoIxgJYM7D4wrC9mPY+00Obx2nAoGBANytIxUxV/E5sh9MOmmw +NVTP+Of4ewXWUfuKy1pJH9TDIZ2t5WA0KKN5kCtX2cn3yjI8Qrv3S04k1OM/9mIT +AGW2gV11hgxJrXixZoKpIjmd57jIQfe/7M/E+rRmFQywr2YVE0Yh3KvnSe8LQNgE +M3VYTGfLtcTCmZFBWfxAL5bBAoGBAL7u2IcFawPf3ah59xeiIgzxrDnEpo7sf7gR +550izj4SDRkHiL9iSA4YRNE7sregeCVF6BqK92Mt18H/G6Y4hG0LyqI3m3cBnFjV +/ugsCvK2j+pivq/HGcrauuSr36WD1eCnDRaChY4dSwjwYp2YZUmwQTICxsbdFXTB +WCX5+BHzAoGBAI1K64rT7krwdaGgXXOopeDUIuPvzNLW5OkP8BkerhaDTEfoMR+H +C8Uo8mzSmKcxm1x9Usd9v+Kx/Li6FDlh6EQVZId60Q9T4dpV+EXN9eFI23H+YYP8 +pTcM0MIlMhBU94Gjkees/Zm8ibyLdKdY9cTTtchBmpx1FeRUHpyhsSAf +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-basic-constraints-ca-false/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-basic-constraints-ca-false/Intermediate.key new file mode 100644 index 00000000000..530c397e773 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-basic-constraints-ca-false/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAw+movQZgaYU6p/ADwCqvKWyeQ3An3r9ZTKGKsCVUk9RdUDf2 +l4jBFJXMrtlPt7K0eUNnLpQCE4edlo2LEQQn2Xdt0Ub6wDmpHTielgb72UNJ3u2S +eqJ0SMYGjlIiU1cFsTqJjdYzoUYQh/09ct590xKr+BomBkHeCbu2UFi2SGlK18mw +I7UNv+URDAPtQjd5kYbNxpU+i06OhXlEIg+rizecRlXRPE6AvDU3t8fu97RJDDNn +jZ9hcgIjKnRf9ZzYSwK/R8fZshNrDnk9zY7YkL6WXhtPraVlhTlfw9mZQwmKzwpP +pYdk8wh8sExZ5yLdXZfRpmiw7vx9vOxQFf21AQIDAQABAoIBAEFCqZHl+OHNnp9o +pWczEMxEwWeHidB6fz22piNNHCJuYHMjYUJTLLY1vEwWWabAobuvR0TNyu9Egqsv +FT8i2j9nuC45bbfwvTPds34Yb3aNIqNfEidFzGSdinuIQqTuXRgPfti/nM1BMKqM +IhcMpG9WTfDEjRwSfutRG0cidf4id4OZ9d43wjGn8g2XB2QKcmha6X8A7rKDGA1k +JKUen7Wgg2noGKOuUbGuJS8JlGQLBHNNlYAgdSG9XbRskyBdWlz2yG1oW3MA/CTb +MOzL3alf9VDbSuAxeJDXKIz1TYh3FvjiDXUV7kmFOXtBJtx9LbLZVmKvwVthFPM6 +xagZAc0CgYEA6+WKWCFPJvLK6pkbCigxFJItrUZSu/zqIuxcEKNQFnrlpW6DB1ZW +iB1BchuenD+WGutzK7luWKohIxdxvw0CwwdRTq27Bs19B8FikXZ9FxT77slkwCFb +b8MKdBLqJCV31irue3sMCHfTW83oOf7i7FVOoO9z48JgO1BlfY5gANMCgYEA1JvO +ZqFRtyzb0Nns8ddKrB7jdy8SlmdkfurnWld8LkFMhc6TtKoSCN+vIHzgxz/Sv/pJ +q4DRJ+aDpw+wO2q8gNzQuK6V61mcvezJfghUKENNT8yGHDZ1gMuaVI8zOwaB9q9I +oauV4dFAC7Zl1djjPeYdV6VsbyNpZeSM0OC6rlsCgYEAr06mwVf/urI0mqOttJ6p +2t/Hkj3wvkP2vH1q7fJwUkSC5a57Mbi4Fe+n82UTOosGwnq33IaxurK0bZ++qHzC +0K1ff1kc5LFRebH9zpx/2ed+UrbYaPBhQ21vF1P3LWWq6T5+fMW065YhPNiI/JCv +k3LSPEe3mEubuHjG88gbEIECgYEAjEc0+wBLc0m0y2tObA755PEIcjXr1LLpWthQ +x4nblIVfIRY43MYt2g8EdLIQeUbCHgrdGryGxAXTLaIrTDjToU6QpJoEruFUive1 +xmNma55kX1d50RmZk95CuLI3QiW8EHB8wrb80J8I2/F/5YYSAWBYUeEC152MyD7x +Lkxov+sCgYBLtXAvc+tgmnIIAJX/m2/stoPkQp0ft1xvrroOr4QOt0SlpIxPE6oI +qS5yhAys4f3Bczo7Akrswqrp6J+JqzNZebLDOOgX+ZpD/YlwGXpPCW/0AVeJTLO1 +4x2gQwtB84ZaJpAIT3lYWf2OW/HQDrsFiu8RMO2fYo1yTAn05Cc83w== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-basic-constraints-ca-false/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-basic-constraints-ca-false/Root.key new file mode 100644 index 00000000000..d845fb7af83 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-basic-constraints-ca-false/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAy+WtE+2zr4c31AYN+nl5TNHoa31l51KOhych1CJARwjUdIZ7 +Zz6RtP/XeQrmHth/Hx9dtQLjKq+hk4mDrnF8ZAZk/P8IkrCrFiGHXzoFjNZkQl4T +wPxuONHRZSulahC6uvDwD/U6I8XP7jmhUTWEHR8jIOVkMSy11KxwR6h970X1BFOn +4H3M6rRYE7uc9gtbrJuoYfOsoo6UgiiKqxZXzZ51HGtsjzNHKOL8kYLXgd+cJzvd +bpexZ5oqzN1Ux7fo1lfBQY8Y42h/YjM23CZT9RXFl4JUcbZE3VJ7yq/eL2ZwoqqO +8YtXRnZRHTjvT7JMRcrwRNr4fQeQZELlGDOdsQIDAQABAoIBAQCWvItByl8miu6I +/pji7V7xndUXcjMd2nioDhQCQfgHC84U/z7HywfpKaLgR2BsuVzxYzzhjurmKcVn +zyfclOWDBP8v0lNCLv2sdMkha0GjJvQj5GzyJSxPMT5+bs/xI8EIZwryoTaEL79S +vKQ35zpuVRChRzTU7drXCUxQjY3cjyddwkXlBNUwfHFJkfkjyCZEDepNl8xojWJz +4gwDl6TMvAck0gUhOyDdE4pITakdOhlvI26/SGn/mmLWXkOQu5UNAMlxvEcqDgZz +awxO6fYS+1Y0MarUwQwZvHk2IcOGGvplonWj6o7Z8qL7HmSPd/oQAS6uRgA+IIyU +gVAoiePhAoGBAOxYrve9Hn3PfR9ZhB9La7kDXIMPPGzxGxk7Pw4T9R5TdwJl6xfh +FIxTIaQhlzF6FdXi9UEvKwCReMUKOVKDGE+fGSF28SOZpHc+JSClqPd4WyLXMAlp +zZkpMYonJY9BoQ2RlXqe1XiC7MPXKFTiU0yhkXQ5C5w1PydFFSEda53lAoGBANza +N3Pf+plF9q0Ix7loCnk5eOVUDq9hVtk/eEbNnjyywqT6fK9q4IdJANl6msnUKLiI +aT2vZIabtfRVlnuRdwUjuiV9bBW9Tji5F6xLRlShaYtYtPUSZH9OFb9whnwTAjNq +CSxtAGY82yOsSdwzX4+oI3f4THJFWR6apq/hfiPdAoGAGXxaqbZIAnMMYAQMHj/I +xvOY1z0eW/UH4gmkfAUk6nc/nw+UcUfBKnyQZR2GKzyp/B10KupGLdKB/mVi1wXx +6iwSzqv/xsH7nSwjXsjeVokw8qnXsTwqgniRsf8UqsT98/Od9dII3OzpURjzbWvW +Za4KfEjmepq3S6nEZITCpQ0CgYAxopV95GPE2NWEtAl3IOvhrMn/+HFIdz72mm4k +s4eRqrdWLrmhDwshPIYFWqm5HIZ+WqIUa/vSyOIO5MFqShoOvKXUUSjeheozk12/ +qjdHQ/OdjrU0swqFFf6LRPXkor0G4xjmtCS31YuGq+z5oU4j0i0OhG5h7DYIS8eU +lcAsvQKBgG7UqIjSbLDszMn5WhjCbfO7jMqFjMRuQ/AUNhO091yhQ3fRMqbWU5SA +naMx5rVErXd3MFCBsQVOM5yOVgedLh5fDT3SDFKepHK+KJxMM4oTxDyu8tWQOA0Q +4JaUcXYAKtW3dO26saf+K3fKUERdVP0KHyYA6P7Zprbo5//jBpjz +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-basic-constraints-ca-false/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-basic-constraints-ca-false/Target.key new file mode 100644 index 00000000000..ac916f19c80 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-basic-constraints-ca-false/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAvIslgviTva6Jz1lZCloF+Vl271qKGmWPN5mLIV3fRyLB1JSI +FbYUusHsuKza9w+7z2H69cvO56cnFZcZOii25lF/CSDwNqPMz47njYfCPdJm5wEK +3N/+61pOjgfeKyaV049j4lu6DPylHNJD7n2QBluHI62nT47uDirjlCSs1fe8qypm +duR4CjoVRMYaR5s7VLa3dtmAX9AHuEhAANBuPs2kpQg6mwTJaMXVOw2iJAqJzgkM +kH0cTCR8mfA433aDb5FfVCrZidPMbjzBkJuVXDJ3/Wpc+53JW7PgnZOfhnhraa3O +kj2rSObYfPyyVUNQ0S9uoF7V5JkZ7AVb1fIr+wIDAQABAoIBAQC0BawQbKYsM23T +9DynPKN9nOWJzooUgCoJ7WpBtq7M7ivifNue11bdpvIOtsTvpy8s6SHE9Q+eciRI +YhgtRtiz+tZv8epKUYXqHEmNAjX971pfcMhdcuak83oT9QE1dEcUVFILvIddhRFl +/oHsQil1WIklENayiQdVsa/QMGByftAz86VPMOGyx1x27HJ6ubXDKZ110ylqI3Tv +ZH3Fx0K//m4obwHg0towhtlnGpa2NZSml5vjgcstlRiiqOe2ao3tfDslyIw9vq5h +73i6chm4AKWyggyOnIAqu4/6u1+kda2Hj/Yqm1XwJ61IKVqyzgEvAOx7Pjl3Zzt0 +ds767yQhAoGBANwDsJBkUckHhxBOpG6DoHVX1QhgLJHppfygSoqSvATIYIosu8i7 +ryp9DfJBvUCHtbMuaasMZODRCRvEqt93GbDwQnJeLF7BxFir3TXiKVCcO0iVhfMs +Gejce6bV/wZgGi29hL+fk9INRF7eRH4UUfoG/4DrAaXzTiMP1Q2Lw/0xAoGBANth +uj/XFnZTZmA6ekc6+fL3PhUwKRQo5XXB2wDZIIgduPB3nV6RNkuVbcoAhtBizi01 +8+agmTztds4YR982shZdPseTk3CyHKp3hv5JFhEk+R0B72OzLQlIv3QrqMxrjBLN +DP2TJpu1iM07/7mihk7WMKaTczgPkGUQJPvkZMDrAoGAcmdAwnRHyr6tTp92BTlQ +kHPRhH9t7ZmPBCPdXt0aA2qmOHM2WhSt6uwH+naQkCOBKeDydU0Gj5hiohvLtlNZ ++pWUF6A8djFPhcQoTMKDNTVn5kBJ3L6L4nfznDceWxRRyIMJqhKybMEVUjdFakHq +tpY4+bI5sy8m7DhpUpfgm6ECgYEAvie5bria6blklahacP93w9f24hq6oJTKQAXm +NJf/kLxin1yu9Vdc/qrpXRyTvnDGUX3giVlPOfaC8iUttxcLykLMteT++cIJAuFU +C3mCPR4VJ8WToJGgSdnayXFGgNn/shQ2XF1+K51wlKSbBmcPj6osxVYtmrwy5sbV +p9jSVD0CgYEAu21oKJOOb/fGteEoQUOclQEZbHgXQ6bI/ZopVPTWrnr1i/hWJCFe +VMNVoTj3Kbe3WuKXaate4I28EReRoWwU6L2sjkwNLHh05+SBFSso6SYwq6xzNvOO +BLeOp0TsTOX3PffZJqUJCeIELtrqVuh2pCmbgtey/WHPImeBC7mDDk0= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-lacks-basic-constraints/Intermediate.key b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-lacks-basic-constraints/Intermediate.key new file mode 100644 index 00000000000..b370a699f6a --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-lacks-basic-constraints/Intermediate.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA3ubAdsVM0I6zhweRZqrxrpOPooMt1QWRuFL2LaX//ZXuhQ+F +w+vXjvdvKsAV3q4eYmISZMP3wQ8FpA+3M2mSZleTT04EQ7sju8PGKQtCaB8mgXct +kfZiuOOaLHgtfB869c7ywnU5WrfCI/X17n6lekXE1B4SyKZARGQH/zOozkHfd8QB +9cVBa06g7p02Y1qw6Di7vfulf25cbcZi3QUvkNT7WxhxhFfiydPMyDZf0XggTGiD +H99koxGf6L3Uu44EYw09balDMF3wyuNijxGei4/emm5tA+WMD28AbhpyLBPgoXiT +7yxtLAqKXAJlUDb62ge6Nrkh6wEUl6sZYL6XawIDAQABAoIBAGFjfI/oIGm3D6Vd +nx+2bKYT/tvIaMv8BPD9/mVvc+t+CJrGb3Fsp9/lKAMLrgJ/HPNrWhIAtUz6nUJT +Q34JEFf6x3gM5Dwblb9CCGCCdN89TPuf8J8ngXa6qu/nCiiDFKW1Z8eipA6I3yAL +JQqw9uf3d8od4aMdUFMRSZUtIwIKYScFuF7iD8HZdHY3IFe+XWe8rDWFlB/U9//D +uE59SlNvxOA5Gp0tt7M0zeGbbmagPRG0z0GDFmd0uaIAD/4pHdrOQJiRd/ApFFqv +6Mxs2jp2+pE+bNoxCWBlOKpM0jUuO25CKkp+TCcmSmt4M5OElDNxqCOvSTLKTsA8 +NwbYTtECgYEA9GsDPG+7OX8ydGHlDOkGvFa3D7gTXI9lM7IJ4UmtITSK+A6HlNd8 +WhA3UqvlPAOnetm1ITAjQRcxndVotfy+t1GpKETpUoxte40fk0NeWXrCVtFN1wTG +ODZsFnChD8QZ6tS/sPOr1vowYV/9mcXUh6P0veT1WohVrcO+1JF4x1cCgYEA6Xa5 +lsKCIX4hzb+YFCyKOzb1Drk8eJho7i9Wp//m89YzKIuBsQsfVJOFQghZpqxfRD+Q +BgasR3/5Y6B8kLdBDw7QrahUOKZcqxCPTF6Dl/eiO06roGE8TGDrFlbB/nPGGaoO +DFW928q6uru7RxBdRGGPx5zQ14NlWUBckStUSA0CgYEAiaae+vF+AsKk+rCLW/r8 +xSMdE+g6Vz2W5EdXkx54N6Qsw8kDCItXSC2ryo5ump8AOorTnK5MnILgeaBPyXZf +PkTqPHia4tedbSCscLZXM5OUUWqtKPRSYiQcOYMS4hsx8XQBxTlmRLtAdgamf2zP +5dgrpKqGl4cCocsE9Rg8ah8CgYEApntBUN6XiWa2mE++FPTGBf/ktIEnPCADA4bC +Vr7HZK4kgQ8qhqOVzev8pN/rfk2BCdwByipMBBigMIkrCs+DF0fLS2qz1End3ybJ +6P2k/WNbTsuE27M7GoQqYB2x7M+GPprjtawW3XstuSdSHxTuTWr86q1Kx8QtK34Y +BHVPfqkCgYBJiU94uy0uxnwRuvLQ0LI4je8QKQCjs8/ASLEiD3x5l5mVST269URI +ZjXzYGNGyfhI7T9rNoHMB265BfBAp3pvuWB92rQz2im4ByeSOZo+oS2WL+2+GXoe +5juWrKuHzr8eKJXqQd/Db0VZpHZx7xtwb/7Qp2x8/X4bX5v07PgzkA== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-lacks-basic-constraints/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-lacks-basic-constraints/Root.key new file mode 100644 index 00000000000..9fc3d8bc12f --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-lacks-basic-constraints/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAtw4MLuFGX53cOhZRVi9MXPeSkyqhv9G9Fc2K+OOKpEH6n96F +hP/NW30TM8q4izT2hXOlI++6YcoYnwjqORcYad06IVelbbJjp0K6topO4h+riE+u +yhpmuHnSlHO5RsS+iTFTwdi0zBxr2QyjWuOlIHygvdQUehQpDLdA2vX8r8ORZXiz +Qe71nwsiC8H1EpSJJRMb3aOjRHpXfEAX4GYzqSd8Lm+fONP6TWeAOTM25UH9rGs3 +0IR14oSTO43OjCKYTgVkf9/7loXF6g4RJPmEvRfOFTCGrcbeLEiE0EXUCx8T6aTK +52nAJKEjXmtOdrS91w2WlLbZjiWbHsmiABBHdwIDAQABAoIBAFLzeK3dw8gcfumL +p3wInvAZ+D/cN8P2xVqV8/3pDrB0fZ/odFTanjJxMTxtBsd+TqAW0aTBQ5KAxDt9 +DLamMpf2ehsV3o8hIWtwH7AMaMarV03D3g8Te6zo93XyIulgyn7c7XmQPA2qa2zF +/1h2hCN+llCvREA11ow+lpMimUkD8DI8rP2VU9QigVDpo1OxTeYSijkMQWPgvDgd +rVn2BpqKG3HMO28WkLgYcnX+RrAXEXIhlupvM0afXNEfC6lO3GiwvaFSQyRvPm7K +8sc1EuYjRt5q+ncmLGKfzEUBLXq6hMJPWFDdqXqMTSf4KIz+K2609d4JGqdsmmLH +K+NY9UECgYEA2d0BNX5D8SsaX+KPxPLd6ibXni2ItVFHm9xYaX54Ds6TYLg7co3u +5vzDL6XQnSAW4gS97O44eQDheDfeEnFrTiPhfE3lKE1YjEoFYnQCgSVU6UcW/7sG +C91Sg0PmthOEiClQH+4gMumK5Mwhrg/iujxtOd4SBLScJzqHR86gx2cCgYEA1xkw +3WBYKn1MjNMf6Uoi12iQ9yYX1ve2ysnnL5ENmjzTDSugGtjXCyeZnvr+FZYWY6gz +037JCJs0kOqEVZuz6b5yrMAb7Cy6GsyfWS2ukdlBYGcgDbbE3BgRB/AB7fQ5gVBW +Xodhoh/HwJPcxHDmUcN7evqLcqmDF7sTfNdqxXECgYAZB0vBQn05spL4GwYbQS9/ +W/D/agm/ktPgMwMxM2dFhDPoM6IYufeNL9KYobsCohIe6x6Knp98Pz6n2fs4MTF7 +q6GW7zf5VlFq5IIT2nIDNi+4EQOyY2EBce6tx9o0Zq+eGOjskiW+05eyS0U/QvHw +JUsDD+EQC1O5Kf8qn7FW1wKBgGwfNofg+RCKoWMccSsEYBUlc9E4Lb2aESFIclRf +tpW0Q2aYakd0fkwWIMtgYT4ajrCTiVGjpowT8E10BQc/WCWD3QLnImIKbZYxC1x5 +cQnRSmKaE+uw1q3Hzy/NPjsNi6Zr6q5joPksvm0YJl38Xln1SGmd7WC6wrG4EOit +I/eRAoGBAKN/g9pOqKIqVqb2CqlcTCkj/PJGe8k9fvZ8hIGxLC5oSLKoMnF+RluB +IXldP9WW/INDlW8n5Qb357U38a2pOtlYYIh2/b9qYdsfLIrnuuewpTraNTij9xYV +d7nojTLwHLCOu8Ck4lgbidUrPox+fF1wp4wfSCpPmR7jSsUxZmKY +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-lacks-basic-constraints/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-lacks-basic-constraints/Target.key new file mode 100644 index 00000000000..9f20a14e363 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/unconstrained-root-lacks-basic-constraints/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEA4Cw5GmdkZK+4GU9BnnimqPykQ3CnfCP5J6B/mDfn7v6+LYJl +nkYVHvw9cDaWR2lqwFHF8Vkq1x4/sy7frK+JFkXtca44BE1e57jZoUUUpfmk9+Pn +5OmsfoKV5lyOrNoU1S8E7Uj3VktamHIPB2bKF6UOtwVkO2qXrbF+TbOM1CsjPYi7 +yYAE2VsaNjer0scGqIFvYrfBdHSO7vZrwBUoRFCF3I075wuCnb3bIGkaVWhIDoQq +JSbKAa0Wfzww1FtHmob+/JC10LvT7q+agDxM2kbI2zZoiVH+dnjPIuvOYtQsK8d8 +JEhkypuRspD8ySllcINgBRoycMoS83BS3T6CsQIDAQABAoIBAGVvvVsUQ9pHpP9W +3LNvlsJKp62YkUDcKkbjGjlvurRrcvS213KZ9b6ylr5rBO9FZTenCPGfzoHOvzY+ +VJoYR+jbNYlGMzTHKdWi0F9oGeLMpvhAmVL85b/NKTU21pyiheC9SPZyGPFkYZcv +rVtFCNdQKetpNiSoo//FnAhe4a+zCFmZVvY2jPeaSRnCvYTiYmgtZ6wZpyEv+oFC +kXka/6EJOYwh5GjGeiY39iqkE7g1dTirkPEkI7TFduJrDhgHGAzXV3IisVb27pkY +6kEWDJ3KNWQl2XEmzoCG3WkCkkL4G2pEmz3RuoQjaaNHxfhaSSnle2CX4NLQ+hXo +SyjZa20CgYEA+lco8648CSePxLjJgdG4NUN4VDVxCPG+cKM2qEmTL5jFQ20u1yAP +y5vABuE9d+8/k3Lbmp9pMNCvdQpNYM5mec9jIelxWisHKUksEHp140fJ0svnRQrD +K5zthjGU/6VaIyxMaC1CL+3BOhoHiL3d9Ghg4SxQaW+Blj+tgpsZk8MCgYEA5T2e +Mv/TowlKzjvd9ms9Y2tFGqVaYA264Kgx7pyMKzSAZz3L5vomU3n3cAjEAWPKyaLO +3ersNz8e8DIgKSmxkoxphII23n6kDXa4fRCkENkAM364MUE2YrNgS4rPTJccNm/R +FIxcKJIuc5x+6ST1DPGZGux6HHnxXiBhv3VFLHsCgYBC0gL/UDF8LBAm7T/0I9ts +dC7pIz6hqY0wmZAcSU89NCTrQ3huOYOd0FvoOjTjD3xDyjOtyQEV444Bypcu0Mjv +mJiYU6xK6hNGRN67I0TWPrIzTvPTLPU9bezElfV0a1ls7AUVBYeWLXsXHB2ItU1K +UJYTZHWuPvIy/Zo9s1KXawKBgDb0iZtSRwsbrCo6oeB0HvhZe+yCXWMPh5BZ4faA +4v1sjaeyYdJSf6OdZpseDtcCdFfYRt1edxhbcnBEo/8aNq6aKKWSjdLS60MrBdk9 +hwde7jRqGX/9UStiMyCI+18yDppiPe4+I826FZazmp0Ltg9PT9Prgu6WsS1OeABs +/ZNHAoGAT4kWsH14RcuR+co4es8napH9SzZcTscn06RU5DDpPi0OGNHb3ovu8F0B +teo4Lz3o+DuscFYVxIu19JvDj2D7yiuv/HW1lhj72eyFiUX7xLWruwNzvBPDTeWt +o7hNwP4FgLlDf56bo1fMHdAkUJ0sXAEL6JSEaLA52t6OkRKDCmo= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/violates-basic-constraints-pathlen-0/Intermediate1.key b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-basic-constraints-pathlen-0/Intermediate1.key new file mode 100644 index 00000000000..51aeeab3ad3 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-basic-constraints-pathlen-0/Intermediate1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAoVPTfBXuE+74ilcsdt9x8BAhWP1sngK4awl3QN7Sz2KLW58p +/hGja8j783+qIhOHf8E/QUA/GyFRrloDrobCaHyNPRsO2WKYWmbZO4+IKkS238kr +HHiV0+FQexhCO/MbQbtI2TFUatnvfoqm/s67XvgTaPJhvnWiZV/QxYf69uEEBStQ +oIis4tWvtoNruLOgGi1lcV9nppc+Q6JegMX+NkA0Bep5MQr6uWiaWPMotnrdagZM +2nb1pWNwiidkKYfBi3f68M3vVqlMfxRt2si4tYCN32hgYW/jMfPXR44OWPDxn/F+ +1NlBuWr0M031f+/UtJFQS0tl2Y3ezKTTiBfKPwIDAQABAoIBAHQRalOZN4vR37Ew +XMY9pqzP/h4XXoEkdehUjB748XTRcm/9yGmJ6SiQFm0vCYmwwUjyEP9yKLTtOOYW +zxVO0Sn5imhPQlS2ceSAoIQQlSfL/kJtan32Z91j+tJFNsoI8zBMfXH94r1phLxn +JxSmSfpewyA7WoV7/tWupPapCa96Oh2J31vA9Zxx3LssGpcqj+sq4n8Lbch/wqVU +1ZI6p+9wiBSjMurNPRb25OjCMPO6h/Hc2Endo0ajmphkYEV42fp8o1hDGDe8Rqub +kluyAecQIGz/ykhvIHiZn4KianvrWztjG2okia1xffBxwU8FJy49ZYKuwT6r+n/b +FkyYV7kCgYEA0oljEKaMBrKxQ7Qger/jga/b+YccEYk9vLKWKpWp9ulxcJff8Mjm +B8Ry+1MxSnkLMLct3umIWFbyIW/jP3HxhP7cq6eTxuYirYCRYTlEnRtenKdHHZn0 +68X4ZTnic0Tp4q+PrBZbXRhZN8pcOoq5h+YCLUzHorh/7nhx1pmuygUCgYEAxCoe +hITTLX22570rHMeuiwwpvt2FTdn+0vaQNoIDFGaLtp2Z0lamaxSaFTBnh84PoB8/ +0Io8bWg0onLlMk7C7blQbGNS4XT7DpnRTY8rEYORZ4vRJieGCZhqZkEFjEltHmXV +b+xBkuVHCLLDeTQ70hLtkMlQ+1TjK7X1BvozAnMCgYB2jbajIaWn/+eh4ESJ2pQZ +6xVLpbFAjq+dGlNFF5Hl3/5pEJyh0f72UMEOlQIklZSfkgbah1anqA4glgi5KUh/ +Q6SvZGXqkpzkZol23fCtJ0RXojqBiLhKK+h71+SUVDH/3CxjExPPkG5s5B6bOJLQ +28xOBfZEwvAHMPuphFDQoQKBgAZel78V0QWZH2dG7S9yDGjXbEOWTc3JVkzjVKtw +bUksSz0SwPvjdGPlt1sYx0PRnRBF83yCAJRM3eiocmi/xfSSH9plHzvS4JQIypMK +Iwveicoi8BedEO0e1dWcJuH3QGPMSrHnqflrGHNf2pkE6SxZEP2yi76dcwLoVZx0 +Y1OhAoGAAkvp7odVUcwRIx5j72DTkL/84BZrX00AOzihrV59hVIsAHkIDVW4clbm +Wzk3cGgv+wp77myQnRku12Eh29lSceJan+kShsV/2GHI9t90RaDHyAPBpgpCJ0FJ +HB2hZUsNGAT11sbN2h8psKxUESJharttP74jLSacDRVuCxqZDTk= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/violates-basic-constraints-pathlen-0/Intermediate2.key b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-basic-constraints-pathlen-0/Intermediate2.key new file mode 100644 index 00000000000..6dad70d4d94 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-basic-constraints-pathlen-0/Intermediate2.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEApdoTm4apIT8bIC0loGUoJ1wMLPX/KCpMXGNKCMaQBlUTVNlt +xINkIsAcQLHJ9WSvHc9VdALol687/roy+ToQeW9bgbjP1iU7Nn/7F6R1MpbTtcWX +h4/NY+cPKDyOCh5Gkalki3B8yO+x+oJQL1ZcF7MYuUsm4qVTqCegt9BhEpOnX5od +QVxTwym9lkSNph/553QTWoTjPKVBzemGcsIS6ip4dviIk/aK0N4+sDOglvpAy8Dg +SU3B6EZAs3+j5QHTTpvgbCFuStPW5Qwb4R05VMo1TyoasLNmQE736XJw9HCDxoES +vcnDzFOV+uQhdPUe9mkcQmu67LWDM0F7criknwIDAQABAoIBAE+nsYsc3dYt7OVD +SbMDYomk1+QwMeAkkJA+z6vvUfT4n1Q9KU8cm9dk1SztNsY5GTIEBlK1ouhXLUVm +QF0a2ha4uQZQsOF0+D9wsDPmtLMbZYsD34coNckpjEoS61VIvTPwW23tFMGc/aoH +NGPH4msvhUxZH8/y/37fqX0fA8BbjBGgf+x+vScCCUi/2d0L7NdLqTulx2TPdhvM +aKO5oHBgva5Idg4KcuSYufgNPFt5v1A9pGMuV45O11yV4HCyyQZzRo8MY1B2zPf1 +vCJWWr0uOJ+EDd0xGLzz2hUeArtnvnfzKQx3l09kNk0T6z8dOS4Kb2FCVkQ5ICTa +KWB91EECgYEA1fl2SRHliXt89KK8RnhEaM6arZkA8fXpDgCN814b2fTtheu82nu2 +79Qc5Tl3uD8g5hk7sFAS+sDIMUfRyJYirpxJna/HiUA6XOMlRV9hDkG95pR9b11+ +7MxLygM5EIzX5jtICV+ShU5rvOT4PVPumYq5GsI5MmEgtWTVjIhTNNcCgYEAxm0I +QtI0HgFH3beQtx3vRCncF+kl9pcyqayb/Fr/yKOBm3YzFrMZodOzutxGbbi24SOQ +Tvh1itVT6rIiiw+7YDit1QQ5eQ7xE1gfvKSGWbKUq4fq/Z9nsqEIbMb1nLV1mE79 +0aR7NO97NRw2+Vkj/lF4IrgbcGKYUIG5JdeATXkCgYEAgLUOhoNiW6FRF2Hv+D+N +frGP7w4SuHhf2FFTEWmxPRiL6ztSnOU/s+EWBHfd4JDwfBf/hF2WHQjrImF9+bb9 +Y6SUz2oVjyR4NrlXCPSHT+kRjmoRTXSizVNR31Cy+ZaOo2lTOngnjVIPkk70Vwdu +hSMhlsvvVbOA1juyDFdQHX8CgYAw173k1OFHUYFjLkBNEu1Glhc7O4TAwk8SPQ7Y +e33i4XyRy/Kfb86ravUe1gHwGDvMB3kKN1aXqhNR/i9Kk8DH2qvPd46+IdNts498 +W/NGORMndfl+HLLl4YW1YPQscu5TY35PEHHTge+ODzfpAOw/OcacpTz72QktKAFv +MzC94QKBgA4iH7k22s6kYBK00htUjyzk3rcjQbeWMEEO2QO2nIXczXoH1TYD7YX0 +A7VzLjUEtxv6gR0Nr+R+8NSiG0M72L+JbLfUG1NLmRxIJt9z8riYNc0xhDksS9jQ +MopKqvkRNhh0zopfOul6DhbCRb7FTf+HhmAuX+df7KQqTDOqhqU7 +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/violates-basic-constraints-pathlen-0/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-basic-constraints-pathlen-0/Root.key new file mode 100644 index 00000000000..1252b5d0333 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-basic-constraints-pathlen-0/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAkghWgrkwrxSkuRBmSU0q5zw7OE6psx52DzJ1c9DZxiE6hncB +t6nsUpbWAZekkPNjJNrtnleYBe7pImkAAsbPFvtUewAzMSsKzMNUmHqgEchFeLXn +Ohd+T1um6Jefc2r8STjXSzxRBemqoQup9YZSt9M9MezKgmQV+Yrojsj2iDWufLG6 +SoYH8IUOmWowqaSoDNUhV+DNlZZHIr+TvGJ4wlmrrmkSdWkRwGCNnddUbuRKRA11 +TEvkDpZpDFq+l/1fKYqoRmAQuKPFrkctmj95HpBE953JGz6tNUWDX12JxiSntb8J +RyL4MLiUNIVPIYlSY/rbAeUP4PM2l10ubGw9VwIDAQABAoIBAAupos8Z3yt8aJNn +HeQox45kHw6mKaNmgWNBUmQHf/z01mm6w2ZZqcgGx9yksb3p0jc1TNjigf+nTvMy +k4+lNRDOzbZtE6mPmHM1/mGXGYWSCwpS7L6U9b98wF2/Djr3hmKKqZcWoBnqyXfH +KLG1IpIPyslb8ehr+d1OHLiakCXclMqTQSxCVX46Zv4MJMyn6z/KjaWMYsCCXjam +0XuVgcNBbVVfl8/jdWhcAyKHoYA9jUFSCPQTTZ9jRJ8tYdFJqpy4GyUoF8+e1T0O +9LMMgrUEZ0nY7G7izbdN5sdrt2gSozzc11GgceMLeDnefEV2PYk9wmq4sxqBIO3/ +tfokMMECgYEAwi1t5g/EoP47TSK6Nsd7OwFjyZ4RobMbggHEsrUNprmOXDXadaa3 +uwZzZzBQmmccFMHdAzTY1B9S+KTt8vxnWTIbwhmk4THGn1v7Afi7A+JkCP9jTseP +q33DCCDDJYKoDKLgCLtcG+9A3tjl+kXzOEICwBfE+QQDDSmpdRPy25ECgYEAwIbT +WJs7ZfDTbebVZoZFmnLAmx7Ciaby9TUUsoslmrpIZVgI7gZjmtG5uHMQjmh5+eRv +6zCTv+HqhLqr14JfipgemA0S+3/jEydYHdZ6S+Ek4fYQ48nKwjmhrrtmT1cMiRlS +0H4X4XcbAkc9mbobMF0Wi2LhfeiRTV8xbSZIhmcCgYEAlDerIKY+mAkXaPyuGWxR +Qyv/aIGwwbX+tFD3PNX40p/m67nrxEx7CFaXNlfp3sH/7FRCiNUJAXnbkpIKU6SY +mrwl9hYvBfpBu5ixU8LxtbhUVY3j1tl7cBKyEX04mGRQND0LN38UgvowkSoM+en1 +CqdQhCJgpxeJ4L1BbW3JvhECgYBuSg4yWSLKwA3ujGi9RbgDxS7u7c0Vm+zcaV8E +9M9C9unYHHlpGYHfw7r3nfrjCZiufZ1bhsVtC5cUF/evCkF/HKuSARNZvaYwZ76D +wUTnyP8e7p44T3X2k5s6hKIUW1KUC0y0oTc+8sMnJ/Zy5PkEWJ88lBWG0j7CqwCe +fWrYiwKBgQCo0+qvqueeNudt725/SWTnTIip4Bn9zYTLd1i8npImaMMzcMEzIHzc +/zU4LIObVh07afZQjLsdGzWwZCopxKgraNcm4A+UO2oAxCa2aAFGfESGT+2/oh7j +a8GkBsbfthY5WbeFbFx6RxbRYvh4NBqws4k7RUqiPJFz2VbMRHu6tg== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/violates-basic-constraints-pathlen-0/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-basic-constraints-pathlen-0/Target.key new file mode 100644 index 00000000000..e43522b63cb --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-basic-constraints-pathlen-0/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAxoDtLEK/73xl5/fVN4+47b8JvoO1IrqNjl9jy5hpuvx5piwC +cLIRSSQyWWoQ7NqK+lEn0pWmCAMdOSBhS8Cg81QaU/RTNEJmr9MIXA6rysWXH3Zg +DVwGVpZCpnP8YwvpAqJkexhObX6IuWW/UrvlV+6vgVSwb7PFItqcfUDRhgGd2ze+ +kVCUm6h+2VQygVD9FFRqo4u1LB7Amqje/Jb1GsqXcGB5lF5n6JD+w2hj8F1k5eyJ +p3VhDGgq/rDThRcLXvkb/xt+9FL/IFYPe1AV25Z3PAlOmCvHjlW7WXxSt25FINe2 +x35Pcdfd5rlYBGAq5EBkXiyOMJa8hNtCuWaLlQIDAQABAoIBAQCkx7OaUVLJN8fU +dxvtAoat/S7WkrjTum715+OMx9nFGf7V3aSs7nSA9eZB6VVheM1zm9jl68omzob8 +vA9odeBl/cPZO3GyaQibHiDLYnZjXgDkYjy7+k9co2FykcfKZMGpqSqmMHgyVp6i +4H6g7E8m3oGcZ7QLFf0owLa1FxCXHtr1nBLGLKfaAvkvvYphoza79b+xcpTaz3Zq +nZJUT/TjCevxqAId6ka1US78lZAykhC+P/YZFEBfr+3eqN4McmagDoP2pOn/Dqxa +v1Y/wMTvCeFmotWH4oUJLuKVWcwx7Yr+FmDZTIJ90tgDsGy53BtyW4FCAsg/FYMk +eWsHVBdhAoGBAPRJl9FmzabKbKt+wm68tZ4l5R6XBgdxmFw3kNsCRSU50rQnYkPf +Uh/jUsLRgQoJkNJH5KIa8Qd1uX0NoiNKCU8/LWvvUQH5WXVp5bxKGWjkG2GFCrP9 +wAblyAibiD18cDgml7Xw7LqecBSDA1C+wepwsT71Jel8x/p7Zc/McVo9AoGBANAF +YNAUViZv2zpGycoO/syD3nNBV2z2maRLNUeybPxugA8pj0abACDj84pWRaXvM731 +lcg2xjGQF9G8ClUWA3nsYGxH+NN/gpsovC8waKkGOXGrb7nvP7olsMUzeEofeG4h +rm9kwb1bxKEe+CBXmCzkhJMMgPlnepeVN8UcSoQ5AoGAf3UOY1FyJ34iaPBAXirT +z+oRu34sxSF9z0+mor5yeVPMHfcWjDcu0Dh5a/CHlUccarrcDcBk1fGUkCzW1fbB +GLnr5w78gz0ocdyI407+Jv4tUxppVTQmRvMJBYSw9vPAUWvBaEqGGXClJe6dgjml +T77wm9qop0RVytkra9pNojkCgYEAzvOKzXht/O9rex7RwmQIug63UJLBF3Z+hCUO +bLXmF30Xif4evG+YQSCHOil6QQsovuOEkBtuMgDYsaAR53RvIO05QICZ3FAO764n +CgtvFDlNDPkxvhl3nQnCQ25hTdzhQy/fCpOC65BQnrrgv8xlaMQv4NuftIBuRj/9 +q+vpdoECgYEA17cUaGCfnRWtMLnR1gSd9SdjjtwIWu40KmNtY5OXNsrzODWpqSks +jV9wsSG8npYxXLusRc9EOl+VPgeeBidDtYU5/7quqSwp5NvpSLFA4LvGSPRx6iz0 +zn3Yz262mKxtcr2SG6kU/6IAdpO5VW3ilKrd1zAQtg8h6/lO/m8QPOg= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-constrained-root/Intermediate1.key b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-constrained-root/Intermediate1.key new file mode 100644 index 00000000000..dcbff70af38 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-constrained-root/Intermediate1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAp1qVH9Rd3CQFjbyGBu0n/k8bSzhCGRVTH4ybi5Bo5Ux94y6p +mlUpS1Fewk1WthxFyqz/VoJ3ke5DFQt2g5a8Afx9F7Cgt0mT/jOsl1HRhWUikOIg +1vM+fcr23rWRdJBet1UYT3DNrW/dQu1pgsYvHzKgd10xHClPdtDEB8B2lIzNl4D9 +ff1mNdiAbDqDluMZwpIKBZ0VGu9QKD/Vps0gAYb4w3WctsuL2DMEKthBlkEVdrQF +oqsVojbY6SLX39O3OvkBhA4V9Q1mDAKv4boDcz8C49u1GQXH6qs8rxSofVCBabr5 +64ztsXaYNkFXo4/rqIQTD7qWDscFDTFnK53iawIDAQABAoIBABIRsbAyGcA/E2pu +RHpS+NJ4cBX7CQf0SXlKkTDMcsbvL1hsHVvQfhjnvDd2ajpXayGq9Ba/F3HmK9AF +4NHsYHhGbqs0IuYnR5dWtPfRmbGxbb3+7FTJBqJGW8lICWBwhgl9YpaRM2PahCVJ +xO6dv1C7AqBgq4DC5RWLDN9ZZHQ9YurKcaiSJEpzQZjI7qYqPdXg80rCsDjbn518 +nEJs3kLheHb1rTXG2Zwdby3t3Ku4jl7e0Umg0LkcDq3tnk7SXHEAYi8UPCggXn7/ +OEA1hMQbScVw44uJmUjsCpKLo2weNZ2+1RNZxq6Wstrgj/JTYGacgdrmLCyxkox0 +i7FDuUECgYEA1vGyWDwXiHz1WNhZKn8CHIVG1C6AYFsZrb7ampOuJdMlbm7EqrHy +V3Z3k+GmQD7xNYfmbmImo+Q7kdrpXSiQCJhyB5e6FzVLauO88JK7CHwEf7TmYB1f +vTuZVRq7C76bTrHcF40fBWdNzUsr9U/fO3Rume48ddCKA9QJnKsW3CkCgYEAx1HS +03T9R1en0ee5I0rJQYpTaqvqYdgm8mYPD/wSEqWir4HDwIvdbGx5w4URyNhaXPyn +F07pqM8Hlf9z73wNS9FiiaTldfsSWPSMGxQIfwgDc/ZHWXQniA9m3s2Tt2GY6oHg +OrXg4cOrauphi+Z0iHrRAZ48UHldA5wsRZawnHMCgYBmUWWhRPG64ij0owBHD3CU +3QirZntr4tHleE2deaFTliBiYk4yJ0UCR32Cos6+FHhEEC4r64MTT0jgFIIz+2Qd +A1x8qshF1fPRrRk6t85aqpaFqDpmFHWHogBKl8/kNla97kKj32Sd8OADUr5ZJy1P +owwnMFYNizi3u87bikH2iQKBgEc7Ian6LC3b0Ji+RDatmmD2yzra92dCNSD5gjaH +MfpCAXLRYCCmm1oNJjLOkn2BfEGw9RHqXKy8WAyt/0O9xI6s5JcmO+6+7F6n/o4K +ycKEHZ/KitMYJKyGPJAxTbICigB8q6Kvrw9fuxn5ayTxFgJUSe9XGlz0El6g6F1y +LemrAoGAPsj8tWQq0i8re4NlOvOLLu7efLe5J/lLzRVa19GNtQe+SZK94FGT6DsA +OkWOXRXfxsRftgSXfNyKX3wzDmESb3oN6VxqLAfLt71fqPVI0U/1v9Bb7A7SBASE +52/hv5/9YSMdpqMyttLQX5MsTsIl4+ZaHq6iK/oHDg98A/IUBsE= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-constrained-root/Intermediate2.key b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-constrained-root/Intermediate2.key new file mode 100644 index 00000000000..52fd0c394c1 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-constrained-root/Intermediate2.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAwxLTa4HsGsp9qphYuMHzOpfihpGutm0CLghnbJhe887sOvHe +k+a1tWgMZGeHDMgMLzNk8npwHTK5hCGrRd6ZHEqXMH4eDvDFDGnqGMxzjOsjKGr1 +K7aVZ/18mTRGZ/j1EBbIBNvrMM4jsf5xp4zdribVMa/syi3XsCT5BqytpCqxuxt9 +z62y0+LXSuCn8j10Xb7tPL4eKt7mie+Kwz06QTT+pVQl9xG+Zf2wal1wE99BkhkE +/r4UWkyBa6iMFTQ+UTCNGQedAjFcekcqCj107JreeH89iuOZKlJxrNC8QHJi0mzo +KCNWYvFXuEtgTVpUQjQsiimaBaj7Z5CREfMZpwIDAQABAoIBAA/2k2yBxkNu/Jeg +PeponLHXyga/FzAAfaQsteHyGhsTfMtaDZ/Gymnc6N6yhh+qoyydpQ4erNwG0Z2Z +b72Y+KiTBgpG18jbNRTN+gUrfe0zNL5S+lsoZtOKr86Ns5FAkzVM1/Nl17o3tD4V +l1FhuqZMsTeOsO7ej37vl51PNipv2xHmxD7dHRP/mL1Ad3SsT/FbP5frxDThpzGl +/iMC6G4L5h+sZEVD0rv6uLLSkIf6MBCCo4vPdslypd+RbswgrKc4e3GeI8ra5wik +sySwqWegReewktBqoHarOzVd/YMDZ5NoFmQWect/udj+n9C/X2QFgiBeTtEQwZc0 +G/eQq9ECgYEA/5ULNfxSZVFNzDvlpzz8ARWIs9d4S4NFyka6I9qEMQ6efBWjIMyr +72SGbNrK9pJq27TbV6zi4SHwQMe1iJPBMC0bybexVb9ks+VRra5RwLRJkti13h5R +JUgRz3i0BHIw7GJHx9BrSvwAnB5hdzkDupjbq5ntXbEug+xPgvvIcW8CgYEAw2R1 +2j6xwLAi7C55tDsRBKY9Vsq9M2GsfKv6FAq1JfvSH0tDbKucRhCfqaOPc1JzG2mw +nnPwLLuDkgR0Km4kZjdPx27RaeqZx2Rs+bDx8+JQvra5W47fQ18XuyPfev3mEhv1 +HXhgK8RtZhMKkeYG4IdEo5l7JBAkm9tn2uIOz0kCgYEAtVJpLLjBQA4pco7ABCD4 +7E/5txVTy8brGXGKF2uswx0LBR9YpylthZ483DdxLPN9ijfKMW5/W5d3Wo4U1Tt2 +IJawEzEWR65MZHB5vQ1iBKQjWmISzO2XRirWL+oDVPAqk1m6cSEFLaKRUDEhlrLF +WXmexySiSQkt5fweAOBeOVMCgYBd9kWmelfIretdYMwuG+mHLtp4jm6F8wabvag5 +Uxzh80OMwQjfjXdNSlk9nuYxMwkfuaexy1dIa7RN1851SRo//YFkCqqyIJtrA6RU +Pv9bpQ3naL+ihAZhw60J1ap23vpw4vjw/x5gbcmeOLHwj4nnF6WudvR81zaDrPM4 +k1VD4QKBgCSYHChmN+5n+FzMYT6pQoyasja28wV0TuFj/acKKhle1iSvjaAin6SQ +wslGAbplvEgqpwIf9GzXsJC10k7YGu9eETLmRJW8/pd12lrj5YGz1vLqHrh4ewt3 +aKo2zHS0HIYrt/FAKIzKmHijbK8FsU5S4611J0oexF8pvn1sMSaL +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-constrained-root/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-constrained-root/Root.key new file mode 100644 index 00000000000..0ca703b90f0 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-constrained-root/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAs2JAM3OcyWStMFJzeAAIrLUqgIuefZ1QV+7fQb5mqlOi1ZBy +At1zZT5plKJvXASg37JOcFdxugCadT6gYOuLBpTDZReT6BErdiC/fyD0CRS3uMQX +mom8NVO3kov6+2KdxuQ0c7TSVfgV9za9qyRvKCaJHmNQyOhJSk1dDopjeq/detri +Z5tLV5s6sibMDEvW9Dv22aTmVqIbeKCqS8YGH3w/UnXO5RihI2ks7rrDpDPIZahd +fQlRehajrqHuET4ffKlGLa1/Bch1Gj130AJLgPmwuntP2L7Qy2pM8+MAD7Vc02V6 +ukkhVC2EXn6FrYRw54ZYkS5Mc0pSzpwEhiqM/QIDAQABAoIBAQCpPiFkacebGylr +Vd8rcJy+lY6sCQ5XZXzP+ccZuBIU0SPoaoemvFiLRP9IBJkcMCG36/qlc1sRKlCQ +Ha4iwxg/9UsEreIWKVzf7rW9s9GKX8mWwSuj2h+AEKQ512fMlZZWeCgkoo1wHsha +nYMFXTKipvjnerxVURMUzzjk5xxEOuL50iYHRTb+KNsW+ut+2uArGVGIGB5UpYDe +ONLkHFOlk5zNKWHJwwjLPACCzzH6XifmGPhrwuBYV2avkVjBQJyQo9ZEo9tfF78e +5QKjqcCZLfeyxhwFLW/SgvmqK06dXl72SdMkxmMKOxtPHKsyuDmMfsNs66jn1phC +7ZQ2HdzhAoGBAOiY2QAeDWPiIOGOQiOsM34QbFlFUIxTyN7cfJ+asT5e0R8x8Fhb +yZpxronTv9thL7vw0ph1YjZThe2diFYs3dr0ldpZ4eW6LIZQP0q4mKzlUyVNgduv +iufrkD5wsA8cE///geTzDA0FVStp4zJdpzyzLc2P0UznfRfYXIlHCe5rAoGBAMVu +wTKAwVmM3NkO3nQidjgTCW1qBp7rFY/t8fTo/o5xk3/ppUwxg/HNKtbH2FdYtc4a +aIoWFI6quR/DbcFIqfCpVCVocCYeL5kbp5a/dJkybYm7v2VXgFWltgkolvdoXWDZ +ash+bhnFQ5LX9M/A/qO07JlEAi/KVo3CuBUMxfw3AoGBAJV6LPKjXY2UM/dgWebc +8paQbWENZ49XBN8cKUbUvhVMD+6RRFk0W6JSbo2KtGCC249XW6+4uC4bjRVASO7A +lK7ywh755m+hLp3+kj4t1Yg/NCjj35FUBdu3ihJmju6W589733lILLVteOeWe/jR +MPmUWNojE6ntlnmthQJ/0cUTAoGBAMShnOrmjyrX/zBy/Zzeoa0RUKdXHIb0DUKO +shbAYp6NgWC427c57XZKZysIWHAN2uwNIya7/PdmEwAOjGYfL5mPm02yaVedYrxz +bYLW5ZKaRbwSb/nHnvouE1Glyk1X9QA7KX3LZW5nJ/i8+oZbaYCz9ZxjvmXIeFGx +p9LXKOwbAoGAUA7+5C/cAK7heWE/hMoBTOfaf9Q5IG2bA0un0747aefzPHRIUNlI +hjRIaHaXVV2IXF0Y5HZbSKu4E8oBVo6TsB252Xo0JJpZfplV2K8f6AhdP8ES1HAx +fL37+UymBT9rNXOcicJDDm6ZJo6+y5NR0YSLzf2ENGTkXCPIWSAsK5Q= +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-constrained-root/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-constrained-root/Target.key new file mode 100644 index 00000000000..a8282be0cfb --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-constrained-root/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA3pRoRdqFD6SuxNtJHvZIuqMYZ/yrBiQlnvl7MNZPTx9L6pon +K33XJYdkI5yW18bP/GxzW9riOUeR9aiF8eyA5/cgNjkJBkAzn5hJmve/g/LrqB0g +8x9f4n7lvq+/up10DFridZh5QVPKx5uRt1F1rvGg+gbu7YAfAcmBGnOc392dNKP1 +R9thUkYlutU9CFSjAoxN/tiBMbEuTEizNrpF6OhB09EqtB4QEaRRRfQiuZxlmtxB +OHvrLmbuoOvzRMhGJXVEv5l8saypuHUOZaWxG8r+GPeg5CRN2Fxms82xwprg/mhx +ewooEDj+ZGWQ0C265bShapcTgJxJr0SRv/eN0wIDAQABAoIBAAhZFJgaHAd8K7ni +Z5mrrwqg91dfGKMAVBDkVoR8ZTkYeWZxJarx61HTBCR5yQaKxF45SxJU4Us4rfbC +vVNXhXYtxJ2EAhyj58vCkHApfptaTxBdF1FHCfeavs8qFEzRfvq/peK3N0UF+YMH +CK4RdhJ7qYf3Hpr1xTPx9M+jKm0S9tvQ4FdLP5HClOSK9NqzlF+qtZpk8DhNH1+2 +9YUA1LNddFAuGpkWV/Z777VlF6TpkjOmafeHoHEVh/RgQRHps/qwOHuKfFNT5gHh +xEXSoa3Cr1uqCAWCqUaNws6smwRBw10mZsfgC2GieK3tLcZCKXRtGGGYmeoh6u1C ++Rw2jrECgYEA8wvEmOnsqoqBcJRVje0723b/GrCBeUoOhb3MK6oa1vXzpfzPxk0g +TjYe1wnbCnRV0Y7V0WEX6AcBFkNIB4NAH+qZ6fOzw05ZtkX472pO0moNYBsU6Odr +uxiOt/abSj3h2Zq4/cZiHO2rNNn2x89x8lvS2srI6VsmwVHkFzh3ozUCgYEA6nFj +aAOSw5cCtn3KvA5YaDjzwoBGguF0cyUNYJnq3l5r/3Hv0GK6KKvU0cpIepZiyn6G +lLda2aDW1/V4BwabUvk4wlibYAwF8w2xA1IbI88SsfO+FzpOd4s0O4EPO+TgOok0 +JVs1w7jAybUmHqwrq4YTRF12utaH9gQG3wOuRecCgYEAqkBQEx2qHzyut4Hw/F52 +U6HjyXpi9+ecjKsLXnrmGjZn2pphoXNdcewPZmsM+SHNC+KWfPkamfpuFH5E8p5K +SRE5h9yiy+kShtA1NOCvHk4T2IKf/xY9LO5i6xLgbP00PA5aD8rr53/FMlyMtiLm +mvMfnQv3+R9U4o7OzEVN6RECgYB5seAa5vfxBVtIJWXuVjf36dBGn1V6rNNIzevy +wBLV2QeQcrE8Z3Mgl4mCWNFkqNmhKSps2fyTyVSch3QFmZ1Y5btbzqjgo30XHH1N +LvqdjOi0bMS4w/BlR2IWnTiuK3FlkUD7Pyxaa3XPfnPKKi8E+zTXIPj3pVKwFokG +jJ+S8wKBgQDWCOTubNSsvBPHogSpnXBvUVhBUg1wi/4cPXwTMwHDNbp3xxPx7CTW +3dbIcEV5PTnRvMOZIPpsWIZj4baNqFiVsfMtVcwgtOsubwbl525nOwwFAorIaLXT +KG93gWsHz7vlz2XUWG724SxQ6kdn9o8qs6guMSCYTNAehrYwzpKNUw== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-unconstrained-root/Intermediate1.key b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-unconstrained-root/Intermediate1.key new file mode 100644 index 00000000000..a0359feab4b --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-unconstrained-root/Intermediate1.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwTc7Q/WAOm+IlKHqGDtWe7xNPrM83JlKqhEMPpXu7XYnW6WB +WXNp3DPaIDVIAKw+Q17fEBfY0+kR2gBy59NCVPGTOQsYegxpTRJQcwz2T0SNX8Bi +ieXwY3gbkrsjZ493sdM/sWfea6oPc8PT8mmEfuMENCVpIxMjkk3VCFV9d7hClv33 +CTUgSr+OPRack12Bou2dtLNDBnTyefEm2Bq4PDXmzdY2eVwtPz7fHAjpWnrL5Oeq +VNt+ljigDDllaIg6oAVaee6O3ZYIho0+ebF+KL0Pmib13oxsetjnecSaSDUmLKwc +ztR/pKJ14ycPD95aunpZx+/YOY10gfw3prG3TQIDAQABAoIBAQCQMvdBNeTYN8s4 +GksKgKZ/vD3uEHjYrnMBz61SvDVP9cFT7YZGyxLza6NcLEercOEbCJ/zc8i4Bpbz +GyimiY1UteJJTVWcKM0h3ww5gTAGYsQb9QnVns00fzwc2xuGO5V6Go3Lihh+Q7I6 +lKkGnudqh2Towg7gRXVjyEC4co0sHgLCrGfBD+NP9f9LHnpXEA5dVCaVz2VmVVqp +7EiN4H3C3bkj2MZNM/hEBR59MlGvNz5WXcyq6UrBYxM8NuBGm/bF/35aRjASDpAJ +2azrzTRwrY1HBd+IuuyCrf1HqBkS7oYPzTFO5Lw6wI7AvlPl8xvOCtlaZV7/dbI1 +GoBv4jWBAoGBAPw6F3Jv82m+KfCxi7HKZPmUua5DCvnoqOgMlFSaRHYEENVCl/Ce +uBiep8cGgSuHp3S8ujpnqXiQ+/7ADdojuMCtXTSiMDlG3KHZ/dOT378YCPx4JUs+ +imWu9+gddQaJyk278Ob0H5FE1EejMj1o3uQaSPUl9fQyLBHIy8XMfSvhAoGBAMQb +J8Xv+wwEEIIg+XTsTwa4rpF9HATFtHYq5XZzvdwTdQnqPaDY4tl0/92VAq2gct6p +c4Uu7eul5S6z8adIqVLhq833FPMu4OAYay8OEW6uoPs55h9O/7uYrrxTTnABhPE0 +t4pvbOEaf3gcQ+lockW6nbAJobN5U3xjAKZ5ExjtAoGBAMqkLWROl0SUeIOdUTt0 +/S0blRZxXKctik5slNtn2arrV07PIt0513RIO0mGa066vQnn+sKjuB9adGrWiAqC ++pMqdaCs0Yui5+3NAsXynyebOtUD/gp246AQM7IzwGqRV4yee0xCQ/5lSxuG/P0j +fTfL+mOirPkVOhzLsxNmWAZhAoGAO2NZ5Siq51WnxjDEOvOBbzCotSilPpC8+Pg+ +q2ObwLUnwYvtg/OKp342Kl2BBSHNB79bW579sFp6EG2wJg/sL0xmYiaMcqTktxjO +BN8GynUaDVrYZOzgp2gyqpez7lmXcBCd8M+Tsov6xF4S9vGJgbJlJLWWAashbE7z +GHccIHUCgYAETXU7OKN2WEdnBQo/lC4E2ZqM06FdDls70RyqWYT7yanXKIsFIDpg +w/2I6GoeFDyXSQPPZ/5olbZ0EA/dB8D/uLnLvaSaU0u15pvR/6uzKg+XtT/3EFt7 +nVrCPka0YY2w4vxjIt4c11d1BrlLoCpvErEdb1iN/zYQW8qaj1+exg== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-unconstrained-root/Intermediate2.key b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-unconstrained-root/Intermediate2.key new file mode 100644 index 00000000000..4a3b2e1584b --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-unconstrained-root/Intermediate2.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAuUGjebidcKQlWFtHB60KIz42xETDJ7vNq8gbTri61zOvSll0 +y8FfjI+2DYmtQx889GQRCtzsZW2FXJd+jXlNvyy8fjFZvLfLHIuaEK4S7ZNQcmZF +wK++5+IKzbRg+AM+auLK/3VSIHPTK69ykRvuMep0m6CqsjqElvMAZaSnIeCxltIy +Rca9bhdndDSJcaguGGsSH/GXBxBhssI4rESX5PuZM0t9YFKGRNTfkQstBDe1flz6 +PUaezwtPGkPZmmhWR7XwaIBnoOTZ4iXU/zwas+Bf1UTs1Rvgsr790SaJJUoYSspE +0JR0y6g5dWRaGSHRTNmyE/DRT29FArc+bhD+XwIDAQABAoIBAHd3e8uoIWedgzPK +kTDDB1GY8kp5qXx7IPQRdIK8oEjdXMJOlAI97rc/igCK83/gqjdUPKVLuOrjyOfg +Dk1/l4Kcf+XFP4By6fm7kRwGldA9eth7Waob67mvzJXBJ/NobB0TqiM5bj/dUaXP +W8t2PpJUBuTBpLKRCCYsCOqDVwCBxDGVhZBmVXUrUOQpc0u8SZrumIHggebcC5eC +7aOB4fwO/lnZP5BN1M1tC1ubobbZB45riDGjPbPs04vd1tfn99dB7oL5C0nxmdmP +zOSXYTzh+NqP1rM0nhrW0sSV3spC6awpj2SMjfia2gTsA3H4OsJxnqgQ4JjayVOr +j2EiJ1ECgYEA3rmojHlV2UTouBDV8xu1ZIqrMgPMfpfftLgjNgZXN2AN6DTazycs +ba7H/bzamabzyxaMJ0/nP4JV9+yop5oWOk65nLEqL583i6subPhRkHYjNedQI/gB +31OhmD30drVAUMg1fsXuHaWCnFfhs0hT528xNhJGoiJpI7uwhmrKYgkCgYEA1O7y +28BjNvefcpT+tA7NQRGx02xOpmEKZAoheMNVEz2PuM1/4cSAN00aZCj2Os229zhW +h3uBMCquZu3TlaVAEOqpV+JYq59Zb/JmWvWDCjGzp8j3UKNRqgEU5QrgyWdlbs/9 +/FUkklJnFuYZEIDvRdRy4GoSRN/xP9Vz0RFTVycCgYEAy173up0oeKXlYf1tfvj0 +HwRH4fl6BrYi/N+Ot0v+439/82If0jvQ465OyzBg4yCBSBYkj9j0LReT7Dhan/+h +AEjWT2+uN6HIlG4QjEwKHkDhUd0PXmidPREeYudfi+1g9uJ5hnKxRLzWkG/mlVAb +3R2478isWmvVWV2OiI6GkhECgYAV7zNnPa86t1FefUirhabRICCAVfTYIMDwQzbl +eMGnxLysXcbhm9tVVwTz8mBC+HPzjYMkW62YJ51ljvQvwyERXQrqua9GppiQ9phi +oE3KXApUq1gGn3xHFetwGKnFNXh2bMiOGLs2s3RZIITOdWmweM0InwSYwbTZTYSr +sawzGwKBgQDJz23W6oeOBsLJuZ/EzKQiQDld7JABJdDVBoGnqJDwsHulfM3RHouw +jtUynlR6bC5Fb9w+sCY6b2pwhO5TVXGbJ17HDBHce+yTy3YfxyCC+QH4UXa8kM1i +TAr7dj1fzCA5wCb8CWu9XmjC8Jx9plXxrSAGRRaiX0BwSyE73cb4RQ== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-unconstrained-root/Root.key b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-unconstrained-root/Root.key new file mode 100644 index 00000000000..11ab68fad8f --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-unconstrained-root/Root.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAtvUvLQu/CSCSVu1vG7NOLHsbfY6X8e6Vvy63Y96cWzU+wVt4 +Hmz9lP4jfWwov9qs1EdYtLoAnqrOI0TGo4R6W1OZvCD3+XYQHD3ERa+0VX8DJlRv +khU84eo9AMcC+85Z+VwhF7IYnLjS1TZWjXwkoHZmfi4YiNCuGNhlmFYzClDoKOup +/n4ut8c5k2EsawSA+lvDtT+Cs4GzkioKq7AcDTuIY14Z3b3ECkO2ovjJ54Yzfkq0 +ix2HJKRnah0yQalzdAXdCTS5QmP9LLxTbgZR9J/rsI0P7JxLYW4Y4NDkAzQ0Zhx8 +M2T3TU+JLanDtUMIgt+tCwMNIGvPJ4HLp1N9EwIDAQABAoIBAGxEPzyK3OuLyM2E +B+H+g14zI5tzTFswcpEGFiQVUbVvlslZVYW7vXvzwBCydpLB1tBvwACCqWc7cGzS +gDG3baipmioH4HZQ9UuhCYqrZS3K0ZRXFwb9Zl/R+3OAUTWtcPTtHfAlxgbIIItn +cmSbeBk0t4YnxQEBbGTreYNiTyXkpl4XZ4T32rvbc5OcS2MxHWmm6EnapCblaPM/ ++uyEQJ+QJXk1Pzk1xBKBrI3pIkqF53J1M92v9jDUqlXOY7vcaS+d+CfIYxY7iiXq +cO24m7Kq7cpUcI6DCYVlPENmb2/sqGwHSyKGtWlEE2+glyjLNLcjeORVs/eAmj1k +8HEqX2ECgYEA5DJSDeTS24yp2XWuNCllcIEKv+mQOoOe2Rp0tXsA8AXWlw/cH8SW +lKuyc8lv02A5H9Kpj00p0v6gfnoSECSWcjsdGKZES4olhrRAlhaEbsEh2WDrEKLZ +7GPgizAZJuVPROJV2cxNdYNxcPODUFMGm+2no1rGzyH6MLczkqmk9UkCgYEAzT/R +4Rdqc8QcjCaf34GHZwIIxhxh5E3D4ewhcVwmk5mMb6xx4X/6F3w1JM4DAD9ZULbO +qfFQw/IxF7jyXoz5M37OZBsd4Jlz6kg9Rn8QScJSHnmZtrXfhVbiybBvlZMMV17P +68ET49ppvaMQ+qRtrx5i7lJrAGzPDRkPF3vLi3sCgYB3SN6fqKeYYJVAuUVQuvrt +rmbCHwNnsvnMHwo2+49n6IVd/cphSNA18vKbmAa+haQWwHYmFH3yb2vR8VmT2qxS +FhiFlBRLMHGhUoQYcLjVdFuPWBxIW/hym1r7Jy9ep6uiJHYgHa236ffYxVI1INFp +nPduartV9zrjUEDDP66dEQKBgQDFlsHC0tr9NXdSCMDx1u114cR2i85FjgOcE8ki +K1dL0o8a1sUPFDe7siwrEVRcQaAHDuWnPpPE/vv53WceVNJ2m4WvY1eA59lqWj77 +Bcm1aCfMBL5Q4YecAsfy6DKTqOtBlRnO2KIAQTx4fmoTEIYzBqqwyZEO6LDu6Afa +UKfjzwKBgQCG88lqCoOjB2TxCL83487yv1xXb7HDf3OV6px5i5QEaw5+la6aRsrY +GPDRHuRhufwfc9vAMb3VFlTU5zrI28VruX0sHXVsJXY5owd9qwBSaBm39bZcuZuw +OJtbQ0XSng8mK81EUivoYkDQAxvX6uo5EoEfor4EiyDTLiTAXUN64g== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-unconstrained-root/Target.key b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-unconstrained-root/Target.key new file mode 100644 index 00000000000..580c585a9ba --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/keys/violates-pathlen-1-unconstrained-root/Target.key @@ -0,0 +1,28 @@ +openssl genrsa 2048 +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAnbCAQZrVMerQ9kYdzfXguNHUIfp7AQOaKtzw8ZF1TlfLttID +TUkWz4WHp+i13lVn0Z8aKhksAJEAgcSSzAO+wfLFcjmUth5fSnCDfVoFLQKnhCUq +2hHE1Oh/GvuIa1L5jMnHmSF1NcOEoKGxMm4f5LS8IVvke+CFBj2/+8CSZh5T/9AW +O6V8MgcQVLeYPXAv/O5UPnSo7EtFEeUI0VQrqXiDvFWSPnHkuqxnKPJNPoyPJogC +/ASCqYi/x5VNjNUOFy3qkK1u5H52icYN9Fo1GnLUkThQzPMbBf+A07LpCl2Kn7iy +KiCodrVBG4AzfHkS+v8232EixfonSoh1qPVdSQIDAQABAoIBAFSEY1nGWPpWNwWo +cxUO8hFdNWu4yvCyM5FBtkpjghIpcGBek7J6uCUmFp1iVwgBkpGByw5BS5pKHZFw +AJYkc7uUGUutnQ03ni9RusgW1atYPtzO5vbWiz7qFiYqJuYPJP3WsIpcqmvUjWNj +BoxXBfUZAbSHgiD7J5E+y4Vto4njZAGM9atK3AJE8nizIebSPr7Fa7uoWO37t8Mf +on/8tBQ9fJya6+QQJGbXVpuQ+RgOd0PWC819WIYiXVOj8YhQemAR/hKsoe+ADyFX +qHJbRd6CTWNAZsjhZylK/8gtIQLYnvK6RE9V+ibkNadF4i0QF7UVhIrlYoHyeCR9 +weWEIgECgYEAzmn0q/kUdNE33OuIi5EUe9/6TET6OG9L7DtYq3//y/lufTO18dYk +tppptxsXwu3jm2hR5tuFBVO48y2TyO1rLggIJb4GJbPk1EkpQCZd2lUgsZElECW2 +H+g1x8YP77GP8lFCniDhyjIVPjXAtLv4LGO3wizvGc8cnqvK9UlwiGkCgYEAw5IW +5Ch4sRvMlhf3+gQmI7q9ALF1Cr6kurIkQA04pkmShkNrbQx1Dpc7hTGcpTcNj7DD +PP/aj5pT1Vyd4cMYhWCU3edJvyN/CtrWIhzYMIugnXyKwv97BDiqRj5MsH7oX2u0 +5MiGjqWnzjkkKWMvdV6r1F8dSz8n20YtNbg6keECgYEAkAB5clSFwe2H9HbZPs0L +JlSekQD6M87pf7fzZ0oYEZxFSdF+mGXWHRJiuByNmi9OP8gqg00YYxwChpyAYofH +40g1Lud/8GOtO7CCt79McJo9AcQJwFce1OmyQ1nZGlac3udz+09jViVUjp7/ftc4 +DvfOZgflEvNbuxKMuEzw1ikCgYBADqfEz6TIjgxy1SL6F0XOyimCAp4NiOg35oWN +HUeC3/JIW+jh7QSiZNKwC9H9I40jlYg9gKg8BRaUeiOUgOyVM09PZ6R2INBJ4+fj +gIMnU3SmYNaqjDfk6BKNs3Y3ETpXltXHYg8Axi2ylHDNxZkT3pB1nTnhHayWW+QP +BmrYwQKBgQCgGKJVP79a4E3s0O5DOvBiM6mReCVxeHp9URfWKjC4pPeJ5iSE5arh +9BzqBjnbf+RVM1sOLFgg9dFWnlAfj+MWrVe9ayhkwPQt8+6jDHcQvKxYygx0qG6Y +TW7zX7amVWX4IzaneuO5t5nkPe4w29GLW2E+bLHN7QUc9V90RMTSSg== +-----END RSA PRIVATE KEY----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/non-self-signed-root.pem b/chromium/net/data/verify_certificate_chain_unittest/non-self-signed-root.pem index bc2fec46393..b91bb7cd654 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/non-self-signed-root.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/non-self-signed-root.pem @@ -18,30 +18,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:a5:fd:12:f2:87:40:5c:07:a7:7c:a8:7a:2c:2c: - 9e:de:bc:e5:8e:c6:55:90:ce:5d:a9:e6:c8:7d:5a: - 9f:b1:f7:32:b4:90:9c:80:12:a2:43:fa:71:95:54: - 76:45:b3:28:cc:93:05:f1:f4:e9:5d:1d:4e:5d:1a: - a1:ad:a5:4b:4f:50:7a:c2:cd:63:2c:de:5d:54:74: - 09:8b:d2:5b:1f:0e:49:b4:ce:cc:24:f4:9d:f7:ca: - 65:6e:58:02:c0:8d:06:35:81:01:b1:2d:37:07:1e: - 9b:07:fa:a3:12:6b:32:bb:98:f1:41:03:2f:17:b5: - 5a:d3:bd:b0:2a:0c:be:2f:34:29:ba:87:44:a5:d9: - b7:1c:c0:ff:c5:dd:bf:21:78:38:71:ce:7a:54:d1: - 97:d9:aa:86:84:eb:2c:17:bf:61:1b:4b:10:54:a2: - a1:a6:ec:01:04:f8:f3:c8:6c:2f:30:15:e0:da:94: - 49:98:01:de:e6:c4:04:57:bb:f5:6d:09:53:e1:ff: - 76:94:cc:ba:2c:74:70:b7:f9:d4:10:35:8a:b0:8c: - 4c:5b:5f:5c:db:e3:a5:b6:c9:d5:b4:13:7c:17:77: - fd:ac:0d:65:fb:0a:a4:d4:0e:a5:2e:8f:ef:0d:5c: - c1:9b:00:c1:dd:0d:4f:c3:7e:3b:3b:a7:4a:d2:99: - f0:e3 + 00:ca:05:80:6e:cf:1f:63:66:cf:05:e3:dc:51:2c: + 12:41:1f:96:f5:a5:94:96:c5:5e:34:36:bc:90:df: + 85:73:5e:26:ed:f3:12:fb:90:a0:fb:05:b4:8e:05: + 71:07:4c:cc:32:ae:95:89:87:8c:9a:08:22:f0:a1: + 47:da:be:5c:12:c7:18:31:aa:19:61:59:3d:3a:7b: + e9:e9:1a:9f:56:d9:5b:31:b4:3f:bc:ad:da:1c:e9: + 0d:dc:40:5c:4d:5d:8c:5a:ad:78:97:ab:cf:28:fb: + 52:7d:74:6f:d3:27:da:5a:e4:37:7e:1a:56:8b:f3: + 85:55:c5:aa:f8:96:3d:51:52:5f:be:60:47:97:fd: + 82:ef:28:b7:cd:50:64:e2:70:43:7b:1f:5d:f3:9e: + d1:c2:dd:22:a6:08:85:94:e8:80:69:62:67:01:ed: + 12:bb:96:96:83:b4:02:4f:5a:a0:33:63:99:e2:1c: + 88:33:38:fa:b7:20:70:2d:91:e7:ca:27:9b:81:2f: + 29:a6:d6:f0:ea:ec:7b:a4:86:61:56:af:bd:30:26: + 91:e7:d9:18:e9:4e:90:6e:66:ab:1a:48:70:62:9d: + b9:0e:11:fa:49:d5:3c:8c:20:52:9b:b0:6a:71:85: + a5:92:66:22:ea:79:0c:53:b1:66:ab:82:3d:7c:16: + 78:fd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 8E:F7:4C:4C:A6:3A:4A:DA:FB:BE:DE:D3:24:D2:56:B5:3D:55:43:18 + 7F:FE:A1:79:97:34:D7:6D:63:C2:1A:94:43:45:AE:6E:0D:30:5A:18 X509v3 Authority Key Identifier: - keyid:25:1D:DB:44:41:CD:DE:76:AA:96:3B:9B:5B:17:24:39:86:B7:DD:E0 + keyid:1E:C9:1C:45:5F:46:A4:0C:10:15:82:7C:01:23:5B:21:F4:AE:88:D9 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -56,42 +56,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 6e:29:ba:73:d2:ce:13:e8:a8:61:cc:1c:c9:63:c3:e5:62:72: - 3d:bd:19:d9:10:ce:04:5c:b4:1a:0c:52:c6:57:4d:d0:a7:2d: - a7:11:90:78:72:8c:1c:56:4f:e4:be:4e:de:6e:f3:e1:eb:7e: - 9c:05:86:e4:f2:22:69:7b:7d:43:df:4e:a9:11:4d:8a:68:33: - a3:7d:9b:b1:04:9c:c2:bf:d4:9f:78:d9:8f:a5:51:9a:20:8a: - 79:c8:40:49:e4:30:d1:b9:9b:09:5e:3d:5e:93:f5:84:e5:2b: - 9f:1e:56:1c:2d:ef:09:34:8c:db:a0:b6:f0:91:88:91:6b:1f: - 4e:86:11:b6:62:33:63:8b:03:b2:40:d2:b8:28:33:e1:33:5d: - ae:e4:0c:08:4b:ab:05:08:6c:4a:b2:b7:cd:cd:28:7f:4a:5c: - 4c:9d:fa:93:c7:00:fa:47:4e:00:ca:2d:2b:c9:ed:da:e8:33: - 23:b6:98:f1:e5:6f:1b:cc:8b:e2:27:b2:1d:46:53:39:29:45: - 46:1a:50:94:c0:e7:5e:a4:ef:a3:ee:13:7a:81:89:e2:4e:f9: - 5e:1c:e3:ee:fe:d9:6d:7b:85:c6:99:ed:b0:30:d4:ef:16:65: - 1f:37:d9:f9:c1:54:c2:d9:18:3f:e9:89:a3:28:6a:ad:fc:a2: - 01:b8:82:d3 + 2c:07:9b:10:5f:1e:c2:b7:13:67:71:06:b1:d6:46:7d:9c:24: + 01:bf:87:87:98:04:2d:a7:0d:9e:c2:15:f8:c8:a9:56:61:08: + 06:63:b5:1b:c9:9b:ba:63:50:24:63:1f:f4:10:d6:60:aa:23: + c8:72:7a:88:e2:11:22:68:20:b1:c5:e8:22:b0:bc:b7:1d:d5: + 86:1a:71:81:aa:58:ec:6a:aa:56:1a:d8:ac:34:aa:7b:df:d3: + 28:47:cf:86:59:3c:b2:e9:eb:58:68:2b:1e:db:41:b7:da:ab: + 73:38:07:d1:7e:fa:9b:9a:43:a4:57:1c:3a:4d:c3:72:87:de: + f2:00:a2:e3:11:15:3d:9d:58:3e:c1:59:13:ed:3d:32:20:d5: + 84:d4:2b:41:c6:69:10:35:ee:3c:73:93:c5:e4:c9:0e:5c:5b: + ae:00:6c:ae:91:09:2e:69:b2:41:5f:30:61:fc:32:ba:67:c3: + 05:37:36:6b:5d:2a:be:c0:53:67:e2:6f:26:6b:4c:54:6f:0c: + 18:e8:81:94:ea:61:cd:e7:42:8f:8a:a8:83:21:0e:ac:eb:5c: + 87:85:d0:72:72:7d:bd:2f:96:49:93:6b:f6:e2:3f:42:86:c8: + 48:25:32:10:e3:20:fc:93:33:8f:f9:20:92:21:8b:ce:37:d1: + 7f:d9:d6:85 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl/RLy -h0BcB6d8qHosLJ7evOWOxlWQzl2p5sh9Wp+x9zK0kJyAEqJD+nGVVHZFsyjMkwXx -9OldHU5dGqGtpUtPUHrCzWMs3l1UdAmL0lsfDkm0zswk9J33ymVuWALAjQY1gQGx -LTcHHpsH+qMSazK7mPFBAy8XtVrTvbAqDL4vNCm6h0Sl2bccwP/F3b8heDhxznpU -0ZfZqoaE6ywXv2EbSxBUoqGm7AEE+PPIbC8wFeDalEmYAd7mxARXu/VtCVPh/3aU -zLosdHC3+dQQNYqwjExbX1zb46W2ydW0E3wXd/2sDWX7CqTUDqUuj+8NXMGbAMHd -DU/Dfjs7p0rSmfDjAgMBAAGjgekwgeYwHQYDVR0OBBYEFI73TEymOkra+77e0yTS -VrU9VUMYMB8GA1UdIwQYMBaAFCUd20RBzd52qpY7m1sXJDmGt93gMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKBYBu +zx9jZs8F49xRLBJBH5b1pZSWxV40NryQ34VzXibt8xL7kKD7BbSOBXEHTMwyrpWJ +h4yaCCLwoUfavlwSxxgxqhlhWT06e+npGp9W2VsxtD+8rdoc6Q3cQFxNXYxarXiX +q88o+1J9dG/TJ9pa5Dd+GlaL84VVxar4lj1RUl++YEeX/YLvKLfNUGTicEN7H13z +ntHC3SKmCIWU6IBpYmcB7RK7lpaDtAJPWqAzY5niHIgzOPq3IHAtkefKJ5uBLymm +1vDq7HukhmFWr70wJpHn2RjpTpBuZqsaSHBinbkOEfpJ1TyMIFKbsGpxhaWSZiLq +eQxTsWargj18Fnj9AgMBAAGjgekwgeYwHQYDVR0OBBYEFH/+oXmXNNdtY8IalENF +rm4NMFoYMB8GA1UdIwQYMBaAFB7JHEVfRqQMEBWCfAEjWyH0rojZMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAbim6c9LOE+ioYcwcyWPD -5WJyPb0Z2RDOBFy0GgxSxldN0KctpxGQeHKMHFZP5L5O3m7z4et+nAWG5PIiaXt9 -Q99OqRFNimgzo32bsQScwr/Un3jZj6VRmiCKechASeQw0bmbCV49XpP1hOUrnx5W -HC3vCTSM26C28JGIkWsfToYRtmIzY4sDskDSuCgz4TNdruQMCEurBQhsSrK3zc0o -f0pcTJ36k8cA+kdOAMotK8nt2ugzI7aY8eVvG8yL4ieyHUZTOSlFRhpQlMDnXqTv -o+4TeoGJ4k75Xhzj7v7ZbXuFxpntsDDU7xZlHzfZ+cFUwtkYP+mJoyhqrfyiAbiC -0w== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEALAebEF8ewrcTZ3EGsdZG +fZwkAb+Hh5gELacNnsIV+MipVmEIBmO1G8mbumNQJGMf9BDWYKojyHJ6iOIRImgg +scXoIrC8tx3VhhpxgapY7GqqVhrYrDSqe9/TKEfPhlk8sunrWGgrHttBt9qrczgH +0X76m5pDpFccOk3Dcofe8gCi4xEVPZ1YPsFZE+09MiDVhNQrQcZpEDXuPHOTxeTJ +DlxbrgBsrpEJLmmyQV8wYfwyumfDBTc2a10qvsBTZ+JvJmtMVG8MGOiBlOphzedC +j4qogyEOrOtch4XQcnJ9vS+WSZNr9uI/QobISCUyEOMg/JMzj/kgkiGLzjfRf9nW +hQ== -----END CERTIFICATE----- Certificate: @@ -108,30 +108,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:dd:9f:7d:91:ef:30:35:17:fe:58:20:b0:99:23: - d3:ce:e4:f6:b2:05:82:69:5b:4c:e4:94:40:41:ad: - d6:6b:b3:44:08:50:be:9f:b3:f4:26:d6:10:50:52: - e3:a4:71:bd:3d:ed:f0:a8:30:da:21:06:aa:d9:ae: - 62:51:ed:06:c1:6e:f5:e2:23:a8:62:db:04:b7:0f: - 69:84:39:1f:3d:46:28:ae:a0:56:fe:aa:9b:68:0e: - 30:65:6a:38:f8:a6:66:12:78:99:cc:8e:c9:80:15: - ab:5a:66:75:71:42:4d:8c:32:2c:15:a7:6d:c9:51: - c8:d8:88:28:56:03:e4:ab:98:3b:52:d9:01:f0:4d: - 18:71:cf:d3:82:cb:62:af:6c:12:8a:a2:4b:44:c7: - a7:61:fd:d6:34:89:c6:f0:6e:2c:77:fd:cc:93:a9: - 90:5b:85:e7:46:1c:04:41:3d:df:02:79:c3:e6:98: - 66:28:b0:39:9b:59:ce:5e:8c:d1:63:b1:28:a3:05: - a3:79:93:3a:dd:92:8b:d2:07:15:96:61:27:98:ae: - 53:78:3f:da:79:09:01:e7:dc:03:c4:05:8f:e5:52: - b3:bc:d8:8f:6d:0a:89:21:a6:cf:b5:db:1c:65:67: - 4c:5f:5e:33:24:d7:3c:3e:61:ce:9a:4e:6e:e7:a5: - 30:9f + 00:b8:b5:04:1a:b6:ce:13:85:6b:9b:9e:2d:2f:a5: + b4:b5:05:44:72:4b:8b:80:23:1e:0b:1e:1d:30:eb: + c0:f5:c1:a5:17:e6:13:5d:b4:2f:bf:7c:a9:95:38: + cc:88:9a:6e:26:e2:3a:22:68:fe:b1:a3:e4:70:04: + 73:70:78:b7:68:7a:c7:0d:86:c0:ad:3c:a4:ad:83: + a5:00:a8:a3:c2:59:53:3a:77:33:c7:f2:56:15:1b: + 85:7a:2f:b4:44:e1:40:5d:04:9a:ce:0c:4d:5c:33: + 40:4c:68:de:b9:58:48:f1:b6:cc:a4:02:48:86:46: + 66:32:0f:0e:3d:fd:fd:af:df:96:27:b1:60:5b:0d: + be:25:b5:dd:84:ec:f8:9d:da:21:44:95:df:46:16: + 3f:77:69:8e:70:bc:9a:78:ec:45:89:13:0f:be:34: + 7e:00:4d:83:cd:d3:f4:fe:3f:6c:ce:d0:6f:36:64: + 6c:c1:61:dd:c2:68:1d:b9:78:2d:2d:0b:32:96:75: + 3a:d6:a5:d3:3f:2d:55:0e:e7:9e:aa:7d:31:a0:4d: + ac:91:20:1e:46:41:85:3f:03:45:db:8f:98:c2:c2: + b8:7d:e1:f2:e7:b8:6f:a8:cb:b9:d6:7e:8a:29:98: + b3:b3:ed:38:a4:a7:fc:9d:c1:e1:63:68:00:64:a5: + e1:bf Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 25:1D:DB:44:41:CD:DE:76:AA:96:3B:9B:5B:17:24:39:86:B7:DD:E0 + 1E:C9:1C:45:5F:46:A4:0C:10:15:82:7C:01:23:5B:21:F4:AE:88:D9 X509v3 Authority Key Identifier: - keyid:63:A2:D5:4E:83:BA:38:5F:50:C5:93:E5:5C:93:9D:DE:55:08:73:A9 + keyid:91:D7:20:C6:1D:00:21:35:53:7D:FE:50:11:02:DD:E3:40:2B:9A:A8 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -146,41 +146,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - c5:e9:f1:a5:8e:03:ae:78:a2:51:87:0b:ee:26:02:97:5e:31: - 41:72:f2:7c:00:46:1b:45:51:02:03:4e:16:d0:69:61:e9:7e: - aa:fc:5f:5e:6b:63:99:98:c0:cf:36:96:ae:82:56:70:13:33: - 8d:f2:00:7a:b3:50:c7:15:ad:56:1b:ab:1a:6f:27:a4:e1:65: - da:22:4c:11:32:02:23:30:f8:7c:63:4d:c6:3b:5f:5b:55:37: - 82:29:0d:74:ff:49:4c:10:25:60:4b:3f:e8:06:1f:47:67:38: - 26:df:c4:92:d8:c4:9a:c8:bd:e6:1f:b9:52:2e:70:f7:21:48: - 43:6b:f5:40:07:c7:fd:15:51:80:54:c6:c8:74:14:a9:56:bd: - ad:b4:d4:da:a3:1d:b4:c4:91:73:0a:3d:1e:71:e0:97:e2:d4: - 79:8d:00:42:a7:8a:28:a2:2c:49:94:3f:23:e6:66:75:42:88: - 66:e5:98:14:b0:8d:76:d3:80:32:60:e9:05:18:65:ff:c8:4d: - 3b:ea:b3:d1:77:1b:7f:d1:99:c9:b5:58:72:ea:49:d4:31:68: - 28:2d:04:3c:49:99:f0:3a:74:11:91:0e:82:46:84:c7:54:7c: - 0b:9b:1a:64:ea:e3:9c:d4:c2:b9:90:e8:0e:2c:82:8b:2a:e1: - d1:03:32:77 + 49:e9:a6:5e:82:77:77:f3:e2:c5:48:19:73:4e:ce:79:e7:22: + 40:79:6b:83:25:9f:8f:c3:a5:9a:83:55:a1:92:98:89:2e:fc: + d3:85:4c:7f:11:4a:ff:48:f3:6e:af:d3:f5:82:e4:d2:01:94: + 12:56:31:f9:1e:88:a4:90:2a:cb:1c:7f:ce:ca:ab:f7:d6:18: + 3a:03:6e:e7:53:40:ea:d5:02:68:9c:4e:cd:63:9e:a9:7b:f8: + 77:85:ac:03:27:3f:51:0a:8d:db:fb:d1:9e:39:58:0f:99:31: + df:f8:31:9c:19:82:3d:6f:d5:93:7f:a3:60:3e:67:0a:0a:ea: + 8f:c3:2b:40:22:89:46:ea:02:29:ae:2c:e0:45:47:5e:63:49: + 77:d6:17:c6:7d:1f:f1:d6:37:2d:c6:1d:e4:db:9e:b6:64:62: + 99:e6:2b:5c:8b:d5:d7:28:fc:63:cc:ec:ac:f6:44:36:cd:e7: + a5:63:6d:9b:20:74:10:73:35:7c:68:f2:27:3c:10:b6:0c:b2: + 1c:e2:47:90:8c:42:dc:5b:f9:87:3a:bc:32:c6:f7:55:79:c9: + 43:39:ec:25:74:0c:c7:e4:fc:27:48:bf:e2:b0:12:4c:84:0c: + 3f:ac:a8:7f:39:8e:3e:1c:4f:55:4b:b4:90:e5:e5:53:49:cb: + 75:c4:7e:ce -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Z99ke8w -NRf+WCCwmSPTzuT2sgWCaVtM5JRAQa3Wa7NECFC+n7P0JtYQUFLjpHG9Pe3wqDDa -IQaq2a5iUe0GwW714iOoYtsEtw9phDkfPUYorqBW/qqbaA4wZWo4+KZmEniZzI7J -gBWrWmZ1cUJNjDIsFadtyVHI2IgoVgPkq5g7UtkB8E0Ycc/Tgstir2wSiqJLRMen -Yf3WNInG8G4sd/3Mk6mQW4XnRhwEQT3fAnnD5phmKLA5m1nOXozRY7EoowWjeZM6 -3ZKL0gcVlmEnmK5TeD/aeQkB59wDxAWP5VKzvNiPbQqJIabPtdscZWdMX14zJNc8 -PmHOmk5u56UwnwIDAQABo4HLMIHIMB0GA1UdDgQWBBQlHdtEQc3edqqWO5tbFyQ5 -hrfd4DAfBgNVHSMEGDAWgBRjotVOg7o4X1DFk+Vck53eVQhzqTA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLUEGrbO +E4Vrm54tL6W0tQVEckuLgCMeCx4dMOvA9cGlF+YTXbQvv3yplTjMiJpuJuI6Imj+ +saPkcARzcHi3aHrHDYbArTykrYOlAKijwllTOnczx/JWFRuFei+0ROFAXQSazgxN +XDNATGjeuVhI8bbMpAJIhkZmMg8OPf39r9+WJ7FgWw2+JbXdhOz4ndohRJXfRhY/ +d2mOcLyaeOxFiRMPvjR+AE2DzdP0/j9sztBvNmRswWHdwmgduXgtLQsylnU61qXT +Py1VDueeqn0xoE2skSAeRkGFPwNF24+YwsK4feHy57hvqMu51n6KKZizs+04pKf8 +ncHhY2gAZKXhvwIDAQABo4HLMIHIMB0GA1UdDgQWBBQeyRxFX0akDBAVgnwBI1sh +9K6I2TAfBgNVHSMEGDAWgBSR1yDGHQAhNVN9/lARAt3jQCuaqDA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AMXp8aWOA654olGHC+4mApdeMUFy8nwARhtFUQIDThbQaWHpfqr8X15rY5mYwM82 -lq6CVnATM43yAHqzUMcVrVYbqxpvJ6ThZdoiTBEyAiMw+HxjTcY7X1tVN4IpDXT/ -SUwQJWBLP+gGH0dnOCbfxJLYxJrIveYfuVIucPchSENr9UAHx/0VUYBUxsh0FKlW -va201NqjHbTEkXMKPR5x4Jfi1HmNAEKniiiiLEmUPyPmZnVCiGblmBSwjXbTgDJg -6QUYZf/ITTvqs9F3G3/Rmcm1WHLqSdQxaCgtBDxJmfA6dBGRDoJGhMdUfAubGmTq -45zUwrmQ6A4sgosq4dEDMnc= +AEnppl6Cd3fz4sVIGXNOznnnIkB5a4Mln4/DpZqDVaGSmIku/NOFTH8RSv9I826v +0/WC5NIBlBJWMfkeiKSQKsscf87Kq/fWGDoDbudTQOrVAmicTs1jnql7+HeFrAMn +P1EKjdv70Z45WA+ZMd/4MZwZgj1v1ZN/o2A+ZwoK6o/DK0AiiUbqAimuLOBFR15j +SXfWF8Z9H/HWNy3GHeTbnrZkYpnmK1yL1dco/GPM7Kz2RDbN56VjbZsgdBBzNXxo +8ic8ELYMshziR5CMQtxb+Yc6vDLG91V5yUM57CV0DMfk/CdIv+KwEkyEDD+sqH85 +jj4cT1VLtJDl5VNJy3XEfs4= -----END CERTIFICATE----- Certificate: @@ -197,30 +197,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:d4:fa:c0:4f:fa:75:57:2e:07:a4:26:6d:43:48: - a2:47:06:03:dd:a3:f2:10:d1:66:21:4f:fa:28:42: - b9:4f:c1:f5:4c:fa:dc:ad:92:30:50:2a:ce:ac:db: - 05:cd:c2:19:26:b8:de:46:0e:ec:14:9b:27:92:71: - bd:e9:a5:28:55:eb:27:71:dc:ff:d7:2b:ea:ed:f0: - 5b:e3:38:bc:35:f8:7b:ec:5d:ba:67:8d:d8:8a:95: - bb:a2:01:32:3e:a6:d2:d3:a2:c7:70:f5:7c:fb:53: - 6f:b8:11:48:af:0c:a0:60:87:98:43:87:ff:d2:c2: - 18:b5:50:67:18:ee:06:8f:80:ff:4b:02:c6:c3:01: - 34:e2:7e:fa:60:62:23:2c:8a:68:ae:5a:0f:ad:1a: - 52:1f:7f:58:ae:9a:50:6e:fb:c7:53:1a:b6:b7:92: - 5d:ba:65:53:4c:73:b4:ed:c5:b5:b4:3a:f6:cb:79: - b3:87:f9:69:ac:29:e5:e4:bb:54:89:bf:45:bf:0c: - b9:83:6c:31:3e:a5:6e:7d:50:f1:68:f8:3d:ca:c2: - 3f:9f:5c:61:35:21:bc:6a:a2:77:2c:53:22:71:2e: - 96:70:f9:c2:c3:f6:3a:8c:3a:a4:00:f9:55:d4:01: - 6e:be:fc:f9:9a:2b:78:7e:3c:25:e9:09:87:47:5e: - a5:4d + 00:bb:fa:87:39:cb:43:d9:24:e9:2c:54:cd:18:ea: + b8:87:ec:2f:d3:57:e3:9c:23:be:94:3c:26:41:db: + 61:40:b8:ad:07:53:f1:69:c5:b4:2c:6a:ad:de:e5: + 4a:bd:e3:0f:77:c4:59:fa:ee:d5:3a:1a:93:ca:cd: + b1:22:2a:24:42:5a:01:42:e8:57:74:f9:89:56:f8: + c1:13:f6:c9:42:9b:45:7b:ff:b7:aa:c1:1f:1b:e8: + 02:24:12:97:0d:84:b9:62:70:83:93:72:cd:9b:1a: + 26:27:92:34:46:51:c5:b7:c7:4a:b4:7a:8a:84:98: + e2:f7:90:4d:cc:cf:3d:ee:85:91:8d:75:60:38:0c: + e5:0b:00:e6:fe:e9:c3:19:64:3f:2d:c8:14:f1:d9: + a9:76:05:54:a8:5a:9e:64:56:ed:60:43:c5:98:db: + 7a:ae:da:2c:56:cb:87:00:6f:3d:83:3b:a3:5c:f5: + 55:0d:6c:ab:ed:68:c1:b8:1d:a5:d0:77:1d:b7:e6: + 52:ef:2c:75:3a:98:ec:51:6f:15:5f:64:82:f6:d1: + 90:bd:ee:01:28:e5:89:0e:01:ee:54:07:1d:0e:7a: + f0:82:9c:cc:c1:c5:4a:f6:a9:58:33:c5:cc:a3:86: + 17:72:19:92:2c:ae:6a:46:a8:a8:25:2a:cf:ba:70: + c1:89 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 63:A2:D5:4E:83:BA:38:5F:50:C5:93:E5:5C:93:9D:DE:55:08:73:A9 + 91:D7:20:C6:1D:00:21:35:53:7D:FE:50:11:02:DD:E3:40:2B:9A:A8 X509v3 Authority Key Identifier: - keyid:F9:8A:EA:DF:3D:59:DD:70:5F:B5:B8:D5:24:99:76:02:DC:6E:30:8F + keyid:85:C5:B6:72:29:30:56:96:1B:80:37:79:29:18:A2:BD:48:F9:9E:4A Authority Information Access: CA Issuers - URI:http://url-for-aia/ShadowRoot.cer @@ -235,41 +235,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - ce:fc:9e:82:80:f8:42:20:0d:93:e5:35:7d:8b:44:89:7b:dd: - a6:2b:dd:69:ee:16:da:2c:98:76:31:ae:7e:b3:c2:30:e5:9d: - 6b:be:11:48:70:d8:bd:d6:01:22:93:c7:14:da:0f:46:2f:98: - e7:b1:0b:33:10:75:77:3e:3a:e4:ba:ee:10:98:bd:b3:0a:34: - f7:85:09:d2:73:d4:7f:61:e1:5d:e4:eb:d6:7b:c6:f3:a9:a0: - 4d:15:46:f9:de:c5:31:10:5b:87:c4:58:99:51:64:7e:0b:31: - 22:73:ca:54:34:bd:e6:30:44:0a:59:01:ba:1a:7a:e6:83:76: - 3c:5e:8b:d4:06:72:b6:a8:62:07:eb:01:97:02:2d:69:95:4a: - 2b:77:27:a3:30:e5:22:7d:96:81:c9:ba:90:22:f4:fe:6c:bc: - a2:eb:96:81:4c:1a:83:4f:af:9e:21:77:5e:68:87:f3:eb:f8: - 10:7d:38:00:9b:83:0c:2d:9f:7f:b8:93:23:c4:f4:b2:77:c7: - cf:1d:bb:12:e4:30:f3:bb:5c:ec:82:1c:47:bf:31:93:93:b2: - a0:6f:f8:d2:ec:67:7e:95:4e:f5:eb:d4:64:c5:32:2c:0f:b4: - 6c:e4:64:ef:b5:a5:07:cf:f8:b2:f1:c9:67:10:e6:1a:0d:a3: - 9c:44:65:6e + 2a:d9:cc:29:76:55:6c:f9:a8:95:82:27:a6:33:b1:77:30:fb: + 4b:16:5f:29:98:c5:36:6a:b9:7f:e0:4f:8a:f2:7a:28:99:15: + c3:b8:5a:75:cc:47:c6:c1:f0:20:8b:54:3e:06:fe:ac:28:e5: + 38:0e:5b:b6:f2:31:e1:ca:fc:6e:19:3d:6f:61:76:2b:cd:35: + a8:86:ac:56:c4:c2:5b:b2:f4:3a:81:99:86:ef:da:fb:33:ac: + a6:19:e6:0e:92:53:25:1f:5f:b0:17:8e:46:55:56:6f:8e:31: + f6:2e:52:5b:56:96:e3:99:15:91:8b:dc:2b:5c:a6:91:23:ad: + a5:85:e2:0f:68:7e:6d:17:47:4b:30:12:82:cb:16:fd:63:58: + 52:c7:a7:5c:b5:a3:f1:b8:8b:09:3c:f1:32:90:1e:5c:2c:15: + c3:32:cb:27:8d:bc:96:43:5f:5f:32:e1:f9:15:61:ea:d1:7f: + 32:4d:b5:17:44:f8:00:d9:59:ab:d3:0e:5c:02:79:06:a3:27: + 00:40:e0:82:77:4a:78:e1:ff:60:83:d5:aa:a0:86:62:56:f0: + 8c:fa:7f:a2:2b:f3:e5:88:f3:f3:6c:f4:6c:f9:5b:08:90:bb: + 83:f8:12:da:1c:59:63:ad:4a:4d:12:22:d3:e3:69:6e:47:d9: + 67:84:68:78 -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDdzCCAl+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApTaGFk b3dSb290MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UE -AwwEUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANT6wE/6dVcu -B6QmbUNIokcGA92j8hDRZiFP+ihCuU/B9Uz63K2SMFAqzqzbBc3CGSa43kYO7BSb -J5JxvemlKFXrJ3Hc/9cr6u3wW+M4vDX4e+xdumeN2IqVu6IBMj6m0tOix3D1fPtT -b7gRSK8MoGCHmEOH/9LCGLVQZxjuBo+A/0sCxsMBNOJ++mBiIyyKaK5aD60aUh9/ -WK6aUG77x1MatreSXbplU0xztO3FtbQ69st5s4f5aawp5eS7VIm/Rb8MuYNsMT6l -bn1Q8Wj4PcrCP59cYTUhvGqidyxTInEulnD5wsP2Oow6pAD5VdQBbr78+ZoreH48 -JekJh0depU0CAwEAAaOB1zCB1DAdBgNVHQ4EFgQUY6LVToO6OF9QxZPlXJOd3lUI -c6kwHwYDVR0jBBgwFoAU+Yrq3z1Z3XBftbjVJJl2AtxuMI8wPQYIKwYBBQUHAQEE +AwwEUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALv6hznLQ9kk +6SxUzRjquIfsL9NX45wjvpQ8JkHbYUC4rQdT8WnFtCxqrd7lSr3jD3fEWfru1Toa +k8rNsSIqJEJaAULoV3T5iVb4wRP2yUKbRXv/t6rBHxvoAiQSlw2EuWJwg5NyzZsa +JieSNEZRxbfHSrR6ioSY4veQTczPPe6FkY11YDgM5QsA5v7pwxlkPy3IFPHZqXYF +VKhanmRW7WBDxZjbeq7aLFbLhwBvPYM7o1z1VQ1sq+1owbgdpdB3HbfmUu8sdTqY +7FFvFV9kgvbRkL3uASjliQ4B7lQHHQ568IKczMHFSvapWDPFzKOGF3IZkiyuakao +qCUqz7pwwYkCAwEAAaOB1zCB1DAdBgNVHQ4EFgQUkdcgxh0AITVTff5QEQLd40Ar +mqgwHwYDVR0jBBgwFoAUhcW2cikwVpYbgDd5KRiivUj5nkowPQYIKwYBBQUHAQEE MTAvMC0GCCsGAQUFBzAChiFodHRwOi8vdXJsLWZvci1haWEvU2hhZG93Um9vdC5j ZXIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL3VybC1mb3ItY3JsL1NoYWRvd1Jv b3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 -DQEBCwUAA4IBAQDO/J6CgPhCIA2T5TV9i0SJe92mK91p7hbaLJh2Ma5+s8Iw5Z1r -vhFIcNi91gEik8cU2g9GL5jnsQszEHV3Pjrkuu4QmL2zCjT3hQnSc9R/YeFd5OvW -e8bzqaBNFUb53sUxEFuHxFiZUWR+CzEic8pUNL3mMEQKWQG6Gnrmg3Y8XovUBnK2 -qGIH6wGXAi1plUordyejMOUifZaBybqQIvT+bLyi65aBTBqDT6+eIXdeaIfz6/gQ -fTgAm4MMLZ9/uJMjxPSyd8fPHbsS5DDzu1zsghxHvzGTk7Kgb/jS7Gd+lU7169Rk -xTIsD7Rs5GTvtaUHz/iy8clnEOYaDaOcRGVu +DQEBCwUAA4IBAQAq2cwpdlVs+aiVgiemM7F3MPtLFl8pmMU2arl/4E+K8noomRXD +uFp1zEfGwfAgi1Q+Bv6sKOU4Dlu28jHhyvxuGT1vYXYrzTWohqxWxMJbsvQ6gZmG +79r7M6ymGeYOklMlH1+wF45GVVZvjjH2LlJbVpbjmRWRi9wrXKaRI62lheIPaH5t +F0dLMBKCyxb9Y1hSx6dctaPxuIsJPPEykB5cLBXDMssnjbyWQ19fMuH5FWHq0X8y +TbUXRPgA2Vmr0w5cAnkGoycAQOCCd0p44f9gg9WqoIZiVvCM+n+iK/PliPPzbPRs ++VsIkLuD+BLaHFljrUpNEiLT42luR9lnhGh4 -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -281,3 +281,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/rebase-errors.py b/chromium/net/data/verify_certificate_chain_unittest/rebase-errors.py index 537052afd6f..8640e18fc3b 100755 --- a/chromium/net/data/verify_certificate_chain_unittest/rebase-errors.py +++ b/chromium/net/data/verify_certificate_chain_unittest/rebase-errors.py @@ -15,7 +15,7 @@ To use this run the affected tests, and then pass the input to this script net/data/verify_certificate_chain_unittest/rebase-errors.py The script works by scanning the stdout looking for gtest failures when -comparing "errors.ToDebugString()". The C++ test side should have been +comparing "errors.ToDebugString(chain)". The C++ test side should have been instrumented to dump out the test file's path on mismatch. This script will then update the corresponding file(s) -- a .pem file, and @@ -33,7 +33,7 @@ import re # * Group 2 of the match is file path (relative to //src) where the expected # errors were read from. failed_test_regex = re.compile(r""" -Value of: errors.ToDebugString\(\) +Value of: errors.ToDebugString\((?:test.chain)?\) Actual: "(.*)" (?:.|\n)+? Test file: (.*) diff --git a/chromium/net/data/verify_certificate_chain_unittest/target-and-intermediate.pem b/chromium/net/data/verify_certificate_chain_unittest/target-and-intermediate.pem index 5fbfbccb98a..f375653c271 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/target-and-intermediate.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/target-and-intermediate.pem @@ -17,30 +17,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:99:a4:c0:d4:dd:a9:aa:60:8b:ae:df:d6:20:ae: - b9:f2:f2:ae:44:0e:1f:13:9c:cc:bb:03:81:36:91: - 75:72:b4:f8:36:61:2b:7d:70:a9:da:e5:35:7e:e5: - 39:a6:fa:da:45:37:fd:77:04:af:21:c3:43:c4:15: - 9e:07:a1:4e:19:04:66:e7:bf:ae:76:b1:95:8a:9b: - b8:79:12:b7:ca:d3:ec:72:16:4b:47:08:89:1f:d5: - 5d:cf:e2:a6:1e:c3:c9:28:54:41:f6:68:e4:01:a9: - df:4a:f1:ab:d5:45:26:1a:4e:f9:f7:11:1e:c2:43: - 52:d9:2e:95:52:35:71:dc:6a:eb:56:ee:81:73:6a: - 86:5b:bd:4f:a6:8f:4b:b3:4e:35:06:d5:35:8a:aa: - d5:f7:bd:6a:e1:79:6a:61:37:dc:a8:06:d9:5a:31: - ea:3b:2e:8c:8f:de:1e:47:02:c7:ca:27:00:b9:49: - 7b:29:c4:f4:82:f2:bc:58:52:bb:f2:36:1c:10:4f: - a7:93:fa:46:d0:92:80:15:e7:b9:da:1d:70:21:2b: - 9c:47:9c:17:5a:26:2d:94:8a:ce:ae:ba:ac:cb:31: - 96:a9:e8:9e:51:73:4f:8c:bf:8c:57:d8:c8:61:0e: - c0:45:09:e4:56:a0:47:f9:df:97:af:9c:76:63:54: - c6:9b + 00:ca:19:b1:9d:8f:85:f5:a4:a8:8a:0d:d3:7f:f3: + 67:67:b1:d1:db:3d:69:8c:fa:bb:53:58:28:50:14: + 2f:06:aa:7e:f5:c6:06:4d:7d:76:9f:ee:33:d8:c8: + 6c:16:e8:65:df:d0:c0:9a:62:49:60:2a:d9:53:b6: + 6d:c6:27:32:13:58:b2:c3:64:63:61:bf:6b:40:ea: + 24:9c:a6:15:ae:2b:38:e7:70:58:12:46:92:5f:a5: + 70:6c:ea:50:3c:7b:9b:33:50:54:93:a4:9c:41:e0: + 40:7e:18:87:8a:52:d5:1d:66:f3:f0:f7:54:3f:55: + 61:f5:66:1c:a6:0d:73:57:a3:78:1a:4c:99:7d:77: + e0:aa:c5:c5:5e:49:21:35:4e:47:3d:61:7d:43:9b: + e0:94:28:b7:65:4d:cf:7e:52:2c:2a:b3:93:94:8b: + 0f:04:f6:45:20:83:97:b7:a4:dd:ef:8d:1f:c7:c5: + 29:d4:55:9f:a3:90:38:14:46:f6:7e:13:9e:99:6d: + 41:b0:c4:00:69:58:e6:7f:ac:a5:0a:e4:ad:c8:e3: + c1:a1:2a:a1:77:83:e9:f0:d1:c2:5b:48:10:33:59: + 4e:8d:0e:d7:01:0a:3c:11:e0:bf:cf:e8:2f:47:4b: + f6:d6:95:4d:c0:73:a7:b5:21:a4:0a:98:dc:fa:9b: + 0d:87 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 05:BE:F6:16:F8:E7:6A:1B:E6:6D:6D:5A:A4:AF:01:89:8B:98:88:E3 + 4A:80:F9:C0:2F:58:C5:F9:EB:98:BA:65:70:D0:81:0A:DA:16:C3:E0 X509v3 Authority Key Identifier: - keyid:6E:35:75:BC:3A:85:BC:B6:F7:B8:01:75:BD:9E:A8:36:8D:1E:C7:D9 + keyid:F3:3D:8D:B6:D6:56:60:17:BC:E3:79:08:BF:E8:D0:61:78:8E:0C:00 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -55,42 +55,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - a4:7d:30:26:06:98:4b:33:c7:b7:84:04:cb:1b:1f:29:1c:b4: - 44:6e:6f:b2:5e:40:ce:e9:5d:e5:3d:ed:5c:a4:34:67:08:c0: - 10:55:f3:c8:90:43:65:d9:fc:b9:64:43:1a:fc:cb:6c:3f:fc: - 2a:48:87:60:6b:95:a6:4f:d6:6f:ac:e3:39:19:54:5d:96:6b: - 80:15:db:e3:9f:84:90:4d:23:b1:74:f2:f8:d1:4e:8e:6b:05: - 2c:28:94:05:03:90:04:98:08:e3:73:34:b6:05:1e:8e:b0:52: - 33:cf:41:ff:99:cd:26:70:12:b1:0a:5c:c7:ed:d3:87:be:fa: - f1:24:34:42:22:35:a0:e5:7c:ef:18:b8:61:ce:a1:0a:99:7a: - 2d:3f:b9:48:36:a2:3c:5e:70:e4:36:32:a2:9d:1d:3a:37:fa: - bf:e4:b4:89:0d:48:e7:9d:f5:9f:48:13:ec:6a:8b:e6:b3:3f: - 23:f7:94:b1:2d:cf:b4:26:f4:1b:b5:01:3b:92:bb:63:4e:d6: - ee:ed:c0:2e:77:53:5b:3e:a5:8c:c6:b9:40:67:bb:cd:67:65: - 6b:41:46:7e:90:f9:2a:a7:5f:09:92:37:13:23:19:2d:66:cb: - 73:7e:a3:42:dd:da:ed:f6:08:8a:8a:97:ef:4b:f7:5d:22:81: - 82:95:87:7c + 40:c4:b6:8f:38:86:b6:cb:12:8a:a8:d7:6a:0d:ba:c4:cd:9c: + 5c:fb:e5:d7:aa:e2:b2:cb:45:2c:6e:ba:8f:fc:cb:fd:46:65: + da:db:b2:db:6c:1b:33:94:b3:22:af:48:3d:e4:12:f9:95:aa: + 77:f8:ee:c7:94:8c:e9:f7:38:a4:d7:0e:32:77:ca:58:86:6e: + 81:7f:57:b0:a0:a9:40:8a:ef:57:0a:36:09:7c:e9:7a:93:d7: + 62:70:68:fb:02:8a:03:40:7d:9b:00:58:e0:ac:31:9b:a4:e7: + a6:a1:ea:bf:93:47:b6:46:37:6d:84:a6:87:ec:cf:48:de:b8: + 17:ef:4b:8a:6f:02:0f:8a:4f:b0:28:1d:58:6f:16:da:72:97: + 3f:e3:a4:75:bc:7f:bb:a9:ff:65:c4:6f:5f:a0:a1:df:b6:67: + 82:82:26:95:9e:43:72:c8:b0:63:b5:67:21:1b:59:5c:2e:72: + 62:26:a5:c6:74:c6:07:ec:2b:30:ef:44:cb:b8:11:2d:2c:03: + ba:60:c3:c2:c6:8d:21:f6:93:30:da:a4:0b:b7:0f:55:5a:2f: + e7:14:76:7b:da:9f:f9:5b:1c:3c:06:d2:53:81:bb:23:60:05: + d2:a8:d1:3c:e8:5f:73:43:c4:f1:c6:47:73:5d:a6:af:b0:c7: + 18:ac:b4:d6 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZpMDU -3amqYIuu39Ygrrny8q5EDh8TnMy7A4E2kXVytPg2YSt9cKna5TV+5Tmm+tpFN/13 -BK8hw0PEFZ4HoU4ZBGbnv652sZWKm7h5ErfK0+xyFktHCIkf1V3P4qYew8koVEH2 -aOQBqd9K8avVRSYaTvn3ER7CQ1LZLpVSNXHcautW7oFzaoZbvU+mj0uzTjUG1TWK -qtX3vWrheWphN9yoBtlaMeo7LoyP3h5HAsfKJwC5SXspxPSC8rxYUrvyNhwQT6eT -+kbQkoAV57naHXAhK5xHnBdaJi2Uis6uuqzLMZap6J5Rc0+Mv4xX2MhhDsBFCeRW -oEf535evnHZjVMabAgMBAAGjgekwgeYwHQYDVR0OBBYEFAW+9hb452ob5m1tWqSv -AYmLmIjjMB8GA1UdIwQYMBaAFG41dbw6hby297gBdb2eqDaNHsfZMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKGbGd +j4X1pKiKDdN/82dnsdHbPWmM+rtTWChQFC8Gqn71xgZNfXaf7jPYyGwW6GXf0MCa +YklgKtlTtm3GJzITWLLDZGNhv2tA6iScphWuKzjncFgSRpJfpXBs6lA8e5szUFST +pJxB4EB+GIeKUtUdZvPw91Q/VWH1ZhymDXNXo3gaTJl9d+CqxcVeSSE1Tkc9YX1D +m+CUKLdlTc9+Uiwqs5OUiw8E9kUgg5e3pN3vjR/HxSnUVZ+jkDgURvZ+E56ZbUGw +xABpWOZ/rKUK5K3I48GhKqF3g+nw0cJbSBAzWU6NDtcBCjwR4L/P6C9HS/bWlU3A +c6e1IaQKmNz6mw2HAgMBAAGjgekwgeYwHQYDVR0OBBYEFEqA+cAvWMX565i6ZXDQ +gQraFsPgMB8GA1UdIwQYMBaAFPM9jbbWVmAXvON5CL/o0GF4jgwAMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEApH0wJgaYSzPHt4QEyxsf -KRy0RG5vsl5Azuld5T3tXKQ0ZwjAEFXzyJBDZdn8uWRDGvzLbD/8KkiHYGuVpk/W -b6zjORlUXZZrgBXb45+EkE0jsXTy+NFOjmsFLCiUBQOQBJgI43M0tgUejrBSM89B -/5nNJnASsQpcx+3Th7768SQ0QiI1oOV87xi4Yc6hCpl6LT+5SDaiPF5w5DYyop0d -Ojf6v+S0iQ1I5531n0gT7GqL5rM/I/eUsS3PtCb0G7UBO5K7Y07W7u3ALndTWz6l -jMa5QGe7zWdla0FGfpD5KqdfCZI3EyMZLWbLc36jQt3a7fYIioqX70v3XSKBgpWH -fA== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAQMS2jziGtssSiqjXag26 +xM2cXPvl16risstFLG66j/zL/UZl2tuy22wbM5SzIq9IPeQS+ZWqd/jux5SM6fc4 +pNcOMnfKWIZugX9XsKCpQIrvVwo2CXzpepPXYnBo+wKKA0B9mwBY4Kwxm6TnpqHq +v5NHtkY3bYSmh+zPSN64F+9Lim8CD4pPsCgdWG8W2nKXP+Okdbx/u6n/ZcRvX6Ch +37ZngoImlZ5DcsiwY7VnIRtZXC5yYialxnTGB+wrMO9Ey7gRLSwDumDDwsaNIfaT +MNqkC7cPVVov5xR2e9qf+VscPAbSU4G7I2AF0qjRPOhfc0PE8cZHc12mr7DHGKy0 +1g== -----END CERTIFICATE----- Certificate: @@ -107,30 +107,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:d2:ee:b5:26:40:84:3d:98:ee:bc:3e:62:1a:09: - 5e:53:b1:72:28:f6:70:c0:a1:08:65:6f:54:24:4c: - fc:bf:fe:14:25:fa:5d:a5:17:f1:00:64:b3:33:6f: - 09:3a:0f:cc:25:87:f6:20:e4:f4:49:f3:5a:5d:a4: - d5:02:e7:db:20:c9:66:b4:cf:44:4d:58:4b:48:13: - 7b:83:60:14:28:f7:5a:5b:f8:f5:34:40:81:32:bd: - d2:8c:34:4f:d6:5d:5f:65:dd:74:56:7a:07:7a:82: - c3:0b:42:d5:cb:09:30:76:41:6e:08:28:ad:0c:27: - 51:9c:86:e1:fe:e8:85:68:aa:59:d0:f8:39:c2:59: - 6e:95:90:de:c9:f8:df:77:5e:56:3f:d5:9d:f8:09: - 29:ed:7c:cc:92:e7:c3:40:27:76:fc:08:4f:ae:98: - c9:7c:95:43:05:cc:1f:f5:b2:0b:51:ec:09:cd:22: - 3d:7e:e4:5a:b9:4f:86:62:76:d7:c0:42:23:bb:97: - e1:b3:ae:af:9d:56:89:00:68:01:b0:cb:11:cc:f4: - ea:cd:1e:7d:32:81:d9:93:20:00:22:ed:31:78:3c: - 62:de:73:3f:1d:38:17:4e:04:a2:58:45:36:26:95: - 93:ab:36:f1:54:01:81:b1:c2:70:f5:06:17:47:40: - 0e:fb + 00:bc:ef:ca:8a:95:3f:19:1b:19:eb:4e:fe:3d:fe: + 02:be:20:db:89:a3:06:b7:99:d8:af:c7:9a:a9:4d: + b8:82:5d:6a:06:66:fd:4d:b0:c9:f6:07:27:96:bd: + 31:1c:77:f4:04:ba:fe:d4:25:46:02:9a:8a:88:bd: + e7:c3:dc:61:0a:78:26:db:b6:9e:ff:43:cd:ed:ea: + c0:67:f0:3d:e3:f5:d9:5a:ec:db:ac:ef:06:2d:6e: + 37:fc:8d:c5:d3:a0:b0:d4:60:4e:0d:f8:ab:fa:68: + 1a:36:2b:ce:bb:91:14:3b:0e:16:1c:0b:c9:c4:46: + e7:c2:1a:86:cc:ad:07:68:eb:cb:6e:93:37:cc:1a: + cc:59:de:9a:12:ec:3c:0f:eb:bf:8c:f7:76:0f:7e: + f5:89:f9:85:0c:21:95:af:ac:3c:a2:9d:9e:ba:d3: + 06:aa:50:2d:25:c0:02:a8:a5:97:cf:7a:b3:ad:78: + c5:30:95:be:ce:0a:26:bd:4f:e2:5f:51:c6:f0:b9: + a1:bd:24:32:07:0d:b7:1b:2c:b2:ec:c8:c8:ef:77: + 8f:ab:6f:e9:e2:66:d9:30:02:49:96:11:16:ed:e2: + e8:85:cd:48:d6:a9:b1:20:02:95:ff:1b:79:9d:6b: + 21:6b:bd:d3:27:94:19:67:b1:9f:aa:06:d6:8c:69: + 11:33 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 6E:35:75:BC:3A:85:BC:B6:F7:B8:01:75:BD:9E:A8:36:8D:1E:C7:D9 + F3:3D:8D:B6:D6:56:60:17:BC:E3:79:08:BF:E8:D0:61:78:8E:0C:00 X509v3 Authority Key Identifier: - keyid:4F:DE:F3:E5:5E:F5:98:0D:CA:3A:20:2B:E9:C8:B4:5D:D0:1D:86:BF + keyid:EE:92:48:AE:86:AC:68:E4:9E:C1:3D:D4:4C:34:B2:DF:8A:5D:FF:8C Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -145,41 +145,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 10:e4:01:2e:8b:a4:ea:e0:cc:ac:c2:57:68:b7:97:98:e2:57: - d6:ff:e2:70:d9:de:bd:7e:44:59:da:3c:cc:1e:62:5d:a8:77: - 70:b5:fc:4c:21:50:b1:5f:4d:d8:dc:18:bf:d7:1e:40:fa:11: - 8e:40:e6:b8:38:87:a3:10:ed:97:93:ae:a6:7f:6c:cf:75:43: - e1:88:b9:84:b3:f3:73:05:fb:24:de:2b:f1:20:65:3f:70:25: - 87:4d:e0:66:73:ca:29:52:60:88:e9:e3:5f:cc:2b:83:1c:b3: - 8c:4d:12:7b:35:70:fd:d1:1a:08:85:94:77:39:3c:b0:c5:d7: - 7e:a5:71:f3:ca:a7:98:30:69:62:f6:96:d4:f9:30:07:aa:56: - da:ba:16:fc:1b:57:24:a0:f1:84:e2:4a:a2:97:a4:a1:82:05: - 1a:02:c7:41:2f:98:c8:e5:27:b4:85:98:72:d0:a0:e1:b5:c1: - 57:ab:aa:6b:71:79:d0:4d:91:68:18:25:f8:b4:b7:cb:1d:0c: - 74:6a:77:66:48:3f:24:b0:92:d9:22:6f:6e:54:b7:f8:8c:21: - 57:0e:a9:cc:52:ff:56:2e:42:fa:08:2e:fe:29:3c:f1:86:8b: - 74:88:68:82:3f:16:2d:06:12:57:a6:e2:b1:b7:1b:5d:3a:a1: - 75:c7:24:d7 + 22:28:99:1c:11:76:10:41:80:31:0d:0d:02:b1:56:c6:c1:de: + 9c:1c:e4:74:25:f4:ab:76:6d:f5:3b:39:e7:46:e4:26:8d:0f: + ad:c8:ac:f4:e3:e3:a6:77:b7:33:38:40:96:65:b9:73:04:28: + 3e:2f:8d:4b:75:76:8e:20:aa:4a:2c:68:c1:bd:11:1a:fe:67: + 55:6b:f2:a3:fa:58:ec:b4:c7:3c:67:49:57:65:f4:b7:bd:82: + be:c2:c8:d5:df:fd:a4:8c:c8:c3:4f:9b:3f:59:49:dc:53:5e: + a2:8f:1a:75:9f:24:93:d6:02:0e:0e:f0:6a:74:d5:e8:89:2a: + 9f:f0:77:cf:63:0d:a7:ca:4f:ec:71:1f:b6:a3:dd:ea:d1:83: + 73:d7:1b:d7:61:b1:ed:ec:e2:2a:6d:d9:57:d6:43:f9:09:e8: + 2c:1e:a2:f8:8a:98:77:b9:3f:e5:5f:1a:79:b6:46:fe:c5:06: + 2c:19:9e:7d:0b:91:ce:c8:df:30:da:3f:46:37:e2:a0:f4:b9: + f4:c5:b8:d9:c3:84:7f:88:68:1b:41:fd:4f:d1:cd:55:15:c8: + bb:5a:d1:03:ff:5b:27:c6:e5:6e:74:49:3e:a1:3c:4e:74:19: + b5:fe:62:dc:82:08:08:e5:4e:17:fb:88:93:82:d9:79:d7:67: + 7b:94:ee:cd -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0u61JkCE -PZjuvD5iGgleU7FyKPZwwKEIZW9UJEz8v/4UJfpdpRfxAGSzM28JOg/MJYf2IOT0 -SfNaXaTVAufbIMlmtM9ETVhLSBN7g2AUKPdaW/j1NECBMr3SjDRP1l1fZd10VnoH -eoLDC0LVywkwdkFuCCitDCdRnIbh/uiFaKpZ0Pg5wllulZDeyfjfd15WP9Wd+Akp -7XzMkufDQCd2/AhPrpjJfJVDBcwf9bILUewJzSI9fuRauU+GYnbXwEIju5fhs66v -nVaJAGgBsMsRzPTqzR59MoHZkyAAIu0xeDxi3nM/HTgXTgSiWEU2JpWTqzbxVAGB -scJw9QYXR0AO+wIDAQABo4HLMIHIMB0GA1UdDgQWBBRuNXW8OoW8tve4AXW9nqg2 -jR7H2TAfBgNVHSMEGDAWgBRP3vPlXvWYDco6ICvpyLRd0B2GvzA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvO/KipU/ +GRsZ607+Pf4CviDbiaMGt5nYr8eaqU24gl1qBmb9TbDJ9gcnlr0xHHf0BLr+1CVG +ApqKiL3nw9xhCngm27ae/0PN7erAZ/A94/XZWuzbrO8GLW43/I3F06Cw1GBODfir ++mgaNivOu5EUOw4WHAvJxEbnwhqGzK0HaOvLbpM3zBrMWd6aEuw8D+u/jPd2D371 +ifmFDCGVr6w8op2eutMGqlAtJcACqKWXz3qzrXjFMJW+zgomvU/iX1HG8LmhvSQy +Bw23Gyyy7MjI73ePq2/p4mbZMAJJlhEW7eLohc1I1qmxIAKV/xt5nWsha73TJ5QZ +Z7GfqgbWjGkRMwIDAQABo4HLMIHIMB0GA1UdDgQWBBTzPY221lZgF7zjeQi/6NBh +eI4MADAfBgNVHSMEGDAWgBTukkiuhqxo5J7BPdRMNLLfil3/jDA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -ABDkAS6LpOrgzKzCV2i3l5jiV9b/4nDZ3r1+RFnaPMweYl2od3C1/EwhULFfTdjc -GL/XHkD6EY5A5rg4h6MQ7ZeTrqZ/bM91Q+GIuYSz83MF+yTeK/EgZT9wJYdN4GZz -yilSYIjp41/MK4Mcs4xNEns1cP3RGgiFlHc5PLDF136lcfPKp5gwaWL2ltT5MAeq -Vtq6FvwbVySg8YTiSqKXpKGCBRoCx0EvmMjlJ7SFmHLQoOG1wVerqmtxedBNkWgY -Jfi0t8sdDHRqd2ZIPySwktkib25Ut/iMIVcOqcxS/1YuQvoILv4pPPGGi3SIaII/ -Fi0GElem4rG3G106oXXHJNc= +ACIomRwRdhBBgDENDQKxVsbB3pwc5HQl9Kt2bfU7OedG5CaND63IrPTj46Z3tzM4 +QJZluXMEKD4vjUt1do4gqkosaMG9ERr+Z1Vr8qP6WOy0xzxnSVdl9Le9gr7CyNXf +/aSMyMNPmz9ZSdxTXqKPGnWfJJPWAg4O8Gp01eiJKp/wd89jDafKT+xxH7aj3erR +g3PXG9dhse3s4ipt2VfWQ/kJ6CweoviKmHe5P+VfGnm2Rv7FBiwZnn0Lkc7I3zDa +P0Y34qD0ufTFuNnDhH+IaBtB/U/RzVUVyLta0QP/WyfG5W50ST6hPE50GbX+YtyC +CAjlThf7iJOC2XnXZ3uU7s0= -----END CERTIFICATE----- Certificate: @@ -196,30 +196,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ba:0d:d2:51:af:0c:48:94:37:cf:ea:83:8f:d6: - 39:b5:c9:58:fe:59:5b:e5:61:b6:21:98:86:16:a0: - 85:e6:cd:c8:21:81:65:4c:65:97:55:72:76:2f:c6: - 0d:25:f8:c8:28:9f:20:d1:56:4c:06:99:ff:6d:0f: - 24:d3:92:f1:31:25:5a:13:6c:be:4b:19:6a:65:af: - 2f:32:be:a9:0f:f8:9b:6d:6f:10:7c:e9:24:61:4d: - fe:ba:e9:b5:b4:54:5e:82:f7:02:7a:e2:e2:d7:53: - 6a:69:f4:9a:41:27:0f:50:dc:64:a1:47:84:53:3f: - f1:38:cd:80:a3:5a:2b:dd:96:81:8a:ea:e3:94:72: - f7:aa:f8:2f:cc:a9:d0:9e:36:9f:56:0c:45:ec:dd: - 6a:05:52:85:60:99:d7:94:9f:76:7e:1d:8f:3f:50: - fb:33:bc:ca:f8:10:2e:db:15:b2:49:57:d8:f4:59: - fa:73:3b:03:32:86:a7:f1:46:a1:62:ac:67:10:73: - 70:51:07:ff:d2:04:33:d8:7c:e2:a8:ff:8e:53:24: - e8:e4:96:da:fb:d1:ea:2f:9c:a9:b5:8f:c5:50:fb: - 90:67:b1:8c:5b:8d:f7:5f:af:da:a4:fa:3c:fb:4f: - 05:bf:56:4c:dd:d6:6e:43:54:fd:f4:a0:c9:13:93: - 55:07 + 00:9b:9e:4a:8e:cd:47:0e:a6:2f:17:ad:24:c7:d6: + c7:40:5f:ba:90:b2:2c:4b:57:5c:3e:f2:de:80:f6: + fd:f2:28:12:9c:92:63:4a:11:c6:bb:74:d7:ad:ec: + 3e:9d:1a:7f:0a:30:98:df:1f:a2:98:11:a6:60:6f: + 69:5f:dd:28:35:06:39:b6:e2:91:df:59:be:07:c5: + 52:57:84:a4:ae:cb:5b:9b:b3:aa:56:77:fd:00:1a: + 55:96:00:27:12:6e:d1:f6:35:ff:a3:fa:b6:0b:0e: + 2a:46:75:6b:58:27:a6:a1:43:ba:37:74:1d:28:1a: + 3d:bf:e6:f2:10:bf:2c:ce:24:67:03:4e:4e:fc:aa: + 51:22:25:f8:e5:75:5c:c3:ad:da:03:56:b4:1b:8a: + 6f:26:e5:c8:ef:43:a9:d7:81:8b:0f:b1:8b:d6:cd: + 11:e9:4c:0c:cb:a2:ab:fa:34:2a:13:aa:a4:db:83: + 9c:d8:a6:45:ec:f5:fa:d0:cd:b0:6b:7a:1b:0e:ca: + d3:31:4b:cb:53:f1:5c:82:8c:96:f7:ca:b6:40:53: + d0:24:67:27:1a:8d:1a:f7:65:c9:a1:fc:f9:f4:85: + 3c:51:3c:fc:56:87:18:bf:a3:d5:dd:de:8e:e6:3b: + 67:29:e9:fd:4b:4f:ba:1a:ff:d7:ec:f1:da:bd:56: + 48:2b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 4F:DE:F3:E5:5E:F5:98:0D:CA:3A:20:2B:E9:C8:B4:5D:D0:1D:86:BF + EE:92:48:AE:86:AC:68:E4:9E:C1:3D:D4:4C:34:B2:DF:8A:5D:FF:8C X509v3 Authority Key Identifier: - keyid:4F:DE:F3:E5:5E:F5:98:0D:CA:3A:20:2B:E9:C8:B4:5D:D0:1D:86:BF + keyid:EE:92:48:AE:86:AC:68:E4:9E:C1:3D:D4:4C:34:B2:DF:8A:5D:FF:8C Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -234,41 +234,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 75:4e:86:e1:25:9e:a8:7b:0e:65:db:bb:ca:49:e3:0c:70:df: - 07:bd:1a:83:d8:48:e1:b7:0b:39:ed:da:61:a0:98:1d:de:9b: - 5f:66:a6:33:79:43:46:1b:7d:bf:b4:e4:37:8c:96:5e:89:a8: - 8f:92:04:0f:c5:e4:0d:81:a3:76:98:c1:b0:b2:70:70:11:f6: - 8e:34:3a:82:ae:6b:7d:e9:ff:b4:58:85:20:b0:85:fc:86:89: - 40:08:62:e5:0f:34:83:82:90:da:2a:59:e4:53:53:ee:61:ac: - 46:51:ab:cb:81:1d:c1:f7:f0:c2:64:55:b9:fd:2a:67:44:3a: - 6a:af:f9:c2:55:c8:35:e6:8b:3a:d1:06:82:8f:14:ee:f1:11: - 25:db:a2:98:cc:be:bd:63:21:65:77:6e:6a:f8:d1:7e:a1:c6: - df:48:0e:74:0d:e3:03:51:ff:f9:98:92:3c:f8:36:75:90:5e: - 09:6c:7f:3f:c1:5e:40:03:72:de:ab:ed:6f:bb:fe:f7:9d:14: - 92:5c:69:13:ba:cf:7a:d8:4b:f1:29:04:6e:bc:5f:c9:8e:52: - b6:db:58:41:bb:8d:32:e7:5b:4b:74:bf:4c:8d:ec:07:0b:7d: - 3c:d6:2f:4d:27:11:31:15:6f:38:0d:ba:2a:53:76:2a:47:e6: - 32:52:df:ea + 2d:46:10:72:ec:6d:1b:da:aa:63:8d:04:da:79:c9:c7:dc:47: + 3a:9b:d3:42:b1:b4:2f:32:c1:15:2d:fb:e3:58:b2:39:ad:3e: + 90:cf:12:cc:ee:89:c6:5a:2a:cc:7d:d4:24:e8:f6:cd:9f:16: + f2:be:97:f9:e9:f7:aa:50:8d:48:03:4c:93:26:20:12:50:a6: + 8a:fc:b7:0a:11:53:e9:de:0d:63:c6:fe:af:66:e6:5f:87:38: + 7a:33:e6:48:a8:c8:67:24:61:3d:05:30:a4:d8:03:fc:12:11: + ce:c0:67:2f:d9:7e:56:62:e7:ac:46:40:3d:67:6c:f3:68:54: + 30:03:08:08:43:ba:1d:80:83:74:c4:f0:2b:3d:ad:d8:aa:e3: + 8f:90:94:2d:18:6f:2e:8c:51:64:d4:87:f2:5c:4b:cd:5c:59: + 8a:58:bd:27:28:c8:9c:cc:1f:a6:9f:9c:1c:79:d6:e5:12:54: + a4:65:51:50:71:50:c4:c1:d3:2d:58:56:25:23:a9:93:8c:54: + 2b:23:24:71:7b:70:96:6a:60:4c:0d:9c:6f:70:b6:22:23:b7: + b4:b1:e1:0c:73:29:f2:32:86:76:13:dc:13:0e:32:9a:ef:07: + 6f:c4:f8:ab:58:16:68:47:36:25:4e:9c:52:09:38:12:31:b7: + 2c:be:5a:08 -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALoN0lGvDEiUN8/qg4/W -ObXJWP5ZW+VhtiGYhhaghebNyCGBZUxll1Vydi/GDSX4yCifINFWTAaZ/20PJNOS -8TElWhNsvksZamWvLzK+qQ/4m21vEHzpJGFN/rrptbRUXoL3Anri4tdTamn0mkEn -D1DcZKFHhFM/8TjNgKNaK92WgYrq45Ry96r4L8yp0J42n1YMRezdagVShWCZ15Sf -dn4djz9Q+zO8yvgQLtsVsklX2PRZ+nM7AzKGp/FGoWKsZxBzcFEH/9IEM9h84qj/ -jlMk6OSW2vvR6i+cqbWPxVD7kGexjFuN91+v2qT6PPtPBb9WTN3WbkNU/fSgyROT -VQcCAwEAAaOByzCByDAdBgNVHQ4EFgQUT97z5V71mA3KOiAr6ci0XdAdhr8wHwYD -VR0jBBgwFoAUT97z5V71mA3KOiAr6ci0XdAdhr8wNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJueSo7NRw6mLxetJMfW +x0BfupCyLEtXXD7y3oD2/fIoEpySY0oRxrt0163sPp0afwowmN8fopgRpmBvaV/d +KDUGObbikd9ZvgfFUleEpK7LW5uzqlZ3/QAaVZYAJxJu0fY1/6P6tgsOKkZ1a1gn +pqFDujd0HSgaPb/m8hC/LM4kZwNOTvyqUSIl+OV1XMOt2gNWtBuKbyblyO9DqdeB +iw+xi9bNEelMDMuiq/o0KhOqpNuDnNimRez1+tDNsGt6Gw7K0zFLy1PxXIKMlvfK +tkBT0CRnJxqNGvdlyaH8+fSFPFE8/FaHGL+j1d3ejuY7Zynp/UtPuhr/1+zx2r1W +SCsCAwEAAaOByzCByDAdBgNVHQ4EFgQU7pJIroasaOSewT3UTDSy34pd/4wwHwYD +VR0jBBgwFoAU7pJIroasaOSewT3UTDSy34pd/4wwNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB1TobhJZ6o -ew5l27vKSeMMcN8HvRqD2Ejhtws57dphoJgd3ptfZqYzeUNGG32/tOQ3jJZeiaiP -kgQPxeQNgaN2mMGwsnBwEfaONDqCrmt96f+0WIUgsIX8holACGLlDzSDgpDaKlnk -U1PuYaxGUavLgR3B9/DCZFW5/SpnRDpqr/nCVcg15os60QaCjxTu8REl26KYzL69 -YyFld25q+NF+ocbfSA50DeMDUf/5mJI8+DZ1kF4JbH8/wV5AA3Leq+1vu/73nRSS -XGkTus962EvxKQRuvF/JjlK221hBu40y51tLdL9MjewHC3081i9NJxExFW84Dboq -U3YqR+YyUt/q +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAtRhBy7G0b +2qpjjQTaecnH3Ec6m9NCsbQvMsEVLfvjWLI5rT6QzxLM7onGWirMfdQk6PbNnxby +vpf56feqUI1IA0yTJiASUKaK/LcKEVPp3g1jxv6vZuZfhzh6M+ZIqMhnJGE9BTCk +2AP8EhHOwGcv2X5WYuesRkA9Z2zzaFQwAwgIQ7odgIN0xPArPa3YquOPkJQtGG8u +jFFk1IfyXEvNXFmKWL0nKMiczB+mn5wcedblElSkZVFQcVDEwdMtWFYlI6mTjFQr +IyRxe3CWamBMDZxvcLYiI7e0seEMcynyMoZ2E9wTDjKa7wdvxPirWBZoRzYlTpxS +CTgSMbcsvloI -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -280,3 +280,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca.pem b/chromium/net/data/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca.pem index 019d3042794..6de49f466be 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca.pem @@ -19,30 +19,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:aa:e6:1b:b4:96:49:1d:88:99:c3:be:30:44:ed: - 2a:6e:80:18:66:5a:66:26:44:14:8f:1a:1d:69:81: - 8b:44:fb:ee:76:a1:c6:6d:e1:c1:ad:50:aa:99:a2: - d5:ce:ac:f4:86:04:93:02:d9:33:aa:24:ef:36:ef: - 5c:93:9a:69:00:45:95:c3:82:37:67:df:25:3e:ea: - dc:d0:fb:08:7f:89:aa:ad:df:a6:b6:c8:09:a3:74: - dc:17:12:b4:03:7d:7d:86:7d:57:1e:ff:d2:16:f7: - 9f:85:79:6e:5c:01:e3:cf:64:9d:55:e1:77:2c:43: - 89:30:d1:eb:d0:2e:68:e6:d1:c1:2a:92:58:c8:e2: - 9b:95:be:f6:d0:42:2d:38:fe:c8:17:a3:cf:37:76: - af:b1:0e:32:a5:6d:58:c9:de:4b:f4:2f:fa:8c:e4: - 9c:c6:1c:88:7c:55:01:4b:48:81:b0:0f:4f:19:f7: - fa:12:e7:9e:27:27:85:47:e6:b8:07:d9:59:a3:9a: - ac:3f:7d:a6:14:16:c8:8b:8d:70:d7:7b:fa:46:d4: - 32:fc:50:c7:83:82:e3:18:69:a5:a4:56:df:24:a3: - c5:7d:d5:f3:24:a4:67:22:4c:c8:b6:93:c2:05:fc: - 01:1b:ae:9d:a4:76:f4:bb:d6:b6:a9:32:2c:3a:fe: - 91:93 + 00:d5:97:4d:ce:b9:89:7b:00:4f:e4:1f:f6:b0:1d: + 26:7d:c5:42:70:21:40:3a:a6:f9:07:5b:11:c6:fb: + 0f:8e:79:46:78:ad:34:71:46:b4:fa:96:75:06:c8: + 3e:c7:e9:1a:ae:f0:47:7f:4b:53:4a:f2:46:83:89: + 92:b0:11:11:0c:04:7c:33:e1:4b:7e:b5:b5:b2:54: + a7:28:64:31:7b:e2:5c:4a:00:30:3f:8c:21:e0:61: + f6:15:e8:20:03:bf:ce:d3:b4:ec:6e:27:88:fb:a9: + b0:9a:73:79:26:46:55:a3:05:ac:25:ba:6f:24:3c: + 17:7d:17:6c:25:ad:14:68:0b:fd:a6:d6:5f:5a:9a: + 4a:9d:6d:86:e5:77:b9:50:9c:40:2b:40:af:1d:92: + 4e:22:7a:c1:eb:57:17:16:4d:fa:12:e3:8c:25:8e: + 8d:4b:74:4f:3e:67:cd:84:2a:63:46:43:3c:45:7f: + ad:bc:dd:5c:00:46:7e:25:36:43:d9:98:15:a1:f4: + f6:29:5d:54:9d:20:b8:b6:e1:4c:e3:f1:3c:91:47: + 9d:eb:d7:f8:a2:f1:c5:f8:bc:7b:bf:bd:40:38:39: + 01:3b:98:33:12:d9:de:c6:f9:eb:4b:e3:82:8e:98: + 4b:28:1b:cd:ba:22:d5:b3:02:12:fc:40:86:ec:3e: + e7:51 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 55:B5:67:E4:CD:8D:51:AD:5E:A2:25:B0:94:40:72:52:F4:17:24:4E + 1B:6F:D1:A8:67:1C:5F:A0:86:1B:FF:7B:E0:F4:72:33:CF:7C:F0:26 X509v3 Authority Key Identifier: - keyid:71:AE:42:1C:8C:C1:FB:35:F7:C0:9F:63:95:A7:7B:4F:9D:8E:D2:7A + keyid:B2:C0:C2:33:FD:8F:F5:37:4B:52:85:82:DD:31:5D:CE:A2:99:71:D0 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -57,42 +57,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 25:e8:87:e7:07:ba:bd:47:c3:dd:5a:3c:29:bc:af:cb:fb:cd: - c6:55:e6:9c:7b:cd:0e:8f:1a:0a:e4:cb:06:db:42:44:02:e5: - 37:6e:1a:a3:7d:23:96:c6:b2:67:cb:5a:1e:71:a1:e3:4f:15: - 80:7f:a1:0d:59:60:b0:6f:c9:ab:0f:ef:20:d3:c2:45:e0:99: - aa:7e:e1:b7:31:dc:4b:b2:16:78:c5:06:27:a8:5e:c5:7b:3b: - dc:81:81:0d:eb:31:13:d5:4b:23:2e:4e:2c:86:fd:ce:58:96: - b5:cc:33:80:5c:7b:8a:ce:74:97:aa:df:fc:7c:1e:42:7d:12: - 58:bb:84:0f:2d:30:7c:a9:0c:1e:5c:c4:c6:ce:2b:c0:9d:bb: - 7d:c2:51:04:5d:70:c3:63:43:59:57:40:e4:69:52:be:72:79: - b4:c5:74:51:30:af:9c:30:8e:33:89:be:69:69:4a:01:03:07: - d9:df:8b:0c:69:ff:cc:57:45:7c:c6:23:e5:4a:1f:19:94:19: - 25:9d:eb:87:04:51:06:ba:9c:6b:72:da:2b:05:ef:72:21:e9: - 95:5e:61:83:6a:7a:b6:30:f8:97:a1:99:dd:12:ea:47:50:ee: - 26:02:3b:81:94:a8:19:29:a7:ad:b6:7c:28:10:53:09:53:a4: - 61:74:57:ed + 2d:a5:c3:f3:14:08:9d:6d:dd:87:aa:77:68:85:02:9e:9c:8e: + 71:4f:d2:c8:aa:fd:37:2e:b3:a4:14:16:38:92:cf:e6:31:3d: + 98:f5:08:dd:f7:b1:2b:2c:59:b1:b9:21:85:16:fc:6b:20:75: + eb:bc:c8:88:e5:94:49:68:89:b3:5f:6b:d3:bd:77:b6:0e:1d: + cf:89:31:11:80:8f:a8:2d:e4:61:12:53:bc:91:a3:1c:31:7f: + dd:db:1f:c5:d9:9a:0b:14:49:f1:f0:57:3a:9f:88:76:ee:b5: + 13:fd:86:ab:db:75:a0:50:c7:39:c4:8e:8f:0c:54:76:c8:52: + 12:75:22:c1:5f:91:1e:dc:79:63:74:19:f8:2a:e8:a8:c1:bd: + c1:9d:a7:8b:4a:47:d5:de:0c:60:40:08:c4:a2:2e:47:39:0f: + 8c:24:d5:b2:a4:b4:2d:4f:66:59:ef:dc:85:b7:74:91:54:d3: + d6:64:ba:97:6b:2b:0b:4c:90:a0:2b:f6:d4:6a:66:e0:78:2e: + 91:c7:e9:9e:ae:1b:8f:07:41:d9:f8:ce:e0:d7:f8:7f:76:8c: + df:62:11:59:b7:7e:7d:83:80:7d:a6:6e:e7:5b:4f:56:84:c8: + e9:be:3c:d4:27:a1:79:48:34:2d:da:1c:5a:43:54:29:8b:5b: + 13:03:3d:59 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq5hu0 -lkkdiJnDvjBE7SpugBhmWmYmRBSPGh1pgYtE++52ocZt4cGtUKqZotXOrPSGBJMC -2TOqJO8271yTmmkARZXDgjdn3yU+6tzQ+wh/iaqt36a2yAmjdNwXErQDfX2GfVce -/9IW95+FeW5cAePPZJ1V4XcsQ4kw0evQLmjm0cEqkljI4puVvvbQQi04/sgXo883 -dq+xDjKlbVjJ3kv0L/qM5JzGHIh8VQFLSIGwD08Z9/oS554nJ4VH5rgH2Vmjmqw/ -faYUFsiLjXDXe/pG1DL8UMeDguMYaaWkVt8ko8V91fMkpGciTMi2k8IF/AEbrp2k -dvS71rapMiw6/pGTAgMBAAGjgekwgeYwHQYDVR0OBBYEFFW1Z+TNjVGtXqIlsJRA -clL0FyROMB8GA1UdIwQYMBaAFHGuQhyMwfs198CfY5Wne0+djtJ6MD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVl03O +uYl7AE/kH/awHSZ9xUJwIUA6pvkHWxHG+w+OeUZ4rTRxRrT6lnUGyD7H6Rqu8Ed/ +S1NK8kaDiZKwEREMBHwz4Ut+tbWyVKcoZDF74lxKADA/jCHgYfYV6CADv87TtOxu +J4j7qbCac3kmRlWjBawlum8kPBd9F2wlrRRoC/2m1l9amkqdbYbld7lQnEArQK8d +kk4iesHrVxcWTfoS44wljo1LdE8+Z82EKmNGQzxFf6283VwARn4lNkPZmBWh9PYp +XVSdILi24Uzj8TyRR53r1/ii8cX4vHu/vUA4OQE7mDMS2d7G+etL44KOmEsoG826 +ItWzAhL8QIbsPudRAgMBAAGjgekwgeYwHQYDVR0OBBYEFBtv0ahnHF+ghhv/e+D0 +cjPPfPAmMB8GA1UdIwQYMBaAFLLAwjP9j/U3S1KFgt0xXc6imXHQMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAJeiH5we6vUfD3Vo8Kbyv -y/vNxlXmnHvNDo8aCuTLBttCRALlN24ao30jlsayZ8taHnGh408VgH+hDVlgsG/J -qw/vINPCReCZqn7htzHcS7IWeMUGJ6hexXs73IGBDesxE9VLIy5OLIb9zliWtcwz -gFx7is50l6rf/HweQn0SWLuEDy0wfKkMHlzExs4rwJ27fcJRBF1ww2NDWVdA5GlS -vnJ5tMV0UTCvnDCOM4m+aWlKAQMH2d+LDGn/zFdFfMYj5UofGZQZJZ3rhwRRBrqc -a3LaKwXvciHplV5hg2p6tjD4l6GZ3RLqR1DuJgI7gZSoGSmnrbZ8KBBTCVOkYXRX -7Q== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEALaXD8xQInW3dh6p3aIUC +npyOcU/SyKr9Ny6zpBQWOJLP5jE9mPUI3fexKyxZsbkhhRb8ayB167zIiOWUSWiJ +s19r0713tg4dz4kxEYCPqC3kYRJTvJGjHDF/3dsfxdmaCxRJ8fBXOp+Idu61E/2G +q9t1oFDHOcSOjwxUdshSEnUiwV+RHtx5Y3QZ+CroqMG9wZ2ni0pH1d4MYEAIxKIu +RzkPjCTVsqS0LU9mWe/chbd0kVTT1mS6l2srC0yQoCv21Gpm4Hgukcfpnq4bjwdB +2fjO4Nf4f3aM32IRWbd+fYOAfaZu51tPVoTI6b481CeheUg0LdocWkNUKYtbEwM9 +WQ== -----END CERTIFICATE----- Certificate: @@ -109,30 +109,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c4:8f:d1:37:69:c5:65:2a:c8:df:6e:82:4d:1a: - ea:2c:59:9d:43:07:8b:d1:c3:01:3a:1d:7a:9f:81: - ad:b8:fb:10:35:ae:84:80:07:69:5b:47:eb:af:1c: - 7b:43:21:f3:3c:13:8a:3b:62:c0:20:fa:96:06:9b: - 50:04:82:05:c2:7a:e3:53:d1:34:ab:2e:94:a9:6b: - 5f:6c:a9:66:0d:df:d0:73:79:f0:bd:ac:9c:99:68: - e7:1c:25:6f:c6:68:36:07:99:57:23:17:a8:8e:4e: - 8c:b9:41:ef:25:7e:92:3d:08:8a:82:c2:de:fe:a3: - cc:05:ed:b5:8b:b8:2f:09:eb:87:29:4d:55:f1:4e: - ee:3a:91:54:dc:6f:6a:9e:d8:17:2a:3a:46:00:65: - f4:4d:ae:26:35:72:97:06:41:ef:4e:bd:af:83:ec: - 9b:e2:96:24:61:2b:88:71:77:a7:e8:cf:2e:3e:79: - 5b:a2:33:11:94:aa:e7:65:6b:06:a2:4e:94:c8:d7: - 56:0f:cc:12:b9:9c:c1:b5:f6:bf:2a:a0:f8:b1:74: - 34:54:0e:cb:f0:87:87:f6:93:3f:f4:5f:10:81:90: - 78:51:ae:41:19:6e:c9:89:8c:9d:d9:85:64:18:de: - e5:d6:8c:a8:5a:4b:60:b0:44:5f:7a:1e:f4:d1:5b: - 94:97 + 00:c6:14:bf:96:32:0d:cf:bb:58:2a:b4:3c:97:e5: + 6c:22:92:ff:d3:14:e2:b9:0b:c9:fe:0d:09:d0:c6: + b5:48:ed:e0:2a:25:04:2e:16:08:6b:55:da:d1:f3: + b1:c1:1a:49:85:33:f4:bb:7c:d6:38:45:c8:af:4d: + d4:a9:43:a7:56:cf:9c:40:a5:2b:b8:13:7f:ee:6b: + fe:98:3b:ed:74:2a:5e:c7:9f:7c:e0:73:6c:a7:c4: + d8:f1:e3:55:79:6c:02:7c:b4:e8:3f:1a:93:57:62: + 3a:86:5b:24:db:70:f2:fd:94:91:95:6b:68:72:73: + 31:44:a5:36:32:e6:77:37:bb:e1:cb:6d:b5:aa:20: + 3a:02:7e:ff:44:6d:79:e4:7d:e6:d3:72:92:e9:59: + 92:57:ff:be:e8:e2:d9:84:47:f8:a9:f6:11:ee:cf: + 5b:7f:92:d8:19:44:7f:96:40:52:19:09:80:af:2f: + 36:65:14:9a:fe:ef:aa:aa:c9:00:fb:ac:d3:87:59: + 14:ab:69:52:4c:4f:87:0f:74:49:ab:c5:f2:fb:73: + 23:c0:91:c9:93:82:6f:28:8d:23:f9:2d:f3:92:cc: + f5:68:20:86:0d:37:35:d7:46:da:dd:4a:fc:92:3b: + 32:a2:67:ba:f5:b3:49:13:76:e9:5e:78:a0:86:3e: + de:2d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 71:AE:42:1C:8C:C1:FB:35:F7:C0:9F:63:95:A7:7B:4F:9D:8E:D2:7A + B2:C0:C2:33:FD:8F:F5:37:4B:52:85:82:DD:31:5D:CE:A2:99:71:D0 X509v3 Authority Key Identifier: - keyid:F7:A4:4C:CA:BB:81:7B:10:63:6B:CC:BC:73:ED:C6:1C:56:55:40:1C + keyid:24:DB:B4:DE:3E:3F:AA:1D:B0:57:7A:1D:7C:CD:86:E9:6B:D0:15:6F Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -147,41 +147,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 7b:29:bd:b8:c7:76:7f:09:90:d3:5d:e7:20:9e:f6:a0:bd:dc: - a1:cb:7c:c8:c8:17:d5:80:81:79:6a:88:e5:e8:c8:e3:56:37: - 60:3f:9c:2a:14:86:fe:e0:79:2f:d6:ec:67:51:d4:d8:65:9d: - ce:3b:59:b6:42:06:7b:c8:2a:79:7f:40:2f:ed:fb:50:d3:78: - 9e:99:fe:1d:fe:a1:4f:1d:58:c9:2d:b4:75:72:3f:6a:7a:db: - 2e:7b:81:3b:00:3f:e4:95:47:63:42:90:fd:25:ba:db:53:0a: - 01:37:28:78:7d:c6:cf:54:5e:2b:94:88:79:bb:4c:f7:06:e3: - 7a:be:44:29:c3:2e:17:ea:61:c4:8f:16:f0:b6:e0:60:fe:19: - 08:48:fd:a8:bf:95:ef:e5:32:1c:cf:e5:59:6b:04:1d:4c:6d: - ea:9b:4d:b4:f9:14:c2:00:a3:32:d6:1b:54:00:5a:17:29:8f: - 85:0c:eb:ed:41:70:6f:52:f8:37:92:ed:2b:ae:8c:b8:e4:51: - aa:68:62:12:9b:97:62:1a:5b:27:46:b5:5f:8c:0e:c9:93:15: - d7:d8:85:99:67:56:ef:31:4a:55:1f:67:7c:09:fc:03:c9:a0: - 67:b8:ed:32:d7:c0:0b:bd:b6:47:b9:50:78:f2:0a:ec:1d:bd: - d5:e9:06:b3 + a3:2e:22:99:3d:6c:10:66:97:a5:f8:1c:3a:65:f7:2e:c4:df: + 26:a9:b2:7a:33:5e:74:b3:76:27:b8:c4:db:7a:96:fb:e4:e8: + 33:05:7d:49:36:64:6d:f5:64:ae:a9:71:e5:d1:ac:17:9a:e6: + 77:a2:3b:c1:08:f7:70:15:f2:20:f3:26:10:12:33:b9:0b:ed: + 1e:49:01:3f:da:54:e9:1c:29:db:e9:9f:38:dc:94:8a:b5:a3: + 7d:e6:2a:97:e1:75:8e:84:8e:2b:ae:91:ba:5b:26:9c:ce:28: + 0a:1d:99:c1:30:0f:ac:80:e8:41:2b:13:5e:af:a0:60:30:9b: + 1d:9d:68:8b:e6:d3:d4:54:f7:3e:eb:bb:1e:e9:8b:47:3b:22: + bc:61:da:99:d9:8e:4e:7c:ea:a4:5e:61:6a:4e:55:2c:76:94: + 83:d1:07:08:45:b8:9c:30:ed:74:f7:49:3b:7a:d6:f0:21:ee: + 38:7d:11:56:00:4e:ae:bb:a9:36:e4:71:bc:8b:7a:a1:ee:6d: + e3:e4:5f:83:2e:0e:f8:fd:00:df:11:f5:78:5b:f0:64:0c:b6: + 8e:d8:ee:73:6d:32:8e:ad:47:d3:db:c4:32:83:09:c5:9e:35: + c6:54:1c:45:fd:08:f5:83:65:11:48:d8:d5:f6:54:12:ef:53: + 90:4e:ac:38 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxI/RN2nF -ZSrI326CTRrqLFmdQweL0cMBOh16n4GtuPsQNa6EgAdpW0frrxx7QyHzPBOKO2LA -IPqWBptQBIIFwnrjU9E0qy6UqWtfbKlmDd/Qc3nwvaycmWjnHCVvxmg2B5lXIxeo -jk6MuUHvJX6SPQiKgsLe/qPMBe21i7gvCeuHKU1V8U7uOpFU3G9qntgXKjpGAGX0 -Ta4mNXKXBkHvTr2vg+yb4pYkYSuIcXen6M8uPnlbojMRlKrnZWsGok6UyNdWD8wS -uZzBtfa/KqD4sXQ0VA7L8IeH9pM/9F8QgZB4Ua5BGW7JiYyd2YVkGN7l1oyoWktg -sERfeh700VuUlwIDAQABo4HLMIHIMB0GA1UdDgQWBBRxrkIcjMH7NffAn2OVp3tP -nY7SejAfBgNVHSMEGDAWgBT3pEzKu4F7EGNrzLxz7cYcVlVAHDA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhS/ljIN +z7tYKrQ8l+VsIpL/0xTiuQvJ/g0J0Ma1SO3gKiUELhYIa1Xa0fOxwRpJhTP0u3zW +OEXIr03UqUOnVs+cQKUruBN/7mv+mDvtdCpex5984HNsp8TY8eNVeWwCfLToPxqT +V2I6hlsk23Dy/ZSRlWtocnMxRKU2MuZ3N7vhy221qiA6An7/RG155H3m03KS6VmS +V/++6OLZhEf4qfYR7s9bf5LYGUR/lkBSGQmAry82ZRSa/u+qqskA+6zTh1kUq2lS +TE+HD3RJq8Xy+3MjwJHJk4JvKI0j+S3zksz1aCCGDTc110ba3Ur8kjsyome69bNJ +E3bpXnighj7eLQIDAQABo4HLMIHIMB0GA1UdDgQWBBSywMIz/Y/1N0tShYLdMV3O +oplx0DAfBgNVHSMEGDAWgBQk27TePj+qHbBXeh18zYbpa9AVbzA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AHspvbjHdn8JkNNd5yCe9qC93KHLfMjIF9WAgXlqiOXoyONWN2A/nCoUhv7geS/W -7GdR1Nhlnc47WbZCBnvIKnl/QC/t+1DTeJ6Z/h3+oU8dWMkttHVyP2p62y57gTsA -P+SVR2NCkP0luttTCgE3KHh9xs9UXiuUiHm7TPcG43q+RCnDLhfqYcSPFvC24GD+ -GQhI/ai/le/lMhzP5VlrBB1MbeqbTbT5FMIAozLWG1QAWhcpj4UM6+1BcG9S+DeS -7SuujLjkUapoYhKbl2IaWydGtV+MDsmTFdfYhZlnVu8xSlUfZ3wJ/APJoGe47TLX -wAu9tke5UHjyCuwdvdXpBrM= +AKMuIpk9bBBml6X4HDpl9y7E3yapsnozXnSzdie4xNt6lvvk6DMFfUk2ZG31ZK6p +ceXRrBea5neiO8EI93AV8iDzJhASM7kL7R5JAT/aVOkcKdvpnzjclIq1o33mKpfh +dY6EjiuukbpbJpzOKAodmcEwD6yA6EErE16voGAwmx2daIvm09RU9z7rux7pi0c7 +Irxh2pnZjk586qReYWpOVSx2lIPRBwhFuJww7XT3STt61vAh7jh9EVYATq67qTbk +cbyLeqHubePkX4MuDvj9AN8R9Xhb8GQMto7Y7nNtMo6tR9PbxDKDCcWeNcZUHEX9 +CPWDZRFI2NX2VBLvU5BOrDg= -----END CERTIFICATE----- Certificate: @@ -198,30 +198,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:cd:6b:8f:1c:b6:4c:54:b3:0d:f7:e0:b8:5a:a6: - d3:cc:0b:63:89:cb:3a:5a:87:3c:39:65:aa:63:32: - 79:fe:5c:67:f6:00:8c:32:b6:75:01:2f:7b:45:d3: - a4:53:f4:7a:47:7e:2d:ca:5a:d2:22:eb:22:8c:02: - e3:c1:91:ad:71:f8:67:43:62:8f:f1:60:17:77:ea: - a3:d6:78:64:b2:58:c2:fd:20:e0:a2:06:d5:18:a8: - 36:9e:2e:b0:97:20:c7:72:a4:51:0d:d5:f0:f0:1f: - b2:05:8e:82:98:9e:b5:67:dd:55:bb:c1:03:e1:9f: - 45:73:74:d7:11:aa:5b:de:c1:5d:5e:f2:29:85:29: - 03:e3:14:fa:e8:91:f5:29:a3:8c:c0:78:1c:4c:18: - 2b:49:2b:20:31:1e:bf:e1:55:7f:ed:76:25:4d:95: - a5:40:4c:cc:f4:8e:de:85:d3:88:0a:86:27:95:f4: - c8:4b:00:8d:16:b7:33:e9:76:12:aa:85:43:1e:89: - bb:ae:16:f2:f1:26:c4:a7:b9:44:89:76:1b:1a:2c: - 34:50:4b:e0:68:bc:f1:fb:be:22:14:b0:2b:67:78: - 22:f0:71:07:43:21:a3:24:d7:4e:28:a0:7d:04:16: - b1:a2:d8:35:2a:2b:2e:13:8e:6b:e9:c9:7f:78:7e: - 98:df + 00:e4:4e:96:f6:de:02:05:e7:16:80:fa:ed:b1:3c: + f3:19:ea:7b:d2:fe:ed:93:b7:09:37:7d:c1:98:9b: + 65:a9:84:09:72:cd:e5:d8:da:21:44:c2:2e:92:95: + 12:fe:35:0c:66:34:ad:f3:4f:c5:2f:d0:2e:57:41: + 1c:3b:ce:c9:51:17:05:eb:06:f7:4f:fb:6e:27:9d: + 06:d8:10:87:f4:97:5f:0f:9d:5d:d7:2b:d3:3b:21: + 5b:5a:8f:20:e0:97:16:7b:15:39:d6:3f:ff:1d:06: + 53:74:62:78:68:5b:ed:c2:05:e7:86:8b:1a:63:3a: + d3:e4:a9:25:8f:0e:92:13:df:39:d6:31:82:bf:bd: + ef:d4:21:9d:0e:7f:c9:90:ef:1d:c5:f3:c4:00:1e: + 4a:03:61:f4:5e:cf:e9:58:e5:12:49:37:31:49:89: + 54:d8:59:40:78:eb:e2:3f:75:9c:a5:ff:1c:33:b8: + 6c:26:26:5a:8f:28:12:1f:4e:81:e5:a6:aa:dd:c6: + d9:c9:94:6a:15:3c:9e:7a:59:29:92:cb:7a:f5:67: + c4:d4:dd:4c:c5:6e:fb:b3:c2:5a:9d:f1:0b:35:17: + 92:b6:85:dc:fd:45:c5:3f:13:f3:cd:fc:bc:b6:59: + c0:17:0b:ce:b3:e1:47:d1:2f:34:74:a4:5c:ba:a9: + cf:0d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - F7:A4:4C:CA:BB:81:7B:10:63:6B:CC:BC:73:ED:C6:1C:56:55:40:1C + 24:DB:B4:DE:3E:3F:AA:1D:B0:57:7A:1D:7C:CD:86:E9:6B:D0:15:6F X509v3 Authority Key Identifier: - keyid:F7:A4:4C:CA:BB:81:7B:10:63:6B:CC:BC:73:ED:C6:1C:56:55:40:1C + keyid:24:DB:B4:DE:3E:3F:AA:1D:B0:57:7A:1D:7C:CD:86:E9:6B:D0:15:6F Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -236,41 +236,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 50:5f:b0:32:ec:41:85:3d:75:ff:8d:05:17:be:20:98:81:da: - 48:39:17:20:24:a7:31:cf:63:35:90:29:26:d0:60:29:e1:68: - fe:35:fd:6c:61:c0:3a:cd:08:92:9b:cc:ad:73:d4:dd:a5:51: - 0e:a9:65:04:7d:16:77:8b:b8:b4:9d:fb:c4:7a:4a:ab:8a:9e: - d0:70:47:45:74:a4:57:ab:c2:cd:b3:c5:44:6b:7e:3b:78:8f: - 5b:7f:f0:f7:c3:ef:24:a2:40:fe:c6:71:cd:a8:a6:ac:63:22: - 57:39:f5:98:c3:91:79:bf:47:6a:0b:c6:b1:61:c6:35:1b:1c: - 10:cc:e7:bc:20:83:f6:48:26:4a:80:47:e0:22:fa:04:1f:b0: - 06:9c:54:fa:46:45:9b:d5:20:a2:f0:ee:be:b5:a2:83:92:86: - 5d:f5:40:f5:32:d0:85:35:eb:af:5d:9b:04:5d:21:b3:35:90: - e8:5f:0a:6c:90:85:eb:86:31:e4:89:81:c6:aa:73:4d:1e:3e: - af:40:07:f1:38:ae:30:ab:2d:aa:6d:2f:b2:1d:ff:d8:18:2e: - f3:d0:74:8e:ff:6d:24:97:30:cb:b6:e5:6f:cb:6b:c2:27:5e: - a5:f1:63:c0:d9:0d:c5:08:7f:86:8c:47:c4:9b:cb:e2:d9:da: - 17:51:5b:12 + 2b:46:4a:c0:43:58:cc:e5:46:f7:83:8c:ae:9a:01:26:6b:32: + 52:34:ee:ab:63:6c:ae:c7:4c:35:f2:35:70:d2:b9:9e:17:0b: + 96:6b:11:78:9d:e0:83:4e:41:e6:4f:3e:16:7f:93:fa:4f:b9: + fa:86:23:34:d1:47:46:da:00:ee:58:6f:6b:d7:42:04:15:4c: + e8:82:31:93:c5:58:46:43:19:c7:4b:eb:61:c7:28:a2:42:f0: + ad:8d:ed:2f:93:39:9e:46:84:13:42:c9:92:37:4e:f9:32:a1: + 84:17:22:95:c1:9e:1c:23:91:0a:33:32:29:38:7f:4d:ec:de: + 90:0f:96:5d:fb:73:9a:a9:a9:56:c0:74:95:3d:f7:eb:6a:97: + 45:2f:46:50:84:68:b9:5c:64:ad:01:8a:98:1a:c1:38:00:b2: + 8e:a9:8b:50:27:42:31:16:e4:c7:3b:11:a7:56:b4:f4:f7:bf: + f5:fc:e4:b8:2b:59:2c:d6:3d:35:6f:a7:a6:e6:cc:85:cd:36: + ee:98:dc:af:35:33:24:f2:0d:5f:e5:de:1b:26:e6:de:2c:f6: + cf:1e:ac:13:67:8b:8a:a1:8e:f0:62:d1:03:ed:aa:25:ca:0b: + 82:32:6e:24:4e:95:96:b3:ea:a0:33:fc:20:a3:3e:e4:ce:a4: + 60:af:33:78 -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM1rjxy2TFSzDffguFqm -08wLY4nLOlqHPDllqmMyef5cZ/YAjDK2dQEve0XTpFP0ekd+Lcpa0iLrIowC48GR -rXH4Z0Nij/FgF3fqo9Z4ZLJYwv0g4KIG1RioNp4usJcgx3KkUQ3V8PAfsgWOgpie -tWfdVbvBA+GfRXN01xGqW97BXV7yKYUpA+MU+uiR9SmjjMB4HEwYK0krIDEev+FV -f+12JU2VpUBMzPSO3oXTiAqGJ5X0yEsAjRa3M+l2EqqFQx6Ju64W8vEmxKe5RIl2 -GxosNFBL4Gi88fu+IhSwK2d4IvBxB0MhoyTXTiigfQQWsaLYNSorLhOOa+nJf3h+ -mN8CAwEAAaOByzCByDAdBgNVHQ4EFgQU96RMyruBexBja8y8c+3GHFZVQBwwHwYD -VR0jBBgwFoAU96RMyruBexBja8y8c+3GHFZVQBwwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOROlvbeAgXnFoD67bE8 +8xnqe9L+7ZO3CTd9wZibZamECXLN5djaIUTCLpKVEv41DGY0rfNPxS/QLldBHDvO +yVEXBesG90/7biedBtgQh/SXXw+dXdcr0zshW1qPIOCXFnsVOdY//x0GU3RieGhb +7cIF54aLGmM60+SpJY8OkhPfOdYxgr+979QhnQ5/yZDvHcXzxAAeSgNh9F7P6Vjl +Ekk3MUmJVNhZQHjr4j91nKX/HDO4bCYmWo8oEh9OgeWmqt3G2cmUahU8nnpZKZLL +evVnxNTdTMVu+7PCWp3xCzUXkraF3P1FxT8T8838vLZZwBcLzrPhR9EvNHSkXLqp +zw0CAwEAAaOByzCByDAdBgNVHQ4EFgQUJNu03j4/qh2wV3odfM2G6WvQFW8wHwYD +VR0jBBgwFoAUJNu03j4/qh2wV3odfM2G6WvQFW8wNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBQX7Ay7EGF -PXX/jQUXviCYgdpIORcgJKcxz2M1kCkm0GAp4Wj+Nf1sYcA6zQiSm8ytc9TdpVEO -qWUEfRZ3i7i0nfvEekqrip7QcEdFdKRXq8LNs8VEa347eI9bf/D3w+8kokD+xnHN -qKasYyJXOfWYw5F5v0dqC8axYcY1GxwQzOe8IIP2SCZKgEfgIvoEH7AGnFT6RkWb -1SCi8O6+taKDkoZd9UD1MtCFNeuvXZsEXSGzNZDoXwpskIXrhjHkiYHGqnNNHj6v -QAfxOK4wqy2qbS+yHf/YGC7z0HSO/20klzDLtuVvy2vCJ16l8WPA2Q3FCH+GjEfE -m8vi2doXUVsS +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQArRkrAQ1jM +5Ub3g4yumgEmazJSNO6rY2yux0w18jVw0rmeFwuWaxF4neCDTkHmTz4Wf5P6T7n6 +hiM00UdG2gDuWG9r10IEFUzogjGTxVhGQxnHS+thxyiiQvCtje0vkzmeRoQTQsmS +N075MqGEFyKVwZ4cI5EKMzIpOH9N7N6QD5Zd+3OaqalWwHSVPffrapdFL0ZQhGi5 +XGStAYqYGsE4ALKOqYtQJ0IxFuTHOxGnVrT097/1/OS4K1ks1j01b6em5syFzTbu +mNyvNTMk8g1f5d4bJubeLPbPHqwTZ4uKoY7wYtED7aolyguCMm4kTpWWs+qgM/wg +oz7kzqRgrzN4 -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -283,10 +283,15 @@ FAIL RkFJTA== -----END VERIFY_RESULT----- -[Context] Processing Certificate - index: 1 - [Error] Target certificate looks like a CA but does not set all CA properties +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=0 (CN=Target) ----- +ERROR: Target certificate looks like a CA but does not set all CA properties + -----BEGIN ERRORS----- -W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMQogICAgICBbRXJyb3JdIFRhcmdldCBjZXJ0aWZpY2F0ZSBsb29rcyBsaWtlIGEgQ0EgYnV0IGRvZXMgbm90IHNldCBhbGwgQ0EgcHJvcGVydGllcwo= +LS0tLS0gQ2VydGlmaWNhdGUgaT0wIChDTj1UYXJnZXQpIC0tLS0tCkVSUk9SOiBUYXJnZXQgY2VydGlmaWNhdGUgbG9va3MgbGlrZSBhIENBIGJ1dCBkb2VzIG5vdCBzZXQgYWxsIENBIHByb3BlcnRpZXMKCg== -----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca.pem b/chromium/net/data/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca.pem index 398314c8b06..a6759fa5db1 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca.pem @@ -18,30 +18,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ca:73:f9:c5:cb:c6:2c:26:07:85:8f:4b:a4:ac: - 52:18:84:42:ca:cb:34:59:92:5a:d8:f7:1f:df:51: - ed:6a:d5:e2:e1:dc:06:fb:72:0d:f3:e7:9f:38:0d: - 46:f4:19:77:31:33:4c:5b:ac:dd:6c:8c:06:68:4c: - 48:84:e2:c7:17:28:a9:0b:4e:07:07:b6:7b:cc:a9: - ef:6c:ae:22:6e:03:d6:d4:5b:f1:d9:aa:9e:61:54: - c7:14:79:cb:d6:c2:8f:da:87:e8:ae:d2:b3:66:4f: - d3:4c:56:b8:e0:80:f8:45:b7:11:35:53:ec:d4:49: - f8:05:70:f3:5b:56:b2:05:6d:3e:46:f8:be:67:71: - 48:a6:65:dd:55:62:a3:23:b0:94:e1:f2:3b:17:54: - 40:cc:37:90:d9:78:5a:d8:29:99:3f:02:16:a8:5b: - 5e:64:f4:f2:84:ad:25:c6:cf:2c:5b:e7:6c:bf:88: - 63:0c:8a:9b:fb:d9:b1:30:5a:21:74:1f:e4:5a:54: - 23:3a:a1:02:34:97:2c:a2:af:08:05:f0:db:52:58: - 7f:86:80:12:a3:f9:78:c0:ad:d6:8b:12:53:72:55: - 24:ca:3e:70:f2:7f:78:8f:b7:a1:32:f1:2c:7f:23: - db:7b:ce:79:cf:cc:6d:d8:f7:14:54:5c:e0:db:7d: - 60:b3 + 00:ba:80:5c:f0:d7:23:f0:69:d9:b7:8f:fc:c3:d4: + 47:a2:41:29:77:01:50:3c:84:8f:52:f7:11:6d:c4: + 75:04:84:48:98:8c:4e:bb:f6:4b:e2:cb:4d:be:01: + dc:b2:8e:48:b6:da:76:4d:b0:28:75:94:28:d7:44: + 2c:0d:a5:70:fe:b8:ec:c3:d0:0d:8b:74:4a:18:b9: + 13:bb:b1:99:80:09:d0:bd:00:a3:20:64:70:bb:18: + 00:7c:61:1f:5d:d2:dc:23:6a:6a:e3:8a:6c:13:9b: + a3:c5:7b:dc:91:71:29:46:4e:1c:8e:82:2a:d6:bb: + f9:5a:91:be:f0:a7:a9:b2:d5:8c:df:a2:d2:eb:3a: + e4:49:30:8b:83:20:6d:fb:af:90:19:3e:44:b5:d3: + bb:05:a1:15:a1:0d:4c:61:82:63:5e:24:a5:94:df: + a9:35:5a:0f:56:eb:8c:1d:a5:0e:80:4a:16:d1:ef: + dd:cf:84:f6:45:55:65:55:b8:73:ae:ca:1c:f8:c7: + e2:67:e8:8a:42:5e:eb:f6:2c:bf:55:1c:18:39:51: + 5b:15:16:1b:0a:06:ba:b0:ad:bc:45:2d:23:5c:3a: + ca:2b:04:c9:a2:4f:a6:80:ec:d2:b8:d7:98:44:69: + 3c:3c:2e:ab:b4:44:e2:50:6a:b8:a6:59:db:d4:61: + 54:fd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 99:D8:C1:91:A6:13:EB:0F:B4:6F:F2:B0:C4:0C:D9:0A:25:8E:53:10 + 5B:3D:C4:92:95:A9:93:D8:29:1F:56:EB:DA:A0:3C:1A:C0:BD:5D:AB X509v3 Authority Key Identifier: - keyid:5B:9F:DF:D5:C6:FF:4F:39:52:EA:EF:97:5B:C1:ED:E1:CC:44:4E:B6 + keyid:FB:3A:43:9C:BA:40:89:72:5B:BD:26:8A:3B:25:77:1C:C1:F0:2C:7E Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -58,42 +58,42 @@ Certificate: X509v3 Basic Constraints: critical CA:FALSE, pathlen:1 Signature Algorithm: sha256WithRSAEncryption - 70:43:96:4c:98:6f:28:18:8a:59:39:82:cc:24:47:f8:58:f8: - f8:43:04:09:1e:a6:51:59:bc:60:36:ff:a1:41:51:e1:4c:40: - 6b:5e:8b:73:3c:c4:37:65:f4:b0:57:01:8f:c6:ba:0c:5b:97: - a1:6b:3a:ea:53:79:8f:9a:99:f8:ca:01:a5:15:ac:60:4c:a7: - a7:68:07:72:3c:ed:06:70:d8:a4:d0:c0:5f:88:f2:6a:c0:a1: - 2b:e7:58:68:23:d3:7e:f0:98:99:7d:3d:91:25:e3:84:4f:ef: - 55:a4:ee:f7:1f:dc:f2:af:a8:74:96:6c:26:c4:d8:b6:84:dc: - b7:e7:7d:9d:2b:7b:3b:e6:e4:ad:76:e0:aa:ea:a4:26:97:4b: - 20:cd:b1:bd:a8:6e:b3:08:47:31:a2:01:7b:b5:6c:72:d0:f0: - 12:ac:bd:4f:be:de:23:cb:34:14:d2:11:42:3f:d5:70:76:4c: - 99:db:ce:bc:0e:d5:2e:4b:6f:c3:1b:5d:c6:58:89:74:5f:1d: - 62:cf:df:1e:4c:13:08:88:cb:66:6f:00:c2:c5:6f:bb:b4:9e: - 1f:8a:7d:9d:0b:a6:11:6f:28:bb:5e:46:ab:71:d4:eb:00:8c: - 71:6b:32:85:3d:17:ca:d0:15:90:66:7a:b2:96:0c:c1:9d:2e: - 53:36:97:5b + 69:8a:39:36:b6:e9:e9:45:2b:cf:6a:01:60:aa:3c:35:01:c9: + 42:70:04:69:d9:20:5b:8c:d4:66:d9:74:7a:dc:d9:d9:f6:f1: + 66:77:70:e8:9f:de:5a:7e:4e:c7:66:33:db:2f:4c:48:d4:9c: + b2:5c:2a:34:02:31:56:2f:62:11:0a:69:6b:5a:b2:7d:c4:e5: + 98:0a:d3:7a:04:a4:4c:e7:91:b6:9b:54:e9:10:d3:8d:69:38: + 69:50:4e:b4:0e:a0:6a:fd:30:f2:03:b2:a1:77:f3:ce:d4:e1: + 02:9b:35:2f:58:b4:b1:03:e7:e4:52:3e:77:3a:a6:d9:9d:38: + f7:0e:7f:47:4a:b4:8e:b6:a7:0a:a9:a7:25:e8:03:8a:16:30: + 4d:a7:c9:5d:3b:ca:4e:ef:93:7f:26:02:f1:f8:c4:cc:1e:69: + 41:a8:67:3a:b3:73:6f:ac:bb:85:e7:11:eb:29:37:bb:3d:a2: + 4b:34:32:b3:ae:6e:6b:87:23:8c:44:63:07:63:bc:03:52:b9: + 72:77:bc:06:99:99:2f:ed:2d:51:ca:75:c1:14:7f:88:b8:64: + 21:cf:5b:c9:bd:8c:e9:fb:81:bc:c8:53:dc:50:38:bc:d5:29: + 83:02:3b:03:cc:30:c3:96:f5:69:af:a6:d6:cb:d3:ed:b9:cf: + ae:cd:6f:c1 -----BEGIN CERTIFICATE----- MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKc/nF -y8YsJgeFj0ukrFIYhELKyzRZklrY9x/fUe1q1eLh3Ab7cg3z5584DUb0GXcxM0xb -rN1sjAZoTEiE4scXKKkLTgcHtnvMqe9sriJuA9bUW/HZqp5hVMcUecvWwo/ah+iu -0rNmT9NMVrjggPhFtxE1U+zUSfgFcPNbVrIFbT5G+L5ncUimZd1VYqMjsJTh8jsX -VEDMN5DZeFrYKZk/AhaoW15k9PKErSXGzyxb52y/iGMMipv72bEwWiF0H+RaVCM6 -oQI0lyyirwgF8NtSWH+GgBKj+XjArdaLElNyVSTKPnDyf3iPt6Ey8Sx/I9t7znnP -zG3Y9xRUXODbfWCzAgMBAAGjgfowgfcwHQYDVR0OBBYEFJnYwZGmE+sPtG/ysMQM -2QoljlMQMB8GA1UdIwQYMBaAFFuf39XG/085Uurvl1vB7eHMRE62MD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6gFzw +1yPwadm3j/zD1EeiQSl3AVA8hI9S9xFtxHUEhEiYjE679kviy02+Adyyjki22nZN +sCh1lCjXRCwNpXD+uOzD0A2LdEoYuRO7sZmACdC9AKMgZHC7GAB8YR9d0twjamrj +imwTm6PFe9yRcSlGThyOgirWu/lakb7wp6my1YzfotLrOuRJMIuDIG37r5AZPkS1 +07sFoRWhDUxhgmNeJKWU36k1Wg9W64wdpQ6AShbR793PhPZFVWVVuHOuyhz4x+Jn +6IpCXuv2LL9VHBg5UVsVFhsKBrqwrbxFLSNcOsorBMmiT6aA7NK415hEaTw8Lqu0 +ROJQarimWdvUYVT9AgMBAAGjgfowgfcwHQYDVR0OBBYEFFs9xJKVqZPYKR9W69qg +PBrAvV2rMB8GA1UdIwQYMBaAFPs6Q5y6QIlyW70mijsldxzB8Cx+MD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF BwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAgEBMA0GCSqGSIb3DQEBCwUAA4IB -AQBwQ5ZMmG8oGIpZOYLMJEf4WPj4QwQJHqZRWbxgNv+hQVHhTEBrXotzPMQ3ZfSw -VwGPxroMW5ehazrqU3mPmpn4ygGlFaxgTKenaAdyPO0GcNik0MBfiPJqwKEr51ho -I9N+8JiZfT2RJeOET+9VpO73H9zyr6h0lmwmxNi2hNy3532dK3s75uStduCq6qQm -l0sgzbG9qG6zCEcxogF7tWxy0PASrL1Pvt4jyzQU0hFCP9VwdkyZ2868DtUuS2/D -G13GWIl0Xx1iz98eTBMIiMtmbwDCxW+7tJ4fin2dC6YRbyi7XkarcdTrAIxxazKF -PRfK0BWQZnqylgzBnS5TNpdb +AQBpijk2tunpRSvPagFgqjw1AclCcARp2SBbjNRm2XR63NnZ9vFmd3Don95afk7H +ZjPbL0xI1JyyXCo0AjFWL2IRCmlrWrJ9xOWYCtN6BKRM55G2m1TpENONaThpUE60 +DqBq/TDyA7Khd/PO1OECmzUvWLSxA+fkUj53OqbZnTj3Dn9HSrSOtqcKqacl6AOK +FjBNp8ldO8pO75N/JgLx+MTMHmlBqGc6s3NvrLuF5xHrKTe7PaJLNDKzrm5rhyOM +RGMHY7wDUrlyd7wGmZkv7S1RynXBFH+IuGQhz1vJvYzp+4G8yFPcUDi81SmDAjsD +zDDDlvVpr6bWy9Ptuc+uzW/B -----END CERTIFICATE----- Certificate: @@ -110,30 +110,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c8:43:a7:fe:04:ff:78:d4:be:60:bd:16:7d:46: - a2:cf:a8:74:42:6b:2b:49:13:61:2e:78:e7:7c:49: - 52:0b:df:bf:b0:e1:5e:dd:f5:39:99:11:ff:d2:14: - 8f:db:de:10:55:90:29:05:b3:49:db:80:87:d1:82: - 6b:15:97:4b:da:5e:d7:da:11:0c:84:1e:db:d9:57: - 4d:52:cf:31:a0:1f:bd:4f:79:22:7a:ee:5a:ae:9d: - 22:df:71:d3:20:12:e5:c8:7e:1e:76:d3:6f:07:6e: - 5c:c3:89:11:a2:35:50:05:4d:6f:30:d8:3c:ef:38: - 80:51:e3:ee:7d:66:81:7f:7c:c4:e7:d0:d4:53:1d: - 00:3d:03:cb:87:f4:3d:b9:13:cd:16:ef:b2:51:3f: - 1c:96:0a:71:90:ca:25:c4:10:71:aa:ba:27:c8:67: - 94:af:63:7c:29:2a:2e:a8:4e:03:7e:6c:5c:2f:96: - 8d:9d:ca:c5:6f:f1:e7:8d:92:a9:ed:aa:87:3a:74: - 12:c7:ea:3f:ad:a2:6a:76:d8:f6:c9:96:27:6e:8b: - a3:b8:cc:d4:2b:9b:61:be:2b:11:c5:bb:da:ef:14: - 23:5d:5d:96:69:c0:a7:7a:16:db:3a:4e:e4:22:84: - 55:02:26:7b:a5:8e:84:12:e4:36:fc:c5:07:d9:ee: - c5:19 + 00:b1:bb:78:97:4a:b5:56:42:fa:f9:6b:63:6c:f3: + 0e:54:92:6c:84:d4:c7:53:48:24:c1:bd:6f:d0:83: + ad:f3:7a:5c:93:f1:74:38:ba:46:f1:19:db:0e:fb: + 1b:b4:f2:9e:8b:c4:10:8e:97:b1:ff:f8:2d:03:cd: + 36:91:8a:2c:e8:d8:da:a4:7e:58:8d:fb:ff:99:2b: + d5:e1:b3:63:7f:ec:2c:66:b5:0d:ca:ba:e1:74:5e: + b3:ad:bf:49:65:74:52:30:78:ed:ea:7c:08:26:32: + f1:d5:e3:ea:01:7e:3a:fc:0e:84:d6:17:aa:98:f8: + 92:63:77:4d:5c:d3:13:61:af:e3:d8:35:0c:ff:1e: + 39:91:0c:24:a9:ec:89:ab:28:97:97:56:eb:2a:73: + 70:e7:46:17:89:1e:42:73:a5:f6:b6:de:5a:bc:24: + 69:5d:41:09:31:f6:12:d3:57:2d:dc:96:9c:0a:4d: + 64:f0:c4:24:44:8e:1d:66:37:a1:01:1a:d5:89:a8: + 9c:81:82:00:d9:f5:56:e9:58:df:ea:5d:32:7e:fb: + 2d:19:1b:39:b4:fb:77:2c:2e:e1:ae:f5:ea:b0:ad: + b7:d4:2e:35:86:26:9f:96:c6:e3:4c:27:7b:6a:7d: + a2:4e:bf:cb:59:33:85:6f:d1:98:e4:27:3c:95:3f: + fd:ad Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 5B:9F:DF:D5:C6:FF:4F:39:52:EA:EF:97:5B:C1:ED:E1:CC:44:4E:B6 + FB:3A:43:9C:BA:40:89:72:5B:BD:26:8A:3B:25:77:1C:C1:F0:2C:7E X509v3 Authority Key Identifier: - keyid:8A:85:CE:7E:DC:AF:15:B7:01:C2:5C:81:3F:3D:14:49:D2:38:08:AB + keyid:8F:4E:5E:78:19:AE:28:82:69:2F:CF:33:95:04:C1:CD:75:D1:F6:FF Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -148,41 +148,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 14:37:73:58:3c:37:40:b3:ff:a3:e4:f3:2d:f1:26:6b:c9:82: - 17:c5:97:4d:bd:84:6a:19:25:08:20:a9:7d:38:fb:3d:a4:7f: - 06:80:7e:fb:6e:7e:bf:26:90:4b:96:ab:a7:f9:49:a5:d6:77: - 67:b5:ab:bb:ad:ea:84:5a:43:13:f9:b3:1a:80:b1:59:cc:d4: - 1d:33:e8:0d:b0:af:9a:80:44:0e:a6:01:f3:a4:e2:87:2b:db: - 47:be:0f:28:08:d9:ab:7c:d9:4c:86:d0:ba:bc:1b:dc:99:9b: - 33:ea:a7:3e:ef:52:b8:70:a8:27:e7:83:59:cd:57:38:7f:a1: - 36:53:4f:a0:1b:69:7d:e4:fa:9f:2b:52:50:09:23:62:c6:c0: - 01:a6:85:76:45:80:6a:b6:54:bd:60:5d:5a:3a:04:92:ab:e3: - bd:0c:94:7f:5f:79:9c:3f:6e:12:c3:96:b0:78:44:9b:03:1e: - 79:11:fb:8d:a5:1d:55:c9:b3:e5:a0:26:18:10:68:92:b8:54: - 68:d0:2d:e1:99:0c:08:9c:cc:40:50:34:69:9f:13:e6:d7:87: - 85:e7:57:63:3e:17:0f:ce:02:7b:78:e5:18:ef:1a:55:b1:6a: - 55:f8:44:3e:92:1d:08:a1:7d:bb:fc:00:be:e3:1b:83:aa:b8: - 75:f0:05:45 + 1e:fc:c8:bb:67:ec:94:d3:7a:62:ee:88:f7:04:40:0f:82:05: + 9e:4e:08:cc:ee:5a:42:b1:ca:e4:eb:c6:32:76:cf:c2:0a:9a: + 04:43:e9:c0:f7:d9:ef:a8:c1:aa:39:09:5c:cc:f7:3e:15:a2: + dc:52:ba:02:35:c4:e4:10:b9:6e:f2:fa:4b:85:d0:a4:e8:34: + ef:39:fc:64:94:2a:43:f5:de:46:73:99:6b:bb:68:f5:47:b9: + af:ec:f4:65:22:e9:c0:28:09:c3:b8:78:9b:82:51:a7:c6:a4: + 59:ac:4c:45:3b:dc:4a:2a:a1:4d:a6:44:d0:66:6e:de:20:e6: + cc:2a:ae:b5:4a:ca:c3:8e:80:5b:e1:ee:1e:a1:ce:95:f5:d7: + a2:c0:57:2a:bb:eb:2d:74:f0:c3:12:48:87:c9:d7:26:76:73: + 2e:2b:88:bd:b1:0b:fa:3c:18:b0:78:14:26:84:2e:0f:8d:6a: + ec:5d:3e:1a:6d:09:e7:88:dc:c8:79:6c:95:75:30:ae:6b:5b: + 85:a6:ce:7b:79:86:f4:20:bd:cd:39:5f:4a:01:0d:64:b5:6f: + 61:ca:d0:88:0c:60:26:6f:32:c1:50:f5:f3:b9:6c:95:b6:89: + ae:5d:ef:bf:cc:94:9b:5d:aa:b0:78:6c:02:b4:12:a7:f4:38: + f3:de:60:05 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEOn/gT/ -eNS+YL0WfUaiz6h0QmsrSRNhLnjnfElSC9+/sOFe3fU5mRH/0hSP294QVZApBbNJ -24CH0YJrFZdL2l7X2hEMhB7b2VdNUs8xoB+9T3kieu5arp0i33HTIBLlyH4edtNv -B25cw4kRojVQBU1vMNg87ziAUePufWaBf3zE59DUUx0APQPLh/Q9uRPNFu+yUT8c -lgpxkMolxBBxqronyGeUr2N8KSouqE4DfmxcL5aNncrFb/HnjZKp7aqHOnQSx+o/ -raJqdtj2yZYnboujuMzUK5thvisRxbva7xQjXV2WacCnehbbOk7kIoRVAiZ7pY6E -EuQ2/MUH2e7FGQIDAQABo4HLMIHIMB0GA1UdDgQWBBRbn9/Vxv9POVLq75dbwe3h -zEROtjAfBgNVHSMEGDAWgBSKhc5+3K8VtwHCXIE/PRRJ0jgIqzA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbt4l0q1 +VkL6+WtjbPMOVJJshNTHU0gkwb1v0IOt83pck/F0OLpG8RnbDvsbtPKei8QQjpex +//gtA802kYos6NjapH5Yjfv/mSvV4bNjf+wsZrUNyrrhdF6zrb9JZXRSMHjt6nwI +JjLx1ePqAX46/A6E1heqmPiSY3dNXNMTYa/j2DUM/x45kQwkqeyJqyiXl1brKnNw +50YXiR5Cc6X2tt5avCRpXUEJMfYS01ct3JacCk1k8MQkRI4dZjehARrViaicgYIA +2fVW6Vjf6l0yfvstGRs5tPt3LC7hrvXqsK231C41hiaflsbjTCd7an2iTr/LWTOF +b9GY5Cc8lT/9rQIDAQABo4HLMIHIMB0GA1UdDgQWBBT7OkOcukCJclu9Joo7JXcc +wfAsfjAfBgNVHSMEGDAWgBSPTl54Ga4ogmkvzzOVBMHNddH2/zA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -ABQ3c1g8N0Cz/6Pk8y3xJmvJghfFl029hGoZJQggqX04+z2kfwaAfvtufr8mkEuW -q6f5SaXWd2e1q7ut6oRaQxP5sxqAsVnM1B0z6A2wr5qARA6mAfOk4ocr20e+DygI -2at82UyG0Lq8G9yZmzPqpz7vUrhwqCfng1nNVzh/oTZTT6AbaX3k+p8rUlAJI2LG -wAGmhXZFgGq2VL1gXVo6BJKr470MlH9feZw/bhLDlrB4RJsDHnkR+42lHVXJs+Wg -JhgQaJK4VGjQLeGZDAiczEBQNGmfE+bXh4XnV2M+Fw/OAnt45RjvGlWxalX4RD6S -HQihfbv8AL7jG4OquHXwBUU= +AB78yLtn7JTTemLuiPcEQA+CBZ5OCMzuWkKxyuTrxjJ2z8IKmgRD6cD32e+owao5 +CVzM9z4VotxSugI1xOQQuW7y+kuF0KToNO85/GSUKkP13kZzmWu7aPVHua/s9GUi +6cAoCcO4eJuCUafGpFmsTEU73EoqoU2mRNBmbt4g5swqrrVKysOOgFvh7h6hzpX1 +16LAVyq76y108MMSSIfJ1yZ2cy4riL2xC/o8GLB4FCaELg+NauxdPhptCeeI3Mh5 +bJV1MK5rW4Wmznt5hvQgvc05X0oBDWS1b2HK0IgMYCZvMsFQ9fO5bJW2ia5d77/M +lJtdqrB4bAK0Eqf0OPPeYAU= -----END CERTIFICATE----- Certificate: @@ -199,30 +199,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:d3:fa:b1:7f:2b:e4:ff:ad:10:e9:54:54:ef:6a: - 81:02:0b:b6:83:70:89:ae:d9:4d:54:ea:95:99:88: - 3d:59:7d:97:1e:fd:b9:9b:53:8b:14:1e:a4:68:07: - ed:68:65:68:7d:4f:ba:28:38:ff:87:33:98:2c:32: - d0:e5:00:78:0f:6a:20:32:7d:9e:7d:9b:af:e9:39: - fe:5c:bc:04:1c:06:1a:11:1a:46:24:34:f7:e3:af: - 56:6d:38:8f:46:39:a6:01:fa:56:f9:d7:9e:73:35: - 1a:23:94:12:0f:0d:d3:ec:fe:09:57:f6:a0:9c:18: - a7:ba:4b:c9:37:a3:0c:60:77:4b:77:5f:c8:9c:7e: - b1:5c:b3:43:72:da:c9:6c:c8:71:24:ab:2f:c4:83: - bd:b0:4f:60:af:46:0d:7b:34:8f:e9:70:a2:85:ed: - 6e:05:df:e3:c1:40:3d:17:b1:f0:a3:7d:e2:17:6f: - 3d:fe:11:81:90:1f:c2:f8:bc:2c:d5:9c:fc:04:47: - 24:c4:5e:cf:20:0f:31:e8:7d:ea:b5:69:b8:0f:35: - 19:5d:13:08:db:d6:a2:dc:7a:33:92:b3:9c:fc:35: - de:cf:55:96:f7:52:6e:a9:e2:93:b0:52:07:8d:0f: - 95:9c:0e:0d:1b:48:0e:b8:41:4f:eb:68:da:e5:6d: - a1:63 + 00:b3:59:c0:d6:b0:f3:cb:31:46:9d:ef:de:63:f3: + 1a:24:10:36:fb:e8:ee:05:76:21:51:51:fd:52:47: + 97:12:13:46:42:bc:94:37:5e:e6:41:d2:d8:75:27: + 2c:3d:04:bc:e1:ac:bc:a8:f6:d8:74:63:9a:be:a9: + 7b:d2:1b:96:87:25:3b:ce:d1:ff:b4:dd:fa:29:64: + ae:df:4c:1b:b4:fb:9e:8a:9a:6c:74:ba:2a:76:45: + 03:b7:91:7e:90:ba:04:3d:dc:0a:17:77:b3:5f:dc: + 56:07:eb:63:5e:2b:54:c9:d7:b3:4b:f3:42:6b:9e: + 2a:80:9c:71:52:5d:0f:6d:97:c6:d3:f6:c4:7a:7a: + ee:ea:22:4f:1c:e8:42:55:6e:b2:2a:56:cf:86:3c: + 94:d1:e7:e0:7c:78:8c:94:05:05:b0:3f:b2:70:18: + da:92:d2:9a:ba:57:7c:fb:52:4b:0f:34:cb:dc:ab: + 40:a0:76:4e:cc:11:b9:57:be:f2:e2:fa:2b:ba:20: + b0:c8:ee:8d:0a:11:a2:02:d4:f7:38:3d:f4:a8:49: + f4:b4:8a:08:ff:d0:c3:25:21:0e:dc:f0:17:22:f2: + bf:07:3d:e7:5f:4c:b2:cd:1a:18:f1:fd:3a:5a:42: + 79:b3:82:47:ad:ad:e0:02:7f:0b:19:34:5d:3b:90: + 81:23 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 8A:85:CE:7E:DC:AF:15:B7:01:C2:5C:81:3F:3D:14:49:D2:38:08:AB + 8F:4E:5E:78:19:AE:28:82:69:2F:CF:33:95:04:C1:CD:75:D1:F6:FF X509v3 Authority Key Identifier: - keyid:8A:85:CE:7E:DC:AF:15:B7:01:C2:5C:81:3F:3D:14:49:D2:38:08:AB + keyid:8F:4E:5E:78:19:AE:28:82:69:2F:CF:33:95:04:C1:CD:75:D1:F6:FF Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -237,41 +237,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 3b:f2:cd:03:ef:d9:61:67:ea:7b:dd:e9:88:13:07:8d:94:51: - 62:bb:56:d6:c1:be:8a:d0:a0:81:fe:1d:90:6d:85:94:2c:ac: - 33:fb:5d:f6:c9:74:72:7b:f7:5a:b8:e4:b6:dd:30:bb:93:3b: - 74:22:e9:fe:e9:5c:b2:8b:d4:a1:21:0c:e6:3c:ee:86:ae:9e: - 8a:fd:88:bb:a7:fd:20:bb:9c:ff:d4:ca:6f:66:60:19:14:d1: - d1:f2:d6:f3:b2:58:c8:4d:15:30:e1:e0:fc:40:ad:55:25:ba: - 8d:25:68:26:c4:64:68:7e:94:e6:f4:96:5a:c4:e6:ba:85:5b: - b2:32:d1:82:32:8b:f4:3f:6f:4e:d5:de:2e:d7:09:3c:1f:7e: - 93:3a:22:d8:ef:40:41:47:28:80:03:77:0d:f9:51:28:28:b6: - 53:24:66:f7:3b:56:6c:53:58:55:b2:49:7c:c4:1a:3d:a1:37: - 29:19:8a:9a:99:84:7f:63:ac:21:85:f5:02:5a:5a:1c:7c:0a: - 8b:bc:83:ff:80:57:2e:ce:62:c5:79:58:24:12:e8:af:a4:6c: - ce:a8:92:2b:25:c4:e3:b6:27:f7:d5:dd:e6:fa:cc:91:6c:59: - 5e:f5:a4:e2:4f:0b:18:fa:4e:9c:88:66:20:25:af:87:14:01: - 27:08:89:6a + 31:70:94:d1:2f:b7:58:d6:e9:18:c0:d8:21:be:f7:e5:08:1b: + 34:82:32:4a:2f:55:e8:99:2f:ae:27:ea:f8:53:b3:2b:e1:84: + 17:ed:4b:7e:b8:79:5c:4f:d6:a7:fd:93:f4:dc:f3:ee:97:aa: + 42:27:44:20:d2:f6:7b:32:b8:20:24:a3:06:cb:e6:b0:73:d5: + 3a:c3:cb:ea:09:0f:94:d4:ee:13:bf:28:40:5a:1c:fc:ae:8f: + 7d:06:87:b1:1c:82:e9:1f:ed:97:11:db:1e:e8:0f:61:65:05: + d4:0e:4d:39:a2:6d:7b:bd:ce:36:63:48:72:9b:fb:ed:c9:09: + 11:23:8c:6a:e8:61:95:5b:f4:01:89:3f:81:75:65:46:6b:8b: + fe:51:45:c9:47:67:3d:d1:4c:ce:bf:1e:5a:bd:fe:2f:78:9d: + 77:95:15:17:47:57:68:bf:18:36:ba:5d:f8:56:94:14:44:76: + 82:23:dc:1f:79:0e:55:50:83:1c:da:72:70:a8:e8:60:c8:eb: + 09:99:56:6d:4d:f9:23:9f:95:e8:82:23:5b:16:ff:2e:29:a4: + a1:3b:f5:b4:cd:11:57:fe:fc:ab:a1:75:63:f9:60:85:50:b3: + 18:eb:84:53:d0:73:ca:51:f6:2f:3c:cd:af:75:b0:f2:9b:a5: + 83:62:cd:81 -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANP6sX8r5P+tEOlUVO9q -gQILtoNwia7ZTVTqlZmIPVl9lx79uZtTixQepGgH7WhlaH1Puig4/4czmCwy0OUA -eA9qIDJ9nn2br+k5/ly8BBwGGhEaRiQ09+OvVm04j0Y5pgH6VvnXnnM1GiOUEg8N -0+z+CVf2oJwYp7pLyTejDGB3S3dfyJx+sVyzQ3LayWzIcSSrL8SDvbBPYK9GDXs0 -j+lwooXtbgXf48FAPRex8KN94hdvPf4RgZAfwvi8LNWc/ARHJMRezyAPMeh96rVp -uA81GV0TCNvWotx6M5KznPw13s9VlvdSbqnik7BSB40PlZwODRtIDrhBT+to2uVt -oWMCAwEAAaOByzCByDAdBgNVHQ4EFgQUioXOftyvFbcBwlyBPz0USdI4CKswHwYD -VR0jBBgwFoAUioXOftyvFbcBwlyBPz0USdI4CKswNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNZwNaw88sxRp3v3mPz +GiQQNvvo7gV2IVFR/VJHlxITRkK8lDde5kHS2HUnLD0EvOGsvKj22HRjmr6pe9Ib +loclO87R/7Td+ilkrt9MG7T7noqabHS6KnZFA7eRfpC6BD3cChd3s1/cVgfrY14r +VMnXs0vzQmueKoCccVJdD22XxtP2xHp67uoiTxzoQlVusipWz4Y8lNHn4Hx4jJQF +BbA/snAY2pLSmrpXfPtSSw80y9yrQKB2TswRuVe+8uL6K7ogsMjujQoRogLU9zg9 +9KhJ9LSKCP/QwyUhDtzwFyLyvwc9519Mss0aGPH9OlpCebOCR62t4AJ/Cxk0XTuQ +gSMCAwEAAaOByzCByDAdBgNVHQ4EFgQUj05eeBmuKIJpL88zlQTBzXXR9v8wHwYD +VR0jBBgwFoAUj05eeBmuKIJpL88zlQTBzXXR9v8wNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA78s0D79lh -Z+p73emIEweNlFFiu1bWwb6K0KCB/h2QbYWULKwz+132yXRye/dauOS23TC7kzt0 -Iun+6Vyyi9ShIQzmPO6Grp6K/Yi7p/0gu5z/1MpvZmAZFNHR8tbzsljITRUw4eD8 -QK1VJbqNJWgmxGRofpTm9JZaxOa6hVuyMtGCMov0P29O1d4u1wk8H36TOiLY70BB -RyiAA3cN+VEoKLZTJGb3O1ZsU1hVskl8xBo9oTcpGYqamYR/Y6whhfUCWlocfAqL -vIP/gFcuzmLFeVgkEuivpGzOqJIrJcTjtif31d3m+syRbFle9aTiTwsY+k6ciGYg -Ja+HFAEnCIlq +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAxcJTRL7dY +1ukYwNghvvflCBs0gjJKL1XomS+uJ+r4U7Mr4YQX7Ut+uHlcT9an/ZP03PPul6pC +J0Qg0vZ7MrggJKMGy+awc9U6w8vqCQ+U1O4TvyhAWhz8ro99BoexHILpH+2XEdse +6A9hZQXUDk05om17vc42Y0hym/vtyQkRI4xq6GGVW/QBiT+BdWVGa4v+UUXJR2c9 +0UzOvx5avf4veJ13lRUXR1dovxg2ul34VpQURHaCI9wfeQ5VUIMc2nJwqOhgyOsJ +mVZtTfkjn5XogiNbFv8uKaShO/W0zRFX/vyroXVj+WCFULMY64RT0HPKUfYvPM2v +dbDym6WDYs2B -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -284,10 +284,15 @@ FAIL RkFJTA== -----END VERIFY_RESULT----- -[Context] Processing Certificate - index: 1 - [Error] Target certificate looks like a CA but does not set all CA properties +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=0 (CN=Target) ----- +ERROR: Target certificate looks like a CA but does not set all CA properties + -----BEGIN ERRORS----- -W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMQogICAgICBbRXJyb3JdIFRhcmdldCBjZXJ0aWZpY2F0ZSBsb29rcyBsaWtlIGEgQ0EgYnV0IGRvZXMgbm90IHNldCBhbGwgQ0EgcHJvcGVydGllcwo= +LS0tLS0gQ2VydGlmaWNhdGUgaT0wIChDTj1UYXJnZXQpIC0tLS0tCkVSUk9SOiBUYXJnZXQgY2VydGlmaWNhdGUgbG9va3MgbGlrZSBhIENBIGJ1dCBkb2VzIG5vdCBzZXQgYWxsIENBIHByb3BlcnRpZXMKCg== -----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/target-lacks-eku.pem b/chromium/net/data/verify_certificate_chain_unittest/target-lacks-eku.pem new file mode 100644 index 00000000000..46c3751f23a --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/target-lacks-eku.pem @@ -0,0 +1,285 @@ +[Created by: generate-target-lacks-eku.py] + +Certificate chain with 1 intermediate and a trusted root. The target has no +Extended Key Usage extension (meaning it is unrestricted). Verification is +expected to succeed. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:9e:a5:77:70:28:bc:8f:18:ce:a2:39:65:81: + 18:d9:31:0a:ee:23:09:81:cd:82:36:98:a5:82:2e: + b1:fc:59:a8:46:49:06:16:60:eb:12:46:2c:85:a8: + c0:75:7b:2d:45:0f:09:ba:d6:a9:fd:88:0f:d6:97: + 78:1e:5d:51:cc:1a:94:1e:2e:b8:82:4e:e3:0c:aa: + 58:1b:c6:dd:fd:d2:a3:92:6c:0a:ae:5e:ca:56:87: + 9a:6c:bd:89:32:99:5b:da:33:dd:7a:ed:a7:c5:e1: + 02:de:25:5b:17:6a:f5:15:8a:31:71:c7:c0:24:7c: + 55:c4:8e:cf:4c:03:fd:7f:f4:e1:90:cc:1a:5e:b5: + f1:4b:2e:7a:2f:69:06:2a:86:76:33:88:ef:b2:e0: + 84:52:98:03:eb:98:7b:16:25:65:6a:a6:5a:fa:37: + b5:a1:70:74:5e:96:87:62:78:a4:d4:05:60:97:3a: + f9:4c:86:49:0d:54:db:79:8d:68:56:58:83:ee:8f: + 1a:da:d7:3a:06:78:6e:75:f0:a9:99:3a:22:a3:06: + ee:58:a2:2b:d1:ea:4a:a7:8a:c8:bd:43:f8:b1:70: + 4f:fb:51:b6:22:78:cf:5c:c6:dc:80:33:3d:f5:92: + 6d:91:c9:1b:7e:87:37:28:76:b4:ff:7f:6d:52:9b: + c7:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 49:EA:B2:99:05:EC:D6:35:F4:11:A5:DD:F1:99:31:AE:C0:D8:B8:08 + X509v3 Authority Key Identifier: + keyid:7C:05:F1:0D:0B:C4:F8:8E:33:4C:F1:AE:78:6A:2C:16:AD:79:D0:A6 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + Signature Algorithm: sha256WithRSAEncryption + 81:53:9e:26:eb:d2:fc:1c:8b:d7:28:cd:57:e4:54:ac:c6:f4: + ed:66:1e:a4:8d:52:6f:2d:bd:91:e1:10:b5:92:53:26:32:a2: + de:19:34:6b:b3:af:ab:87:71:ed:4a:5f:51:db:0d:51:b5:33: + b8:99:ca:c3:ac:2b:82:64:bb:44:5d:df:cb:69:04:f1:b4:08: + af:fa:89:c3:69:44:25:f5:fa:1e:29:77:a9:dd:db:27:18:20: + fa:7a:5a:33:55:e4:cc:83:05:d4:72:8c:1d:e7:34:42:4d:9c: + cc:7e:7c:54:35:8f:db:be:dd:36:84:01:7c:e1:e1:b0:79:ef: + b0:6c:9a:27:c8:f2:e5:dc:48:57:15:da:d4:31:d9:8c:f7:38: + 03:40:85:8f:23:06:87:2b:ee:45:8f:24:52:15:0c:89:d2:80: + 74:5c:9f:58:d9:68:b4:10:fe:56:78:19:4d:a6:8e:56:46:35: + 65:1f:29:2e:29:7b:9b:24:83:7a:e9:e9:7e:02:4c:4a:40:56: + 77:2c:ed:dd:d2:ae:0c:9d:9c:b2:5b:88:b5:8a:df:ac:55:b0: + ad:e1:cf:63:8d:65:c7:bd:2b:15:dd:34:35:29:cb:9e:2d:00: + 92:55:eb:d9:71:6d:29:82:8e:be:3f:93:cf:b5:de:43:4f:c0: + 7d:94:96:29 +-----BEGIN CERTIFICATE----- +MIIDbjCCAlagAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAnqV3 +cCi8jxjOojllgRjZMQruIwmBzYI2mKWCLrH8WahGSQYWYOsSRiyFqMB1ey1FDwm6 +1qn9iA/Wl3geXVHMGpQeLriCTuMMqlgbxt390qOSbAquXspWh5psvYkymVvaM916 +7afF4QLeJVsXavUVijFxx8AkfFXEjs9MA/1/9OGQzBpetfFLLnovaQYqhnYziO+y +4IRSmAPrmHsWJWVqplr6N7WhcHRelodieKTUBWCXOvlMhkkNVNt5jWhWWIPujxra +1zoGeG518KmZOiKjBu5YoivR6kqnisi9Q/ixcE/7UbYieM9cxtyAMz31km2RyRt+ +hzcodrT/f21Sm8flAgMBAAGjgcowgccwHQYDVR0OBBYEFEnqspkF7NY19BGl3fGZ +Ma7A2LgIMB8GA1UdIwQYMBaAFHwF8Q0LxPiOM0zxrnhqLBatedCmMD8GCCsGAQUF +BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk +aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu +dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IB +AQCBU54m69L8HIvXKM1X5FSsxvTtZh6kjVJvLb2R4RC1klMmMqLeGTRrs6+rh3Ht +Sl9R2w1RtTO4mcrDrCuCZLtEXd/LaQTxtAiv+onDaUQl9foeKXep3dsnGCD6eloz +VeTMgwXUcowd5zRCTZzMfnxUNY/bvt02hAF84eGwee+wbJonyPLl3EhXFdrUMdmM +9zgDQIWPIwaHK+5FjyRSFQyJ0oB0XJ9Y2Wi0EP5WeBlNpo5WRjVlHykuKXubJIN6 +6el+AkxKQFZ3LO3d0q4MnZyyW4i1it+sVbCt4c9jjWXHvSsV3TQ1KcueLQCSVevZ +cW0pgo6+P5PPtd5DT8B9lJYp +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:96:3d:06:43:c1:e6:7e:de:e8:e7:d0:e0:3e:d5: + a8:1f:08:fe:98:ef:b9:a3:3d:0f:14:a5:3e:85:27: + 6a:a2:aa:8c:3b:f6:21:43:12:2d:c8:9c:b3:cf:a8: + ee:4f:8c:b7:3f:7f:49:49:a3:dc:17:3b:4b:28:2a: + 93:ae:e1:df:7e:22:b2:1d:9c:5f:43:59:a5:4e:55: + dd:db:55:46:55:83:6d:48:76:ef:3f:77:24:58:d3: + 7b:78:28:05:7c:66:7c:79:90:99:61:b6:cc:2d:b6: + ef:36:ca:11:3b:b5:65:c8:73:91:b0:10:12:17:a3: + e1:1c:ea:c7:dc:9c:b3:66:3d:ec:bb:a3:3e:99:e0: + 04:98:4d:9c:b5:62:ad:16:71:22:00:68:ef:e6:42: + f6:05:28:4d:88:16:05:51:82:f6:d8:83:91:0c:13: + 4c:3c:6e:d6:22:2a:52:da:37:56:a9:24:18:ba:8f: + 2e:65:d9:3a:4b:e0:a3:69:94:3b:16:5e:4a:cc:a8: + 6e:32:6d:f8:74:15:32:c8:9f:af:06:11:81:db:9a: + 65:cf:01:05:2f:65:4b:71:4e:92:1c:06:51:7f:29: + 57:e9:24:9f:89:f9:80:63:25:97:90:42:56:f8:e1: + 26:61:b2:48:b3:20:9b:9a:9b:34:4e:2f:03:06:a7: + dc:11 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 7C:05:F1:0D:0B:C4:F8:8E:33:4C:F1:AE:78:6A:2C:16:AD:79:D0:A6 + X509v3 Authority Key Identifier: + keyid:F2:26:B1:CF:39:F4:1E:77:A5:A1:DA:65:4B:C4:D0:12:C9:53:25:AE + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 67:35:59:8e:50:f3:67:61:84:47:e2:66:a4:1a:96:63:91:79: + f6:80:f7:23:ea:2c:de:22:ca:1f:4a:4b:a9:c2:80:54:8d:d9: + e0:bf:c7:e6:38:cf:66:b5:8a:a9:7c:25:bf:39:f5:16:1f:de: + 4d:52:01:67:69:7a:e6:92:a0:98:20:e6:be:bc:f8:a5:8d:46: + 02:a8:6b:13:69:97:ee:ac:46:a4:36:cc:b2:9c:af:2a:0b:18: + 87:48:22:a9:d7:87:5d:5f:50:35:e0:ab:3d:1f:2f:88:56:58: + e0:7b:3c:38:21:72:23:dc:6c:e7:c9:83:59:e1:c9:a7:44:bf: + 40:3e:3b:00:a5:8a:44:d2:ee:66:37:f9:b4:a0:18:bf:39:9f: + 76:3e:4c:cd:95:02:c7:44:f6:21:f0:42:15:8a:0b:0d:0f:94: + 87:e2:d9:47:d4:33:0e:a3:fe:b4:a2:92:19:9d:8e:52:3c:aa: + d3:0f:6c:1b:2c:af:7f:c4:16:6f:13:b7:53:ee:dd:e4:1b:06: + f0:c9:8b:44:1e:cc:9c:85:d9:d7:b8:59:7a:31:71:46:dc:48: + 4d:bf:6b:37:fb:a0:89:f0:96:b3:96:07:f6:62:a5:90:75:32: + 0e:39:31:f0:9f:53:a7:01:0b:07:62:ba:6f:7b:93:4d:57:9a: + b5:2d:22:ff +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlj0GQ8Hm +ft7o59DgPtWoHwj+mO+5oz0PFKU+hSdqoqqMO/YhQxItyJyzz6juT4y3P39JSaPc +FztLKCqTruHffiKyHZxfQ1mlTlXd21VGVYNtSHbvP3ckWNN7eCgFfGZ8eZCZYbbM +LbbvNsoRO7VlyHORsBASF6PhHOrH3JyzZj3su6M+meAEmE2ctWKtFnEiAGjv5kL2 +BShNiBYFUYL22IORDBNMPG7WIipS2jdWqSQYuo8uZdk6S+CjaZQ7Fl5KzKhuMm34 +dBUyyJ+vBhGB25plzwEFL2VLcU6SHAZRfylX6SSfifmAYyWXkEJW+OEmYbJIsyCb +mps0Ti8DBqfcEQIDAQABo4HLMIHIMB0GA1UdDgQWBBR8BfENC8T4jjNM8a54aiwW +rXnQpjAfBgNVHSMEGDAWgBTyJrHPOfQed6Wh2mVLxNASyVMlrjA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +AGc1WY5Q82dhhEfiZqQalmORefaA9yPqLN4iyh9KS6nCgFSN2eC/x+Y4z2a1iql8 +Jb859RYf3k1SAWdpeuaSoJgg5r68+KWNRgKoaxNpl+6sRqQ2zLKcryoLGIdIIqnX +h11fUDXgqz0fL4hWWOB7PDghciPcbOfJg1nhyadEv0A+OwClikTS7mY3+bSgGL85 +n3Y+TM2VAsdE9iHwQhWKCw0PlIfi2UfUMw6j/rSikhmdjlI8qtMPbBssr3/EFm8T +t1Pu3eQbBvDJi0QezJyF2de4WXoxcUbcSE2/azf7oInwlrOWB/ZipZB1Mg45MfCf +U6cBCwdium97k01XmrUtIv8= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:cd:e5:09:a9:89:90:93:c8:33:6e:5b:db:e8:8e: + 12:b1:4a:dd:a2:3a:60:ad:e7:26:98:bc:5f:63:12: + 8d:39:97:38:53:96:ef:65:d9:43:06:fb:e7:1f:8d: + ac:32:87:84:ae:50:cc:8f:48:fa:b2:e2:7e:58:32: + 2c:78:a0:c6:82:41:3c:4d:a1:01:43:0f:c4:a7:9d: + 5d:24:16:39:b4:13:7b:09:b1:dc:3f:e5:ac:3b:d7: + 53:b6:59:52:80:87:b2:12:65:6c:9c:fe:24:92:88: + ca:5a:ec:e4:04:81:a4:88:b2:3f:39:e1:4d:6b:91: + db:17:76:c3:0e:67:a4:5d:c8:e4:76:16:44:f7:76: + ae:db:63:7f:37:70:d0:e5:fc:df:08:0f:2e:f9:08: + 72:f6:65:4f:af:15:97:a3:4c:03:f9:8f:5f:69:f8: + 97:d8:dd:fe:e7:2c:1d:a3:d8:53:46:df:5c:c5:8e: + d8:38:41:ce:d7:ea:7f:f1:3b:0c:dd:13:dd:e7:2f: + 44:24:aa:25:e3:eb:a1:8e:43:b1:5b:e3:b8:ad:aa: + 1e:49:f0:77:40:64:ef:90:ad:72:a4:a0:d3:95:69: + 96:4b:6d:08:34:97:cc:5e:5c:a5:08:c9:fa:66:60: + ec:f9:aa:86:d8:bc:21:b7:78:bf:f2:28:01:41:3d: + a4:9d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F2:26:B1:CF:39:F4:1E:77:A5:A1:DA:65:4B:C4:D0:12:C9:53:25:AE + X509v3 Authority Key Identifier: + keyid:F2:26:B1:CF:39:F4:1E:77:A5:A1:DA:65:4B:C4:D0:12:C9:53:25:AE + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 7d:7d:1b:68:17:cb:34:c5:15:3a:84:51:3b:d5:d2:66:a5:08: + 0d:66:b0:a3:14:7a:28:4f:88:44:1e:a0:0a:db:77:c9:f0:72: + c2:63:2c:2c:75:1a:64:dc:ca:f8:93:38:8f:86:17:40:d1:1f: + 99:97:91:6b:1d:e2:c6:60:21:bb:5c:46:d3:be:e2:22:4d:f8: + 87:24:78:c0:94:70:98:dc:c2:8d:c0:1b:4c:65:c4:6b:89:c2: + bc:da:8f:39:91:b3:74:78:75:ca:cf:21:82:5e:6b:ae:97:30: + 26:47:fb:33:32:19:ec:88:4f:24:28:cb:d0:22:de:21:cd:f4: + cd:11:53:ce:ca:0f:55:a0:a5:74:a6:59:7e:e0:9d:b6:79:26: + a1:3a:48:2b:de:56:af:b8:62:be:24:10:be:c3:fa:f3:c5:9f: + 7f:1e:a7:fe:99:5d:aa:30:0f:f6:61:29:1d:a1:8f:9e:97:4f: + f7:92:a2:ab:a3:1d:76:5a:f1:c7:de:b7:b9:da:61:69:69:4e: + f4:5a:69:b2:0f:5e:6b:4a:4a:52:68:08:bf:ef:61:9b:06:3e: + 93:82:cd:af:30:f1:d9:c6:d7:cf:a6:0b:b4:76:a1:72:48:de: + f9:6c:8a:28:58:56:10:ed:d9:67:cf:a0:77:9c:e6:2d:ba:36: + 31:ef:5c:a8 +-----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- +MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM3lCamJkJPIM25b2+iO +ErFK3aI6YK3nJpi8X2MSjTmXOFOW72XZQwb75x+NrDKHhK5QzI9I+rLiflgyLHig +xoJBPE2hAUMPxKedXSQWObQTewmx3D/lrDvXU7ZZUoCHshJlbJz+JJKIylrs5ASB +pIiyPznhTWuR2xd2ww5npF3I5HYWRPd2rttjfzdw0OX83wgPLvkIcvZlT68Vl6NM +A/mPX2n4l9jd/ucsHaPYU0bfXMWO2DhBztfqf/E7DN0T3ecvRCSqJeProY5DsVvj +uK2qHknwd0Bk75CtcqSg05VplkttCDSXzF5cpQjJ+mZg7Pmqhti8Ibd4v/IoAUE9 +pJ0CAwEAAaOByzCByDAdBgNVHQ4EFgQU8iaxzzn0HnelodplS8TQEslTJa4wHwYD +VR0jBBgwFoAU8iaxzzn0HnelodplS8TQEslTJa4wNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB9fRtoF8s0 +xRU6hFE71dJmpQgNZrCjFHooT4hEHqAK23fJ8HLCYywsdRpk3Mr4kziPhhdA0R+Z +l5FrHeLGYCG7XEbTvuIiTfiHJHjAlHCY3MKNwBtMZcRricK82o85kbN0eHXKzyGC +XmuulzAmR/szMhnsiE8kKMvQIt4hzfTNEVPOyg9VoKV0pll+4J22eSahOkgr3lav +uGK+JBC+w/rzxZ9/Hqf+mV2qMA/2YSkdoY+el0/3kqKrox12WvHH3re52mFpaU70 +WmmyD15rSkpSaAi/72GbBj6Tgs2vMPHZxtfPpgu0dqFySN75bIooWFYQ7dlnz6B3 +nOYtujYx71yo +-----END TRUST_ANCHOR_UNCONSTRAINED----- + +150302120000Z +-----BEGIN TIME----- +MTUwMzAyMTIwMDAwWg== +-----END TIME----- + +SUCCESS +-----BEGIN VERIFY_RESULT----- +U1VDQ0VTUw== +-----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/target-not-end-entity.pem b/chromium/net/data/verify_certificate_chain_unittest/target-not-end-entity.pem index 4cb7258fc21..e742e6eab80 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/target-not-end-entity.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/target-not-end-entity.pem @@ -18,30 +18,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:f5:cd:3c:3f:41:74:34:24:e9:1d:74:42:a1:a8: - 16:8e:38:0b:ef:74:5b:38:0c:fb:18:b5:f6:08:f3: - 7e:d6:03:ac:02:7c:38:07:dc:c2:3e:78:bd:a7:2d: - 44:3d:6b:b4:74:42:71:c4:0c:93:c7:9a:ba:83:e9: - 6a:12:39:ab:fd:63:f5:e9:d7:97:33:93:7c:1b:77: - 78:c6:7a:7b:32:31:c3:68:aa:b0:b9:78:7b:c2:5a: - 85:0b:04:b4:c1:2b:fd:ce:71:02:6a:b1:0c:f6:1a: - 65:99:58:29:6e:95:21:69:7c:2a:c0:ff:18:90:28: - 92:ad:40:f5:83:67:63:04:14:21:aa:d2:29:35:22: - 03:f8:28:27:8a:69:82:de:aa:f4:1e:5e:93:19:27: - 74:4a:6b:d5:82:d3:2e:66:cb:23:e9:34:d1:70:0f: - 84:cb:1d:87:55:9e:1c:f2:b9:5a:e8:d0:43:dc:89: - a3:5c:28:61:fc:89:97:ab:ff:4a:2c:bc:c0:58:f2: - 68:f8:d7:9f:3e:e8:b1:8c:70:5a:d0:f7:1a:d3:dd: - d1:24:ba:fe:15:f8:bd:ea:16:8d:ee:9e:7e:99:30: - 22:6c:24:21:67:d1:fa:50:61:ce:65:48:5f:0e:79: - 02:0d:e9:b1:69:d3:4c:e7:2d:5d:57:8b:d5:e8:42: - d4:e7 + 00:a5:45:4e:2d:c7:c9:c2:ab:e9:b7:ff:2f:3a:09: + f2:64:ea:bc:ea:9c:34:fa:39:c1:2d:c2:38:c3:51: + ec:7b:06:6e:21:c6:7b:a0:04:ec:e3:dd:5a:72:0a: + 0f:bc:73:37:7f:01:7e:02:3d:d5:cb:7a:2d:cc:b3: + c7:d9:cb:44:0e:d6:a3:1d:dc:69:08:80:50:ce:2b: + 9b:a3:8d:3f:4e:79:55:ea:cc:94:81:7a:9d:fc:54: + f5:15:9e:17:99:e2:30:9b:67:55:4c:79:cc:85:13: + ca:38:af:ec:df:a5:50:bc:b8:ff:0a:4e:12:be:5e: + de:64:d3:ac:7d:f5:cc:3f:9a:b5:94:32:75:65:8e: + 47:b0:81:d7:c8:27:5f:7c:44:31:53:6d:93:36:6f: + 54:99:dc:82:24:7c:ab:14:eb:67:2f:3b:10:a4:cb: + 56:34:05:f4:b1:fc:12:42:dd:3c:dc:16:0f:d1:8f: + f0:87:fa:07:b4:fa:3d:7a:47:c0:dc:95:09:77:9c: + 28:b3:a3:ae:9e:72:d3:bc:3b:a5:57:f7:31:3b:4f: + 76:30:a2:43:56:74:f9:3b:7b:f7:ec:43:64:3e:56: + aa:93:53:d4:4a:5a:84:8b:fb:68:43:17:a4:20:13: + 07:e0:aa:7f:b1:c3:36:15:8b:b3:ec:e2:e6:d6:4a: + 5f:83 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - B4:44:21:DE:96:81:AA:7F:9A:5B:79:CB:57:AA:3D:13:A5:4B:6A:93 + 93:E1:6A:2B:C0:A8:CA:CA:A9:B3:28:0E:8B:11:FF:0B:B0:24:73:F6 X509v3 Authority Key Identifier: - keyid:01:CB:1D:FC:13:00:C9:67:B2:D6:76:F2:0A:4F:9D:6A:D4:E2:9D:3D + keyid:9A:2E:6F:0B:96:F4:DF:5E:32:32:96:E5:03:2A:FA:DD:98:12:55:EE Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -56,41 +56,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 0e:8f:41:87:a8:42:bd:13:c8:62:be:1d:f6:ad:a4:cd:00:5d: - 21:61:73:5f:75:27:67:16:98:11:ca:0f:cd:9d:bf:96:2a:75: - 62:35:68:e0:af:f7:6f:c4:75:69:f2:a7:89:27:96:64:4f:0e: - 7e:f0:82:89:65:1e:a2:08:cd:8b:f1:e5:a0:32:c5:93:2a:62: - 4c:3c:d2:9f:95:55:5d:87:a8:fe:ef:fa:92:aa:08:76:38:67: - 0a:d3:f9:0a:b9:93:69:e6:d3:78:ab:9f:eb:ef:35:a7:24:ae: - 10:d7:3d:17:bd:86:07:c0:64:0f:d6:fc:55:c1:54:70:6c:22: - 4f:ae:c1:64:ca:fc:dc:97:eb:8b:d2:22:52:d8:52:2c:4d:d4: - 5c:df:10:52:ab:ab:b2:89:10:e8:ed:00:19:8a:65:e8:4e:8c: - e2:5d:5b:cd:35:4c:55:24:30:be:57:f7:f0:51:ef:52:9d:34: - 60:0d:1e:f5:ba:8a:33:83:ac:db:dc:d9:2b:0b:f3:46:1c:98: - 3a:5e:5c:c7:36:7e:62:62:a4:13:68:2e:35:32:a1:bd:9d:e9: - 67:bb:58:85:3b:ea:94:1f:c7:91:35:b0:2c:ce:25:2b:9c:9f: - 60:7a:09:fa:32:1c:9d:4e:ca:ef:20:9d:ca:e1:ad:20:cd:63: - 20:ce:48:fd + 0a:2f:83:cb:88:bb:1b:0e:2f:37:60:34:ea:2b:8a:5b:cf:ae: + d7:f6:ab:f5:59:62:f9:f9:33:44:f8:e4:f7:1c:1a:91:52:d2: + c9:4d:f7:d5:8d:f8:d9:c3:24:5b:da:39:bb:6a:29:87:63:8d: + 25:f2:a6:3a:49:ef:6c:8c:4a:f3:9a:fc:12:69:77:fe:f0:f0: + 9d:6f:c3:c8:9e:c4:20:57:ae:4e:51:b8:d0:15:b2:a1:ee:24: + 78:3a:38:c0:ae:c3:25:f9:ab:60:f2:44:39:c9:0d:a1:25:10: + 42:cd:2e:f8:35:35:20:ab:46:85:0f:47:76:bc:fb:94:7f:55: + 54:64:08:8c:86:97:da:da:e7:46:ab:42:c4:e8:8b:72:b6:5d: + be:c4:fd:b1:fc:c6:4c:f3:d7:24:48:8f:03:45:fa:f6:95:49: + 20:c0:d2:42:a7:c1:59:a2:04:41:57:36:a8:56:b5:04:6a:2b: + 01:e4:bb:ce:a2:d9:ae:c3:b0:11:bd:0e:ef:2f:3e:ec:21:ae: + b1:e3:91:4d:45:c0:05:eb:03:af:24:0e:d2:1f:4e:04:32:37: + 7d:1c:1b:d8:fc:ff:f6:75:ac:76:31:e9:71:07:a5:38:54:52: + 86:f0:27:9e:82:4b:77:f0:8d:5a:24:92:46:37:6e:d4:fa:fe: + f5:45:5a:fd -----BEGIN CERTIFICATE----- MIIDfzCCAmegAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1zTw/ -QXQ0JOkddEKhqBaOOAvvdFs4DPsYtfYI837WA6wCfDgH3MI+eL2nLUQ9a7R0QnHE -DJPHmrqD6WoSOav9Y/Xp15czk3wbd3jGensyMcNoqrC5eHvCWoULBLTBK/3OcQJq -sQz2GmWZWClulSFpfCrA/xiQKJKtQPWDZ2MEFCGq0ik1IgP4KCeKaYLeqvQeXpMZ -J3RKa9WC0y5myyPpNNFwD4TLHYdVnhzyuVro0EPciaNcKGH8iZer/0osvMBY8mj4 -158+6LGMcFrQ9xrT3dEkuv4V+L3qFo3unn6ZMCJsJCFn0fpQYc5lSF8OeQIN6bFp -00znLV1Xi9XoQtTnAgMBAAGjgdswgdgwHQYDVR0OBBYEFLREId6Wgap/mlt5y1eq -PROlS2qTMB8GA1UdIwQYMBaAFAHLHfwTAMlnstZ28gpPnWrU4p09MD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClRU4t +x8nCq+m3/y86CfJk6rzqnDT6OcEtwjjDUex7Bm4hxnugBOzj3VpyCg+8czd/AX4C +PdXLei3Ms8fZy0QO1qMd3GkIgFDOK5ujjT9OeVXqzJSBep38VPUVnheZ4jCbZ1VM +ecyFE8o4r+zfpVC8uP8KThK+Xt5k06x99cw/mrWUMnVljkewgdfIJ198RDFTbZM2 +b1SZ3IIkfKsU62cvOxCky1Y0BfSx/BJC3TzcFg/Rj/CH+ge0+j16R8DclQl3nCiz +o66ectO8O6VX9zE7T3YwokNWdPk7e/fsQ2Q+VqqTU9RKWoSL+2hDF6QgEwfgqn+x +wzYVi7Ps4ubWSl+DAgMBAAGjgdswgdgwHQYDVR0OBBYEFJPhaivAqMrKqbMoDosR +/wuwJHP2MB8GA1UdIwQYMBaAFJoubwuW9N9eMjKW5QMq+t2YElXuMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w -DQYJKoZIhvcNAQELBQADggEBAA6PQYeoQr0TyGK+HfatpM0AXSFhc191J2cWmBHK -D82dv5YqdWI1aOCv92/EdWnyp4knlmRPDn7wgollHqIIzYvx5aAyxZMqYkw80p+V -VV2HqP7v+pKqCHY4ZwrT+Qq5k2nm03irn+vvNackrhDXPRe9hgfAZA/W/FXBVHBs -Ik+uwWTK/NyX64vSIlLYUixN1FzfEFKrq7KJEOjtABmKZehOjOJdW801TFUkML5X -9/BR71KdNGANHvW6ijODrNvc2SsL80YcmDpeXMc2fmJipBNoLjUyob2d6We7WIU7 -6pQfx5E1sCzOJSucn2B6CfoyHJ1Oyu8gncrhrSDNYyDOSP0= +DQYJKoZIhvcNAQELBQADggEBAAovg8uIuxsOLzdgNOorilvPrtf2q/VZYvn5M0T4 +5PccGpFS0slN99WN+NnDJFvaObtqKYdjjSXypjpJ72yMSvOa/BJpd/7w8J1vw8ie +xCBXrk5RuNAVsqHuJHg6OMCuwyX5q2DyRDnJDaElEELNLvg1NSCrRoUPR3a8+5R/ +VVRkCIyGl9ra50arQsToi3K2Xb7E/bH8xkzz1yRIjwNF+vaVSSDA0kKnwVmiBEFX +NqhWtQRqKwHku86i2a7DsBG9Du8vPuwhrrHjkU1FwAXrA68kDtIfTgQyN30cG9j8 +//Z1rHYx6XEHpThUUobwJ56CS3fwjVokkkY3btT6/vVFWv0= -----END CERTIFICATE----- Certificate: @@ -107,30 +107,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:d0:8e:2e:ba:a1:8d:d9:60:16:cd:17:31:c9:08: - 43:93:94:76:48:55:a2:78:19:17:70:8e:95:25:ac: - f9:b9:81:33:66:8c:2c:79:b7:d9:f5:89:92:1b:d2: - 4e:01:e9:69:e6:61:b4:d7:96:78:6d:a0:23:cf:67: - 11:cd:fb:fe:3d:d6:b8:ad:64:3f:f6:b9:f5:17:05: - 89:1c:fb:3d:94:c3:18:43:e4:1e:15:0f:8d:26:25: - de:db:f0:c0:d6:67:cc:90:f8:33:1c:d1:81:4b:63: - 3e:c9:76:61:65:80:b4:13:97:9d:2e:99:ca:a2:6b: - cc:10:a6:3b:2f:20:90:ee:a5:6c:cf:f6:a0:7a:7b: - ce:59:c6:19:42:3f:9f:69:ab:f3:c1:2f:26:8d:fe: - ac:b8:ec:33:d2:d6:bb:4e:3f:80:c0:d9:12:33:35: - 05:2d:30:ce:6b:1c:12:ea:89:6f:8a:93:15:0e:0c: - c0:10:7a:99:1e:3f:fb:85:88:09:82:16:f0:62:ed: - fb:26:63:93:71:72:9b:15:11:19:c3:36:5b:10:c1: - b1:12:51:2e:6a:af:c1:d1:9d:fd:8b:7f:13:19:5d: - ce:00:49:3d:33:32:d1:6b:c5:14:4e:10:92:4d:1f: - 28:07:01:29:8f:fe:5d:ff:98:b8:2f:99:fc:68:21: - 1d:1f + 00:b2:94:35:8b:85:75:a2:74:1e:b4:bd:5c:9b:e2: + 7a:87:32:a1:df:63:d4:5c:10:c8:3c:c2:7e:aa:53: + 09:d8:fa:ce:14:bd:80:a7:b3:cb:4b:84:af:fc:c8: + de:97:38:d8:17:cd:1d:6a:65:39:b5:27:36:bc:64: + 9a:4f:2d:91:5f:34:2b:f2:83:fa:2b:ea:1c:6e:5f: + 60:09:c3:70:94:0f:bd:0c:eb:e2:a0:ba:43:5a:3a: + dd:3e:02:99:52:4a:28:e2:e4:dc:18:95:3a:bd:44: + 6f:c1:a2:3e:6f:43:57:60:a4:70:17:ae:42:d1:9c: + 7c:08:7f:f0:77:93:78:59:b2:c4:39:db:28:cd:19: + 42:78:c5:00:a2:3a:6f:ef:57:a7:22:d5:87:6a:26: + c4:d1:9f:18:70:05:43:9c:72:a1:03:79:47:ba:f5: + 64:f9:0f:63:c1:fe:70:3f:f0:5c:92:44:e6:71:88: + 0e:ec:13:0c:45:33:93:b8:3c:c2:fe:07:7d:0e:b2: + bb:2f:19:69:d0:d1:9c:77:77:48:54:ca:5d:0f:8e: + 6d:8d:27:37:61:45:12:de:22:6c:da:2f:23:9f:d1: + 0f:38:03:75:b4:53:ba:81:17:4a:83:93:19:4b:56: + 4e:31:63:12:6f:89:5c:5c:7b:1b:49:fc:6a:a0:8a: + 54:8d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 01:CB:1D:FC:13:00:C9:67:B2:D6:76:F2:0A:4F:9D:6A:D4:E2:9D:3D + 9A:2E:6F:0B:96:F4:DF:5E:32:32:96:E5:03:2A:FA:DD:98:12:55:EE X509v3 Authority Key Identifier: - keyid:2D:38:72:D3:21:CA:2A:39:AD:2D:B4:9A:10:5C:CB:58:56:82:C4:AA + keyid:19:FB:52:2E:B1:D7:76:19:DB:8B:05:83:BE:62:CA:0B:48:6E:75:0E Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -145,41 +145,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 11:b8:7a:ac:f4:c5:c5:cc:bc:46:f9:9e:03:6d:69:f7:3c:15: - 71:be:be:15:0d:a4:b9:23:cd:e0:15:a4:51:36:86:2a:65:7e: - 7e:29:bc:58:d1:9d:11:2d:0e:22:61:65:ca:a4:9e:61:3f:16: - 23:ca:ff:91:62:34:55:56:1c:b8:83:b7:62:cb:9a:07:46:53: - 35:53:8a:04:7e:fa:12:72:af:af:04:1d:18:a4:c1:ba:5b:c7: - db:01:97:58:01:d1:73:e9:85:fb:16:27:0f:d2:eb:ce:35:7e: - e1:a1:91:52:d7:91:03:59:ab:c0:ed:a6:bc:7b:70:bc:af:73: - 20:10:a6:a8:f4:45:28:0e:8b:a8:f7:e8:03:64:c6:f1:3d:12: - dc:f2:30:75:85:a9:68:44:ad:fb:ab:36:ed:8f:84:25:79:d3: - d6:f1:c8:10:1a:ac:c4:fc:65:6b:0c:77:ef:d3:61:de:91:74: - df:da:f3:f2:f1:07:93:5f:e0:c9:6a:6d:58:29:e1:ef:98:93: - 3a:13:82:09:ec:90:82:5a:d7:ef:1d:d4:50:b8:e6:ff:ef:8f: - 8f:9e:38:72:e5:f3:58:f9:04:90:b3:a9:a3:fd:dc:82:ab:44: - be:bc:47:f7:79:15:31:91:1c:c1:3c:5c:86:d1:78:bc:1e:0c: - 9e:af:18:60 + 62:cb:d5:74:28:23:8d:84:32:c8:97:7b:16:cd:b6:fb:fd:f9: + 8c:f7:ff:e3:5f:c0:b0:a3:2b:cf:70:4f:97:30:73:b7:52:6b: + 1c:38:76:9c:f0:f3:c9:d4:95:6a:77:93:e1:6f:c4:63:1b:d0: + 9b:52:4c:d5:e7:66:4c:78:41:6a:a5:c9:7a:11:fc:8b:17:1a: + 67:35:78:5c:97:1b:df:e5:c0:57:87:98:04:ea:e7:f4:89:1d: + 38:e3:a2:6f:0d:9d:2f:c6:de:ed:ac:2f:c1:a6:5c:17:1b:44: + 2f:38:30:fa:e8:fb:1b:e3:1e:63:73:68:8a:b8:75:f8:e4:b4: + 28:57:6c:20:1b:ec:2d:bf:bd:2e:24:7e:da:9c:6f:8a:f8:3c: + 80:4f:c8:63:5a:09:ba:c3:33:73:9d:27:cf:e1:10:9f:71:20: + ae:63:bc:b5:6a:b6:90:ca:63:84:b4:ab:b8:e8:89:15:c0:b2: + 17:e9:82:3f:51:46:5c:ff:2b:7c:08:03:6e:78:24:a1:5d:cd: + 8d:11:5c:4f:a3:5f:d3:a5:d0:04:71:e3:75:83:7a:d1:57:8e: + bd:8d:c1:0d:1a:23:4c:22:6c:fb:63:dc:58:d2:6a:bc:d8:ef: + 4f:ff:97:80:a8:da:8e:30:4d:9f:39:67:d0:77:81:1d:3a:76: + c4:28:91:14 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0I4uuqGN -2WAWzRcxyQhDk5R2SFWieBkXcI6VJaz5uYEzZowsebfZ9YmSG9JOAelp5mG015Z4 -baAjz2cRzfv+Pda4rWQ/9rn1FwWJHPs9lMMYQ+QeFQ+NJiXe2/DA1mfMkPgzHNGB -S2M+yXZhZYC0E5edLpnKomvMEKY7LyCQ7qVsz/agenvOWcYZQj+faavzwS8mjf6s -uOwz0ta7Tj+AwNkSMzUFLTDOaxwS6olvipMVDgzAEHqZHj/7hYgJghbwYu37JmOT -cXKbFREZwzZbEMGxElEuaq/B0Z39i38TGV3OAEk9MzLRa8UUThCSTR8oBwEpj/5d -/5i4L5n8aCEdHwIDAQABo4HLMIHIMB0GA1UdDgQWBBQByx38EwDJZ7LWdvIKT51q -1OKdPTAfBgNVHSMEGDAWgBQtOHLTIcoqOa0ttJoQXMtYVoLEqjA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspQ1i4V1 +onQetL1cm+J6hzKh32PUXBDIPMJ+qlMJ2PrOFL2Ap7PLS4Sv/MjelzjYF80damU5 +tSc2vGSaTy2RXzQr8oP6K+ocbl9gCcNwlA+9DOvioLpDWjrdPgKZUkoo4uTcGJU6 +vURvwaI+b0NXYKRwF65C0Zx8CH/wd5N4WbLEOdsozRlCeMUAojpv71enItWHaibE +0Z8YcAVDnHKhA3lHuvVk+Q9jwf5wP/BckkTmcYgO7BMMRTOTuDzC/gd9DrK7Lxlp +0NGcd3dIVMpdD45tjSc3YUUS3iJs2i8jn9EPOAN1tFO6gRdKg5MZS1ZOMWMSb4lc +XHsbSfxqoIpUjQIDAQABo4HLMIHIMB0GA1UdDgQWBBSaLm8LlvTfXjIyluUDKvrd +mBJV7jAfBgNVHSMEGDAWgBQZ+1Iusdd2GduLBYO+YsoLSG51DjA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -ABG4eqz0xcXMvEb5ngNtafc8FXG+vhUNpLkjzeAVpFE2hiplfn4pvFjRnREtDiJh -ZcqknmE/FiPK/5FiNFVWHLiDt2LLmgdGUzVTigR++hJyr68EHRikwbpbx9sBl1gB -0XPphfsWJw/S6841fuGhkVLXkQNZq8Dtprx7cLyvcyAQpqj0RSgOi6j36ANkxvE9 -EtzyMHWFqWhErfurNu2PhCV509bxyBAarMT8ZWsMd+/TYd6RdN/a8/LxB5Nf4Mlq -bVgp4e+YkzoTggnskIJa1+8d1FC45v/vj4+eOHLl81j5BJCzqaP93IKrRL68R/d5 -FTGRHME8XIbReLweDJ6vGGA= +AGLL1XQoI42EMsiXexbNtvv9+Yz3/+NfwLCjK89wT5cwc7dSaxw4dpzw88nUlWp3 +k+FvxGMb0JtSTNXnZkx4QWqlyXoR/IsXGmc1eFyXG9/lwFeHmATq5/SJHTjjom8N +nS/G3u2sL8GmXBcbRC84MPro+xvjHmNzaIq4dfjktChXbCAb7C2/vS4kftqcb4r4 +PIBPyGNaCbrDM3OdJ8/hEJ9xIK5jvLVqtpDKY4S0q7joiRXAshfpgj9RRlz/K3wI +A254JKFdzY0RXE+jX9Ol0ARx43WDetFXjr2NwQ0aI0wibPtj3FjSarzY70//l4Co +2o4wTZ85Z9B3gR06dsQokRQ= -----END CERTIFICATE----- Certificate: @@ -196,30 +196,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c4:68:12:a9:88:50:04:f4:70:9b:0a:1e:d1:83: - 30:a0:36:08:fe:20:f5:bc:b4:a5:32:74:dd:4c:ab: - cc:73:a4:ce:25:ab:04:38:71:2d:5c:06:de:3b:c3: - 2f:b8:d9:91:f3:28:9a:70:f4:7f:be:d5:0e:4e:00: - db:ce:d7:c6:9f:b2:aa:0b:5e:3a:b5:e3:ad:80:78: - 53:f1:38:61:05:7f:00:19:e4:ec:77:b5:1d:b6:c9: - 35:10:ca:18:c2:71:ae:c8:34:77:dc:46:26:a1:60: - a4:f0:dc:49:5a:fe:af:91:98:41:1c:90:50:7d:be: - 94:61:0e:58:b6:21:48:83:2e:5f:c1:a6:0c:a6:72: - 95:4a:a5:c5:a1:d9:bd:14:dd:7c:f4:1a:db:b1:1c: - 09:0c:2b:60:e7:28:c0:fc:e1:36:0a:f4:68:dc:ee: - 89:d8:0f:47:9c:e4:7b:ca:fe:65:57:2c:3b:3b:e5: - b4:89:c5:04:52:55:02:dc:09:44:fd:6a:19:fc:e4: - 52:6f:78:96:41:79:3f:b8:85:5a:fe:7f:8f:5d:fc: - ee:ba:35:1d:eb:64:2d:e0:7b:f2:8c:17:d3:33:21: - 9c:2d:e6:85:d2:e3:2c:0f:5b:57:2c:c5:c6:de:93: - 24:a2:6e:1b:72:49:f5:c8:05:e2:0e:ae:68:7a:f6: - b5:09 + 00:cd:cf:00:37:2d:30:07:b1:79:ce:1c:2f:e5:de: + 14:66:f0:c4:c9:65:94:d5:d8:86:9b:f8:3e:fa:8f: + 2a:f6:45:59:3f:2b:e2:ca:27:da:e1:63:8b:cd:3d: + 9d:f7:9c:fd:a8:c0:34:87:d3:7a:ff:50:a2:43:8c: + 96:db:d7:a9:43:bd:e9:f9:ac:f2:6c:85:e7:46:33: + 4b:4b:32:2f:62:fb:86:5e:f7:70:74:24:b7:a7:9b: + f5:1c:ba:d2:06:93:d4:2c:7e:94:de:64:d4:df:a5: + d7:07:f0:57:32:76:e8:d8:dc:10:37:54:24:73:34: + 1d:7f:fe:8a:5f:21:40:b4:cd:aa:ab:a6:ea:9b:f3: + 6e:eb:45:0f:52:f2:0b:aa:5f:0c:bd:69:b4:bc:c5: + ba:eb:36:29:07:62:9c:f1:26:59:89:04:b7:87:c6: + 5b:9e:e9:93:af:81:f2:29:21:8a:fc:99:93:2d:d9: + 8a:0e:5a:43:b1:d8:31:42:e3:70:ab:5d:ed:7c:bc: + 08:71:27:e9:8f:f2:ac:09:12:be:28:91:31:c7:89: + a4:e3:0a:07:e5:c0:f4:6c:fa:53:4f:1f:71:3a:42: + c7:b3:25:56:fc:69:ce:98:99:d6:fa:b4:e2:3d:c7: + 4c:b8:f2:a9:c7:39:3e:dd:60:e6:06:dd:68:f9:ec: + 55:3b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 2D:38:72:D3:21:CA:2A:39:AD:2D:B4:9A:10:5C:CB:58:56:82:C4:AA + 19:FB:52:2E:B1:D7:76:19:DB:8B:05:83:BE:62:CA:0B:48:6E:75:0E X509v3 Authority Key Identifier: - keyid:2D:38:72:D3:21:CA:2A:39:AD:2D:B4:9A:10:5C:CB:58:56:82:C4:AA + keyid:19:FB:52:2E:B1:D7:76:19:DB:8B:05:83:BE:62:CA:0B:48:6E:75:0E Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -234,41 +234,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 09:ee:80:43:2f:77:6c:2b:2f:51:79:35:59:ad:f0:a5:51:45: - 22:6a:0a:20:c7:eb:d1:98:c2:43:06:5a:5c:92:cb:44:24:7b: - 97:8e:18:b8:23:3c:8b:31:6d:54:0e:73:11:90:9e:8b:2c:a4: - 78:53:e6:8e:55:93:64:cc:14:04:54:a1:b6:ec:28:59:67:3a: - 64:0f:9d:51:ec:ba:35:06:af:5f:96:b5:3c:fe:62:0e:13:5a: - ee:29:af:55:d9:22:71:b3:c8:61:1a:36:4c:c8:f9:39:80:c2: - 06:c2:54:93:fb:2f:1b:f7:01:66:42:2a:e2:08:7b:ee:3e:0d: - e0:c6:07:fd:f1:cf:5e:d1:77:b2:46:21:c6:c5:9f:db:15:75: - 7e:ea:ec:5d:da:02:2a:42:35:7a:b5:a2:2e:86:08:8b:29:ea: - e9:f3:b5:cd:9d:46:96:86:c7:82:ed:64:ab:74:29:53:1c:3e: - f5:69:51:5b:11:1c:0d:c4:f0:01:31:a6:32:d2:68:af:1d:52: - c1:c4:d9:a2:9e:da:a2:bd:19:71:fa:26:f5:28:43:6a:fd:5c: - 97:d2:bb:e0:cd:56:0e:b8:0e:f9:4d:d5:dd:a0:4e:ae:46:68: - 00:93:d6:fd:ec:85:78:f4:c9:93:96:34:65:cc:f0:72:e7:0e: - 00:3d:d0:6b + b3:d7:90:88:52:9f:73:87:34:23:30:0b:b9:e0:4d:2b:79:5a: + 64:08:83:fd:ab:e7:f8:9a:18:23:10:37:13:fd:9d:1c:00:03: + 29:6f:0d:98:03:4b:8b:9c:8e:49:01:0c:f4:c4:c2:b8:a1:f0: + 57:fa:80:94:e2:19:30:cd:4c:8e:b8:0c:f7:f3:7d:57:0c:96: + c2:45:60:a1:97:6a:f7:5b:d3:c1:7b:ac:53:ea:da:31:0c:22: + 7f:57:b6:f3:ec:f9:39:a4:ac:21:b4:95:7e:c2:e0:52:33:79: + b6:65:3d:9a:e1:ce:31:52:27:c2:88:ac:19:53:22:86:3b:cc: + a7:b4:32:97:b5:9b:fa:2e:cf:02:e3:a8:73:85:ab:13:cd:ca: + cd:3c:4c:64:97:b2:ff:7d:46:8a:31:b9:36:f6:bd:b0:4d:8c: + 16:8f:62:12:6c:bd:95:9a:86:43:87:86:fd:c1:b8:e3:ba:dc: + 4f:2d:7f:35:7e:62:08:d0:23:1c:b1:76:65:e0:42:62:9b:12: + 95:8c:f7:b2:0d:36:2e:1d:a7:cb:3e:6f:35:86:cf:e1:5f:99: + cf:38:14:c0:14:31:e9:59:51:20:94:8a:7d:cc:25:d3:69:8c: + ac:41:3c:1e:05:ed:30:f5:ee:ef:ca:68:fe:f0:42:ff:0c:c9: + 9f:fc:59:3b -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRoEqmIUAT0cJsKHtGD -MKA2CP4g9by0pTJ03UyrzHOkziWrBDhxLVwG3jvDL7jZkfMomnD0f77VDk4A287X -xp+yqgteOrXjrYB4U/E4YQV/ABnk7He1HbbJNRDKGMJxrsg0d9xGJqFgpPDcSVr+ -r5GYQRyQUH2+lGEOWLYhSIMuX8GmDKZylUqlxaHZvRTdfPQa27EcCQwrYOcowPzh -Ngr0aNzuidgPR5zke8r+ZVcsOzvltInFBFJVAtwJRP1qGfzkUm94lkF5P7iFWv5/ -j1387ro1HetkLeB78owX0zMhnC3mhdLjLA9bVyzFxt6TJKJuG3JJ9cgF4g6uaHr2 -tQkCAwEAAaOByzCByDAdBgNVHQ4EFgQULThy0yHKKjmtLbSaEFzLWFaCxKowHwYD -VR0jBBgwFoAULThy0yHKKjmtLbSaEFzLWFaCxKowNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM3PADctMAexec4cL+Xe +FGbwxMlllNXYhpv4PvqPKvZFWT8r4son2uFji809nfec/ajANIfTev9QokOMltvX +qUO96fms8myF50YzS0syL2L7hl73cHQkt6eb9Ry60gaT1Cx+lN5k1N+l1wfwVzJ2 +6NjcEDdUJHM0HX/+il8hQLTNqqum6pvzbutFD1LyC6pfDL1ptLzFuus2KQdinPEm +WYkEt4fGW57pk6+B8ikhivyZky3Zig5aQ7HYMULjcKtd7Xy8CHEn6Y/yrAkSviiR +MceJpOMKB+XA9Gz6U08fcTpCx7MlVvxpzpiZ1vq04j3HTLjyqcc5Pt1g5gbdaPns +VTsCAwEAAaOByzCByDAdBgNVHQ4EFgQUGftSLrHXdhnbiwWDvmLKC0hudQ4wHwYD +VR0jBBgwFoAUGftSLrHXdhnbiwWDvmLKC0hudQ4wNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAJ7oBDL3ds -Ky9ReTVZrfClUUUiagogx+vRmMJDBlpckstEJHuXjhi4IzyLMW1UDnMRkJ6LLKR4 -U+aOVZNkzBQEVKG27ChZZzpkD51R7Lo1Bq9flrU8/mIOE1ruKa9V2SJxs8hhGjZM -yPk5gMIGwlST+y8b9wFmQiriCHvuPg3gxgf98c9e0XeyRiHGxZ/bFXV+6uxd2gIq -QjV6taIuhgiLKerp87XNnUaWhseC7WSrdClTHD71aVFbERwNxPABMaYy0mivHVLB -xNmintqivRlx+ib1KENq/VyX0rvgzVYOuA75TdXdoE6uRmgAk9b97IV49MmTljRl -zPBy5w4APdBr +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCz15CIUp9z +hzQjMAu54E0reVpkCIP9q+f4mhgjEDcT/Z0cAAMpbw2YA0uLnI5JAQz0xMK4ofBX ++oCU4hkwzUyOuAz3831XDJbCRWChl2r3W9PBe6xT6toxDCJ/V7bz7Pk5pKwhtJV+ +wuBSM3m2ZT2a4c4xUifCiKwZUyKGO8yntDKXtZv6Ls8C46hzhasTzcrNPExkl7L/ +fUaKMbk29r2wTYwWj2ISbL2VmoZDh4b9wbjjutxPLX81fmII0CMcsXZl4EJimxKV +jPeyDTYuHafLPm81hs/hX5nPOBTAFDHpWVEglIp9zCXTaYysQTweBe0w9e7vymj+ +8EL/DMmf/Fk7 -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -280,3 +280,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/target-restricts-eku-fail.pem b/chromium/net/data/verify_certificate_chain_unittest/target-restricts-eku-fail.pem new file mode 100644 index 00000000000..8771bab90c1 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/target-restricts-eku-fail.pem @@ -0,0 +1,295 @@ +[Created by: generate-target-restricts-eku-fail.py] + +Certificate chain with 1 intermediate and a trusted root. The target +certificate has only clientAuth EKU, so is expected to fail when verifying for +serverAuth. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e2:eb:a5:10:98:bb:69:c3:14:d9:d6:c6:57:1a: + e0:9a:9e:30:b5:d8:b7:e3:fd:4a:ef:08:01:b0:b8: + 94:0a:0a:c6:24:5e:3f:50:d1:e7:21:f7:ce:0c:5f: + af:a1:ab:6e:35:d4:56:cf:bd:45:fb:6e:35:5d:0f: + 34:7e:36:61:ab:f2:dd:4b:d5:23:80:5d:55:77:fc: + fb:0e:2c:8d:86:13:e1:eb:88:9f:69:f0:45:19:2f: + 94:9e:fa:2c:e0:fc:a3:23:8c:8d:cf:f0:7e:65:9f: + 2b:fc:34:04:75:b8:56:a9:19:35:f7:d2:3f:2b:f0: + cf:1a:76:dd:da:08:31:9b:4c:b1:83:31:32:2f:ab: + 1c:61:51:25:b9:d7:11:3b:fa:7f:8b:1b:c9:76:56: + 76:d5:07:f6:95:99:db:3e:e0:e5:5b:04:60:93:d3: + 4a:0b:4e:06:66:48:a2:93:de:7e:3c:2f:06:38:b2: + 18:6f:b1:d8:1f:a1:10:16:06:d0:a1:67:cf:e2:7d: + e0:17:c1:b2:95:6c:34:b2:74:33:ec:eb:71:5e:ac: + 25:b2:80:1f:c6:a5:ea:ae:e2:62:72:18:33:53:0e: + 44:57:93:e0:cd:3a:23:f3:0b:e9:9a:be:ac:0c:57: + 7b:51:76:24:24:28:38:8e:0d:c8:84:ac:31:49:87: + 79:0d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 49:89:8E:36:AD:53:F8:AC:67:4F:B7:A4:DC:48:2F:19:41:7D:33:DE + X509v3 Authority Key Identifier: + keyid:22:82:C0:6D:04:2C:68:BF:9A:C0:A0:64:5C:CA:16:43:09:45:40:B3 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 1e:8b:4a:94:5f:97:89:86:d3:39:07:51:b0:85:ae:a4:ef:68: + d4:02:a1:cc:97:55:10:05:bd:73:de:50:a5:3e:35:0d:3e:f1: + a0:2c:2c:9d:36:9e:93:c9:04:ef:aa:c2:3e:71:87:b9:2a:fb: + 45:5d:73:89:37:35:33:9a:1d:26:6a:c1:43:f4:c2:6e:96:48: + 83:26:6b:29:1c:d0:17:b9:68:93:7e:30:86:ad:82:07:27:85: + 74:d0:7a:5d:2c:de:69:f3:6d:9b:07:34:2c:b0:00:fd:28:1a: + 79:f0:15:00:c7:d0:72:4e:9d:20:b5:c3:a5:6f:a7:51:16:70: + 63:1a:14:53:38:72:24:ae:a2:7f:bc:84:9a:66:85:7d:8e:17: + d0:b0:62:9d:77:66:30:61:5c:43:f1:2a:05:4e:c6:d4:51:a1: + 23:71:e5:e1:22:02:44:0b:36:ec:d7:8c:20:13:97:38:ec:96: + 2e:f1:15:7e:22:96:41:25:8c:6f:35:f1:08:33:5b:f4:66:67: + ee:03:1f:d7:76:d1:16:d3:50:6f:8a:56:cd:e6:7c:ca:43:b2: + 39:f5:ac:42:c8:e5:b7:94:9a:1d:32:81:6d:39:eb:00:5a:5a: + 2c:4d:85:73:ef:62:2f:a8:88:9a:df:26:83:fc:d1:2e:a6:fc: + 70:93:33:4e +-----BEGIN CERTIFICATE----- +MIIDgzCCAmugAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi66UQ +mLtpwxTZ1sZXGuCanjC12Lfj/UrvCAGwuJQKCsYkXj9Q0ech984MX6+hq2411FbP +vUX7bjVdDzR+NmGr8t1L1SOAXVV3/PsOLI2GE+HriJ9p8EUZL5Se+izg/KMjjI3P +8H5lnyv8NAR1uFapGTX30j8r8M8adt3aCDGbTLGDMTIvqxxhUSW51xE7+n+LG8l2 +VnbVB/aVmds+4OVbBGCT00oLTgZmSKKT3n48LwY4shhvsdgfoRAWBtChZ8/ifeAX +wbKVbDSydDPs63FerCWygB/Gpequ4mJyGDNTDkRXk+DNOiPzC+mavqwMV3tRdiQk +KDiODciErDFJh3kNAgMBAAGjgd8wgdwwHQYDVR0OBBYEFEmJjjatU/isZ0+3pNxI +LxlBfTPeMB8GA1UdIwQYMBaAFCKCwG0ELGi/msCgZFzKFkMJRUCzMD8GCCsGAQUF +BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk +aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu +dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUF +BwMCMA0GCSqGSIb3DQEBCwUAA4IBAQAei0qUX5eJhtM5B1Gwha6k72jUAqHMl1UQ +Bb1z3lClPjUNPvGgLCydNp6TyQTvqsI+cYe5KvtFXXOJNzUzmh0masFD9MJulkiD +JmspHNAXuWiTfjCGrYIHJ4V00HpdLN5p822bBzQssAD9KBp58BUAx9ByTp0gtcOl +b6dRFnBjGhRTOHIkrqJ/vISaZoV9jhfQsGKdd2YwYVxD8SoFTsbUUaEjceXhIgJE +Czbs14wgE5c47JYu8RV+IpZBJYxvNfEIM1v0ZmfuAx/XdtEW01BvilbN5nzKQ7I5 +9axCyOW3lJodMoFtOesAWlosTYVz72IvqIia3yaD/NEupvxwkzNO +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:9a:8b:44:57:fb:d0:44:24:d6:20:38:aa:1b:20: + cc:67:40:26:c1:98:2a:6e:95:cf:db:2c:3b:a6:c9: + e6:58:06:01:c5:d7:2d:3a:0d:f5:45:92:6c:d7:16: + 78:5b:3a:1d:16:f7:3c:c9:9b:1a:95:17:f7:cd:30: + 75:44:c4:bd:42:ed:b2:6b:e6:9b:a8:4e:2e:cf:36: + 2e:3e:c3:c0:21:df:ed:b2:05:ca:65:59:12:c9:2a: + 3d:bf:3a:df:5e:17:f6:eb:a8:78:e6:81:c7:d6:5e: + ac:9b:e9:aa:c5:af:6f:d2:04:08:4a:9e:9b:02:68: + 40:b3:ca:8d:5e:cf:48:4d:fd:44:fe:8d:15:19:ab: + fd:fb:7e:32:34:c9:90:15:b2:8e:6b:4a:9c:63:68: + 85:bb:91:bb:1b:cb:8b:c1:6f:06:32:67:4d:0d:f3: + 9a:ab:6c:80:f3:79:f1:ac:bb:48:2a:e2:ef:af:8a: + 3e:86:8a:72:3e:df:ad:7a:ad:90:50:e4:65:69:37: + 26:4a:16:ce:b6:11:9c:36:49:da:85:da:af:5f:91: + d6:a7:94:3a:af:96:6f:6f:4e:01:a3:51:06:e7:7a: + ab:41:a3:17:21:b6:9d:a6:aa:75:ff:06:7b:fa:e8: + 77:5a:58:af:1d:47:b5:c8:8b:bf:c2:a1:6a:4c:01: + 82:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 22:82:C0:6D:04:2C:68:BF:9A:C0:A0:64:5C:CA:16:43:09:45:40:B3 + X509v3 Authority Key Identifier: + keyid:DE:2B:DF:9E:08:76:11:61:90:16:9D:68:25:D2:F9:40:1B:36:70:3D + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 67:75:dd:21:1d:a3:c1:e9:98:a8:b8:28:e6:c4:d4:94:23:32: + 67:d8:44:ee:37:ce:a4:1f:6b:48:f5:8e:0f:51:a1:0c:83:d0: + cb:ee:7f:24:b7:bc:e6:a9:e1:75:ad:ae:ec:e0:26:3e:79:85: + f9:ae:2a:45:3a:dc:69:a2:06:6a:36:89:9e:fe:df:19:74:3f: + cb:70:7a:d1:7e:53:77:f3:fb:c4:b9:08:dc:4f:13:e3:3f:23: + b9:8b:0d:d7:b5:fd:4c:3b:30:ee:f6:b3:d0:fc:51:a2:f0:62: + 76:ae:ba:ec:9b:a5:c9:14:e3:40:9c:f8:4f:38:ef:8d:3b:be: + eb:09:d8:34:fb:42:1b:07:8f:2a:b2:93:ff:f3:9f:e4:84:0b: + c5:54:2b:b4:a8:66:47:20:2a:97:25:fc:ca:64:12:61:7c:2a: + d2:a7:9f:e6:0c:50:0f:3e:bd:fb:a5:4a:ed:94:96:7c:48:f9: + 6f:34:d4:2f:e3:21:e8:f8:93:f0:01:ae:1c:1d:73:2a:99:fc: + f6:ab:0c:55:ae:9d:63:94:b8:1d:0a:0c:a7:47:4f:aa:d3:a7: + 69:17:4d:6c:1c:a3:c5:bd:f8:78:24:35:1d:63:8d:ca:15:d4: + 01:71:85:0e:7c:02:c9:5f:26:b8:55:c3:1b:63:fb:da:88:41: + 4c:22:6d:37 +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmotEV/vQ +RCTWIDiqGyDMZ0AmwZgqbpXP2yw7psnmWAYBxdctOg31RZJs1xZ4WzodFvc8yZsa +lRf3zTB1RMS9Qu2ya+abqE4uzzYuPsPAId/tsgXKZVkSySo9vzrfXhf266h45oHH +1l6sm+mqxa9v0gQISp6bAmhAs8qNXs9ITf1E/o0VGav9+34yNMmQFbKOa0qcY2iF +u5G7G8uLwW8GMmdNDfOaq2yA83nxrLtIKuLvr4o+hopyPt+teq2QUORlaTcmShbO +thGcNknahdqvX5HWp5Q6r5Zvb04Bo1EG53qrQaMXIbadpqp1/wZ7+uh3WlivHUe1 +yIu/wqFqTAGC1wIDAQABo4HLMIHIMB0GA1UdDgQWBBQigsBtBCxov5rAoGRcyhZD +CUVAszAfBgNVHSMEGDAWgBTeK9+eCHYRYZAWnWgl0vlAGzZwPTA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +AGd13SEdo8HpmKi4KObE1JQjMmfYRO43zqQfa0j1jg9RoQyD0MvufyS3vOap4XWt +ruzgJj55hfmuKkU63GmiBmo2iZ7+3xl0P8twetF+U3fz+8S5CNxPE+M/I7mLDde1 +/Uw7MO72s9D8UaLwYnauuuybpckU40Cc+E847407vusJ2DT7QhsHjyqyk//zn+SE +C8VUK7SoZkcgKpcl/MpkEmF8KtKnn+YMUA8+vfulSu2UlnxI+W801C/jIej4k/AB +rhwdcyqZ/ParDFWunWOUuB0KDKdHT6rTp2kXTWwco8W9+HgkNR1jjcoV1AFxhQ58 +AslfJrhVwxtj+9qIQUwibTc= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a9:86:82:11:83:72:a2:7a:5a:86:42:58:ae:80: + ca:dc:fd:62:f0:1a:ad:b4:1e:65:34:18:32:1b:10: + 3a:61:60:57:5a:41:76:35:c8:34:9c:e7:ac:dd:a8: + 20:60:ec:0c:bb:ca:fc:de:bb:55:b2:10:49:9e:50: + ef:67:d0:4c:2b:66:26:25:ac:48:fa:86:2e:86:30: + 66:3b:8b:d3:cd:09:d4:4c:19:e5:7e:01:f9:8d:29: + b3:58:09:a4:4f:c1:6f:a5:19:0d:f3:7d:22:7c:74: + 91:ab:b2:39:b4:6a:7a:a2:cb:99:05:d9:f2:f4:4a: + 39:47:25:54:2e:b7:3e:df:27:8e:b1:96:04:30:c2: + aa:70:46:d6:96:23:47:5f:34:40:ed:42:11:ac:51: + a3:d1:a0:c5:17:19:33:5c:e4:53:26:8b:a6:21:b2: + 87:e3:43:3f:8e:5a:04:04:62:5a:41:8d:bf:c7:c4: + 62:ed:bb:7a:00:9b:60:de:00:2a:5d:b2:40:af:00: + a2:9d:28:5a:b1:d9:5a:4d:82:e9:9c:b2:6d:54:16: + 95:26:cf:2e:5a:69:86:9e:40:20:d9:42:6e:3f:c7: + a1:1d:40:c0:19:ea:15:77:93:ce:02:b2:cb:c9:15: + 8a:9c:49:2b:65:07:97:bd:db:00:0d:b2:1e:bd:b3: + 0e:55 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + DE:2B:DF:9E:08:76:11:61:90:16:9D:68:25:D2:F9:40:1B:36:70:3D + X509v3 Authority Key Identifier: + keyid:DE:2B:DF:9E:08:76:11:61:90:16:9D:68:25:D2:F9:40:1B:36:70:3D + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 8d:82:b5:9e:ac:db:05:8b:4b:54:e9:e8:3c:67:2d:7d:e9:9b: + cf:ad:3e:78:a7:db:c2:68:cf:a7:df:15:88:f3:eb:60:5f:09: + e1:9d:e9:c7:44:19:2a:86:53:57:b6:1a:b4:dc:7f:32:eb:29: + 28:3b:74:fe:33:ee:fa:85:c1:0b:43:c3:3f:7a:c2:19:05:9a: + 27:73:43:3c:03:9f:10:dc:d1:3e:6d:b2:8c:95:d5:5b:cc:62: + 96:51:f8:1c:6a:4c:6c:9d:8a:47:8e:12:08:de:30:0d:b1:4f: + b3:f6:95:9a:fc:16:e3:5a:b2:7f:93:09:3f:e1:59:f6:60:e2: + 56:22:7c:24:cd:67:9f:bc:a5:c7:10:50:03:92:54:04:d7:f8: + 3b:a2:ae:ca:23:21:f2:90:9f:c6:66:0f:62:49:2d:aa:be:8d: + 3a:e3:e7:3c:0a:16:48:dc:11:e0:74:9d:11:d8:ce:98:95:7c: + 99:a5:7b:a5:3a:3b:3e:e9:29:dd:4a:09:88:a0:ef:6c:a1:bf: + 8e:46:07:01:ed:93:fd:64:c9:15:b0:8c:e5:ce:23:9b:22:b4: + 93:48:b4:19:04:a6:18:8b:03:11:dd:d0:3a:ff:32:62:da:c4: + f0:37:1a:7a:9c:ba:67:6d:bd:a0:b1:13:ea:54:58:78:8c:b8: + f7:91:a7:7a +-----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- +MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKmGghGDcqJ6WoZCWK6A +ytz9YvAarbQeZTQYMhsQOmFgV1pBdjXINJznrN2oIGDsDLvK/N67VbIQSZ5Q72fQ +TCtmJiWsSPqGLoYwZjuL080J1EwZ5X4B+Y0ps1gJpE/Bb6UZDfN9Inx0kauyObRq +eqLLmQXZ8vRKOUclVC63Pt8njrGWBDDCqnBG1pYjR180QO1CEaxRo9GgxRcZM1zk +UyaLpiGyh+NDP45aBARiWkGNv8fEYu27egCbYN4AKl2yQK8Aop0oWrHZWk2C6Zyy +bVQWlSbPLlpphp5AINlCbj/HoR1AwBnqFXeTzgKyy8kVipxJK2UHl73bAA2yHr2z +DlUCAwEAAaOByzCByDAdBgNVHQ4EFgQU3ivfngh2EWGQFp1oJdL5QBs2cD0wHwYD +VR0jBBgwFoAU3ivfngh2EWGQFp1oJdL5QBs2cD0wNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCNgrWerNsF +i0tU6eg8Zy196ZvPrT54p9vCaM+n3xWI8+tgXwnhnenHRBkqhlNXthq03H8y6yko +O3T+M+76hcELQ8M/esIZBZonc0M8A58Q3NE+bbKMldVbzGKWUfgcakxsnYpHjhII +3jANsU+z9pWa/BbjWrJ/kwk/4Vn2YOJWInwkzWefvKXHEFADklQE1/g7oq7KIyHy +kJ/GZg9iSS2qvo064+c8ChZI3BHgdJ0R2M6YlXyZpXulOjs+6SndSgmIoO9sob+O +RgcB7ZP9ZMkVsIzlziObIrSTSLQZBKYYiwMR3dA6/zJi2sTwNxp6nLpnbb2gsRPq +VFh4jLj3kad6 +-----END TRUST_ANCHOR_UNCONSTRAINED----- + +150302120000Z +-----BEGIN TIME----- +MTUwMzAyMTIwMDAwWg== +-----END TIME----- + +FAIL +-----BEGIN VERIFY_RESULT----- +RkFJTA== +-----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=0 (CN=Target) ----- +ERROR: The extended key usage does not include server auth + + +-----BEGIN ERRORS----- +LS0tLS0gQ2VydGlmaWNhdGUgaT0wIChDTj1UYXJnZXQpIC0tLS0tCkVSUk9SOiBUaGUgZXh0ZW5kZWQga2V5IHVzYWdlIGRvZXMgbm90IGluY2x1ZGUgc2VydmVyIGF1dGgKCg== +-----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/target-sets-eku-any.pem b/chromium/net/data/verify_certificate_chain_unittest/target-sets-eku-any.pem new file mode 100644 index 00000000000..c779a188a4d --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/target-sets-eku-any.pem @@ -0,0 +1,287 @@ +[Created by: generate-target-sets-eku-any.py] + +Certificate chain with 1 intermediate and a trusted root. The target +restricts EKU to clientAuth+any and requests serverAuth during verification. +This should succeed. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:82:13:64:0e:35:33:0c:ac:44:be:6d:92:f5: + e4:97:d8:9a:bd:64:f1:b5:67:62:01:7b:0c:98:57: + 4a:63:64:b0:9d:6a:7b:84:a2:91:fe:73:0b:4c:81: + ce:89:f9:8d:8d:8a:41:18:c8:d8:64:27:36:32:e6: + 36:26:44:16:13:2e:a1:ad:38:06:0b:1b:39:62:6a: + 94:ac:a0:59:be:52:cb:47:d7:4b:00:09:91:8e:14: + 69:a9:62:df:49:d8:b6:79:73:de:60:d4:b8:76:89: + a4:53:8a:1d:4b:80:88:31:e8:05:46:81:1b:7b:5d: + 52:d0:6b:3b:53:0d:25:3c:95:9b:2d:99:83:3c:03: + 8c:b5:73:fb:43:6c:82:b3:48:57:38:3c:ff:b7:79: + d8:13:74:06:d0:17:78:a9:38:09:76:ca:f9:b7:5a: + a5:8a:6e:85:7f:27:34:79:82:ef:a2:01:93:ae:fa: + 0b:18:47:d4:14:ff:67:78:2b:53:92:f6:ac:27:42: + c7:7f:8e:fd:06:4a:36:b9:7a:98:5e:0d:94:ef:1a: + fa:08:ad:8d:64:28:c7:c1:03:76:63:b9:33:5a:9f: + 16:be:d3:e0:5c:e9:43:7b:9b:83:b3:90:31:e7:59: + 2b:1c:d2:8c:73:15:a2:3a:94:35:03:80:97:f8:5d: + a3:13 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 5A:16:9C:06:85:B6:F4:77:AD:72:58:A2:4F:A1:FE:29:CF:97:8A:2B + X509v3 Authority Key Identifier: + keyid:24:B9:91:41:39:F1:30:5E:F8:C5:3B:C0:51:CC:11:58:A6:13:73:B3 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication, Any Extended Key Usage + Signature Algorithm: sha256WithRSAEncryption + e9:be:ed:82:c2:ea:51:5e:9d:c9:4f:2c:e3:ca:6e:0b:be:18: + 5c:c3:1e:3f:6c:1a:de:9d:cc:8c:45:b5:87:2e:b2:38:9a:84: + a6:e1:ef:93:ac:f1:b6:d0:ba:d6:87:59:5d:e8:a7:1b:3e:14: + 3a:9d:0b:50:c3:29:51:65:62:66:9e:a2:68:e8:be:f0:1a:e2: + 57:0e:dc:7e:28:94:d9:c3:a9:0e:9c:d6:b0:76:d8:ec:b9:fe: + e6:35:b5:8a:27:3f:1d:6a:4e:66:d5:ac:d8:05:b2:4d:47:16: + ff:09:88:7e:23:70:dc:6b:b2:14:38:97:d8:4c:5d:ee:41:aa: + ac:b3:6b:5f:d7:2f:39:93:19:5f:e6:b7:15:c9:2b:5b:2c:c0: + b6:81:84:49:0b:5f:df:e9:e1:01:4f:82:ad:35:0b:00:d3:ff: + 47:55:67:20:aa:3e:f9:b0:84:09:8d:e0:7b:16:b0:11:a5:16: + a7:27:81:85:ec:2d:47:73:48:e4:92:9d:b0:81:27:32:28:89: + de:cb:c2:fb:bd:60:09:2e:9a:99:ef:9b:cb:9c:2b:fc:b5:a2: + cc:01:73:bd:42:28:00:d4:d8:b2:8d:94:6b:5e:bf:1e:8e:93: + 13:89:65:6b:2f:af:92:37:a3:b4:98:14:f4:b1:ff:44:aa:c1: + 79:83:48:f7 +-----BEGIN CERTIFICATE----- +MIIDiTCCAnGgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDghNk +DjUzDKxEvm2S9eSX2Jq9ZPG1Z2IBewyYV0pjZLCdanuEopH+cwtMgc6J+Y2NikEY +yNhkJzYy5jYmRBYTLqGtOAYLGzliapSsoFm+UstH10sACZGOFGmpYt9J2LZ5c95g +1Lh2iaRTih1LgIgx6AVGgRt7XVLQaztTDSU8lZstmYM8A4y1c/tDbIKzSFc4PP+3 +edgTdAbQF3ipOAl2yvm3WqWKboV/JzR5gu+iAZOu+gsYR9QU/2d4K1OS9qwnQsd/ +jv0GSja5epheDZTvGvoIrY1kKMfBA3ZjuTNanxa+0+Bc6UN7m4OzkDHnWSsc0oxz +FaI6lDUDgJf4XaMTAgMBAAGjgeUwgeIwHQYDVR0OBBYEFFoWnAaFtvR3rXJYok+h +/inPl4orMB8GA1UdIwQYMBaAFCS5kUE58TBe+MU7wFHMEVimE3OzMD8GCCsGAQUF +BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk +aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu +dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMBkGA1UdJQQSMBAGCCsGAQUF +BwMCBgRVHSUAMA0GCSqGSIb3DQEBCwUAA4IBAQDpvu2CwupRXp3JTyzjym4Lvhhc +wx4/bBrencyMRbWHLrI4moSm4e+TrPG20LrWh1ld6KcbPhQ6nQtQwylRZWJmnqJo +6L7wGuJXDtx+KJTZw6kOnNawdtjsuf7mNbWKJz8dak5m1azYBbJNRxb/CYh+I3Dc +a7IUOJfYTF3uQaqss2tf1y85kxlf5rcVyStbLMC2gYRJC1/f6eEBT4KtNQsA0/9H +VWcgqj75sIQJjeB7FrARpRanJ4GF7C1Hc0jkkp2wgScyKIney8L7vWAJLpqZ75vL +nCv8taLMAXO9QigA1NiyjZRrXr8ejpMTiWVrL6+SN6O0mBT0sf9EqsF5g0j3 +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ed:3b:bb:f2:8b:20:81:de:42:41:c6:24:63:1c: + 4b:e5:63:b0:93:07:fd:22:64:50:7d:ef:8f:ed:65: + aa:ba:f4:d9:ad:0c:68:dd:50:b0:ea:0a:5e:18:9e: + df:48:88:ec:1f:fa:6b:4a:3e:db:ea:24:6e:b1:a3: + bb:0b:12:de:1d:49:d3:32:78:24:f9:e8:4f:aa:85: + 90:21:a2:2c:8f:58:95:8c:70:80:8d:cd:99:68:03: + 67:0f:48:eb:96:17:63:93:2b:8f:72:77:23:5f:97: + 4f:86:bd:17:d2:70:5b:5c:18:f8:01:d6:11:d8:c0: + dc:32:b2:f4:bf:dd:da:65:fb:86:23:c0:a4:bd:ff: + c2:a4:b6:87:9e:10:98:d4:f4:09:cb:26:50:1d:56: + 83:72:09:c6:c1:b7:cc:52:9c:61:09:04:bb:aa:2a: + 63:66:a5:b1:02:60:85:bc:30:91:62:bb:6f:b0:24: + 33:e8:b5:9a:13:1f:3a:73:95:d5:fb:bc:a9:48:dd: + 14:a2:a4:62:e1:97:19:57:b1:1a:da:c1:79:93:fd: + 74:cb:e1:ff:0c:49:c2:78:57:8e:ef:dc:df:60:96: + 8e:e6:a2:97:60:b9:53:6b:17:8e:ae:f9:3d:be:31: + dd:46:18:bd:af:b6:a6:02:fa:48:2f:d8:c6:f0:1f: + bc:43 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 24:B9:91:41:39:F1:30:5E:F8:C5:3B:C0:51:CC:11:58:A6:13:73:B3 + X509v3 Authority Key Identifier: + keyid:CD:6F:4C:FE:AA:7A:3A:63:5D:12:79:6D:F4:4C:B0:2A:8A:7F:FB:6C + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 57:11:25:a6:73:a0:63:5a:15:05:bf:24:b7:98:df:e2:d0:01: + ab:4f:9e:80:3b:f7:6c:67:9b:e4:ec:19:5c:bd:bc:32:1e:40: + 5a:8f:9f:66:f2:1a:5a:29:94:38:67:00:56:53:0f:5d:86:58: + a8:d8:10:f3:3e:16:ca:87:0c:95:28:64:b2:2f:db:42:31:46: + 35:64:0a:01:f7:91:a2:ad:d5:4b:0d:78:3c:6f:72:dc:36:56: + d6:d5:fc:d8:c4:bd:38:15:26:ba:69:e1:75:78:e8:a0:fd:7a: + 9d:9d:63:3b:27:35:7c:31:b7:f5:4a:1e:01:78:ee:a7:5f:b3: + 51:3a:70:fa:2d:87:6f:d3:8f:43:df:91:c3:2a:6c:94:98:15: + 7f:06:0a:b7:66:aa:96:f9:66:04:04:f0:b8:1c:ca:2d:f3:c7: + f6:fd:f2:ab:0c:33:24:fc:6f:bd:7a:b0:51:f9:a1:01:97:a0: + 7e:9a:22:53:9c:ae:a9:38:ce:af:9d:23:42:78:eb:33:ab:46: + 60:5e:e7:df:84:84:dd:c4:a0:4b:c3:21:e2:60:6d:29:44:97: + a3:94:f8:26:53:ac:f0:08:0f:c2:c1:5c:9f:23:0b:53:17:33: + 52:1c:04:96:1a:7d:26:c2:45:48:57:01:ac:aa:b4:0f:e2:03: + 99:bf:63:03 +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Tu78osg +gd5CQcYkYxxL5WOwkwf9ImRQfe+P7WWquvTZrQxo3VCw6gpeGJ7fSIjsH/prSj7b +6iRusaO7CxLeHUnTMngk+ehPqoWQIaIsj1iVjHCAjc2ZaANnD0jrlhdjkyuPcncj +X5dPhr0X0nBbXBj4AdYR2MDcMrL0v93aZfuGI8Ckvf/CpLaHnhCY1PQJyyZQHVaD +cgnGwbfMUpxhCQS7qipjZqWxAmCFvDCRYrtvsCQz6LWaEx86c5XV+7ypSN0UoqRi +4ZcZV7Ea2sF5k/10y+H/DEnCeFeO79zfYJaO5qKXYLlTaxeOrvk9vjHdRhi9r7am +AvpIL9jG8B+8QwIDAQABo4HLMIHIMB0GA1UdDgQWBBQkuZFBOfEwXvjFO8BRzBFY +phNzszAfBgNVHSMEGDAWgBTNb0z+qno6Y10SeW30TLAqin/7bDA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +AFcRJaZzoGNaFQW/JLeY3+LQAatPnoA792xnm+TsGVy9vDIeQFqPn2byGloplDhn +AFZTD12GWKjYEPM+FsqHDJUoZLIv20IxRjVkCgH3kaKt1UsNeDxvctw2VtbV/NjE +vTgVJrpp4XV46KD9ep2dYzsnNXwxt/VKHgF47qdfs1E6cPoth2/Tj0PfkcMqbJSY +FX8GCrdmqpb5ZgQE8Lgcyi3zx/b98qsMMyT8b716sFH5oQGXoH6aIlOcrqk4zq+d +I0J46zOrRmBe59+EhN3EoEvDIeJgbSlEl6OU+CZTrPAID8LBXJ8jC1MXM1IcBJYa +fSbCRUhXAayqtA/iA5m/YwM= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e8:17:31:b6:0e:84:10:a4:9b:bf:9e:ae:9e:29: + b7:6f:81:ae:d7:df:45:89:d1:29:51:0e:1e:39:7a: + 96:6b:7f:c0:78:df:88:cf:db:b3:ab:8d:49:0f:fb: + 70:55:85:4f:93:9f:12:a1:a6:55:5c:a9:ae:8d:79: + 4d:a6:3a:32:03:9c:bf:ad:95:c4:8b:49:1f:02:b5: + 23:a0:9f:da:d3:45:c6:8c:fc:ec:97:46:57:dd:77: + 56:c6:a2:46:78:da:a2:59:bb:22:ea:de:63:94:50: + 19:91:1c:10:cd:67:e0:57:10:bd:e0:de:69:67:80: + 6d:31:a8:43:bc:49:2c:8a:d6:4a:23:0f:a6:78:f4: + 74:c7:4f:37:52:3a:af:9c:03:b2:b3:6c:26:ab:62: + 61:12:6d:22:15:66:da:ec:d6:b8:1f:9b:14:b9:04: + 9c:9b:5e:b5:cb:8b:62:95:67:6a:a1:57:44:02:77: + a2:81:3e:c7:20:52:a2:16:2e:ba:c2:29:a1:54:ed: + 33:67:f2:2a:26:a3:b6:da:08:8d:63:6c:ca:4f:c6: + 84:88:b9:60:08:cf:50:8e:5a:3e:75:d7:ec:d7:63: + c1:fe:18:3f:4e:fb:08:de:39:45:d2:81:34:8e:89: + 5a:48:ce:49:bf:ca:84:cb:26:ac:c2:f7:1f:6b:3f: + 0d:49 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CD:6F:4C:FE:AA:7A:3A:63:5D:12:79:6D:F4:4C:B0:2A:8A:7F:FB:6C + X509v3 Authority Key Identifier: + keyid:CD:6F:4C:FE:AA:7A:3A:63:5D:12:79:6D:F4:4C:B0:2A:8A:7F:FB:6C + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 19:6d:6b:ec:62:f0:48:f8:4a:1a:58:9b:71:ce:df:3d:3e:19: + 23:14:18:ab:d9:fa:12:7f:b8:ed:a7:00:2e:a8:75:6d:11:b1: + 99:65:29:44:fe:92:5b:78:4c:1d:e5:22:92:15:16:81:95:d9: + 0d:d4:0f:50:ea:62:80:5e:25:7b:6e:70:10:46:3c:f8:24:54: + d3:9e:f2:cc:30:68:63:f5:19:89:ef:00:2f:57:81:18:89:d4: + 72:53:76:b2:9a:1c:30:19:a7:37:f9:3f:c1:be:35:ea:95:eb: + 23:7e:66:c1:81:82:7d:64:88:64:bb:23:7a:ed:ee:14:ae:05: + c0:03:29:69:04:c3:4c:e8:ca:4d:78:87:e1:9f:98:8b:45:cf: + 70:98:cb:51:e2:d3:04:03:13:e9:a1:82:d2:b8:13:f0:56:20: + 6f:f5:59:1f:f9:96:7e:79:f7:c9:53:68:72:e5:94:bf:9f:84: + 4c:7c:e9:01:f4:e9:1f:14:4c:83:07:c2:63:65:10:75:30:e5: + b8:ee:1e:74:dd:29:78:66:9b:79:46:3b:27:45:c4:5d:a9:aa: + a2:ed:95:28:e1:59:b9:b7:e2:85:69:e7:c4:12:36:c4:60:00: + fb:a3:74:69:cf:a0:ee:46:76:bd:45:c4:24:69:5b:5b:55:2e: + 43:3e:b2:1c +-----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- +MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOgXMbYOhBCkm7+erp4p +t2+BrtffRYnRKVEOHjl6lmt/wHjfiM/bs6uNSQ/7cFWFT5OfEqGmVVypro15TaY6 +MgOcv62VxItJHwK1I6Cf2tNFxoz87JdGV913VsaiRnjaolm7IureY5RQGZEcEM1n +4FcQveDeaWeAbTGoQ7xJLIrWSiMPpnj0dMdPN1I6r5wDsrNsJqtiYRJtIhVm2uzW +uB+bFLkEnJtetcuLYpVnaqFXRAJ3ooE+xyBSohYuusIpoVTtM2fyKiajttoIjWNs +yk/GhIi5YAjPUI5aPnXX7Ndjwf4YP077CN45RdKBNI6JWkjOSb/KhMsmrML3H2s/ +DUkCAwEAAaOByzCByDAdBgNVHQ4EFgQUzW9M/qp6OmNdEnlt9EywKop/+2wwHwYD +VR0jBBgwFoAUzW9M/qp6OmNdEnlt9EywKop/+2wwNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAZbWvsYvBI ++EoaWJtxzt89PhkjFBir2foSf7jtpwAuqHVtEbGZZSlE/pJbeEwd5SKSFRaBldkN +1A9Q6mKAXiV7bnAQRjz4JFTTnvLMMGhj9RmJ7wAvV4EYidRyU3aymhwwGac3+T/B +vjXqlesjfmbBgYJ9ZIhkuyN67e4UrgXAAylpBMNM6MpNeIfhn5iLRc9wmMtR4tME +AxPpoYLSuBPwViBv9Vkf+ZZ+effJU2hy5ZS/n4RMfOkB9OkfFEyDB8JjZRB1MOW4 +7h503Sl4Zpt5RjsnRcRdqaqi7ZUo4Vm5t+KFaefEEjbEYAD7o3Rpz6DuRna9RcQk +aVtbVS5DPrIc +-----END TRUST_ANCHOR_UNCONSTRAINED----- + +150302120000Z +-----BEGIN TIME----- +MTUwMzAyMTIwMDAwWg== +-----END TIME----- + +SUCCESS +-----BEGIN VERIFY_RESULT----- +U1VDQ0VTUw== +-----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/target-signed-by-512bit-rsa.pem b/chromium/net/data/verify_certificate_chain_unittest/target-signed-by-512bit-rsa.pem index 916d5a22561..91b78ba29fc 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/target-signed-by-512bit-rsa.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/target-signed-by-512bit-rsa.pem @@ -18,30 +18,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b8:8a:4e:71:4c:e6:58:02:9d:bc:08:20:2d:8d: - 74:e3:04:2f:59:9e:43:73:e0:ca:83:1b:3a:e2:30: - 78:de:f8:07:a1:17:62:5d:4e:35:e8:03:40:2a:1e: - 2e:8e:91:a4:96:bf:a7:34:45:13:19:b2:d7:b0:72: - d0:10:e2:ad:ab:a8:f8:41:c5:ec:ee:1c:14:cb:cf: - 4f:cd:37:71:bd:2d:11:8d:95:e4:fa:2b:16:8c:bf: - 82:1c:22:85:25:4a:88:01:af:1e:fe:e7:53:d5:03: - d4:36:14:ae:81:d2:3d:73:6c:96:e0:e7:d2:a4:fb: - 17:1d:df:6a:93:68:b5:f8:a8:70:df:d0:b6:9d:fb: - e5:80:a3:a8:85:df:82:f3:05:23:9f:b6:62:89:b7: - 72:0c:99:49:5b:07:bd:c5:fb:4c:f4:32:83:a5:3c: - c6:8c:6b:c1:a1:c0:ab:73:68:fb:91:14:12:3a:c5: - 31:89:ac:a2:4b:b6:20:3b:03:1f:50:48:ff:7b:3b: - be:53:e5:46:e2:ad:18:7a:d3:3e:f9:bb:d0:0b:ac: - 0c:23:d8:9c:92:07:6c:ee:a6:64:0d:77:ef:aa:f4: - 64:5a:aa:ed:52:cb:20:9a:57:d5:ab:be:8c:07:71: - b3:a4:43:8b:d9:7e:6f:46:2c:70:9f:c0:e3:68:89: - e5:2b + 00:f2:42:db:44:b2:6b:f2:0a:41:04:53:7d:0b:34: + a4:fe:8d:d5:3a:ff:e5:a9:0c:5d:e4:2d:69:fe:e3: + dd:8a:47:2f:e8:9e:5a:54:ab:0b:95:84:16:af:fa: + 29:11:43:5c:c9:59:15:30:59:77:bb:62:dd:d6:e4: + 27:3a:bf:a9:82:cb:b8:f4:3c:5c:1d:74:87:8d:57: + af:0a:69:91:68:b4:aa:f6:14:8b:25:14:60:68:c9: + 8d:56:09:06:a6:ad:12:8a:cb:05:33:b0:1e:11:03: + 52:bf:af:7d:87:b0:97:22:fb:5a:f4:ea:5b:14:56: + cc:ad:03:2a:da:75:59:35:8b:88:3a:b7:66:3b:18: + a8:7c:c4:29:4f:66:ac:da:1f:ba:ec:ef:fc:55:01: + 1e:31:7a:af:ca:5c:5d:cf:73:49:2f:50:b9:0d:3b: + 4c:0c:d9:b0:d6:25:86:ea:3d:4d:ea:de:3b:9c:2a: + 79:b3:c6:13:9a:bb:22:53:62:7c:a9:05:a6:a3:c7: + f5:28:72:24:c0:d6:ec:6f:66:eb:5a:85:91:5e:cd: + a5:95:cc:9f:60:88:a1:bc:95:33:1f:f4:8f:99:68: + 56:64:39:4c:a4:df:f3:41:10:14:50:e5:ba:42:e5: + c6:ec:50:37:44:26:de:0d:28:71:b8:63:bb:38:7e: + 04:a9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 3D:5B:07:9A:2F:A5:14:87:32:C3:F8:54:71:62:3F:A1:E6:60:7F:D0 + 78:F8:8D:81:56:D4:CD:CF:11:9F:9E:DD:3D:6C:F2:07:FE:0F:37:7D X509v3 Authority Key Identifier: - keyid:7C:0E:01:A5:04:38:CE:0F:6A:AB:34:B2:CD:77:19:DB:84:C1:EC:44 + keyid:E9:D8:44:8D:24:EE:A1:82:18:6F:21:FA:4E:EC:FB:DF:D1:91:57:9D Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -56,26 +56,26 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 6a:f4:be:75:7e:66:b3:42:6e:fb:64:ed:d2:a1:d8:3d:08:04: - bf:93:17:0b:9b:79:df:ca:73:95:b4:5a:78:e3:96:d0:7f:5e: - 3c:2c:df:00:da:37:fc:61:22:9a:81:d1:bb:5d:13:6a:e4:21: - 18:bf:dc:49:36:4e:7a:aa:b8:6f + 96:6a:e6:ba:df:4c:9f:c4:01:e6:e3:5a:79:d9:56:ae:76:14: + 8a:33:3a:65:e2:28:2f:90:81:5c:1e:8b:ca:1c:0e:a5:f1:ca: + 8a:f3:fc:17:f4:2f:0d:3b:cf:ee:06:23:d8:81:6e:14:e4:72: + 1b:9c:05:50:37:ca:ce:da:ea:f8 -----BEGIN CERTIFICATE----- MIICyzCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4ik5x -TOZYAp28CCAtjXTjBC9ZnkNz4MqDGzriMHje+AehF2JdTjXoA0AqHi6OkaSWv6c0 -RRMZstewctAQ4q2rqPhBxezuHBTLz0/NN3G9LRGNleT6KxaMv4IcIoUlSogBrx7+ -51PVA9Q2FK6B0j1zbJbg59Kk+xcd32qTaLX4qHDf0Lad++WAo6iF34LzBSOftmKJ -t3IMmUlbB73F+0z0MoOlPMaMa8GhwKtzaPuRFBI6xTGJrKJLtiA7Ax9QSP97O75T -5UbirRh60z75u9ALrAwj2JySB2zupmQNd++q9GRaqu1SyyCaV9WrvowHcbOkQ4vZ -fm9GLHCfwONoieUrAgMBAAGjgekwgeYwHQYDVR0OBBYEFD1bB5ovpRSHMsP4VHFi -P6HmYH/QMB8GA1UdIwQYMBaAFHwOAaUEOM4Paqs0ss13GduEwexEMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyQttE +smvyCkEEU30LNKT+jdU6/+WpDF3kLWn+492KRy/onlpUqwuVhBav+ikRQ1zJWRUw +WXe7Yt3W5Cc6v6mCy7j0PFwddIeNV68KaZFotKr2FIslFGBoyY1WCQamrRKKywUz +sB4RA1K/r32HsJci+1r06lsUVsytAyradVk1i4g6t2Y7GKh8xClPZqzaH7rs7/xV +AR4xeq/KXF3Pc0kvULkNO0wM2bDWJYbqPU3q3jucKnmzxhOauyJTYnypBaajx/Uo +ciTA1uxvZutahZFezaWVzJ9giKG8lTMf9I+ZaFZkOUyk3/NBEBRQ5bpC5cbsUDdE +Jt4NKHG4Y7s4fgSpAgMBAAGjgekwgeYwHQYDVR0OBBYEFHj4jYFW1M3PEZ+e3T1s +8gf+Dzd9MB8GA1UdIwQYMBaAFOnYRI0k7qGCGG8h+k7s+9/RkVedMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAANBAGr0vnV+ZrNCbvtk7dKh2D0I -BL+TFwubed/Kc5W0WnjjltB/Xjws3wDaN/xhIpqB0btdE2rkIRi/3Ek2TnqquG8= +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAANBAJZq5rrfTJ/EAebjWnnZVq52 +FIozOmXiKC+QgVwei8ocDqXxyorz/Bf0Lw07z+4GI9iBbhTkchucBVA3ys7a6vg= -----END CERTIFICATE----- Certificate: @@ -92,17 +92,17 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (512 bit) Modulus: - 00:ba:89:53:56:03:c7:9f:d6:cc:d0:48:7d:3b:52: - 02:ee:7e:58:eb:d8:9c:8e:3c:d6:65:b2:8d:94:0d: - 87:48:e1:65:65:56:91:5b:1a:52:3a:84:96:46:2a: - 8b:1b:7d:0c:43:57:04:0d:38:55:21:5b:0b:45:06: - a6:1e:67:ca:5b + 00:d5:13:bb:52:bf:ca:19:1a:06:19:68:07:1d:e6: + 87:16:d3:f0:e0:12:ba:a2:b5:2a:3d:ed:b3:64:16: + 06:a3:50:fc:b0:a4:49:f2:f9:ab:34:ad:4f:db:0a: + 3d:2b:25:92:86:3f:94:df:fb:fc:54:f2:c7:6d:9e: + d2:10:e0:cd:0d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 7C:0E:01:A5:04:38:CE:0F:6A:AB:34:B2:CD:77:19:DB:84:C1:EC:44 + E9:D8:44:8D:24:EE:A1:82:18:6F:21:FA:4E:EC:FB:DF:D1:91:57:9D X509v3 Authority Key Identifier: - keyid:71:59:49:4D:A5:43:49:C5:0E:E4:78:E9:5C:B7:4E:80:A8:A3:BB:5E + keyid:BE:33:72:47:C2:B1:97:41:99:C0:31:57:52:56:0C:B5:53:78:5A:A4 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -117,37 +117,37 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 8e:cc:d3:f3:5a:fb:ca:83:4e:55:e3:ae:2a:b7:b7:ac:9e:87: - f0:62:58:23:29:3d:63:7e:8d:42:60:ea:dc:3e:ec:66:19:4b: - e6:d6:a7:b7:e1:ea:33:88:3c:ea:8b:87:b9:e7:64:0d:35:b3: - 0e:ab:81:71:0c:1c:0a:f3:0a:49:23:4e:d6:21:de:7f:e5:fd: - 6d:8b:7a:33:2f:a6:ab:4e:b8:02:cc:01:1e:18:9a:90:f3:56: - f8:8a:b5:2f:68:12:c6:83:b2:91:59:00:51:86:75:68:45:3b: - 27:c4:e0:0d:ed:e7:51:2d:47:60:26:19:02:fd:43:27:81:ad: - 33:cb:eb:98:9a:a1:2e:81:d3:81:52:4a:1d:19:e9:30:f9:fc: - 6b:e7:26:c8:c1:6c:65:e4:66:d4:cc:82:16:0a:a6:b9:68:3a: - eb:ee:cd:86:aa:a7:80:ed:4f:77:47:d2:c6:1b:eb:53:de:f3: - eb:24:60:41:ac:77:08:43:1b:76:ce:a6:4b:f1:4e:1d:32:2b: - 31:bd:59:52:f1:60:e7:f5:db:6d:bf:be:af:55:9b:11:63:f7: - 6e:19:2c:17:4b:db:fe:40:27:ae:02:f5:c2:17:62:21:7b:ac: - 38:d6:17:3e:5c:80:61:6d:95:63:e4:64:d3:07:23:9f:14:bb: - df:b2:eb:c2 + 71:33:95:7f:18:b3:82:8b:63:87:5b:f0:c3:e5:6b:06:f4:07: + 42:35:3d:af:0f:b9:e9:9e:91:07:04:c4:6d:00:de:11:81:0e: + 49:ce:7c:92:ad:c7:5d:c6:42:9f:b9:8f:c7:ab:02:46:f6:ef: + 8b:47:be:ad:f6:1f:ee:04:aa:b8:07:1a:43:66:6d:1f:39:2a: + f5:98:4f:4f:60:2d:ca:2f:f7:0e:d8:f3:16:7b:48:03:42:00: + dc:ff:7e:d7:cf:e3:5e:d5:29:33:46:16:a8:42:65:ae:42:bd: + e6:15:2a:07:bb:05:25:cd:b9:99:05:87:61:69:ef:b5:3d:7e: + 10:af:7e:7a:64:44:cb:73:65:b5:bc:e3:db:a6:7f:92:5d:31: + 87:f3:6c:4d:ac:6a:7f:1b:12:ba:ff:16:2a:80:16:3c:a5:cc: + d4:4d:a4:ed:28:0b:5d:cb:d5:7d:c0:a4:7e:c7:10:df:d1:25: + a9:8a:a3:f1:fc:e1:27:2e:f8:27:0c:09:36:78:2c:a3:6f:78: + 0c:b3:4b:7c:f3:5a:31:93:94:74:61:94:0e:c3:ba:3d:94:54: + f5:c1:1e:e9:c1:a9:07:a1:d2:78:e5:6b:e6:06:34:77:62:bb: + 80:5a:98:c0:bf:10:38:b9:6f:ed:11:36:01:b1:ad:72:42:30: + c1:da:ad:2b -----BEGIN CERTIFICATE----- MIICpTCCAY2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALqJU1YDx5/WzNBIfTtS -Au5+WOvYnI481mWyjZQNh0jhZWVWkVsaUjqElkYqixt9DENXBA04VSFbC0UGph5n -ylsCAwEAAaOByzCByDAdBgNVHQ4EFgQUfA4BpQQ4zg9qqzSyzXcZ24TB7EQwHwYD -VR0jBBgwFoAUcVlJTaVDScUO5HjpXLdOgKiju14wNwYIKwYBBQUHAQEEKzApMCcG +ZXJtZWRpYXRlMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANUTu1K/yhkaBhloBx3m +hxbT8OASuqK1Kj3ts2QWBqNQ/LCkSfL5qzStT9sKPSslkoY/lN/7/FTyx22e0hDg +zQ0CAwEAAaOByzCByDAdBgNVHQ4EFgQU6dhEjSTuoYIYbyH6Tuz739GRV50wHwYD +VR0jBBgwFoAUvjNyR8Kxl0GZwDFXUlYMtVN4WqQwNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCOzNPzWvvK -g05V464qt7esnofwYlgjKT1jfo1CYOrcPuxmGUvm1qe34eoziDzqi4e552QNNbMO -q4FxDBwK8wpJI07WId5/5f1ti3ozL6arTrgCzAEeGJqQ81b4irUvaBLGg7KRWQBR -hnVoRTsnxOAN7edRLUdgJhkC/UMnga0zy+uYmqEugdOBUkodGekw+fxr5ybIwWxl -5GbUzIIWCqa5aDrr7s2GqqeA7U93R9LGG+tT3vPrJGBBrHcIQxt2zqZL8U4dMisx -vVlS8WDn9dttv76vVZsRY/duGSwXS9v+QCeuAvXCF2Ihe6w41hc+XIBhbZVj5GTT -ByOfFLvfsuvC +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBxM5V/GLOC +i2OHW/DD5WsG9AdCNT2vD7npnpEHBMRtAN4RgQ5JznySrcddxkKfuY/HqwJG9u+L +R76t9h/uBKq4BxpDZm0fOSr1mE9PYC3KL/cO2PMWe0gDQgDc/37Xz+Ne1SkzRhao +QmWuQr3mFSoHuwUlzbmZBYdhae+1PX4Qr356ZETLc2W1vOPbpn+SXTGH82xNrGp/ +GxK6/xYqgBY8pczUTaTtKAtdy9V9wKR+xxDf0SWpiqPx/OEnLvgnDAk2eCyjb3gM +s0t881oxk5R0YZQOw7o9lFT1wR7pwakHodJ45WvmBjR3YruAWpjAvxA4uW/tETYB +sa1yQjDB2q0r -----END CERTIFICATE----- Certificate: @@ -164,30 +164,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ca:5e:08:17:b7:7c:c4:55:39:a2:1c:7f:97:49: - b0:bb:88:3e:9e:ed:46:36:41:c2:a7:5e:2b:ce:bb: - 7b:d2:d2:a8:3b:a3:53:27:39:ac:3a:76:48:a2:85: - 97:3f:ba:98:9f:14:f9:b9:31:64:e5:27:a8:9a:23: - ae:7d:12:39:65:c0:10:f3:6d:2d:a3:45:3d:c3:69: - e6:cf:3e:4d:8a:5c:37:a5:6c:32:17:7c:ab:8f:62: - 0e:e4:57:6b:e1:64:22:8d:3b:ad:c6:93:60:4a:c4: - 32:6d:be:c4:6b:06:e1:4b:e0:89:3c:ef:ad:78:94: - bd:3d:d1:bb:19:1a:86:98:43:0e:84:bb:68:11:47: - 9a:06:49:33:e9:48:e6:f2:00:0e:ef:e7:4d:2a:1b: - b2:aa:5b:a8:8d:59:ac:b7:c8:77:5d:c9:9f:d3:e8: - c7:f2:88:0a:ce:6e:34:b5:8f:5a:63:24:68:42:2f: - 60:2c:a5:82:44:e9:12:1f:c3:7a:01:c3:e7:e3:24: - 97:0b:bc:5e:48:e1:33:4b:a0:cd:fa:ce:75:90:97: - 20:f4:0b:4c:8e:69:c5:8b:cd:1c:ac:8a:7f:d4:18: - 22:c7:10:09:52:dc:3a:17:3d:3a:5c:03:99:ee:f8: - 9d:a0:bf:ef:72:33:df:43:8d:9f:1b:1c:e3:22:24: - 73:99 + 00:ca:3f:f8:1f:42:8f:55:98:f8:9f:fb:94:03:42: + 2a:c1:42:3a:2b:2a:f3:54:14:f3:fe:67:25:24:d3: + 9a:7f:66:1a:60:0b:9d:d8:bd:65:71:b5:f5:d9:fe: + eb:f6:04:72:57:97:bc:23:b0:be:bd:ce:94:9e:58: + 1a:10:e7:33:09:0b:57:a8:1c:6f:fa:f7:ce:d1:31: + 34:90:1a:b4:60:2d:d2:7f:29:9b:4e:ec:f4:6e:99: + 21:6b:98:9c:90:09:fc:bd:2f:55:c3:34:38:48:4a: + 73:fe:58:e2:09:b9:d9:f9:53:f6:84:e2:5d:fc:eb: + 3c:ba:92:f5:bc:97:cc:ef:43:54:f7:4f:c9:b4:2c: + 86:95:32:a6:e8:91:f5:8e:31:f8:de:b5:d9:c9:3d: + 4d:d7:24:4c:8c:58:aa:8a:c5:79:ab:e7:cd:3b:5c: + 84:67:52:5a:88:33:c3:55:d5:a9:2e:c9:5b:61:7c: + 87:05:c1:0b:d7:19:4a:fe:bd:ba:af:d7:e5:70:d1: + a4:92:08:d2:f2:ca:2b:b1:94:d0:84:57:f9:30:92: + fc:3a:67:82:10:6e:e3:89:9f:b3:df:75:6e:99:46: + bd:ce:b1:e8:ac:a2:3b:21:80:da:11:13:bd:df:93: + 0e:0e:ee:5d:f5:39:a2:a8:f7:41:c8:cb:00:5c:ac: + ee:b1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 71:59:49:4D:A5:43:49:C5:0E:E4:78:E9:5C:B7:4E:80:A8:A3:BB:5E + BE:33:72:47:C2:B1:97:41:99:C0:31:57:52:56:0C:B5:53:78:5A:A4 X509v3 Authority Key Identifier: - keyid:71:59:49:4D:A5:43:49:C5:0E:E4:78:E9:5C:B7:4E:80:A8:A3:BB:5E + keyid:BE:33:72:47:C2:B1:97:41:99:C0:31:57:52:56:0C:B5:53:78:5A:A4 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -202,41 +202,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 20:51:cc:39:0f:3c:0c:67:47:0c:73:f0:00:0d:57:fb:6f:fe: - 4c:e3:c1:d1:a6:f7:40:54:4c:91:0f:ca:e1:eb:b3:7a:44:0e: - 57:f5:81:1f:9a:4f:81:57:d8:91:01:7b:09:6a:61:19:04:8f: - 00:7a:d1:5b:3f:cb:1b:c0:53:a4:da:dc:40:a5:ef:9b:59:1a: - fc:99:b2:0d:66:22:ee:d7:da:69:72:4d:b1:44:e9:2d:57:84: - 52:d5:2b:c5:77:ac:a7:d0:f2:27:12:6b:5c:42:7a:3d:fc:e8: - 04:91:98:aa:1d:3f:40:9d:9b:e2:43:24:47:7b:b8:24:23:a3: - 47:24:cd:9a:44:87:f8:a7:c4:07:90:9a:73:60:e1:0e:7b:82: - a1:ef:73:4e:02:46:6d:06:e2:58:8f:79:47:79:a6:59:75:cf: - ac:5d:e2:37:6c:88:3f:bf:57:00:f5:fb:09:53:f4:5f:06:42: - 58:5e:75:48:96:7d:4f:dd:3b:45:d3:7c:61:8f:75:20:17:a0: - 2e:1c:08:4b:22:3f:37:be:d7:43:89:da:59:ac:79:87:1e:6a: - cc:53:4d:5b:e9:0a:d6:40:a5:a0:28:99:57:44:5d:d2:7b:bf: - 02:38:a3:c4:df:14:a9:c1:b2:ec:15:21:7b:84:a1:a1:56:f8: - b9:45:42:cd + 6a:f1:5f:9d:b3:dd:07:5a:5c:44:0a:17:df:04:6c:e5:17:03: + a6:ba:c1:85:f3:4f:ff:15:52:85:7c:98:aa:58:ab:39:b2:6d: + ae:71:ff:85:36:de:d6:72:c6:3f:7b:6e:e3:13:32:d5:cd:d8: + 22:c3:48:71:e7:ed:02:97:5a:b0:bd:e7:fd:d4:21:53:66:7e: + 17:df:97:cd:c0:75:18:f3:a8:6a:0c:bc:de:c3:02:36:17:eb: + 99:a4:b7:01:be:89:27:3c:43:9e:d4:e8:24:2a:81:0b:fa:32: + 74:90:53:5f:c1:3c:2e:cf:04:ec:90:5e:f4:20:8e:39:06:49: + ee:8d:69:1e:5f:7f:e0:90:ea:b3:cd:70:42:40:76:22:ec:53: + b4:c7:cd:bf:41:34:92:29:80:97:9a:28:f1:f4:8c:65:a2:74: + f3:79:a5:0a:fa:4f:a7:df:d2:c2:a8:23:9f:51:15:19:2c:40: + fd:67:75:3a:24:8c:5b:9a:71:df:02:92:90:d8:e2:58:22:79: + 44:10:e5:2c:fd:7e:25:6e:e2:42:ec:02:67:44:17:8a:ac:e5: + 9c:b2:0b:d3:22:f5:88:2f:53:e6:e8:a5:43:a4:65:97:a6:36: + f6:57:d3:4b:15:28:55:05:df:52:b5:19:c8:7e:a8:3a:4a:79: + 52:33:b9:52 -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMpeCBe3fMRVOaIcf5dJ -sLuIPp7tRjZBwqdeK867e9LSqDujUyc5rDp2SKKFlz+6mJ8U+bkxZOUnqJojrn0S -OWXAEPNtLaNFPcNp5s8+TYpcN6VsMhd8q49iDuRXa+FkIo07rcaTYErEMm2+xGsG -4UvgiTzvrXiUvT3RuxkahphDDoS7aBFHmgZJM+lI5vIADu/nTSobsqpbqI1ZrLfI -d13Jn9Pox/KICs5uNLWPWmMkaEIvYCylgkTpEh/DegHD5+Mklwu8XkjhM0ugzfrO -dZCXIPQLTI5pxYvNHKyKf9QYIscQCVLcOhc9OlwDme74naC/73Iz30ONnxsc4yIk -c5kCAwEAAaOByzCByDAdBgNVHQ4EFgQUcVlJTaVDScUO5HjpXLdOgKiju14wHwYD -VR0jBBgwFoAUcVlJTaVDScUO5HjpXLdOgKiju14wNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMo/+B9Cj1WY+J/7lANC +KsFCOisq81QU8/5nJSTTmn9mGmALndi9ZXG19dn+6/YEcleXvCOwvr3OlJ5YGhDn +MwkLV6gcb/r3ztExNJAatGAt0n8pm07s9G6ZIWuYnJAJ/L0vVcM0OEhKc/5Y4gm5 +2flT9oTiXfzrPLqS9byXzO9DVPdPybQshpUypuiR9Y4x+N612ck9TdckTIxYqorF +eavnzTtchGdSWogzw1XVqS7JW2F8hwXBC9cZSv69uq/X5XDRpJII0vLKK7GU0IRX ++TCS/DpnghBu44mfs991bplGvc6x6KyiOyGA2hETvd+TDg7uXfU5oqj3QcjLAFys +7rECAwEAAaOByzCByDAdBgNVHQ4EFgQUvjNyR8Kxl0GZwDFXUlYMtVN4WqQwHwYD +VR0jBBgwFoAUvjNyR8Kxl0GZwDFXUlYMtVN4WqQwNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAgUcw5DzwM -Z0cMc/AADVf7b/5M48HRpvdAVEyRD8rh67N6RA5X9YEfmk+BV9iRAXsJamEZBI8A -etFbP8sbwFOk2txApe+bWRr8mbINZiLu19ppck2xROktV4RS1SvFd6yn0PInEmtc -Qno9/OgEkZiqHT9AnZviQyRHe7gkI6NHJM2aRIf4p8QHkJpzYOEOe4Kh73NOAkZt -BuJYj3lHeaZZdc+sXeI3bIg/v1cA9fsJU/RfBkJYXnVIln1P3TtF03xhj3UgF6Au -HAhLIj83vtdDidpZrHmHHmrMU01b6QrWQKWgKJlXRF3Se78COKPE3xSpwbLsFSF7 -hKGhVvi5RULN +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBq8V+ds90H +WlxEChffBGzlFwOmusGF80//FVKFfJiqWKs5sm2ucf+FNt7WcsY/e27jEzLVzdgi +w0hx5+0Cl1qwvef91CFTZn4X35fNwHUY86hqDLzewwI2F+uZpLcBvoknPEOe1Ogk +KoEL+jJ0kFNfwTwuzwTskF70II45BknujWkeX3/gkOqzzXBCQHYi7FO0x82/QTSS +KYCXmijx9IxlonTzeaUK+k+n39LCqCOfURUZLED9Z3U6JIxbmnHfApKQ2OJYInlE +EOUs/X4lbuJC7AJnRBeKrOWcsgvTIvWIL1Pm6KVDpGWXpjb2V9NLFShVBd9StRnI +fqg6SnlSM7lS -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -249,14 +249,19 @@ FAIL RkFJTA== -----END VERIFY_RESULT----- -[Context] Processing Certificate - index: 1 - [Error] RSA modulus too small - actual: 512 - minimum: 1024 - [Error] Unacceptable modulus length for RSA key - [Error] VerifySignedData failed +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=0 (CN=Target) ----- +ERROR: RSA modulus too small + actual: 512 + minimum: 1024 +ERROR: Unacceptable modulus length for RSA key +ERROR: VerifySignedData failed + -----BEGIN ERRORS----- -W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMQogICAgICBbRXJyb3JdIFJTQSBtb2R1bHVzIHRvbyBzbWFsbAogICAgICAgIGFjdHVhbDogNTEyCiAgICAgICAgbWluaW11bTogMTAyNAogICAgICBbRXJyb3JdIFVuYWNjZXB0YWJsZSBtb2R1bHVzIGxlbmd0aCBmb3IgUlNBIGtleQogICAgICBbRXJyb3JdIFZlcmlmeVNpZ25lZERhdGEgZmFpbGVkCg== +LS0tLS0gQ2VydGlmaWNhdGUgaT0wIChDTj1UYXJnZXQpIC0tLS0tCkVSUk9SOiBSU0EgbW9kdWx1cyB0b28gc21hbGwKICBhY3R1YWw6IDUxMgogIG1pbmltdW06IDEwMjQKRVJST1I6IFVuYWNjZXB0YWJsZSBtb2R1bHVzIGxlbmd0aCBmb3IgUlNBIGtleQpFUlJPUjogVmVyaWZ5U2lnbmVkRGF0YSBmYWlsZWQKCg== -----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/target-signed-using-ecdsa.pem b/chromium/net/data/verify_certificate_chain_unittest/target-signed-using-ecdsa.pem index 95a19b157a2..09f6130a60b 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/target-signed-using-ecdsa.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/target-signed-using-ecdsa.pem @@ -17,30 +17,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c1:2c:42:ca:d9:bd:0d:55:79:40:9a:cf:f4:1b: - de:4e:e7:8b:77:40:55:83:bf:2c:27:72:58:db:62: - 24:12:e2:e5:4e:36:09:95:e0:0d:5b:09:d9:f8:bf: - e5:f8:3a:d4:9a:c9:5a:ff:16:44:16:21:15:bc:cf: - f6:99:ad:5c:bf:74:9a:02:3e:91:99:28:2b:76:eb: - fe:14:8c:24:a2:f9:41:b3:7a:86:b2:15:34:a4:fc: - 93:49:42:b6:ee:20:70:61:f8:8e:ae:8b:55:aa:4f: - 3f:ec:1e:63:45:24:c4:01:c1:68:c2:cf:a7:c5:29: - 58:a7:c2:cc:89:00:25:b0:1a:b1:a0:dd:52:e4:3c: - 41:ff:2a:3b:97:07:63:70:13:01:3d:eb:1d:a1:12: - f2:27:0a:c0:47:8a:96:f4:c9:f0:2f:b1:2a:7a:fa: - 57:f8:60:98:c5:b8:03:ce:36:fc:32:73:39:13:46: - 5b:71:02:42:22:45:4c:11:1d:3d:e1:77:53:9c:8d: - 0b:a0:bf:68:67:b4:b2:2b:6a:9a:1f:da:dd:dd:c2: - 0d:0c:12:00:ff:d9:d2:36:77:52:72:32:30:ea:68: - bb:62:55:37:24:aa:13:92:a4:b5:8c:9d:71:19:6b: - 4a:1a:38:b0:21:79:14:70:d3:e9:7e:92:91:fc:8a: - c7:35 + 00:e6:90:14:d7:6c:5e:85:24:21:17:7a:ce:f2:8a: + 3e:83:20:e4:3e:eb:cf:4c:06:bb:0a:d5:21:d9:2b: + e1:2e:14:8a:20:16:c8:c9:4b:55:ed:e9:ea:48:ed: + ef:03:2b:de:25:dd:41:9b:0c:0b:bd:f8:58:e2:a0: + ba:92:3f:03:de:ca:e6:35:42:be:ab:e1:33:17:ac: + 3e:bc:fc:90:2a:d2:c7:76:1f:51:d2:ca:e9:80:e0: + 76:39:ab:88:65:b4:e3:ea:05:dd:c5:8e:fe:4c:86: + c3:06:49:0c:ab:69:a5:4f:14:cc:82:1f:b1:3d:f6: + f9:d5:d4:61:41:35:e5:d4:f7:4f:1a:af:fb:a8:ff: + ef:7b:38:95:40:c5:56:32:a5:cf:8f:d6:04:df:23: + eb:5b:f7:32:a3:d7:a1:df:cb:67:35:25:d6:63:92: + d7:da:d9:83:20:52:58:1d:ef:6e:3c:88:91:14:08: + c7:70:85:b7:b3:93:c1:9a:51:57:d8:d5:4c:81:83: + 96:91:b6:5a:b9:b5:7e:fb:90:bd:71:2e:09:04:6e: + f9:0b:ff:51:43:d4:20:77:ee:31:34:98:f8:e8:8f: + 5a:2e:75:f1:0f:bf:64:35:a5:00:cb:4a:00:6e:45: + a3:01:d7:97:46:49:55:c1:df:2d:31:c4:98:ae:25: + b2:b3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - E2:9C:21:ED:AF:F9:55:73:3F:68:B8:CD:03:B2:45:FB:C8:4F:35:8C + A0:D4:34:B4:BC:27:68:8C:38:A0:8F:3A:CF:6E:58:5F:57:97:44:B8 X509v3 Authority Key Identifier: - keyid:71:4E:D7:4E:A8:0A:43:13:41:FE:F4:50:09:92:D0:56:1D:44:8A:3F + keyid:B1:0E:68:94:5F:A9:F7:F8:4B:09:42:7D:AE:5A:7A:05:BF:E4:A1:F1 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -55,29 +55,29 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: ecdsa-with-SHA256 - 30:65:02:30:16:0c:16:b2:2c:2e:68:f7:e6:c9:e6:fc:25:67: - ab:1b:cd:65:0b:30:ca:d4:92:0b:0a:26:40:cd:7b:47:b5:37: - 8b:84:12:b2:51:53:3e:a9:b8:d0:fa:0b:e5:ec:54:2e:02:31: - 00:e5:d7:43:9b:58:f1:7e:90:79:de:63:49:7f:5b:fe:7a:34: - 2e:5a:d1:92:13:66:3a:e0:1c:ea:77:e1:98:1c:a9:38:d5:ce: - 98:7b:1f:5b:8a:d4:01:cb:35:7a:d5:74:8a + 30:65:02:31:00:cb:9d:26:67:f3:0a:fe:93:3b:6b:f5:54:47: + 6f:0b:d6:4d:e7:5a:35:7f:c1:a5:29:85:b0:e0:53:7f:ea:6c: + b1:7a:62:46:b9:89:65:71:63:13:7d:c2:7a:73:7a:92:c3:02: + 30:54:0f:04:1c:7d:73:1e:e1:c2:f5:d0:61:39:11:e0:05:2a: + b4:b8:3e:3f:a1:94:47:f5:54:85:6e:e3:a3:67:5b:d0:0c:06: + 5d:4f:55:03:75:ba:56:5e:59:c3:d8:e8:98 -----BEGIN CERTIFICATE----- MIIC7DCCAnKgAwIBAgIBATAKBggqhkjOPQQDAjAXMRUwEwYDVQQDDAxJbnRlcm1l ZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYDVQQD -DAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBLELK2b0N -VXlAms/0G95O54t3QFWDvywncljbYiQS4uVONgmV4A1bCdn4v+X4OtSayVr/FkQW -IRW8z/aZrVy/dJoCPpGZKCt26/4UjCSi+UGzeoayFTSk/JNJQrbuIHBh+I6ui1Wq -Tz/sHmNFJMQBwWjCz6fFKVinwsyJACWwGrGg3VLkPEH/KjuXB2NwEwE96x2hEvIn -CsBHipb0yfAvsSp6+lf4YJjFuAPONvwyczkTRltxAkIiRUwRHT3hd1OcjQugv2hn -tLIrapof2t3dwg0MEgD/2dI2d1JyMjDqaLtiVTckqhOSpLWMnXEZa0oaOLAheRRw -0+l+kpH8isc1AgMBAAGjgekwgeYwHQYDVR0OBBYEFOKcIe2v+VVzP2i4zQOyRfvI -TzWMMB8GA1UdIwQYMBaAFHFO106oCkMTQf70UAmS0FYdRIo/MD8GCCsGAQUFBwEB +DAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmkBTXbF6F +JCEXes7yij6DIOQ+689MBrsK1SHZK+EuFIogFsjJS1Xt6epI7e8DK94l3UGbDAu9 ++FjioLqSPwPeyuY1Qr6r4TMXrD68/JAq0sd2H1HSyumA4HY5q4hltOPqBd3Fjv5M +hsMGSQyraaVPFMyCH7E99vnV1GFBNeXU908ar/uo/+97OJVAxVYypc+P1gTfI+tb +9zKj16Hfy2c1JdZjktfa2YMgUlgd7248iJEUCMdwhbezk8GaUVfY1UyBg5aRtlq5 +tX77kL1xLgkEbvkL/1FD1CB37jE0mPjoj1oudfEPv2Q1pQDLSgBuRaMB15dGSVXB +3y0xxJiuJbKzAgMBAAGjgekwgeYwHQYDVR0OBBYEFKDUNLS8J2iMOKCPOs9uWF9X +l0S4MB8GA1UdIwQYMBaAFLEOaJRfqff4SwlCfa5aegW/5KHxMD8GCCsGAQUFBwEB BDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVkaWF0 ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0ludGVy bWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB -BggrBgEFBQcDAjAKBggqhkjOPQQDAgNoADBlAjAWDBayLC5o9+bJ5vwlZ6sbzWUL -MMrUkgsKJkDNe0e1N4uEErJRUz6puND6C+XsVC4CMQDl10ObWPF+kHneY0l/W/56 -NC5a0ZITZjrgHOp34ZgcqTjVzph7H1uK1AHLNXrVdIo= +BggrBgEFBQcDAjAKBggqhkjOPQQDAgNoADBlAjEAy50mZ/MK/pM7a/VUR28L1k3n +WjV/waUphbDgU3/qbLF6Yka5iWVxYxN9wnpzepLDAjBUDwQcfXMe4cL10GE5EeAF +KrS4Pj+hlEf1VIVu46NnW9AMBl1PVQN1ulZeWcPY6Jg= -----END CERTIFICATE----- Certificate: @@ -94,19 +94,19 @@ Certificate: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) pub: - 04:ff:41:5f:16:8c:e0:75:59:3b:4a:9c:84:3e:79: - 93:48:a5:98:7e:93:58:58:d5:c9:ca:60:b8:6d:0c: - 84:81:40:de:22:95:f1:6e:56:49:8f:02:45:ce:fe: - e8:71:71:02:25:a7:47:5f:63:0e:4a:46:4d:e0:b3: - 73:9e:d8:91:2a:ad:51:47:80:b0:f5:4a:5e:0d:93: - a6:78:93:a7:f9:1d:ad:b6:23:78:2e:23:e0:62:f6: - 77:f8:1c:db:31:82:c1 + 04:f3:8f:d7:88:9f:98:67:05:36:a9:16:7c:85:b2: + cf:8e:02:72:19:eb:ab:48:14:1e:6f:6a:13:93:3e: + 80:b9:aa:7f:53:9c:91:91:9e:b1:79:76:ec:31:ef: + 97:46:30:d8:f4:ad:9c:60:c0:a6:00:88:62:5a:68: + 9e:3e:00:f3:6c:b4:1a:10:0b:78:12:f3:fe:5f:47: + 40:14:e7:2d:c0:82:cc:cf:df:93:fb:21:8e:ed:59: + b2:70:1e:7b:70:0c:e5 ASN1 OID: secp384r1 X509v3 extensions: X509v3 Subject Key Identifier: - 71:4E:D7:4E:A8:0A:43:13:41:FE:F4:50:09:92:D0:56:1D:44:8A:3F + B1:0E:68:94:5F:A9:F7:F8:4B:09:42:7D:AE:5A:7A:05:BF:E4:A1:F1 X509v3 Authority Key Identifier: - keyid:39:BF:53:7E:B4:7B:97:5D:7A:E5:12:6D:FA:8B:79:C5:67:3E:1E:E4 + keyid:43:E7:CC:3C:45:3E:58:A7:6D:D2:90:56:8F:16:93:9E:2F:F3:06:2E Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -121,37 +121,37 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - d2:53:ac:75:a8:06:52:55:48:4f:d0:a3:92:51:d4:23:06:f7: - 98:2b:b4:15:2e:65:26:44:c0:75:64:c5:df:73:cd:dc:a3:5a: - 7f:86:f6:e8:6b:bd:8f:3a:7e:20:6e:b9:df:4c:07:78:f5:1d: - b4:4c:d0:8b:0b:71:ad:74:6d:f7:48:fb:a8:45:e6:2f:87:d8: - 89:e3:de:b4:15:fa:71:47:19:c6:88:a2:9c:66:cd:44:05:22: - f8:d8:0b:1f:72:4d:ef:98:76:15:7d:41:20:53:2b:ef:e1:35: - 31:7c:b7:8e:70:c0:23:5a:ab:9a:58:5e:0b:02:d6:9c:7c:6e: - d0:29:ad:19:95:e2:1f:e8:18:c7:c3:25:cf:21:30:52:28:32: - fa:cf:07:4a:19:f2:39:bd:bb:05:96:4e:11:91:9f:b4:ae:5c: - 9e:bc:ac:f4:4a:b8:9a:73:40:4b:88:05:6d:3c:9e:c7:7d:0a: - 16:4f:d1:96:67:17:fa:e6:43:8c:0e:4c:26:2e:4c:51:8b:18: - ee:8d:e4:69:09:ca:7f:ea:8d:33:38:fa:45:e5:d7:06:74:1d: - bd:05:32:c7:1f:fd:84:9e:42:f7:7d:f2:24:ab:54:50:ba:69: - 3e:84:15:fe:f9:20:5a:77:8a:20:af:f3:97:35:1e:16:ee:92: - ef:9d:c7:5d + f0:14:7e:da:d5:be:74:27:15:04:74:cd:f7:94:17:28:11:f0: + 31:9f:5f:36:ca:37:18:9d:94:27:54:52:83:92:e2:47:4f:71: + 54:e4:dd:a2:77:c6:e0:35:8b:b8:1e:53:5d:52:a9:e3:b5:39: + 17:80:f1:4c:e5:c1:d5:af:9b:f7:41:2e:3e:c6:05:8a:ad:b8: + 93:d0:75:34:d6:ae:21:25:d8:61:87:5d:8b:68:ee:78:80:d2: + fe:91:1e:d4:4e:6b:42:c3:57:8a:7c:0a:52:33:5d:9b:51:59: + 8e:79:3f:af:aa:d1:96:b1:a9:14:94:4c:78:47:88:d2:a9:16: + a5:2e:21:64:2e:3a:7d:82:6f:ac:66:f7:82:b4:56:60:2a:24: + 4b:44:13:99:af:59:87:86:96:4a:49:83:02:ce:dc:6a:dd:0d: + 02:28:64:e0:9c:c3:50:58:a9:2c:5b:2b:0f:dc:98:45:cf:79: + d5:28:75:d7:20:62:ea:c1:0b:ca:94:53:33:1a:e2:09:8d:d5: + 38:c9:d5:1e:ee:23:4f:b3:2c:bb:7b:5b:f4:0c:45:8d:35:7d: + d1:4f:7e:16:be:1b:bf:96:cd:9b:a9:20:94:06:28:76:ee:e9: + 3b:8d:d4:d4:73:6f:92:94:6f:f9:07:a8:82:7b:e1:5c:83:be: + 0d:00:34:c0 -----BEGIN CERTIFICATE----- MIICvzCCAaegAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE/0FfFozgdVk7SpyEPnmT -SKWYfpNYWNXJymC4bQyEgUDeIpXxblZJjwJFzv7ocXECJadHX2MOSkZN4LNzntiR -Kq1RR4Cw9UpeDZOmeJOn+R2ttiN4LiPgYvZ3+BzbMYLBo4HLMIHIMB0GA1UdDgQW -BBRxTtdOqApDE0H+9FAJktBWHUSKPzAfBgNVHSMEGDAWgBQ5v1N+tHuXXXrlEm36 -i3nFZz4e5DA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwt +ZXJtZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE84/XiJ+YZwU2qRZ8hbLP +jgJyGeurSBQeb2oTkz6Auap/U5yRkZ6xeXbsMe+XRjDY9K2cYMCmAIhiWmiePgDz +bLQaEAt4EvP+X0dAFOctwILMz9+T+yGO7VmycB57cAzlo4HLMIHIMB0GA1UdDgQW +BBSxDmiUX6n3+EsJQn2uWnoFv+Sh8TAfBgNVHSMEGDAWgBRD58w8RT5Yp23SkFaP +FpOeL/MGLjA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwt Zm9yLWFpYS9Sb290LmNlcjAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZv ci1jcmwvUm9vdC5jcmwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w -DQYJKoZIhvcNAQELBQADggEBANJTrHWoBlJVSE/Qo5JR1CMG95grtBUuZSZEwHVk -xd9zzdyjWn+G9uhrvY86fiBuud9MB3j1HbRM0IsLca10bfdI+6hF5i+H2Inj3rQV -+nFHGcaIopxmzUQFIvjYCx9yTe+YdhV9QSBTK+/hNTF8t45wwCNaq5pYXgsC1px8 -btAprRmV4h/oGMfDJc8hMFIoMvrPB0oZ8jm9uwWWThGRn7SuXJ68rPRKuJpzQEuI -BW08nsd9ChZP0ZZnF/rmQ4wOTCYuTFGLGO6N5GkJyn/qjTM4+kXl1wZ0Hb0FMscf -/YSeQvd98iSrVFC6aT6EFf75IFp3iiCv85c1Hhbuku+dx10= +DQYJKoZIhvcNAQELBQADggEBAPAUftrVvnQnFQR0zfeUFygR8DGfXzbKNxidlCdU +UoOS4kdPcVTk3aJ3xuA1i7geU11SqeO1OReA8UzlwdWvm/dBLj7GBYqtuJPQdTTW +riEl2GGHXYto7niA0v6RHtROa0LDV4p8ClIzXZtRWY55P6+q0ZaxqRSUTHhHiNKp +FqUuIWQuOn2Cb6xm94K0VmAqJEtEE5mvWYeGlkpJgwLO3GrdDQIoZOCcw1BYqSxb +Kw/cmEXPedUoddcgYurBC8qUUzMa4gmN1TjJ1R7uI0+zLLt7W/QMRY01fdFPfha+ +G7+WzZupIJQGKHbu6TuN1NRzb5KUb/kHqIJ74VyDvg0ANMA= -----END CERTIFICATE----- Certificate: @@ -168,30 +168,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:dd:a5:d8:2e:59:ed:a6:74:62:3b:71:d5:2f:0c: - b5:e6:a8:d6:d3:d2:f3:38:d5:6a:14:e4:ec:7e:d0: - 46:81:35:0e:27:96:4e:25:0c:9f:81:85:18:03:d2: - 22:1b:14:cc:54:4b:96:0e:35:0c:4c:0f:20:69:3d: - ff:48:26:b4:28:6c:6a:1f:95:87:df:09:9e:ab:60: - 43:97:3c:3a:7b:4a:d3:c6:66:ba:1a:79:71:58:29: - cb:78:38:19:de:12:c6:09:fa:f9:fd:13:a0:e1:0e: - d5:e6:c2:36:d9:dc:c5:f4:ef:08:42:e8:bf:43:d1: - b5:8a:c9:81:b1:9c:16:8f:8d:b2:aa:9e:61:30:ed: - fc:12:f0:a6:f5:9e:6a:1e:6e:d7:7c:3f:ff:76:fa: - 6f:53:8b:49:08:84:9a:69:37:bc:f5:ee:e7:ba:ee: - 39:5b:31:28:05:5a:39:d3:75:5a:1a:b2:5a:ef:48: - d4:f5:5c:ab:99:b0:41:cd:50:cd:f4:36:c3:4d:e9: - 42:2c:9d:2c:86:ea:a8:e4:d0:c9:1f:d0:c3:92:1b: - ef:c0:2c:a2:ed:2a:23:2f:ba:c0:27:a5:13:98:1d: - d3:ba:71:91:29:ae:2c:85:44:ff:bd:b5:c2:bc:e3: - fc:ff:c1:78:51:57:e9:5e:ee:1e:c2:29:d1:8c:91: - 60:9d + 00:f5:c6:4e:ee:3f:f0:7c:64:c3:5d:09:15:02:1c: + 1b:f3:43:19:a5:c1:a9:a0:fb:f9:98:ee:e4:af:7c: + e2:ad:51:6d:c5:74:03:4d:db:f1:e0:69:ed:9a:23: + d8:cd:34:0b:83:6a:32:4e:1d:c0:91:fc:88:17:02: + 0d:bd:6d:d9:b9:92:71:6b:8f:23:40:f9:48:fe:16: + 59:af:f4:9c:33:7d:3f:08:65:ff:f1:e5:9c:4d:e8: + e8:7b:4a:c3:16:6d:53:9d:92:d7:86:9b:95:fb:5d: + 86:6d:af:00:dd:6f:25:0d:53:70:7e:b6:36:11:94: + d1:90:b5:f1:6d:a8:b0:e8:2d:0d:c5:85:b5:50:4b: + 7e:b0:57:8d:82:6d:bb:e0:82:64:3b:a4:d6:c4:d7: + 0a:2c:89:61:47:99:67:5e:71:1f:5c:66:14:08:fa: + 29:88:09:3b:38:60:4d:01:67:53:fe:16:85:70:54: + bf:e1:5e:76:b8:33:e3:9c:17:08:a4:0f:f2:c5:e1: + ac:99:94:7e:10:47:7d:51:43:42:85:df:e2:9a:53: + 07:c4:2f:c8:bf:56:da:0b:7f:41:6d:8f:76:42:b0: + 25:3c:fb:0a:f4:d0:d0:b3:79:72:70:0d:07:95:97: + c1:11:82:ff:c4:13:ec:0f:cf:bb:4e:b8:4a:ed:ca: + 3c:a3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 39:BF:53:7E:B4:7B:97:5D:7A:E5:12:6D:FA:8B:79:C5:67:3E:1E:E4 + 43:E7:CC:3C:45:3E:58:A7:6D:D2:90:56:8F:16:93:9E:2F:F3:06:2E X509v3 Authority Key Identifier: - keyid:39:BF:53:7E:B4:7B:97:5D:7A:E5:12:6D:FA:8B:79:C5:67:3E:1E:E4 + keyid:43:E7:CC:3C:45:3E:58:A7:6D:D2:90:56:8F:16:93:9E:2F:F3:06:2E Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -206,41 +206,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 0d:d6:63:36:cb:eb:0f:98:6d:d8:0a:17:d2:6e:77:43:17:e8: - e6:36:c6:2a:40:2c:1e:64:f3:84:13:31:b9:fd:b7:6f:1d:b0: - d3:49:55:4b:76:ac:9d:6b:9c:3e:2b:fd:c6:d2:0c:df:9b:ef: - 4a:cf:2b:9c:61:5e:6b:2a:7d:b4:08:8e:a7:2a:aa:a9:a5:0d: - 8e:e1:0a:99:fc:f7:fa:f2:34:50:6a:aa:3b:30:ac:7c:93:b1: - dc:56:9e:2c:98:12:05:26:51:ff:c5:bf:06:44:24:7e:98:21: - aa:32:5e:f6:25:74:6d:31:f4:6b:f6:b0:70:30:87:04:b6:89: - 3d:a0:0f:cc:a6:d4:bd:93:df:98:bc:a9:92:ca:3f:ff:ef:29: - 4b:f1:3a:6a:c8:69:89:a6:93:01:54:49:af:20:4f:4d:4d:df: - 8a:4e:4a:ba:4b:a8:5e:85:46:96:a2:64:6f:78:f9:d7:6b:e5: - db:fb:39:42:3a:18:c7:08:ce:93:41:e3:3c:78:01:64:36:8b: - de:78:9e:13:42:52:72:13:f6:81:df:5e:7a:45:08:4f:0d:99: - f8:af:1e:71:d6:55:85:3a:2c:79:17:e3:df:8e:46:8d:39:13: - a4:c9:e7:3d:f2:9d:ef:e7:b9:12:6e:e3:76:3f:e7:c6:5c:fe: - 1e:af:1b:50 + 04:44:15:f7:92:8f:fd:1f:13:fb:26:12:d8:04:7a:5b:17:6d: + 1c:93:22:a5:0c:6c:44:d2:09:29:27:da:7a:49:7f:88:47:43: + 04:db:d7:50:68:aa:c9:18:34:fc:32:d2:c4:2d:44:bd:c6:19: + 36:68:d3:44:e7:3a:4c:b9:d0:d8:94:0a:06:bd:3a:76:ad:81: + 9a:3e:fa:b3:90:ac:31:d5:2d:6d:82:9f:f0:9e:a1:2c:74:0e: + f8:16:62:92:63:8d:82:05:73:a0:cb:b4:98:9c:67:7b:da:a9: + 9d:91:40:37:82:c1:12:ff:d7:0e:89:12:27:75:97:8d:af:dd: + d5:e9:61:14:af:3d:5c:ad:cb:ed:73:0a:f6:6c:da:a2:d3:2a: + 5c:54:d0:68:4c:49:43:d6:7b:c7:18:6d:c6:2e:dc:a6:a7:3a: + ab:b4:27:24:a1:b6:d4:1a:d0:b6:5c:80:6e:7c:66:31:99:56: + a7:55:bf:65:ee:53:36:87:37:7d:6f:8c:64:d0:fa:27:bf:41: + 95:e2:42:6e:72:8f:14:34:e2:cd:b3:15:6f:72:cd:bb:43:0d: + de:87:5c:b9:5f:d1:26:46:5e:26:25:f8:b8:bc:b8:58:d5:79: + 40:61:7d:de:a4:74:25:f0:cc:7a:45:e0:98:88:a9:7f:d1:93: + ce:45:dc:59 -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2l2C5Z7aZ0Yjtx1S8M -teao1tPS8zjVahTk7H7QRoE1DieWTiUMn4GFGAPSIhsUzFRLlg41DEwPIGk9/0gm -tChsah+Vh98JnqtgQ5c8OntK08Zmuhp5cVgpy3g4Gd4Sxgn6+f0ToOEO1ebCNtnc -xfTvCELov0PRtYrJgbGcFo+NsqqeYTDt/BLwpvWeah5u13w//3b6b1OLSQiEmmk3 -vPXu57ruOVsxKAVaOdN1WhqyWu9I1PVcq5mwQc1QzfQ2w03pQiydLIbqqOTQyR/Q -w5Ib78Asou0qIy+6wCelE5gd07pxkSmuLIVE/721wrzj/P/BeFFX6V7uHsIp0YyR -YJ0CAwEAAaOByzCByDAdBgNVHQ4EFgQUOb9TfrR7l1165RJt+ot5xWc+HuQwHwYD -VR0jBBgwFoAUOb9TfrR7l1165RJt+ot5xWc+HuQwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPXGTu4/8Hxkw10JFQIc +G/NDGaXBqaD7+Zju5K984q1RbcV0A03b8eBp7Zoj2M00C4NqMk4dwJH8iBcCDb1t +2bmScWuPI0D5SP4WWa/0nDN9Pwhl//HlnE3o6HtKwxZtU52S14ablftdhm2vAN1v +JQ1TcH62NhGU0ZC18W2osOgtDcWFtVBLfrBXjYJtu+CCZDuk1sTXCiyJYUeZZ15x +H1xmFAj6KYgJOzhgTQFnU/4WhXBUv+Fedrgz45wXCKQP8sXhrJmUfhBHfVFDQoXf +4ppTB8QvyL9W2gt/QW2PdkKwJTz7CvTQ0LN5cnANB5WXwRGC/8QT7A/Pu064Su3K +PKMCAwEAAaOByzCByDAdBgNVHQ4EFgQUQ+fMPEU+WKdt0pBWjxaTni/zBi4wHwYD +VR0jBBgwFoAUQ+fMPEU+WKdt0pBWjxaTni/zBi4wNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAN1mM2y+sP -mG3YChfSbndDF+jmNsYqQCweZPOEEzG5/bdvHbDTSVVLdqyda5w+K/3G0gzfm+9K -zyucYV5rKn20CI6nKqqppQ2O4QqZ/Pf68jRQaqo7MKx8k7HcVp4smBIFJlH/xb8G -RCR+mCGqMl72JXRtMfRr9rBwMIcEtok9oA/MptS9k9+YvKmSyj//7ylL8TpqyGmJ -ppMBVEmvIE9NTd+KTkq6S6hehUaWomRvePnXa+Xb+zlCOhjHCM6TQeM8eAFkNove -eJ4TQlJyE/aB3156RQhPDZn4rx5x1lWFOix5F+PfjkaNOROkyec98p3v57kSbuN2 -P+fGXP4erxtQ +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAERBX3ko/9 +HxP7JhLYBHpbF20ckyKlDGxE0gkpJ9p6SX+IR0ME29dQaKrJGDT8MtLELUS9xhk2 +aNNE5zpMudDYlAoGvTp2rYGaPvqzkKwx1S1tgp/wnqEsdA74FmKSY42CBXOgy7SY +nGd72qmdkUA3gsES/9cOiRIndZeNr93V6WEUrz1crcvtcwr2bNqi0ypcVNBoTElD +1nvHGG3GLtympzqrtCckobbUGtC2XIBufGYxmVanVb9l7lM2hzd9b4xk0Ponv0GV +4kJuco8UNOLNsxVvcs27Qw3eh1y5X9EmRl4mJfi4vLhY1XlAYX3epHQl8Mx6ReCY +iKl/0ZPORdxZ -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -252,3 +252,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/target-signed-with-md5.pem b/chromium/net/data/verify_certificate_chain_unittest/target-signed-with-md5.pem index 7ba65863a59..b9b31a9c901 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/target-signed-with-md5.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/target-signed-with-md5.pem @@ -17,30 +17,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:bc:8a:b8:3e:5c:f9:f0:cc:33:10:6f:ab:ec:81: - 53:1c:4f:d3:c7:e2:c6:ac:57:9b:b0:a1:37:3d:2a: - b8:4f:eb:23:8b:64:6d:2f:5b:f5:02:dc:5b:d5:11: - ea:29:38:4c:76:40:f4:b0:b0:47:9f:6c:8d:89:91: - f4:0d:e5:cb:bb:c2:2a:cc:c1:9b:3a:56:f6:26:8e: - 4a:df:2c:b3:7c:35:3f:71:a9:37:49:3c:1a:40:fd: - 5e:6f:1b:5e:a0:61:64:d1:40:80:d7:dd:2b:d4:32: - 4c:80:f8:5a:8c:b2:ff:b6:ea:91:73:59:00:5e:02: - a8:49:1b:2b:fa:c2:9b:35:44:79:74:7b:02:8e:68: - 47:76:43:8d:23:d0:d0:f9:c4:8c:a1:aa:99:cb:55: - 24:a1:11:1c:88:0d:8a:5c:d9:46:a6:8f:ac:3f:83: - e3:4e:35:90:03:fe:0e:2d:d7:c6:9b:a3:36:d7:7f: - af:32:89:83:94:40:e7:87:1b:fe:f5:1b:1e:75:ba: - f2:b5:70:f3:75:f8:85:b3:58:9d:5f:56:6b:60:0f: - 53:12:82:dc:01:67:28:66:2c:3e:f6:df:08:fb:b9: - da:ce:00:60:b3:b4:65:fd:1d:1e:14:7c:90:9b:0b: - d4:ca:ff:96:12:c0:2c:cd:fb:c3:4f:62:d0:67:59: - bc:71 + 00:a7:b8:bc:92:74:b1:bc:8f:5b:d5:3c:81:a6:8f: + d2:bf:7e:b8:f6:cd:49:5b:fd:18:ee:07:5c:32:cf: + f1:7f:51:06:98:53:91:16:4e:c0:2c:34:16:b8:12: + 9d:10:5d:72:42:ec:00:e9:6b:4a:fb:17:bf:3a:35: + f9:a7:f5:50:df:80:bf:d9:6a:3d:74:93:4b:ce:13: + 5f:57:3c:a1:60:55:10:e9:32:0f:84:ce:c2:d7:51: + be:16:b1:54:3f:86:5b:9e:9c:ec:5e:10:87:10:08: + ac:78:ee:da:97:5a:af:52:84:de:8d:2d:e4:91:30: + 09:a1:e7:2b:8b:8b:b8:70:a0:43:0f:db:15:48:a5: + c2:94:af:f9:82:e4:86:57:d3:1c:e8:0c:71:11:06: + fe:f5:5e:ad:a6:26:d3:51:0b:f2:f0:5c:99:05:fe: + 51:a1:d7:4a:e6:7f:f3:54:eb:82:07:f9:3a:83:bb: + c4:b5:41:07:df:76:95:9a:ed:04:34:4a:1f:bd:91: + 19:78:6b:e0:24:4c:cc:ad:21:80:61:20:03:96:1c: + e8:d8:ca:e9:bc:ee:5f:93:eb:f8:48:ee:93:01:eb: + c3:a4:83:6b:3d:03:0e:fa:a7:aa:22:4d:66:40:8b: + ff:e4:9e:39:4f:b1:13:1f:ee:cd:70:21:10:26:96: + 9b:03 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 2F:67:2E:92:9E:39:55:C4:47:23:6A:10:A9:37:87:97:74:0F:55:57 + BF:EB:3A:84:42:B2:07:20:64:80:5F:29:BC:F8:61:4A:F6:05:54:0D X509v3 Authority Key Identifier: - keyid:A7:A7:7E:EF:32:C8:D1:7C:DF:CA:EE:F4:4F:7A:EA:67:43:53:57:CF + keyid:EE:50:7B:40:71:90:A0:CE:F2:A3:28:0D:EC:1C:F2:D9:7E:A8:F3:0E Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -55,42 +55,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: md5WithRSAEncryption - 30:9f:40:ac:31:10:78:0f:06:4b:ed:6d:de:05:20:c6:29:64: - 66:a8:2a:4d:ac:b3:3d:40:d5:70:80:24:08:13:00:73:0b:90: - 32:c3:fe:35:b3:8c:77:bb:d6:79:a9:84:e3:76:89:d9:0f:19: - 2e:68:6a:ec:09:ef:9c:57:32:ee:9f:e5:0e:5e:4c:6b:87:eb: - e0:7b:e9:ed:b0:db:ef:34:7a:41:aa:7b:0d:b7:37:89:17:99: - b8:43:db:93:19:30:91:7c:25:fe:1d:cd:69:02:b8:6d:c6:08: - fa:7f:d8:3c:e5:9a:9d:fd:af:13:53:5a:54:a7:5d:d1:e3:46: - 3a:c9:8b:ac:e3:cb:e8:67:a8:e0:cf:bb:ab:45:5c:d6:d5:51: - d2:2a:d2:b2:f8:3f:05:d2:20:e8:95:17:7d:43:fe:af:cd:1c: - fa:d2:8f:8f:3b:b1:2b:3d:22:06:d8:c7:0d:00:64:8a:35:40: - 32:6e:2c:07:be:5f:e7:9d:06:4f:b1:99:a9:fb:2e:03:80:79: - 5e:19:60:a9:7f:e5:12:bb:ba:a8:f2:34:d7:00:29:11:ab:8d: - 51:52:67:33:99:5c:08:de:85:a6:ea:42:9d:08:76:d1:f1:23: - fa:c0:4c:ff:38:5a:de:1b:7a:16:e7:79:cf:a0:d0:2f:b7:e5: - d4:8e:92:4f + 11:ba:a0:e8:b0:df:df:68:dc:c3:1e:39:5a:7a:fb:12:f1:65: + 68:bc:0d:b2:32:5e:79:6e:64:6f:9a:78:a1:89:04:d9:fa:cf: + 04:38:b6:dd:03:1a:25:ba:dd:68:34:bf:d3:20:4e:a4:4b:8b: + 82:87:97:27:c7:79:7d:a6:3c:ac:c1:7b:fa:60:e0:49:25:6f: + 93:dd:22:4c:36:e1:65:f6:d4:d9:dd:51:fc:3e:14:79:1d:e4: + a2:52:55:fc:c0:51:48:75:ff:cd:f4:9d:25:75:be:d8:9d:5d: + c6:ce:dc:60:b1:c2:6f:1d:37:26:e7:e3:d3:9a:c6:37:73:5a: + 0f:32:7e:9a:14:d9:e5:b2:3e:61:89:8a:22:e0:eb:fd:cb:95: + 55:27:62:6a:82:bc:42:c5:d0:7d:5c:d9:56:05:15:26:4a:87: + f7:49:4b:57:f1:6f:ae:80:aa:e0:a6:4d:57:4c:53:a2:0c:66: + a4:19:2c:d2:bc:5b:bf:8a:fb:07:5d:f0:1a:5b:47:45:c0:6d: + 97:ee:4b:69:f7:ab:b2:7c:4c:6a:a7:b1:c8:3a:37:90:91:f2: + 3d:42:48:41:40:b8:19:6d:a1:cf:4a:16:8f:c5:8a:6b:58:d9: + bd:fc:cd:23:29:aa:7b:a3:5e:8d:69:15:c6:6b:c2:fa:c0:78: + ba:31:21:56 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQQFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8irg+ -XPnwzDMQb6vsgVMcT9PH4sasV5uwoTc9KrhP6yOLZG0vW/UC3FvVEeopOEx2QPSw -sEefbI2JkfQN5cu7wirMwZs6VvYmjkrfLLN8NT9xqTdJPBpA/V5vG16gYWTRQIDX -3SvUMkyA+FqMsv+26pFzWQBeAqhJGyv6wps1RHl0ewKOaEd2Q40j0ND5xIyhqpnL -VSShERyIDYpc2Uamj6w/g+NONZAD/g4t18abozbXf68yiYOUQOeHG/71Gx51uvK1 -cPN1+IWzWJ1fVmtgD1MSgtwBZyhmLD723wj7udrOAGCztGX9HR4UfJCbC9TK/5YS -wCzN+8NPYtBnWbxxAgMBAAGjgekwgeYwHQYDVR0OBBYEFC9nLpKeOVXERyNqEKk3 -h5d0D1VXMB8GA1UdIwQYMBaAFKenfu8yyNF838ru9E966mdDU1fPMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnuLyS +dLG8j1vVPIGmj9K/frj2zUlb/RjuB1wyz/F/UQaYU5EWTsAsNBa4Ep0QXXJC7ADp +a0r7F786Nfmn9VDfgL/Zaj10k0vOE19XPKFgVRDpMg+EzsLXUb4WsVQ/hluenOxe +EIcQCKx47tqXWq9ShN6NLeSRMAmh5yuLi7hwoEMP2xVIpcKUr/mC5IZX0xzoDHER +Bv71Xq2mJtNRC/LwXJkF/lGh10rmf/NU64IH+TqDu8S1QQffdpWa7QQ0Sh+9kRl4 +a+AkTMytIYBhIAOWHOjYyum87l+T6/hI7pMB68Okg2s9Aw76p6oiTWZAi//knjlP +sRMf7s1wIRAmlpsDAgMBAAGjgekwgeYwHQYDVR0OBBYEFL/rOoRCsgcgZIBfKbz4 +YUr2BVQNMB8GA1UdIwQYMBaAFO5Qe0BxkKDO8qMoDewc8tl+qPMOMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQQFAAOCAQEAMJ9ArDEQeA8GS+1t3gUg -xilkZqgqTayzPUDVcIAkCBMAcwuQMsP+NbOMd7vWeamE43aJ2Q8ZLmhq7AnvnFcy -7p/lDl5Ma4fr4Hvp7bDb7zR6Qap7Dbc3iReZuEPbkxkwkXwl/h3NaQK4bcYI+n/Y -POWanf2vE1NaVKdd0eNGOsmLrOPL6Geo4M+7q0Vc1tVR0irSsvg/BdIg6JUXfUP+ -r80c+tKPjzuxKz0iBtjHDQBkijVAMm4sB75f550GT7GZqfsuA4B5XhlgqX/lEru6 -qPI01wApEauNUVJnM5lcCN6FpupCnQh20fEj+sBM/zha3ht6Fud5z6DQL7fl1I6S -Tw== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQQFAAOCAQEAEbqg6LDf32jcwx45Wnr7 +EvFlaLwNsjJeeW5kb5p4oYkE2frPBDi23QMaJbrdaDS/0yBOpEuLgoeXJ8d5faY8 +rMF7+mDgSSVvk90iTDbhZfbU2d1R/D4UeR3kolJV/MBRSHX/zfSdJXW+2J1dxs7c +YLHCbx03Jufj05rGN3NaDzJ+mhTZ5bI+YYmKIuDr/cuVVSdiaoK8QsXQfVzZVgUV +JkqH90lLV/FvroCq4KZNV0xTogxmpBks0rxbv4r7B13wGltHRcBtl+5LafersnxM +aqexyDo3kJHyPUJIQUC4GW2hz0oWj8WKa1jZvfzNIymqe6NejWkVxmvC+sB4ujEh +Vg== -----END CERTIFICATE----- Certificate: @@ -107,30 +107,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b1:0a:34:0b:b1:d9:65:b5:ea:7a:ac:f5:96:11: - 68:ba:f0:c9:6b:57:c7:97:7e:f4:bb:5d:31:4e:43: - 9b:04:7f:a7:2e:fd:4c:e0:03:c7:0d:ac:70:24:0e: - bc:26:a2:5d:48:71:04:9b:43:8c:97:e4:2c:df:7c: - 59:39:eb:a3:94:b3:5b:87:d5:11:b6:c1:4a:e9:7b: - e8:f8:c5:31:3b:2c:4d:f0:47:34:75:a8:88:6d:22: - a9:24:dc:00:1f:a0:36:1e:e3:a7:92:b1:00:9d:f8: - ef:27:46:63:60:23:67:48:e6:5d:66:b3:3d:b6:84: - 04:3f:b1:1b:2f:b7:8e:71:26:28:32:ff:de:fa:b0: - cb:e2:90:5a:72:9a:83:1d:de:c7:ad:b1:5d:68:11: - 9e:6a:ac:44:6b:06:cc:93:6c:a9:13:af:a4:72:e2: - 34:4d:c4:d7:8f:ee:99:f4:e4:db:d1:19:45:bf:97: - 76:59:7d:b9:32:63:07:a0:1c:e3:19:98:f6:aa:d8: - ba:44:f6:ec:5f:eb:46:d1:63:70:56:00:a1:f1:ce: - 18:c3:a5:77:27:81:e6:18:65:78:9a:c4:87:f9:36: - 2e:b6:fc:5c:75:a9:a9:59:6a:df:99:26:07:c9:1d: - 1a:a8:4f:6e:b6:10:92:4f:96:c1:74:30:4a:5c:8b: - bd:7b + 00:d9:cf:a3:72:11:43:a1:d1:78:59:5e:27:cb:ee: + f6:2e:52:4e:9d:79:d1:c4:1e:bd:bb:e9:d4:cb:5e: + 95:9f:ba:0c:7c:aa:b3:1b:97:57:82:a9:6c:f1:e6: + 89:4b:37:fc:68:8c:93:2b:c8:35:58:e4:f5:6a:c9: + 9d:cc:a3:3f:25:98:a3:6f:81:6c:97:67:30:b8:7a: + ab:47:42:6a:7c:93:a1:c9:1d:3e:b9:02:fb:1c:71: + 40:2d:9a:a3:46:35:5c:4e:db:a9:2d:9a:09:d6:d1: + 9d:7c:99:93:a9:fd:25:98:90:ba:84:a7:74:bf:4f: + 9a:8e:5b:a2:2e:6b:5d:23:c4:77:42:77:0b:8a:f4: + e1:55:21:66:18:43:a7:a6:08:41:99:42:cc:f3:1c: + 90:93:21:12:5d:67:1d:af:fd:f0:f6:c1:ce:26:83: + 85:02:6e:dc:ca:9a:d4:81:55:19:9c:57:a0:56:17: + 4c:a7:1a:7b:f0:89:cf:9a:fd:27:56:9b:b6:24:00: + a4:8a:1b:82:5a:39:fc:3a:d1:e9:ae:03:0d:aa:8d: + 95:c4:31:50:18:b5:0b:c5:4f:95:85:00:1d:de:e4: + d4:1f:fa:c3:90:12:47:d4:60:75:ca:5a:1b:37:22: + 5a:21:14:21:89:8a:07:1b:10:5d:9f:35:b5:50:3f: + d2:29 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - A7:A7:7E:EF:32:C8:D1:7C:DF:CA:EE:F4:4F:7A:EA:67:43:53:57:CF + EE:50:7B:40:71:90:A0:CE:F2:A3:28:0D:EC:1C:F2:D9:7E:A8:F3:0E X509v3 Authority Key Identifier: - keyid:7F:7A:CD:B2:58:B8:B5:62:1A:C2:DE:B4:6B:B5:74:E9:B8:DC:77:87 + keyid:92:8E:AB:BC:5A:AD:A6:C8:EA:A3:7B:A6:23:5B:F4:4F:B0:FA:60:FA Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -145,41 +145,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 96:e8:cf:14:ab:83:41:2e:62:24:7e:03:ad:0e:ae:8e:6a:93: - ed:3d:86:68:84:b5:76:2b:88:c3:67:b6:15:b6:38:b2:27:f3: - 2a:1b:83:42:60:11:ee:94:ba:d8:d8:35:74:92:c1:5f:b4:b3: - f0:fc:5e:eb:51:93:be:00:11:79:db:94:86:0f:19:26:bb:f6: - b1:ec:93:66:34:df:3e:7e:6e:80:17:3e:4a:9b:53:04:05:22: - 88:de:65:e3:50:c1:81:fa:1d:fc:76:09:f6:25:89:9d:4f:d3: - ff:76:b0:3e:81:d3:79:8f:05:48:68:36:93:43:ac:b8:41:37: - 98:54:bc:71:90:ed:12:c0:1f:f7:b4:a7:7b:56:34:e3:97:01: - 41:56:9a:c6:37:3f:8e:34:9b:51:37:77:4f:67:d6:72:66:d1: - 89:64:10:80:5f:13:15:34:03:a9:c5:6e:07:6c:77:78:99:27: - f4:e0:44:0e:5f:a0:67:dd:f7:4d:4a:93:b3:71:d2:8e:1b:d6: - 29:5a:8f:f1:f7:c8:9c:33:ae:28:15:7b:10:ee:92:bd:d5:3c: - b3:81:5a:52:5d:96:43:ae:bd:03:83:36:e8:c5:f8:23:03:26: - eb:2f:70:4a:bb:d8:e1:6a:a0:7d:23:b1:4f:32:28:65:23:84: - 02:95:8e:2d + c4:f9:ff:10:68:6d:bd:80:a2:31:26:12:4e:0c:7d:32:35:a3: + 8f:98:b3:a0:dd:18:57:b3:4a:9e:8e:40:e9:59:20:e0:9b:4f: + 4c:52:65:9c:21:8e:e8:46:d9:05:eb:c3:f5:4b:24:45:02:f2: + 79:f0:15:25:11:e5:de:e0:b4:05:29:52:5d:cf:d8:1f:f7:49: + ea:8b:76:6f:44:f2:91:d1:67:de:1f:44:26:59:c6:9b:c8:34: + 3b:2e:81:3e:dd:9e:25:df:fd:72:19:d9:f4:ad:17:a3:6a:2a: + 94:9c:4b:64:2a:75:1e:7c:ce:75:b0:ea:0c:0e:b0:fa:be:ea: + 3f:fa:e4:49:ee:58:90:26:9e:b2:bc:f8:8a:4c:a3:f5:08:1a: + e6:b5:50:10:7e:7d:30:b6:87:5c:c6:6b:e2:f4:7f:b2:58:a4: + b7:ea:fe:90:29:16:cc:8e:f3:f3:d7:4c:56:f6:a1:c2:2b:8d: + 7e:3e:d5:e2:2b:42:ae:6b:fa:9a:cc:bf:ab:5d:87:17:4f:7a: + 5c:4e:b7:27:1d:44:85:fb:82:5d:09:d7:ae:49:67:2f:03:41: + f4:64:c4:f3:66:18:fe:46:c3:89:49:be:c8:99:9c:93:eb:ba: + 59:d4:92:52:4d:5f:3b:d3:14:a1:4b:5a:ea:5f:8b:78:12:be: + 52:c2:b9:6b -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQo0C7HZ -ZbXqeqz1lhFouvDJa1fHl370u10xTkObBH+nLv1M4APHDaxwJA68JqJdSHEEm0OM -l+Qs33xZOeujlLNbh9URtsFK6Xvo+MUxOyxN8Ec0daiIbSKpJNwAH6A2HuOnkrEA -nfjvJ0ZjYCNnSOZdZrM9toQEP7EbL7eOcSYoMv/e+rDL4pBacpqDHd7HrbFdaBGe -aqxEawbMk2ypE6+kcuI0TcTXj+6Z9OTb0RlFv5d2WX25MmMHoBzjGZj2qti6RPbs -X+tG0WNwVgCh8c4Yw6V3J4HmGGV4msSH+TYutvxcdampWWrfmSYHyR0aqE9uthCS -T5bBdDBKXIu9ewIDAQABo4HLMIHIMB0GA1UdDgQWBBSnp37vMsjRfN/K7vRPeupn -Q1NXzzAfBgNVHSMEGDAWgBR/es2yWLi1YhrC3rRrtXTpuNx3hzA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2c+jchFD +odF4WV4ny+72LlJOnXnRxB69u+nUy16Vn7oMfKqzG5dXgqls8eaJSzf8aIyTK8g1 +WOT1asmdzKM/JZijb4Fsl2cwuHqrR0JqfJOhyR0+uQL7HHFALZqjRjVcTtupLZoJ +1tGdfJmTqf0lmJC6hKd0v0+ajluiLmtdI8R3QncLivThVSFmGEOnpghBmULM8xyQ +kyESXWcdr/3w9sHOJoOFAm7cyprUgVUZnFegVhdMpxp78InPmv0nVpu2JACkihuC +Wjn8OtHprgMNqo2VxDFQGLULxU+VhQAd3uTUH/rDkBJH1GB1ylobNyJaIRQhiYoH +GxBdnzW1UD/SKQIDAQABo4HLMIHIMB0GA1UdDgQWBBTuUHtAcZCgzvKjKA3sHPLZ +fqjzDjAfBgNVHSMEGDAWgBSSjqu8Wq2myOqje6YjW/RPsPpg+jA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AJbozxSrg0EuYiR+A60Oro5qk+09hmiEtXYriMNnthW2OLIn8yobg0JgEe6UutjY -NXSSwV+0s/D8XutRk74AEXnblIYPGSa79rHsk2Y03z5+boAXPkqbUwQFIojeZeNQ -wYH6Hfx2CfYliZ1P0/92sD6B03mPBUhoNpNDrLhBN5hUvHGQ7RLAH/e0p3tWNOOX -AUFWmsY3P440m1E3d09n1nJm0YlkEIBfExU0A6nFbgdsd3iZJ/TgRA5foGfd901K -k7Nx0o4b1ilaj/H3yJwzrigVexDukr3VPLOBWlJdlkOuvQODNujF+CMDJusvcEq7 -2OFqoH0jsU8yKGUjhAKVji0= +AMT5/xBobb2AojEmEk4MfTI1o4+Ys6DdGFezSp6OQOlZIOCbT0xSZZwhjuhG2QXr +w/VLJEUC8nnwFSUR5d7gtAUpUl3P2B/3SeqLdm9E8pHRZ94fRCZZxpvINDsugT7d +niXf/XIZ2fStF6NqKpScS2QqdR58znWw6gwOsPq+6j/65EnuWJAmnrK8+IpMo/UI +Gua1UBB+fTC2h1zGa+L0f7JYpLfq/pApFsyO8/PXTFb2ocIrjX4+1eIrQq5r+prM +v6tdhxdPelxOtycdRIX7gl0J165JZy8DQfRkxPNmGP5Gw4lJvsiZnJPrulnUklJN +XzvTFKFLWupfi3gSvlLCuWs= -----END CERTIFICATE----- Certificate: @@ -196,30 +196,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:a7:f5:bd:ee:ad:ff:30:37:e6:5a:68:20:1a:22: - b1:f5:bb:5e:24:38:bd:b7:c1:34:d4:97:8b:16:97: - 34:17:bc:61:df:ff:ff:6b:9c:b6:34:79:7d:5a:e7: - 3b:cf:07:73:b8:2d:03:59:56:68:4a:85:25:58:f4: - 68:01:61:84:52:99:2f:6a:7e:cb:13:61:8b:6e:3b: - f5:8e:c2:48:cc:1e:50:28:4f:5f:4b:6b:32:d3:f3: - 76:c9:6f:a3:aa:40:1b:06:59:19:cd:42:70:f4:85: - fe:86:38:ca:84:42:5f:bb:d3:a7:41:42:46:59:14: - 3f:11:1d:62:d9:e1:16:3f:06:a7:59:f3:ff:ba:f1: - 88:7b:0c:68:10:49:ac:8d:75:87:08:94:f6:ec:ce: - 4c:6d:e6:77:85:25:c8:8f:42:0a:1d:d3:00:cc:89: - 31:dc:32:07:d7:2e:62:16:73:8b:5d:c4:c9:1b:87: - 7c:46:64:2d:cc:e0:fb:69:d2:e1:bd:23:2b:d9:15: - 62:22:a4:cd:75:64:f1:78:76:cc:07:11:59:08:60: - 03:dd:cb:67:3e:a7:b8:12:fa:96:54:6f:6d:9f:05: - 11:89:71:13:50:94:bb:bb:17:7e:80:ed:40:b1:ba: - f2:36:2d:45:bb:73:78:5e:b7:5e:2f:e7:f8:66:ec: - 1f:17 + 00:f6:22:a8:ce:1d:94:88:97:b9:e7:e7:ab:56:da: + 1c:7c:06:27:7b:06:ac:a5:75:b0:b8:8b:44:d9:8f: + 07:38:8f:c8:15:46:49:46:c7:33:07:74:fa:4c:30: + a7:e6:48:eb:5c:03:14:0b:da:f9:66:be:0b:f4:04: + e2:d6:d8:79:cf:3c:0c:1d:61:27:4e:8e:0e:21:4f: + b6:2b:e0:bf:dd:67:0d:31:7b:38:36:8c:89:f0:50: + 2c:35:f0:a6:1f:46:85:f2:78:59:2e:e0:f0:a3:a5: + d7:d5:25:a9:6e:d3:6e:6f:80:57:64:a0:c0:d3:75: + 94:62:72:99:1f:a3:df:6e:b9:e3:39:6b:d3:94:83: + db:99:91:fa:d3:98:e2:c0:e3:66:71:1c:ff:ee:40: + 14:75:eb:47:79:21:01:b5:60:86:81:1e:40:c7:e6: + b8:48:95:2c:07:50:49:40:65:9f:c4:91:6c:00:ee: + cc:98:1e:c5:d2:ef:fe:09:74:f2:b8:d9:91:48:01: + 48:27:d9:50:b5:4f:44:e8:f3:fa:03:12:08:a5:fa: + b9:55:b1:45:59:76:87:c9:d4:c4:d7:65:ad:b4:c5: + 82:79:ea:f0:b7:5c:75:18:4d:33:4c:bc:f6:05:e8: + 22:30:6b:5b:d8:2a:14:2a:6a:11:7c:48:6a:7c:0e: + e7:e9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 7F:7A:CD:B2:58:B8:B5:62:1A:C2:DE:B4:6B:B5:74:E9:B8:DC:77:87 + 92:8E:AB:BC:5A:AD:A6:C8:EA:A3:7B:A6:23:5B:F4:4F:B0:FA:60:FA X509v3 Authority Key Identifier: - keyid:7F:7A:CD:B2:58:B8:B5:62:1A:C2:DE:B4:6B:B5:74:E9:B8:DC:77:87 + keyid:92:8E:AB:BC:5A:AD:A6:C8:EA:A3:7B:A6:23:5B:F4:4F:B0:FA:60:FA Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -234,41 +234,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - a6:5d:56:c1:c7:29:8f:3a:1d:86:2c:5f:1e:ff:83:7a:c0:44: - 81:81:f7:16:9d:84:70:66:f8:1a:f4:8e:50:a7:dd:d2:1a:2e: - f9:6e:cc:e6:39:7c:fb:7e:29:54:24:3d:4a:82:e1:a5:d6:7e: - 4c:c8:58:b8:d6:f7:d2:90:ca:d9:8f:e9:c8:59:bc:73:1c:37: - 19:7c:a4:2b:ec:68:de:e9:04:fa:14:f0:07:bd:2f:3f:16:a4: - 50:8f:e8:89:ea:c1:31:d1:ce:6e:b1:21:11:5b:69:dc:28:e7: - 8a:33:8d:40:52:f8:86:8e:b0:a1:7a:a5:46:f2:8d:d7:d1:2e: - c8:2f:0f:ac:20:38:25:d6:4e:b2:72:fc:88:f3:47:93:bc:ec: - 47:0c:1c:cf:22:65:40:04:70:15:fa:79:ec:09:a2:69:a9:09: - 78:f7:3e:84:f3:7f:fa:a2:11:ad:45:72:5d:9d:55:58:fa:b1: - c6:67:4e:41:b4:bd:88:a0:e2:55:ae:26:3a:72:78:3d:e4:ab: - ad:f7:83:69:24:cd:22:4f:2e:23:a1:05:19:bd:57:d3:e8:b3: - 3d:9f:bd:ed:0b:95:bf:e5:47:8f:da:dd:9d:6b:27:61:bd:49: - 15:9c:9d:6b:40:2b:54:5f:3f:56:d5:08:29:6c:46:49:2d:3f: - d1:91:ff:f8 + 3c:8a:43:74:66:4d:ed:71:d0:df:58:60:b9:2a:5a:04:b7:a7: + 5a:e6:06:68:a8:ca:1e:58:62:b1:c4:71:ca:6c:87:2d:c4:2a: + 66:82:46:af:ee:7a:70:24:44:73:a1:20:cd:ae:17:fe:85:45: + 4f:da:15:17:b8:3a:b8:6f:e5:4e:b1:c0:40:09:c7:fc:79:9d: + e1:dc:23:75:6e:89:81:f9:ec:14:e1:e7:7f:79:f2:cd:88:eb: + 79:ca:c1:16:c1:8b:cd:40:bc:c3:98:72:11:7f:90:23:61:1e: + d2:f0:ed:10:95:3e:8d:85:17:be:b3:e1:02:68:68:41:56:0f: + 57:7e:1d:8c:96:3b:c6:57:fd:f3:73:3a:19:70:82:1e:b2:07: + a9:a3:c8:dd:49:5b:17:10:ce:f9:cb:aa:0f:e8:47:e3:ba:9d: + d1:81:d6:71:e2:74:f9:36:cf:45:62:93:f0:02:ef:a0:43:47: + fb:03:32:6b:53:63:0c:fe:05:3b:7b:00:0a:02:c1:df:cc:15: + 16:4c:0e:13:26:1b:85:da:ed:cf:14:e2:ad:ca:82:9f:5b:a0: + e0:3d:95:b7:f9:30:0a:fe:e8:0b:06:2d:26:31:21:05:b0:8a: + d4:27:fb:24:3d:7b:a7:fb:e6:0f:a5:c2:a8:ec:fd:65:76:86: + 4d:ef:24:0a -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKf1ve6t/zA35lpoIBoi -sfW7XiQ4vbfBNNSXixaXNBe8Yd///2uctjR5fVrnO88Hc7gtA1lWaEqFJVj0aAFh -hFKZL2p+yxNhi2479Y7CSMweUChPX0trMtPzdslvo6pAGwZZGc1CcPSF/oY4yoRC -X7vTp0FCRlkUPxEdYtnhFj8Gp1nz/7rxiHsMaBBJrI11hwiU9uzOTG3md4UlyI9C -Ch3TAMyJMdwyB9cuYhZzi13EyRuHfEZkLczg+2nS4b0jK9kVYiKkzXVk8Xh2zAcR -WQhgA93LZz6nuBL6llRvbZ8FEYlxE1CUu7sXfoDtQLG68jYtRbtzeF63Xi/n+Gbs -HxcCAwEAAaOByzCByDAdBgNVHQ4EFgQUf3rNsli4tWIawt60a7V06bjcd4cwHwYD -VR0jBBgwFoAUf3rNsli4tWIawt60a7V06bjcd4cwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPYiqM4dlIiXuefnq1ba +HHwGJ3sGrKV1sLiLRNmPBziPyBVGSUbHMwd0+kwwp+ZI61wDFAva+Wa+C/QE4tbY +ec88DB1hJ06ODiFPtivgv91nDTF7ODaMifBQLDXwph9GhfJ4WS7g8KOl19UlqW7T +bm+AV2SgwNN1lGJymR+j32654zlr05SD25mR+tOY4sDjZnEc/+5AFHXrR3khAbVg +hoEeQMfmuEiVLAdQSUBln8SRbADuzJgexdLv/gl08rjZkUgBSCfZULVPROjz+gMS +CKX6uVWxRVl2h8nUxNdlrbTFgnnq8LdcdRhNM0y89gXoIjBrW9gqFCpqEXxIanwO +5+kCAwEAAaOByzCByDAdBgNVHQ4EFgQUko6rvFqtpsjqo3umI1v0T7D6YPowHwYD +VR0jBBgwFoAUko6rvFqtpsjqo3umI1v0T7D6YPowNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCmXVbBxymP -Oh2GLF8e/4N6wESBgfcWnYRwZvga9I5Qp93SGi75bszmOXz7filUJD1KguGl1n5M -yFi41vfSkMrZj+nIWbxzHDcZfKQr7Gje6QT6FPAHvS8/FqRQj+iJ6sEx0c5usSER -W2ncKOeKM41AUviGjrCheqVG8o3X0S7ILw+sIDgl1k6ycvyI80eTvOxHDBzPImVA -BHAV+nnsCaJpqQl49z6E83/6ohGtRXJdnVVY+rHGZ05BtL2IoOJVriY6cng95Kut -94NpJM0iTy4joQUZvVfT6LM9n73tC5W/5UeP2t2daydhvUkVnJ1rQCtUXz9W1Qgp -bEZJLT/Rkf/4 +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA8ikN0Zk3t +cdDfWGC5KloEt6da5gZoqMoeWGKxxHHKbIctxCpmgkav7npwJERzoSDNrhf+hUVP +2hUXuDq4b+VOscBACcf8eZ3h3CN1bomB+ewU4ed/efLNiOt5ysEWwYvNQLzDmHIR +f5AjYR7S8O0QlT6NhRe+s+ECaGhBVg9Xfh2MljvGV/3zczoZcIIesgepo8jdSVsX +EM75y6oP6Efjup3RgdZx4nT5Ns9FYpPwAu+gQ0f7AzJrU2MM/gU7ewAKAsHfzBUW +TA4TJhuF2u3PFOKtyoKfW6DgPZW3+TAK/ugLBi0mMSEFsIrUJ/skPXun++YPpcKo +7P1ldoZN7yQK -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -281,11 +281,16 @@ FAIL RkFJTA== -----END VERIFY_RESULT----- -[Context] Processing Certificate - index: 1 - [Error] Unacceptable signature algorithm - [Error] VerifySignedData failed +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=0 (CN=Target) ----- +ERROR: Unacceptable signature algorithm +ERROR: VerifySignedData failed + -----BEGIN ERRORS----- -W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMQogICAgICBbRXJyb3JdIFVuYWNjZXB0YWJsZSBzaWduYXR1cmUgYWxnb3JpdGhtCiAgICAgIFtFcnJvcl0gVmVyaWZ5U2lnbmVkRGF0YSBmYWlsZWQK +LS0tLS0gQ2VydGlmaWNhdGUgaT0wIChDTj1UYXJnZXQpIC0tLS0tCkVSUk9SOiBVbmFjY2VwdGFibGUgc2lnbmF0dXJlIGFsZ29yaXRobQpFUlJPUjogVmVyaWZ5U2lnbmVkRGF0YSBmYWlsZWQKCg== -----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/target-unknown-critical-extension.pem b/chromium/net/data/verify_certificate_chain_unittest/target-unknown-critical-extension.pem index a5afd225886..e1cba8b84d1 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/target-unknown-critical-extension.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/target-unknown-critical-extension.pem @@ -19,30 +19,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:d5:9d:3b:85:e5:81:69:52:70:67:33:4a:2b:76: - 6a:e5:61:db:af:e5:32:74:85:dd:54:d2:c7:76:5a: - 5c:38:d8:46:fc:b4:33:f5:9d:8e:80:83:ab:31:96: - 41:c4:c2:52:af:8c:4d:0e:5c:69:c5:5d:cc:b4:1b: - ef:de:61:58:88:e2:c4:bf:6a:cb:74:bd:f5:bd:61: - 57:1c:22:9f:6d:e8:38:c6:70:b8:1e:a5:2b:4f:35: - 9f:65:fc:c1:36:17:3e:d7:fa:33:21:70:fb:e0:ce: - ab:23:41:3f:fc:7b:74:1d:6b:ba:21:b7:5b:fd:a1: - 77:11:1a:8d:5b:2a:be:38:2e:79:a0:b7:2d:45:5c: - d7:32:fd:4c:70:f1:95:1c:38:a3:15:4f:57:f3:75: - 59:fe:75:14:39:ea:44:16:b9:2e:06:df:67:30:dd: - 5a:b1:7e:95:09:fd:12:cc:87:b1:66:fa:7e:b9:e5: - b5:38:0a:46:73:53:1a:b2:aa:12:e3:6d:99:56:e8: - c7:cc:eb:6b:00:9b:c1:ba:02:23:2b:32:be:9b:f8: - ab:b2:b5:be:50:f6:7f:95:b6:6b:1c:e6:ad:f1:69: - 5a:e0:41:1e:85:64:91:37:7b:9a:28:43:a5:ee:33: - 25:ab:82:97:03:07:94:b8:d3:34:95:bf:33:d2:14: - b1:61 + 00:bd:05:ea:3a:1c:14:a1:db:ad:2c:18:3d:25:9c: + dc:1c:0f:2b:1e:42:df:c2:7c:b4:39:e6:4b:45:eb: + d3:a2:1c:2b:dc:f2:8c:08:f5:81:df:bd:fa:a2:1a: + 1c:5c:99:cb:00:c7:31:02:c8:44:5f:31:cf:9c:82: + 6d:3c:0c:5d:f7:d6:cc:91:fe:f3:e7:7a:08:17:85: + d5:75:61:ee:dd:66:55:3c:e2:68:98:36:19:20:e4: + 9b:cd:24:6c:a3:5d:89:84:80:2e:c7:11:4e:c1:82: + b2:80:ce:0f:e9:6a:42:54:10:fb:c0:0a:53:be:19: + 01:38:ba:06:c5:93:93:1c:84:aa:25:c7:c5:9a:4d: + 32:2e:a4:13:5e:6d:07:d6:9d:e5:b0:29:63:da:14: + b7:62:51:63:93:dc:28:ae:4a:bc:35:ac:c0:06:ea: + ea:0b:d5:70:61:3b:05:78:e4:d3:ad:c3:ad:95:f1: + 48:e5:79:a6:dc:12:1f:14:4f:21:9f:ca:6f:7a:dd: + d6:45:c8:8a:60:96:1c:02:06:16:18:80:21:58:6a: + f6:83:3e:1a:98:b8:b2:a9:22:44:c2:25:e9:dc:a9: + aa:bf:1d:2e:3f:2e:a1:78:08:93:04:4c:c4:1f:f9: + b3:34:9f:a7:78:5b:02:a6:ca:d3:1f:fa:ba:4d:34: + a2:bb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - B3:FD:B6:08:AB:82:83:50:E7:F0:85:51:1C:CC:78:E5:22:50:91:60 + D6:55:4E:AC:07:84:35:A9:0D:9A:63:45:82:73:4E:A4:CC:53:B0:02 X509v3 Authority Key Identifier: - keyid:5B:B2:D8:DC:1B:60:39:B5:6B:10:A5:70:37:93:E7:3C:F5:52:46:C8 + keyid:8A:E3:E6:F6:58:6F:1C:90:B4:67:A5:14:D8:64:E7:F7:00:77:61:01 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -59,42 +59,42 @@ Certificate: 1.2.3.4: critical .... Signature Algorithm: sha256WithRSAEncryption - 39:19:04:31:e9:20:03:1b:e9:d3:91:25:94:68:4f:8d:07:16: - 08:e8:7f:99:01:37:56:8d:f4:15:6b:a8:7c:e4:3d:32:ad:3d: - 62:0f:5e:93:6f:b9:21:ba:e8:c3:48:13:e5:eb:ad:26:f0:9b: - 4c:fe:76:8e:73:a2:be:01:b5:48:7c:11:7e:cc:47:4b:0c:0c: - 17:65:54:ab:0e:79:6c:e5:75:67:52:ab:f7:26:97:36:3d:71: - 6d:88:54:b9:ef:b1:00:42:56:64:88:db:0f:9c:be:25:e0:6e: - 2b:df:c6:55:3a:89:af:92:1c:21:71:6e:22:ab:5a:b8:de:53: - a1:8d:84:0f:0e:55:43:08:45:0b:fd:4a:6f:fa:e4:89:55:a0: - 8d:10:c0:3a:06:42:7c:f1:b8:7a:19:a7:61:cc:c0:b1:e2:f1: - 14:d5:bd:ff:41:a5:50:f6:ac:a4:3f:ec:6a:6a:3e:7b:60:29: - f4:9d:c8:57:81:12:59:7b:0f:b2:2a:43:29:03:a5:eb:e7:e8: - cd:15:fe:53:07:e0:12:0a:35:29:e8:fe:7f:51:ae:19:98:d5: - 89:9c:05:0a:ba:51:89:0f:1f:3c:8e:2a:eb:e7:93:0a:fd:c1: - f3:0e:ce:67:5b:f2:73:dc:e6:2e:db:2b:88:11:3b:07:d8:ff: - 79:0c:6a:e1 + 9d:14:85:fa:0d:d6:72:ba:c0:d9:c6:d4:4e:f9:79:34:2f:ab: + 57:20:b8:92:52:8f:c6:9a:35:0c:f2:9c:a7:6b:fc:a9:e2:c9: + 02:6f:e9:9d:2c:9d:1e:95:22:d3:a1:85:9f:80:34:da:07:74: + ee:2a:e1:cd:04:10:45:fa:2f:52:52:4c:2c:09:ce:9a:33:1d: + ed:f3:31:11:bd:68:7b:a1:14:2f:2b:6c:6a:22:9c:3b:c7:7d: + d3:fd:17:01:11:9e:b1:33:6c:91:01:a9:08:7f:77:b5:7e:5e: + 5e:77:56:86:9a:97:e1:9a:7b:d9:1b:f8:d9:19:70:1b:3c:52: + ef:10:9b:ab:40:c1:41:f0:d4:11:25:74:8f:bc:1d:6c:55:55: + 28:e1:d6:75:12:48:3f:bb:74:d5:4d:8f:b0:77:c1:9e:d0:88: + ff:fa:00:4c:ba:c6:6a:28:5b:1b:e7:e0:af:91:a8:73:54:de: + 3f:36:fd:f1:ab:73:91:fd:5f:3f:99:1d:46:83:0c:b4:c2:b5: + c9:17:e3:e9:e5:6e:24:80:a1:f1:52:8a:a8:b6:20:70:b4:d1: + 8a:8d:c4:cb:08:48:ec:31:03:d2:9f:0c:31:ee:18:12:d5:d7: + c9:60:af:5d:95:4e:72:b0:2a:4d:02:0d:3c:6f:86:d6:9d:89: + 0f:ff:fc:bb -----BEGIN CERTIFICATE----- MIIDnTCCAoWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVnTuF -5YFpUnBnM0ordmrlYduv5TJ0hd1U0sd2Wlw42Eb8tDP1nY6Ag6sxlkHEwlKvjE0O -XGnFXcy0G+/eYViI4sS/ast0vfW9YVccIp9t6DjGcLgepStPNZ9l/ME2Fz7X+jMh -cPvgzqsjQT/8e3Qda7oht1v9oXcRGo1bKr44Lnmgty1FXNcy/Uxw8ZUcOKMVT1fz -dVn+dRQ56kQWuS4G32cw3VqxfpUJ/RLMh7Fm+n655bU4CkZzUxqyqhLjbZlW6MfM -62sAm8G6AiMrMr6b+Kuytb5Q9n+Vtmsc5q3xaVrgQR6FZJE3e5ooQ6XuMyWrgpcD -B5S40zSVvzPSFLFhAgMBAAGjgfkwgfYwHQYDVR0OBBYEFLP9tgirgoNQ5/CFURzM -eOUiUJFgMB8GA1UdIwQYMBaAFFuy2NwbYDm1axClcDeT5zz1UkbIMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Beo6 +HBSh260sGD0lnNwcDyseQt/CfLQ55ktF69OiHCvc8owI9YHfvfqiGhxcmcsAxzEC +yERfMc+cgm08DF331syR/vPneggXhdV1Ye7dZlU84miYNhkg5JvNJGyjXYmEgC7H +EU7BgrKAzg/pakJUEPvAClO+GQE4ugbFk5MchKolx8WaTTIupBNebQfWneWwKWPa +FLdiUWOT3CiuSrw1rMAG6uoL1XBhOwV45NOtw62V8UjleabcEh8UTyGfym963dZF +yIpglhwCBhYYgCFYavaDPhqYuLKpIkTCJencqaq/HS4/LqF4CJMETMQf+bM0n6d4 +WwKmytMf+rpNNKK7AgMBAAGjgfkwgfYwHQYDVR0OBBYEFNZVTqwHhDWpDZpjRYJz +TqTMU7ACMB8GA1UdIwQYMBaAFIrj5vZYbxyQtGelFNhk5/cAd2EBMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF BwMBBggrBgEFBQcDAjAOBgMqAwQBAf8EBAECAwQwDQYJKoZIhvcNAQELBQADggEB -ADkZBDHpIAMb6dORJZRoT40HFgjof5kBN1aN9BVrqHzkPTKtPWIPXpNvuSG66MNI -E+XrrSbwm0z+do5zor4BtUh8EX7MR0sMDBdlVKsOeWzldWdSq/cmlzY9cW2IVLnv -sQBCVmSI2w+cviXgbivfxlU6ia+SHCFxbiKrWrjeU6GNhA8OVUMIRQv9Sm/65IlV -oI0QwDoGQnzxuHoZp2HMwLHi8RTVvf9BpVD2rKQ/7GpqPntgKfSdyFeBEll7D7Iq -QykDpevn6M0V/lMH4BIKNSno/n9RrhmY1YmcBQq6UYkPHzyOKuvnkwr9wfMOzmdb -8nPc5i7bK4gROwfY/3kMauE= +AJ0UhfoN1nK6wNnG1E75eTQvq1cguJJSj8aaNQzynKdr/KniyQJv6Z0snR6VItOh +hZ+ANNoHdO4q4c0EEEX6L1JSTCwJzpozHe3zMRG9aHuhFC8rbGoinDvHfdP9FwER +nrEzbJEBqQh/d7V+Xl53Voaal+Gae9kb+NkZcBs8Uu8Qm6tAwUHw1BEldI+8HWxV +VSjh1nUSSD+7dNVNj7B3wZ7QiP/6AEy6xmooWxvn4K+RqHNU3j82/fGrc5H9Xz+Z +HUaDDLTCtckX4+nlbiSAofFSiqi2IHC00YqNxMsISOwxA9KfDDHuGBLV18lgr12V +TnKwKk0CDTxvhtadiQ///Ls= -----END CERTIFICATE----- Certificate: @@ -111,30 +111,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b9:ec:7c:da:f2:c7:b4:02:ee:82:a9:58:98:60: - 67:07:a2:c2:9d:2c:a1:76:50:f7:4a:0a:04:80:45: - 7b:3d:f6:31:fe:1d:e9:45:40:76:1d:38:df:c9:e1: - 42:df:13:7e:16:26:2b:41:14:6b:6e:5e:f3:39:4e: - 61:9d:fd:5f:bf:2a:f9:b7:cf:3f:af:34:b1:17:ef: - 97:1f:bf:3d:4c:0a:93:91:bd:ee:11:7a:64:ee:69: - 22:75:60:8b:c3:10:cd:9e:91:8a:d8:54:c7:43:f4: - fb:88:db:09:7a:22:5d:26:58:ab:7d:d0:41:11:47: - 10:62:ed:cc:e6:bb:d2:da:a4:7c:e9:0a:39:5b:9f: - 93:b0:06:27:50:38:ea:63:e2:6b:a0:eb:c5:d3:7f: - 87:71:d8:08:64:d5:87:0a:6e:59:99:d7:74:7c:da: - eb:30:68:9d:f8:09:31:c7:66:5f:9a:fb:2d:9b:f1: - c1:ff:cb:57:67:46:03:99:a3:4b:e0:bc:2b:17:f4: - 0b:7b:61:3f:5e:cf:c9:41:9b:15:ee:f9:90:46:ad: - b4:a2:86:3f:87:3c:dd:7e:97:6f:97:30:88:f8:e6: - 88:83:15:ad:77:6a:fd:1e:f1:ae:88:a2:f5:52:6d: - 6e:d9:5d:5d:c1:1b:0a:49:10:f4:5a:e8:42:53:67: - d1:cd + 00:b8:cf:91:dd:b5:74:07:ba:8a:93:3c:ca:0c:11: + 5d:36:29:ec:53:1e:32:8b:90:ae:f9:c0:db:d2:7e: + 78:ea:3c:58:57:5f:70:4a:96:9a:93:58:d3:7e:42: + 60:bd:78:07:38:6b:e4:16:8f:32:17:30:b1:76:95: + 56:6d:7e:e5:9e:f9:0f:f8:5a:99:ee:80:e1:e6:fc: + d6:af:33:61:aa:da:19:98:7f:da:27:2f:80:bc:96: + 2e:51:81:f8:1a:63:27:0b:ce:ee:02:16:55:4a:96: + 0a:c5:c1:7e:99:95:e8:70:e7:4d:2b:2f:bf:d3:d2: + 2d:25:7d:0f:b2:50:96:36:95:e5:2c:ca:0e:59:b5: + d4:7c:31:57:96:fa:be:c6:d5:9a:83:b5:96:f2:1c: + 4a:20:cf:be:0e:7f:42:4f:a7:b4:5b:e2:01:f4:ed: + 59:c4:6e:51:a1:a5:aa:a7:1f:04:ce:e0:d2:2c:ff: + a3:74:c7:e4:2a:a8:d2:7f:cd:f1:56:86:67:fe:75: + 22:05:f7:2d:3b:3b:ce:5c:b9:95:4e:e5:ca:d8:89: + f6:b3:12:27:b4:22:6b:fb:83:f9:0e:de:a8:be:38: + 5b:15:66:81:3b:62:d7:50:12:29:69:5b:c5:5a:99: + 97:aa:51:c3:36:88:97:c9:c1:90:53:4f:b3:ec:99: + 3c:f3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 5B:B2:D8:DC:1B:60:39:B5:6B:10:A5:70:37:93:E7:3C:F5:52:46:C8 + 8A:E3:E6:F6:58:6F:1C:90:B4:67:A5:14:D8:64:E7:F7:00:77:61:01 X509v3 Authority Key Identifier: - keyid:50:25:07:BE:12:C8:A2:18:2F:32:21:59:CC:2B:5A:A7:4E:19:5D:55 + keyid:52:00:A4:BE:8B:5F:23:63:5E:31:05:87:F4:6B:50:A7:01:70:63:DA Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -149,41 +149,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 12:72:ee:b6:62:1b:0d:70:52:a6:02:3c:13:2a:88:cf:cb:9a: - e2:07:5f:cf:3e:be:75:d3:f9:a6:23:47:ca:fb:88:87:bd:e1: - 52:8e:8b:fe:e9:c1:7a:8c:30:91:c5:0c:fe:9d:31:fa:fc:c0: - d7:fe:7a:7a:18:6f:3c:67:50:b0:22:b2:09:48:ca:dc:d7:d3: - 29:86:eb:f4:cf:e0:3e:6e:d1:88:fa:20:93:b3:05:4c:c6:29: - 06:df:4a:8b:72:3e:c8:3c:2b:33:56:26:de:91:1a:11:bc:21: - 7b:b8:b5:b6:7c:ca:0d:f7:d6:e8:b0:a8:99:e8:7a:2b:f0:c4: - 78:e5:54:9e:3f:73:dc:85:41:97:11:36:45:73:b9:f2:49:8d: - d7:83:cf:b4:1a:ed:33:dc:0b:cd:7e:83:77:ce:aa:2f:0e:1f: - 4d:e0:19:96:cd:74:79:de:18:8b:ad:9f:0c:96:20:14:63:5e: - e2:58:8e:4a:d8:fd:59:0d:a6:a4:02:85:ac:23:d4:43:b2:da: - 2d:6b:87:79:9e:2e:1e:f4:d3:95:ef:3d:91:7a:f7:17:16:c7: - 9f:1f:b7:42:7e:f4:fa:d9:81:18:26:23:03:1e:86:99:7d:28: - ef:a3:ac:be:bb:55:fa:38:62:3c:e6:6e:47:4b:f1:45:ef:de: - 38:ea:c3:a3 + 8a:a8:76:2b:f3:3a:53:97:a4:69:2c:ef:29:61:c0:35:54:6c: + 89:2a:10:2f:59:0e:07:02:ce:43:c3:5d:d0:8d:d3:dd:1e:78: + b1:0a:dc:04:a4:dd:a3:46:23:1c:e1:b8:a6:ca:1f:f1:8f:e7: + a3:ef:cf:ed:96:3f:09:bb:93:f2:7d:f2:18:a9:92:c2:84:f7: + 0e:b0:d2:01:22:7c:6c:0c:16:b1:4a:ce:ba:63:e7:8e:2f:b8: + 4f:14:23:b6:81:65:86:60:df:83:64:fd:1c:92:85:8b:bd:09: + c4:d2:42:f4:24:8e:14:c7:64:cd:b3:e1:09:51:3a:a7:d0:b1: + 42:f8:ef:c0:68:d7:e4:d7:16:7a:3f:b3:10:b7:e1:af:5b:09: + ba:4d:0d:e0:4d:72:66:87:1e:69:ef:43:5e:73:74:cd:8e:19: + 32:0b:e9:c0:66:b1:38:6c:08:13:01:a7:92:0f:b9:2e:4b:13: + a4:46:70:fe:16:5a:08:ea:2f:1e:07:9a:68:0f:5d:e2:14:44: + bd:7c:b9:a8:f3:79:b5:86:fc:2f:d2:03:ef:67:06:a1:42:d7: + 62:4f:76:b9:09:65:6c:53:99:a5:9c:e7:99:ad:7c:c0:e7:dc: + 4e:06:10:e1:62:00:7b:cd:a7:9e:de:78:84:8c:aa:00:e3:f9: + 1e:a0:39:88 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuex82vLH -tALugqlYmGBnB6LCnSyhdlD3SgoEgEV7PfYx/h3pRUB2HTjfyeFC3xN+FiYrQRRr -bl7zOU5hnf1fvyr5t88/rzSxF++XH789TAqTkb3uEXpk7mkidWCLwxDNnpGK2FTH -Q/T7iNsJeiJdJlirfdBBEUcQYu3M5rvS2qR86Qo5W5+TsAYnUDjqY+JroOvF03+H -cdgIZNWHCm5Zmdd0fNrrMGid+Akxx2Zfmvstm/HB/8tXZ0YDmaNL4LwrF/QLe2E/ -Xs/JQZsV7vmQRq20ooY/hzzdfpdvlzCI+OaIgxWtd2r9HvGuiKL1Um1u2V1dwRsK -SRD0WuhCU2fRzQIDAQABo4HLMIHIMB0GA1UdDgQWBBRbstjcG2A5tWsQpXA3k+c8 -9VJGyDAfBgNVHSMEGDAWgBRQJQe+EsiiGC8yIVnMK1qnThldVTA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuM+R3bV0 +B7qKkzzKDBFdNinsUx4yi5Cu+cDb0n546jxYV19wSpaak1jTfkJgvXgHOGvkFo8y +FzCxdpVWbX7lnvkP+FqZ7oDh5vzWrzNhqtoZmH/aJy+AvJYuUYH4GmMnC87uAhZV +SpYKxcF+mZXocOdNKy+/09ItJX0PslCWNpXlLMoOWbXUfDFXlvq+xtWag7WW8hxK +IM++Dn9CT6e0W+IB9O1ZxG5RoaWqpx8EzuDSLP+jdMfkKqjSf83xVoZn/nUiBfct +OzvOXLmVTuXK2In2sxIntCJr+4P5Dt6ovjhbFWaBO2LXUBIpaVvFWpmXqlHDNoiX +ycGQU0+z7Jk88wIDAQABo4HLMIHIMB0GA1UdDgQWBBSK4+b2WG8ckLRnpRTYZOf3 +AHdhATAfBgNVHSMEGDAWgBRSAKS+i18jY14xBYf0a1CnAXBj2jA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -ABJy7rZiGw1wUqYCPBMqiM/LmuIHX88+vnXT+aYjR8r7iIe94VKOi/7pwXqMMJHF -DP6dMfr8wNf+enoYbzxnULAisglIytzX0ymG6/TP4D5u0Yj6IJOzBUzGKQbfSoty -Psg8KzNWJt6RGhG8IXu4tbZ8yg331uiwqJnoeivwxHjlVJ4/c9yFQZcRNkVzufJJ -jdeDz7Qa7TPcC81+g3fOqi8OH03gGZbNdHneGIutnwyWIBRjXuJYjkrY/VkNpqQC -hawj1EOy2i1rh3meLh7005XvPZF69xcWx58ft0J+9PrZgRgmIwMehpl9KO+jrL67 -Vfo4YjzmbkdL8UXv3jjqw6M= +AIqodivzOlOXpGks7ylhwDVUbIkqEC9ZDgcCzkPDXdCN090eeLEK3ASk3aNGIxzh +uKbKH/GP56Pvz+2WPwm7k/J98hipksKE9w6w0gEifGwMFrFKzrpj544vuE8UI7aB +ZYZg34Nk/RyShYu9CcTSQvQkjhTHZM2z4QlROqfQsUL478Bo1+TXFno/sxC34a9b +CbpNDeBNcmaHHmnvQ15zdM2OGTIL6cBmsThsCBMBp5IPuS5LE6RGcP4WWgjqLx4H +mmgPXeIURL18uajzebWG/C/SA+9nBqFC12JPdrkJZWxTmaWc55mtfMDn3E4GEOFi +AHvNp57eeISMqgDj+R6gOYg= -----END CERTIFICATE----- Certificate: @@ -200,30 +200,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:a9:09:72:27:8b:f5:e4:bb:33:ee:14:1d:da:11: - 7c:b1:f1:53:3a:a3:77:3f:b2:f5:1f:b6:23:a3:69: - f8:9d:52:97:4c:92:af:07:46:c5:82:3f:97:a5:b2: - fc:e0:b3:3e:29:53:e5:75:07:04:30:7b:bb:55:a3: - af:ec:c3:bd:a0:c5:f1:58:4b:a8:5a:77:49:c7:fc: - a2:13:97:5c:3a:95:58:9b:95:4c:a0:18:b3:3a:18: - 1d:fe:5f:c1:c7:9b:d3:9a:0d:f3:4c:a6:3d:28:21: - 50:9d:ae:90:ae:aa:96:23:d6:4f:9b:ec:ff:59:67: - 0a:ff:8a:89:df:bc:99:ff:f6:75:b5:da:c7:79:d8: - 54:c8:f3:96:3a:c6:e9:60:0c:ee:9e:52:e1:e9:5f: - 58:1e:29:a3:1a:c3:4f:91:8c:2e:85:33:87:f0:c7: - c6:74:91:cc:fb:dd:ca:1e:71:6f:e2:c1:41:bc:ef: - e8:7f:48:07:a9:5c:aa:21:60:43:fd:3e:98:8b:4c: - 8d:95:55:48:3b:35:1a:2a:f4:e3:ef:85:01:11:c4: - f4:a3:15:e3:68:df:bb:94:f9:26:10:35:83:96:83: - 00:ce:cf:71:d4:e9:01:18:80:c2:dd:f0:9d:52:f6: - fa:11:de:a1:7f:79:d9:13:a6:eb:33:3e:04:57:b6: - 75:b9 + 00:c0:8e:83:7c:7e:0c:6a:e8:93:2c:f8:e6:80:17: + e6:2a:91:f2:1d:1a:b1:51:6e:3e:4d:96:bd:a1:29: + f3:bd:ce:46:17:dc:5f:ed:b7:33:d8:17:31:80:b1: + 12:f3:bb:86:1d:4a:a7:61:dd:51:15:a8:9d:50:25: + 4f:93:5b:8c:a6:43:30:a5:46:7e:80:74:51:17:66: + 61:ba:c0:9d:f5:53:e4:4d:02:58:a4:27:ac:ef:35: + eb:01:e6:0d:0f:a2:67:b3:95:1d:33:d3:70:55:6d: + 73:80:dd:c7:dc:21:c6:58:9a:7d:cb:e6:9d:e2:af: + 7f:14:02:7c:f8:45:ff:5c:74:7a:7d:b1:35:1f:74: + 0f:e7:0d:97:51:58:15:41:07:fa:12:99:2a:84:92: + 48:9b:08:ee:ad:26:37:15:3e:7e:7b:b6:1e:94:36: + be:b9:d8:b6:6f:27:71:13:d1:3e:b7:9e:9d:d6:1e: + e1:cb:7b:2b:ab:20:46:e0:08:9c:54:5b:c6:db:c2: + 57:d3:67:ee:00:cf:d2:cb:0b:64:31:a7:9c:97:f5: + 4b:37:db:7d:d5:dd:91:a7:ed:dc:0c:2f:9c:04:42: + 50:46:8a:59:d2:9c:10:d7:0c:25:d9:79:de:e1:4c: + 3d:4a:5a:3f:2c:6c:20:a1:60:9f:24:69:1a:0a:f9: + 6e:79 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 50:25:07:BE:12:C8:A2:18:2F:32:21:59:CC:2B:5A:A7:4E:19:5D:55 + 52:00:A4:BE:8B:5F:23:63:5E:31:05:87:F4:6B:50:A7:01:70:63:DA X509v3 Authority Key Identifier: - keyid:50:25:07:BE:12:C8:A2:18:2F:32:21:59:CC:2B:5A:A7:4E:19:5D:55 + keyid:52:00:A4:BE:8B:5F:23:63:5E:31:05:87:F4:6B:50:A7:01:70:63:DA Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -238,41 +238,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 3d:e1:85:32:4c:43:1e:f2:0d:ff:d3:ec:90:97:7d:8f:9c:16: - b1:6e:cb:55:f1:4f:d9:46:1c:c8:d7:3c:3e:8c:2c:8a:21:b8: - 38:a4:a9:a8:ac:69:51:32:3c:99:57:f8:73:2a:56:4a:ba:6e: - 6a:a8:89:f0:03:14:d2:7f:d2:22:55:84:47:e7:05:9c:3b:72: - 5d:39:02:b0:fc:68:90:14:02:12:d8:9b:85:1c:cf:77:92:c7: - 73:80:38:e4:f4:f9:72:b7:dd:ca:0f:3d:f2:1c:6a:82:1f:21: - 90:d3:e3:77:e5:ee:e9:0e:23:9e:69:f6:29:38:51:4f:e9:73: - 7d:3d:32:54:b2:96:04:9b:62:36:99:8b:ea:9c:3f:87:7f:5e: - e8:ed:28:c8:15:ac:59:f8:f5:d9:3b:b3:fd:d4:a9:e4:55:1b: - 07:ee:d9:18:77:d4:68:8d:b0:ce:a3:60:fe:60:2c:ca:b4:2f: - 08:8a:19:1a:fc:a3:6b:1b:b4:72:28:7a:63:cc:cc:cd:18:ae: - 99:86:4d:67:12:48:a6:33:f3:19:ce:fa:5a:a5:d7:0d:4d:50: - c6:1f:f2:d9:e6:41:d6:29:4a:a6:3c:ff:80:4f:e6:e8:90:f5: - ab:cb:bf:93:3b:90:da:e6:fb:d5:59:c3:9f:ec:91:bf:3e:0a: - a3:23:ef:ee + 58:1a:70:9e:8c:79:8e:25:bb:be:11:bf:df:c7:49:4e:24:6d: + a5:dc:95:f2:73:73:03:4f:67:ea:19:c2:01:10:2f:26:ea:5c: + 01:6a:20:36:a5:11:8d:0c:12:f3:27:ea:df:f0:22:ee:3b:5e: + f7:a5:1e:fc:e5:da:65:af:c2:e8:c0:29:69:93:f5:b3:2c:78: + 18:72:d1:9d:93:14:ed:30:8c:dc:2d:fd:57:89:2a:a8:65:e2: + 94:15:bb:82:ad:cb:7b:11:0a:28:fe:1a:4c:6c:87:6c:55:92: + fd:bd:4c:6f:8f:59:9f:ce:4c:e9:50:fb:c7:08:ab:3a:d9:a4: + 89:c9:f8:5f:75:38:45:34:c3:18:f8:66:7f:ad:53:6a:2b:0c: + b2:59:8a:f7:3a:d2:0d:01:ab:d5:86:55:30:52:dd:bd:6d:0a: + 5e:6b:24:9b:48:52:f0:39:6d:18:14:08:91:66:58:da:ec:73: + 56:1d:07:61:56:6f:64:6d:85:4e:b0:53:c1:bc:80:9f:7c:55: + e4:1a:7e:aa:73:31:4a:92:61:fa:83:86:c2:8c:f0:4e:ac:26: + d8:1e:aa:c8:47:3e:f0:4a:7f:36:ff:1d:a8:be:c1:0f:0c:08: + 16:e5:f6:47:5a:49:4a:b6:2a:9f:3f:8a:65:90:89:c9:f2:6c: + 41:7b:25:dd -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkJcieL9eS7M+4UHdoR -fLHxUzqjdz+y9R+2I6Np+J1Sl0ySrwdGxYI/l6Wy/OCzPilT5XUHBDB7u1Wjr+zD -vaDF8VhLqFp3Scf8ohOXXDqVWJuVTKAYszoYHf5fwceb05oN80ymPSghUJ2ukK6q -liPWT5vs/1lnCv+Kid+8mf/2dbXax3nYVMjzljrG6WAM7p5S4elfWB4poxrDT5GM -LoUzh/DHxnSRzPvdyh5xb+LBQbzv6H9IB6lcqiFgQ/0+mItMjZVVSDs1Gir04++F -ARHE9KMV42jfu5T5JhA1g5aDAM7PcdTpARiAwt3wnVL2+hHeoX952ROm6zM+BFe2 -dbkCAwEAAaOByzCByDAdBgNVHQ4EFgQUUCUHvhLIohgvMiFZzCtap04ZXVUwHwYD -VR0jBBgwFoAUUCUHvhLIohgvMiFZzCtap04ZXVUwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCOg3x+DGrokyz45oAX +5iqR8h0asVFuPk2WvaEp873ORhfcX+23M9gXMYCxEvO7hh1Kp2HdURWonVAlT5Nb +jKZDMKVGfoB0URdmYbrAnfVT5E0CWKQnrO816wHmDQ+iZ7OVHTPTcFVtc4Ddx9wh +xliafcvmneKvfxQCfPhF/1x0en2xNR90D+cNl1FYFUEH+hKZKoSSSJsI7q0mNxU+ +fnu2HpQ2vrnYtm8ncRPRPreendYe4ct7K6sgRuAInFRbxtvCV9Nn7gDP0ssLZDGn +nJf1SzfbfdXdkaft3AwvnARCUEaKWdKcENcMJdl53uFMPUpaPyxsIKFgnyRpGgr5 +bnkCAwEAAaOByzCByDAdBgNVHQ4EFgQUUgCkvotfI2NeMQWH9GtQpwFwY9owHwYD +VR0jBBgwFoAUUgCkvotfI2NeMQWH9GtQpwFwY9owNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA94YUyTEMe -8g3/0+yQl32PnBaxbstV8U/ZRhzI1zw+jCyKIbg4pKmorGlRMjyZV/hzKlZKum5q -qInwAxTSf9IiVYRH5wWcO3JdOQKw/GiQFAIS2JuFHM93ksdzgDjk9Plyt93KDz3y -HGqCHyGQ0+N35e7pDiOeafYpOFFP6XN9PTJUspYEm2I2mYvqnD+Hf17o7SjIFaxZ -+PXZO7P91KnkVRsH7tkYd9RojbDOo2D+YCzKtC8Iihka/KNrG7RyKHpjzMzNGK6Z -hk1nEkimM/MZzvpapdcNTVDGH/LZ5kHWKUqmPP+AT+bokPWry7+TO5Da5vvVWcOf -7JG/PgqjI+/u +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBYGnCejHmO +Jbu+Eb/fx0lOJG2l3JXyc3MDT2fqGcIBEC8m6lwBaiA2pRGNDBLzJ+rf8CLuO173 +pR785dplr8LowClpk/WzLHgYctGdkxTtMIzcLf1XiSqoZeKUFbuCrct7EQoo/hpM +bIdsVZL9vUxvj1mfzkzpUPvHCKs62aSJyfhfdThFNMMY+GZ/rVNqKwyyWYr3OtIN +AavVhlUwUt29bQpeaySbSFLwOW0YFAiRZlja7HNWHQdhVm9kbYVOsFPBvICffFXk +Gn6qczFKkmH6g4bCjPBOrCbYHqrIRz7wSn82/x2ovsEPDAgW5fZHWklKtiqfP4pl +kInJ8mxBeyXd -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -285,12 +285,17 @@ FAIL RkFJTA== -----END VERIFY_RESULT----- -[Context] Processing Certificate - index: 1 - [Error] Unconsumed critical extension - oid: 2A0304 - value: 01020304 +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=0 (CN=Target) ----- +ERROR: Unconsumed critical extension + oid: 2A0304 + value: 01020304 + -----BEGIN ERRORS----- -W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMQogICAgICBbRXJyb3JdIFVuY29uc3VtZWQgY3JpdGljYWwgZXh0ZW5zaW9uCiAgICAgICAgb2lkOiAyQTAzMDQKICAgICAgICB2YWx1ZTogMDEwMjAzMDQK +LS0tLS0gQ2VydGlmaWNhdGUgaT0wIChDTj1UYXJnZXQpIC0tLS0tCkVSUk9SOiBVbmNvbnN1bWVkIGNyaXRpY2FsIGV4dGVuc2lvbgogIG9pZDogMkEwMzA0CiAgdmFsdWU6IDAxMDIwMzA0Cgo= -----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/target-wrong-signature.pem b/chromium/net/data/verify_certificate_chain_unittest/target-wrong-signature.pem index 191a6c70270..4d9b6aa41c1 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/target-wrong-signature.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/target-wrong-signature.pem @@ -18,30 +18,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:95:c5:73:7e:a9:8f:9f:25:a3:b1:9f:29:c6:2e: - d6:b2:3d:5b:a4:10:08:53:40:f7:91:79:45:96:d0: - 66:85:85:ea:56:e6:db:07:fd:82:1d:e3:e6:11:f2: - da:13:64:45:bf:c6:e1:a7:4c:da:29:e7:ba:2f:27: - d8:cd:59:3d:69:a3:af:d6:64:4b:3e:a4:12:07:5d: - d4:7d:07:85:6d:9c:9d:fe:fd:8f:ff:74:b3:c9:c9: - 86:64:7c:ee:ca:74:1b:2f:3f:7c:37:8b:d9:fa:05: - 0a:3a:9b:93:45:d0:8d:16:3e:7a:ce:0b:bb:8f:1b: - cc:15:4b:a2:76:08:f5:fb:e0:98:cc:1d:a4:1a:c1: - f5:23:b0:28:1c:fe:5f:a4:24:68:59:fc:1d:63:bc: - 60:9a:a6:16:2c:db:0d:66:9d:d7:6e:13:6a:53:8c: - 5b:61:a7:3f:9f:be:c8:2a:f9:ce:ea:47:d2:d2:1b: - 95:de:af:5d:b0:39:3d:71:f5:be:5f:80:bd:3b:3e: - 2e:79:e8:a2:de:9c:2b:da:e5:88:cd:4e:9c:cf:cd: - bc:88:2e:cc:9e:3b:e4:52:2b:49:0f:31:90:3f:15: - 0d:b5:68:ea:5e:7e:6e:f9:6c:ba:57:bd:41:33:51: - 27:66:f9:2b:3f:ae:7c:87:07:a1:19:a5:0f:ba:bd: - f8:b7 + 00:a3:10:52:35:1d:ac:4e:a5:23:41:40:b1:1d:66: + 30:25:bc:dd:a5:62:66:d1:74:db:5f:bd:5d:96:07: + 08:94:c4:61:a4:e9:07:31:f9:e8:6a:52:f5:8a:3d: + 1c:6d:00:c8:47:51:30:99:42:8b:27:11:48:e9:c6: + de:db:ff:7f:ee:6e:29:cf:48:77:1e:63:11:bc:2a: + 81:fb:3a:5d:4e:d2:b8:0c:ce:68:6b:61:f2:bf:64: + da:aa:3f:06:74:47:77:72:08:d2:a3:c3:35:cf:e5: + dd:13:f7:d3:45:21:f5:9c:cf:7e:50:56:53:11:c8: + eb:90:f2:a2:eb:8f:9d:c1:07:c4:b8:4b:38:04:3d: + 7f:be:73:36:3e:5f:c4:7e:37:a7:0c:88:8b:a8:63: + 79:74:b4:2c:c6:7c:52:61:e1:03:d3:ff:4f:c5:50: + 63:19:83:eb:f3:89:a3:91:e5:90:ab:80:43:18:3e: + c8:77:ac:69:97:cf:2f:5b:be:a9:59:89:99:3a:5d: + 87:c4:4f:97:4a:60:18:ea:ea:a5:b7:1e:61:57:98: + 50:55:91:13:34:0d:03:65:a4:f4:bb:63:e6:bb:3e: + 9f:03:84:f7:e6:63:d0:f3:82:5b:0c:96:b1:32:f2: + 2f:2a:55:5b:24:a6:b6:33:62:6e:ed:0b:f2:77:f8: + f8:f3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 5E:72:8E:7C:0B:A6:A7:E8:2C:3E:36:CA:37:EF:8E:4E:46:CB:97:34 + 19:59:39:C0:2B:03:0A:9B:BF:AA:A8:AB:B2:FB:AF:95:88:63:CA:6E X509v3 Authority Key Identifier: - keyid:DF:46:5C:25:13:E9:22:B2:C9:E4:1A:32:22:C4:97:1F:E6:0C:55:AA + keyid:CC:47:D8:FF:8B:67:33:FB:F5:CD:D0:A7:B6:12:A0:19:27:27:D1:57 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -56,42 +56,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 15:7a:35:37:ba:ff:11:3b:c0:ad:82:51:d0:e9:23:50:77:06: - 56:e0:84:94:2d:e4:76:94:d5:af:65:26:26:06:77:f2:6c:03: - f4:77:6c:a3:ba:92:26:c7:a0:ea:24:06:98:78:18:24:70:44: - 08:03:d0:ef:0b:db:d9:f2:3d:35:38:17:41:69:46:62:1a:af: - a7:44:be:1d:27:02:b3:79:1a:30:ab:06:79:6a:bd:3f:72:21: - f2:34:47:07:ef:08:69:ae:40:1f:61:68:a7:a8:a8:5c:85:6e: - 39:61:39:ad:8a:3a:a5:d8:64:94:bd:e2:dc:1f:68:45:f0:2c: - bf:08:d0:74:75:1c:80:30:86:87:b0:f4:eb:69:e8:16:52:45: - bc:c3:3b:08:c9:90:9f:f8:c9:01:9b:2f:29:2b:dc:2c:af:59: - cb:3e:07:8a:e7:e0:ca:64:2a:43:39:bf:a5:0e:d6:14:08:e9: - 9a:c1:76:7d:fb:a1:39:05:a6:43:0a:ba:ed:70:5b:f5:b8:ac: - 15:91:a4:37:24:c7:1e:d2:69:41:08:e2:2f:76:bb:e1:f8:b9: - 0d:7a:a9:57:af:25:8c:5c:73:f2:d8:2b:a6:23:c8:42:b4:28: - ed:fe:79:2b:11:4a:2e:3c:ef:3f:13:e6:51:68:d8:1a:c3:3b: - b3:22:62:c9 + 6a:6d:db:f5:f0:61:b0:79:d9:bc:e5:fe:d3:c9:94:3e:c8:cf: + d9:77:0f:57:a0:fb:14:29:04:b0:91:6a:e1:9e:9a:80:7f:5e: + 85:ef:1f:f7:47:32:26:ba:1e:ae:c1:50:b4:81:47:4e:7c:4a: + eb:f5:ea:b1:2d:af:85:d5:8f:c0:f4:9b:54:ef:2d:52:05:f2: + 69:8a:dc:68:0c:43:fc:32:73:94:57:45:2c:60:02:e8:e0:bf: + cf:06:96:93:7d:75:b8:18:d6:33:5c:70:cd:5c:07:70:ad:39: + 3d:e0:86:14:06:00:f3:a3:85:8a:0f:08:42:22:87:1b:67:16: + 06:da:ed:6b:ec:12:fd:f2:34:12:e8:27:99:a3:7a:2a:83:a2: + 97:f1:87:9e:fb:86:de:6c:1c:c2:68:71:10:fe:2d:22:ff:fa: + 95:ef:e1:38:04:da:ee:83:dd:ac:17:56:2d:f7:de:46:2f:73: + 4e:50:4c:e6:2c:36:2d:33:21:c0:3c:2b:70:61:f8:f6:68:7e: + 69:a8:b0:8c:00:b2:6d:0f:38:c7:24:9d:ce:88:41:84:31:e5: + 10:eb:5d:b9:61:e1:4c:75:4a:3a:d1:e0:74:5e:ea:68:c2:c5: + 13:8f:19:31:bd:df:4e:99:da:6d:24:3d:cb:c2:cd:ff:0f:c5: + 98:c8:26:78 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVxXN+ -qY+fJaOxnynGLtayPVukEAhTQPeReUWW0GaFhepW5tsH/YId4+YR8toTZEW/xuGn -TNop57ovJ9jNWT1po6/WZEs+pBIHXdR9B4VtnJ3+/Y//dLPJyYZkfO7KdBsvP3w3 -i9n6BQo6m5NF0I0WPnrOC7uPG8wVS6J2CPX74JjMHaQawfUjsCgc/l+kJGhZ/B1j -vGCaphYs2w1mndduE2pTjFthpz+fvsgq+c7qR9LSG5Xer12wOT1x9b5fgL07Pi55 -6KLenCva5YjNTpzPzbyILsyeO+RSK0kPMZA/FQ21aOpefm75bLpXvUEzUSdm+Ss/ -rnyHB6EZpQ+6vfi3AgMBAAGjgekwgeYwHQYDVR0OBBYEFF5yjnwLpqfoLD42yjfv -jk5Gy5c0MB8GA1UdIwQYMBaAFN9GXCUT6SKyyeQaMiLElx/mDFWqMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjEFI1 +HaxOpSNBQLEdZjAlvN2lYmbRdNtfvV2WBwiUxGGk6Qcx+ehqUvWKPRxtAMhHUTCZ +QosnEUjpxt7b/3/ubinPSHceYxG8KoH7Ol1O0rgMzmhrYfK/ZNqqPwZ0R3dyCNKj +wzXP5d0T99NFIfWcz35QVlMRyOuQ8qLrj53BB8S4SzgEPX++czY+X8R+N6cMiIuo +Y3l0tCzGfFJh4QPT/0/FUGMZg+vziaOR5ZCrgEMYPsh3rGmXzy9bvqlZiZk6XYfE +T5dKYBjq6qW3HmFXmFBVkRM0DQNlpPS7Y+a7Pp8DhPfmY9DzglsMlrEy8i8qVVsk +prYzYm7tC/J3+PjzAgMBAAGjgekwgeYwHQYDVR0OBBYEFBlZOcArAwqbv6qoq7L7 +r5WIY8puMB8GA1UdIwQYMBaAFMxH2P+LZzP79c3Qp7YSoBknJ9FXMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAFXo1N7r/ETvArYJR0Okj -UHcGVuCElC3kdpTVr2UmJgZ38mwD9Hdso7qSJseg6iQGmHgYJHBECAPQ7wvb2fI9 -NTgXQWlGYhqvp0S+HScCs3kaMKsGeWq9P3Ih8jRHB+8Iaa5AH2Fop6ioXIVuOWE5 -rYo6pdhklL3i3B9oRfAsvwjQdHUcgDCGh7D062noFlJFvMM7CMmQn/jJAZsvKSvc -LK9Zyz4HiufgymQqQzm/pQ7WFAjpmsF2ffuhOQWmQwq67XBb9bisFZGkNyTHHtJp -QQjiL3a74fi5DXqpV68ljFxz8tgrpiPIQrQo7f55KxFKLjzvPxPmUWjYGsM7syJi -yQ== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAam3b9fBhsHnZvOX+08mU +PsjP2XcPV6D7FCkEsJFq4Z6agH9ehe8f90cyJroersFQtIFHTnxK6/XqsS2vhdWP +wPSbVO8tUgXyaYrcaAxD/DJzlFdFLGAC6OC/zwaWk311uBjWM1xwzVwHcK05PeCG +FAYA86OFig8IQiKHG2cWBtrta+wS/fI0EugnmaN6KoOil/GHnvuG3mwcwmhxEP4t +Iv/6le/hOATa7oPdrBdWLffeRi9zTlBM5iw2LTMhwDwrcGH49mh+aaiwjACybQ84 +xySdzohBhDHlEOtduWHhTHVKOtHgdF7qaMLFE48ZMb3fTpnabSQ9y8LN/w/FmMgm +eA== -----END CERTIFICATE----- Certificate: @@ -108,30 +108,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ba:c2:3e:70:32:82:15:bd:6f:24:c3:e0:9f:a9: - af:46:01:cb:23:03:07:17:d8:73:73:d0:8d:46:88: - 3f:9b:40:30:ea:cb:76:d1:dc:e5:79:c6:ed:5e:94: - 68:49:fe:8e:be:ff:74:b4:b1:a0:fd:ec:3f:4c:f5: - 26:40:97:d8:b2:fd:a8:e1:9a:1e:47:48:58:8a:39: - 0f:a8:53:76:1d:d8:55:b7:ff:15:7a:1a:28:70:a7: - 50:6f:f7:2f:d8:dd:22:bf:08:32:82:66:33:fd:7d: - df:55:7f:71:5b:bd:c0:c6:f4:cd:a4:52:30:a9:bd: - a1:a3:61:e3:7a:93:40:a7:41:b3:10:43:0f:79:12: - 50:34:0a:a4:ad:07:53:e6:7a:b6:8c:a5:00:82:0c: - 9f:eb:c9:f8:51:68:2c:4e:3a:da:7e:7d:6d:15:b1: - ff:37:dd:e6:25:cf:5e:8f:fe:b1:09:7e:f8:60:3b: - 20:3e:99:64:e1:9a:58:ee:01:28:71:cf:ac:dd:66: - 40:0d:d9:7b:85:8f:f2:35:90:2a:75:26:96:b4:3a: - f2:ef:5c:06:f1:2c:ec:07:83:d6:23:a4:ab:f4:28: - ad:1f:8d:cf:e2:d8:b9:1f:48:76:6f:7c:e7:8a:17: - 5b:b5:9b:ff:17:13:6e:f4:05:47:78:91:c7:7a:03: - 33:15 + 00:e8:a7:ff:7c:21:83:d4:bd:ed:f4:09:73:79:69: + 0c:ec:79:18:79:54:2e:a6:87:f3:7b:65:e8:73:6a: + a5:af:fd:00:6b:c9:ed:86:50:18:f0:4c:d9:12:17: + 3a:23:ae:7a:49:3d:71:7c:6e:da:4f:7b:ed:55:73: + e8:71:5c:72:13:84:8f:83:aa:30:4f:0a:bc:38:51: + 75:47:67:c3:6c:5e:e8:af:96:07:4a:0c:f7:5d:c1: + 82:ea:02:e2:c3:da:57:68:2c:03:1a:a0:d9:51:05: + ef:ec:67:cc:fd:c4:09:b4:f7:2f:c7:5a:df:84:7f: + 15:60:32:9d:17:4e:4b:3c:15:48:a7:42:a1:f5:d4: + 04:82:bb:cc:18:3a:ab:07:d1:66:82:9b:0d:b0:ef: + d8:47:18:71:78:e6:07:47:97:29:24:0c:7a:12:ab: + 2f:4b:14:ec:35:7a:d2:a3:2a:16:0c:0b:91:5a:e2: + f2:64:93:85:1d:e2:27:7e:7e:cd:eb:5f:83:d7:07: + 0c:06:b8:8f:44:91:0c:37:d8:86:65:23:1a:fe:8f: + 69:3e:bb:20:bb:ef:1b:18:1b:fd:2f:bf:5b:d3:be: + da:2d:9f:9a:57:6b:4b:73:3f:34:04:99:5d:a1:73: + b5:08:d1:bb:9a:5c:88:a0:f8:65:1c:e7:7f:f3:95: + d0:fd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - D0:3F:2D:C4:6A:01:B8:7A:61:4F:B0:35:18:E6:D0:F9:55:5D:7B:B7 + 1E:51:BA:4C:14:B3:B7:2B:E2:AE:4C:1C:35:21:7C:DB:92:18:AB:53 X509v3 Authority Key Identifier: - keyid:D4:FF:80:DD:86:D2:53:18:54:65:B3:62:9A:07:67:BB:21:7D:19:77 + keyid:5B:22:4E:B0:32:77:9B:92:26:9B:3B:E9:76:31:CE:FB:43:87:A3:2A Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -146,41 +146,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 44:69:05:6c:d0:10:da:90:f7:62:5f:8a:80:93:39:f0:ee:6f: - c5:18:df:47:40:d0:b4:73:8a:d6:68:7f:99:92:e4:34:bd:ef: - d7:c8:8c:d9:09:b1:24:06:86:ab:9f:58:1a:d3:38:73:9b:80: - f3:9b:a9:8c:db:ef:0d:94:54:91:45:04:42:9b:98:3c:fc:39: - 53:85:36:1d:06:59:c5:1e:50:7c:1e:e0:ec:ad:d8:44:98:13: - a2:6b:bc:10:39:3e:3e:5b:3a:30:de:2a:a0:08:05:21:cd:d1: - 57:50:05:c2:84:c3:e8:0d:69:59:76:3d:32:aa:9a:82:0d:59: - c6:1a:8e:fa:08:3c:18:08:b2:8b:f2:39:05:02:0e:af:7c:28: - 7e:16:44:d8:b2:e0:32:19:d7:c5:54:4c:e9:87:e0:1f:30:73: - 6a:2b:ef:9f:9d:5e:31:a6:02:39:9d:5b:e1:c5:b6:d1:cd:95: - ba:ee:5c:3a:97:58:49:ef:26:cf:e6:eb:72:47:5b:6e:f4:cc: - 3b:1c:08:c7:2e:89:f6:91:ef:94:e3:33:83:7c:9b:d8:10:01: - d7:ac:0f:4c:c6:01:c7:0d:84:48:bd:a7:e8:4d:09:40:a8:b2: - f3:0a:21:71:74:0f:ab:ca:23:aa:99:80:6d:0c:42:73:14:00: - 31:1e:67:51 + 7c:79:ca:6b:60:89:76:dc:bb:53:59:83:04:b1:1d:de:f9:4d: + 34:56:88:87:e6:9e:4e:23:bd:92:48:82:f0:7e:63:24:49:75: + df:2f:10:ca:f4:06:f2:d8:61:51:72:15:54:a5:02:1d:9b:68: + 0a:72:7b:8c:e5:f8:28:b3:75:92:cd:0e:8c:30:ab:c7:a2:00: + 33:fc:e1:be:aa:fc:60:5f:4c:37:51:bf:de:61:1c:78:c7:df: + 6a:e7:58:b5:9f:04:d8:43:13:f7:85:3d:48:a2:c6:fa:32:e7: + e4:1f:be:7f:13:56:00:7d:77:bc:b0:55:b3:4d:ab:7e:90:a0: + 78:38:9c:7a:fe:4a:ee:cb:9a:72:37:52:18:2f:02:b0:c5:a4: + 91:8d:b3:27:e0:3c:e7:18:b6:33:7a:d0:dd:15:7d:b6:48:15: + f4:00:64:47:b9:f4:51:ed:dc:b5:70:18:8a:c0:70:5c:56:bd: + c8:d3:b8:82:a4:15:7a:2c:5b:d4:87:5d:2a:00:a5:30:40:b9: + 68:95:32:44:e7:af:8b:76:88:95:f7:92:5a:df:a6:73:50:a1: + 29:07:bb:d8:d9:0c:09:2c:70:18:2c:38:4c:48:f7:ef:e8:50: + 55:d8:2a:f5:0d:86:4c:b4:d0:5b:e9:28:2e:ca:32:27:3e:b4: + b5:00:68:d2 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusI+cDKC -Fb1vJMPgn6mvRgHLIwMHF9hzc9CNRog/m0Aw6st20dzlecbtXpRoSf6Ovv90tLGg -/ew/TPUmQJfYsv2o4ZoeR0hYijkPqFN2HdhVt/8VehoocKdQb/cv2N0ivwgygmYz -/X3fVX9xW73AxvTNpFIwqb2ho2HjepNAp0GzEEMPeRJQNAqkrQdT5nq2jKUAggyf -68n4UWgsTjrafn1tFbH/N93mJc9ej/6xCX74YDsgPplk4ZpY7gEocc+s3WZADdl7 -hY/yNZAqdSaWtDry71wG8SzsB4PWI6Sr9CitH43P4ti5H0h2b3znihdbtZv/FxNu -9AVHeJHHegMzFQIDAQABo4HLMIHIMB0GA1UdDgQWBBTQPy3EagG4emFPsDUY5tD5 -VV17tzAfBgNVHSMEGDAWgBTU/4DdhtJTGFRls2KaB2e7IX0ZdzA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Kf/fCGD +1L3t9AlzeWkM7HkYeVQupofze2Xoc2qlr/0Aa8nthlAY8EzZEhc6I656ST1xfG7a +T3vtVXPocVxyE4SPg6owTwq8OFF1R2fDbF7or5YHSgz3XcGC6gLiw9pXaCwDGqDZ +UQXv7GfM/cQJtPcvx1rfhH8VYDKdF05LPBVIp0Kh9dQEgrvMGDqrB9FmgpsNsO/Y +RxhxeOYHR5cpJAx6EqsvSxTsNXrSoyoWDAuRWuLyZJOFHeInfn7N61+D1wcMBriP +RJEMN9iGZSMa/o9pPrsgu+8bGBv9L79b077aLZ+aV2tLcz80BJldoXO1CNG7mlyI +oPhlHOd/85XQ/QIDAQABo4HLMIHIMB0GA1UdDgQWBBQeUbpMFLO3K+KuTBw1IXzb +khirUzAfBgNVHSMEGDAWgBRbIk6wMnebkiabO+l2Mc77Q4ejKjA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AERpBWzQENqQ92JfioCTOfDub8UY30dA0LRzitZof5mS5DS979fIjNkJsSQGhquf -WBrTOHObgPObqYzb7w2UVJFFBEKbmDz8OVOFNh0GWcUeUHwe4Oyt2ESYE6JrvBA5 -Pj5bOjDeKqAIBSHN0VdQBcKEw+gNaVl2PTKqmoINWcYajvoIPBgIsovyOQUCDq98 -KH4WRNiy4DIZ18VUTOmH4B8wc2or75+dXjGmAjmdW+HFttHNlbruXDqXWEnvJs/m -63JHW270zDscCMcuifaR75TjM4N8m9gQAdesD0zGAccNhEi9p+hNCUCosvMKIXF0 -D6vKI6qZgG0MQnMUADEeZ1E= +AHx5ymtgiXbcu1NZgwSxHd75TTRWiIfmnk4jvZJIgvB+YyRJdd8vEMr0BvLYYVFy +FVSlAh2baApye4zl+CizdZLNDowwq8eiADP84b6q/GBfTDdRv95hHHjH32rnWLWf +BNhDE/eFPUiixvoy5+Qfvn8TVgB9d7ywVbNNq36QoHg4nHr+Su7LmnI3UhgvArDF +pJGNsyfgPOcYtjN60N0VfbZIFfQAZEe59FHt3LVwGIrAcFxWvcjTuIKkFXosW9SH +XSoApTBAuWiVMkTnr4t2iJX3klrfpnNQoSkHu9jZDAkscBgsOExI9+/oUFXYKvUN +hky00FvpKC7KMic+tLUAaNI= -----END CERTIFICATE----- Certificate: @@ -197,30 +197,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c8:51:b0:c3:f3:b1:5d:6e:4a:c2:41:9e:b7:88: - 48:d3:62:d1:49:3a:0b:ab:c9:26:f3:8a:bb:ee:1e: - b8:4a:cb:9a:47:3f:8c:87:a2:81:f5:91:05:7c:47: - 45:d6:5f:a1:7d:e7:dd:cd:33:eb:4e:90:65:be:31: - d7:2d:98:03:45:48:03:03:72:8f:0f:43:3d:3a:ad: - cf:bc:f5:f5:bb:7d:1d:94:1d:d4:2c:b6:3b:4a:68: - 9e:30:54:c2:c1:69:10:f8:7c:d5:73:ae:2f:22:65: - 94:5c:17:1e:41:eb:5a:10:80:6c:eb:04:1d:09:0e: - 79:51:71:ce:e7:4f:90:23:4f:84:b5:4e:97:70:79: - eb:28:47:0a:8c:b8:43:a6:f5:df:4d:fd:44:46:18: - 06:97:6c:52:65:4a:89:25:af:73:6e:43:6a:93:b0: - ec:29:97:63:a4:36:95:db:71:b6:61:c3:25:0d:3f: - 53:2f:de:d0:b4:16:c2:b6:70:3a:34:53:02:3d:50: - eb:32:4a:22:62:3c:9a:74:da:b2:60:af:37:41:4c: - c1:df:90:74:5a:ae:5d:a4:48:dd:1b:86:06:0f:cb: - 3e:e5:4d:ec:62:86:04:1a:cb:0f:2a:04:a0:45:d5: - c1:79:9e:07:df:5d:2d:c3:0c:c4:57:0a:be:7e:41: - 43:3d + 00:df:f9:b3:49:5f:c8:1f:a6:a5:bc:9e:5d:08:17: + 7e:a5:87:b6:d2:53:a6:c2:ce:73:29:cb:f4:35:07: + 26:c5:b0:ef:87:ca:a0:64:db:7f:e4:2c:05:da:81: + 8e:98:b8:80:d2:f1:c3:e5:d6:6c:1a:ac:90:8f:f0: + 4d:43:fd:09:f4:eb:17:fa:c4:cb:da:2a:56:7e:b6: + d2:ce:6d:5f:d5:ec:01:67:af:02:3a:d6:18:a2:61: + 43:f6:ff:45:10:c4:8e:c1:15:1b:a0:88:77:45:82: + 39:10:f8:d7:2c:26:13:df:20:62:0f:9a:5d:69:d1: + ae:4e:c2:28:30:0c:dd:d5:6e:8e:23:d0:45:f3:4f: + 2c:9a:f6:f7:d4:fd:b8:6e:28:32:74:57:94:5d:f8: + 3f:51:ef:11:21:09:27:3c:05:46:86:78:63:f6:c5: + 0d:7c:28:e5:b7:1a:66:f4:91:59:f2:91:16:a2:7b: + 0a:34:e7:30:78:72:73:10:dc:b7:60:cd:d3:ea:8b: + 09:0e:7c:9c:01:f9:f5:d8:ce:35:86:8f:60:e4:00: + 38:98:81:ac:36:1a:25:7e:c6:59:bd:79:53:5b:83: + f0:72:50:78:a2:3f:53:45:fc:64:56:40:ed:64:5d: + 7d:df:62:4f:a0:01:25:19:59:9f:84:e6:c7:21:04: + b8:2f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - D4:FF:80:DD:86:D2:53:18:54:65:B3:62:9A:07:67:BB:21:7D:19:77 + 5B:22:4E:B0:32:77:9B:92:26:9B:3B:E9:76:31:CE:FB:43:87:A3:2A X509v3 Authority Key Identifier: - keyid:D4:FF:80:DD:86:D2:53:18:54:65:B3:62:9A:07:67:BB:21:7D:19:77 + keyid:5B:22:4E:B0:32:77:9B:92:26:9B:3B:E9:76:31:CE:FB:43:87:A3:2A Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -235,41 +235,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 46:ee:68:7d:1f:94:16:70:57:11:6b:6b:18:96:45:c3:d7:17: - 50:9b:f1:e6:b1:bf:ad:97:3f:ca:3e:75:37:4e:c6:b6:d3:68: - 57:f5:59:a6:44:b4:3f:e5:fe:a3:05:65:02:f5:7c:dc:da:8e: - 1f:2d:fb:9c:23:f0:c0:a6:fc:f5:f3:a9:80:f9:eb:64:f0:8b: - 2a:f1:f5:68:8d:8c:c2:37:c4:8e:d5:bb:5b:e6:fb:ec:06:f9: - 80:28:56:c2:de:9c:16:78:3f:a8:16:15:e9:26:72:8f:45:c3: - e7:d4:78:84:3c:b4:a0:72:5e:5d:09:d8:d1:7f:66:ca:74:d6: - 26:c0:72:c0:2a:89:fa:b4:5f:fe:92:4f:01:97:0e:81:88:01: - 6b:2e:ed:af:36:30:c7:62:fd:42:63:10:3f:c4:ad:eb:ee:c5: - fd:bc:57:08:0f:a3:0c:e5:8c:de:ab:05:b5:b4:e9:c9:d1:c8: - 66:e2:ea:4a:b0:33:e5:a4:47:22:67:7c:70:e9:02:e0:22:75: - 35:4a:39:0e:2c:27:e5:29:d6:d2:f5:39:c9:03:39:7a:35:f5: - ff:1d:88:8d:e1:be:6b:6b:c7:4c:0c:6d:02:d4:33:7a:f5:ea: - 29:55:a9:79:94:bc:a3:01:64:4a:99:99:fc:c6:e5:38:a2:8f: - 18:cc:e7:1f + 51:7e:2e:dd:d2:0b:3c:89:5d:8c:cd:9c:91:05:00:74:ad:90: + a5:a6:d6:c0:ba:b9:82:d8:4f:d2:bf:1c:53:36:9d:aa:0e:2b: + bc:99:b9:d4:54:ed:1a:90:29:d6:8d:d9:02:f6:87:dc:ec:92: + 67:4d:34:db:6d:a8:57:f6:4f:d6:5e:2c:08:f6:ac:06:55:ff: + c8:5b:5c:af:85:ee:28:53:86:c3:39:33:b9:2b:5e:0d:70:bd: + 01:6f:cf:79:19:e2:08:79:43:f0:af:00:f5:b6:a1:a3:6a:a3: + 0a:a9:b8:87:77:7c:7b:a2:f5:17:40:52:1f:10:f9:13:bc:94: + c7:9b:70:dc:dc:71:ec:24:5b:d3:5f:b8:d8:66:44:89:18:48: + 4f:80:4d:61:5e:8a:42:6b:03:69:17:0f:4d:cf:6e:7c:9a:ce: + 7b:e3:06:70:7b:4d:17:37:46:54:43:15:4c:f1:99:95:4d:5c: + d1:57:96:11:56:7b:b3:6b:f1:ae:73:98:8a:f4:e9:5f:e9:00: + e3:87:01:82:3d:96:0f:41:0a:59:8a:bf:e4:79:78:28:bb:73: + 52:cd:91:0c:78:59:15:85:64:46:90:21:a2:f5:81:cc:34:b1: + fc:6f:12:51:9f:be:c1:f0:62:84:4e:e6:35:39:61:44:cb:53: + 7e:eb:28:9b -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMhRsMPzsV1uSsJBnreI -SNNi0Uk6C6vJJvOKu+4euErLmkc/jIeigfWRBXxHRdZfoX3n3c0z606QZb4x1y2Y -A0VIAwNyjw9DPTqtz7z19bt9HZQd1Cy2O0ponjBUwsFpEPh81XOuLyJllFwXHkHr -WhCAbOsEHQkOeVFxzudPkCNPhLVOl3B56yhHCoy4Q6b13039REYYBpdsUmVKiSWv -c25DapOw7CmXY6Q2ldtxtmHDJQ0/Uy/e0LQWwrZwOjRTAj1Q6zJKImI8mnTasmCv -N0FMwd+QdFquXaRI3RuGBg/LPuVN7GKGBBrLDyoEoEXVwXmeB99dLcMMxFcKvn5B -Qz0CAwEAAaOByzCByDAdBgNVHQ4EFgQU1P+A3YbSUxhUZbNimgdnuyF9GXcwHwYD -VR0jBBgwFoAU1P+A3YbSUxhUZbNimgdnuyF9GXcwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN/5s0lfyB+mpbyeXQgX +fqWHttJTpsLOcynL9DUHJsWw74fKoGTbf+QsBdqBjpi4gNLxw+XWbBqskI/wTUP9 +CfTrF/rEy9oqVn620s5tX9XsAWevAjrWGKJhQ/b/RRDEjsEVG6CId0WCORD41ywm +E98gYg+aXWnRrk7CKDAM3dVujiPQRfNPLJr299T9uG4oMnRXlF34P1HvESEJJzwF +RoZ4Y/bFDXwo5bcaZvSRWfKRFqJ7CjTnMHhycxDct2DN0+qLCQ58nAH59djONYaP +YOQAOJiBrDYaJX7GWb15U1uD8HJQeKI/U0X8ZFZA7WRdfd9iT6ABJRlZn4TmxyEE +uC8CAwEAAaOByzCByDAdBgNVHQ4EFgQUWyJOsDJ3m5ImmzvpdjHO+0OHoyowHwYD +VR0jBBgwFoAUWyJOsDJ3m5ImmzvpdjHO+0OHoyowNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBG7mh9H5QW -cFcRa2sYlkXD1xdQm/Hmsb+tlz/KPnU3Tsa202hX9VmmRLQ/5f6jBWUC9Xzc2o4f -LfucI/DApvz186mA+etk8Isq8fVojYzCN8SO1btb5vvsBvmAKFbC3pwWeD+oFhXp -JnKPRcPn1HiEPLSgcl5dCdjRf2bKdNYmwHLAKon6tF/+kk8Blw6BiAFrLu2vNjDH -Yv1CYxA/xK3r7sX9vFcID6MM5YzeqwW1tOnJ0chm4upKsDPlpEciZ3xw6QLgInU1 -SjkOLCflKdbS9TnJAzl6NfX/HYiN4b5ra8dMDG0C1DN69eopVal5lLyjAWRKmZn8 -xuU4oo8YzOcf +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBRfi7d0gs8 +iV2MzZyRBQB0rZClptbAurmC2E/SvxxTNp2qDiu8mbnUVO0akCnWjdkC9ofc7JJn +TTTbbahX9k/WXiwI9qwGVf/IW1yvhe4oU4bDOTO5K14NcL0Bb895GeIIeUPwrwD1 +tqGjaqMKqbiHd3x7ovUXQFIfEPkTvJTHm3Dc3HHsJFvTX7jYZkSJGEhPgE1hXopC +awNpFw9Nz258ms574wZwe00XN0ZUQxVM8ZmVTVzRV5YRVnuza/Guc5iK9Olf6QDj +hwGCPZYPQQpZir/keXgou3NSzZEMeFkVhWRGkCGi9YHMNLH8bxJRn77B8GKETuY1 +OWFEy1N+6yib -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -282,11 +282,16 @@ FAIL RkFJTA== -----END VERIFY_RESULT----- -[Context] Processing Certificate - index: 1 - [Error] Signature verification failed - [Error] VerifySignedData failed +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=0 (CN=Target) ----- +ERROR: Signature verification failed +ERROR: VerifySignedData failed + -----BEGIN ERRORS----- -W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMQogICAgICBbRXJyb3JdIFNpZ25hdHVyZSB2ZXJpZmljYXRpb24gZmFpbGVkCiAgICAgIFtFcnJvcl0gVmVyaWZ5U2lnbmVkRGF0YSBmYWlsZWQK +LS0tLS0gQ2VydGlmaWNhdGUgaT0wIChDTj1UYXJnZXQpIC0tLS0tCkVSUk9SOiBTaWduYXR1cmUgdmVyaWZpY2F0aW9uIGZhaWxlZApFUlJPUjogVmVyaWZ5U2lnbmVkRGF0YSBmYWlsZWQKCg== -----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/unconstrained-non-self-signed-root.pem b/chromium/net/data/verify_certificate_chain_unittest/unconstrained-non-self-signed-root.pem index e6fccf50051..d22b60a0dc3 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/unconstrained-non-self-signed-root.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/unconstrained-non-self-signed-root.pem @@ -18,30 +18,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:e2:dd:d4:9d:10:ff:0e:87:2d:ba:eb:b5:34:02: - 80:b9:83:16:1c:74:27:2b:f1:71:fe:5a:15:ad:26: - 7c:80:a6:06:a3:5c:81:30:5f:63:4b:7b:41:c4:2f: - ad:6b:31:21:5f:23:1e:a3:6b:41:36:88:6e:cc:97: - 5d:ad:67:8e:c5:1c:8f:e4:d0:e5:2b:02:da:e6:7d: - 65:6b:a8:fd:90:78:aa:0a:85:31:7c:4e:92:0e:af: - 45:00:bb:48:20:22:0e:24:d4:a3:2a:fd:d7:3f:05: - 21:70:18:1e:a0:7b:24:25:d9:e5:63:20:dd:59:73: - 27:24:9c:a4:4e:8f:93:5d:3c:27:b2:93:7d:1d:15: - 09:28:59:f3:70:55:8b:7f:f8:5d:69:0e:3a:0c:a4: - 54:7c:32:d4:0e:d4:0b:58:c1:12:74:8a:b6:38:b0: - 1d:0e:b2:8e:18:29:ae:8f:75:7b:f3:48:c5:2e:aa: - af:e4:0a:a0:fd:c8:8e:fb:a6:17:28:21:36:2e:5d: - 20:b4:21:83:a2:6d:7a:ec:7a:14:24:eb:99:90:0e: - a0:af:4f:8d:f9:11:36:01:3a:8f:18:4e:15:d4:fe: - 12:65:f4:af:11:00:f0:4f:86:11:f3:7c:f6:5d:7b: - 28:5c:4f:b1:49:68:3b:de:17:2d:6a:5a:09:5e:1d: - 8d:29 + 00:93:b3:d1:c3:5a:65:e4:3d:9f:6b:e8:74:8f:f6: + 49:cf:87:eb:0e:34:31:0c:44:b5:74:82:4e:d0:c2: + c1:cb:36:98:d2:82:b2:a0:36:27:01:fa:1e:46:ac: + ac:fc:15:41:72:54:c8:af:ee:15:31:bd:44:6a:da: + ec:4c:a8:b9:c4:47:ca:72:93:7b:11:02:22:43:bc: + 1c:7c:26:b7:93:d7:88:af:75:cb:43:3f:94:13:2c: + 8d:b7:c9:ac:0e:28:78:65:1c:87:69:d3:f0:f0:bd: + c4:39:7e:3c:77:cf:8c:82:a4:2c:81:de:1c:97:c6: + 3d:8f:b2:17:86:4d:85:62:01:bb:fd:b3:c2:e2:3b: + 61:36:cd:cc:4d:4d:59:03:39:b9:5c:be:0d:55:f1: + 49:cf:33:a2:14:22:41:6a:08:68:b5:3f:d6:9e:49: + 16:88:14:72:6a:f4:ed:74:f9:d5:79:d2:b6:0a:2a: + e7:42:67:31:1a:17:b1:7b:47:00:d9:fa:bc:35:bf: + 8c:cd:36:16:37:cc:3b:9b:9a:5d:87:86:c0:68:a6: + 93:a2:2f:1b:01:89:f1:39:67:c8:38:05:c6:8e:4a: + a6:52:31:fe:f6:5c:96:61:c6:36:c5:c8:5d:53:39: + 3e:3d:5a:f5:0a:14:0e:f8:ae:20:4e:4b:da:e9:ed: + ed:9d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - CF:A5:99:53:C2:5B:C6:BD:10:84:1E:39:95:94:A2:01:79:D4:DA:DD + BD:4E:69:85:59:D4:51:15:94:CD:DA:AD:CA:6B:3E:77:12:65:07:03 X509v3 Authority Key Identifier: - keyid:A3:6A:AF:46:74:A6:CD:26:44:76:D1:81:2A:03:CE:B7:51:58:33:29 + keyid:09:46:B4:2B:37:45:A9:E7:56:0E:E3:B1:47:93:F7:5F:E3:5C:E2:E4 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -56,42 +56,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 1c:9c:e2:fa:bd:20:4e:a4:91:63:8d:46:7e:10:1c:d1:ce:5a: - c0:dc:cb:8f:c9:fa:54:69:3d:e8:4b:45:a8:34:3d:fb:1b:fe: - 8a:08:ce:1c:d3:37:cd:d3:c6:76:41:f4:88:9d:4a:cc:72:45: - 00:bf:5f:11:02:49:a5:e7:f4:69:17:ea:ac:8c:9d:75:cb:2e: - 35:c7:77:2a:b5:ee:13:aa:ad:84:48:24:77:7d:8b:0b:98:22: - 7b:2e:36:2f:41:de:ec:4c:37:96:b2:5d:ce:f1:bc:d9:62:ec: - 5c:07:1c:10:8d:65:1a:09:74:a4:f9:d5:5e:c1:06:f7:7c:b2: - ae:86:74:04:8f:43:b5:7f:de:9e:9c:10:5e:78:5b:a4:05:de: - d8:9a:33:8d:62:23:a9:3c:e8:6a:ad:5d:d9:f1:5b:9f:34:d8: - 4a:56:c3:76:1d:9e:d8:05:95:a8:65:00:7a:ad:bd:3d:18:94: - f8:07:50:cc:11:39:05:e1:13:a0:9c:8d:17:41:79:76:77:85: - b7:6a:c3:bd:db:ee:fe:7e:46:1b:08:e0:05:e4:c5:78:77:f2: - 49:b1:02:2c:df:d0:f5:ce:76:f6:63:14:65:f8:df:22:2c:fc: - fa:9c:2b:91:32:39:92:8b:31:a7:cf:2a:23:e1:43:ea:fd:ff: - f2:d7:b1:f7 + ae:c7:48:7b:63:f9:09:1c:52:c0:e7:65:ce:2d:d3:d9:89:de: + c0:ce:b4:c6:07:b2:33:9c:80:3e:eb:c0:cd:6a:7c:18:fa:2c: + e7:b3:d9:c5:01:0f:39:4a:b3:10:29:0d:84:ea:2a:13:20:f1: + d9:e1:8c:04:b6:11:73:de:9e:1f:2c:bf:cb:17:98:b6:d6:0a: + 5e:b9:81:ee:93:c8:a4:ed:51:ba:d1:95:c1:36:c4:e4:a2:26: + 08:77:76:4a:56:05:b2:9c:16:f0:10:86:a1:2b:15:75:cb:bb: + 02:5d:50:16:85:4c:c3:06:41:c0:b6:49:99:a3:26:c2:8f:95: + 39:ef:f5:4e:1c:c9:6b:1e:e5:8d:1e:58:82:9d:64:7a:d7:59: + 84:7e:94:32:08:b8:55:0a:30:77:96:26:31:ba:6a:37:9f:12: + 21:c6:f7:d3:ba:72:ae:08:29:3e:f9:0c:0e:7c:1c:29:68:d5: + 4f:a6:49:8a:c9:86:aa:20:b2:69:21:c5:5f:cd:a1:13:86:01: + 0f:80:87:79:b1:9b:72:3a:ca:a7:70:98:b6:07:48:c5:53:80: + a1:b1:ed:2e:9a:cb:5f:f8:d2:95:f6:c0:b1:5a:df:e8:7c:f6: + 49:89:11:0e:1c:75:23:fe:20:62:bd:df:d5:5f:40:94:31:1b: + 78:24:89:4b -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi3dSd -EP8Ohy2667U0AoC5gxYcdCcr8XH+WhWtJnyApgajXIEwX2NLe0HEL61rMSFfIx6j -a0E2iG7Ml12tZ47FHI/k0OUrAtrmfWVrqP2QeKoKhTF8TpIOr0UAu0ggIg4k1KMq -/dc/BSFwGB6geyQl2eVjIN1ZcycknKROj5NdPCeyk30dFQkoWfNwVYt/+F1pDjoM -pFR8MtQO1AtYwRJ0irY4sB0Oso4YKa6PdXvzSMUuqq/kCqD9yI77phcoITYuXSC0 -IYOibXrsehQk65mQDqCvT435ETYBOo8YThXU/hJl9K8RAPBPhhHzfPZdeyhcT7FJ -aDveFy1qWgleHY0pAgMBAAGjgekwgeYwHQYDVR0OBBYEFM+lmVPCW8a9EIQeOZWU -ogF51NrdMB8GA1UdIwQYMBaAFKNqr0Z0ps0mRHbRgSoDzrdRWDMpMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTs9HD +WmXkPZ9r6HSP9knPh+sONDEMRLV0gk7QwsHLNpjSgrKgNicB+h5GrKz8FUFyVMiv +7hUxvURq2uxMqLnER8pyk3sRAiJDvBx8JreT14ivdctDP5QTLI23yawOKHhlHIdp +0/DwvcQ5fjx3z4yCpCyB3hyXxj2PsheGTYViAbv9s8LiO2E2zcxNTVkDOblcvg1V +8UnPM6IUIkFqCGi1P9aeSRaIFHJq9O10+dV50rYKKudCZzEaF7F7RwDZ+rw1v4zN +NhY3zDubml2HhsBoppOiLxsBifE5Z8g4BcaOSqZSMf72XJZhxjbFyF1TOT49WvUK +FA74riBOS9rp7e2dAgMBAAGjgekwgeYwHQYDVR0OBBYEFL1OaYVZ1FEVlM3arcpr +PncSZQcDMB8GA1UdIwQYMBaAFAlGtCs3RannVg7jsUeT91/jXOLkMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAHJzi+r0gTqSRY41GfhAc -0c5awNzLj8n6VGk96EtFqDQ9+xv+igjOHNM3zdPGdkH0iJ1KzHJFAL9fEQJJpef0 -aRfqrIyddcsuNcd3KrXuE6qthEgkd32LC5giey42L0He7Ew3lrJdzvG82WLsXAcc -EI1lGgl0pPnVXsEG93yyroZ0BI9DtX/enpwQXnhbpAXe2JozjWIjqTzoaq1d2fFb -nzTYSlbDdh2e2AWVqGUAeq29PRiU+AdQzBE5BeEToJyNF0F5dneFt2rDvdvu/n5G -GwjgBeTFeHfySbECLN/Q9c529mMUZfjfIiz8+pwrkTI5kosxp88qI+FD6v3/8tex -9w== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEArsdIe2P5CRxSwOdlzi3T +2YnewM60xgeyM5yAPuvAzWp8GPos57PZxQEPOUqzECkNhOoqEyDx2eGMBLYRc96e +Hyy/yxeYttYKXrmB7pPIpO1RutGVwTbE5KImCHd2SlYFspwW8BCGoSsVdcu7Al1Q +FoVMwwZBwLZJmaMmwo+VOe/1ThzJax7ljR5Ygp1ketdZhH6UMgi4VQowd5YmMbpq +N58SIcb307pyrggpPvkMDnwcKWjVT6ZJismGqiCyaSHFX82hE4YBD4CHebGbcjrK +p3CYtgdIxVOAobHtLprLX/jSlfbAsVrf6Hz2SYkRDhx1I/4gYr3f1V9AlDEbeCSJ +Sw== -----END CERTIFICATE----- Certificate: @@ -108,30 +108,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:cc:28:1f:e1:1a:a3:da:34:65:45:b7:bb:c1:3b: - c8:3b:92:22:e1:fb:0a:82:86:f8:0c:41:c4:8b:33: - cd:b7:17:55:25:9c:b6:09:98:cb:ed:6d:81:99:88: - 76:c7:ba:11:ec:af:61:b6:73:cf:7c:5a:5c:5f:08: - 2e:e4:6f:d8:74:b0:8f:11:8f:6d:56:cd:03:2e:70: - f7:59:59:c9:a7:0c:aa:06:d2:f3:a2:99:a1:1a:a2: - 56:b8:88:17:13:d5:de:ee:e8:f8:b5:82:23:15:62: - 18:c9:68:02:70:3d:d2:b4:90:4b:28:87:31:ad:b7: - 4a:9c:07:b5:ea:52:fd:66:dd:15:64:d7:88:25:e1: - 92:0b:77:86:af:73:d8:3b:34:aa:02:bf:8d:a5:06: - 50:55:2d:55:bc:bb:ca:01:1b:c3:5d:8d:62:35:b2: - 64:cd:4b:70:61:cc:cd:85:6f:50:4a:a2:41:d4:5a: - a5:30:aa:32:3e:50:02:67:aa:99:ee:24:c7:7b:f8: - fd:54:23:3a:4a:b7:67:67:2d:f7:30:4f:b4:d0:28: - a7:f9:64:5b:d8:d9:20:c2:a9:75:ed:0b:ff:b6:f1: - 75:bc:3b:be:58:da:f6:93:6c:4d:ba:15:cd:ce:4c: - de:8f:22:89:d2:ac:15:6d:60:da:b3:8b:5a:ea:e6: - ba:75 + 00:c0:30:d7:f6:89:0d:6b:6d:53:3a:d2:21:79:22: + 41:47:3c:1a:d5:dc:a9:ea:17:9f:a0:84:bb:b3:41: + f0:ac:7d:48:81:44:71:41:b9:aa:32:ad:49:10:44: + 31:00:2d:84:01:e1:2d:e5:77:fd:fe:c3:bc:bd:a3: + 3d:95:c4:94:68:f8:8f:05:41:d3:6f:94:b9:d5:2e: + 84:6f:b2:8a:e1:f2:20:ae:56:1b:7c:f0:58:3c:c6: + 82:ac:85:a6:19:d3:a0:1b:3a:7e:ff:d8:d6:5a:a3: + 75:56:a9:20:26:52:48:0e:be:25:2a:c8:f5:39:22: + 8f:c7:3b:e2:60:8b:4c:32:34:b3:c9:0f:88:b8:04: + 00:63:25:c8:f8:25:43:79:bb:7a:a7:4a:52:36:f2: + dd:3a:c9:25:5e:c9:55:6f:2f:ac:7f:ea:88:86:53: + 7e:dc:de:49:3a:6e:c7:33:c4:ae:73:1a:85:af:4d: + cc:b0:19:40:54:8c:69:96:6c:8a:7e:0e:8e:17:47: + 2b:83:45:76:d5:f0:23:48:e9:09:49:99:fd:53:6e: + 81:30:5f:19:09:f5:a3:b0:b0:28:24:40:00:6c:e8: + c9:cc:7c:9d:f6:32:9f:c8:44:19:b1:48:8f:f3:8f: + 66:3e:fa:5b:7f:df:c5:af:b2:8f:0d:7e:8e:83:10: + 22:8f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - A3:6A:AF:46:74:A6:CD:26:44:76:D1:81:2A:03:CE:B7:51:58:33:29 + 09:46:B4:2B:37:45:A9:E7:56:0E:E3:B1:47:93:F7:5F:E3:5C:E2:E4 X509v3 Authority Key Identifier: - keyid:1E:88:21:E6:C7:6E:DC:76:90:45:43:56:DD:DA:B3:5F:50:3D:CA:BB + keyid:47:BA:6A:C7:D7:B6:D1:62:EE:2F:10:C5:1B:4E:09:B4:11:29:89:3E Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -146,41 +146,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 76:a9:bf:ab:a6:23:d0:73:52:0f:ac:fb:15:27:2a:ac:cb:2a: - 99:80:f2:d7:29:ca:e7:5b:68:72:53:df:ea:c7:fb:f6:cb:c4: - 56:af:e1:95:ec:d7:19:b1:94:42:19:d3:71:6f:8b:19:08:46: - 0b:ac:05:e3:b2:cb:81:d5:78:37:92:0b:77:75:73:b0:78:0b: - 2f:b0:ae:a9:39:80:fa:f1:26:62:28:73:18:c9:33:f8:db:1b: - 90:20:54:a8:18:fd:50:4f:63:3c:4f:a7:6e:aa:11:7c:07:f4: - 7c:ad:84:fd:a0:f2:d8:63:84:be:c9:ed:b6:c1:2d:2e:23:8f: - 7e:5f:e3:63:46:89:1f:56:a4:ea:e4:af:85:62:77:29:d6:ce: - 3b:27:69:7b:2f:be:ef:ec:56:59:a8:ea:cf:b9:a0:1d:07:43: - 01:84:0e:37:fd:6b:95:39:7e:be:57:9d:33:89:ed:5d:5d:6a: - f8:32:3d:59:1b:9a:0c:1c:46:70:80:57:ba:30:6d:a6:b0:70: - de:aa:9a:33:bf:5b:ae:33:f3:ee:4d:92:b9:23:22:99:f4:81: - 08:7f:ef:4f:8b:37:ae:27:4c:9b:6d:b5:ac:62:8d:7d:b2:7e: - 2b:89:dc:eb:5d:14:c9:f6:64:b0:cd:5b:4b:38:f1:b3:58:b5: - 07:5d:1a:d9 + a8:a8:01:73:29:1c:e7:16:98:ae:60:46:2f:71:42:3d:82:c7: + b9:b2:84:6e:b1:4f:04:94:a3:00:37:7c:d0:51:9f:44:90:54: + f3:58:10:da:f5:0d:ac:d7:cb:f4:7c:e8:d9:9e:cf:d6:2c:5d: + 7c:d0:13:e1:e0:b3:ef:05:23:f3:8f:14:a5:fd:15:38:12:86: + b4:13:22:82:34:89:12:99:2f:77:50:86:f5:1f:1a:e2:77:27: + b0:ef:10:93:71:f8:83:76:59:c3:6d:c4:7b:11:5d:07:96:54: + 91:d1:a3:0b:58:ef:ee:b1:80:ca:c2:0c:d2:31:8d:20:89:7b: + 1b:c4:9f:df:53:31:ab:76:7b:71:b9:75:aa:ce:d6:be:8d:48: + 0b:55:8c:64:83:39:a5:9e:c2:7e:6c:17:95:2c:29:9e:8a:2a: + 9f:e9:6b:c6:28:c9:41:3f:33:2a:34:df:d2:b6:d0:19:04:cf: + 40:a4:f8:74:ca:70:32:eb:44:34:d5:2a:a5:99:8f:8d:8b:62: + d3:76:67:b8:18:f7:ee:d1:73:8c:8b:e2:a7:a0:d2:61:48:05: + e1:f3:24:9f:4f:ef:2d:b8:cd:aa:86:13:85:d1:06:75:b0:f4: + d2:44:0a:9a:24:a7:1e:b8:f8:ef:55:59:d6:2e:4f:68:96:24: + 96:bc:d0:29 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCgf4Rqj -2jRlRbe7wTvIO5Ii4fsKgob4DEHEizPNtxdVJZy2CZjL7W2BmYh2x7oR7K9htnPP -fFpcXwgu5G/YdLCPEY9tVs0DLnD3WVnJpwyqBtLzopmhGqJWuIgXE9Xe7uj4tYIj -FWIYyWgCcD3StJBLKIcxrbdKnAe16lL9Zt0VZNeIJeGSC3eGr3PYOzSqAr+NpQZQ -VS1VvLvKARvDXY1iNbJkzUtwYczNhW9QSqJB1FqlMKoyPlACZ6qZ7iTHe/j9VCM6 -SrdnZy33ME+00Cin+WRb2Nkgwql17Qv/tvF1vDu+WNr2k2xNuhXNzkzejyKJ0qwV -bWDas4ta6ua6dQIDAQABo4HLMIHIMB0GA1UdDgQWBBSjaq9GdKbNJkR20YEqA863 -UVgzKTAfBgNVHSMEGDAWgBQeiCHmx27cdpBFQ1bd2rNfUD3KuzA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDDX9okN +a21TOtIheSJBRzwa1dyp6hefoIS7s0HwrH1IgURxQbmqMq1JEEQxAC2EAeEt5Xf9 +/sO8vaM9lcSUaPiPBUHTb5S51S6Eb7KK4fIgrlYbfPBYPMaCrIWmGdOgGzp+/9jW +WqN1VqkgJlJIDr4lKsj1OSKPxzviYItMMjSzyQ+IuAQAYyXI+CVDebt6p0pSNvLd +OsklXslVby+sf+qIhlN+3N5JOm7HM8SucxqFr03MsBlAVIxplmyKfg6OF0crg0V2 +1fAjSOkJSZn9U26BMF8ZCfWjsLAoJEAAbOjJzHyd9jKfyEQZsUiP849mPvpbf9/F +r7KPDX6OgxAijwIDAQABo4HLMIHIMB0GA1UdDgQWBBQJRrQrN0Wp51YO47FHk/df +41zi5DAfBgNVHSMEGDAWgBRHumrH17bRYu4vEMUbTgm0ESmJPjA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AHapv6umI9BzUg+s+xUnKqzLKpmA8tcpyudbaHJT3+rH+/bLxFav4ZXs1xmxlEIZ -03FvixkIRgusBeOyy4HVeDeSC3d1c7B4Cy+wrqk5gPrxJmIocxjJM/jbG5AgVKgY -/VBPYzxPp26qEXwH9HythP2g8thjhL7J7bbBLS4jj35f42NGiR9WpOrkr4VidynW -zjsnaXsvvu/sVlmo6s+5oB0HQwGEDjf9a5U5fr5XnTOJ7V1davgyPVkbmgwcRnCA -V7owbaawcN6qmjO/W64z8+5NkrkjIpn0gQh/70+LN64nTJtttaxijX2yfiuJ3Otd -FMn2ZLDNW0s48bNYtQddGtk= +AKioAXMpHOcWmK5gRi9xQj2Cx7myhG6xTwSUowA3fNBRn0SQVPNYENr1DazXy/R8 +6Nmez9YsXXzQE+Hgs+8FI/OPFKX9FTgShrQTIoI0iRKZL3dQhvUfGuJ3J7DvEJNx ++IN2WcNtxHsRXQeWVJHRowtY7+6xgMrCDNIxjSCJexvEn99TMat2e3G5darO1r6N +SAtVjGSDOaWewn5sF5UsKZ6KKp/pa8YoyUE/Myo039K20BkEz0Ck+HTKcDLrRDTV +KqWZj42LYtN2Z7gY9+7Rc4yL4qeg0mFIBeHzJJ9P7y24zaqGE4XRBnWw9NJECpok +px64+O9VWdYuT2iWJJa80Ck= -----END CERTIFICATE----- Certificate: @@ -197,30 +197,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:d2:ee:04:1f:69:cf:1f:13:bf:0c:7f:3b:65:1c: - e6:e3:c6:3d:be:86:27:a6:1a:98:44:9e:76:a7:c7: - d0:fd:bc:0e:92:3e:f8:a1:6e:6a:ac:19:80:26:f8: - 96:2b:27:fb:c1:4f:10:24:6e:9f:53:0f:6e:52:0f: - 59:d1:af:cb:1f:bf:fa:92:6b:d8:bb:9d:5b:48:66: - 4f:8c:5b:72:98:f1:eb:62:59:23:d6:12:dc:de:2b: - e2:78:61:23:2f:21:e5:f5:0b:5c:98:69:f5:15:73: - 3d:a6:9c:f5:c2:77:3b:a0:70:af:48:39:5c:21:ff: - e2:19:34:82:a0:c4:77:6e:45:11:c6:0d:f3:74:a0: - 53:bc:d6:37:6e:17:62:83:43:0c:c8:6e:6a:a3:8f: - 83:b4:85:4f:8b:ce:12:55:f5:f1:80:7b:b3:6c:a1: - 3a:20:0a:7a:9d:7d:ef:35:e7:15:b4:7a:90:04:54: - 68:2d:7a:2d:72:88:99:e7:03:09:55:42:13:9c:55: - e7:f4:3f:3c:66:ab:7c:3d:8b:50:c1:d2:2c:eb:d4: - b8:f4:13:d1:a7:92:b2:97:29:76:94:a6:49:57:d2: - 55:17:86:f1:20:7c:a9:a5:7d:ba:48:cc:87:7e:b4: - 14:27:48:d1:72:c5:18:c2:f8:80:4c:ca:1b:92:94: - 5f:f3 + 00:ea:8d:25:cf:22:ba:d5:46:c6:8f:ef:f9:af:45: + 11:c9:f1:ae:59:85:5d:09:58:3a:af:49:f4:3f:36: + 1b:fc:89:20:f7:35:91:b8:7e:3e:75:ca:27:a4:92: + 9b:3f:a8:e4:36:84:4b:39:55:4d:93:a6:21:0e:c6: + c7:09:aa:7b:70:03:89:5a:b5:d2:52:07:68:e2:f6: + be:e5:6b:8a:fa:75:2e:ab:b4:43:0e:f3:27:c4:79: + ee:60:62:98:b0:3e:ff:05:e0:b5:74:2b:00:4e:6c: + 00:7f:ce:a6:bd:f8:a0:2d:1b:8b:c4:4e:ee:47:d2: + 78:bb:f6:bb:ae:09:d7:71:6e:ff:47:73:ea:2b:00: + 7a:4b:71:a4:9e:6f:5e:98:25:40:ec:70:81:ee:0a: + e4:c6:4d:70:41:74:69:11:d1:d8:75:a6:7f:42:89: + cf:9f:25:aa:68:dd:f7:19:6b:76:be:7c:a8:99:fc: + 35:f6:0a:cb:ff:31:7a:48:93:a1:0b:51:1d:70:97: + bb:7c:c7:30:09:0c:8f:56:6e:fd:e3:48:8a:f2:e7: + dc:f7:0a:ab:ed:7d:f7:0c:17:4d:ec:7b:72:fe:7c: + 63:49:5c:64:06:d5:e0:09:8d:26:9d:27:96:f0:4c: + 41:22:50:f7:e5:bb:e7:b9:09:5c:74:6e:00:cd:a5: + 54:c3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 1E:88:21:E6:C7:6E:DC:76:90:45:43:56:DD:DA:B3:5F:50:3D:CA:BB + 47:BA:6A:C7:D7:B6:D1:62:EE:2F:10:C5:1B:4E:09:B4:11:29:89:3E X509v3 Authority Key Identifier: - keyid:EA:25:A5:9F:40:47:93:DB:8C:A0:6D:18:4A:47:09:4E:05:93:5F:34 + keyid:07:80:F2:64:04:3C:8E:5C:B9:3E:E5:22:7C:93:29:EA:1B:79:A6:59 Authority Information Access: CA Issuers - URI:http://url-for-aia/UberRoot.cer @@ -235,41 +235,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 6f:ff:d2:4d:45:07:b2:52:cf:4b:79:b4:37:b8:08:47:37:0e: - 6d:db:82:92:14:fe:68:31:c1:cc:4a:6f:55:98:8d:8a:47:32: - d5:e4:08:16:eb:68:d2:44:06:55:ec:b7:8b:24:b5:91:c4:a8: - 8d:5b:f5:b2:a3:55:a8:01:a7:ae:bc:a9:71:88:53:c9:81:93: - d8:73:42:4a:eb:fd:07:5a:ee:89:1f:2f:40:c7:45:24:46:1c: - 70:58:12:48:e0:7c:8e:aa:fc:9e:4b:92:83:a0:2f:9a:7e:af: - 18:67:38:18:16:d8:4f:69:11:2e:ee:11:30:a6:4f:41:65:a1: - 1b:a1:0f:04:bd:ec:7a:e4:a5:d1:a3:fe:3c:6f:9a:f1:cd:85: - f3:f5:2d:05:20:08:ff:61:80:14:47:95:b9:00:39:df:dd:61: - 55:2b:12:99:60:2a:d1:f4:54:c8:57:77:b3:0d:32:c3:b0:e3: - 6b:fd:b4:12:91:bc:e7:a1:55:e3:9c:52:a5:7a:e5:a4:66:d0: - f9:a8:23:54:06:fd:73:53:0e:1a:3d:80:0b:6b:71:a0:da:e5: - c9:fc:6f:77:ca:87:c0:3b:24:0b:af:24:46:e6:5a:78:05:1b: - 4f:c6:c2:bc:e3:b0:6f:6e:5a:7e:c3:d0:a5:7c:6d:48:66:bc: - 69:7b:97:d2 + 80:5b:ee:28:80:48:ee:50:45:d0:d0:b4:53:db:85:df:46:02: + 54:6b:90:0c:63:15:d4:e5:d7:9c:30:70:b0:08:3c:a6:f3:31: + 02:dd:a3:2a:52:5e:04:76:fd:ac:87:6e:61:64:25:94:67:ad: + 0a:57:60:54:f1:2f:5a:ed:51:67:2e:f5:2d:9d:6f:f5:f4:aa: + 81:7f:a0:44:be:4f:e0:4e:48:22:e7:d6:96:c0:6b:d9:5d:a2: + 14:79:dc:80:1b:f1:6e:fb:ab:8d:08:f1:57:33:54:67:b9:e6: + 97:0e:49:7d:43:ba:a1:4c:05:3e:05:b3:a8:ce:ab:9b:1e:4a: + 9c:45:b8:99:a0:19:a5:41:b9:19:43:83:6d:8c:ba:c7:cc:09: + d4:95:c5:d5:ad:05:8a:78:d6:61:47:7d:d2:9b:ba:5b:1c:d8: + 64:1c:63:9b:33:5f:90:e4:ee:f3:37:55:e3:22:69:14:30:e8: + 63:45:bc:93:ab:dd:90:04:18:c2:96:e0:5a:8a:62:24:77:8a: + 53:b5:45:cf:d3:d8:99:a7:40:7f:62:c4:ec:0f:b4:f5:f0:53: + a2:9d:c9:2b:7c:0d:69:3b:0a:d7:f3:94:8f:58:f5:e8:4c:fb: + c6:c2:29:35:90:2f:a4:58:5c:ae:f7:04:69:5b:a3:08:57:85: + 5f:12:b6:b9 -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDcTCCAlmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhVYmVy Um9vdDAeFw0xNTAxMDExMjAwMDBaFw0xNjAxMDExMjAwMDBaMA8xDTALBgNVBAMM -BFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS7gQfac8fE78M -fztlHObjxj2+hiemGphEnnanx9D9vA6SPvihbmqsGYAm+JYrJ/vBTxAkbp9TD25S -D1nRr8sfv/qSa9i7nVtIZk+MW3KY8etiWSPWEtzeK+J4YSMvIeX1C1yYafUVcz2m -nPXCdzugcK9IOVwh/+IZNIKgxHduRRHGDfN0oFO81jduF2KDQwzIbmqjj4O0hU+L -zhJV9fGAe7NsoTogCnqdfe815xW0epAEVGgtei1yiJnnAwlVQhOcVef0Pzxmq3w9 -i1DB0izr1Lj0E9GnkrKXKXaUpklX0lUXhvEgfKmlfbpIzId+tBQnSNFyxRjC+IBM -yhuSlF/zAgMBAAGjgdMwgdAwHQYDVR0OBBYEFB6IIebHbtx2kEVDVt3as19QPcq7 -MB8GA1UdIwQYMBaAFOolpZ9AR5PbjKBtGEpHCU4Fk180MDsGCCsGAQUFBwEBBC8w +BFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqjSXPIrrVRsaP +7/mvRRHJ8a5ZhV0JWDqvSfQ/Nhv8iSD3NZG4fj51yiekkps/qOQ2hEs5VU2TpiEO +xscJqntwA4latdJSB2ji9r7la4r6dS6rtEMO8yfEee5gYpiwPv8F4LV0KwBObAB/ +zqa9+KAtG4vETu5H0ni79ruuCddxbv9Hc+orAHpLcaSeb16YJUDscIHuCuTGTXBB +dGkR0dh1pn9Cic+fJapo3fcZa3a+fKiZ/DX2Csv/MXpIk6ELUR1wl7t8xzAJDI9W +bv3jSIry59z3CqvtffcMF03se3L+fGNJXGQG1eAJjSadJ5bwTEEiUPflu+e5CVx0 +bgDNpVTDAgMBAAGjgdMwgdAwHQYDVR0OBBYEFEe6asfXttFi7i8QxRtOCbQRKYk+ +MB8GA1UdIwQYMBaAFAeA8mQEPI5cuT7lInyTKeobeaZZMDsGCCsGAQUFBwEBBC8w LTArBggrBgEFBQcwAoYfaHR0cDovL3VybC1mb3ItYWlhL1ViZXJSb290LmNlcjAw BgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vdXJsLWZvci1jcmwvVWJlclJvb3QuY3Js MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA -A4IBAQBv/9JNRQeyUs9LebQ3uAhHNw5t24KSFP5oMcHMSm9VmI2KRzLV5AgW62jS -RAZV7LeLJLWRxKiNW/Wyo1WoAaeuvKlxiFPJgZPYc0JK6/0HWu6JHy9Ax0UkRhxw -WBJI4HyOqvyeS5KDoC+afq8YZzgYFthPaREu7hEwpk9BZaEboQ8Evex65KXRo/48 -b5rxzYXz9S0FIAj/YYAUR5W5ADnf3WFVKxKZYCrR9FTIV3ezDTLDsONr/bQSkbzn -oVXjnFKleuWkZtD5qCNUBv1zUw4aPYALa3Gg2uXJ/G93yofAOyQLryRG5lp4BRtP -xsK847Bvblp+w9ClfG1IZrxpe5fS +A4IBAQCAW+4ogEjuUEXQ0LRT24XfRgJUa5AMYxXU5decMHCwCDym8zEC3aMqUl4E +dv2sh25hZCWUZ60KV2BU8S9a7VFnLvUtnW/19KqBf6BEvk/gTkgi59aWwGvZXaIU +edyAG/Fu+6uNCPFXM1RnueaXDkl9Q7qhTAU+BbOozqubHkqcRbiZoBmlQbkZQ4Nt +jLrHzAnUlcXVrQWKeNZhR33Sm7pbHNhkHGObM1+Q5O7zN1XjImkUMOhjRbyTq92Q +BBjCluBaimIkd4pTtUXP09iZp0B/YsTsD7T18FOinckrfA1pOwrX85SPWPXoTPvG +wik1kC+kWFyu9wRpW6MIV4VfEra5 -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -281,3 +281,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/unconstrained-root-bad-eku.pem b/chromium/net/data/verify_certificate_chain_unittest/unconstrained-root-bad-eku.pem new file mode 100644 index 00000000000..5c47ad5f480 --- /dev/null +++ b/chromium/net/data/verify_certificate_chain_unittest/unconstrained-root-bad-eku.pem @@ -0,0 +1,291 @@ +[Created by: generate-unconstrained-root-bad-eku.py] + +Certificate chain with 1 intermediate and a trust anchor. The trust anchor +has an EKU that restricts it to clientAuth. Verification is expected to fail as +the end-entity is verified for serverAuth, and the trust anchor enforces +constraints. + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Intermediate + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Target + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:64:a7:01:b2:83:6c:47:bc:2d:30:01:f9:43: + 8c:fc:cc:6b:7c:a4:c7:1c:78:fa:a8:8c:be:1e:9a: + 72:d0:34:1a:56:80:67:67:76:48:8a:9f:c5:3a:68: + 9e:53:c2:35:ce:69:7e:4f:d5:c4:fb:0b:91:3c:af: + 00:26:f4:bf:77:ca:cd:ec:87:f9:6e:05:9b:0c:93: + 1b:f2:6e:c8:10:32:4e:7b:51:1c:22:77:4c:b8:a3: + bd:d6:dc:95:29:9b:4b:b5:d9:ce:ae:91:d8:05:c5: + c5:bf:4a:9c:b7:94:db:d5:a5:e6:b1:44:e1:02:4a: + 1a:dc:21:e5:e6:a6:ba:54:2e:2c:3f:40:f5:fd:5c: + 79:dd:55:6d:9e:e2:ab:db:3c:67:b4:84:db:ba:86: + fd:a0:b5:d8:8b:d0:b8:bc:8b:77:e9:32:31:51:68: + ee:18:17:09:e2:f1:27:79:ca:3c:72:a8:f3:96:25: + 31:24:3a:05:53:d4:89:0a:48:7a:9c:2d:6d:6a:84: + 97:df:34:c9:22:7f:d5:05:f2:2c:91:e9:c4:7f:ab: + d0:ae:76:22:64:ae:be:e2:7f:97:08:ec:86:8a:92: + bf:57:f0:22:f7:91:ff:86:17:62:92:e3:80:8b:19: + 84:14:60:19:00:91:d6:fe:51:96:77:5b:22:0d:32: + 50:07 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + E8:27:22:F1:C3:94:E3:48:C4:4C:45:0D:D6:4E:1C:6E:CF:9D:1B:1B + X509v3 Authority Key Identifier: + keyid:8F:7C:F8:3A:27:33:C2:AB:96:9E:BD:0F:68:E0:C9:58:BB:0B:7C:F2 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Intermediate.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Intermediate.crl + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 2f:90:79:f0:49:4b:78:96:64:2e:4b:6b:b7:4c:09:60:c8:33: + 24:24:f9:7e:e0:f8:2c:e7:ba:b9:41:93:97:c6:1f:ab:fa:95: + 79:9e:23:64:6f:0a:26:d8:91:78:30:13:b3:ae:40:27:19:6e: + b6:49:a4:08:27:fa:0f:c8:cb:b9:9d:34:56:d6:d9:80:fc:df: + 24:2d:e5:0f:b3:4e:22:c4:f3:da:90:4a:fb:e9:b3:37:c1:8f: + d1:2b:18:d4:9b:f1:0d:10:e5:98:9c:0b:4d:0a:90:92:4f:50: + 39:87:be:52:79:39:db:c1:aa:bc:df:a8:33:66:87:cb:4f:91: + d8:00:21:8d:84:7b:ba:b4:d9:fa:6a:b5:06:33:cc:ef:5a:31: + c3:4f:c7:49:f7:59:05:b7:c4:76:58:f6:78:8c:bb:4e:95:5d: + a0:b7:da:e3:74:6d:4b:0f:c5:f1:c0:fd:e4:d4:68:3e:18:80: + 2a:f1:82:6b:c8:d7:b5:70:85:4a:1e:71:ed:d2:69:7e:57:ff: + 19:41:b5:64:aa:57:9d:08:0f:b2:74:90:d6:15:fd:9e:f0:06: + 55:91:e9:f8:87:a1:85:9e:1f:dc:9f:33:52:c6:aa:16:a2:12: + b5:87:b3:9f:5c:52:f7:45:54:11:41:f0:64:1d:43:0e:9b:17: + 00:4a:ea:21 +-----BEGIN CERTIFICATE----- +MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl +cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAZKcB +soNsR7wtMAH5Q4z8zGt8pMccePqojL4emnLQNBpWgGdndkiKn8U6aJ5TwjXOaX5P +1cT7C5E8rwAm9L93ys3sh/luBZsMkxvybsgQMk57URwid0y4o73W3JUpm0u12c6u +kdgFxcW/Spy3lNvVpeaxROECShrcIeXmprpULiw/QPX9XHndVW2e4qvbPGe0hNu6 +hv2gtdiL0Li8i3fpMjFRaO4YFwni8Sd5yjxyqPOWJTEkOgVT1IkKSHqcLW1qhJff +NMkif9UF8iyR6cR/q9CudiJkrr7if5cI7IaKkr9X8CL3kf+GF2KS44CLGYQUYBkA +kdb+UZZ3WyINMlAHAgMBAAGjgekwgeYwHQYDVR0OBBYEFOgnIvHDlONIxExFDdZO +HG7PnRsbMB8GA1UdIwQYMBaAFI98+DonM8Krlp69D2jgyVi7C3zyMD8GCCsGAQUF +BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk +aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu +dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAL5B58ElLeJZkLktrt0wJ +YMgzJCT5fuD4LOe6uUGTl8Yfq/qVeZ4jZG8KJtiReDATs65AJxlutkmkCCf6D8jL +uZ00VtbZgPzfJC3lD7NOIsTz2pBK++mzN8GP0SsY1JvxDRDlmJwLTQqQkk9QOYe+ +Unk528GqvN+oM2aHy0+R2AAhjYR7urTZ+mq1BjPM71oxw0/HSfdZBbfEdlj2eIy7 +TpVdoLfa43RtSw/F8cD95NRoPhiAKvGCa8jXtXCFSh5x7dJpflf/GUG1ZKpXnQgP +snSQ1hX9nvAGVZHp+IehhZ4f3J8zUsaqFqIStYezn1xS90VUEUHwZB1DDpsXAErq +IQ== +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Intermediate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a8:e7:5f:fa:d0:9d:f1:e1:e4:87:7f:62:7e:1c: + 89:02:66:64:9e:d5:a0:81:f3:65:68:d7:8d:02:37: + 99:da:e8:85:00:51:b4:69:e9:57:29:09:51:c2:78: + c8:ee:bb:87:62:4a:a8:46:c3:d4:06:e5:f0:c2:33: + 68:13:f7:55:c5:44:42:14:1e:d7:65:a4:a1:b6:67: + 38:e0:c2:72:65:ee:ad:f5:94:34:93:4f:e9:d8:a5: + 93:98:05:34:e5:f6:0f:3b:71:84:39:71:9b:b6:10: + 47:37:ef:87:d2:98:29:a4:f1:18:e7:f4:3b:52:af: + 34:b1:39:34:9a:49:b4:7a:ed:21:2c:60:b2:01:e8: + cb:b6:ad:f8:00:95:85:a9:87:91:90:05:54:0b:2e: + 9d:4c:79:c4:c8:6d:72:ab:23:5b:d0:2b:90:3c:5b: + 53:ed:da:56:39:38:37:45:43:17:3d:81:d5:49:97: + 23:88:83:9f:bf:86:8d:52:af:3d:86:45:f1:1e:e8: + dd:8f:4f:fe:da:b5:35:cb:e0:02:ba:8e:6b:61:4a: + f2:c6:5d:d7:02:95:71:23:9e:7b:99:96:cf:ac:df: + 20:2a:2d:fe:0c:42:72:c6:b8:c3:81:81:3e:a0:8d: + 62:41:17:14:f5:24:67:f1:6c:af:c6:0c:94:09:fb: + 56:07 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 8F:7C:F8:3A:27:33:C2:AB:96:9E:BD:0F:68:E0:C9:58:BB:0B:7C:F2 + X509v3 Authority Key Identifier: + keyid:91:69:0D:94:34:B5:BA:AF:F1:DD:99:22:88:15:2B:83:B1:37:B2:54 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + ad:25:a4:2d:f2:86:a4:d2:af:47:2c:0f:9d:8f:8b:a8:39:c1: + 3f:32:d3:62:dc:02:69:1e:2d:ce:43:63:0f:78:19:73:da:49: + 13:9e:32:e8:5f:61:cd:02:64:1b:b5:3c:c9:00:8d:26:ef:d2: + 90:db:61:a9:19:59:70:e6:70:0b:d9:2b:ee:8f:00:3c:1b:50: + ce:07:35:3c:49:af:74:6a:36:24:1a:6c:4b:56:99:9c:ac:88: + 79:a0:a7:56:87:35:66:c2:22:1d:79:19:a0:d8:f3:27:25:a3: + 92:c8:49:ce:3f:06:a1:49:02:9b:09:d4:9a:1c:c7:b5:19:26: + 31:95:6c:c4:7e:c3:fb:54:0e:62:8e:d4:13:bd:47:8e:64:be: + 20:c5:f8:4d:c0:51:3b:2d:ca:e6:0e:b6:4e:26:38:91:aa:87: + 5f:c9:41:2f:93:45:b8:5c:71:47:06:6f:6e:d6:ac:dd:84:b3: + cc:4d:c8:8d:dd:dd:41:7e:d8:24:a7:d4:48:74:4a:fe:d1:61: + 2d:8b:9b:ad:08:40:78:cb:13:9d:67:25:9a:d8:c7:46:a2:71: + a0:81:b5:8f:67:f5:04:84:c3:8f:0f:6b:33:8a:2b:21:a3:1c: + 5a:f4:5d:66:21:50:9d:a4:51:2a:2a:e9:39:c8:44:2c:f3:1f: + 52:02:b4:0a +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOdf+tCd +8eHkh39ifhyJAmZkntWggfNlaNeNAjeZ2uiFAFG0aelXKQlRwnjI7ruHYkqoRsPU +BuXwwjNoE/dVxURCFB7XZaShtmc44MJyZe6t9ZQ0k0/p2KWTmAU05fYPO3GEOXGb +thBHN++H0pgppPEY5/Q7Uq80sTk0mkm0eu0hLGCyAejLtq34AJWFqYeRkAVUCy6d +THnEyG1yqyNb0CuQPFtT7dpWOTg3RUMXPYHVSZcjiIOfv4aNUq89hkXxHujdj0/+ +2rU1y+ACuo5rYUryxl3XApVxI557mZbPrN8gKi3+DEJyxrjDgYE+oI1iQRcU9SRn +8WyvxgyUCftWBwIDAQABo4HLMIHIMB0GA1UdDgQWBBSPfPg6JzPCq5aevQ9o4MlY +uwt88jAfBgNVHSMEGDAWgBSRaQ2UNLW6r/HdmSKIFSuDsTeyVDA3BggrBgEFBQcB +AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +AK0lpC3yhqTSr0csD52Pi6g5wT8y02LcAmkeLc5DYw94GXPaSROeMuhfYc0CZBu1 +PMkAjSbv0pDbYakZWXDmcAvZK+6PADwbUM4HNTxJr3RqNiQabEtWmZysiHmgp1aH +NWbCIh15GaDY8yclo5LISc4/BqFJApsJ1Jocx7UZJjGVbMR+w/tUDmKO1BO9R45k +viDF+E3AUTstyuYOtk4mOJGqh1/JQS+TRbhccUcGb27WrN2Es8xNyI3d3UF+2CSn +1Eh0Sv7RYS2Lm60IQHjLE51nJZrYx0aicaCBtY9n9QSEw48PazOKKyGjHFr0XWYh +UJ2kUSoq6TnIRCzzH1ICtAo= +-----END CERTIFICATE----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Root + Validity + Not Before: Jan 1 12:00:00 2015 GMT + Not After : Jan 1 12:00:00 2016 GMT + Subject: CN=Root + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:af:9d:d7:d1:a5:91:6e:5d:17:d4:89:85:95:b8: + cf:e3:e3:fb:94:dd:cc:c0:99:59:24:ac:c0:4d:cc: + 4b:37:88:38:3c:a1:60:06:96:8d:1b:6b:e7:2b:b8: + 71:9e:54:4b:cd:c4:4d:93:b6:3b:3f:7a:a2:c6:3b: + ea:9f:36:8d:e5:b0:0f:9e:27:58:7c:f8:fb:6f:e8: + ae:0c:bb:69:02:60:21:d1:bd:dc:e1:33:23:8d:c5: + 5f:dc:ff:33:71:95:98:77:07:69:c0:71:2a:bf:62: + eb:b6:e5:cc:2e:3a:98:1c:7b:a4:a7:cb:ba:e5:ab: + 22:32:fb:d5:03:1a:03:b7:d1:9f:d9:56:69:ae:b1: + 51:e7:8d:06:ca:2a:f9:25:43:af:92:a1:f7:40:60: + 85:5a:33:67:2a:62:ad:6e:4a:9a:02:1b:c4:e3:89: + 38:d3:06:eb:a3:8c:ce:a8:c8:49:5a:4e:08:b2:7e: + 00:16:92:60:4b:ff:77:2d:53:e7:2c:f3:2c:51:b3: + 16:87:67:28:43:10:d3:6c:d6:c2:96:97:a3:c8:8e: + 0b:ae:f1:56:13:bb:1b:ca:7f:2d:59:cc:37:fc:47: + 9d:f7:c9:0a:66:19:87:3d:13:66:50:0b:52:0d:13: + 33:6c:0b:fc:fb:88:cf:34:7b:9f:6f:6e:7e:36:ac: + ec:39 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 91:69:0D:94:34:B5:BA:AF:F1:DD:99:22:88:15:2B:83:B1:37:B2:54 + X509v3 Authority Key Identifier: + keyid:91:69:0D:94:34:B5:BA:AF:F1:DD:99:22:88:15:2B:83:B1:37:B2:54 + + Authority Information Access: + CA Issuers - URI:http://url-for-aia/Root.cer + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://url-for-crl/Root.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Extended Key Usage: + TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + 99:8a:58:6e:00:02:f6:8e:69:28:b4:58:15:27:8e:10:aa:46: + 74:32:17:23:b4:06:c5:c6:71:8e:2a:f7:9d:03:97:9a:82:93: + a3:a0:f2:39:ee:2c:e8:ed:d6:d2:d5:bd:b0:87:c1:94:e8:66: + 2d:01:af:9f:9b:90:88:66:3d:19:be:c8:ad:5b:53:7a:01:f1: + db:7e:3a:d3:aa:af:16:cc:fb:eb:b0:45:c0:2d:ab:b3:1b:65: + d4:94:b6:71:5d:84:3b:0a:81:07:00:14:c5:e9:b9:3e:db:6d: + cf:b0:5f:46:73:51:8c:5f:3f:44:45:26:28:b6:1b:53:eb:c3: + 0b:52:58:71:21:0d:e3:7c:60:cb:86:10:64:96:ca:e4:02:b3: + 7a:94:57:c8:1e:d5:df:b6:64:06:8b:42:3e:3c:e4:44:09:2e: + fe:bc:cd:60:f6:f8:e0:d5:93:d1:8d:36:8f:31:11:53:25:8e: + 0d:e5:52:4b:b6:05:35:ee:7f:a4:a1:d5:75:26:79:de:e0:71: + 19:13:b6:45:e7:b5:e3:66:e8:6a:35:51:b9:88:56:0b:b6:d9: + b7:8b:38:13:3a:ca:52:b8:02:4f:01:5c:52:aa:d0:f5:c2:1c: + bf:ed:60:12:30:fa:c8:ce:86:91:8a:c2:eb:30:88:53:15:e8: + 7f:14:93:1a +-----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- +MIIDejCCAmKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK+d19GlkW5dF9SJhZW4 +z+Pj+5TdzMCZWSSswE3MSzeIODyhYAaWjRtr5yu4cZ5US83ETZO2Oz96osY76p82 +jeWwD54nWHz4+2/orgy7aQJgIdG93OEzI43FX9z/M3GVmHcHacBxKr9i67blzC46 +mBx7pKfLuuWrIjL71QMaA7fRn9lWaa6xUeeNBsoq+SVDr5Kh90BghVozZypirW5K +mgIbxOOJONMG66OMzqjISVpOCLJ+ABaSYEv/dy1T5yzzLFGzFodnKEMQ02zWwpaX +o8iOC67xVhO7G8p/LVnMN/xHnffJCmYZhz0TZlALUg0TM2wL/PuIzzR7n29ufjas +7DkCAwEAAaOB4DCB3TAdBgNVHQ4EFgQUkWkNlDS1uq/x3ZkiiBUrg7E3slQwHwYD +VR0jBBgwFoAUkWkNlDS1uq/x3ZkiiBUrg7E3slQwNwYIKwYBBQUHAQEEKzApMCcG +CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw +IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqG +SIb3DQEBCwUAA4IBAQCZilhuAAL2jmkotFgVJ44QqkZ0MhcjtAbFxnGOKvedA5ea +gpOjoPI57izo7dbS1b2wh8GU6GYtAa+fm5CIZj0ZvsitW1N6AfHbfjrTqq8WzPvr +sEXALauzG2XUlLZxXYQ7CoEHABTF6bk+223PsF9Gc1GMXz9ERSYothtT68MLUlhx +IQ3jfGDLhhBklsrkArN6lFfIHtXftmQGi0I+PORECS7+vM1g9vjg1ZPRjTaPMRFT +JY4N5VJLtgU17n+kodV1Jnne4HEZE7ZF57XjZuhqNVG5iFYLttm3izgTOspSuAJP +AVxSqtD1why/7WASMPrIzoaRisLrMIhTFeh/FJMa +-----END TRUST_ANCHOR_UNCONSTRAINED----- + +150302120000Z +-----BEGIN TIME----- +MTUwMzAyMTIwMDAwWg== +-----END TIME----- + +SUCCESS +-----BEGIN VERIFY_RESULT----- +U1VDQ0VTUw== +-----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/unconstrained-root-basic-constraints-ca-false.pem b/chromium/net/data/verify_certificate_chain_unittest/unconstrained-root-basic-constraints-ca-false.pem index 65bdb9c8f26..d059ac425d0 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/unconstrained-root-basic-constraints-ca-false.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/unconstrained-root-basic-constraints-ca-false.pem @@ -19,30 +19,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c8:04:f4:49:c8:99:48:ae:4b:8a:66:a6:19:29: - b8:4f:52:af:29:88:34:6c:07:db:a9:a7:99:7e:09: - bb:07:7a:7b:35:11:39:a5:4d:f9:54:e3:b7:8e:9c: - 66:37:62:bc:5f:2d:f4:1f:ba:b0:fd:4b:0b:a6:59: - 0c:94:d6:53:aa:7b:97:fc:bd:7f:72:e6:99:a7:04: - a5:b2:02:67:3d:9f:cb:c1:2c:48:f7:a4:a3:d4:30: - b6:8b:96:a9:ad:78:9c:1d:19:2a:28:ac:89:46:81: - eb:32:f1:11:bc:44:32:f0:3b:70:8d:53:4b:5e:ed: - 9b:e2:f8:2d:a5:e0:69:cf:11:6b:0b:3e:33:02:f9: - 66:e8:2e:93:15:d9:42:81:04:71:17:10:c8:04:81: - cb:11:6b:20:7c:f8:ef:71:8c:04:3a:51:ae:e7:69: - 7a:66:3b:fc:52:53:19:97:39:51:38:d3:5c:9b:93: - 48:09:e8:5d:18:3a:45:66:70:b1:f2:05:3d:15:ef: - fd:8e:c7:b2:37:da:97:15:04:ec:02:f6:9d:40:b2: - 22:02:bc:09:68:70:e8:4d:85:7a:c9:dd:d0:9b:85: - a8:06:2c:ce:15:e7:53:df:79:c6:ad:57:83:c4:8a: - a1:eb:ef:ac:d0:b8:54:93:54:f3:24:91:41:a9:b2: - 92:0d + 00:bc:8b:25:82:f8:93:bd:ae:89:cf:59:59:0a:5a: + 05:f9:59:76:ef:5a:8a:1a:65:8f:37:99:8b:21:5d: + df:47:22:c1:d4:94:88:15:b6:14:ba:c1:ec:b8:ac: + da:f7:0f:bb:cf:61:fa:f5:cb:ce:e7:a7:27:15:97: + 19:3a:28:b6:e6:51:7f:09:20:f0:36:a3:cc:cf:8e: + e7:8d:87:c2:3d:d2:66:e7:01:0a:dc:df:fe:eb:5a: + 4e:8e:07:de:2b:26:95:d3:8f:63:e2:5b:ba:0c:fc: + a5:1c:d2:43:ee:7d:90:06:5b:87:23:ad:a7:4f:8e: + ee:0e:2a:e3:94:24:ac:d5:f7:bc:ab:2a:66:76:e4: + 78:0a:3a:15:44:c6:1a:47:9b:3b:54:b6:b7:76:d9: + 80:5f:d0:07:b8:48:40:00:d0:6e:3e:cd:a4:a5:08: + 3a:9b:04:c9:68:c5:d5:3b:0d:a2:24:0a:89:ce:09: + 0c:90:7d:1c:4c:24:7c:99:f0:38:df:76:83:6f:91: + 5f:54:2a:d9:89:d3:cc:6e:3c:c1:90:9b:95:5c:32: + 77:fd:6a:5c:fb:9d:c9:5b:b3:e0:9d:93:9f:86:78: + 6b:69:ad:ce:92:3d:ab:48:e6:d8:7c:fc:b2:55:43: + 50:d1:2f:6e:a0:5e:d5:e4:99:19:ec:05:5b:d5:f2: + 2b:fb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 58:5A:D4:08:69:E1:A6:80:04:B2:43:1E:B5:EA:25:03:CC:A6:5A:EF + 3B:DE:3D:EC:2F:D9:87:55:C0:F8:45:12:9B:5D:4E:DD:4D:04:19:9A X509v3 Authority Key Identifier: - keyid:24:F8:6B:40:18:23:4E:B7:94:1D:E3:CA:38:B3:BF:9D:67:F2:7E:16 + keyid:42:65:98:98:17:C6:9F:8F:D0:8C:4C:77:98:94:8A:0A:81:D7:64:D1 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -57,42 +57,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 8c:66:31:d0:85:64:e5:17:c7:fa:55:f9:9d:b9:1b:b2:07:b6: - c4:7a:ca:9b:94:12:46:af:4e:07:5a:60:26:07:e5:a8:c7:c2: - e1:8d:e3:cc:79:b4:f0:f5:c5:7f:6f:35:5b:be:94:6a:b0:51: - 66:ce:b6:46:69:66:2b:f5:46:92:10:18:2d:28:8d:5b:eb:61: - ad:37:2e:03:b0:46:03:e0:b3:2e:28:3f:b6:c7:94:fc:a1:c4: - 57:97:23:4c:51:39:d6:66:83:aa:1e:57:37:70:b5:89:c9:33: - ad:d4:be:97:95:57:89:3a:32:e3:dc:83:ef:5d:78:f8:fa:e0: - 26:12:6e:b2:f4:00:f1:ac:af:e4:be:7c:e7:8e:60:53:b6:e2: - e1:99:bb:ba:35:ff:8d:08:52:a1:7d:2d:0b:46:56:4e:6b:9a: - 9e:f4:0e:eb:95:a4:95:e7:7b:08:d3:55:3f:95:c8:76:34:12: - c3:27:9a:f0:bb:0d:8c:0f:c7:56:b1:2c:c9:34:94:22:b6:c6: - a9:df:72:57:88:9e:06:01:e6:52:45:16:e6:aa:1d:ac:93:6e: - c0:5c:eb:b4:91:d7:01:8e:27:8c:00:7f:17:0a:f5:84:42:12: - d3:54:01:b5:bd:7e:0d:29:24:ee:2a:03:07:76:86:42:10:e1: - 5c:ac:32:9c + 3b:3a:6d:c6:68:b7:6f:f7:d3:35:38:a9:38:d1:6c:19:e1:65: + a0:8f:4a:2d:88:e0:ae:a2:d0:41:21:a0:88:ca:0b:07:bf:3b: + 6b:4a:4e:57:96:65:0b:a1:f9:2c:82:dd:5b:4f:ae:27:ee:33: + 2c:10:81:98:79:43:e1:c7:d3:32:0e:cd:c6:7b:c0:ec:f6:f9: + a5:e1:d9:dd:d8:d8:84:9f:2f:ae:d1:1a:36:ac:a1:c6:3b:23: + fb:e7:62:5a:eb:e9:80:cb:80:32:b4:d6:d6:79:9d:55:43:63: + 5e:d0:af:a4:19:2d:64:40:8e:6b:bd:ad:72:70:b4:91:97:7b: + e3:46:22:8f:ac:5b:a0:55:07:09:1e:68:c4:4b:94:1e:3d:e6: + e3:28:55:5c:ad:20:7c:52:71:e9:24:f6:bd:81:61:53:f0:20: + 06:81:58:af:ed:73:22:9d:71:5d:09:78:9a:bb:dd:53:f1:d1: + 27:48:c7:ef:5b:02:40:56:07:c9:c6:ec:60:88:41:cc:0b:15: + 5c:65:8c:28:15:15:76:19:f9:38:79:f3:3c:1b:de:c2:c6:87: + f8:d2:f8:48:4e:6e:e8:5a:b8:b0:2e:2a:76:67:95:a9:50:f2: + ad:2c:6b:d4:c0:72:e0:58:b8:0b:20:5b:bb:84:80:69:50:b9: + b7:9c:05:9d -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIBPRJ -yJlIrkuKZqYZKbhPUq8piDRsB9upp5l+CbsHens1ETmlTflU47eOnGY3YrxfLfQf -urD9SwumWQyU1lOqe5f8vX9y5pmnBKWyAmc9n8vBLEj3pKPUMLaLlqmteJwdGSoo -rIlGgesy8RG8RDLwO3CNU0te7Zvi+C2l4GnPEWsLPjMC+WboLpMV2UKBBHEXEMgE -gcsRayB8+O9xjAQ6Ua7naXpmO/xSUxmXOVE401ybk0gJ6F0YOkVmcLHyBT0V7/2O -x7I32pcVBOwC9p1AsiICvAlocOhNhXrJ3dCbhagGLM4V51PfecatV4PEiqHr76zQ -uFSTVPMkkUGpspINAgMBAAGjgekwgeYwHQYDVR0OBBYEFFha1Ahp4aaABLJDHrXq -JQPMplrvMB8GA1UdIwQYMBaAFCT4a0AYI063lB3jyjizv51n8n4WMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8iyWC ++JO9ronPWVkKWgX5WXbvWooaZY83mYshXd9HIsHUlIgVthS6wey4rNr3D7vPYfr1 +y87npycVlxk6KLbmUX8JIPA2o8zPjueNh8I90mbnAQrc3/7rWk6OB94rJpXTj2Pi +W7oM/KUc0kPufZAGW4cjradPju4OKuOUJKzV97yrKmZ25HgKOhVExhpHmztUtrd2 +2YBf0Ae4SEAA0G4+zaSlCDqbBMloxdU7DaIkConOCQyQfRxMJHyZ8DjfdoNvkV9U +KtmJ08xuPMGQm5VcMnf9alz7nclbs+Cdk5+GeGtprc6SPatI5th8/LJVQ1DRL26g +XtXkmRnsBVvV8iv7AgMBAAGjgekwgeYwHQYDVR0OBBYEFDvePewv2YdVwPhFEptd +Tt1NBBmaMB8GA1UdIwQYMBaAFEJlmJgXxp+P0IxMd5iUigqB12TRMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAjGYx0IVk5RfH+lX5nbkb -sge2xHrKm5QSRq9OB1pgJgflqMfC4Y3jzHm08PXFf281W76UarBRZs62RmlmK/VG -khAYLSiNW+thrTcuA7BGA+CzLig/tseU/KHEV5cjTFE51maDqh5XN3C1ickzrdS+ -l5VXiToy49yD7114+PrgJhJusvQA8ayv5L58545gU7bi4Zm7ujX/jQhSoX0tC0ZW -TmuanvQO65Wkled7CNNVP5XIdjQSwyea8LsNjA/HVrEsyTSUIrbGqd9yV4ieBgHm -UkUW5qodrJNuwFzrtJHXAY4njAB/Fwr1hEIS01QBtb1+DSkk7ioDB3aGQhDhXKwy -nA== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAOzptxmi3b/fTNTipONFs +GeFloI9KLYjgrqLQQSGgiMoLB787a0pOV5ZlC6H5LILdW0+uJ+4zLBCBmHlD4cfT +Mg7NxnvA7Pb5peHZ3djYhJ8vrtEaNqyhxjsj++diWuvpgMuAMrTW1nmdVUNjXtCv +pBktZECOa72tcnC0kZd740Yij6xboFUHCR5oxEuUHj3m4yhVXK0gfFJx6ST2vYFh +U/AgBoFYr+1zIp1xXQl4mrvdU/HRJ0jH71sCQFYHycbsYIhBzAsVXGWMKBUVdhn5 +OHnzPBvewsaH+NL4SE5u6Fq4sC4qdmeVqVDyrSxr1MBy4Fi4CyBbu4SAaVC5t5wF +nQ== -----END CERTIFICATE----- Certificate: @@ -109,30 +109,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b4:44:74:3c:31:93:a2:8c:74:39:b1:50:1d:1c: - 86:f8:ac:e7:45:73:11:9a:9c:8e:31:4a:84:81:0b: - 6a:4b:38:13:eb:63:47:85:e7:2f:81:98:d2:f9:73: - a7:3b:3f:33:6e:21:51:7e:d1:36:4a:84:6f:b5:ce: - 26:c5:1c:b6:fd:75:77:e4:8f:73:1a:3f:f9:e5:88: - d2:74:a8:6c:6e:50:f0:56:a5:58:ad:5a:69:0f:4a: - d1:fd:58:53:0a:e3:86:17:ff:37:48:7a:3b:a7:6d: - f5:c2:eb:f5:c7:60:17:d1:36:69:99:34:b8:a3:f7: - 4b:a2:02:b1:0e:b9:81:2a:80:e9:da:e4:d8:40:82: - a3:e8:da:00:53:8e:89:32:e8:71:61:a0:1b:ee:a2: - f2:c7:fc:bb:0c:6b:71:d6:90:dc:a7:dd:bd:6f:97: - 5f:5c:d5:bb:1a:d3:6f:d2:6b:30:32:6d:b0:eb:9f: - 92:17:6d:b9:7f:e3:20:a0:16:43:6b:a2:4c:7f:37: - 4e:26:04:8e:5c:1a:cc:2b:e3:37:8e:90:75:1b:b9: - b7:45:e2:41:1f:b0:af:b3:d1:85:56:a2:b0:b1:ad: - 73:07:de:64:60:56:c4:8c:9f:48:d8:50:63:f8:c1: - 6b:c5:f1:f3:11:9e:5e:1d:56:55:60:12:82:9c:93: - 61:91 + 00:c3:e9:a8:bd:06:60:69:85:3a:a7:f0:03:c0:2a: + af:29:6c:9e:43:70:27:de:bf:59:4c:a1:8a:b0:25: + 54:93:d4:5d:50:37:f6:97:88:c1:14:95:cc:ae:d9: + 4f:b7:b2:b4:79:43:67:2e:94:02:13:87:9d:96:8d: + 8b:11:04:27:d9:77:6d:d1:46:fa:c0:39:a9:1d:38: + 9e:96:06:fb:d9:43:49:de:ed:92:7a:a2:74:48:c6: + 06:8e:52:22:53:57:05:b1:3a:89:8d:d6:33:a1:46: + 10:87:fd:3d:72:de:7d:d3:12:ab:f8:1a:26:06:41: + de:09:bb:b6:50:58:b6:48:69:4a:d7:c9:b0:23:b5: + 0d:bf:e5:11:0c:03:ed:42:37:79:91:86:cd:c6:95: + 3e:8b:4e:8e:85:79:44:22:0f:ab:8b:37:9c:46:55: + d1:3c:4e:80:bc:35:37:b7:c7:ee:f7:b4:49:0c:33: + 67:8d:9f:61:72:02:23:2a:74:5f:f5:9c:d8:4b:02: + bf:47:c7:d9:b2:13:6b:0e:79:3d:cd:8e:d8:90:be: + 96:5e:1b:4f:ad:a5:65:85:39:5f:c3:d9:99:43:09: + 8a:cf:0a:4f:a5:87:64:f3:08:7c:b0:4c:59:e7:22: + dd:5d:97:d1:a6:68:b0:ee:fc:7d:bc:ec:50:15:fd: + b5:01 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 24:F8:6B:40:18:23:4E:B7:94:1D:E3:CA:38:B3:BF:9D:67:F2:7E:16 + 42:65:98:98:17:C6:9F:8F:D0:8C:4C:77:98:94:8A:0A:81:D7:64:D1 X509v3 Authority Key Identifier: - keyid:3E:6C:67:DF:AB:EE:20:0E:C6:98:F6:9A:1E:AD:BE:AF:AD:72:D8:86 + keyid:33:6B:8D:78:C0:44:69:F0:4C:2A:3C:D6:97:9C:61:81:70:86:42:C7 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -147,41 +147,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - a2:28:e4:cb:e5:d2:31:bd:7a:6c:60:60:75:59:27:9a:3a:11: - 52:17:37:53:82:12:4d:f6:0c:d5:bf:45:51:4d:eb:8e:8a:c7: - 01:c3:55:3e:9f:16:48:69:84:f2:e7:ad:7a:a4:32:66:c4:19: - 39:1e:7c:31:01:42:59:3c:92:b9:aa:59:a5:b9:40:56:e5:4d: - 0f:49:de:79:a9:72:77:95:5b:c3:de:b0:36:84:08:60:ea:21: - b9:d5:b4:bc:bf:f7:f0:f7:ea:5f:5f:fe:c8:3e:dc:b0:54:0e: - 16:dd:c0:c2:d4:9f:c4:a0:e1:b3:52:0c:ee:43:0e:e7:a0:2f: - 5e:25:92:51:6c:e7:a1:70:f8:f1:7e:83:e3:ea:a4:5d:a9:fb: - 3a:c0:64:43:06:b5:a5:7e:48:e8:d3:20:52:df:06:4c:15:2e: - bb:54:49:7e:26:e5:eb:5b:82:80:8f:27:d3:e0:d0:28:5f:e8: - c0:7d:40:e5:e3:81:bf:2d:83:8f:7f:c4:7c:9b:24:f1:e7:1c: - 81:90:bf:15:5a:db:4c:e8:09:f8:9b:9a:ba:f4:ad:b0:d7:66: - d5:b8:af:15:02:a1:e0:84:12:8c:68:24:9e:47:3c:4d:b8:da: - 60:44:a1:fb:1d:d1:4b:b6:3a:22:a4:b9:6c:27:65:24:a6:6e: - 57:c6:62:b9 + 1f:29:f6:78:fc:b5:44:a5:bf:ab:a3:bc:35:44:b9:52:01:09: + 3f:5f:dd:97:5e:d0:2b:ed:3d:f1:de:0c:47:a0:97:b6:7b:fe: + 43:c1:79:05:f2:b5:e7:9d:10:c6:12:0f:86:a7:d1:dd:57:d0: + dc:c7:73:62:37:6f:07:39:2a:6c:7a:7a:b8:a7:7e:dc:62:09: + 54:e8:4f:5e:31:e2:d4:8f:a5:aa:91:cc:a0:a3:b9:85:d6:0b: + 66:7d:f2:77:40:25:48:10:a1:fc:ce:b2:5c:15:0c:af:0e:a2: + 9f:eb:c7:e5:9a:00:de:85:1b:b9:9b:54:a4:68:f7:7c:b5:dd: + 6a:bb:27:01:9c:b5:8f:8a:b9:2e:b3:88:8d:17:29:1f:ee:c0: + e1:7c:ef:5b:15:27:c2:a0:29:bb:2a:a9:f4:ba:b7:3a:f2:9d: + 17:75:3a:39:05:2f:90:23:9a:9a:82:6d:d7:7b:31:88:03:40: + 50:99:62:a9:e6:04:2c:d4:8f:2c:85:12:1e:c9:d0:e5:f4:ea: + 8c:d5:55:a4:95:e4:03:5a:d1:4e:f2:27:a2:95:7f:6f:31:45: + ed:ca:4f:20:5e:30:e4:65:cf:40:14:3a:97:c6:d0:b2:4e:b3: + dc:df:70:ed:c8:41:de:1e:15:63:19:51:52:7e:b0:87:9d:ba: + 03:b0:70:72 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtER0PDGT -oox0ObFQHRyG+KznRXMRmpyOMUqEgQtqSzgT62NHhecvgZjS+XOnOz8zbiFRftE2 -SoRvtc4mxRy2/XV35I9zGj/55YjSdKhsblDwVqVYrVppD0rR/VhTCuOGF/83SHo7 -p231wuv1x2AX0TZpmTS4o/dLogKxDrmBKoDp2uTYQIKj6NoAU46JMuhxYaAb7qLy -x/y7DGtx1pDcp929b5dfXNW7GtNv0mswMm2w65+SF225f+MgoBZDa6JMfzdOJgSO -XBrMK+M3jpB1G7m3ReJBH7Cvs9GFVqKwsa1zB95kYFbEjJ9I2FBj+MFrxfHzEZ5e -HVZVYBKCnJNhkQIDAQABo4HLMIHIMB0GA1UdDgQWBBQk+GtAGCNOt5Qd48o4s7+d -Z/J+FjAfBgNVHSMEGDAWgBQ+bGffq+4gDsaY9poerb6vrXLYhjA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+movQZg +aYU6p/ADwCqvKWyeQ3An3r9ZTKGKsCVUk9RdUDf2l4jBFJXMrtlPt7K0eUNnLpQC +E4edlo2LEQQn2Xdt0Ub6wDmpHTielgb72UNJ3u2SeqJ0SMYGjlIiU1cFsTqJjdYz +oUYQh/09ct590xKr+BomBkHeCbu2UFi2SGlK18mwI7UNv+URDAPtQjd5kYbNxpU+ +i06OhXlEIg+rizecRlXRPE6AvDU3t8fu97RJDDNnjZ9hcgIjKnRf9ZzYSwK/R8fZ +shNrDnk9zY7YkL6WXhtPraVlhTlfw9mZQwmKzwpPpYdk8wh8sExZ5yLdXZfRpmiw +7vx9vOxQFf21AQIDAQABo4HLMIHIMB0GA1UdDgQWBBRCZZiYF8afj9CMTHeYlIoK +gddk0TAfBgNVHSMEGDAWgBQza414wERp8EwqPNaXnGGBcIZCxzA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AKIo5Mvl0jG9emxgYHVZJ5o6EVIXN1OCEk32DNW/RVFN646KxwHDVT6fFkhphPLn -rXqkMmbEGTkefDEBQlk8krmqWaW5QFblTQ9J3nmpcneVW8PesDaECGDqIbnVtLy/ -9/D36l9f/sg+3LBUDhbdwMLUn8Sg4bNSDO5DDuegL14lklFs56Fw+PF+g+PqpF2p -+zrAZEMGtaV+SOjTIFLfBkwVLrtUSX4m5etbgoCPJ9Pg0Chf6MB9QOXjgb8tg49/ -xHybJPHnHIGQvxVa20zoCfibmrr0rbDXZtW4rxUCoeCEEoxoJJ5HPE242mBEofsd -0Uu2OiKkuWwnZSSmblfGYrk= +AB8p9nj8tUSlv6ujvDVEuVIBCT9f3Zde0CvtPfHeDEegl7Z7/kPBeQXyteedEMYS +D4an0d1X0NzHc2I3bwc5Kmx6erinftxiCVToT14x4tSPpaqRzKCjuYXWC2Z98ndA +JUgQofzOslwVDK8Oop/rx+WaAN6FG7mbVKRo93y13Wq7JwGctY+KuS6ziI0XKR/u +wOF871sVJ8KgKbsqqfS6tzrynRd1OjkFL5AjmpqCbdd7MYgDQFCZYqnmBCzUjyyF +Eh7J0OX06ozVVaSV5ANa0U7yJ6KVf28xRe3KTyBeMORlz0AUOpfG0LJOs9zfcO3I +Qd4eFWMZUVJ+sIedugOwcHI= -----END CERTIFICATE----- Certificate: @@ -198,30 +198,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:d0:70:df:1f:ab:c3:a1:05:6d:4c:e7:9b:5b:c7: - c7:b4:36:f5:e7:c7:00:14:94:c6:8d:6c:a9:3d:0d: - bb:44:8b:d7:50:29:90:e5:58:b5:6f:71:47:54:52: - 85:46:7a:c6:36:9c:57:39:dc:75:d3:1b:f8:69:db: - da:21:11:db:8b:c1:e7:ac:86:7b:20:10:e7:3f:6e: - 0b:c8:33:71:00:bb:4c:a9:7b:41:a8:54:4a:c7:48: - cb:6a:aa:cd:d9:a3:dd:5d:f9:80:df:c3:6d:4b:55: - 4d:7c:c5:d3:de:bc:c1:c9:4e:50:fa:98:70:e0:84: - 4b:fc:fc:9b:eb:fa:e3:7c:4b:0a:94:e6:5f:41:0c: - 35:e1:d7:2c:54:27:24:22:9e:f7:c6:6d:72:d2:43: - 06:52:d4:fb:94:ac:79:51:0b:da:1d:83:bf:a1:bc: - 04:a5:a7:4c:a8:03:d0:01:7f:42:43:31:d9:7e:46: - 74:2b:46:5a:a4:0d:ff:7a:e0:69:d1:dd:d7:29:0d: - b8:12:3d:99:ac:f5:ce:97:d7:3f:2e:15:5c:51:47: - 1d:d4:da:f5:ce:a3:12:46:43:74:da:70:bb:a2:83: - e3:b8:ac:e1:b0:8c:88:cd:d8:d9:42:fa:e8:57:a3: - 5b:d8:4d:72:a8:7f:be:22:8a:d3:cf:1a:75:53:fc: - 32:c9 + 00:cb:e5:ad:13:ed:b3:af:87:37:d4:06:0d:fa:79: + 79:4c:d1:e8:6b:7d:65:e7:52:8e:87:27:21:d4:22: + 40:47:08:d4:74:86:7b:67:3e:91:b4:ff:d7:79:0a: + e6:1e:d8:7f:1f:1f:5d:b5:02:e3:2a:af:a1:93:89: + 83:ae:71:7c:64:06:64:fc:ff:08:92:b0:ab:16:21: + 87:5f:3a:05:8c:d6:64:42:5e:13:c0:fc:6e:38:d1: + d1:65:2b:a5:6a:10:ba:ba:f0:f0:0f:f5:3a:23:c5: + cf:ee:39:a1:51:35:84:1d:1f:23:20:e5:64:31:2c: + b5:d4:ac:70:47:a8:7d:ef:45:f5:04:53:a7:e0:7d: + cc:ea:b4:58:13:bb:9c:f6:0b:5b:ac:9b:a8:61:f3: + ac:a2:8e:94:82:28:8a:ab:16:57:cd:9e:75:1c:6b: + 6c:8f:33:47:28:e2:fc:91:82:d7:81:df:9c:27:3b: + dd:6e:97:b1:67:9a:2a:cc:dd:54:c7:b7:e8:d6:57: + c1:41:8f:18:e3:68:7f:62:33:36:dc:26:53:f5:15: + c5:97:82:54:71:b6:44:dd:52:7b:ca:af:de:2f:66: + 70:a2:aa:8e:f1:8b:57:46:76:51:1d:38:ef:4f:b2: + 4c:45:ca:f0:44:da:f8:7d:07:90:64:42:e5:18:33: + 9d:b1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 3E:6C:67:DF:AB:EE:20:0E:C6:98:F6:9A:1E:AD:BE:AF:AD:72:D8:86 + 33:6B:8D:78:C0:44:69:F0:4C:2A:3C:D6:97:9C:61:81:70:86:42:C7 X509v3 Authority Key Identifier: - keyid:3E:6C:67:DF:AB:EE:20:0E:C6:98:F6:9A:1E:AD:BE:AF:AD:72:D8:86 + keyid:33:6B:8D:78:C0:44:69:F0:4C:2A:3C:D6:97:9C:61:81:70:86:42:C7 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -236,41 +236,41 @@ Certificate: X509v3 Basic Constraints: critical CA:FALSE Signature Algorithm: sha256WithRSAEncryption - 27:dc:b7:a3:09:a6:ab:07:74:62:e6:57:46:5a:75:a7:8d:c7: - 77:47:a4:5e:9b:9b:85:69:5c:a7:92:b6:30:de:b6:c5:e5:c2: - 57:c2:05:ec:dd:7b:76:8f:20:dc:89:75:b9:6a:6e:d8:5f:4b: - b9:85:f1:b1:1e:33:33:18:ff:c6:bc:1d:0a:29:ac:46:c1:77: - 36:ae:8f:ae:81:fa:c3:5d:b9:de:4a:4f:8e:fc:b6:ed:c4:93: - 1f:87:34:39:ba:c3:76:fa:03:38:c6:57:c4:1d:41:cb:4b:8c: - 26:9d:60:b3:e9:0f:5a:7d:22:0f:58:4d:60:72:a4:23:77:bf: - 58:b4:f4:8e:dc:8c:42:2e:46:f9:67:0a:b5:b9:a6:60:06:16: - 8b:28:e2:e7:95:ff:c8:e2:d9:50:17:88:45:1e:13:20:bd:20: - 03:f8:46:17:21:5d:ba:1a:3c:fd:ec:25:cf:04:2e:90:db:b6: - 0f:0f:db:d5:ff:5a:8b:fd:4f:85:ab:7e:fc:a7:a3:10:b1:84: - 6e:e4:20:11:bf:d4:b1:3c:a3:58:2a:f5:56:45:e2:86:f0:ae: - 67:05:d9:b6:57:79:3c:e2:03:26:70:27:fb:e6:0f:96:a7:40: - 9c:a6:cb:fa:de:bd:8b:f9:e2:ad:7d:9d:b5:ac:27:bf:83:9b: - 10:94:f2:71 + 15:0d:7f:73:f4:b2:c3:bc:a2:c4:e4:d4:4f:2a:d9:59:40:6c: + 85:d6:47:3c:b9:bd:78:4e:6f:f5:2a:fe:17:03:21:2f:16:eb: + 2c:69:1b:1d:da:d3:c7:80:44:c0:64:eb:7e:08:92:64:57:f3: + cd:ef:4f:4f:96:c9:5f:61:03:1e:15:7c:b1:34:db:83:4f:77: + 76:7d:8a:19:38:f5:c8:a6:5b:19:2f:96:6d:d0:35:b7:d7:52: + 8c:52:2b:f5:6f:b2:ec:5e:4e:5a:22:7e:7a:25:33:b7:20:12: + 6a:89:a4:f4:49:47:82:13:59:c8:c8:0c:1b:83:d0:03:13:dc: + e7:fa:77:66:c1:cd:95:8e:71:b3:63:ce:1d:cd:66:b9:f0:f0: + 46:7d:cc:60:0f:4f:82:81:c6:48:71:61:09:73:bd:65:1d:93: + 26:7c:55:9b:35:62:af:98:0c:4d:ce:3e:32:3b:1e:80:07:26: + 5b:9a:fd:29:de:f0:60:7c:37:34:4e:d0:42:c7:d2:14:7a:41: + ac:e9:d7:f4:70:d0:14:2b:3d:4c:cf:a1:11:a0:3a:93:22:44: + 7c:ef:8d:01:60:2d:92:72:45:57:41:4b:c2:26:21:31:e0:54: + cd:e0:8f:0c:a0:d7:90:86:1f:4d:03:3f:ac:e6:12:26:a9:2a: + 9d:34:3f:e1 -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDYjCCAkqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBw3x+rw6EFbUznm1vH -x7Q29efHABSUxo1sqT0Nu0SL11ApkOVYtW9xR1RShUZ6xjacVzncddMb+Gnb2iER -24vB56yGeyAQ5z9uC8gzcQC7TKl7QahUSsdIy2qqzdmj3V35gN/DbUtVTXzF0968 -wclOUPqYcOCES/z8m+v643xLCpTmX0EMNeHXLFQnJCKe98ZtctJDBlLU+5SseVEL -2h2Dv6G8BKWnTKgD0AF/QkMx2X5GdCtGWqQN/3rgadHd1ykNuBI9maz1zpfXPy4V -XFFHHdTa9c6jEkZDdNpwu6KD47is4bCMiM3Y2UL66FejW9hNcqh/viKK088adVP8 -MskCAwEAAaOByDCBxTAdBgNVHQ4EFgQUPmxn36vuIA7GmPaaHq2+r61y2IYwHwYD -VR0jBBgwFoAUPmxn36vuIA7GmPaaHq2+r61y2IYwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvlrRPts6+HN9QGDfp5 +eUzR6Gt9ZedSjocnIdQiQEcI1HSGe2c+kbT/13kK5h7Yfx8fXbUC4yqvoZOJg65x +fGQGZPz/CJKwqxYhh186BYzWZEJeE8D8bjjR0WUrpWoQurrw8A/1OiPFz+45oVE1 +hB0fIyDlZDEstdSscEeofe9F9QRTp+B9zOq0WBO7nPYLW6ybqGHzrKKOlIIoiqsW +V82edRxrbI8zRyji/JGC14HfnCc73W6XsWeaKszdVMe36NZXwUGPGONof2IzNtwm +U/UVxZeCVHG2RN1Se8qv3i9mcKKqjvGLV0Z2UR0470+yTEXK8ETa+H0HkGRC5Rgz +nbECAwEAAaOByDCBxTAdBgNVHQ4EFgQUM2uNeMBEafBMKjzWl5xhgXCGQscwHwYD +VR0jBBgwFoAUM2uNeMBEafBMKjzWl5xhgXCGQscwNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAn3LejCaarB3Ri -5ldGWnWnjcd3R6Rem5uFaVynkrYw3rbF5cJXwgXs3Xt2jyDciXW5am7YX0u5hfGx -HjMzGP/GvB0KKaxGwXc2ro+ugfrDXbneSk+O/LbtxJMfhzQ5usN2+gM4xlfEHUHL -S4wmnWCz6Q9afSIPWE1gcqQjd79YtPSO3IxCLkb5Zwq1uaZgBhaLKOLnlf/I4tlQ -F4hFHhMgvSAD+EYXIV26Gjz97CXPBC6Q27YPD9vV/1qL/U+Fq378p6MQsYRu5CAR -v9SxPKNYKvVWReKG8K5nBdm2V3k84gMmcCf75g+Wp0Ccpsv63r2L+eKtfZ21rCe/ -g5sQlPJx +AwIBBjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAVDX9z9LLDvKLE +5NRPKtlZQGyF1kc8ub14Tm/1Kv4XAyEvFussaRsd2tPHgETAZOt+CJJkV/PN709P +lslfYQMeFXyxNNuDT3d2fYoZOPXIplsZL5Zt0DW311KMUiv1b7LsXk5aIn56JTO3 +IBJqiaT0SUeCE1nIyAwbg9ADE9zn+ndmwc2VjnGzY84dzWa58PBGfcxgD0+CgcZI +cWEJc71lHZMmfFWbNWKvmAxNzj4yOx6AByZbmv0p3vBgfDc0TtBCx9IUekGs6df0 +cNAUKz1Mz6ERoDqTIkR8740BYC2SckVXQUvCJiEx4FTN4I8MoNeQhh9NAz+s5hIm +qSqdND/h -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -282,3 +282,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/unconstrained-root-lacks-basic-constraints.pem b/chromium/net/data/verify_certificate_chain_unittest/unconstrained-root-lacks-basic-constraints.pem index 24d08c5b839..0622fc7274c 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/unconstrained-root-lacks-basic-constraints.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/unconstrained-root-lacks-basic-constraints.pem @@ -18,30 +18,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:bc:1b:31:ef:84:8e:64:39:4e:02:f3:81:fc:75: - 0b:07:af:5b:57:53:6b:df:27:87:03:1c:3d:ea:b3: - 6a:b5:14:e9:98:1d:13:16:fc:51:5b:04:c5:72:81: - 3e:26:05:54:9b:19:f8:7e:c0:ee:c8:49:eb:e2:9d: - 78:82:c8:e9:c5:af:eb:fc:10:85:e2:5f:e6:6a:8e: - 51:19:69:69:10:5e:aa:99:31:64:c4:3d:0f:3e:f0: - 5a:2a:cd:dd:b7:27:ff:5a:ee:91:c3:ad:92:9e:da: - 91:df:7d:7f:77:f1:79:d8:6e:60:48:ad:57:f1:2d: - 6e:67:5b:fe:20:5c:b9:56:a7:70:8d:63:80:5a:99: - cf:3d:6e:14:f5:d8:29:b9:25:81:61:c7:bb:be:3b: - 08:38:c5:5d:40:aa:e7:15:51:8a:84:d3:78:64:f5: - 3b:09:7b:a9:f2:ed:a5:05:ed:3a:67:21:45:f1:78: - 78:e2:92:74:20:e0:41:10:f7:ab:9e:0e:fd:22:af: - ad:8f:b4:81:cb:d9:28:b1:49:90:05:fa:f7:96:a8: - b7:96:3d:5b:87:d9:6b:cc:82:7a:85:26:ba:e6:86: - 40:53:44:09:38:27:4d:8a:98:5d:ce:56:a1:93:38: - 08:fd:02:92:ef:9b:0c:d5:c0:9d:12:e8:21:08:9d: - ba:e1 + 00:e0:2c:39:1a:67:64:64:af:b8:19:4f:41:9e:78: + a6:a8:fc:a4:43:70:a7:7c:23:f9:27:a0:7f:98:37: + e7:ee:fe:be:2d:82:65:9e:46:15:1e:fc:3d:70:36: + 96:47:69:6a:c0:51:c5:f1:59:2a:d7:1e:3f:b3:2e: + df:ac:af:89:16:45:ed:71:ae:38:04:4d:5e:e7:b8: + d9:a1:45:14:a5:f9:a4:f7:e3:e7:e4:e9:ac:7e:82: + 95:e6:5c:8e:ac:da:14:d5:2f:04:ed:48:f7:56:4b: + 5a:98:72:0f:07:66:ca:17:a5:0e:b7:05:64:3b:6a: + 97:ad:b1:7e:4d:b3:8c:d4:2b:23:3d:88:bb:c9:80: + 04:d9:5b:1a:36:37:ab:d2:c7:06:a8:81:6f:62:b7: + c1:74:74:8e:ee:f6:6b:c0:15:28:44:50:85:dc:8d: + 3b:e7:0b:82:9d:bd:db:20:69:1a:55:68:48:0e:84: + 2a:25:26:ca:01:ad:16:7f:3c:30:d4:5b:47:9a:86: + fe:fc:90:b5:d0:bb:d3:ee:af:9a:80:3c:4c:da:46: + c8:db:36:68:89:51:fe:76:78:cf:22:eb:ce:62:d4: + 2c:2b:c7:7c:24:48:64:ca:9b:91:b2:90:fc:c9:29: + 65:70:83:60:05:1a:32:70:ca:12:f3:70:52:dd:3e: + 82:b1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - A4:68:89:3F:A2:F7:48:BC:C6:C4:9C:7E:78:B9:E6:06:A7:37:2E:A2 + 98:FA:6D:F3:B3:9E:A3:B9:81:22:1C:C5:19:24:06:BC:D9:D6:92:ED X509v3 Authority Key Identifier: - keyid:A0:FF:6A:B0:DB:6D:76:3D:1F:D2:A3:83:33:02:BE:32:A2:71:34:85 + keyid:C1:E9:0B:DE:AA:27:20:FA:0B:FF:DB:77:09:96:1E:9B:2C:0D:F7:70 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate.cer @@ -56,42 +56,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 2b:b6:4e:ac:b6:8d:bb:7c:cc:0b:6f:77:9c:54:ed:88:25:34: - c7:42:88:7c:35:23:74:c7:e7:7d:86:7d:fd:f0:0b:40:e2:64: - 5b:a3:1b:a2:34:77:09:b4:7d:5e:7b:a4:85:7f:23:b5:2f:43: - f8:0f:33:6c:86:9c:7a:ee:0d:54:45:fb:1c:57:c8:01:91:60: - 27:0b:bb:ac:8c:23:c4:5f:18:42:2e:df:24:cb:12:77:2c:0c: - 6c:d1:8f:34:ee:a8:06:e3:8a:fe:34:e6:ca:bc:25:e5:33:a4: - 23:df:00:4f:f4:e4:af:d9:7f:08:1a:78:a5:ba:80:81:49:bf: - 8f:7c:ee:ee:27:ac:fc:d8:91:69:36:2b:dc:33:ae:d6:ad:47: - 8d:5d:4c:c0:a5:a2:61:b8:db:b0:7b:92:79:b5:61:64:78:92: - 02:05:68:16:2b:9f:81:66:5a:8e:e6:82:55:5b:83:87:26:e2: - da:d0:95:91:06:6d:f9:dc:b6:04:fe:ed:ae:f7:3e:db:a7:38: - 31:af:a4:c5:79:f7:d0:3b:b9:2c:79:60:0a:1d:ec:68:8d:3f: - 7b:d7:e9:1a:79:de:da:97:42:04:c7:b1:f2:fe:72:68:00:fa: - 30:41:0e:1c:26:65:f5:eb:2e:7d:fe:19:05:99:5b:6f:3d:51: - 4c:57:c3:cb + a1:15:ac:ff:b1:39:6b:15:66:b3:37:d5:a4:42:bb:b3:eb:69: + 5e:36:27:fd:56:95:07:a3:98:7d:51:35:8f:aa:46:ee:99:86: + 9b:66:3f:f7:7e:42:4a:d4:22:05:08:eb:13:e3:8f:ba:f6:e2: + 00:07:0c:46:2d:10:6d:45:6a:85:bf:ee:65:db:16:58:70:88: + 0d:70:59:5a:bc:b5:f6:a9:fd:09:e4:f7:34:cc:e0:77:98:cd: + 8a:0a:63:b7:ed:04:72:d0:03:9b:88:ed:01:21:72:af:c0:d0: + 48:af:d4:9a:fe:67:27:ec:b1:5f:12:14:c7:69:06:43:4f:5b: + af:06:20:d5:93:e9:0f:b1:ce:a1:23:4b:4d:74:28:da:13:3f: + b3:39:d0:10:c2:fc:3d:04:a0:c6:6f:2b:58:ae:9b:46:43:36: + c9:29:00:18:b6:07:06:6f:ed:14:81:e7:13:0d:84:ee:3a:f5: + 55:bf:03:b1:a9:28:c1:24:9a:7a:57:5c:02:24:87:5e:49:f9: + 3a:17:e2:11:11:0c:f2:f4:e6:66:e5:bb:85:3c:9e:a8:59:54: + f6:b9:c4:97:43:6f:48:11:ed:ee:a3:a2:f8:76:68:d7:fd:94: + 1a:bf:b0:5f:55:24:af:2b:34:76:07:46:14:4c:1c:37:a1:ff: + ab:b3:13:ff -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD -VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8GzHv -hI5kOU4C84H8dQsHr1tXU2vfJ4cDHD3qs2q1FOmYHRMW/FFbBMVygT4mBVSbGfh+ -wO7ISevinXiCyOnFr+v8EIXiX+ZqjlEZaWkQXqqZMWTEPQ8+8Foqzd23J/9a7pHD -rZKe2pHffX938XnYbmBIrVfxLW5nW/4gXLlWp3CNY4Bamc89bhT12Cm5JYFhx7u+ -Owg4xV1AqucVUYqE03hk9TsJe6ny7aUF7TpnIUXxeHjiknQg4EEQ96ueDv0ir62P -tIHL2SixSZAF+veWqLeWPVuH2WvMgnqFJrrmhkBTRAk4J02KmF3OVqGTOAj9ApLv -mwzVwJ0S6CEInbrhAgMBAAGjgekwgeYwHQYDVR0OBBYEFKRoiT+i90i8xsScfni5 -5ganNy6iMB8GA1UdIwQYMBaAFKD/arDbbXY9H9KjgzMCvjKicTSFMD8GCCsGAQUF +VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgLDka +Z2Rkr7gZT0GeeKao/KRDcKd8I/knoH+YN+fu/r4tgmWeRhUe/D1wNpZHaWrAUcXx +WSrXHj+zLt+sr4kWRe1xrjgETV7nuNmhRRSl+aT34+fk6ax+gpXmXI6s2hTVLwTt +SPdWS1qYcg8HZsoXpQ63BWQ7apetsX5Ns4zUKyM9iLvJgATZWxo2N6vSxwaogW9i +t8F0dI7u9mvAFShEUIXcjTvnC4KdvdsgaRpVaEgOhColJsoBrRZ/PDDUW0eahv78 +kLXQu9Pur5qAPEzaRsjbNmiJUf52eM8i685i1Cwrx3wkSGTKm5GykPzJKWVwg2AF +GjJwyhLzcFLdPoKxAgMBAAGjgekwgeYwHQYDVR0OBBYEFJj6bfOznqO5gSIcxRkk +BrzZ1pLtMB8GA1UdIwQYMBaAFMHpC96qJyD6C//bdwmWHpssDfdwMD8GCCsGAQUF BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF -BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAK7ZOrLaNu3zMC293nFTt -iCU0x0KIfDUjdMfnfYZ9/fALQOJkW6MbojR3CbR9XnukhX8jtS9D+A8zbIaceu4N -VEX7HFfIAZFgJwu7rIwjxF8YQi7fJMsSdywMbNGPNO6oBuOK/jTmyrwl5TOkI98A -T/Tkr9l/CBp4pbqAgUm/j3zu7ies/NiRaTYr3DOu1q1HjV1MwKWiYbjbsHuSebVh -ZHiSAgVoFiufgWZajuaCVVuDhybi2tCVkQZt+dy2BP7trvc+26c4Ma+kxXn30Du5 -LHlgCh3saI0/e9fpGnne2pdCBMex8v5yaAD6MEEOHCZl9esuff4ZBZlbbz1RTFfD -yw== +BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAoRWs/7E5axVmszfVpEK7 +s+tpXjYn/VaVB6OYfVE1j6pG7pmGm2Y/935CStQiBQjrE+OPuvbiAAcMRi0QbUVq +hb/uZdsWWHCIDXBZWry19qn9CeT3NMzgd5jNigpjt+0EctADm4jtASFyr8DQSK/U +mv5nJ+yxXxIUx2kGQ09brwYg1ZPpD7HOoSNLTXQo2hM/sznQEML8PQSgxm8rWK6b +RkM2ySkAGLYHBm/tFIHnEw2E7jr1Vb8DsakowSSaeldcAiSHXkn5OhfiEREM8vTm +ZuW7hTyeqFlU9rnEl0NvSBHt7qOi+HZo1/2UGr+wX1Ukrys0dgdGFEwcN6H/q7MT +/w== -----END CERTIFICATE----- Certificate: @@ -108,30 +108,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:bd:4b:25:64:f8:46:3e:e8:fc:85:3a:e2:4a:dc: - 9a:58:70:6f:65:27:93:14:2f:5d:08:b3:ba:dc:2d: - b0:8c:0e:98:f6:21:26:8d:ff:bb:59:2d:db:72:bc: - 07:38:8f:11:34:cc:e8:07:0f:07:ed:82:1e:60:be: - d8:67:17:98:cb:81:55:40:5e:d9:a0:bd:a5:98:88: - 71:17:8e:65:70:3e:8a:9f:b3:23:56:9f:98:a8:db: - 64:6a:1b:e1:1a:2c:b1:94:6d:d3:4b:28:fd:e4:1c: - d3:7d:93:91:53:5c:3d:89:67:13:04:58:21:64:c9: - 89:c7:12:58:91:dc:2f:0f:56:ec:a7:00:4f:60:89: - 0a:b9:af:52:8e:20:bc:b3:16:e8:a6:06:ca:3b:07: - a5:76:59:7e:4b:17:33:b2:db:8e:d8:31:29:d8:ba: - 08:06:51:e1:a1:43:6d:cd:2d:61:e1:03:54:62:1d: - 43:28:b9:48:b6:3b:bb:24:47:d0:56:df:ce:ac:d3: - ac:a9:0c:13:a5:c8:76:a3:ee:67:0c:79:35:92:5d: - 49:8f:a5:4f:8f:ae:79:09:6c:11:15:3f:3a:01:a3: - 4d:54:df:93:50:b5:fe:ed:be:53:87:be:b7:65:55: - 96:4c:7c:5b:a0:e3:1e:18:e8:9e:8c:95:d1:4a:ea: - 5a:4f + 00:de:e6:c0:76:c5:4c:d0:8e:b3:87:07:91:66:aa: + f1:ae:93:8f:a2:83:2d:d5:05:91:b8:52:f6:2d:a5: + ff:fd:95:ee:85:0f:85:c3:eb:d7:8e:f7:6f:2a:c0: + 15:de:ae:1e:62:62:12:64:c3:f7:c1:0f:05:a4:0f: + b7:33:69:92:66:57:93:4f:4e:04:43:bb:23:bb:c3: + c6:29:0b:42:68:1f:26:81:77:2d:91:f6:62:b8:e3: + 9a:2c:78:2d:7c:1f:3a:f5:ce:f2:c2:75:39:5a:b7: + c2:23:f5:f5:ee:7e:a5:7a:45:c4:d4:1e:12:c8:a6: + 40:44:64:07:ff:33:a8:ce:41:df:77:c4:01:f5:c5: + 41:6b:4e:a0:ee:9d:36:63:5a:b0:e8:38:bb:bd:fb: + a5:7f:6e:5c:6d:c6:62:dd:05:2f:90:d4:fb:5b:18: + 71:84:57:e2:c9:d3:cc:c8:36:5f:d1:78:20:4c:68: + 83:1f:df:64:a3:11:9f:e8:bd:d4:bb:8e:04:63:0d: + 3d:6d:a9:43:30:5d:f0:ca:e3:62:8f:11:9e:8b:8f: + de:9a:6e:6d:03:e5:8c:0f:6f:00:6e:1a:72:2c:13: + e0:a1:78:93:ef:2c:6d:2c:0a:8a:5c:02:65:50:36: + fa:da:07:ba:36:b9:21:eb:01:14:97:ab:19:60:be: + 97:6b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - A0:FF:6A:B0:DB:6D:76:3D:1F:D2:A3:83:33:02:BE:32:A2:71:34:85 + C1:E9:0B:DE:AA:27:20:FA:0B:FF:DB:77:09:96:1E:9B:2C:0D:F7:70 X509v3 Authority Key Identifier: - keyid:0A:E1:71:15:DF:ED:0D:98:EB:75:A8:37:BC:F1:EE:E3:65:79:AB:C2 + keyid:96:9F:CB:9C:5C:0D:06:9D:F1:3A:21:D5:22:F7:4B:75:2C:7D:D3:D3 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -146,41 +146,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 13:0e:3c:0e:69:c2:bf:7d:aa:a4:8f:47:a6:90:69:0e:d8:b7: - 50:2a:c7:95:78:1d:7f:71:41:51:8d:a4:a9:cf:f2:d2:c6:c0: - 8f:dd:56:c4:53:94:34:3f:07:e3:b0:4c:71:55:5b:14:a2:de: - 8f:1e:3b:15:73:e2:9a:49:df:c8:0e:04:dc:76:76:61:0d:c5: - 29:35:12:c4:71:d3:2d:6d:ac:b6:62:53:75:57:44:cf:0b:d2: - 1d:66:0a:be:01:b5:a6:58:a0:42:f5:ce:62:3c:d8:21:fd:c6: - c7:27:66:b1:2f:d4:04:c2:29:44:32:3a:3b:b2:3c:08:a5:66: - 3e:4c:27:c2:36:71:c5:31:05:e7:e9:f8:47:b4:81:33:57:7d: - c2:ce:ac:de:c4:15:11:1a:f2:c9:59:72:cd:a4:a8:54:41:ef: - d5:d5:67:cf:6e:e3:a0:07:62:ba:83:f7:46:fa:4b:10:7c:91: - 9f:ff:aa:1a:c9:46:f9:26:14:c4:01:58:9d:35:75:f0:78:0e: - 75:4e:7f:03:e8:83:1b:87:82:99:e0:52:b3:9f:34:a7:26:34: - 76:9c:e7:3e:69:d5:9b:e6:9a:45:06:34:19:03:05:b0:15:ca: - a2:59:7c:ac:fe:9c:c4:29:54:e2:c8:9c:e1:98:7e:16:7a:b9: - f3:9e:aa:d1 + 62:ca:a3:a4:76:24:01:4b:01:12:67:3b:93:fa:c8:5a:81:83: + c1:26:2b:fc:f0:fc:f3:e2:7c:66:af:d9:84:9d:c4:70:f9:2b: + b0:7c:2e:5e:47:25:3b:84:01:a3:42:46:da:c8:79:a2:b2:72: + bd:c1:c5:0f:35:eb:52:f6:bb:ee:d0:85:3d:e3:2d:18:87:87: + 50:e9:f0:7c:6c:6c:7e:9d:f0:77:06:cb:9e:a6:76:89:de:d3: + a4:27:2e:d0:d7:29:7e:38:7c:10:ab:89:e4:f2:98:c9:fe:8b: + 31:32:fd:ce:b7:c1:46:f3:ee:a5:00:ef:d2:87:f0:d1:4b:28: + ba:79:55:61:05:07:e8:a7:2a:c4:f4:be:3e:6a:9a:c7:c1:2c: + af:22:39:7e:70:0f:b4:5f:16:47:5d:65:8f:2b:ba:f9:84:f1: + a5:c9:ee:fb:65:e1:1a:40:46:d4:bc:83:44:6d:dd:9c:e5:20: + 07:47:0f:66:69:2d:7d:bf:e5:68:7a:87:e1:ec:46:dd:e0:09: + 26:e0:e0:ed:d8:18:bf:45:98:33:93:5d:88:72:13:af:2c:fd: + da:64:47:f1:3d:ff:8b:1d:b8:01:34:33:cf:ed:e2:de:87:41: + 8e:27:28:99:2e:c2:a8:00:0b:96:8f:24:10:81:0c:7c:83:f5: + 7d:d5:8a:25 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 -ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUslZPhG -Puj8hTriStyaWHBvZSeTFC9dCLO63C2wjA6Y9iEmjf+7WS3bcrwHOI8RNMzoBw8H -7YIeYL7YZxeYy4FVQF7ZoL2lmIhxF45lcD6Kn7MjVp+YqNtkahvhGiyxlG3TSyj9 -5BzTfZORU1w9iWcTBFghZMmJxxJYkdwvD1bspwBPYIkKua9SjiC8sxbopgbKOwel -dll+SxczstuO2DEp2LoIBlHhoUNtzS1h4QNUYh1DKLlItju7JEfQVt/OrNOsqQwT -pch2o+5nDHk1kl1Jj6VPj655CWwRFT86AaNNVN+TULX+7b5Th763ZVWWTHxboOMe -GOiejJXRSupaTwIDAQABo4HLMIHIMB0GA1UdDgQWBBSg/2qw2212PR/So4MzAr4y -onE0hTAfBgNVHSMEGDAWgBQK4XEV3+0NmOt1qDe88e7jZXmrwjA3BggrBgEFBQcB +ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ubAdsVM +0I6zhweRZqrxrpOPooMt1QWRuFL2LaX//ZXuhQ+Fw+vXjvdvKsAV3q4eYmISZMP3 +wQ8FpA+3M2mSZleTT04EQ7sju8PGKQtCaB8mgXctkfZiuOOaLHgtfB869c7ywnU5 +WrfCI/X17n6lekXE1B4SyKZARGQH/zOozkHfd8QB9cVBa06g7p02Y1qw6Di7vful +f25cbcZi3QUvkNT7WxhxhFfiydPMyDZf0XggTGiDH99koxGf6L3Uu44EYw09balD +MF3wyuNijxGei4/emm5tA+WMD28AbhpyLBPgoXiT7yxtLAqKXAJlUDb62ge6Nrkh +6wEUl6sZYL6XawIDAQABo4HLMIHIMB0GA1UdDgQWBBTB6Qveqicg+gv/23cJlh6b +LA33cDAfBgNVHSMEGDAWgBSWn8ucXA0GnfE6IdUi90t1LH3T0zA3BggrBgEFBQcB AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -ABMOPA5pwr99qqSPR6aQaQ7Yt1Aqx5V4HX9xQVGNpKnP8tLGwI/dVsRTlDQ/B+Ow -THFVWxSi3o8eOxVz4ppJ38gOBNx2dmENxSk1EsRx0y1trLZiU3VXRM8L0h1mCr4B -taZYoEL1zmI82CH9xscnZrEv1ATCKUQyOjuyPAilZj5MJ8I2ccUxBefp+Ee0gTNX -fcLOrN7EFREa8slZcs2kqFRB79XVZ89u46AHYrqD90b6SxB8kZ//qhrJRvkmFMQB -WJ01dfB4DnVOfwPogxuHgpngUrOfNKcmNHac5z5p1ZvmmkUGNBkDBbAVyqJZfKz+ -nMQpVOLInOGYfhZ6ufOeqtE= +AGLKo6R2JAFLARJnO5P6yFqBg8EmK/zw/PPifGav2YSdxHD5K7B8Ll5HJTuEAaNC +RtrIeaKycr3BxQ8161L2u+7QhT3jLRiHh1Dp8HxsbH6d8HcGy56mdone06QnLtDX +KX44fBCrieTymMn+izEy/c63wUbz7qUA79KH8NFLKLp5VWEFB+inKsT0vj5qmsfB +LK8iOX5wD7RfFkddZY8ruvmE8aXJ7vtl4RpARtS8g0Rt3ZzlIAdHD2ZpLX2/5Wh6 +h+HsRt3gCSbg4O3YGL9FmDOTXYhyE68s/dpkR/E9/4sduAE0M8/t4t6HQY4nKJku +wqgAC5aPJBCBDHyD9X3ViiU= -----END CERTIFICATE----- Certificate: @@ -197,30 +197,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:99:74:ca:c8:3e:26:66:b5:bc:e5:cc:0b:41:30: - 7b:cb:99:a5:31:5f:e6:3f:44:81:d3:c5:16:0e:ac: - db:2e:cf:5a:08:79:5a:44:c4:f1:bc:e5:74:06:42: - 57:35:4b:e7:90:88:ef:dd:59:b7:82:40:b5:ff:c2: - 03:32:1b:4d:1c:6d:ee:34:60:a8:c5:24:ab:b0:0f: - a6:19:22:86:ae:e3:12:dd:3e:99:3a:36:65:6a:ea: - 5d:aa:b0:2d:e9:db:9a:22:83:cb:50:8b:1a:04:cb: - 4b:83:83:46:95:e1:45:a7:17:d3:16:ab:70:e6:62: - 85:79:ff:73:35:3e:7e:4d:1d:3b:6d:e1:60:0e:15: - 3c:12:cf:7a:d7:eb:af:04:0a:43:3b:5f:78:de:df: - ba:51:60:4d:20:61:32:2c:f4:61:d3:e2:48:02:8d: - a1:d5:05:ec:f4:d0:7d:3d:2e:f8:5f:3b:57:76:21: - d8:55:1a:61:34:53:af:2f:de:32:ff:27:7e:12:41: - 96:56:0a:9d:d2:e5:3f:38:14:9e:20:50:58:4c:00: - 7d:16:4d:2d:b8:f3:75:c5:c4:b3:80:a7:d9:e4:60: - e1:8f:b5:b8:a4:82:db:72:b2:7c:0b:a2:ef:5e:98: - 22:48:b2:f9:7c:4a:82:e5:59:fa:0d:93:34:34:88: - 93:a7 + 00:b7:0e:0c:2e:e1:46:5f:9d:dc:3a:16:51:56:2f: + 4c:5c:f7:92:93:2a:a1:bf:d1:bd:15:cd:8a:f8:e3: + 8a:a4:41:fa:9f:de:85:84:ff:cd:5b:7d:13:33:ca: + b8:8b:34:f6:85:73:a5:23:ef:ba:61:ca:18:9f:08: + ea:39:17:18:69:dd:3a:21:57:a5:6d:b2:63:a7:42: + ba:b6:8a:4e:e2:1f:ab:88:4f:ae:ca:1a:66:b8:79: + d2:94:73:b9:46:c4:be:89:31:53:c1:d8:b4:cc:1c: + 6b:d9:0c:a3:5a:e3:a5:20:7c:a0:bd:d4:14:7a:14: + 29:0c:b7:40:da:f5:fc:af:c3:91:65:78:b3:41:ee: + f5:9f:0b:22:0b:c1:f5:12:94:89:25:13:1b:dd:a3: + a3:44:7a:57:7c:40:17:e0:66:33:a9:27:7c:2e:6f: + 9f:38:d3:fa:4d:67:80:39:33:36:e5:41:fd:ac:6b: + 37:d0:84:75:e2:84:93:3b:8d:ce:8c:22:98:4e:05: + 64:7f:df:fb:96:85:c5:ea:0e:11:24:f9:84:bd:17: + ce:15:30:86:ad:c6:de:2c:48:84:d0:45:d4:0b:1f: + 13:e9:a4:ca:e7:69:c0:24:a1:23:5e:6b:4e:76:b4: + bd:d7:0d:96:94:b6:d9:8e:25:9b:1e:c9:a2:00:10: + 47:77 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 0A:E1:71:15:DF:ED:0D:98:EB:75:A8:37:BC:F1:EE:E3:65:79:AB:C2 + 96:9F:CB:9C:5C:0D:06:9D:F1:3A:21:D5:22:F7:4B:75:2C:7D:D3:D3 X509v3 Authority Key Identifier: - keyid:0A:E1:71:15:DF:ED:0D:98:EB:75:A8:37:BC:F1:EE:E3:65:79:AB:C2 + keyid:96:9F:CB:9C:5C:0D:06:9D:F1:3A:21:D5:22:F7:4B:75:2C:7D:D3:D3 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -233,40 +233,40 @@ Certificate: X509v3 Key Usage: critical Certificate Sign, CRL Sign Signature Algorithm: sha256WithRSAEncryption - 6d:66:a8:f5:13:4c:3a:8d:26:f2:30:1a:59:72:f3:dd:7a:17: - cf:8d:6e:76:cf:23:db:be:a3:85:e9:78:63:1d:4c:d8:78:93: - 9e:57:61:0d:78:2a:5a:67:c3:d8:73:d1:69:72:24:66:e6:9b: - b3:fb:b8:31:7e:c0:4b:8c:03:48:fb:36:b7:ac:42:39:66:94: - 26:22:d7:fb:d3:11:67:29:d6:32:9c:c3:9e:bd:b1:43:2e:6f: - a1:a5:4c:ec:5d:df:5e:b6:49:0c:81:9c:2f:09:81:03:97:16: - 80:5a:da:c1:25:d6:c8:3e:d9:11:ed:1a:1d:8d:ac:46:90:e9: - 1c:e1:23:70:95:2d:b3:19:a5:ba:97:7b:47:4f:af:cc:ed:80: - 4e:46:26:8e:39:86:5a:6d:f4:94:56:42:05:49:fc:ef:48:2e: - fa:04:78:34:0f:5a:c9:56:dc:eb:88:3a:fc:d6:8b:73:d7:81: - 27:57:e3:27:6f:6b:74:af:6e:42:16:c9:30:a8:3d:8f:24:43: - 55:40:9b:fc:39:43:3a:b5:50:6b:11:c3:b8:a1:06:f4:63:3e: - 45:01:db:7c:db:b7:35:df:38:c1:eb:83:e8:4e:78:3b:99:66: - e9:d1:14:68:b2:f6:7e:2d:80:eb:f7:e0:87:6a:43:c1:3a:23: - 8f:aa:05:5d + 00:85:32:6c:c2:ae:ee:d2:19:f0:6f:20:ce:f8:94:86:c8:4c: + 3b:28:be:77:40:dc:94:8f:b9:31:b9:9a:b4:4b:3f:f7:70:81: + 04:a0:ae:b5:49:59:a2:4c:85:17:d6:ab:0d:a1:75:3e:d9:9b: + ea:ec:25:20:a2:0e:87:9f:d0:39:ab:d0:72:db:20:ed:6d:6e: + 8e:ec:68:ed:a4:44:6b:db:5b:63:ca:8b:0c:35:d7:a5:88:61: + 05:fb:82:7a:77:c3:54:10:c8:0c:87:07:60:43:ea:4a:0a:3a: + a2:2c:e6:6a:4d:81:aa:50:6d:d6:2d:cb:df:cf:0c:4c:a4:93: + c8:d0:c3:9e:70:2a:2a:37:34:9b:73:51:ce:14:6a:d6:ca:ff: + 21:c4:14:43:f2:9a:c4:5d:f0:58:f4:93:cc:4c:28:93:96:19: + 70:0c:7b:46:18:d1:01:07:b6:32:ed:1f:ae:f9:c4:f5:f4:a4: + 6b:95:3e:ab:46:2d:e2:92:54:71:af:a1:7d:eb:75:e2:41:06: + 97:80:af:60:90:b1:40:a6:a7:16:a3:2e:c9:58:57:8b:72:46: + 4e:f2:e4:55:b2:6d:0b:5e:94:78:ed:57:5d:c4:84:4e:8c:df: + e6:81:9d:80:c4:3b:45:b8:f6:53:b1:96:ea:76:55:25:b0:84: + ea:37:c1:71 -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDVDCCAjygAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJl0ysg+Jma1vOXMC0Ew -e8uZpTFf5j9EgdPFFg6s2y7PWgh5WkTE8bzldAZCVzVL55CI791Zt4JAtf/CAzIb -TRxt7jRgqMUkq7APphkihq7jEt0+mTo2ZWrqXaqwLenbmiKDy1CLGgTLS4ODRpXh -RacX0xarcOZihXn/czU+fk0dO23hYA4VPBLPetfrrwQKQztfeN7fulFgTSBhMiz0 -YdPiSAKNodUF7PTQfT0u+F87V3Yh2FUaYTRTry/eMv8nfhJBllYKndLlPzgUniBQ -WEwAfRZNLbjzdcXEs4Cn2eRg4Y+1uKSC23KyfAui716YIkiy+XxKguVZ+g2TNDSI -k6cCAwEAAaOBujCBtzAdBgNVHQ4EFgQUCuFxFd/tDZjrdag3vPHu42V5q8IwHwYD -VR0jBBgwFoAUCuFxFd/tDZjrdag3vPHu42V5q8IwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALcODC7hRl+d3DoWUVYv +TFz3kpMqob/RvRXNivjjiqRB+p/ehYT/zVt9EzPKuIs09oVzpSPvumHKGJ8I6jkX +GGndOiFXpW2yY6dCuraKTuIfq4hPrsoaZrh50pRzuUbEvokxU8HYtMwca9kMo1rj +pSB8oL3UFHoUKQy3QNr1/K/DkWV4s0Hu9Z8LIgvB9RKUiSUTG92jo0R6V3xAF+Bm +M6knfC5vnzjT+k1ngDkzNuVB/axrN9CEdeKEkzuNzowimE4FZH/f+5aFxeoOEST5 +hL0XzhUwhq3G3ixIhNBF1AsfE+mkyudpwCShI15rTna0vdcNlpS22Y4lmx7JogAQ +R3cCAwEAAaOBujCBtzAdBgNVHQ4EFgQUlp/LnFwNBp3xOiHVIvdLdSx909MwHwYD +VR0jBBgwFoAUlp/LnFwNBp3xOiHVIvdLdSx909MwNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAbWao9RNMOo0m8jAaWXLz3XoXz41uds8j -276jhel4Yx1M2HiTnldhDXgqWmfD2HPRaXIkZuabs/u4MX7AS4wDSPs2t6xCOWaU -JiLX+9MRZynWMpzDnr2xQy5voaVM7F3fXrZJDIGcLwmBA5cWgFrawSXWyD7ZEe0a -HY2sRpDpHOEjcJUtsxmlupd7R0+vzO2ATkYmjjmGWm30lFZCBUn870gu+gR4NA9a -yVbc64g6/NaLc9eBJ1fjJ29rdK9uQhbJMKg9jyRDVUCb/DlDOrVQaxHDuKEG9GM+ -RQHbfNu3Nd84weuD6E54O5lm6dEUaLL2fi2A6/fgh2pDwTojj6oFXQ== +AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAAIUybMKu7tIZ8G8gzviUhshMOyi+d0Dc +lI+5MbmatEs/93CBBKCutUlZokyFF9arDaF1Ptmb6uwlIKIOh5/QOavQctsg7W1u +juxo7aREa9tbY8qLDDXXpYhhBfuCenfDVBDIDIcHYEPqSgo6oizmak2BqlBt1i3L +388MTKSTyNDDnnAqKjc0m3NRzhRq1sr/IcQUQ/KaxF3wWPSTzEwok5YZcAx7RhjR +AQe2Mu0frvnE9fSka5U+q0Yt4pJUca+hfet14kEGl4CvYJCxQKanFqMuyVhXi3JG +TvLkVbJtC16UeO1XXcSETozf5oGdgMQ7Rbj2U7GW6nZVJbCE6jfBcQ== -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -278,3 +278,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0.pem b/chromium/net/data/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0.pem index ba825fe79d2..a2f92bc9836 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0.pem @@ -18,30 +18,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c3:d8:cf:ca:eb:7a:63:bc:cd:53:50:a0:a5:e7: - 24:1c:5e:ab:ee:eb:48:d3:60:73:ab:a5:c3:b5:e0: - ea:b2:71:0b:99:48:4c:0c:78:6f:67:a8:98:13:f7: - 99:59:a0:fc:78:d8:7e:05:cc:1c:4c:4d:ff:c0:a7: - 85:8f:c0:f8:c2:10:51:a2:a6:9b:38:a1:a8:7f:e3: - 7c:df:be:f7:8c:62:9a:83:c6:a5:ab:63:26:9e:71: - 25:26:7d:dc:05:09:b3:76:e8:de:90:07:6d:6d:d1: - 33:a5:3a:64:90:c0:50:2e:d6:a9:84:2e:f2:7c:11: - 49:4c:c5:e2:50:c3:b9:9c:0f:ac:8f:07:19:74:63: - 00:12:8a:ec:6f:4f:86:8a:9b:af:2a:c2:21:f1:98: - 88:eb:4a:23:2c:7d:25:9f:fd:2a:3e:b0:3d:f5:66: - bf:a7:07:42:7d:04:70:62:d3:4b:88:92:af:74:6e: - 20:4c:55:5e:9e:de:29:a6:58:66:1a:8d:c4:af:b5: - 22:44:29:ee:b6:03:66:8e:4b:a6:ca:77:3d:91:08: - c0:b2:e0:70:c8:e6:d1:fb:db:09:86:7c:ad:f5:20: - 76:10:1d:fc:bf:98:05:0b:b1:6e:47:d8:ce:4b:aa: - 02:7c:ec:3e:8a:b0:22:f9:3d:fc:8e:60:45:1b:cc: - c9:a5 + 00:c6:80:ed:2c:42:bf:ef:7c:65:e7:f7:d5:37:8f: + b8:ed:bf:09:be:83:b5:22:ba:8d:8e:5f:63:cb:98: + 69:ba:fc:79:a6:2c:02:70:b2:11:49:24:32:59:6a: + 10:ec:da:8a:fa:51:27:d2:95:a6:08:03:1d:39:20: + 61:4b:c0:a0:f3:54:1a:53:f4:53:34:42:66:af:d3: + 08:5c:0e:ab:ca:c5:97:1f:76:60:0d:5c:06:56:96: + 42:a6:73:fc:63:0b:e9:02:a2:64:7b:18:4e:6d:7e: + 88:b9:65:bf:52:bb:e5:57:ee:af:81:54:b0:6f:b3: + c5:22:da:9c:7d:40:d1:86:01:9d:db:37:be:91:50: + 94:9b:a8:7e:d9:54:32:81:50:fd:14:54:6a:a3:8b: + b5:2c:1e:c0:9a:a8:de:fc:96:f5:1a:ca:97:70:60: + 79:94:5e:67:e8:90:fe:c3:68:63:f0:5d:64:e5:ec: + 89:a7:75:61:0c:68:2a:fe:b0:d3:85:17:0b:5e:f9: + 1b:ff:1b:7e:f4:52:ff:20:56:0f:7b:50:15:db:96: + 77:3c:09:4e:98:2b:c7:8e:55:bb:59:7c:52:b7:6e: + 45:20:d7:b6:c7:7e:4f:71:d7:dd:e6:b9:58:04:60: + 2a:e4:40:64:5e:2c:8e:30:96:bc:84:db:42:b9:66: + 8b:95 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 4C:E1:88:56:8D:23:98:7B:19:E1:6E:D8:1C:E5:06:73:6B:D5:1E:03 + 34:29:52:19:D8:05:D8:C6:BF:24:AE:2A:40:05:81:8A:A8:86:D0:CC X509v3 Authority Key Identifier: - keyid:CB:CE:B8:91:FA:EC:E9:A4:15:CA:75:30:F1:C6:9A:B8:19:35:FA:29 + keyid:B3:4F:7C:A1:46:15:63:82:54:3A:AF:D2:F7:40:56:21:7B:14:44:51 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate2.cer @@ -56,42 +56,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - a6:96:6f:71:a0:4e:f8:17:93:ad:30:1f:2e:e5:6e:bc:4e:83: - 32:07:95:9f:f6:02:e8:06:5e:a6:51:0a:23:f6:46:06:3c:3d: - e6:4d:cc:ac:8c:29:e8:ce:0e:a4:db:11:7d:4f:6e:b7:78:e2: - 40:1e:0e:74:83:d5:16:7c:c5:6e:3e:41:59:be:d5:0c:ab:05: - 9f:2f:22:8c:3b:58:ed:72:49:11:b0:0b:21:b9:5d:e0:b8:3f: - cd:a0:a0:95:64:c6:8e:45:7d:aa:1b:67:69:13:54:40:0d:99: - 74:da:b1:9f:5b:9f:ba:e3:b6:aa:5b:e4:b6:d9:6c:46:d3:50: - 1a:d9:5a:54:b9:2d:a1:da:97:00:7a:6a:71:2a:8e:45:9c:6d: - e8:3d:a2:cb:29:44:45:11:5c:a9:64:60:81:88:e4:93:a2:61: - ec:87:74:69:bc:9c:61:92:94:eb:42:33:12:29:82:5d:fe:30: - 9b:9c:bf:47:50:a9:f6:ae:ea:d4:97:39:87:d5:02:c4:45:09: - a8:f3:f3:bf:e0:35:45:89:a9:bc:57:34:bf:d4:81:a0:09:4e: - 2d:15:61:39:0c:43:53:2e:50:fb:31:ab:91:0d:ce:9c:cb:c1: - e2:39:e2:76:60:ab:6b:5d:33:b6:0f:a7:c8:f0:61:ed:37:81: - 83:3a:2b:b4 + 29:4f:cc:86:82:da:ea:d9:5a:15:b6:e4:f7:81:bf:f5:4c:8d: + e0:1d:dc:b5:a1:32:a9:fb:27:aa:a3:73:f7:2b:ee:d3:f0:2f: + 7d:77:27:71:ff:57:05:60:c1:67:db:3e:b8:ea:72:65:b4:d5: + 2a:ff:ae:f1:94:68:ae:18:77:57:ca:c7:ec:84:d6:50:d0:e0: + 95:1b:db:2e:4c:07:f6:1b:1c:0e:9a:e5:34:84:73:f2:b2:d5: + b1:89:8e:17:b0:bc:07:bc:b2:90:92:20:97:5f:e8:f1:c2:a5: + a6:ac:46:c0:90:44:eb:43:f9:46:74:9a:5d:68:db:f9:a8:9e: + 7d:fb:10:59:8c:a3:ae:95:c1:b8:04:0c:44:e7:af:2a:8f:c7: + 57:88:18:9b:ad:88:fe:0b:1f:52:de:df:2a:46:16:50:db:5f: + df:17:85:cc:d4:c6:2b:1a:36:98:6a:2c:d8:71:05:6a:cc:7e: + 26:9f:76:44:23:59:4c:47:c0:2b:42:2e:8b:8a:ed:18:ad:cc: + d6:22:0d:a2:1a:46:8d:98:20:38:5a:d5:13:8a:a2:66:4e:16: + bd:6c:0a:83:86:11:6a:40:be:83:af:ed:6a:c5:c0:1e:2d:9d: + 72:0b:e5:9f:a1:9c:a2:54:ee:5b:41:a9:77:22:8d:62:ab:39: + 6c:80:62:58 -----BEGIN CERTIFICATE----- MIIDkDCCAnigAwIBAgIBATANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1JbnRl cm1lZGlhdGUyMB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowETEPMA0G -A1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9jP -yut6Y7zNU1CgpeckHF6r7utI02Bzq6XDteDqsnELmUhMDHhvZ6iYE/eZWaD8eNh+ -BcwcTE3/wKeFj8D4whBRoqabOKGof+N83773jGKag8alq2MmnnElJn3cBQmzduje -kAdtbdEzpTpkkMBQLtaphC7yfBFJTMXiUMO5nA+sjwcZdGMAEorsb0+GipuvKsIh -8ZiI60ojLH0ln/0qPrA99Wa/pwdCfQRwYtNLiJKvdG4gTFVent4pplhmGo3Er7Ui -RCnutgNmjkumync9kQjAsuBwyObR+9sJhnyt9SB2EB38v5gFC7FuR9jOS6oCfOw+ -irAi+T38jmBFG8zJpQIDAQABo4HrMIHoMB0GA1UdDgQWBBRM4YhWjSOYexnhbtgc -5QZza9UeAzAfBgNVHSMEGDAWgBTLzriR+uzppBXKdTDxxpq4GTX6KTBABggrBgEF +A1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxoDt +LEK/73xl5/fVN4+47b8JvoO1IrqNjl9jy5hpuvx5piwCcLIRSSQyWWoQ7NqK+lEn +0pWmCAMdOSBhS8Cg81QaU/RTNEJmr9MIXA6rysWXH3ZgDVwGVpZCpnP8YwvpAqJk +exhObX6IuWW/UrvlV+6vgVSwb7PFItqcfUDRhgGd2ze+kVCUm6h+2VQygVD9FFRq +o4u1LB7Amqje/Jb1GsqXcGB5lF5n6JD+w2hj8F1k5eyJp3VhDGgq/rDThRcLXvkb +/xt+9FL/IFYPe1AV25Z3PAlOmCvHjlW7WXxSt25FINe2x35Pcdfd5rlYBGAq5EBk +XiyOMJa8hNtCuWaLlQIDAQABo4HrMIHoMB0GA1UdDgQWBBQ0KVIZ2AXYxr8kripA +BYGKqIbQzDAfBgNVHSMEGDAWgBSzT3yhRhVjglQ6r9L3QFYhexREUTBABggrBgEF BQcBAQQ0MDIwMAYIKwYBBQUHMAKGJGh0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1l ZGlhdGUyLmNlcjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vdXJsLWZvci1jcmwv SW50ZXJtZWRpYXRlMi5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG -AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAppZvcaBO+BeTrTAf -LuVuvE6DMgeVn/YC6AZeplEKI/ZGBjw95k3MrIwp6M4OpNsRfU9ut3jiQB4OdIPV -FnzFbj5BWb7VDKsFny8ijDtY7XJJEbALIbld4Lg/zaCglWTGjkV9qhtnaRNUQA2Z -dNqxn1ufuuO2qlvkttlsRtNQGtlaVLktodqXAHpqcSqORZxt6D2iyylERRFcqWRg -gYjkk6Jh7Id0abycYZKU60IzEimCXf4wm5y/R1Cp9q7q1Jc5h9UCxEUJqPPzv+A1 -RYmpvFc0v9SBoAlOLRVhOQxDUy5Q+zGrkQ3OnMvB4jnidmCra10ztg+nyPBh7TeB -gzortA== +AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAKU/MhoLa6tlaFbbk +94G/9UyN4B3ctaEyqfsnqqNz9yvu0/AvfXcncf9XBWDBZ9s+uOpyZbTVKv+u8ZRo +rhh3V8rH7ITWUNDglRvbLkwH9hscDprlNIRz8rLVsYmOF7C8B7yykJIgl1/o8cKl +pqxGwJBE60P5RnSaXWjb+aieffsQWYyjrpXBuAQMROevKo/HV4gYm62I/gsfUt7f +KkYWUNtf3xeFzNTGKxo2mGos2HEFasx+Jp92RCNZTEfAK0Iui4rtGK3M1iINohpG +jZggOFrVE4qiZk4WvWwKg4YRakC+g6/tasXAHi2dcgvln6GcolTuW0GpdyKNYqs5 +bIBiWA== -----END CERTIFICATE----- Certificate: @@ -108,30 +108,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ad:d8:fa:e5:f4:8b:41:38:13:dc:61:ad:db:db: - 3d:f6:be:e2:fd:9d:63:a2:eb:4a:8d:c8:03:6b:d2: - c3:18:29:e6:93:92:5f:d0:c5:b2:3c:05:cd:79:c9: - 25:dd:e8:fc:68:83:f1:d9:95:15:22:8f:27:eb:bf: - 1f:ed:78:ce:34:b7:60:66:ee:4a:40:9f:e3:95:d0: - 32:47:67:80:6c:37:1c:3d:3a:e8:3e:14:2d:5b:97: - b3:40:85:28:a9:10:f0:fb:c9:eb:51:be:b6:c6:8a: - ca:60:cd:31:b7:b0:d3:bd:eb:5c:8a:14:89:38:47: - cb:18:2b:11:f7:a7:9e:9d:f3:76:82:97:c4:78:61: - 8c:ec:90:ac:f2:a8:2e:bf:d8:30:48:52:94:7f:48: - f6:fb:4b:e6:0a:63:89:ad:8a:4d:8d:3e:dc:45:06: - 89:e9:94:24:5b:d4:94:50:de:05:cf:87:59:66:fb: - 70:62:84:3c:fe:d9:1b:02:92:30:80:cb:45:43:e4: - 55:47:97:2e:99:59:22:86:6f:51:3a:24:13:26:e8: - 10:c9:92:35:13:6f:4a:39:c5:71:d2:c3:63:a5:11: - f8:6e:dc:fa:75:5c:4b:29:24:04:9f:e3:f4:f0:49: - 55:7e:0a:8c:6c:44:b4:a4:35:c7:b0:54:10:a4:b1: - 6f:95 + 00:a5:da:13:9b:86:a9:21:3f:1b:20:2d:25:a0:65: + 28:27:5c:0c:2c:f5:ff:28:2a:4c:5c:63:4a:08:c6: + 90:06:55:13:54:d9:6d:c4:83:64:22:c0:1c:40:b1: + c9:f5:64:af:1d:cf:55:74:02:e8:97:af:3b:fe:ba: + 32:f9:3a:10:79:6f:5b:81:b8:cf:d6:25:3b:36:7f: + fb:17:a4:75:32:96:d3:b5:c5:97:87:8f:cd:63:e7: + 0f:28:3c:8e:0a:1e:46:91:a9:64:8b:70:7c:c8:ef: + b1:fa:82:50:2f:56:5c:17:b3:18:b9:4b:26:e2:a5: + 53:a8:27:a0:b7:d0:61:12:93:a7:5f:9a:1d:41:5c: + 53:c3:29:bd:96:44:8d:a6:1f:f9:e7:74:13:5a:84: + e3:3c:a5:41:cd:e9:86:72:c2:12:ea:2a:78:76:f8: + 88:93:f6:8a:d0:de:3e:b0:33:a0:96:fa:40:cb:c0: + e0:49:4d:c1:e8:46:40:b3:7f:a3:e5:01:d3:4e:9b: + e0:6c:21:6e:4a:d3:d6:e5:0c:1b:e1:1d:39:54:ca: + 35:4f:2a:1a:b0:b3:66:40:4e:f7:e9:72:70:f4:70: + 83:c6:81:12:bd:c9:c3:cc:53:95:fa:e4:21:74:f5: + 1e:f6:69:1c:42:6b:ba:ec:b5:83:33:41:7b:72:b8: + a4:9f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - CB:CE:B8:91:FA:EC:E9:A4:15:CA:75:30:F1:C6:9A:B8:19:35:FA:29 + B3:4F:7C:A1:46:15:63:82:54:3A:AF:D2:F7:40:56:21:7B:14:44:51 X509v3 Authority Key Identifier: - keyid:58:20:BB:27:E1:6D:B0:95:1A:D3:40:A1:81:79:89:63:34:21:9F:13 + keyid:78:A0:50:E7:F0:D8:50:C1:A8:AE:40:CC:35:8A:73:B1:2C:78:51:4A Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate1.cer @@ -146,41 +146,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 Signature Algorithm: sha256WithRSAEncryption - 5c:fb:a9:0c:98:92:b4:e2:3c:b1:57:ae:7d:4c:17:b3:44:0e: - df:f8:c5:96:e3:1c:10:c2:1b:cf:26:b8:b8:45:3b:e2:3a:54: - d9:2a:ce:2d:70:ef:7d:e7:0a:f8:c4:3e:c2:11:65:58:c2:9c: - 57:0f:82:6f:ad:d5:c3:75:fe:7a:eb:3e:51:13:a9:04:18:37: - 6a:e1:86:11:7f:3b:9d:5a:eb:29:ec:ef:d1:3b:df:13:f4:66: - 87:31:2e:b7:75:b0:31:02:b6:47:98:d6:f5:3d:35:7e:18:ac: - 53:86:4e:d2:d4:93:ac:7a:20:04:8f:58:9b:15:58:ad:7a:b3: - 3e:a0:11:57:92:96:2a:d4:b9:16:e9:f0:8b:70:67:4b:21:58: - 80:8e:43:21:ba:62:22:46:96:d2:f0:48:82:69:c5:51:ba:22: - 32:a0:50:cf:48:1f:1a:35:05:41:23:4e:93:a2:43:e6:83:d9: - ae:32:1e:95:72:24:61:79:09:4c:62:d0:1c:42:60:c5:8c:0c: - 6f:a1:8c:29:8c:68:e3:b8:da:44:83:f6:04:ab:e2:85:e4:6a: - f6:ca:ed:95:e3:a0:81:4e:79:1e:cb:46:a1:83:4b:19:23:52: - ae:b3:80:d7:7c:4f:05:8c:78:55:e2:fc:ec:80:74:5b:3e:7d: - 16:e3:71:5a + 91:d6:bf:09:02:8e:25:8e:31:b6:59:9c:c4:bc:bd:2a:60:63: + 23:76:1b:45:95:b9:74:86:90:79:31:99:ce:2d:ed:ea:dc:af: + 2f:bb:a8:80:67:1f:54:04:00:6a:4c:fc:db:cf:6a:ae:30:d9: + f4:6e:a4:60:84:ac:ab:08:24:5d:29:e7:33:fc:8e:ba:fb:32: + e3:ef:f6:66:35:90:ed:9d:aa:78:b6:66:00:0a:cd:da:e9:57: + 5a:b5:72:3c:79:bc:d2:ca:20:69:6f:b0:7f:06:b7:33:27:12: + bf:7b:37:9a:63:29:5c:d5:99:67:f9:9c:7d:31:f1:d1:e7:38: + 5b:07:4d:e5:04:7c:20:e2:0e:9d:dc:ed:34:f7:e1:ad:32:e3: + e7:37:9f:2c:bb:54:b8:94:0e:8d:97:6e:39:75:73:bb:49:f6: + 8e:5c:b8:b7:8e:de:09:80:7d:c2:9d:d1:ea:06:0a:75:78:c6: + d8:77:fe:28:ea:05:4f:ae:83:ad:02:e8:9c:e2:4d:c8:32:36: + 6e:32:05:91:3d:97:17:2b:0d:74:8e:4b:ba:ef:f9:af:65:49: + b6:b1:88:10:2f:a9:e0:4a:06:1d:4e:e4:3f:87:51:03:94:ec: + 22:89:19:a0:69:e7:51:39:b9:75:4b:1e:d8:17:c5:1f:6f:87: + 81:f5:0c:e6 -----BEGIN CERTIFICATE----- MIIDjDCCAnSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1JbnRl cm1lZGlhdGUxMB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowGDEWMBQG A1UEAwwNSW50ZXJtZWRpYXRlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAK3Y+uX0i0E4E9xhrdvbPfa+4v2dY6LrSo3IA2vSwxgp5pOSX9DFsjwFzXnJ -Jd3o/GiD8dmVFSKPJ+u/H+14zjS3YGbuSkCf45XQMkdngGw3HD066D4ULVuXs0CF -KKkQ8PvJ61G+tsaKymDNMbew073rXIoUiThHyxgrEfennp3zdoKXxHhhjOyQrPKo -Lr/YMEhSlH9I9vtL5gpjia2KTY0+3EUGiemUJFvUlFDeBc+HWWb7cGKEPP7ZGwKS -MIDLRUPkVUeXLplZIoZvUTokEyboEMmSNRNvSjnFcdLDY6UR+G7c+nVcSykkBJ/j -9PBJVX4KjGxEtKQ1x7BUEKSxb5UCAwEAAaOB4DCB3TAdBgNVHQ4EFgQUy864kfrs -6aQVynUw8caauBk1+ikwHwYDVR0jBBgwFoAUWCC7J+FtsJUa00ChgXmJYzQhnxMw +ggEBAKXaE5uGqSE/GyAtJaBlKCdcDCz1/ygqTFxjSgjGkAZVE1TZbcSDZCLAHECx +yfVkrx3PVXQC6JevO/66Mvk6EHlvW4G4z9YlOzZ/+xekdTKW07XFl4ePzWPnDyg8 +jgoeRpGpZItwfMjvsfqCUC9WXBezGLlLJuKlU6gnoLfQYRKTp1+aHUFcU8MpvZZE +jaYf+ed0E1qE4zylQc3phnLCEuoqeHb4iJP2itDePrAzoJb6QMvA4ElNwehGQLN/ +o+UB006b4GwhbkrT1uUMG+EdOVTKNU8qGrCzZkBO9+lycPRwg8aBEr3Jw8xTlfrk +IXT1HvZpHEJruuy1gzNBe3K4pJ8CAwEAAaOB4DCB3TAdBgNVHQ4EFgQUs098oUYV +Y4JUOq/S90BWIXsURFEwHwYDVR0jBBgwFoAUeKBQ5/DYUMGorkDMNYpzsSx4UUow QAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzAChiRodHRwOi8vdXJsLWZvci1haWEv SW50ZXJtZWRpYXRlMS5jZXIwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL3VybC1m b3ItY3JsL0ludGVybWVkaWF0ZTEuY3JsMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB -Af8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQBc+6kMmJK04jyxV659TBez -RA7f+MWW4xwQwhvPJri4RTviOlTZKs4tcO995wr4xD7CEWVYwpxXD4JvrdXDdf56 -6z5RE6kEGDdq4YYRfzudWusp7O/RO98T9GaHMS63dbAxArZHmNb1PTV+GKxThk7S -1JOseiAEj1ibFViterM+oBFXkpYq1LkW6fCLcGdLIViAjkMhumIiRpbS8EiCacVR -uiIyoFDPSB8aNQVBI06TokPmg9muMh6VciRheQlMYtAcQmDFjAxvoYwpjGjjuNpE -g/YEq+KF5Gr2yu2V46CBTnkey0ahg0sZI1Kus4DXfE8FjHhV4vzsgHRbPn0W43Fa +Af8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQCR1r8JAo4ljjG2WZzEvL0q +YGMjdhtFlbl0hpB5MZnOLe3q3K8vu6iAZx9UBABqTPzbz2quMNn0bqRghKyrCCRd +Kecz/I66+zLj7/ZmNZDtnap4tmYACs3a6VdatXI8ebzSyiBpb7B/BrczJxK/ezea +Yylc1Zln+Zx9MfHR5zhbB03lBHwg4g6d3O009+GtMuPnN58su1S4lA6Nl245dXO7 +SfaOXLi3jt4JgH3CndHqBgp1eMbYd/4o6gVProOtAuic4k3IMjZuMgWRPZcXKw10 +jku67/mvZUm2sYgQL6ngSgYdTuQ/h1EDlOwiiRmgaedRObl1Sx7YF8Ufb4eB9Qzm -----END CERTIFICATE----- Certificate: @@ -197,30 +197,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:e6:65:53:d1:2e:4e:ad:28:ff:05:13:1b:64:08: - aa:e6:b7:44:64:94:4c:0e:a4:68:80:12:7d:07:ce: - 6a:ec:c8:4b:cc:a1:3f:af:f4:c8:45:0e:b2:66:46: - b3:fd:ef:68:5d:04:c0:95:e9:71:45:b2:26:12:16: - 78:b1:75:15:39:a1:da:2a:b0:d7:7c:52:11:8b:1a: - b0:46:19:fb:71:d0:8f:13:3d:2e:ee:bc:75:97:4d: - b1:b6:7b:d5:b6:36:44:5b:75:d1:00:b3:a3:60:9f: - 92:34:c1:50:52:30:89:54:35:24:fa:7d:ea:5a:32: - ca:11:aa:12:1c:55:74:fd:5b:98:ad:0d:04:d3:b3: - 12:cd:a4:f9:7c:54:e1:1f:01:cd:ad:c6:0e:cc:ae: - 8c:89:d3:ff:a6:f7:2b:9f:67:d8:55:c2:a9:4a:5f: - e8:d6:96:0d:14:68:79:23:84:d0:5f:59:99:f6:8e: - 9c:34:da:b6:d2:37:cc:de:8d:44:ba:e4:bb:f0:6f: - f1:60:d2:0d:22:28:41:98:e8:9a:dd:18:b5:30:45: - fd:3b:7a:27:0f:16:08:07:02:83:aa:e0:68:ba:47: - 44:48:84:ea:da:51:c1:ec:7b:cb:1e:25:11:3d:fd: - ce:53:1a:39:0a:fc:42:82:3d:cc:a5:93:00:c6:27: - 62:75 + 00:a1:53:d3:7c:15:ee:13:ee:f8:8a:57:2c:76:df: + 71:f0:10:21:58:fd:6c:9e:02:b8:6b:09:77:40:de: + d2:cf:62:8b:5b:9f:29:fe:11:a3:6b:c8:fb:f3:7f: + aa:22:13:87:7f:c1:3f:41:40:3f:1b:21:51:ae:5a: + 03:ae:86:c2:68:7c:8d:3d:1b:0e:d9:62:98:5a:66: + d9:3b:8f:88:2a:44:b6:df:c9:2b:1c:78:95:d3:e1: + 50:7b:18:42:3b:f3:1b:41:bb:48:d9:31:54:6a:d9: + ef:7e:8a:a6:fe:ce:bb:5e:f8:13:68:f2:61:be:75: + a2:65:5f:d0:c5:87:fa:f6:e1:04:05:2b:50:a0:88: + ac:e2:d5:af:b6:83:6b:b8:b3:a0:1a:2d:65:71:5f: + 67:a6:97:3e:43:a2:5e:80:c5:fe:36:40:34:05:ea: + 79:31:0a:fa:b9:68:9a:58:f3:28:b6:7a:dd:6a:06: + 4c:da:76:f5:a5:63:70:8a:27:64:29:87:c1:8b:77: + fa:f0:cd:ef:56:a9:4c:7f:14:6d:da:c8:b8:b5:80: + 8d:df:68:60:61:6f:e3:31:f3:d7:47:8e:0e:58:f0: + f1:9f:f1:7e:d4:d9:41:b9:6a:f4:33:4d:f5:7f:ef: + d4:b4:91:50:4b:4b:65:d9:8d:de:cc:a4:d3:88:17: + ca:3f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 58:20:BB:27:E1:6D:B0:95:1A:D3:40:A1:81:79:89:63:34:21:9F:13 + 78:A0:50:E7:F0:D8:50:C1:A8:AE:40:CC:35:8A:73:B1:2C:78:51:4A X509v3 Authority Key Identifier: - keyid:7A:3D:6D:AF:22:3F:64:CA:5C:C8:B3:3D:D5:E5:3B:32:A0:02:CF:29 + keyid:FB:44:5A:0F:03:A9:3A:3C:75:B4:3E:87:2E:99:99:2E:73:04:0E:0F Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -235,41 +235,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 Signature Algorithm: sha256WithRSAEncryption - 37:db:eb:ca:f7:4c:e8:8d:30:46:40:83:77:7b:84:85:66:06: - 20:10:22:e9:f3:f0:5e:41:27:7d:dd:01:2a:c0:20:74:a6:f5: - d3:30:01:40:4a:4c:60:b0:9d:da:2f:71:90:c5:19:97:cc:af: - a2:e3:cc:fe:6e:e6:fa:5d:11:50:e6:ef:a9:b0:15:f8:da:26: - 51:b9:2e:1e:82:44:ec:13:e5:8d:27:2d:b1:31:97:cd:43:04: - 8a:70:ca:51:e3:2c:9e:93:9a:48:36:a1:46:56:08:e1:43:1c: - d7:96:aa:44:c2:3a:a2:e7:91:ac:91:28:fb:03:9c:e7:13:d1: - eb:c0:33:7b:3b:ff:c2:fc:af:68:36:54:57:f4:b8:2a:9d:de: - 78:3c:8e:ad:0d:d8:dd:4b:e7:50:41:0a:ae:7a:08:d7:5e:3b: - 2a:71:d5:88:ec:99:02:b3:cd:5a:31:26:41:79:e2:3a:49:55: - 40:7f:26:7f:34:f6:7a:76:28:5e:3d:e9:20:1e:a2:f4:6b:d5: - e0:6d:bd:2e:30:1a:69:70:ae:03:d3:ce:b3:76:04:2f:ef:86: - 4f:77:44:19:6f:94:6a:09:86:60:28:75:63:22:3a:13:5a:d5: - 13:af:23:08:9c:1f:0d:dc:0f:62:b4:97:85:05:5a:ea:c5:60: - 8a:02:4d:51 + 3f:52:71:17:86:df:c6:cc:4e:f5:f8:48:51:e1:21:09:3e:e3: + b4:1f:39:97:4d:cd:22:37:9b:f0:34:43:1f:4d:be:56:84:01: + b1:9e:7b:af:a7:0c:39:d4:65:2e:27:88:28:50:5f:7c:a1:dc: + da:64:e4:91:1c:b6:6b:b1:7b:6c:d1:8c:7d:ce:ce:4d:4c:b5: + 63:be:ed:2d:d3:f9:be:7d:0e:35:32:05:dc:f0:4d:1f:0f:f3: + 54:58:32:a6:3b:26:b0:89:bd:b8:16:5a:3d:59:9d:5b:2f:1c: + d4:02:0e:eb:6f:c8:2e:70:4b:1d:dc:49:32:6b:d6:b4:f0:59: + 8e:3e:6a:46:3c:3f:8d:c9:fd:80:c0:39:05:2d:05:a0:2f:d4: + 7f:d0:f5:f3:a6:bc:15:7f:5f:8b:dd:92:c1:8e:c7:71:9d:55: + 15:06:a4:55:67:fd:64:34:76:8e:95:29:a5:9e:1b:65:6e:00: + 8d:04:2c:51:4a:51:ea:13:fe:e0:80:67:73:8e:71:c4:71:bc: + 70:7b:c0:5f:6d:8d:56:63:10:17:52:29:c7:1f:fd:22:58:19: + f6:ef:0c:fb:82:fa:34:82:66:f5:a1:3b:a0:51:65:f5:18:33: + 81:3f:b1:31:66:e3:6f:74:03:cc:97:30:cd:43:3a:86:e4:3e: + b4:56:0f:d7 -----BEGIN CERTIFICATE----- MIIDcTCCAlmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowGDEWMBQGA1UEAwwNSW50 -ZXJtZWRpYXRlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOZlU9Eu -Tq0o/wUTG2QIqua3RGSUTA6kaIASfQfOauzIS8yhP6/0yEUOsmZGs/3vaF0EwJXp -cUWyJhIWeLF1FTmh2iqw13xSEYsasEYZ+3HQjxM9Lu68dZdNsbZ71bY2RFt10QCz -o2CfkjTBUFIwiVQ1JPp96loyyhGqEhxVdP1bmK0NBNOzEs2k+XxU4R8Bza3GDsyu -jInT/6b3K59n2FXCqUpf6NaWDRRoeSOE0F9ZmfaOnDTattI3zN6NRLrku/Bv8WDS -DSIoQZjomt0YtTBF/Tt6Jw8WCAcCg6rgaLpHREiE6tpRwex7yx4lET39zlMaOQr8 -QoI9zKWTAMYnYnUCAwEAAaOBzjCByzAdBgNVHQ4EFgQUWCC7J+FtsJUa00ChgXmJ -YzQhnxMwHwYDVR0jBBgwFoAUej1tryI/ZMpcyLM91eU7MqACzykwNwYIKwYBBQUH +ZXJtZWRpYXRlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKFT03wV +7hPu+IpXLHbfcfAQIVj9bJ4CuGsJd0De0s9ii1ufKf4Ro2vI+/N/qiITh3/BP0FA +PxshUa5aA66Gwmh8jT0bDtlimFpm2TuPiCpEtt/JKxx4ldPhUHsYQjvzG0G7SNkx +VGrZ736Kpv7Ou174E2jyYb51omVf0MWH+vbhBAUrUKCIrOLVr7aDa7izoBotZXFf +Z6aXPkOiXoDF/jZANAXqeTEK+rlomljzKLZ63WoGTNp29aVjcIonZCmHwYt3+vDN +71apTH8UbdrIuLWAjd9oYGFv4zHz10eODljw8Z/xftTZQblq9DNN9X/v1LSRUEtL +ZdmN3syk04gXyj8CAwEAAaOBzjCByzAdBgNVHQ4EFgQUeKBQ5/DYUMGorkDMNYpz +sSx4UUowHwYDVR0jBBgwFoAU+0RaDwOpOjx1tD6HLpmZLnMEDg8wNwYIKwYBBQUH AQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIw LAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4G A1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBCwUA -A4IBAQA32+vK90zojTBGQIN3e4SFZgYgECLp8/BeQSd93QEqwCB0pvXTMAFASkxg -sJ3aL3GQxRmXzK+i48z+bub6XRFQ5u+psBX42iZRuS4egkTsE+WNJy2xMZfNQwSK -cMpR4yyek5pINqFGVgjhQxzXlqpEwjqi55GskSj7A5znE9HrwDN7O//C/K9oNlRX -9Lgqnd54PI6tDdjdS+dQQQquegjXXjsqcdWI7JkCs81aMSZBeeI6SVVAfyZ/NPZ6 -dihePekgHqL0a9Xgbb0uMBppcK4D086zdgQv74ZPd0QZb5RqCYZgKHVjIjoTWtUT -ryMInB8N3A9itJeFBVrqxWCKAk1R +A4IBAQA/UnEXht/GzE71+EhR4SEJPuO0HzmXTc0iN5vwNEMfTb5WhAGxnnuvpww5 +1GUuJ4goUF98odzaZOSRHLZrsXts0Yx9zs5NTLVjvu0t0/m+fQ41MgXc8E0fD/NU +WDKmOyawib24Flo9WZ1bLxzUAg7rb8gucEsd3Ekya9a08FmOPmpGPD+Nyf2AwDkF +LQWgL9R/0PXzprwVf1+L3ZLBjsdxnVUVBqRVZ/1kNHaOlSmlnhtlbgCNBCxRSlHq +E/7ggGdzjnHEcbxwe8BfbY1WYxAXUinHH/0iWBn27wz7gvo0gmb1oTugUWX1GDOB +P7ExZuNvdAPMlzDNQzqG5D60Vg/X -----END CERTIFICATE----- Certificate: @@ -286,30 +286,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:cd:87:9d:f4:66:f8:77:5c:e3:56:6d:cb:12:dc: - a9:36:79:d5:1b:11:9f:92:20:8d:e6:d7:7d:41:8e: - 90:90:2a:a8:63:3d:59:25:a6:7a:86:73:7f:10:da: - 9f:c1:a5:69:4d:a3:67:61:b8:f8:9b:9b:ec:4a:3a: - f1:73:f1:83:c4:ab:34:1f:0b:ed:05:f3:6d:c5:ee: - 64:18:34:69:5f:09:1f:48:e5:d2:2d:12:4c:17:a3: - 7e:74:9f:93:04:ea:00:15:e3:b9:0d:ef:c5:ed:19: - 97:2b:12:05:7f:5c:32:2d:c5:30:46:7c:a7:02:27: - 29:b2:99:e1:43:95:f6:67:1c:ee:ad:9b:8e:fb:f8: - 57:1a:47:13:5a:1a:2f:27:e8:d5:03:2a:e5:f9:92: - 53:1d:03:5f:d6:2f:18:65:ce:3a:6e:ab:bf:b6:c5: - 72:e1:c9:a0:d6:3c:a2:8e:4f:3e:8f:06:52:19:a8: - 1a:f0:06:55:d2:f9:be:23:27:0a:de:33:26:ec:a0: - 41:d3:6b:56:25:70:09:ac:28:45:82:33:cb:db:85: - 59:50:61:9c:12:e0:04:cc:c5:81:3c:77:d7:9d:8e: - 59:d3:70:4d:4e:47:0a:f7:ef:6c:33:54:db:61:ee: - 31:cb:8d:43:59:ec:a1:3d:a4:c6:06:6e:05:b2:14: - d6:ad + 00:92:08:56:82:b9:30:af:14:a4:b9:10:66:49:4d: + 2a:e7:3c:3b:38:4e:a9:b3:1e:76:0f:32:75:73:d0: + d9:c6:21:3a:86:77:01:b7:a9:ec:52:96:d6:01:97: + a4:90:f3:63:24:da:ed:9e:57:98:05:ee:e9:22:69: + 00:02:c6:cf:16:fb:54:7b:00:33:31:2b:0a:cc:c3: + 54:98:7a:a0:11:c8:45:78:b5:e7:3a:17:7e:4f:5b: + a6:e8:97:9f:73:6a:fc:49:38:d7:4b:3c:51:05:e9: + aa:a1:0b:a9:f5:86:52:b7:d3:3d:31:ec:ca:82:64: + 15:f9:8a:e8:8e:c8:f6:88:35:ae:7c:b1:ba:4a:86: + 07:f0:85:0e:99:6a:30:a9:a4:a8:0c:d5:21:57:e0: + cd:95:96:47:22:bf:93:bc:62:78:c2:59:ab:ae:69: + 12:75:69:11:c0:60:8d:9d:d7:54:6e:e4:4a:44:0d: + 75:4c:4b:e4:0e:96:69:0c:5a:be:97:fd:5f:29:8a: + a8:46:60:10:b8:a3:c5:ae:47:2d:9a:3f:79:1e:90: + 44:f7:9d:c9:1b:3e:ad:35:45:83:5f:5d:89:c6:24: + a7:b5:bf:09:47:22:f8:30:b8:94:34:85:4f:21:89: + 52:63:fa:db:01:e5:0f:e0:f3:36:97:5d:2e:6c:6c: + 3d:57 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 7A:3D:6D:AF:22:3F:64:CA:5C:C8:B3:3D:D5:E5:3B:32:A0:02:CF:29 + FB:44:5A:0F:03:A9:3A:3C:75:B4:3E:87:2E:99:99:2E:73:04:0E:0F X509v3 Authority Key Identifier: - keyid:7A:3D:6D:AF:22:3F:64:CA:5C:C8:B3:3D:D5:E5:3B:32:A0:02:CF:29 + keyid:FB:44:5A:0F:03:A9:3A:3C:75:B4:3E:87:2E:99:99:2E:73:04:0E:0F Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -324,41 +324,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 20:3e:c4:b6:78:84:bd:36:33:6b:38:8e:f2:1f:1a:46:a7:d9: - 02:86:39:d2:3f:14:bd:a9:82:21:b0:9d:da:a9:4f:0a:e8:65: - 0b:7f:b7:cd:d9:3c:de:7f:08:d6:d9:60:ba:b2:be:4d:8a:77: - e4:4d:fe:8c:5d:27:e6:8a:0c:6c:e1:3c:7b:e2:d2:4c:ac:34: - fe:1e:b1:28:e6:b7:49:a8:09:bf:67:80:0f:8f:02:49:d4:52: - 6e:bf:d1:a7:b8:b4:22:90:f8:83:d5:85:7f:46:99:2d:df:cb: - 56:31:0c:0e:92:9b:eb:28:6e:c2:7c:ba:37:5d:3f:f0:f8:b5: - e2:0a:02:ea:78:c3:5c:8d:24:92:95:52:bf:68:3e:2b:fc:17: - bc:bb:3c:7c:38:f8:6e:5f:d3:1d:9e:4c:c5:3a:47:93:4d:a6: - c2:00:f2:2a:7a:a1:f0:76:48:5a:ef:77:1c:47:10:40:d8:d5: - 84:45:13:f6:5e:7c:d2:0e:bd:e3:e3:b1:3d:d5:93:e1:c4:95: - a1:ba:84:0d:a0:1c:b0:cd:b6:b4:a2:52:2e:37:c2:f3:30:3e: - 91:0b:24:9d:3d:77:02:ce:83:b0:73:21:ba:3f:f6:b9:c7:5d: - 08:5c:f0:33:8d:de:1e:56:e8:82:2f:5d:e6:8c:0c:ac:77:c7: - bf:91:2a:25 + 85:41:8d:5a:d5:71:90:eb:7f:af:7a:96:f3:4f:3c:aa:1d:4c: + 3e:73:98:ca:34:d7:5e:3e:bc:b3:bd:44:33:1d:91:41:1b:25: + ae:96:3c:df:07:82:f0:ca:e7:31:2e:8b:16:2a:64:f2:9b:ba: + 78:d7:a6:c1:e2:1c:2f:b1:2a:10:13:1b:9f:ba:df:7b:09:49: + 19:ec:d9:ac:52:20:0e:b5:4c:09:75:84:59:23:3f:e0:aa:62: + 6e:71:aa:2f:f6:89:0a:b5:44:91:14:5c:3e:02:03:53:4e:e8: + cc:94:a1:00:1a:70:44:7f:f1:0a:d2:df:fe:24:e0:84:32:f0: + 36:1e:c6:35:42:d8:54:75:6d:63:8c:e1:85:53:0e:2e:d0:d1: + a6:e1:d0:80:f8:66:a3:4d:95:98:2b:76:2b:6b:41:a9:70:d7: + 3a:f0:14:09:1c:ea:f3:58:a4:fa:57:c4:74:27:37:6d:d2:e7: + a2:b4:1c:bf:b7:b2:af:06:2e:b9:a1:42:5a:08:c7:6c:04:d1: + cd:3d:87:6f:82:13:5f:65:a5:40:fe:2d:5c:90:8f:a5:41:b9: + 3d:a5:88:dc:3b:fa:b4:ea:e0:b1:e6:e3:f8:6c:b1:21:3d:4a: + 86:47:cf:63:16:b1:7c:50:9d:cb:5e:81:71:03:0d:2d:f5:94: + ed:31:05:80 -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM2HnfRm+Hdc41ZtyxLc -qTZ51RsRn5IgjebXfUGOkJAqqGM9WSWmeoZzfxDan8GlaU2jZ2G4+Jub7Eo68XPx -g8SrNB8L7QXzbcXuZBg0aV8JH0jl0i0STBejfnSfkwTqABXjuQ3vxe0ZlysSBX9c -Mi3FMEZ8pwInKbKZ4UOV9mcc7q2bjvv4VxpHE1oaLyfo1QMq5fmSUx0DX9YvGGXO -Om6rv7bFcuHJoNY8oo5PPo8GUhmoGvAGVdL5viMnCt4zJuygQdNrViVwCawoRYIz -y9uFWVBhnBLgBMzFgTx3152OWdNwTU5HCvfvbDNU22HuMcuNQ1nsoT2kxgZuBbIU -1q0CAwEAAaOByzCByDAdBgNVHQ4EFgQUej1tryI/ZMpcyLM91eU7MqACzykwHwYD -VR0jBBgwFoAUej1tryI/ZMpcyLM91eU7MqACzykwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJIIVoK5MK8UpLkQZklN +Kuc8OzhOqbMedg8ydXPQ2cYhOoZ3Abep7FKW1gGXpJDzYyTa7Z5XmAXu6SJpAALG +zxb7VHsAMzErCszDVJh6oBHIRXi15zoXfk9bpuiXn3Nq/Ek410s8UQXpqqELqfWG +UrfTPTHsyoJkFfmK6I7I9og1rnyxukqGB/CFDplqMKmkqAzVIVfgzZWWRyK/k7xi +eMJZq65pEnVpEcBgjZ3XVG7kSkQNdUxL5A6WaQxavpf9XymKqEZgELijxa5HLZo/ +eR6QRPedyRs+rTVFg19dicYkp7W/CUci+DC4lDSFTyGJUmP62wHlD+DzNpddLmxs +PVcCAwEAAaOByzCByDAdBgNVHQ4EFgQU+0RaDwOpOjx1tD6HLpmZLnMEDg8wHwYD +VR0jBBgwFoAU+0RaDwOpOjx1tD6HLpmZLnMEDg8wNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAgPsS2eIS9 -NjNrOI7yHxpGp9kChjnSPxS9qYIhsJ3aqU8K6GULf7fN2TzefwjW2WC6sr5Ninfk -Tf6MXSfmigxs4Tx74tJMrDT+HrEo5rdJqAm/Z4APjwJJ1FJuv9GnuLQikPiD1YV/ -Rpkt38tWMQwOkpvrKG7CfLo3XT/w+LXiCgLqeMNcjSSSlVK/aD4r/Be8uzx8OPhu -X9MdnkzFOkeTTabCAPIqeqHwdkha73ccRxBA2NWERRP2XnzSDr3j47E91ZPhxJWh -uoQNoBywzba0olIuN8LzMD6RCySdPXcCzoOwcyG6P/a5x10IXPAzjd4eVuiCL13m -jAysd8e/kSol +AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCFQY1a1XGQ +63+vepbzTzyqHUw+c5jKNNdePryzvUQzHZFBGyWuljzfB4LwyucxLosWKmTym7p4 +16bB4hwvsSoQExufut97CUkZ7NmsUiAOtUwJdYRZIz/gqmJucaov9okKtUSRFFw+ +AgNTTujMlKEAGnBEf/EK0t/+JOCEMvA2HsY1QthUdW1jjOGFUw4u0NGm4dCA+Gaj +TZWYK3Yra0GpcNc68BQJHOrzWKT6V8R0Jzdt0ueitBy/t7KvBi65oUJaCMdsBNHN +PYdvghNfZaVA/i1ckI+lQbk9pYjcO/q06uCx5uP4bLEhPUqGR89jFrF8UJ3LXoFx +Aw0t9ZTtMQWA -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -371,10 +371,15 @@ FAIL RkFJTA== -----END VERIFY_RESULT----- -[Context] Processing Certificate - index: 1 - [Error] max_path_length reached +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=1 (CN=Intermediate2) ----- +ERROR: max_path_length reached + -----BEGIN ERRORS----- -W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMQogICAgICBbRXJyb3JdIG1heF9wYXRoX2xlbmd0aCByZWFjaGVkCg== +LS0tLS0gQ2VydGlmaWNhdGUgaT0xIChDTj1JbnRlcm1lZGlhdGUyKSAtLS0tLQpFUlJPUjogbWF4X3BhdGhfbGVuZ3RoIHJlYWNoZWQKCg== -----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/violates-pathlen-1-constrained-root.pem b/chromium/net/data/verify_certificate_chain_unittest/violates-pathlen-1-constrained-root.pem index 60c04ac1e36..76fb0ab330d 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/violates-pathlen-1-constrained-root.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/violates-pathlen-1-constrained-root.pem @@ -18,30 +18,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:b3:a3:d6:09:6c:d5:c4:2b:7b:c6:2d:9f:d3:91: - 39:f1:53:f0:93:49:96:8d:97:0c:d5:36:1d:7c:86: - 4f:2c:12:2c:5a:c9:32:b8:ff:21:71:f4:47:06:6f: - 30:08:2e:76:71:04:ec:f1:9d:f1:b0:59:36:03:64: - 1f:35:b0:a4:e6:ef:e6:aa:94:4e:d8:6e:aa:9f:92: - 63:a6:9a:42:47:fc:30:99:a5:c5:90:11:bb:b5:9d: - b1:b0:ec:12:c2:1f:29:42:57:d7:90:97:78:5f:5c: - 28:ab:49:7f:24:f3:2a:0f:68:a2:0a:e5:2a:54:8e: - 90:04:71:e2:13:9e:52:2e:c7:e6:ff:35:36:e7:01: - d7:2b:7f:5b:54:c0:20:e6:b3:09:16:e7:13:bb:96: - 3e:b7:45:3d:8d:5e:3b:6a:fe:c2:cb:5b:0d:bf:ed: - 92:98:74:9e:f1:7b:94:71:d0:b1:50:ec:81:06:3d: - 12:39:f2:00:d3:60:9c:3c:9c:5a:a1:58:cc:56:b1: - 4f:a7:a1:ec:c7:c5:52:70:81:99:99:a4:ef:de:f4: - 0d:c1:c5:ff:c6:83:c6:e8:d4:bd:f8:27:f9:86:e0: - 3c:d4:7b:31:17:4d:49:c8:ce:c0:27:6a:4f:0a:fb: - 79:75:93:47:b0:05:f8:2e:10:f4:0b:39:ce:f6:43: - 87:07 + 00:de:94:68:45:da:85:0f:a4:ae:c4:db:49:1e:f6: + 48:ba:a3:18:67:fc:ab:06:24:25:9e:f9:7b:30:d6: + 4f:4f:1f:4b:ea:9a:27:2b:7d:d7:25:87:64:23:9c: + 96:d7:c6:cf:fc:6c:73:5b:da:e2:39:47:91:f5:a8: + 85:f1:ec:80:e7:f7:20:36:39:09:06:40:33:9f:98: + 49:9a:f7:bf:83:f2:eb:a8:1d:20:f3:1f:5f:e2:7e: + e5:be:af:bf:ba:9d:74:0c:5a:e2:75:98:79:41:53: + ca:c7:9b:91:b7:51:75:ae:f1:a0:fa:06:ee:ed:80: + 1f:01:c9:81:1a:73:9c:df:dd:9d:34:a3:f5:47:db: + 61:52:46:25:ba:d5:3d:08:54:a3:02:8c:4d:fe:d8: + 81:31:b1:2e:4c:48:b3:36:ba:45:e8:e8:41:d3:d1: + 2a:b4:1e:10:11:a4:51:45:f4:22:b9:9c:65:9a:dc: + 41:38:7b:eb:2e:66:ee:a0:eb:f3:44:c8:46:25:75: + 44:bf:99:7c:b1:ac:a9:b8:75:0e:65:a5:b1:1b:ca: + fe:18:f7:a0:e4:24:4d:d8:5c:66:b3:cd:b1:c2:9a: + e0:fe:68:71:7b:0a:28:10:38:fe:64:65:90:d0:2d: + ba:e5:b4:a1:6a:97:13:80:9c:49:af:44:91:bf:f7: + 8d:d3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - FD:9F:2A:24:CC:3C:CE:DA:6D:41:F0:3B:79:09:11:71:B2:29:31:17 + C6:90:8A:0F:9C:B9:F7:72:87:B8:1C:1F:E5:C2:A0:34:BE:F6:16:4C X509v3 Authority Key Identifier: - keyid:4D:F0:7D:C0:A0:7D:84:3E:38:63:E2:76:18:78:25:8C:09:DD:12:36 + keyid:4D:EB:21:3C:9D:C2:4C:9B:05:E6:17:BD:AE:50:A2:8D:56:0E:9D:DC Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate2.cer @@ -56,42 +56,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 2b:4d:3f:19:05:a2:6b:66:7e:85:21:18:9a:0c:f0:81:cd:f7: - 81:71:50:38:95:f4:d0:68:d6:e2:02:9b:f3:08:1e:8c:4a:57: - b6:2b:e3:57:7c:ca:70:74:48:ee:d6:5f:2e:f7:b5:fc:95:75: - fa:c3:1d:5c:e1:aa:dc:85:cc:4c:2f:a7:05:b6:4f:38:a7:50: - 44:8c:4a:1f:2c:fc:37:f4:96:a9:03:77:65:b0:5d:a4:36:f9: - 29:ab:6e:1e:64:47:9b:cd:89:45:85:84:d3:4a:0f:97:87:99: - 83:15:67:cb:42:80:69:8d:17:89:d0:1a:c5:e5:48:60:86:b3: - 20:2e:9a:40:7b:ec:90:53:fd:b4:6e:6b:d2:82:2b:5a:5c:e4: - fe:ee:16:ec:15:20:f8:4d:07:b6:f0:9a:95:6c:08:d4:d0:b2: - 09:3d:67:40:13:a6:5b:21:5f:03:4b:d7:c5:83:a9:2d:a1:1b: - 93:c6:5b:6d:36:85:f7:4c:9c:65:33:ab:e1:8f:e1:18:c1:6b: - ec:4c:c7:a4:de:8a:b8:a1:66:a3:94:e3:40:5e:8c:cd:42:e5: - f2:8a:e0:5b:19:01:5b:ba:74:eb:11:3b:ac:56:04:6b:a7:22: - 35:9b:ac:3e:da:12:3f:42:39:3d:7e:7d:ac:1e:3c:c6:7b:09: - 8f:97:f2:f2 + 7a:ea:15:42:29:c5:20:9a:c5:81:64:0b:7a:8a:1b:d7:ea:83: + 61:c9:8d:00:94:11:8b:78:b5:c7:43:bd:fe:4d:83:ea:68:b0: + 17:c2:6f:ff:3c:e1:1a:d4:33:34:c4:18:8c:a0:ad:92:b8:1e: + 84:ef:f9:aa:9b:46:ee:51:43:9e:56:78:30:6d:c6:ae:37:41: + 41:47:68:b4:84:00:c6:66:45:15:4d:11:6c:b3:e1:04:a4:ae: + 56:bb:d1:96:62:da:e9:ab:d8:0c:8a:37:63:bc:b6:d4:ec:fa: + 5f:5d:f4:ae:d8:94:f9:ce:cf:98:ac:f5:5a:22:f1:d4:76:2e: + 9d:33:cb:e7:e7:dc:de:6d:f8:cc:36:51:33:f3:23:23:a3:35: + fa:84:2f:7f:64:74:9c:7b:e4:85:b4:e2:22:af:54:da:fb:66: + d4:1b:2a:bc:18:3d:26:04:05:52:1e:97:c9:d3:db:1e:4c:c5: + 3e:8a:f0:dd:bc:05:eb:00:b1:3f:31:14:6a:1c:f9:de:e6:98: + 9b:d6:87:8e:79:76:7a:6a:0d:26:c4:e1:d1:c1:ec:0d:0f:12: + 85:98:9f:36:63:3e:14:4e:48:f8:d3:d8:13:81:00:fc:e1:b2: + f3:53:c8:e7:4d:8f:60:cf:44:9a:0d:dd:a4:95:d3:70:e2:7b: + 2e:d3:e5:3c -----BEGIN CERTIFICATE----- MIIDkDCCAnigAwIBAgIBATANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1JbnRl cm1lZGlhdGUyMB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowETEPMA0G -A1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6PW -CWzVxCt7xi2f05E58VPwk0mWjZcM1TYdfIZPLBIsWskyuP8hcfRHBm8wCC52cQTs -8Z3xsFk2A2QfNbCk5u/mqpRO2G6qn5JjpppCR/wwmaXFkBG7tZ2xsOwSwh8pQlfX -kJd4X1woq0l/JPMqD2iiCuUqVI6QBHHiE55SLsfm/zU25wHXK39bVMAg5rMJFucT -u5Y+t0U9jV47av7Cy1sNv+2SmHSe8XuUcdCxUOyBBj0SOfIA02CcPJxaoVjMVrFP -p6Hsx8VScIGZmaTv3vQNwcX/xoPG6NS9+Cf5huA81HsxF01JyM7AJ2pPCvt5dZNH -sAX4LhD0CznO9kOHBwIDAQABo4HrMIHoMB0GA1UdDgQWBBT9nyokzDzO2m1B8Dt5 -CRFxsikxFzAfBgNVHSMEGDAWgBRN8H3AoH2EPjhj4nYYeCWMCd0SNjBABggrBgEF +A1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3pRo +RdqFD6SuxNtJHvZIuqMYZ/yrBiQlnvl7MNZPTx9L6ponK33XJYdkI5yW18bP/Gxz +W9riOUeR9aiF8eyA5/cgNjkJBkAzn5hJmve/g/LrqB0g8x9f4n7lvq+/up10DFri +dZh5QVPKx5uRt1F1rvGg+gbu7YAfAcmBGnOc392dNKP1R9thUkYlutU9CFSjAoxN +/tiBMbEuTEizNrpF6OhB09EqtB4QEaRRRfQiuZxlmtxBOHvrLmbuoOvzRMhGJXVE +v5l8saypuHUOZaWxG8r+GPeg5CRN2Fxms82xwprg/mhxewooEDj+ZGWQ0C265bSh +apcTgJxJr0SRv/eN0wIDAQABo4HrMIHoMB0GA1UdDgQWBBTGkIoPnLn3coe4HB/l +wqA0vvYWTDAfBgNVHSMEGDAWgBRN6yE8ncJMmwXmF72uUKKNVg6d3DBABggrBgEF BQcBAQQ0MDIwMAYIKwYBBQUHMAKGJGh0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1l ZGlhdGUyLmNlcjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vdXJsLWZvci1jcmwv SW50ZXJtZWRpYXRlMi5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG -AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAK00/GQWia2Z+hSEY -mgzwgc33gXFQOJX00GjW4gKb8wgejEpXtivjV3zKcHRI7tZfLve1/JV1+sMdXOGq -3IXMTC+nBbZPOKdQRIxKHyz8N/SWqQN3ZbBdpDb5KatuHmRHm82JRYWE00oPl4eZ -gxVny0KAaY0XidAaxeVIYIazIC6aQHvskFP9tG5r0oIrWlzk/u4W7BUg+E0HtvCa -lWwI1NCyCT1nQBOmWyFfA0vXxYOpLaEbk8ZbbTaF90ycZTOr4Y/hGMFr7EzHpN6K -uKFmo5TjQF6MzULl8orgWxkBW7p06xE7rFYEa6ciNZusPtoSP0I5PX59rB48xnsJ -j5fy8g== +AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAeuoVQinFIJrFgWQL +eoob1+qDYcmNAJQRi3i1x0O9/k2D6miwF8Jv/zzhGtQzNMQYjKCtkrgehO/5qptG +7lFDnlZ4MG3GrjdBQUdotIQAxmZFFU0RbLPhBKSuVrvRlmLa6avYDIo3Y7y21Oz6 +X130rtiU+c7PmKz1WiLx1HYunTPL5+fc3m34zDZRM/MjI6M1+oQvf2R0nHvkhbTi +Iq9U2vtm1BsqvBg9JgQFUh6XydPbHkzFPorw3bwF6wCxPzEUahz53uaYm9aHjnl2 +emoNJsTh0cHsDQ8ShZifNmM+FE5I+NPYE4EA/OGy81PI502PYM9Emg3dpJXTcOJ7 +LtPlPA== -----END CERTIFICATE----- Certificate: @@ -108,30 +108,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c9:f0:db:40:19:44:5e:67:d4:e7:dd:4f:67:12: - 71:af:2a:42:76:de:6a:c0:ce:e6:9f:78:4e:90:f9: - 62:6a:14:9d:5e:63:3a:55:8e:88:a4:83:34:f6:f1: - 35:19:d1:fe:94:61:b6:9a:c6:b0:47:81:95:69:21: - ff:ca:c9:c9:79:4c:ac:ee:f6:08:ba:eb:ae:fe:96: - 8a:dc:97:11:c1:2f:8b:55:9f:58:cb:b1:8f:c3:2a: - 36:0b:4b:d2:17:36:45:0d:33:64:b0:58:27:45:a1: - 71:f1:db:2c:d7:de:6f:6d:f5:bc:38:62:c3:5a:9d: - f5:95:58:1d:ef:c2:00:6a:e5:c2:97:84:f7:ac:cc: - 19:18:f0:f8:cb:1a:b0:7b:b4:63:cc:35:5d:8c:cf: - f0:0c:a6:7e:fa:19:96:a9:dd:8a:26:ef:31:e9:38: - 44:11:62:ff:30:35:fe:86:2a:5f:52:20:93:2a:a8: - 5c:a9:c6:16:08:3e:c1:da:34:4e:83:28:a1:d4:6c: - 78:58:06:a0:ef:65:69:4c:19:65:0a:82:98:d4:cf: - 56:22:d2:47:b1:82:40:8f:fc:50:5d:52:c5:12:a8: - 0f:17:0c:18:3b:ef:9b:8c:3c:da:c4:c2:2d:63:44: - 59:08:8e:54:4a:5d:1d:e7:ba:2f:7a:d7:92:40:8d: - f4:9f + 00:c3:12:d3:6b:81:ec:1a:ca:7d:aa:98:58:b8:c1: + f3:3a:97:e2:86:91:ae:b6:6d:02:2e:08:67:6c:98: + 5e:f3:ce:ec:3a:f1:de:93:e6:b5:b5:68:0c:64:67: + 87:0c:c8:0c:2f:33:64:f2:7a:70:1d:32:b9:84:21: + ab:45:de:99:1c:4a:97:30:7e:1e:0e:f0:c5:0c:69: + ea:18:cc:73:8c:eb:23:28:6a:f5:2b:b6:95:67:fd: + 7c:99:34:46:67:f8:f5:10:16:c8:04:db:eb:30:ce: + 23:b1:fe:71:a7:8c:dd:ae:26:d5:31:af:ec:ca:2d: + d7:b0:24:f9:06:ac:ad:a4:2a:b1:bb:1b:7d:cf:ad: + b2:d3:e2:d7:4a:e0:a7:f2:3d:74:5d:be:ed:3c:be: + 1e:2a:de:e6:89:ef:8a:c3:3d:3a:41:34:fe:a5:54: + 25:f7:11:be:65:fd:b0:6a:5d:70:13:df:41:92:19: + 04:fe:be:14:5a:4c:81:6b:a8:8c:15:34:3e:51:30: + 8d:19:07:9d:02:31:5c:7a:47:2a:0a:3d:74:ec:9a: + de:78:7f:3d:8a:e3:99:2a:52:71:ac:d0:bc:40:72: + 62:d2:6c:e8:28:23:56:62:f1:57:b8:4b:60:4d:5a: + 54:42:34:2c:8a:29:9a:05:a8:fb:67:90:91:11:f3: + 19:a7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 4D:F0:7D:C0:A0:7D:84:3E:38:63:E2:76:18:78:25:8C:09:DD:12:36 + 4D:EB:21:3C:9D:C2:4C:9B:05:E6:17:BD:AE:50:A2:8D:56:0E:9D:DC X509v3 Authority Key Identifier: - keyid:C5:16:E8:6A:00:06:4F:0B:E0:6E:86:89:50:32:72:E0:22:08:AE:60 + keyid:E9:93:8B:79:FC:DC:BA:88:E7:D0:26:76:B8:10:17:87:32:50:76:45 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate1.cer @@ -146,41 +146,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 52:00:7b:6d:93:e0:12:f4:bd:3e:1e:67:ac:a2:a2:46:dd:68: - 7f:41:c5:7e:a4:04:07:d2:5b:1a:d3:26:b7:9d:6a:62:9c:51: - a5:19:55:7d:1d:42:4d:88:12:39:21:a5:fe:59:27:94:92:7c: - 4c:54:f6:85:f7:7d:3b:ac:23:51:63:67:05:66:b3:5e:4e:c2: - db:e9:33:e6:5a:7c:08:96:16:b9:33:af:83:02:15:d0:eb:2f: - 02:98:18:5a:53:ca:f5:ee:a8:3c:95:44:bd:c7:bf:47:f4:7b: - 22:e5:b2:df:ee:e1:e2:eb:50:89:a9:ad:72:e2:03:74:f7:82: - 90:2a:6e:36:39:f6:06:95:81:52:56:e1:7e:35:32:43:90:78: - 57:54:00:fc:df:39:e6:f6:92:d6:57:5d:01:ee:69:a0:fb:8c: - df:75:9b:8c:0e:e7:af:27:d4:11:01:c3:9d:56:7b:52:0b:06: - 57:1f:40:13:12:76:2a:40:b1:97:47:5f:6d:c4:5a:45:99:cd: - 96:61:ce:52:47:5f:8d:66:14:6d:a2:3c:bb:6e:0f:9c:3c:ba: - 9e:fb:75:92:32:eb:f3:71:16:d5:c6:84:e4:7d:c5:79:3f:ce: - 08:57:96:5b:56:c5:28:d5:96:41:f0:bc:a7:72:a1:18:6f:ab: - d9:e5:47:93 + 55:2c:94:ca:bf:56:78:14:ab:d8:27:5d:4a:35:3a:a4:84:3a: + d5:fc:ca:20:42:b6:6a:ce:11:f6:8f:9a:06:fa:91:5f:24:ad: + fc:a4:7a:b3:1e:fd:54:35:f0:9c:00:3c:ca:95:8b:e1:f3:2e: + 44:e1:69:d5:7b:63:81:41:da:cb:6f:e1:14:73:54:48:a6:a9: + 15:4e:c2:cf:9a:da:b8:8b:7f:bb:da:d8:1b:d7:cc:6e:6e:9c: + 6a:54:cc:c6:52:2a:9c:c6:4f:9a:31:13:20:6d:b2:37:2f:62: + 7f:30:56:91:c7:09:bd:da:85:b4:35:1b:54:a5:e0:8a:dc:87: + 37:b6:84:5c:fa:c4:5f:0e:fa:62:35:f8:3e:94:4e:ad:03:6f: + ed:1e:53:1c:c0:52:75:b4:41:fc:a9:ea:ae:ba:46:5d:3b:d4: + 56:21:54:48:2a:19:6c:3b:a3:2c:02:70:d7:25:70:60:1e:cc: + 5f:2d:eb:d9:24:b1:ff:6d:dd:e6:84:bd:33:f0:6c:75:28:cb: + 94:2e:d9:51:60:a3:da:df:e5:a1:54:a6:73:75:e4:5e:21:9b: + 35:12:6b:c0:e1:5a:cf:f3:3a:ac:18:a3:27:15:ef:84:65:07: + 8c:8f:41:d6:af:65:d8:91:0b:b7:77:14:49:fc:8c:c5:f2:1a: + 13:15:4d:fb -----BEGIN CERTIFICATE----- MIIDiTCCAnGgAwIBAgIBATANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1JbnRl cm1lZGlhdGUxMB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowGDEWMBQG A1UEAwwNSW50ZXJtZWRpYXRlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAMnw20AZRF5n1OfdT2cSca8qQnbeasDO5p94TpD5YmoUnV5jOlWOiKSDNPbx -NRnR/pRhtprGsEeBlWkh/8rJyXlMrO72CLrrrv6WityXEcEvi1WfWMuxj8MqNgtL -0hc2RQ0zZLBYJ0WhcfHbLNfeb231vDhiw1qd9ZVYHe/CAGrlwpeE96zMGRjw+Msa -sHu0Y8w1XYzP8AymfvoZlqndiibvMek4RBFi/zA1/oYqX1IgkyqoXKnGFgg+wdo0 -ToMoodRseFgGoO9laUwZZQqCmNTPViLSR7GCQI/8UF1SxRKoDxcMGDvvm4w82sTC -LWNEWQiOVEpdHee6L3rXkkCN9J8CAwEAAaOB3TCB2jAdBgNVHQ4EFgQUTfB9wKB9 -hD44Y+J2GHgljAndEjYwHwYDVR0jBBgwFoAUxRboagAGTwvgboaJUDJy4CIIrmAw +ggEBAMMS02uB7BrKfaqYWLjB8zqX4oaRrrZtAi4IZ2yYXvPO7Drx3pPmtbVoDGRn +hwzIDC8zZPJ6cB0yuYQhq0XemRxKlzB+Hg7wxQxp6hjMc4zrIyhq9Su2lWf9fJk0 +Rmf49RAWyATb6zDOI7H+caeM3a4m1TGv7Mot17Ak+QasraQqsbsbfc+tstPi10rg +p/I9dF2+7Ty+Hire5onvisM9OkE0/qVUJfcRvmX9sGpdcBPfQZIZBP6+FFpMgWuo +jBU0PlEwjRkHnQIxXHpHKgo9dOya3nh/PYrjmSpScazQvEByYtJs6CgjVmLxV7hL +YE1aVEI0LIopmgWo+2eQkRHzGacCAwEAAaOB3TCB2jAdBgNVHQ4EFgQUTeshPJ3C +TJsF5he9rlCijVYOndwwHwYDVR0jBBgwFoAU6ZOLefzcuojn0CZ2uBAXhzJQdkUw QAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzAChiRodHRwOi8vdXJsLWZvci1haWEv SW50ZXJtZWRpYXRlMS5jZXIwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL3VybC1m b3ItY3JsL0ludGVybWVkaWF0ZTEuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB -Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBSAHttk+AS9L0+HmesoqJG3Wh/ -QcV+pAQH0lsa0ya3nWpinFGlGVV9HUJNiBI5IaX+WSeUknxMVPaF9307rCNRY2cF -ZrNeTsLb6TPmWnwIlha5M6+DAhXQ6y8CmBhaU8r17qg8lUS9x79H9Hsi5bLf7uHi -61CJqa1y4gN094KQKm42OfYGlYFSVuF+NTJDkHhXVAD83znm9pLWV10B7mmg+4zf -dZuMDuevJ9QRAcOdVntSCwZXH0ATEnYqQLGXR19txFpFmc2WYc5SR1+NZhRtojy7 -bg+cPLqe+3WSMuvzcRbVxoTkfcV5P84IV5ZbVsUo1ZZB8LyncqEYb6vZ5UeT +Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBVLJTKv1Z4FKvYJ11KNTqkhDrV +/MogQrZqzhH2j5oG+pFfJK38pHqzHv1UNfCcADzKlYvh8y5E4WnVe2OBQdrLb+EU +c1RIpqkVTsLPmtq4i3+72tgb18xubpxqVMzGUiqcxk+aMRMgbbI3L2J/MFaRxwm9 +2oW0NRtUpeCK3Ic3toRc+sRfDvpiNfg+lE6tA2/tHlMcwFJ1tEH8qequukZdO9RW +IVRIKhlsO6MsAnDXJXBgHsxfLevZJLH/bd3mhL0z8Gx1KMuULtlRYKPa3+WhVKZz +deReIZs1EmvA4VrP8zqsGKMnFe+EZQeMj0HWr2XYkQu3dxRJ/IzF8hoTFU37 -----END CERTIFICATE----- Certificate: @@ -197,30 +197,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:e9:9a:81:41:08:cf:b0:5d:90:15:7b:33:d8:14: - e0:04:05:c4:86:6c:65:6d:fa:9c:cb:68:e8:d3:3f: - 1f:02:00:4c:b0:8d:21:ab:fb:f4:ea:e4:d5:10:84: - 73:99:ed:ac:1a:d8:96:66:21:0b:8a:40:56:54:37: - 1e:49:b4:96:d8:be:63:8a:b2:5c:16:a1:c6:79:d0: - 30:3d:ee:83:da:58:e3:cf:7b:fd:37:d6:29:74:6a: - 69:8a:62:9f:1a:6f:22:7b:2b:68:51:b8:af:91:d3: - 48:7a:a1:d1:cb:ea:d7:c2:54:f7:09:55:a4:7f:cf: - 33:87:43:80:bb:04:2d:be:77:ea:db:e4:59:a6:4b: - c4:9e:d4:6a:54:b6:45:4d:4e:28:c0:13:33:d2:0a: - 12:49:4a:d7:e0:60:a7:88:0b:3d:54:61:5a:e1:e5: - f3:56:56:42:f0:3c:4e:65:dc:b9:c3:07:7f:56:da: - 4a:45:c4:e4:ba:e7:66:e2:09:e3:4d:84:5d:24:af: - bc:d2:2b:24:39:e3:04:bd:7c:1d:cf:71:5b:60:64: - dc:f3:75:e3:18:44:3b:8f:b1:70:72:20:ab:da:30: - bb:18:0d:d1:ed:fd:e8:87:5c:58:2d:de:11:e6:e8: - 0a:99:66:fd:a3:c3:b9:6b:02:ac:07:0c:35:c1:90: - 66:2d + 00:a7:5a:95:1f:d4:5d:dc:24:05:8d:bc:86:06:ed: + 27:fe:4f:1b:4b:38:42:19:15:53:1f:8c:9b:8b:90: + 68:e5:4c:7d:e3:2e:a9:9a:55:29:4b:51:5e:c2:4d: + 56:b6:1c:45:ca:ac:ff:56:82:77:91:ee:43:15:0b: + 76:83:96:bc:01:fc:7d:17:b0:a0:b7:49:93:fe:33: + ac:97:51:d1:85:65:22:90:e2:20:d6:f3:3e:7d:ca: + f6:de:b5:91:74:90:5e:b7:55:18:4f:70:cd:ad:6f: + dd:42:ed:69:82:c6:2f:1f:32:a0:77:5d:31:1c:29: + 4f:76:d0:c4:07:c0:76:94:8c:cd:97:80:fd:7d:fd: + 66:35:d8:80:6c:3a:83:96:e3:19:c2:92:0a:05:9d: + 15:1a:ef:50:28:3f:d5:a6:cd:20:01:86:f8:c3:75: + 9c:b6:cb:8b:d8:33:04:2a:d8:41:96:41:15:76:b4: + 05:a2:ab:15:a2:36:d8:e9:22:d7:df:d3:b7:3a:f9: + 01:84:0e:15:f5:0d:66:0c:02:af:e1:ba:03:73:3f: + 02:e3:db:b5:19:05:c7:ea:ab:3c:af:14:a8:7d:50: + 81:69:ba:f9:eb:8c:ed:b1:76:98:36:41:57:a3:8f: + eb:a8:84:13:0f:ba:96:0e:c7:05:0d:31:67:2b:9d: + e2:6b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - C5:16:E8:6A:00:06:4F:0B:E0:6E:86:89:50:32:72:E0:22:08:AE:60 + E9:93:8B:79:FC:DC:BA:88:E7:D0:26:76:B8:10:17:87:32:50:76:45 X509v3 Authority Key Identifier: - keyid:E8:DD:B2:61:D1:FC:02:1F:CD:68:F1:34:9D:6E:55:E7:97:B5:3A:23 + keyid:1A:BB:F8:5E:15:84:6A:6A:59:FE:DB:C2:73:30:0A:85:34:FD:08:E9 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -235,41 +235,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - 68:ca:ff:4f:17:59:d1:14:01:ad:bd:21:09:39:d3:de:3f:9e: - 12:71:16:9c:49:f6:e1:2d:d2:d3:4f:93:d3:60:a0:6f:9e:ac: - 49:99:a2:2c:ad:fc:29:1a:e1:5a:6e:07:e8:83:67:67:e1:23: - c4:01:e2:b5:c3:c1:28:f3:71:3e:49:e7:1e:dc:ee:66:fb:eb: - 64:3d:5c:2f:e2:1d:fd:55:f6:98:ff:fc:af:82:aa:45:d0:be: - 89:bd:73:4b:87:fb:a8:9e:c7:03:75:77:7c:d1:8c:50:f0:03: - e2:7a:2e:f5:f8:dd:53:33:9f:86:d3:f3:32:83:d2:2a:70:67: - ca:8a:f1:df:15:b0:fd:38:bf:67:4e:22:e2:6f:73:6c:a6:b9: - 27:c9:89:ce:a3:9e:00:7c:82:55:44:d5:e6:2a:3d:1c:80:e1: - ef:37:f5:ab:e0:ea:25:b4:45:4c:28:50:2d:cb:ed:bb:6b:1d: - 06:3e:16:e4:f0:b8:15:16:6e:7a:91:cd:f3:1c:39:2c:ec:d3: - 7e:0b:e0:de:2a:f1:d5:27:78:a6:9c:3a:3f:b8:cc:b2:f6:9c: - 8f:f1:9b:ce:c6:67:eb:9f:f5:4b:39:87:89:ef:d2:2f:ba:73: - d8:af:cc:90:95:9d:95:e4:1c:a5:fb:3a:85:f6:f8:cc:69:ae: - 2e:6a:fc:6e + 94:ea:af:a5:b1:c3:bb:d3:ed:be:26:df:cf:1d:ee:32:4a:68: + ac:45:e3:c7:8f:db:a3:63:bf:93:be:2c:26:02:15:0b:48:75: + e1:15:2c:ce:a7:0e:6f:94:9b:e6:e2:72:99:4c:4c:fa:e9:e3: + 70:5a:05:89:97:84:4a:a7:b4:fe:e1:3b:1f:4b:5c:da:15:06: + fb:dd:8d:f6:20:4f:0a:83:ec:3b:07:26:15:d6:79:3e:6d:37: + 74:63:60:11:a3:df:af:ee:14:6f:6a:9b:c9:2e:cc:e8:85:17: + 9a:06:bc:26:b4:5d:bc:70:39:b2:ca:5e:be:80:cd:25:e2:df: + 7d:bb:d9:b5:6c:a0:8d:5e:db:d5:9a:70:0e:c7:5d:d2:45:96: + 62:3f:39:59:a4:2a:37:f7:9e:b2:17:aa:7e:29:7d:58:eb:59: + 1a:db:89:69:b0:5b:aa:7e:cc:5f:c6:f7:81:e2:a8:8e:79:9b: + ff:a8:e8:c1:46:65:9a:c8:d9:af:00:2d:00:b5:10:0e:f9:3e: + c5:bb:7e:6c:9c:8b:3e:4a:d6:85:c4:29:05:cf:e8:cf:34:5e: + 24:b9:af:9a:b1:53:cd:98:82:0e:98:3e:52:24:f1:f6:4a:bf: + ed:79:0b:76:92:4b:3d:52:a4:73:29:ec:66:a7:f1:65:2c:dc: + b3:14:d0:88 -----BEGIN CERTIFICATE----- MIIDbjCCAlagAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowGDEWMBQGA1UEAwwNSW50 -ZXJtZWRpYXRlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOmagUEI -z7BdkBV7M9gU4AQFxIZsZW36nMto6NM/HwIATLCNIav79Ork1RCEc5ntrBrYlmYh -C4pAVlQ3Hkm0lti+Y4qyXBahxnnQMD3ug9pY4897/TfWKXRqaYpinxpvInsraFG4 -r5HTSHqh0cvq18JU9wlVpH/PM4dDgLsELb536tvkWaZLxJ7UalS2RU1OKMATM9IK -EklK1+Bgp4gLPVRhWuHl81ZWQvA8TmXcucMHf1baSkXE5LrnZuIJ402EXSSvvNIr -JDnjBL18Hc9xW2Bk3PN14xhEO4+xcHIgq9owuxgN0e396IdcWC3eEeboCplm/aPD -uWsCrAcMNcGQZi0CAwEAAaOByzCByDAdBgNVHQ4EFgQUxRboagAGTwvgboaJUDJy -4CIIrmAwHwYDVR0jBBgwFoAU6N2yYdH8Ah/NaPE0nW5V55e1OiMwNwYIKwYBBQUH +ZXJtZWRpYXRlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKdalR/U +XdwkBY28hgbtJ/5PG0s4QhkVUx+Mm4uQaOVMfeMuqZpVKUtRXsJNVrYcRcqs/1aC +d5HuQxULdoOWvAH8fRewoLdJk/4zrJdR0YVlIpDiINbzPn3K9t61kXSQXrdVGE9w +za1v3ULtaYLGLx8yoHddMRwpT3bQxAfAdpSMzZeA/X39ZjXYgGw6g5bjGcKSCgWd +FRrvUCg/1abNIAGG+MN1nLbLi9gzBCrYQZZBFXa0BaKrFaI22Oki19/Ttzr5AYQO +FfUNZgwCr+G6A3M/AuPbtRkFx+qrPK8UqH1QgWm6+euM7bF2mDZBV6OP66iEEw+6 +lg7HBQ0xZyud4msCAwEAAaOByzCByDAdBgNVHQ4EFgQU6ZOLefzcuojn0CZ2uBAX +hzJQdkUwHwYDVR0jBBgwFoAUGrv4XhWEampZ/tvCczAKhTT9COkwNwYIKwYBBQUH AQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIw LAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4G A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB -AQBoyv9PF1nRFAGtvSEJOdPeP54ScRacSfbhLdLTT5PTYKBvnqxJmaIsrfwpGuFa -bgfog2dn4SPEAeK1w8Eo83E+Sece3O5m++tkPVwv4h39VfaY//yvgqpF0L6JvXNL -h/uonscDdXd80YxQ8APiei71+N1TM5+G0/Myg9IqcGfKivHfFbD9OL9nTiLib3Ns -prknyYnOo54AfIJVRNXmKj0cgOHvN/Wr4OoltEVMKFAty+27ax0GPhbk8LgVFm56 -kc3zHDks7NN+C+DeKvHVJ3imnDo/uMyy9pyP8ZvOxmfrn/VLOYeJ79IvunPYr8yQ -lZ2V5Byl+zqF9vjMaa4uavxu +AQCU6q+lscO70+2+Jt/PHe4ySmisRePHj9ujY7+TviwmAhULSHXhFSzOpw5vlJvm +4nKZTEz66eNwWgWJl4RKp7T+4TsfS1zaFQb73Y32IE8Kg+w7ByYV1nk+bTd0Y2AR +o9+v7hRvapvJLszohReaBrwmtF28cDmyyl6+gM0l4t99u9m1bKCNXtvVmnAOx13S +RZZiPzlZpCo3956yF6p+KX1Y61ka24lpsFuqfsxfxveB4qiOeZv/qOjBRmWayNmv +AC0AtRAO+T7Fu35snIs+StaFxCkFz+jPNF4kua+asVPNmIIOmD5SJPH2Sr/teQt2 +kks9UqRzKexmp/FlLNyzFNCI -----END CERTIFICATE----- Certificate: @@ -286,30 +286,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:ca:b8:37:0e:d3:aa:65:77:fd:8d:e5:02:89:2e: - 62:d3:50:7d:1b:05:5b:f1:d5:5d:b2:94:57:c2:c2: - 70:a5:fa:cb:02:e0:02:c0:d7:de:1b:2d:2d:b0:46: - 2e:d8:8e:69:7b:51:a7:cf:47:cf:bb:25:1e:ed:ed: - 67:ba:e8:a5:f7:85:59:d7:a2:fb:4f:55:00:22:05: - 84:e3:31:20:2b:e0:ff:72:9e:99:de:be:67:48:60: - ac:86:35:3a:da:85:06:5b:92:29:7c:da:50:1c:e0: - 34:d8:5e:81:26:18:7e:de:07:20:c2:59:3b:43:f1: - bd:02:29:d4:ae:29:6e:bb:dc:be:48:2c:9a:15:18: - 33:86:6f:c3:26:2e:88:46:35:ce:92:b1:c2:a6:96: - cc:2c:e0:60:87:1f:9b:e2:a0:ce:7f:af:53:04:d8: - 24:cb:da:19:ca:3b:fe:02:f1:11:05:e7:40:af:2d: - eb:df:c4:53:1e:64:5a:73:b5:93:42:46:64:72:a5: - d9:d4:e0:70:65:f5:89:c3:07:83:17:0d:83:a8:aa: - 69:b5:56:57:20:1b:38:49:72:16:fb:a0:b4:d9:55: - 32:0a:e7:1c:1f:ec:3d:fc:7a:b9:81:02:d8:9e:57: - cd:97:18:16:6e:de:36:fe:d2:63:73:b3:8a:6e:57: - 93:a9 + 00:b3:62:40:33:73:9c:c9:64:ad:30:52:73:78:00: + 08:ac:b5:2a:80:8b:9e:7d:9d:50:57:ee:df:41:be: + 66:aa:53:a2:d5:90:72:02:dd:73:65:3e:69:94:a2: + 6f:5c:04:a0:df:b2:4e:70:57:71:ba:00:9a:75:3e: + a0:60:eb:8b:06:94:c3:65:17:93:e8:11:2b:76:20: + bf:7f:20:f4:09:14:b7:b8:c4:17:9a:89:bc:35:53: + b7:92:8b:fa:fb:62:9d:c6:e4:34:73:b4:d2:55:f8: + 15:f7:36:bd:ab:24:6f:28:26:89:1e:63:50:c8:e8: + 49:4a:4d:5d:0e:8a:63:7a:af:dd:7a:da:e2:67:9b: + 4b:57:9b:3a:b2:26:cc:0c:4b:d6:f4:3b:f6:d9:a4: + e6:56:a2:1b:78:a0:aa:4b:c6:06:1f:7c:3f:52:75: + ce:e5:18:a1:23:69:2c:ee:ba:c3:a4:33:c8:65:a8: + 5d:7d:09:51:7a:16:a3:ae:a1:ee:11:3e:1f:7c:a9: + 46:2d:ad:7f:05:c8:75:1a:3d:77:d0:02:4b:80:f9: + b0:ba:7b:4f:d8:be:d0:cb:6a:4c:f3:e3:00:0f:b5: + 5c:d3:65:7a:ba:49:21:54:2d:84:5e:7e:85:ad:84: + 70:e7:86:58:91:2e:4c:73:4a:52:ce:9c:04:86:2a: + 8c:fd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - E8:DD:B2:61:D1:FC:02:1F:CD:68:F1:34:9D:6E:55:E7:97:B5:3A:23 + 1A:BB:F8:5E:15:84:6A:6A:59:FE:DB:C2:73:30:0A:85:34:FD:08:E9 X509v3 Authority Key Identifier: - keyid:E8:DD:B2:61:D1:FC:02:1F:CD:68:F1:34:9D:6E:55:E7:97:B5:3A:23 + keyid:1A:BB:F8:5E:15:84:6A:6A:59:FE:DB:C2:73:30:0A:85:34:FD:08:E9 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -324,41 +324,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE, pathlen:1 Signature Algorithm: sha256WithRSAEncryption - a5:51:20:51:70:47:97:be:a8:b8:d8:76:64:ac:f1:47:36:3c: - 4d:c2:d1:b1:23:81:dc:2e:c0:36:d1:83:97:af:94:c3:46:fd: - bb:5e:9b:ca:e2:42:06:bb:ff:d4:68:f0:53:7f:96:43:cb:6f: - 24:09:53:a0:fb:d2:79:10:0f:f9:f8:3d:04:cb:23:40:50:37: - 5a:29:67:da:8a:b7:30:5b:62:b2:62:ce:70:43:81:29:c1:79: - 91:c8:b6:80:76:cf:93:45:70:ee:6b:22:a1:69:29:a6:e3:62: - d0:3d:27:67:86:26:dc:71:49:e3:1a:98:05:63:26:d8:e5:80: - b7:d9:38:db:1b:97:fc:0b:97:1f:5a:59:24:ea:6c:f6:c2:f6: - c1:ee:b8:02:48:1a:23:97:1d:3f:24:45:9c:f4:37:6f:ee:73: - 1b:bf:d3:c1:ed:a1:50:37:48:28:2f:ee:68:bc:d6:a8:35:a5: - 1c:00:a1:52:29:b5:a4:2a:79:f4:f9:a0:a5:30:6f:3f:01:ca: - 47:f0:08:8a:3f:3e:a9:bf:3e:4c:ef:e3:c3:ec:35:c5:5b:f3: - 58:18:80:be:08:e9:c2:77:a6:17:5c:62:3c:77:fe:a6:69:0e: - de:ca:96:dd:ed:13:01:ef:20:85:2f:94:a2:7d:30:df:c5:4d: - 84:e2:4d:1c + 00:12:bd:de:29:91:db:be:5c:8c:a0:df:6c:68:22:0a:6b:5a: + 7a:7e:0b:2c:b3:4b:39:95:ec:f7:a1:9b:27:1b:02:4e:70:4b: + e9:c7:ca:59:a5:27:de:48:d7:b3:69:0a:b6:d4:10:a6:a8:7f: + 08:f2:37:a2:b4:04:bf:d2:d7:5f:40:56:81:53:80:9c:ff:32: + 63:a6:73:6d:76:d3:14:bd:27:99:8e:9b:4d:aa:9e:1c:4e:1f: + 8a:8c:6d:00:6e:d7:e6:c0:a9:e4:23:f5:88:0b:66:a7:72:68: + c0:4e:38:4c:4f:75:0e:55:eb:ee:36:ec:1e:11:05:a1:df:4b: + cf:a0:49:d0:82:74:4b:6b:ec:67:61:24:00:c4:81:68:d7:74: + 36:82:79:45:ab:24:21:17:70:44:3b:e3:96:12:7e:68:4a:4a: + bc:3c:81:72:cf:52:c3:e9:ac:01:df:9b:38:0d:c2:b9:84:33: + e0:60:64:14:b4:b3:c5:79:7c:af:cd:c9:9e:44:95:b6:cb:23: + 7f:07:c6:ec:67:44:aa:4b:80:8c:c8:b4:e7:b5:af:07:7c:0e: + 00:91:54:fe:9f:b5:a2:9d:52:68:20:29:1d:02:ed:cb:22:4e: + d9:a3:c6:84:ab:b4:69:b7:83:7d:bc:f2:41:ec:37:38:df:9d: + 5b:11:56:c0 -----BEGIN TRUST_ANCHOR_CONSTRAINED----- MIIDaDCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMq4Nw7TqmV3/Y3lAoku -YtNQfRsFW/HVXbKUV8LCcKX6ywLgAsDX3hstLbBGLtiOaXtRp89Hz7slHu3tZ7ro -pfeFWdei+09VACIFhOMxICvg/3Kemd6+Z0hgrIY1OtqFBluSKXzaUBzgNNhegSYY -ft4HIMJZO0PxvQIp1K4pbrvcvkgsmhUYM4ZvwyYuiEY1zpKxwqaWzCzgYIcfm+Kg -zn+vUwTYJMvaGco7/gLxEQXnQK8t69/EUx5kWnO1k0JGZHKl2dTgcGX1icMHgxcN -g6iqabVWVyAbOElyFvugtNlVMgrnHB/sPfx6uYEC2J5XzZcYFm7eNv7SY3Ozim5X -k6kCAwEAAaOBzjCByzAdBgNVHQ4EFgQU6N2yYdH8Ah/NaPE0nW5V55e1OiMwHwYD -VR0jBBgwFoAU6N2yYdH8Ah/NaPE0nW5V55e1OiMwNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNiQDNznMlkrTBSc3gA +CKy1KoCLnn2dUFfu30G+ZqpTotWQcgLdc2U+aZSib1wEoN+yTnBXcboAmnU+oGDr +iwaUw2UXk+gRK3Ygv38g9AkUt7jEF5qJvDVTt5KL+vtincbkNHO00lX4Ffc2vask +bygmiR5jUMjoSUpNXQ6KY3qv3Xra4mebS1ebOrImzAxL1vQ79tmk5laiG3igqkvG +Bh98P1J1zuUYoSNpLO66w6QzyGWoXX0JUXoWo66h7hE+H3ypRi2tfwXIdRo9d9AC +S4D5sLp7T9i+0MtqTPPjAA+1XNNlerpJIVQthF5+ha2EcOeGWJEuTHNKUs6cBIYq +jP0CAwEAAaOBzjCByzAdBgNVHQ4EFgQUGrv4XhWEampZ/tvCczAKhTT9COkwHwYD +VR0jBBgwFoAUGrv4XhWEampZ/tvCczAKhTT9COkwNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQClUSBR -cEeXvqi42HZkrPFHNjxNwtGxI4HcLsA20YOXr5TDRv27XpvK4kIGu//UaPBTf5ZD -y28kCVOg+9J5EA/5+D0EyyNAUDdaKWfaircwW2KyYs5wQ4EpwXmRyLaAds+TRXDu -ayKhaSmm42LQPSdnhibccUnjGpgFYybY5YC32TjbG5f8C5cfWlkk6mz2wvbB7rgC -SBojlx0/JEWc9Ddv7nMbv9PB7aFQN0goL+5ovNaoNaUcAKFSKbWkKnn0+aClMG8/ -AcpH8AiKPz6pvz5M7+PD7DXFW/NYGIC+COnCd6YXXGI8d/6maQ7eypbd7RMB7yCF -L5SifTDfxU2E4k0c +AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQAAEr3e +KZHbvlyMoN9saCIKa1p6fgsss0s5lez3oZsnGwJOcEvpx8pZpSfeSNezaQq21BCm +qH8I8jeitAS/0tdfQFaBU4Cc/zJjpnNtdtMUvSeZjptNqp4cTh+KjG0AbtfmwKnk +I/WIC2ancmjATjhMT3UOVevuNuweEQWh30vPoEnQgnRLa+xnYSQAxIFo13Q2gnlF +qyQhF3BEO+OWEn5oSkq8PIFyz1LD6awB35s4DcK5hDPgYGQUtLPFeXyvzcmeRJW2 +yyN/B8bsZ0SqS4CMyLTnta8HfA4AkVT+n7WinVJoICkdAu3LIk7Zo8aEq7Rpt4N9 +vPJB7Dc4351bEVbA -----END TRUST_ANCHOR_CONSTRAINED----- 150302120000Z @@ -371,10 +371,15 @@ FAIL RkFJTA== -----END VERIFY_RESULT----- -[Context] Processing Certificate - index: 1 - [Error] max_path_length reached +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- + +----- Certificate i=1 (CN=Intermediate2) ----- +ERROR: max_path_length reached + -----BEGIN ERRORS----- -W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMQogICAgICBbRXJyb3JdIG1heF9wYXRoX2xlbmd0aCByZWFjaGVkCg== +LS0tLS0gQ2VydGlmaWNhdGUgaT0xIChDTj1JbnRlcm1lZGlhdGUyKSAtLS0tLQpFUlJPUjogbWF4X3BhdGhfbGVuZ3RoIHJlYWNoZWQKCg== -----END ERRORS----- diff --git a/chromium/net/data/verify_certificate_chain_unittest/violates-pathlen-1-unconstrained-root.pem b/chromium/net/data/verify_certificate_chain_unittest/violates-pathlen-1-unconstrained-root.pem index a9f4c307f54..21ae6b80ff0 100644 --- a/chromium/net/data/verify_certificate_chain_unittest/violates-pathlen-1-unconstrained-root.pem +++ b/chromium/net/data/verify_certificate_chain_unittest/violates-pathlen-1-unconstrained-root.pem @@ -18,30 +18,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:c7:02:89:18:09:bc:9f:9c:9a:41:35:a9:5f:f7: - c2:22:3e:b2:39:fe:ba:57:1d:95:2e:dd:65:23:45: - ce:33:77:99:dd:f1:d7:69:0b:fb:a7:0e:89:98:02: - 7a:94:58:7b:61:e6:10:98:69:1a:09:2b:9f:73:3a: - d8:70:18:64:e2:8a:85:87:c5:69:f3:45:1e:70:d8: - c0:5e:23:6c:a6:7d:8f:77:23:8a:5d:74:a0:0b:d5: - 7f:a7:dd:f5:21:2d:02:c2:0f:e0:c8:f8:29:20:f5: - 5e:33:58:2a:38:c8:41:a6:25:66:ac:cf:c4:03:cb: - 03:25:db:e6:65:3d:bd:ab:da:fb:8f:b5:0e:d8:ba: - 3d:14:2b:9b:07:62:13:d4:1c:ea:b1:d5:7d:4d:54: - 04:c0:13:fb:d1:df:c2:36:e3:00:cf:fa:49:0b:44: - 9c:05:80:19:75:02:25:41:3d:e0:e6:cd:87:d8:63: - d7:84:3d:0c:3a:c8:ec:e8:58:22:62:2f:18:e9:ad: - 45:ce:b8:a6:63:c2:65:29:69:1e:21:08:8d:3a:da: - 96:e0:89:27:09:cc:35:e9:f1:f0:d8:f3:61:c5:05: - 3e:b1:d0:00:3c:7e:25:4a:36:e3:1d:b4:95:37:2d: - 44:ac:9e:79:38:67:e7:c7:ac:0c:71:d3:d1:60:86: - 44:09 + 00:9d:b0:80:41:9a:d5:31:ea:d0:f6:46:1d:cd:f5: + e0:b8:d1:d4:21:fa:7b:01:03:9a:2a:dc:f0:f1:91: + 75:4e:57:cb:b6:d2:03:4d:49:16:cf:85:87:a7:e8: + b5:de:55:67:d1:9f:1a:2a:19:2c:00:91:00:81:c4: + 92:cc:03:be:c1:f2:c5:72:39:94:b6:1e:5f:4a:70: + 83:7d:5a:05:2d:02:a7:84:25:2a:da:11:c4:d4:e8: + 7f:1a:fb:88:6b:52:f9:8c:c9:c7:99:21:75:35:c3: + 84:a0:a1:b1:32:6e:1f:e4:b4:bc:21:5b:e4:7b:e0: + 85:06:3d:bf:fb:c0:92:66:1e:53:ff:d0:16:3b:a5: + 7c:32:07:10:54:b7:98:3d:70:2f:fc:ee:54:3e:74: + a8:ec:4b:45:11:e5:08:d1:54:2b:a9:78:83:bc:55: + 92:3e:71:e4:ba:ac:67:28:f2:4d:3e:8c:8f:26:88: + 02:fc:04:82:a9:88:bf:c7:95:4d:8c:d5:0e:17:2d: + ea:90:ad:6e:e4:7e:76:89:c6:0d:f4:5a:35:1a:72: + d4:91:38:50:cc:f3:1b:05:ff:80:d3:b2:e9:0a:5d: + 8a:9f:b8:b2:2a:20:a8:76:b5:41:1b:80:33:7c:79: + 12:fa:ff:36:df:61:22:c5:fa:27:4a:88:75:a8:f5: + 5d:49 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - C6:CC:7E:B5:7C:7A:51:EC:1C:35:E1:CD:3C:A7:FC:06:31:53:CA:06 + ED:D0:2C:C2:73:F7:C3:03:A2:08:6E:44:C9:E5:97:16:A5:B9:C9:EC X509v3 Authority Key Identifier: - keyid:48:BF:34:63:E8:E4:FB:87:49:F2:0E:A0:23:38:D2:BE:6A:3D:45:3C + keyid:48:81:22:AA:57:F7:0B:70:A7:D6:32:4B:AA:85:CD:7C:F2:85:30:2B Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate2.cer @@ -56,42 +56,42 @@ Certificate: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption - 51:8c:f9:c8:cb:cc:14:e3:54:cd:63:1a:f0:1e:0b:a3:6e:60: - 99:68:06:fe:e6:97:f5:68:e7:d8:7a:e1:b1:78:48:3e:03:57: - e4:84:5a:24:08:47:9f:fb:73:1a:7f:76:66:40:5d:ac:2f:f4: - f0:9e:b1:21:b0:15:5f:d1:68:4a:b6:fe:84:23:05:51:7d:d3: - 22:95:81:d0:76:87:29:9c:24:e8:3f:e0:41:a0:bb:57:96:1d: - 7e:92:2d:22:b3:98:67:4c:87:5e:42:f5:c9:08:fb:b9:05:25: - 73:b8:f0:9a:45:62:96:c6:48:b6:fe:ac:6c:42:a4:9e:41:aa: - fd:55:86:8e:4f:85:9e:b7:26:75:e3:79:28:ed:09:8d:63:35: - b5:55:78:13:46:43:17:3d:e8:12:c8:c3:c6:2f:88:f9:ce:b5: - df:af:6d:70:6f:6b:f6:1e:ff:1a:44:84:b6:51:7a:b1:7c:4f: - b4:7a:19:83:4c:85:b8:d0:e7:65:2e:0e:e2:ed:92:33:c4:f9: - cd:35:78:96:d6:8e:06:2c:17:18:0e:bf:be:f0:c5:7f:d3:85: - 71:62:94:83:d8:1b:51:c4:77:37:d3:6a:fd:43:b4:54:44:fe: - f9:da:01:3e:59:d4:7b:a4:26:32:e4:ba:9a:bf:f3:2b:6c:71: - d2:1e:2c:c4 + 9d:20:0c:60:ba:20:1d:ec:68:b0:dc:22:c4:f8:38:b7:de:8b: + 59:98:10:dc:d9:4e:9c:11:a8:92:88:8d:f9:33:e7:3d:ac:58: + d9:06:9f:1e:c1:86:58:14:87:77:3c:9a:ed:bc:57:4d:ef:10: + 5a:f3:b8:5b:15:df:37:dc:a0:7e:81:68:7e:e6:2d:db:64:fd: + 0b:6f:64:49:e0:b2:9c:4c:5d:a6:20:9a:5b:b5:80:b4:04:8e: + 6d:1c:94:53:1e:72:a3:11:34:31:06:a5:b3:f4:3d:8e:69:91: + 7d:aa:a0:67:fc:82:f8:79:f6:51:76:c9:d5:47:8a:18:3f:9c: + 53:38:0d:f7:a3:79:5f:82:8b:8a:21:21:b7:f6:db:33:0c:7c: + 6c:00:4a:94:76:59:95:7b:90:8d:2f:7e:68:09:3f:54:bb:14: + 5b:08:cf:41:2c:6e:f1:17:df:de:b2:14:10:3d:84:b7:dd:da: + 83:a7:7f:5b:42:6c:1b:f7:79:63:b2:af:06:71:5b:9d:e3:0c: + 3a:3b:e1:59:8a:80:96:8e:ef:ba:89:36:2a:77:9c:71:ca:c8: + 12:04:13:9a:3a:1b:a1:07:61:39:33:c3:4e:3b:1d:cb:5c:50: + b5:7f:2b:60:55:f6:9f:65:72:69:fc:ff:9d:90:7b:58:21:6a: + 82:40:de:87 -----BEGIN CERTIFICATE----- MIIDkDCCAnigAwIBAgIBATANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1JbnRl cm1lZGlhdGUyMB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowETEPMA0G -A1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwKJ -GAm8n5yaQTWpX/fCIj6yOf66Vx2VLt1lI0XOM3eZ3fHXaQv7pw6JmAJ6lFh7YeYQ -mGkaCSufczrYcBhk4oqFh8Vp80UecNjAXiNspn2PdyOKXXSgC9V/p931IS0Cwg/g -yPgpIPVeM1gqOMhBpiVmrM/EA8sDJdvmZT29q9r7j7UO2Lo9FCubB2IT1BzqsdV9 -TVQEwBP70d/CNuMAz/pJC0ScBYAZdQIlQT3g5s2H2GPXhD0MOsjs6FgiYi8Y6a1F -zrimY8JlKWkeIQiNOtqW4IknCcw16fHw2PNhxQU+sdAAPH4lSjbjHbSVNy1ErJ55 -OGfnx6wMcdPRYIZECQIDAQABo4HrMIHoMB0GA1UdDgQWBBTGzH61fHpR7Bw14c08 -p/wGMVPKBjAfBgNVHSMEGDAWgBRIvzRj6OT7h0nyDqAjONK+aj1FPDBABggrBgEF +A1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbCA +QZrVMerQ9kYdzfXguNHUIfp7AQOaKtzw8ZF1TlfLttIDTUkWz4WHp+i13lVn0Z8a +KhksAJEAgcSSzAO+wfLFcjmUth5fSnCDfVoFLQKnhCUq2hHE1Oh/GvuIa1L5jMnH +mSF1NcOEoKGxMm4f5LS8IVvke+CFBj2/+8CSZh5T/9AWO6V8MgcQVLeYPXAv/O5U +PnSo7EtFEeUI0VQrqXiDvFWSPnHkuqxnKPJNPoyPJogC/ASCqYi/x5VNjNUOFy3q +kK1u5H52icYN9Fo1GnLUkThQzPMbBf+A07LpCl2Kn7iyKiCodrVBG4AzfHkS+v82 +32EixfonSoh1qPVdSQIDAQABo4HrMIHoMB0GA1UdDgQWBBTt0CzCc/fDA6IIbkTJ +5ZcWpbnJ7DAfBgNVHSMEGDAWgBRIgSKqV/cLcKfWMkuqhc188oUwKzBABggrBgEF BQcBAQQ0MDIwMAYIKwYBBQUHMAKGJGh0dHA6Ly91cmwtZm9yLWFpYS9JbnRlcm1l ZGlhdGUyLmNlcjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vdXJsLWZvci1jcmwv SW50ZXJtZWRpYXRlMi5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG -AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAUYz5yMvMFONUzWMa -8B4Lo25gmWgG/uaX9Wjn2HrhsXhIPgNX5IRaJAhHn/tzGn92ZkBdrC/08J6xIbAV -X9FoSrb+hCMFUX3TIpWB0HaHKZwk6D/gQaC7V5YdfpItIrOYZ0yHXkL1yQj7uQUl -c7jwmkVilsZItv6sbEKknkGq/VWGjk+FnrcmdeN5KO0JjWM1tVV4E0ZDFz3oEsjD -xi+I+c61369tcG9r9h7/GkSEtlF6sXxPtHoZg0yFuNDnZS4O4u2SM8T5zTV4ltaO -BiwXGA6/vvDFf9OFcWKUg9gbUcR3N9Nq/UO0VET++doBPlnUe6QmMuS6mr/zK2xx -0h4sxA== +AQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAnSAMYLogHexosNwi +xPg4t96LWZgQ3NlOnBGokoiN+TPnPaxY2QafHsGGWBSHdzya7bxXTe8QWvO4WxXf +N9ygfoFofuYt22T9C29kSeCynExdpiCaW7WAtASObRyUUx5yoxE0MQals/Q9jmmR +faqgZ/yC+Hn2UXbJ1UeKGD+cUzgN96N5X4KLiiEht/bbMwx8bABKlHZZlXuQjS9+ +aAk/VLsUWwjPQSxu8Rff3rIUED2Et93ag6d/W0JsG/d5Y7KvBnFbneMMOjvhWYqA +lo7vuok2KnecccrIEgQTmjoboQdhOTPDTjsdy1xQtX8rYFX2n2Vyafz/nZB7WCFq +gkDehw== -----END CERTIFICATE----- Certificate: @@ -108,30 +108,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:9b:46:28:e2:70:56:b6:e1:f2:57:56:40:07:c9: - 66:0f:15:6f:6a:e9:b6:35:a4:f1:a7:17:4c:86:a4: - 8c:b7:74:55:0f:f2:cb:b0:43:11:4a:61:e0:9f:ea: - 8a:2b:c2:75:0f:b6:50:49:bc:ad:5c:3f:6c:92:4c: - 64:dc:50:2e:4d:66:65:eb:ba:9f:17:b7:d1:7e:ff: - 5d:d2:41:1f:9d:37:94:97:e1:f6:22:88:26:e2:8a: - 65:0f:0d:16:1d:b1:cc:df:e4:b1:78:87:f0:c6:f5: - f0:21:c9:f6:69:34:64:4c:cd:5b:27:ad:ee:0b:3d: - e3:ee:7a:6b:35:21:23:2b:6d:a4:82:c1:e0:37:f1: - 46:3c:16:c4:b9:20:29:16:13:14:26:05:41:c7:1e: - 21:e9:57:69:a4:3a:7b:b1:fe:92:c4:72:75:f7:bc: - c0:ef:ba:4a:0c:73:37:c1:48:e2:4d:07:c4:14:da: - ae:26:31:39:06:b8:43:6b:ec:2a:df:c8:db:02:af: - 24:9a:f2:af:28:98:1b:f3:0f:0d:57:2c:a5:c5:80: - ef:71:41:9f:99:16:20:d1:e2:f7:1d:59:1d:84:e2: - 0b:2d:23:f7:2f:05:9e:51:c3:c9:65:84:ba:db:23: - 2e:7e:43:b4:c1:eb:12:63:f4:3c:32:2e:18:dd:4c: - ad:8b + 00:b9:41:a3:79:b8:9d:70:a4:25:58:5b:47:07:ad: + 0a:23:3e:36:c4:44:c3:27:bb:cd:ab:c8:1b:4e:b8: + ba:d7:33:af:4a:59:74:cb:c1:5f:8c:8f:b6:0d:89: + ad:43:1f:3c:f4:64:11:0a:dc:ec:65:6d:85:5c:97: + 7e:8d:79:4d:bf:2c:bc:7e:31:59:bc:b7:cb:1c:8b: + 9a:10:ae:12:ed:93:50:72:66:45:c0:af:be:e7:e2: + 0a:cd:b4:60:f8:03:3e:6a:e2:ca:ff:75:52:20:73: + d3:2b:af:72:91:1b:ee:31:ea:74:9b:a0:aa:b2:3a: + 84:96:f3:00:65:a4:a7:21:e0:b1:96:d2:32:45:c6: + bd:6e:17:67:74:34:89:71:a8:2e:18:6b:12:1f:f1: + 97:07:10:61:b2:c2:38:ac:44:97:e4:fb:99:33:4b: + 7d:60:52:86:44:d4:df:91:0b:2d:04:37:b5:7e:5c: + fa:3d:46:9e:cf:0b:4f:1a:43:d9:9a:68:56:47:b5: + f0:68:80:67:a0:e4:d9:e2:25:d4:ff:3c:1a:b3:e0: + 5f:d5:44:ec:d5:1b:e0:b2:be:fd:d1:26:89:25:4a: + 18:4a:ca:44:d0:94:74:cb:a8:39:75:64:5a:19:21: + d1:4c:d9:b2:13:f0:d1:4f:6f:45:02:b7:3e:6e:10: + fe:5f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 48:BF:34:63:E8:E4:FB:87:49:F2:0E:A0:23:38:D2:BE:6A:3D:45:3C + 48:81:22:AA:57:F7:0B:70:A7:D6:32:4B:AA:85:CD:7C:F2:85:30:2B X509v3 Authority Key Identifier: - keyid:87:09:94:1A:5F:B2:4B:AE:02:70:24:A9:73:76:78:FD:C0:0E:DC:56 + keyid:A7:AB:30:41:BC:BB:CC:D3:7C:21:06:CA:C4:71:84:FF:FA:00:FC:D3 Authority Information Access: CA Issuers - URI:http://url-for-aia/Intermediate1.cer @@ -146,41 +146,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - be:14:33:c3:9f:0f:7b:fa:15:2f:1d:2c:29:52:bc:27:de:b3: - 7a:f5:d2:e4:3a:51:38:97:8f:90:b2:ce:5d:50:88:77:5c:e8: - ae:35:01:68:13:3a:ca:5b:6c:ab:a2:ac:f0:e0:97:37:6f:ff: - 15:d2:4a:f7:ff:80:7c:64:c8:6a:11:c1:02:f0:4b:0e:97:24: - 81:7e:90:a4:38:41:af:8d:0b:eb:0b:24:2b:dc:89:4d:32:d1: - 0b:b1:7c:67:6e:4f:43:bf:e0:63:9b:e8:f4:42:9c:3b:db:7e: - ec:f7:64:82:28:73:8c:a0:2e:73:d2:45:dd:3a:ad:6a:6a:5e: - ae:6d:f3:cd:be:4a:95:5c:d0:0d:87:54:b6:83:40:ed:14:e5: - d7:9d:23:e2:04:d1:6c:a0:2c:0a:ca:42:57:cc:f7:0b:66:4e: - 35:ef:e3:93:5f:87:e9:0e:64:c7:52:c9:22:16:61:f9:ec:f7: - f0:4a:7a:b8:ef:d6:34:d4:6c:3d:b5:a9:6c:0b:f4:19:a8:9b: - 04:d5:04:9f:fc:04:fe:60:7a:14:70:6f:38:92:80:be:8a:a6: - c4:57:a2:40:5d:bc:06:53:83:6d:f3:5f:f5:22:4a:22:10:a2: - 82:00:87:35:77:07:f1:34:81:2f:86:0b:1a:3b:8f:3d:88:0c: - 3a:a0:15:25 + 52:27:15:09:55:79:d8:ec:44:99:43:01:4e:bf:95:68:95:9a: + 5d:1f:3e:fd:df:4e:e4:52:69:f5:b1:f7:0d:ee:a5:7b:b5:d8: + 68:72:01:05:aa:7f:ef:e1:7b:a0:dd:11:32:d0:92:00:d6:ca: + 43:3d:88:b1:84:f6:cf:cc:de:85:37:29:05:4f:68:ea:d7:cf: + 27:e7:32:4e:34:af:8b:49:99:23:d3:55:9f:d7:35:5e:3d:53: + 6c:e6:02:da:2d:d4:a1:9f:d4:9e:a4:03:03:d1:dc:f7:20:1c: + 29:9a:22:b0:26:6f:08:57:07:a3:94:e8:f9:ac:eb:6a:0b:59: + 64:a9:32:a1:f6:ae:92:56:b6:a2:0b:c5:0f:d2:bd:4e:10:6f: + 15:8f:bd:67:a0:17:0f:99:bb:32:10:cc:0e:36:b0:24:ce:94: + 15:47:40:02:0d:f7:23:01:91:1f:d9:cc:9e:e9:b5:35:ba:89: + f7:f4:d3:e2:ef:51:16:dd:ca:bc:2a:a4:e1:f6:d1:f1:74:84: + 43:1a:1d:5b:83:8e:6e:08:a4:b9:cd:bd:0e:a1:73:a8:fa:74: + 94:5a:9a:ed:be:25:08:80:d3:70:bf:7b:d4:a2:5a:b4:ff:91: + bd:1c:3b:60:86:b1:47:02:23:92:ec:b4:22:0e:fa:96:87:d5: + 54:74:93:ed -----BEGIN CERTIFICATE----- MIIDiTCCAnGgAwIBAgIBATANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1JbnRl cm1lZGlhdGUxMB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowGDEWMBQG A1UEAwwNSW50ZXJtZWRpYXRlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAJtGKOJwVrbh8ldWQAfJZg8Vb2rptjWk8acXTIakjLd0VQ/yy7BDEUph4J/q -iivCdQ+2UEm8rVw/bJJMZNxQLk1mZeu6nxe30X7/XdJBH503lJfh9iKIJuKKZQ8N -Fh2xzN/ksXiH8Mb18CHJ9mk0ZEzNWyet7gs94+56azUhIyttpILB4DfxRjwWxLkg -KRYTFCYFQcceIelXaaQ6e7H+ksRydfe8wO+6SgxzN8FI4k0HxBTariYxOQa4Q2vs -Kt/I2wKvJJryryiYG/MPDVcspcWA73FBn5kWINHi9x1ZHYTiCy0j9y8FnlHDyWWE -utsjLn5DtMHrEmP0PDIuGN1MrYsCAwEAAaOB3TCB2jAdBgNVHQ4EFgQUSL80Y+jk -+4dJ8g6gIzjSvmo9RTwwHwYDVR0jBBgwFoAUhwmUGl+yS64CcCSpc3Z4/cAO3FYw +ggEBALlBo3m4nXCkJVhbRwetCiM+NsREwye7zavIG064utczr0pZdMvBX4yPtg2J +rUMfPPRkEQrc7GVthVyXfo15Tb8svH4xWby3yxyLmhCuEu2TUHJmRcCvvufiCs20 +YPgDPmriyv91UiBz0yuvcpEb7jHqdJugqrI6hJbzAGWkpyHgsZbSMkXGvW4XZ3Q0 +iXGoLhhrEh/xlwcQYbLCOKxEl+T7mTNLfWBShkTU35ELLQQ3tX5c+j1Gns8LTxpD +2ZpoVke18GiAZ6Dk2eIl1P88GrPgX9VE7NUb4LK+/dEmiSVKGErKRNCUdMuoOXVk +Whkh0UzZshPw0U9vRQK3Pm4Q/l8CAwEAAaOB3TCB2jAdBgNVHQ4EFgQUSIEiqlf3 +C3Cn1jJLqoXNfPKFMCswHwYDVR0jBBgwFoAUp6swQby7zNN8IQbKxHGE//oA/NMw QAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzAChiRodHRwOi8vdXJsLWZvci1haWEv SW50ZXJtZWRpYXRlMS5jZXIwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL3VybC1m b3ItY3JsL0ludGVybWVkaWF0ZTEuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB -Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC+FDPDnw97+hUvHSwpUrwn3rN6 -9dLkOlE4l4+Qss5dUIh3XOiuNQFoEzrKW2yroqzw4Jc3b/8V0kr3/4B8ZMhqEcEC -8EsOlySBfpCkOEGvjQvrCyQr3IlNMtELsXxnbk9Dv+Bjm+j0Qpw7237s92SCKHOM -oC5z0kXdOq1qal6ubfPNvkqVXNANh1S2g0DtFOXXnSPiBNFsoCwKykJXzPcLZk41 -7+OTX4fpDmTHUskiFmH57PfwSnq479Y01Gw9talsC/QZqJsE1QSf/AT+YHoUcG84 -koC+iqbEV6JAXbwGU4Nt81/1IkoiEKKCAIc1dwfxNIEvhgsaO489iAw6oBUl +Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBSJxUJVXnY7ESZQwFOv5VolZpd +Hz79307kUmn1sfcN7qV7tdhocgEFqn/v4Xug3REy0JIA1spDPYixhPbPzN6FNykF +T2jq188n5zJONK+LSZkj01Wf1zVePVNs5gLaLdShn9SepAMD0dz3IBwpmiKwJm8I +VwejlOj5rOtqC1lkqTKh9q6SVraiC8UP0r1OEG8Vj71noBcPmbsyEMwONrAkzpQV +R0ACDfcjAZEf2cye6bU1uon39NPi71EW3cq8KqTh9tHxdIRDGh1bg45uCKS5zb0O +oXOo+nSUWprtviUIgNNwv3vUolq0/5G9HDtghrFHAiOS7LQiDvqWh9VUdJPt -----END CERTIFICATE----- Certificate: @@ -197,30 +197,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:cc:c9:7a:84:dc:8e:0c:4b:60:fc:fb:35:ff:5c: - 72:00:1d:25:df:87:50:fa:65:2e:fa:40:a2:c7:9a: - cb:b5:2e:b6:0d:d8:80:6c:54:ef:44:c9:2f:a4:20: - 60:07:c7:0a:f9:0f:62:0c:30:9e:ff:9b:3f:a7:35: - 6a:ab:a3:56:ca:1b:ea:62:90:0f:ef:e3:29:52:dc: - 88:06:a5:65:1f:29:ba:73:11:b5:98:70:dd:88:7f: - 83:a6:0b:4c:da:42:92:e6:08:45:da:f4:54:e0:8d: - 67:6c:97:0b:fd:8c:13:65:81:6a:1b:49:1b:4e:c7: - de:dc:b5:68:1d:14:57:23:98:33:7b:43:a2:bf:da: - bf:ef:e7:58:43:27:d3:d6:a9:45:d0:8d:e7:d7:48: - b1:dc:f1:00:9b:85:8a:66:3e:20:f3:fc:e1:0f:89: - 9f:28:a6:2d:2c:f7:a2:44:e8:47:5a:0a:fa:cd:8e: - 40:2a:75:06:6d:ca:38:89:b6:9d:1f:15:d9:42:36: - 14:7e:2b:c4:e3:d7:03:a6:cf:4c:cb:34:c0:ce:e9: - ad:05:da:8c:73:91:25:d3:23:3e:70:ab:16:e7:fe: - 8b:95:69:f6:4f:98:68:86:04:d6:70:bd:0f:9a:37: - 0b:35:b9:ad:18:27:aa:15:b7:08:d0:54:1e:94:af: - ed:f9 + 00:c1:37:3b:43:f5:80:3a:6f:88:94:a1:ea:18:3b: + 56:7b:bc:4d:3e:b3:3c:dc:99:4a:aa:11:0c:3e:95: + ee:ed:76:27:5b:a5:81:59:73:69:dc:33:da:20:35: + 48:00:ac:3e:43:5e:df:10:17:d8:d3:e9:11:da:00: + 72:e7:d3:42:54:f1:93:39:0b:18:7a:0c:69:4d:12: + 50:73:0c:f6:4f:44:8d:5f:c0:62:89:e5:f0:63:78: + 1b:92:bb:23:67:8f:77:b1:d3:3f:b1:67:de:6b:aa: + 0f:73:c3:d3:f2:69:84:7e:e3:04:34:25:69:23:13: + 23:92:4d:d5:08:55:7d:77:b8:42:96:fd:f7:09:35: + 20:4a:bf:8e:3d:16:9c:93:5d:81:a2:ed:9d:b4:b3: + 43:06:74:f2:79:f1:26:d8:1a:b8:3c:35:e6:cd:d6: + 36:79:5c:2d:3f:3e:df:1c:08:e9:5a:7a:cb:e4:e7: + aa:54:db:7e:96:38:a0:0c:39:65:68:88:3a:a0:05: + 5a:79:ee:8e:dd:96:08:86:8d:3e:79:b1:7e:28:bd: + 0f:9a:26:f5:de:8c:6c:7a:d8:e7:79:c4:9a:48:35: + 26:2c:ac:1c:ce:d4:7f:a4:a2:75:e3:27:0f:0f:de: + 5a:ba:7a:59:c7:ef:d8:39:8d:74:81:fc:37:a6:b1: + b7:4d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 87:09:94:1A:5F:B2:4B:AE:02:70:24:A9:73:76:78:FD:C0:0E:DC:56 + A7:AB:30:41:BC:BB:CC:D3:7C:21:06:CA:C4:71:84:FF:FA:00:FC:D3 X509v3 Authority Key Identifier: - keyid:0F:0F:6A:FA:74:D2:B6:49:DD:B5:2E:25:97:97:E3:E0:51:F7:1E:2A + keyid:2A:A9:CA:EF:18:15:3E:D3:AC:C4:EC:2D:A1:3C:8F:19:F8:EE:51:B5 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -235,41 +235,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption - db:01:1b:5b:f9:4f:9a:03:74:cb:a6:84:16:ab:ba:bb:63:7d: - 22:94:f5:70:03:dd:6d:fa:53:f2:23:c6:7b:a2:d2:62:96:ba: - 5a:95:f8:c8:a0:1f:f5:37:01:ce:a5:56:ef:19:5e:da:30:3a: - 81:ac:13:37:74:dd:5d:1b:b0:4a:cc:c0:b5:8f:d0:ce:6e:06: - 2b:74:c0:c4:70:fa:3b:90:d1:7b:c3:10:b3:8f:e1:69:42:ec: - 82:5c:09:ad:5b:0e:8d:4a:18:83:ec:f8:82:dc:e9:d8:5c:fa: - cc:f9:c9:6d:cc:b4:db:b0:d8:99:b9:fb:30:d2:28:a0:46:b8: - 77:fc:c2:12:eb:75:52:20:81:85:da:a6:ed:71:49:db:5c:4f: - a5:31:0f:59:c2:73:8d:da:10:be:ec:0c:4a:f8:d4:35:c7:13: - 5c:eb:f3:c8:42:19:d7:22:07:13:ac:71:46:9f:12:73:9e:0d: - 2e:c6:75:2d:fc:00:b4:99:13:e4:35:be:7f:7a:2f:2c:7b:44: - 57:3f:0f:2b:bb:06:25:45:94:2c:2d:af:c0:9f:e2:29:14:61: - 53:9d:ac:89:d2:04:c6:b9:52:a0:21:70:6f:b1:c0:9c:c9:6d: - 07:ab:14:d3:d3:49:05:bb:1e:4d:47:b6:62:6d:a2:35:3c:47: - 3e:32:1c:11 + 87:3d:53:9a:e3:97:ee:bb:4d:a4:f6:c5:c7:7b:f0:32:0f:bb: + 29:5b:1b:b1:fc:47:75:01:39:1d:88:c4:79:30:4a:7a:4a:fb: + 3c:5c:f5:89:3f:2c:71:48:1f:12:9e:fb:2b:8f:dc:99:ff:f3: + 6d:4a:b8:1c:b3:59:86:9e:27:2e:c4:16:39:8e:7d:aa:a8:b0: + 93:6d:07:88:78:0c:48:29:8f:f0:25:10:b4:a1:63:24:81:3c: + e8:da:70:a1:c7:14:ec:e4:58:cc:4e:12:eb:f3:13:2a:0b:f6: + 7a:88:5e:6d:d4:2a:88:43:29:1d:81:16:2f:b9:33:fe:d6:d4: + 96:b4:a1:de:87:dc:30:a8:92:87:79:cc:09:fa:a6:a5:1c:ec: + e4:ce:fb:cd:0b:7c:47:b9:58:4e:d4:c7:f1:6d:93:bc:61:88: + 88:ab:2d:90:b4:b9:53:8e:fa:13:73:b1:a3:fa:a4:95:58:5a: + 32:2f:22:e5:cc:a4:4a:ad:be:ee:59:60:02:22:4d:3c:31:1b: + 7b:d3:b4:bf:6a:b7:c4:6f:f1:75:69:57:d2:eb:02:d9:ae:5b: + a7:85:21:09:4c:cb:ff:32:c6:bb:ba:cb:53:6d:29:e2:b4:be: + b9:d3:52:7a:64:af:fb:63:40:9b:ce:d8:9b:06:74:dd:99:24: + dd:05:d6:b5 -----BEGIN CERTIFICATE----- MIIDbjCCAlagAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowGDEWMBQGA1UEAwwNSW50 -ZXJtZWRpYXRlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMzJeoTc -jgxLYPz7Nf9ccgAdJd+HUPplLvpAoseay7Uutg3YgGxU70TJL6QgYAfHCvkPYgww -nv+bP6c1aqujVsob6mKQD+/jKVLciAalZR8punMRtZhw3Yh/g6YLTNpCkuYIRdr0 -VOCNZ2yXC/2ME2WBahtJG07H3ty1aB0UVyOYM3tDor/av+/nWEMn09apRdCN59dI -sdzxAJuFimY+IPP84Q+JnyimLSz3okToR1oK+s2OQCp1Bm3KOIm2nR8V2UI2FH4r -xOPXA6bPTMs0wM7prQXajHORJdMjPnCrFuf+i5Vp9k+YaIYE1nC9D5o3CzW5rRgn -qhW3CNBUHpSv7fkCAwEAAaOByzCByDAdBgNVHQ4EFgQUhwmUGl+yS64CcCSpc3Z4 -/cAO3FYwHwYDVR0jBBgwFoAUDw9q+nTStkndtS4ll5fj4FH3HiowNwYIKwYBBQUH +ZXJtZWRpYXRlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAME3O0P1 +gDpviJSh6hg7Vnu8TT6zPNyZSqoRDD6V7u12J1ulgVlzadwz2iA1SACsPkNe3xAX +2NPpEdoAcufTQlTxkzkLGHoMaU0SUHMM9k9EjV/AYonl8GN4G5K7I2ePd7HTP7Fn +3muqD3PD0/JphH7jBDQlaSMTI5JN1QhVfXe4Qpb99wk1IEq/jj0WnJNdgaLtnbSz +QwZ08nnxJtgauDw15s3WNnlcLT8+3xwI6Vp6y+TnqlTbfpY4oAw5ZWiIOqAFWnnu +jt2WCIaNPnmxfii9D5om9d6MbHrY53nEmkg1JiysHM7Uf6SideMnDw/eWrp6Wcfv +2DmNdIH8N6axt00CAwEAAaOByzCByDAdBgNVHQ4EFgQUp6swQby7zNN8IQbKxHGE +//oA/NMwHwYDVR0jBBgwFoAUKqnK7xgVPtOsxOwtoTyPGfjuUbUwNwYIKwYBBQUH AQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIw LAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4G A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB -AQDbARtb+U+aA3TLpoQWq7q7Y30ilPVwA91t+lPyI8Z7otJilrpalfjIoB/1NwHO -pVbvGV7aMDqBrBM3dN1dG7BKzMC1j9DObgYrdMDEcPo7kNF7wxCzj+FpQuyCXAmt -Ww6NShiD7PiC3OnYXPrM+cltzLTbsNiZufsw0iigRrh3/MIS63VSIIGF2qbtcUnb -XE+lMQ9ZwnON2hC+7AxK+NQ1xxNc6/PIQhnXIgcTrHFGnxJzng0uxnUt/AC0mRPk -Nb5/ei8se0RXPw8ruwYlRZQsLa/An+IpFGFTnayJ0gTGuVKgIXBvscCcyW0HqxTT -00kFux5NR7ZibaI1PEc+MhwR +AQCHPVOa45fuu02k9sXHe/AyD7spWxux/Ed1ATkdiMR5MEp6Svs8XPWJPyxxSB8S +nvsrj9yZ//NtSrgcs1mGnicuxBY5jn2qqLCTbQeIeAxIKY/wJRC0oWMkgTzo2nCh +xxTs5FjMThLr8xMqC/Z6iF5t1CqIQykdgRYvuTP+1tSWtKHeh9wwqJKHecwJ+qal +HOzkzvvNC3xHuVhO1MfxbZO8YYiIqy2QtLlTjvoTc7Gj+qSVWFoyLyLlzKRKrb7u +WWACIk08MRt707S/arfEb/F1aVfS6wLZrlunhSEJTMv/Msa7ustTbSnitL6501J6 +ZK/7Y0CbztibBnTdmSTdBda1 -----END CERTIFICATE----- Certificate: @@ -286,30 +286,30 @@ Certificate: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: - 00:f1:6d:df:8a:62:88:18:33:0e:b6:95:4d:a7:53: - 82:ad:ec:81:5e:c7:e1:d8:b9:38:a5:eb:3f:8e:d8: - 97:bb:ed:29:77:b2:d6:ac:34:96:a0:cd:a2:33:d8: - 88:49:88:6b:ce:aa:91:02:b9:33:51:52:d5:e7:b6: - ef:55:d3:d6:6a:f3:3f:87:d9:1b:60:b2:e3:b3:78: - be:e2:8c:b4:30:f3:60:75:eb:30:c5:71:51:49:90: - b9:99:5c:2c:78:9e:72:0d:02:3f:16:bb:6d:f7:f7: - 9e:07:d2:b4:47:85:ea:b0:92:3e:b6:8a:41:71:6a: - 4c:f6:ba:6d:60:4f:7c:29:b3:82:1d:04:07:76:32: - bc:25:38:2c:e4:be:29:2d:80:c3:20:62:a3:65:31: - f2:14:93:2d:92:9d:54:8b:96:4e:4d:df:4e:f7:80: - b2:e7:88:fd:06:32:30:3e:64:9d:e4:96:e0:0e:3a: - ea:c3:4f:ca:df:4a:46:22:1f:df:92:bd:24:82:59: - 20:36:95:62:82:92:2e:d9:d7:a7:93:1e:a7:75:fb: - a9:22:a6:98:4d:e6:f2:b4:12:d0:76:0c:b8:a2:fc: - c3:5e:e7:df:fb:c0:b5:90:5b:a8:1a:1d:33:ae:ab: - e3:25:3d:87:b5:58:c6:bc:e4:fa:db:e9:50:67:3f: - ad:ad + 00:b6:f5:2f:2d:0b:bf:09:20:92:56:ed:6f:1b:b3: + 4e:2c:7b:1b:7d:8e:97:f1:ee:95:bf:2e:b7:63:de: + 9c:5b:35:3e:c1:5b:78:1e:6c:fd:94:fe:23:7d:6c: + 28:bf:da:ac:d4:47:58:b4:ba:00:9e:aa:ce:23:44: + c6:a3:84:7a:5b:53:99:bc:20:f7:f9:76:10:1c:3d: + c4:45:af:b4:55:7f:03:26:54:6f:92:15:3c:e1:ea: + 3d:00:c7:02:fb:ce:59:f9:5c:21:17:b2:18:9c:b8: + d2:d5:36:56:8d:7c:24:a0:76:66:7e:2e:18:88:d0: + ae:18:d8:65:98:56:33:0a:50:e8:28:eb:a9:fe:7e: + 2e:b7:c7:39:93:61:2c:6b:04:80:fa:5b:c3:b5:3f: + 82:b3:81:b3:92:2a:0a:ab:b0:1c:0d:3b:88:63:5e: + 19:dd:bd:c4:0a:43:b6:a2:f8:c9:e7:86:33:7e:4a: + b4:8b:1d:87:24:a4:67:6a:1d:32:41:a9:73:74:05: + dd:09:34:b9:42:63:fd:2c:bc:53:6e:06:51:f4:9f: + eb:b0:8d:0f:ec:9c:4b:61:6e:18:e0:d0:e4:03:34: + 34:66:1c:7c:33:64:f7:4d:4f:89:2d:a9:c3:b5:43: + 08:82:df:ad:0b:03:0d:20:6b:cf:27:81:cb:a7:53: + 7d:13 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 0F:0F:6A:FA:74:D2:B6:49:DD:B5:2E:25:97:97:E3:E0:51:F7:1E:2A + 2A:A9:CA:EF:18:15:3E:D3:AC:C4:EC:2D:A1:3C:8F:19:F8:EE:51:B5 X509v3 Authority Key Identifier: - keyid:0F:0F:6A:FA:74:D2:B6:49:DD:B5:2E:25:97:97:E3:E0:51:F7:1E:2A + keyid:2A:A9:CA:EF:18:15:3E:D3:AC:C4:EC:2D:A1:3C:8F:19:F8:EE:51:B5 Authority Information Access: CA Issuers - URI:http://url-for-aia/Root.cer @@ -324,41 +324,41 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE, pathlen:1 Signature Algorithm: sha256WithRSAEncryption - 38:cf:2c:95:d8:1b:14:a6:43:13:ed:9b:a2:9f:54:eb:33:64: - 2b:a6:c0:04:81:23:52:27:f1:17:12:a1:9a:f0:d2:77:dd:06: - 95:90:a5:bb:be:e1:98:f7:f0:11:a3:fc:71:80:c7:d0:72:f3: - d4:dc:3f:36:51:52:66:5f:92:a8:fa:ca:4f:8f:8f:2a:3d:93: - 12:8a:4f:94:69:99:6f:60:0b:86:81:91:00:98:cd:00:37:a7: - c7:60:e9:f4:07:85:5b:db:35:9b:61:bb:b6:aa:ca:a2:af:1c: - a4:e2:f8:0d:2b:84:2a:9f:7f:53:b6:25:31:ff:31:b8:e6:03: - 3c:f3:a1:5c:1a:51:4b:3e:d6:82:c9:24:d2:e8:3c:06:6b:b7: - f9:f5:77:55:67:fd:75:93:1a:d4:07:5d:6c:7c:6a:ed:12:9c: - b5:d6:f2:df:0c:39:a9:05:b9:11:b9:ca:21:31:26:5c:63:ac: - c3:bb:a7:e7:87:82:80:10:3a:32:fb:3a:9a:a8:0d:cf:af:94: - a4:a2:8a:0e:1c:1d:89:05:82:53:b6:86:1d:80:b4:00:de:31: - f1:20:4e:77:65:16:28:70:95:78:6b:d3:2e:e5:30:40:32:d2: - f6:b6:5c:30:de:07:70:5f:87:6b:51:31:85:4b:cf:8c:d9:0e: - 01:9a:12:6c + 4e:33:39:0a:dd:84:e1:33:fa:3c:11:3a:01:90:26:0f:61:50: + 04:74:a5:8f:5b:8f:67:48:c7:6c:e9:33:8b:51:40:b6:55:b4: + 55:3c:71:ee:77:a7:ec:b3:21:66:b7:3c:c4:09:24:2b:b7:f7: + fd:66:e3:ff:81:b5:bb:f5:59:ff:31:80:f3:a4:46:20:f8:db: + 15:67:f3:f9:95:a7:3c:89:e7:69:f8:3f:2f:a1:fc:e9:c1:4e: + b9:42:cd:e3:17:f4:b9:eb:f6:19:74:9c:52:bf:36:58:1f:ab: + ac:29:c8:3d:e1:c9:fb:a6:e1:3f:86:12:e4:2f:78:0f:17:de: + 23:3a:04:9b:ee:29:2c:48:1d:b6:82:33:e5:78:26:f4:c5:5d: + 36:91:24:15:d2:c7:73:49:0c:6f:1d:2e:b8:53:ab:c0:a2:17: + 11:b9:ee:91:94:43:90:8a:de:5e:08:02:e3:d4:be:6f:cd:fc: + a0:c2:8f:91:07:02:b0:ff:ff:03:a3:77:47:88:b7:a3:24:2e: + 8f:00:96:e6:23:3e:9a:43:4b:29:ba:39:ee:16:2c:43:3e:7e: + 58:2c:60:d0:0a:05:c6:42:88:56:b6:1a:3d:24:c9:93:57:de: + 73:67:16:fc:93:32:06:fe:2e:9c:f5:5f:08:2d:73:63:e6:05: + d2:78:a7:8f -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- MIIDaDCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPFt34piiBgzDraVTadT -gq3sgV7H4di5OKXrP47Yl7vtKXey1qw0lqDNojPYiEmIa86qkQK5M1FS1ee271XT -1mrzP4fZG2Cy47N4vuKMtDDzYHXrMMVxUUmQuZlcLHiecg0CPxa7bff3ngfStEeF -6rCSPraKQXFqTPa6bWBPfCmzgh0EB3YyvCU4LOS+KS2AwyBio2Ux8hSTLZKdVIuW -Tk3fTveAsueI/QYyMD5kneSW4A466sNPyt9KRiIf35K9JIJZIDaVYoKSLtnXp5Me -p3X7qSKmmE3m8rQS0HYMuKL8w17n3/vAtZBbqBodM66r4yU9h7VYxrzk+tvpUGc/ -ra0CAwEAAaOBzjCByzAdBgNVHQ4EFgQUDw9q+nTStkndtS4ll5fj4FH3HiowHwYD -VR0jBBgwFoAUDw9q+nTStkndtS4ll5fj4FH3HiowNwYIKwYBBQUHAQEEKzApMCcG +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALb1Ly0Lvwkgklbtbxuz +Tix7G32Ol/Hulb8ut2PenFs1PsFbeB5s/ZT+I31sKL/arNRHWLS6AJ6qziNExqOE +eltTmbwg9/l2EBw9xEWvtFV/AyZUb5IVPOHqPQDHAvvOWflcIReyGJy40tU2Vo18 +JKB2Zn4uGIjQrhjYZZhWMwpQ6Cjrqf5+LrfHOZNhLGsEgPpbw7U/grOBs5IqCquw +HA07iGNeGd29xApDtqL4yeeGM35KtIsdhySkZ2odMkGpc3QF3Qk0uUJj/Sy8U24G +UfSf67CND+ycS2FuGODQ5AM0NGYcfDNk901PiS2pw7VDCILfrQsDDSBrzyeBy6dT +fRMCAwEAAaOBzjCByzAdBgNVHQ4EFgQUKqnK7xgVPtOsxOwtoTyPGfjuUbUwHwYD +VR0jBBgwFoAUKqnK7xgVPtOsxOwtoTyPGfjuUbUwNwYIKwYBBQUHAQEEKzApMCcG CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE -AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQA4zyyV -2BsUpkMT7Zuin1TrM2QrpsAEgSNSJ/EXEqGa8NJ33QaVkKW7vuGY9/ARo/xxgMfQ -cvPU3D82UVJmX5Ko+spPj48qPZMSik+UaZlvYAuGgZEAmM0AN6fHYOn0B4Vb2zWb -Ybu2qsqirxyk4vgNK4Qqn39TtiUx/zG45gM886FcGlFLPtaCySTS6DwGa7f59XdV -Z/11kxrUB11sfGrtEpy11vLfDDmpBbkRucohMSZcY6zDu6fnh4KAEDoy+zqaqA3P -r5SkoooOHB2JBYJTtoYdgLQA3jHxIE53ZRYocJV4a9Mu5TBAMtL2tlww3gdwX4dr -UTGFS8+M2Q4BmhJs +AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBOMzkK +3YThM/o8EToBkCYPYVAEdKWPW49nSMds6TOLUUC2VbRVPHHud6fssyFmtzzECSQr +t/f9ZuP/gbW79Vn/MYDzpEYg+NsVZ/P5lac8iedp+D8vofzpwU65Qs3jF/S56/YZ +dJxSvzZYH6usKcg94cn7puE/hhLkL3gPF94jOgSb7iksSB22gjPleCb0xV02kSQV +0sdzSQxvHS64U6vAohcRue6RlEOQit5eCALj1L5vzfygwo+RBwKw//8Do3dHiLej +JC6PAJbmIz6aQ0spujnuFixDPn5YLGDQCgXGQohWtho9JMmTV95zZxb8kzIG/i6c +9V8ILXNj5gXSeKeP -----END TRUST_ANCHOR_UNCONSTRAINED----- 150302120000Z @@ -370,3 +370,8 @@ SUCCESS -----BEGIN VERIFY_RESULT----- U1VDQ0VTUw== -----END VERIFY_RESULT----- + +serverAuth +-----BEGIN KEY_PURPOSE----- +c2VydmVyQXV0aA== +-----END KEY_PURPOSE----- diff --git a/chromium/net/data/websocket/OWNERS b/chromium/net/data/websocket/OWNERS index 4bffd3a3ad3..4546121a80f 100644 --- a/chromium/net/data/websocket/OWNERS +++ b/chromium/net/data/websocket/OWNERS @@ -2,4 +2,5 @@ ricea@chromium.org tyoshino@chromium.org yhirano@chromium.org +# TEAM: blink-network-dev@chromium.org # COMPONENT: Blink>Network>WebSockets diff --git a/chromium/net/disk_cache/backend_unittest.cc b/chromium/net/disk_cache/backend_unittest.cc index 20fa69ae349..8c13955fa26 100644 --- a/chromium/net/disk_cache/backend_unittest.cc +++ b/chromium/net/disk_cache/backend_unittest.cc @@ -18,7 +18,9 @@ #include "base/threading/platform_thread.h" #include "base/threading/thread_restrictions.h" #include "base/threading/thread_task_runner_handle.h" -#include "base/trace_event/memory_usage_estimator.h" +#include "base/trace_event/memory_allocator_dump.h" +#include "base/trace_event/process_memory_dump.h" +#include "base/trace_event/trace_event_argument.h" #include "net/base/cache_type.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" @@ -324,9 +326,6 @@ void DiskCacheBackendTest::BackendBasics() { ASSERT_TRUE(NULL != entry1); entry1->Close(); entry1 = NULL; - // base::trace_event::EstimateMemoryUsage(cache_) is added to make sure - // tracking memory doesn't introduce crashes. - EXPECT_LT(0u, base::trace_event::EstimateMemoryUsage(cache_)); ASSERT_THAT(OpenEntry("the first key", &entry1), IsOk()); ASSERT_TRUE(NULL != entry1); @@ -340,20 +339,17 @@ void DiskCacheBackendTest::BackendBasics() { ASSERT_TRUE(NULL != entry1); ASSERT_TRUE(NULL != entry2); EXPECT_EQ(2, cache_->GetEntryCount()); - EXPECT_LT(0u, base::trace_event::EstimateMemoryUsage(cache_)); disk_cache::Entry* entry3 = NULL; ASSERT_THAT(OpenEntry("some other key", &entry3), IsOk()); ASSERT_TRUE(NULL != entry3); EXPECT_TRUE(entry2 == entry3); - EXPECT_LT(0u, base::trace_event::EstimateMemoryUsage(cache_)); EXPECT_THAT(DoomEntry("some other key"), IsOk()); EXPECT_EQ(1, cache_->GetEntryCount()); entry1->Close(); entry2->Close(); entry3->Close(); - EXPECT_LT(0u, base::trace_event::EstimateMemoryUsage(cache_)); EXPECT_THAT(DoomEntry("the first key"), IsOk()); EXPECT_EQ(0, cache_->GetEntryCount()); @@ -365,7 +361,6 @@ void DiskCacheBackendTest::BackendBasics() { EXPECT_THAT(DoomEntry("some other key"), IsOk()); EXPECT_EQ(0, cache_->GetEntryCount()); entry2->Close(); - EXPECT_LT(0u, base::trace_event::EstimateMemoryUsage(cache_)); } TEST_F(DiskCacheBackendTest, Basics) { @@ -520,6 +515,74 @@ TEST_F(DiskCacheBackendTest, CreateBackend_MissingFile) { DisableIntegrityCheck(); } +TEST_F(DiskCacheBackendTest, MemCacheMemoryDump) { + SetMemoryOnlyMode(); + BackendBasics(); + base::trace_event::MemoryDumpArgs args = { + base::trace_event::MemoryDumpLevelOfDetail::BACKGROUND}; + base::trace_event::ProcessMemoryDump pmd(nullptr, args); + base::trace_event::MemoryAllocatorDump* parent = + pmd.CreateAllocatorDump("net/url_request_context/main/0x123/http_cache"); + + ASSERT_LT(0u, cache_->DumpMemoryStats(&pmd, parent->absolute_name())); + EXPECT_EQ(2u, pmd.allocator_dumps().size()); + const base::trace_event::MemoryAllocatorDump* sub_dump = + pmd.GetAllocatorDump(parent->absolute_name() + "/memory_backend"); + ASSERT_NE(nullptr, sub_dump); + + // Verify that the appropriate attributes were set. + std::unique_ptr<base::Value> raw_attrs = + sub_dump->attributes_for_testing()->ToBaseValue(); + base::DictionaryValue* attrs; + ASSERT_TRUE(raw_attrs->GetAsDictionary(&attrs)); + EXPECT_EQ(3u, attrs->size()); + base::DictionaryValue* size_attrs; + ASSERT_TRUE(attrs->GetDictionary( + base::trace_event::MemoryAllocatorDump::kNameSize, &size_attrs)); + ASSERT_TRUE(attrs->GetDictionary("mem_backend_size", &size_attrs)); + ASSERT_TRUE(attrs->GetDictionary("mem_backend_max_size", &size_attrs)); +} + +TEST_F(DiskCacheBackendTest, SimpleCacheMemoryDump) { + simple_cache_mode_ = true; + BackendBasics(); + base::trace_event::MemoryDumpArgs args = { + base::trace_event::MemoryDumpLevelOfDetail::BACKGROUND}; + base::trace_event::ProcessMemoryDump pmd(nullptr, args); + base::trace_event::MemoryAllocatorDump* parent = + pmd.CreateAllocatorDump("net/url_request_context/main/0x123/http_cache"); + + ASSERT_LT(0u, cache_->DumpMemoryStats(&pmd, parent->absolute_name())); + EXPECT_EQ(2u, pmd.allocator_dumps().size()); + const base::trace_event::MemoryAllocatorDump* sub_dump = + pmd.GetAllocatorDump(parent->absolute_name() + "/simple_backend"); + ASSERT_NE(nullptr, sub_dump); + + // Verify that the appropriate attributes were set. + std::unique_ptr<base::Value> raw_attrs = + sub_dump->attributes_for_testing()->ToBaseValue(); + base::DictionaryValue* attrs; + ASSERT_TRUE(raw_attrs->GetAsDictionary(&attrs)); + EXPECT_EQ(1u, attrs->size()); + base::DictionaryValue* size_attrs; + ASSERT_TRUE(attrs->GetDictionary( + base::trace_event::MemoryAllocatorDump::kNameSize, &size_attrs)); +} + +TEST_F(DiskCacheBackendTest, BlockFileCacheMemoryDump) { + // TODO(jkarlin): If the blockfile cache gets memory dump support, update + // this test. + BackendBasics(); + base::trace_event::MemoryDumpArgs args = { + base::trace_event::MemoryDumpLevelOfDetail::BACKGROUND}; + base::trace_event::ProcessMemoryDump pmd(nullptr, args); + base::trace_event::MemoryAllocatorDump* parent = + pmd.CreateAllocatorDump("net/url_request_context/main/0x123/http_cache"); + + ASSERT_EQ(0u, cache_->DumpMemoryStats(&pmd, parent->absolute_name())); + EXPECT_EQ(1u, pmd.allocator_dumps().size()); +} + TEST_F(DiskCacheBackendTest, ExternalFiles) { InitCache(); // First, let's create a file on the folder. @@ -3117,15 +3180,54 @@ TEST_F(DiskCacheBackendTest, MemoryOnlyUseAfterFree) { std::string key_prefix("prefix"); for (int i = 0; i < kTooManyEntriesCount; ++i) { ASSERT_THAT(CreateEntry(key_prefix + base::IntToString(i), &entry), IsOk()); - EXPECT_EQ(kWriteSize, - WriteData(entry, 1, 0, buffer.get(), kWriteSize, false)); + // Not checking the result because it will start to fail once the max size + // is reached. + WriteData(entry, 1, 0, buffer.get(), kWriteSize, false); + open_entries.push_back(disk_cache::ScopedEntryPtr(entry)); + } + + // Writing this sparse data should not crash. Ignoring the result because + // we're only concerned with not crashing in this particular test. + first_parent->WriteSparseData(32768, buffer.get(), 1024, + net::CompletionCallback()); +} + +TEST_F(DiskCacheBackendTest, MemoryCapsWritesToMaxSize) { + // Verify that the memory backend won't grow beyond its max size if lots of + // open entries (each smaller than the max entry size) are trying to write + // beyond the max size. + SetMemoryOnlyMode(); + + const int kMaxSize = 100 * 1024; // 100KB cache + const int kNumEntries = 20; // 20 entries to write + const int kWriteSize = kMaxSize / 10; // Each entry writes 1/10th the max + + SetMaxSize(kMaxSize); + InitCache(); + + scoped_refptr<net::IOBuffer> buffer(new net::IOBuffer(kWriteSize)); + CacheTestFillBuffer(buffer->data(), kWriteSize, false); + + // Create an entry to be the final entry that gets written later. + disk_cache::Entry* entry; + ASSERT_THAT(CreateEntry("final", &entry), IsOk()); + disk_cache::ScopedEntryPtr final_entry(entry); + + // Create a ton of entries, write to the cache, and keep the entries open. + // They should start failing writes once the cache fills. + std::list<disk_cache::ScopedEntryPtr> open_entries; + std::string key_prefix("prefix"); + for (int i = 0; i < kNumEntries; ++i) { + ASSERT_THAT(CreateEntry(key_prefix + base::IntToString(i), &entry), IsOk()); + WriteData(entry, 1, 0, buffer.get(), kWriteSize, false); open_entries.push_back(disk_cache::ScopedEntryPtr(entry)); } - EXPECT_LT(kMaxSize, CalculateSizeOfAllEntries()); + EXPECT_GE(kMaxSize, CalculateSizeOfAllEntries()); - // Writing this sparse data should not crash. - EXPECT_EQ(1024, first_parent->WriteSparseData(32768, buffer.get(), 1024, - net::CompletionCallback())); + // Any more writing at this point should cause an error. + EXPECT_THAT( + WriteData(final_entry.get(), 1, 0, buffer.get(), kWriteSize, false), + IsError(net::ERR_INSUFFICIENT_RESOURCES)); } TEST_F(DiskCacheTest, Backend_UsageStatsTimer) { diff --git a/chromium/net/disk_cache/blockfile/backend_impl.cc b/chromium/net/disk_cache/blockfile/backend_impl.cc index 7d4f296199b..4557531fc27 100644 --- a/chromium/net/disk_cache/blockfile/backend_impl.cc +++ b/chromium/net/disk_cache/blockfile/backend_impl.cc @@ -26,6 +26,7 @@ #include "base/threading/thread_task_runner_handle.h" #include "base/time/time.h" #include "base/timer/timer.h" +#include "base/trace_event/process_memory_dump.h" #include "net/base/net_errors.h" #include "net/disk_cache/blockfile/disk_format.h" #include "net/disk_cache/blockfile/entry_impl.h" @@ -332,13 +333,15 @@ void BackendImpl::CleanupCache() { // ------------------------------------------------------------------------ -int BackendImpl::SyncOpenEntry(const std::string& key, Entry** entry) { +int BackendImpl::SyncOpenEntry(const std::string& key, + scoped_refptr<EntryImpl>* entry) { DCHECK(entry); *entry = OpenEntryImpl(key); return (*entry) ? net::OK : net::ERR_FAILED; } -int BackendImpl::SyncCreateEntry(const std::string& key, Entry** entry) { +int BackendImpl::SyncCreateEntry(const std::string& key, + scoped_refptr<EntryImpl>* entry) { DCHECK(entry); *entry = CreateEntryImpl(key); return (*entry) ? net::OK : net::ERR_FAILED; @@ -348,12 +351,11 @@ int BackendImpl::SyncDoomEntry(const std::string& key) { if (disabled_) return net::ERR_FAILED; - EntryImpl* entry = OpenEntryImpl(key); + scoped_refptr<EntryImpl> entry = OpenEntryImpl(key); if (!entry) return net::ERR_FAILED; entry->DoomImpl(); - entry->Release(); return net::OK; } @@ -387,27 +389,23 @@ int BackendImpl::SyncDoomEntriesBetween(const base::Time initial_time, if (disabled_) return net::ERR_FAILED; - EntryImpl* node; + scoped_refptr<EntryImpl> node; std::unique_ptr<Rankings::Iterator> iterator(new Rankings::Iterator()); - EntryImpl* next = OpenNextEntryImpl(iterator.get()); + scoped_refptr<EntryImpl> next = OpenNextEntryImpl(iterator.get()); if (!next) return net::OK; while (next) { - node = next; + node = std::move(next); next = OpenNextEntryImpl(iterator.get()); if (node->GetLastUsed() >= initial_time && node->GetLastUsed() < end_time) { node->DoomImpl(); } else if (node->GetLastUsed() < initial_time) { - if (next) - next->Release(); next = NULL; SyncEndEnumeration(std::move(iterator)); } - - node->Release(); } return net::OK; @@ -431,25 +429,25 @@ int BackendImpl::SyncDoomEntriesSince(const base::Time initial_time) { stats_.OnEvent(Stats::DOOM_RECENT); for (;;) { std::unique_ptr<Rankings::Iterator> iterator(new Rankings::Iterator()); - EntryImpl* entry = OpenNextEntryImpl(iterator.get()); + scoped_refptr<EntryImpl> entry = OpenNextEntryImpl(iterator.get()); if (!entry) return net::OK; if (initial_time > entry->GetLastUsed()) { - entry->Release(); + entry = nullptr; SyncEndEnumeration(std::move(iterator)); return net::OK; } entry->DoomImpl(); - entry->Release(); + entry = nullptr; SyncEndEnumeration( std::move(iterator)); // The doom invalidated the iterator. } } int BackendImpl::SyncOpenNextEntry(Rankings::Iterator* iterator, - Entry** next_entry) { + scoped_refptr<EntryImpl>* next_entry) { *next_entry = OpenNextEntryImpl(iterator); return (*next_entry) ? net::OK : net::ERR_FAILED; } @@ -465,16 +463,13 @@ void BackendImpl::SyncOnExternalCacheHit(const std::string& key) { uint32_t hash = base::Hash(key); bool error; - EntryImpl* cache_entry = MatchEntry(key, hash, false, Addr(), &error); - if (cache_entry) { - if (ENTRY_NORMAL == cache_entry->entry()->Data()->state) { - UpdateRank(cache_entry, cache_type() == net::SHADER_CACHE); - } - cache_entry->Release(); - } + scoped_refptr<EntryImpl> cache_entry = + MatchEntry(key, hash, false, Addr(), &error); + if (cache_entry && ENTRY_NORMAL == cache_entry->entry()->Data()->state) + UpdateRank(cache_entry.get(), cache_type() == net::SHADER_CACHE); } -EntryImpl* BackendImpl::OpenEntryImpl(const std::string& key) { +scoped_refptr<EntryImpl> BackendImpl::OpenEntryImpl(const std::string& key) { if (disabled_) return NULL; @@ -483,10 +478,10 @@ EntryImpl* BackendImpl::OpenEntryImpl(const std::string& key) { Trace("Open hash 0x%x", hash); bool error; - EntryImpl* cache_entry = MatchEntry(key, hash, false, Addr(), &error); + scoped_refptr<EntryImpl> cache_entry = + MatchEntry(key, hash, false, Addr(), &error); if (cache_entry && ENTRY_NORMAL != cache_entry->entry()->Data()->state) { // The entry was already evicted. - cache_entry->Release(); cache_entry = NULL; web_fonts_histogram::RecordEvictedEntry(key); } else if (!cache_entry) { @@ -503,7 +498,7 @@ EntryImpl* BackendImpl::OpenEntryImpl(const std::string& key) { return NULL; } - eviction_.OnOpenEntry(cache_entry); + eviction_.OnOpenEntry(cache_entry.get()); entry_count_++; Trace("Open hash 0x%x end: 0x%x", hash, @@ -515,11 +510,11 @@ EntryImpl* BackendImpl::OpenEntryImpl(const std::string& key) { CACHE_UMA(HOURS, "AllOpenByUseHours.Hit", 0, static_cast<base::HistogramBase::Sample>(use_hours)); stats_.OnEvent(Stats::OPEN_HIT); - web_fonts_histogram::RecordCacheHit(cache_entry); + web_fonts_histogram::RecordCacheHit(cache_entry.get()); return cache_entry; } -EntryImpl* BackendImpl::CreateEntryImpl(const std::string& key) { +scoped_refptr<EntryImpl> BackendImpl::CreateEntryImpl(const std::string& key) { if (disabled_ || key.empty()) return NULL; @@ -533,15 +528,14 @@ EntryImpl* BackendImpl::CreateEntryImpl(const std::string& key) { // We have an entry already. It could be the one we are looking for, or just // a hash conflict. bool error; - EntryImpl* old_entry = MatchEntry(key, hash, false, Addr(), &error); + scoped_refptr<EntryImpl> old_entry = + MatchEntry(key, hash, false, Addr(), &error); if (old_entry) - return ResurrectEntry(old_entry); + return ResurrectEntry(std::move(old_entry)); - EntryImpl* parent_entry = MatchEntry(key, hash, true, Addr(), &error); + parent = MatchEntry(key, hash, true, Addr(), &error); DCHECK(!error); - if (parent_entry) { - parent.swap(&parent_entry); - } else if (data_->table[hash & mask_]) { + if (!parent && data_->table[hash & mask_]) { // We should have corrected the problem. NOTREACHED(); return NULL; @@ -613,11 +607,11 @@ EntryImpl* BackendImpl::CreateEntryImpl(const std::string& key) { stats_.OnEvent(Stats::CREATE_HIT); Trace("create entry hit "); FlushIndex(); - cache_entry->AddRef(); - return cache_entry.get(); + return cache_entry; } -EntryImpl* BackendImpl::OpenNextEntryImpl(Rankings::Iterator* iterator) { +scoped_refptr<EntryImpl> BackendImpl::OpenNextEntryImpl( + Rankings::Iterator* iterator) { if (disabled_) return NULL; @@ -629,10 +623,8 @@ EntryImpl* BackendImpl::OpenNextEntryImpl(Rankings::Iterator* iterator) { // Get an entry from each list. for (int i = 0; i < kListsToSearch; i++) { - EntryImpl* temp = NULL; ret |= OpenFollowingEntryFromList(static_cast<Rankings::List>(i), - &iterator->nodes[i], &temp); - entries[i].swap(&temp); // The entry was already addref'd. + &iterator->nodes[i], &entries[i]); } if (!ret) { iterator->Reset(); @@ -642,16 +634,13 @@ EntryImpl* BackendImpl::OpenNextEntryImpl(Rankings::Iterator* iterator) { // Get the next entry from the last list, and the actual entries for the // elements on the other lists. for (int i = 0; i < kListsToSearch; i++) { - EntryImpl* temp = NULL; if (iterator->list == i) { - OpenFollowingEntryFromList( - iterator->list, &iterator->nodes[i], &temp); + OpenFollowingEntryFromList(iterator->list, &iterator->nodes[i], + &entries[i]); } else { - temp = GetEnumeratedEntry(iterator->nodes[i], - static_cast<Rankings::List>(i)); + entries[i] = GetEnumeratedEntry(iterator->nodes[i], + static_cast<Rankings::List>(i)); } - - entries[i].swap(&temp); // The entry was already addref'd. } } @@ -678,10 +667,8 @@ EntryImpl* BackendImpl::OpenNextEntryImpl(Rankings::Iterator* iterator) { return NULL; } - EntryImpl* next_entry; - next_entry = entries[newest].get(); + scoped_refptr<EntryImpl> next_entry = entries[newest]; iterator->list = static_cast<Rankings::List>(newest); - next_entry->AddRef(); return next_entry; } @@ -788,14 +775,14 @@ void BackendImpl::UpdateRank(EntryImpl* entry, bool modified) { void BackendImpl::RecoveredEntry(CacheRankingsBlock* rankings) { Addr address(rankings->Data()->contents); - EntryImpl* cache_entry = NULL; + scoped_refptr<EntryImpl> cache_entry; if (NewEntry(address, &cache_entry)) { STRESS_NOTREACHED(); return; } uint32_t hash = cache_entry->GetHash(); - cache_entry->Release(); + cache_entry = nullptr; // Anything on the table means that this entry is there. if (data_->table[hash & mask_]) @@ -810,7 +797,8 @@ void BackendImpl::InternalDoomEntry(EntryImpl* entry) { std::string key = entry->GetKey(); Addr entry_addr = entry->entry()->address(); bool error; - EntryImpl* parent_entry = MatchEntry(key, hash, true, entry_addr, &error); + scoped_refptr<EntryImpl> parent_entry = + MatchEntry(key, hash, true, entry_addr, &error); CacheAddr child(entry->GetNextAddress()); Trace("Doom entry 0x%p", entry); @@ -827,7 +815,7 @@ void BackendImpl::InternalDoomEntry(EntryImpl* entry) { if (parent_entry) { parent_entry->SetNextAddress(Addr(child)); - parent_entry->Release(); + parent_entry = nullptr; } else if (!error) { data_->table[hash & mask_] = child; } @@ -1333,9 +1321,11 @@ void BackendImpl::OnExternalCacheHit(const std::string& key) { background_queue_.OnExternalCacheHit(key); } -size_t BackendImpl::EstimateMemoryUsage() const { +size_t BackendImpl::DumpMemoryStats( + base::trace_event::ProcessMemoryDump* pmd, + const std::string& parent_absolute_name) const { // TODO(xunjieli): Implement this. crbug.com/669108. - return 0; + return 0u; } // ------------------------------------------------------------------------ @@ -1533,13 +1523,11 @@ void BackendImpl::PrepareForRestart() { restarted_ = true; } -int BackendImpl::NewEntry(Addr address, EntryImpl** entry) { +int BackendImpl::NewEntry(Addr address, scoped_refptr<EntryImpl>* entry) { EntriesMap::iterator it = open_entries_.find(address.value()); if (it != open_entries_.end()) { // Easy job. This entry is already in memory. - EntryImpl* this_entry = it->second; - this_entry->AddRef(); - *entry = this_entry; + *entry = make_scoped_refptr(it->second); return 0; } @@ -1606,18 +1594,17 @@ int BackendImpl::NewEntry(Addr address, EntryImpl** entry) { open_entries_[address.value()] = cache_entry.get(); cache_entry->BeginLogging(net_log_, false); - cache_entry.swap(entry); + *entry = std::move(cache_entry); return 0; } -EntryImpl* BackendImpl::MatchEntry(const std::string& key, - uint32_t hash, - bool find_parent, - Addr entry_addr, - bool* match_error) { +scoped_refptr<EntryImpl> BackendImpl::MatchEntry(const std::string& key, + uint32_t hash, + bool find_parent, + Addr entry_addr, + bool* match_error) { Addr address(data_->table[hash & mask_]); scoped_refptr<EntryImpl> cache_entry, parent_entry; - EntryImpl* tmp = NULL; bool found = false; std::set<CacheAddr> visited; *match_error = false; @@ -1641,9 +1628,7 @@ EntryImpl* BackendImpl::MatchEntry(const std::string& key, break; } - int error = NewEntry(address, &tmp); - cache_entry.swap(&tmp); - + int error = NewEntry(address, &cache_entry); if (error || cache_entry->dirty()) { // This entry is dirty on disk (it was not properly closed): we cannot // trust it. @@ -1709,18 +1694,15 @@ EntryImpl* BackendImpl::MatchEntry(const std::string& key, if (cache_entry.get() && (find_parent || !found)) cache_entry = NULL; - if (find_parent) - parent_entry.swap(&tmp); - else - cache_entry.swap(&tmp); - FlushIndex(); - return tmp; + + return find_parent ? std::move(parent_entry) : std::move(cache_entry); } -bool BackendImpl::OpenFollowingEntryFromList(Rankings::List list, - CacheRankingsBlock** from_entry, - EntryImpl** next_entry) { +bool BackendImpl::OpenFollowingEntryFromList( + Rankings::List list, + CacheRankingsBlock** from_entry, + scoped_refptr<EntryImpl>* next_entry) { if (disabled_) return false; @@ -1740,12 +1722,13 @@ bool BackendImpl::OpenFollowingEntryFromList(Rankings::List list, return true; } -EntryImpl* BackendImpl::GetEnumeratedEntry(CacheRankingsBlock* next, - Rankings::List list) { +scoped_refptr<EntryImpl> BackendImpl::GetEnumeratedEntry( + CacheRankingsBlock* next, + Rankings::List list) { if (!next || disabled_) return NULL; - EntryImpl* entry; + scoped_refptr<EntryImpl> entry; int rv = NewEntry(Addr(next->Data()->contents), &entry); if (rv) { STRESS_NOTREACHED(); @@ -1759,14 +1742,12 @@ EntryImpl* BackendImpl::GetEnumeratedEntry(CacheRankingsBlock* next, if (entry->dirty()) { // We cannot trust this entry. - InternalDoomEntry(entry); - entry->Release(); + InternalDoomEntry(entry.get()); return NULL; } if (!entry->Update()) { STRESS_NOTREACHED(); - entry->Release(); return NULL; } @@ -1784,9 +1765,10 @@ EntryImpl* BackendImpl::GetEnumeratedEntry(CacheRankingsBlock* next, return entry; } -EntryImpl* BackendImpl::ResurrectEntry(EntryImpl* deleted_entry) { +scoped_refptr<EntryImpl> BackendImpl::ResurrectEntry( + scoped_refptr<EntryImpl> deleted_entry) { if (ENTRY_NORMAL == deleted_entry->entry()->Data()->state) { - deleted_entry->Release(); + deleted_entry = nullptr; stats_.OnEvent(Stats::CREATE_MISS); Trace("create entry miss "); return NULL; @@ -1795,7 +1777,7 @@ EntryImpl* BackendImpl::ResurrectEntry(EntryImpl* deleted_entry) { // We are attempting to create an entry and found out that the entry was // previously deleted. - eviction_.OnCreateEntry(deleted_entry); + eviction_.OnCreateEntry(deleted_entry.get()); entry_count_++; stats_.OnEvent(Stats::RESURRECT_HIT); @@ -2053,14 +2035,12 @@ int BackendImpl::CheckAllEntries() { if (!address.is_initialized()) continue; for (;;) { - EntryImpl* tmp; - int ret = NewEntry(address, &tmp); + scoped_refptr<EntryImpl> cache_entry; + int ret = NewEntry(address, &cache_entry); if (ret) { STRESS_NOTREACHED(); return ret; } - scoped_refptr<EntryImpl> cache_entry; - cache_entry.swap(&tmp); if (cache_entry->dirty()) num_dirty++; diff --git a/chromium/net/disk_cache/blockfile/backend_impl.h b/chromium/net/disk_cache/blockfile/backend_impl.h index ed8e496b6d3..f1c124ed9b3 100644 --- a/chromium/net/disk_cache/blockfile/backend_impl.h +++ b/chromium/net/disk_cache/blockfile/backend_impl.h @@ -72,22 +72,23 @@ class NET_EXPORT_PRIVATE BackendImpl : public Backend { void CleanupCache(); // Synchronous implementation of the asynchronous interface. - int SyncOpenEntry(const std::string& key, Entry** entry); - int SyncCreateEntry(const std::string& key, Entry** entry); + int SyncOpenEntry(const std::string& key, scoped_refptr<EntryImpl>* entry); + int SyncCreateEntry(const std::string& key, scoped_refptr<EntryImpl>* entry); int SyncDoomEntry(const std::string& key); int SyncDoomAllEntries(); int SyncDoomEntriesBetween(base::Time initial_time, base::Time end_time); int SyncCalculateSizeOfAllEntries(); int SyncDoomEntriesSince(base::Time initial_time); - int SyncOpenNextEntry(Rankings::Iterator* iterator, Entry** next_entry); + int SyncOpenNextEntry(Rankings::Iterator* iterator, + scoped_refptr<EntryImpl>* next_entry); void SyncEndEnumeration(std::unique_ptr<Rankings::Iterator> iterator); void SyncOnExternalCacheHit(const std::string& key); // Open or create an entry for the given |key| or |iter|. - EntryImpl* OpenEntryImpl(const std::string& key); - EntryImpl* CreateEntryImpl(const std::string& key); - EntryImpl* OpenNextEntryImpl(Rankings::Iterator* iter); + scoped_refptr<EntryImpl> OpenEntryImpl(const std::string& key); + scoped_refptr<EntryImpl> CreateEntryImpl(const std::string& key); + scoped_refptr<EntryImpl> OpenNextEntryImpl(Rankings::Iterator* iter); // Sets the maximum size for the total amount of data stored by this instance. bool SetMaxSize(int max_bytes); @@ -293,7 +294,9 @@ class NET_EXPORT_PRIVATE BackendImpl : public Backend { std::unique_ptr<Iterator> CreateIterator() override; void GetStats(StatsItems* stats) override; void OnExternalCacheHit(const std::string& key) override; - size_t EstimateMemoryUsage() const override; + size_t DumpMemoryStats( + base::trace_event::ProcessMemoryDump* pmd, + const std::string& parent_absolute_name) const override; private: using EntriesMap = std::unordered_map<CacheAddr, EntryImpl*>; @@ -313,7 +316,7 @@ class NET_EXPORT_PRIVATE BackendImpl : public Backend { // Creates a new entry object. Returns zero on success, or a disk_cache error // on failure. - int NewEntry(Addr address, EntryImpl** entry); + int NewEntry(Addr address, scoped_refptr<EntryImpl>* entry); // Returns a given entry from the cache. The entry to match is determined by // key and hash, and the returned entry may be the matched one or it's parent @@ -322,24 +325,26 @@ class NET_EXPORT_PRIVATE BackendImpl : public Backend { // if it doesn't match the entry on the index, we know that it was replaced // with a new entry; in this case |*match_error| will be set to true and the // return value will be NULL. - EntryImpl* MatchEntry(const std::string& key, - uint32_t hash, - bool find_parent, - Addr entry_addr, - bool* match_error); + scoped_refptr<EntryImpl> MatchEntry(const std::string& key, + uint32_t hash, + bool find_parent, + Addr entry_addr, + bool* match_error); // Opens the next or previous entry on a single list. If successful, // |from_entry| will be updated to point to the new entry, otherwise it will // be set to NULL; in other words, it is used as an explicit iterator. bool OpenFollowingEntryFromList(Rankings::List list, CacheRankingsBlock** from_entry, - EntryImpl** next_entry); + scoped_refptr<EntryImpl>* next_entry); // Returns the entry that is pointed by |next|, from the given |list|. - EntryImpl* GetEnumeratedEntry(CacheRankingsBlock* next, Rankings::List list); + scoped_refptr<EntryImpl> GetEnumeratedEntry(CacheRankingsBlock* next, + Rankings::List list); // Re-opens an entry that was previously deleted. - EntryImpl* ResurrectEntry(EntryImpl* deleted_entry); + scoped_refptr<EntryImpl> ResurrectEntry( + scoped_refptr<EntryImpl> deleted_entry); void DestroyInvalidEntry(EntryImpl* entry); diff --git a/chromium/net/disk_cache/blockfile/block_files.cc b/chromium/net/disk_cache/blockfile/block_files.cc index 10798dae2bf..a1b9fa03e74 100644 --- a/chromium/net/disk_cache/blockfile/block_files.cc +++ b/chromium/net/disk_cache/blockfile/block_files.cc @@ -314,7 +314,7 @@ MappedFile* BlockFiles::GetFile(Addr address) { return NULL; } DCHECK_GE(block_files_.size(), static_cast<unsigned int>(file_index)); - return block_files_[file_index]; + return block_files_[file_index].get(); } bool BlockFiles::CreateBlock(FileType block_type, int block_count, @@ -388,12 +388,6 @@ void BlockFiles::CloseFiles() { DCHECK(thread_checker_->CalledOnValidThread()); } init_ = false; - for (unsigned int i = 0; i < block_files_.size(); i++) { - if (block_files_[i]) { - block_files_[i]->Release(); - block_files_[i] = NULL; - } - } block_files_.clear(); } @@ -515,7 +509,7 @@ bool BlockFiles::OpenBlockFile(int index) { ScopedFlush flush(file.get()); DCHECK(!block_files_[index]); - file.swap(&block_files_[index]); + block_files_[index] = std::move(file); return true; } @@ -551,7 +545,7 @@ bool BlockFiles::GrowBlockFile(MappedFile* file, BlockFileHeader* header) { MappedFile* BlockFiles::FileForNewBlock(FileType block_type, int block_count) { static_assert(RANKINGS == 1, "invalid file type"); - MappedFile* file = block_files_[block_type - 1]; + MappedFile* file = block_files_[block_type - 1].get(); BlockHeader file_header(file); TimeTicks start = TimeTicks::Now(); @@ -608,7 +602,7 @@ int16_t BlockFiles::CreateNextBlockFile(FileType block_type) { // We walk the list of files for this particular block type, deleting the ones // that are empty. bool BlockFiles::RemoveEmptyFile(FileType block_type) { - MappedFile* file = block_files_[block_type - 1]; + MappedFile* file = block_files_[block_type - 1].get(); BlockFileHeader* header = reinterpret_cast<BlockFileHeader*>(file->buffer()); while (header->next_file) { @@ -633,7 +627,6 @@ bool BlockFiles::RemoveEmptyFile(FileType block_type) { base::FilePath name = Name(file_index); scoped_refptr<File> this_file(new File(false)); this_file->Init(name); - block_files_[file_index]->Release(); block_files_[file_index] = NULL; int failure = DeleteCacheFile(name) ? 0 : 1; diff --git a/chromium/net/disk_cache/blockfile/block_files.h b/chromium/net/disk_cache/blockfile/block_files.h index 056b6a69f0f..f74ef281bda 100644 --- a/chromium/net/disk_cache/blockfile/block_files.h +++ b/chromium/net/disk_cache/blockfile/block_files.h @@ -15,6 +15,7 @@ #include "base/files/file_path.h" #include "base/gtest_prod_util.h" #include "base/macros.h" +#include "base/memory/ref_counted.h" #include "net/base/net_export.h" #include "net/disk_cache/blockfile/addr.h" #include "net/disk_cache/blockfile/disk_format_base.h" @@ -155,7 +156,7 @@ class NET_EXPORT_PRIVATE BlockFiles { bool init_; char* zero_buffer_; // Buffer to speed-up cleaning deleted entries. base::FilePath path_; // Path to the backing folder. - std::vector<MappedFile*> block_files_; // The actual files. + std::vector<scoped_refptr<MappedFile>> block_files_; // The actual files. std::unique_ptr<base::ThreadChecker> thread_checker_; FRIEND_TEST_ALL_PREFIXES(DiskCacheTest, BlockFiles_ZeroSizeFile); diff --git a/chromium/net/disk_cache/blockfile/entry_impl.cc b/chromium/net/disk_cache/blockfile/entry_impl.cc index 562efdf63f2..ecb576ed5e1 100644 --- a/chromium/net/disk_cache/blockfile/entry_impl.cc +++ b/chromium/net/disk_cache/blockfile/entry_impl.cc @@ -41,17 +41,16 @@ class SyncCallback: public disk_cache::FileIOCallback { public: // |end_event_type| is the event type to log on completion. Logs nothing on // discard, or when the NetLog is not set to log all events. - SyncCallback(disk_cache::EntryImpl* entry, + SyncCallback(scoped_refptr<disk_cache::EntryImpl> entry, net::IOBuffer* buffer, const net::CompletionCallback& callback, net::NetLogEventType end_event_type) - : entry_(entry), + : entry_(std::move(entry)), callback_(callback), buf_(buffer), start_(TimeTicks::Now()), end_event_type_(end_event_type) { - entry->AddRef(); - entry->IncrementIoCount(); + entry_->IncrementIoCount(); } ~SyncCallback() override {} @@ -59,7 +58,7 @@ class SyncCallback: public disk_cache::FileIOCallback { void Discard(); private: - disk_cache::EntryImpl* entry_; + scoped_refptr<disk_cache::EntryImpl> entry_; net::CompletionCallback callback_; scoped_refptr<net::IOBuffer> buf_; TimeTicks start_; @@ -80,7 +79,6 @@ void SyncCallback::OnFileIOComplete(int bytes_copied) { buf_ = NULL; // Release the buffer before invoking the callback. callback_.Run(bytes_copied); } - entry_->Release(); delete this; } @@ -1049,7 +1047,7 @@ int EntryImpl::InternalReadData(int index, int offset, SyncCallback* io_callback = NULL; if (!callback.is_null()) { - io_callback = new SyncCallback(this, buf, callback, + io_callback = new SyncCallback(make_scoped_refptr(this), buf, callback, net::NetLogEventType::ENTRY_READ_DATA); } diff --git a/chromium/net/disk_cache/blockfile/eviction.cc b/chromium/net/disk_cache/blockfile/eviction.cc index 97d8f703180..351bbac367c 100644 --- a/chromium/net/disk_cache/blockfile/eviction.cc +++ b/chromium/net/disk_cache/blockfile/eviction.cc @@ -289,14 +289,14 @@ Rankings::List Eviction::GetListForEntry(EntryImpl* entry) { bool Eviction::EvictEntry(CacheRankingsBlock* node, bool empty, Rankings::List list) { - EntryImpl* entry = backend_->GetEnumeratedEntry(node, list); + scoped_refptr<EntryImpl> entry = backend_->GetEnumeratedEntry(node, list); if (!entry) { Trace("NewEntry failed on Trim 0x%x", node->address().value()); return false; } - web_fonts_histogram::RecordEviction(entry); - ReportTrimTimes(entry); + web_fonts_histogram::RecordEviction(entry.get()); + ReportTrimTimes(entry.get()); if (empty || !new_eviction_) { entry->DoomImpl(); } else { @@ -304,7 +304,7 @@ bool Eviction::EvictEntry(CacheRankingsBlock* node, bool empty, EntryStore* info = entry->entry()->Data(); DCHECK_EQ(ENTRY_NORMAL, info->state); - rankings_->Remove(entry->rankings(), GetListForEntryV2(entry), true); + rankings_->Remove(entry->rankings(), GetListForEntryV2(entry.get()), true); info->state = ENTRY_EVICTED; entry->entry()->Store(); rankings_->Insert(entry->rankings(), true, Rankings::DELETED); @@ -312,8 +312,6 @@ bool Eviction::EvictEntry(CacheRankingsBlock* node, bool empty, if (!empty) backend_->OnEvent(Stats::TRIM_ENTRY); - entry->Release(); - return true; } @@ -531,7 +529,8 @@ void Eviction::TrimDeleted(bool empty) { } bool Eviction::RemoveDeletedNode(CacheRankingsBlock* node) { - EntryImpl* entry = backend_->GetEnumeratedEntry(node, Rankings::DELETED); + scoped_refptr<EntryImpl> entry = + backend_->GetEnumeratedEntry(node, Rankings::DELETED); if (!entry) { Trace("NewEntry failed on Trim 0x%x", node->address().value()); return false; @@ -540,7 +539,6 @@ bool Eviction::RemoveDeletedNode(CacheRankingsBlock* node) { bool doomed = (entry->entry()->Data()->state == ENTRY_DOOMED); entry->entry()->Data()->state = ENTRY_DOOMED; entry->DoomImpl(); - entry->Release(); return !doomed; } diff --git a/chromium/net/disk_cache/blockfile/file_win.cc b/chromium/net/disk_cache/blockfile/file_win.cc index f38595d3bf1..219df2a7449 100644 --- a/chromium/net/disk_cache/blockfile/file_win.cc +++ b/chromium/net/disk_cache/blockfile/file_win.cc @@ -39,8 +39,8 @@ class CompletionHandler : public base::MessageLoopForIO::IOHandler { DWORD error) override; }; -static base::LazyInstance<CompletionHandler> g_completion_handler = - LAZY_INSTANCE_INITIALIZER; +static base::LazyInstance<CompletionHandler>::DestructorAtExit + g_completion_handler = LAZY_INSTANCE_INITIALIZER; void CompletionHandler::OnIOCompleted( base::MessageLoopForIO::IOContext* context, diff --git a/chromium/net/disk_cache/blockfile/in_flight_backend_io.cc b/chromium/net/disk_cache/blockfile/in_flight_backend_io.cc index e7d076f0d00..ff4c5a214f1 100644 --- a/chromium/net/disk_cache/blockfile/in_flight_backend_io.cc +++ b/chromium/net/disk_cache/blockfile/in_flight_backend_io.cc @@ -22,6 +22,18 @@ namespace disk_cache { +namespace { + +// Used to leak a strong reference to an EntryImpl to the user of disk_cache. +EntryImpl* LeakEntryImpl(scoped_refptr<EntryImpl> entry) { + // Balanced on OP_CLOSE_ENTRY handling in BackendIO::ExecuteBackendOperation. + if (entry) + entry->AddRef(); + return entry.get(); +} + +} // namespace + BackendIO::BackendIO(InFlightIO* controller, BackendImpl* backend, const net::CompletionCallback& callback) : BackgroundIO(controller), @@ -76,11 +88,6 @@ bool BackendIO::IsEntryOperation() { return operation_ > OP_MAX_BACKEND; } -// Runs on the background thread. -void BackendIO::ReferenceEntry() { - entry_->AddRef(); -} - void BackendIO::Init() { operation_ = OP_INIT; } @@ -239,12 +246,18 @@ void BackendIO::ExecuteBackendOperation() { case OP_INIT: result_ = backend_->SyncInit(); break; - case OP_OPEN: - result_ = backend_->SyncOpenEntry(key_, entry_ptr_); + case OP_OPEN: { + scoped_refptr<EntryImpl> entry; + result_ = backend_->SyncOpenEntry(key_, &entry); + *entry_ptr_ = LeakEntryImpl(std::move(entry)); break; - case OP_CREATE: - result_ = backend_->SyncCreateEntry(key_, entry_ptr_); + } + case OP_CREATE: { + scoped_refptr<EntryImpl> entry; + result_ = backend_->SyncCreateEntry(key_, &entry); + *entry_ptr_ = LeakEntryImpl(std::move(entry)); break; + } case OP_DOOM: result_ = backend_->SyncDoomEntry(key_); break; @@ -260,9 +273,12 @@ void BackendIO::ExecuteBackendOperation() { case OP_SIZE_ALL: result_ = backend_->SyncCalculateSizeOfAllEntries(); break; - case OP_OPEN_NEXT: - result_ = backend_->SyncOpenNextEntry(iterator_, entry_ptr_); + case OP_OPEN_NEXT: { + scoped_refptr<EntryImpl> entry; + result_ = backend_->SyncOpenNextEntry(iterator_, &entry); + *entry_ptr_ = LeakEntryImpl(std::move(entry)); break; + } case OP_END_ENUMERATION: backend_->SyncEndEnumeration(std::move(scoped_iterator_)); result_ = net::OK; @@ -272,6 +288,8 @@ void BackendIO::ExecuteBackendOperation() { result_ = net::OK; break; case OP_CLOSE_ENTRY: + // Collect the reference to |entry_| to balance with the AddRef() in + // LeakEntryImpl. entry_->Release(); result_ = net::OK; break; diff --git a/chromium/net/disk_cache/blockfile/in_flight_backend_io.h b/chromium/net/disk_cache/blockfile/in_flight_backend_io.h index c6f03e2c896..489d333e0e9 100644 --- a/chromium/net/disk_cache/blockfile/in_flight_backend_io.h +++ b/chromium/net/disk_cache/blockfile/in_flight_backend_io.h @@ -51,9 +51,6 @@ class BackendIO : public BackgroundIO { net::CompletionCallback callback() const { return callback_; } - // Grabs an extra reference of entry_. - void ReferenceEntry(); - // The operations we proxy: void Init(); void OpenEntry(const std::string& key, Entry** entry); diff --git a/chromium/net/disk_cache/blockfile/sparse_control.cc b/chromium/net/disk_cache/blockfile/sparse_control.cc index a293f29df01..d24e664d2d4 100644 --- a/chromium/net/disk_cache/blockfile/sparse_control.cc +++ b/chromium/net/disk_cache/blockfile/sparse_control.cc @@ -475,10 +475,8 @@ bool SparseControl::OpenChild() { if (!child_) return ContinueWithoutChild(key); - EntryImpl* child = static_cast<EntryImpl*>(child_); - if (!(CHILD_ENTRY & child->GetEntryFlags()) || - child->GetDataSize(kSparseIndex) < - static_cast<int>(sizeof(child_data_))) + if (!(CHILD_ENTRY & child_->GetEntryFlags()) || + child_->GetDataSize(kSparseIndex) < static_cast<int>(sizeof(child_data_))) return KillChildAndContinue(key, false); scoped_refptr<net::WrappedIOBuffer> buf( @@ -513,7 +511,6 @@ void SparseControl::CloseChild() { CompletionCallback(), false); if (rv != sizeof(child_data_)) DLOG(ERROR) << "Failed to save child data"; - child_->Release(); child_ = NULL; } @@ -526,7 +523,6 @@ std::string SparseControl::GenerateChildKey() { bool SparseControl::KillChildAndContinue(const std::string& key, bool fatal) { SetChildBit(false); child_->DoomImpl(); - child_->Release(); child_ = NULL; if (fatal) { result_ = net::ERR_CACHE_READ_FAILURE; @@ -668,9 +664,7 @@ int SparseControl::PartialBlockLength(int block_index) const { } void SparseControl::InitChildData() { - // We know the real type of child_. - EntryImpl* child = static_cast<EntryImpl*>(child_); - child->SetEntryFlags(CHILD_ENTRY); + child_->SetEntryFlags(CHILD_ENTRY); memset(&child_data_, 0, sizeof(child_data_)); child_data_.header = sparse_header_; @@ -898,15 +892,14 @@ void SparseControl::DoUserCallback() { } void SparseControl::DoAbortCallbacks() { - for (size_t i = 0; i < abort_callbacks_.size(); i++) { + std::vector<CompletionCallback> abort_callbacks; + abort_callbacks.swap(abort_callbacks_); + + for (CompletionCallback& callback : abort_callbacks) { // Releasing all references to entry_ may result in the destruction of this // object so we should not be touching it after the last Release(). - CompletionCallback cb = abort_callbacks_[i]; - if (i == abort_callbacks_.size() - 1) - abort_callbacks_.clear(); - - entry_->Release(); // Don't touch object after this line. - cb.Run(net::OK); + entry_->Release(); + callback.Run(net::OK); } } diff --git a/chromium/net/disk_cache/blockfile/sparse_control.h b/chromium/net/disk_cache/blockfile/sparse_control.h index 3edab38d8a0..f6bf2a34d5f 100644 --- a/chromium/net/disk_cache/blockfile/sparse_control.h +++ b/chromium/net/disk_cache/blockfile/sparse_control.h @@ -152,7 +152,7 @@ class SparseControl { void DoAbortCallbacks(); EntryImpl* entry_; // The sparse entry. - EntryImpl* child_; // The current child entry. + scoped_refptr<EntryImpl> child_; // The current child entry. SparseOperation operation_; bool pending_; // True if any child IO operation returned pending. bool finished_; diff --git a/chromium/net/disk_cache/disk_cache.h b/chromium/net/disk_cache/disk_cache.h index a2001c8b8fd..4a3ae119b53 100644 --- a/chromium/net/disk_cache/disk_cache.h +++ b/chromium/net/disk_cache/disk_cache.h @@ -25,8 +25,13 @@ namespace base { class FilePath; class SingleThreadTaskRunner; + +namespace trace_event { +class ProcessMemoryDump; } +} // namespace base + namespace net { class IOBuffer; class NetLog; @@ -176,7 +181,9 @@ class NET_EXPORT Backend { virtual void OnExternalCacheHit(const std::string& key) = 0; // Returns the estimate of dynamically allocated memory in bytes. - virtual size_t EstimateMemoryUsage() const = 0; + virtual size_t DumpMemoryStats( + base::trace_event::ProcessMemoryDump* pmd, + const std::string& parent_absolute_name) const = 0; }; // This interface represents an entry in the disk cache. diff --git a/chromium/net/disk_cache/disk_cache_perftest.cc b/chromium/net/disk_cache/disk_cache_perftest.cc index eeef3b71d73..e16cccb4fe4 100644 --- a/chromium/net/disk_cache/disk_cache_perftest.cc +++ b/chromium/net/disk_cache/disk_cache_perftest.cc @@ -27,6 +27,8 @@ #include "net/disk_cache/disk_cache_test_base.h" #include "net/disk_cache/disk_cache_test_util.h" #include "net/disk_cache/simple/simple_backend_impl.h" +#include "net/disk_cache/simple/simple_index.h" +#include "net/disk_cache/simple/simple_index_file.h" #include "testing/gtest/include/gtest/gtest.h" #include "testing/platform_test.h" @@ -305,4 +307,42 @@ TEST_F(DiskCachePerfTest, BlockFilesPerformance) { base::RunLoop().RunUntilIdle(); } +// Measures how quickly SimpleIndex can compute which entries to evict. +TEST(SimpleIndexPerfTest, EvictionPerformance) { + const int kEntries = 10000; + + class NoOpDelegate : public disk_cache::SimpleIndexDelegate { + void DoomEntries(std::vector<uint64_t>* entry_hashes, + const net::CompletionCallback& callback) override {} + }; + + NoOpDelegate delegate; + base::Time start(base::Time::Now()); + + double evict_elapsed_ms = 0; + int iterations = 0; + while (iterations < 61000) { + ++iterations; + disk_cache::SimpleIndex index(nullptr, &delegate, net::DISK_CACHE, nullptr); + + // Make sure large enough to not evict on insertion. + index.SetMaxSize(kEntries * 2); + + for (int i = 0; i < kEntries; ++i) { + index.InsertEntryForTesting( + i, disk_cache::EntryMetadata(start + base::TimeDelta::FromSeconds(i), + 1u)); + } + + // Trigger an eviction. + base::ElapsedTimer timer; + index.SetMaxSize(kEntries); + index.UpdateEntrySize(0, 1u); + evict_elapsed_ms += timer.Elapsed().InMillisecondsF(); + } + + LOG(ERROR) << "Average time to evict:" << (evict_elapsed_ms / iterations) + << "ms"; +} + } // namespace diff --git a/chromium/net/disk_cache/memory/mem_backend_impl.cc b/chromium/net/disk_cache/memory/mem_backend_impl.cc index 65e14d71686..e6de26f05de 100644 --- a/chromium/net/disk_cache/memory/mem_backend_impl.cc +++ b/chromium/net/disk_cache/memory/mem_backend_impl.cc @@ -12,6 +12,7 @@ #include "base/memory/ptr_util.h" #include "base/sys_info.h" #include "base/trace_event/memory_usage_estimator.h" +#include "base/trace_event/process_memory_dump.h" #include "net/base/net_errors.h" #include "net/disk_cache/cache_util.h" #include "net/disk_cache/memory/mem_entry_impl.h" @@ -47,7 +48,7 @@ MemBackendImpl::~MemBackendImpl() { DCHECK(CheckLRUListOrder(lru_list_)); while (!entries_.empty()) entries_.begin()->second->Doom(); - DCHECK(!current_size_); + DCHECK_EQ(0, current_size_); } // static @@ -127,6 +128,10 @@ void MemBackendImpl::ModifyStorageSize(int32_t delta) { EvictIfNeeded(); } +bool MemBackendImpl::HasExceededStorageSize() const { + return current_size_ > max_size_; +} + net::CacheType MemBackendImpl::GetCacheType() const { return net::MEMORY_CACHE; } @@ -284,11 +289,25 @@ void MemBackendImpl::OnExternalCacheHit(const std::string& key) { it->second->UpdateStateOnUse(MemEntryImpl::ENTRY_WAS_NOT_MODIFIED); } -size_t MemBackendImpl::EstimateMemoryUsage() const { +size_t MemBackendImpl::DumpMemoryStats( + base::trace_event::ProcessMemoryDump* pmd, + const std::string& parent_absolute_name) const { + base::trace_event::MemoryAllocatorDump* dump = + pmd->CreateAllocatorDump(parent_absolute_name + "/memory_backend"); + // Entries in lru_list_ will be counted by EMU but not in entries_ since // they're pointers. - return base::trace_event::EstimateMemoryUsage(lru_list_) + - base::trace_event::EstimateMemoryUsage(entries_); + size_t size = base::trace_event::EstimateMemoryUsage(lru_list_) + + base::trace_event::EstimateMemoryUsage(entries_); + dump->AddScalar(base::trace_event::MemoryAllocatorDump::kNameSize, + base::trace_event::MemoryAllocatorDump::kUnitsBytes, size); + dump->AddScalar("mem_backend_size", + base::trace_event::MemoryAllocatorDump::kUnitsBytes, + current_size_); + dump->AddScalar("mem_backend_max_size", + base::trace_event::MemoryAllocatorDump::kUnitsBytes, + max_size_); + return size; } void MemBackendImpl::EvictIfNeeded() { diff --git a/chromium/net/disk_cache/memory/mem_backend_impl.h b/chromium/net/disk_cache/memory/mem_backend_impl.h index be4c08ff386..cf8c998e5c9 100644 --- a/chromium/net/disk_cache/memory/mem_backend_impl.h +++ b/chromium/net/disk_cache/memory/mem_backend_impl.h @@ -73,6 +73,10 @@ class NET_EXPORT_PRIVATE MemBackendImpl final : public Backend { // determine if eviction is neccessary and when eviction is finished. void ModifyStorageSize(int32_t delta); + // Returns true if the cache's size is greater than the maximum allowed + // size. + bool HasExceededStorageSize() const; + // Backend interface. net::CacheType GetCacheType() const override; int32_t GetEntryCount() const override; @@ -98,7 +102,9 @@ class NET_EXPORT_PRIVATE MemBackendImpl final : public Backend { std::unique_ptr<Iterator> CreateIterator() override; void GetStats(base::StringPairs* stats) override {} void OnExternalCacheHit(const std::string& key) override; - size_t EstimateMemoryUsage() const override; + size_t DumpMemoryStats( + base::trace_event::ProcessMemoryDump* pmd, + const std::string& parent_absolute_name) const override; private: class MemIterator; diff --git a/chromium/net/disk_cache/memory/mem_entry_impl.cc b/chromium/net/disk_cache/memory/mem_entry_impl.cc index 2910bb1afaf..499142a3a3e 100644 --- a/chromium/net/disk_cache/memory/mem_entry_impl.cc +++ b/chromium/net/disk_cache/memory/mem_entry_impl.cc @@ -81,6 +81,8 @@ MemEntryImpl::MemEntryImpl(MemBackendImpl* backend, nullptr, // parent net_log) { Open(); + // Just creating the entry (without any data) could cause the storage to + // grow beyond capacity, but we allow such infractions. backend_->ModifyStorageSize(GetStorageSize()); } @@ -345,6 +347,13 @@ int MemEntryImpl::InternalWriteData(int index, int offset, IOBuffer* buf, int old_data_size = data_[index].size(); if (truncate || old_data_size < offset + buf_len) { + int delta = offset + buf_len - old_data_size; + backend_->ModifyStorageSize(delta); + if (backend_->HasExceededStorageSize()) { + backend_->ModifyStorageSize(-delta); + return net::ERR_INSUFFICIENT_RESOURCES; + } + data_[index].resize(offset + buf_len); // Zero fill any hole. @@ -352,8 +361,6 @@ int MemEntryImpl::InternalWriteData(int index, int offset, IOBuffer* buf, std::fill(data_[index].begin() + old_data_size, data_[index].begin() + offset, 0); } - - backend_->ModifyStorageSize(data_[index].size() - old_data_size); } UpdateStateOnUse(ENTRY_WAS_MODIFIED); diff --git a/chromium/net/disk_cache/simple/simple_backend_impl.cc b/chromium/net/disk_cache/simple/simple_backend_impl.cc index e81877c9017..88d2741e979 100644 --- a/chromium/net/disk_cache/simple/simple_backend_impl.cc +++ b/chromium/net/disk_cache/simple/simple_backend_impl.cc @@ -31,6 +31,7 @@ #include "base/threading/thread_task_runner_handle.h" #include "base/time/time.h" #include "base/trace_event/memory_usage_estimator.h" +#include "base/trace_event/process_memory_dump.h" #include "net/base/net_errors.h" #include "net/disk_cache/cache_util.h" #include "net/disk_cache/simple/simple_entry_format.h" @@ -560,11 +561,19 @@ void SimpleBackendImpl::OnExternalCacheHit(const std::string& key) { index_->UseIfExists(simple_util::GetEntryHashKey(key)); } -size_t SimpleBackendImpl::EstimateMemoryUsage() const { +size_t SimpleBackendImpl::DumpMemoryStats( + base::trace_event::ProcessMemoryDump* pmd, + const std::string& parent_absolute_name) const { + base::trace_event::MemoryAllocatorDump* dump = + pmd->CreateAllocatorDump(parent_absolute_name + "/simple_backend"); + + size_t size = base::trace_event::EstimateMemoryUsage(index_) + + base::trace_event::EstimateMemoryUsage(active_entries_); // TODO(xunjieli): crbug.com/669108. Track |entries_pending_doom_| once // base::Closure is suppported in memory_usage_estimator.h. - return base::trace_event::EstimateMemoryUsage(index_) + - base::trace_event::EstimateMemoryUsage(active_entries_); + dump->AddScalar(base::trace_event::MemoryAllocatorDump::kNameSize, + base::trace_event::MemoryAllocatorDump::kUnitsBytes, size); + return size; } void SimpleBackendImpl::InitializeIndex(const CompletionCallback& callback, diff --git a/chromium/net/disk_cache/simple/simple_backend_impl.h b/chromium/net/disk_cache/simple/simple_backend_impl.h index f017d73237d..aa7a3785afc 100644 --- a/chromium/net/disk_cache/simple/simple_backend_impl.h +++ b/chromium/net/disk_cache/simple/simple_backend_impl.h @@ -117,7 +117,9 @@ class NET_EXPORT_PRIVATE SimpleBackendImpl : public Backend, std::unique_ptr<Iterator> CreateIterator() override; void GetStats(base::StringPairs* stats) override; void OnExternalCacheHit(const std::string& key) override; - size_t EstimateMemoryUsage() const override; + size_t DumpMemoryStats( + base::trace_event::ProcessMemoryDump* pmd, + const std::string& parent_absolute_name) const override; private: class SimpleIterator; diff --git a/chromium/net/disk_cache/simple/simple_entry_impl.cc b/chromium/net/disk_cache/simple/simple_entry_impl.cc index 2b354cd0f68..40ea198a7a8 100644 --- a/chromium/net/disk_cache/simple/simple_entry_impl.cc +++ b/chromium/net/disk_cache/simple/simple_entry_impl.cc @@ -1347,7 +1347,7 @@ void SimpleEntryImpl::DoomOperationComplete( } void SimpleEntryImpl::ChecksumOperationComplete( - int orig_result, + int original_result, int stream_index, const CompletionCallback& completion_callback, std::unique_ptr<int> result) { @@ -1362,8 +1362,8 @@ void SimpleEntryImpl::ChecksumOperationComplete( } if (*result == net::OK) { - *result = orig_result; - if (orig_result >= 0) + *result = original_result; + if (original_result >= 0) RecordReadResult(cache_type_, READ_RESULT_SUCCESS); else RecordReadResult(cache_type_, READ_RESULT_SYNC_READ_FAILURE); diff --git a/chromium/net/disk_cache/simple/simple_entry_impl.h b/chromium/net/disk_cache/simple/simple_entry_impl.h index 1484fadcefb..5b58b555c29 100644 --- a/chromium/net/disk_cache/simple/simple_entry_impl.h +++ b/chromium/net/disk_cache/simple/simple_entry_impl.h @@ -280,8 +280,8 @@ class NET_EXPORT_PRIVATE SimpleEntryImpl : public Entry, // Called after validating the checksums on an entry. Passes through the // original result if successful, propagates the error if the checksum does // not validate. - void ChecksumOperationComplete(int stream_index, - int orig_result, + void ChecksumOperationComplete(int original_result, + int stream_index, const CompletionCallback& completion_callback, std::unique_ptr<int> result); diff --git a/chromium/net/disk_cache/simple/simple_index.cc b/chromium/net/disk_cache/simple/simple_index.cc index 57f9603a391..4e5c833d2ac 100644 --- a/chromium/net/disk_cache/simple/simple_index.cc +++ b/chromium/net/disk_cache/simple/simple_index.cc @@ -50,31 +50,6 @@ const uint32_t kEvictionMarginDivisor = 20; const uint32_t kBytesInKb = 1024; -// Utility class used for timestamp comparisons in entry metadata while sorting. -class CompareHashesForTimestamp { - typedef disk_cache::SimpleIndex SimpleIndex; - typedef disk_cache::SimpleIndex::EntrySet EntrySet; - public: - explicit CompareHashesForTimestamp(const EntrySet& set); - - bool operator()(uint64_t hash1, uint64_t hash2); - - private: - const EntrySet& entry_set_; -}; - -CompareHashesForTimestamp::CompareHashesForTimestamp(const EntrySet& set) - : entry_set_(set) { -} - -bool CompareHashesForTimestamp::operator()(uint64_t hash1, uint64_t hash2) { - EntrySet::const_iterator it1 = entry_set_.find(hash1); - DCHECK(it1 != entry_set_.end()); - EntrySet::const_iterator it2 = entry_set_.find(hash2); - DCHECK(it2 != entry_set_.end()); - return it1->second.GetLastUsedTime() < it2->second.GetLastUsedTime(); -} - } // namespace namespace disk_cache { @@ -331,28 +306,35 @@ void SimpleIndex::StartEvictionIfNeeded() { SIMPLE_CACHE_UMA( MEMORY_KB, "Eviction.MaxCacheSizeOnStart2", cache_type_, static_cast<base::HistogramBase::Sample>(max_size_ / kBytesInKb)); - std::vector<uint64_t> entry_hashes; - entry_hashes.reserve(entries_set_.size()); - for (EntrySet::const_iterator it = entries_set_.begin(), - end = entries_set_.end(); it != end; ++it) { - entry_hashes.push_back(it->first); + + // Flatten for sorting. + std::vector<const std::pair<const uint64_t, EntryMetadata>*> entries; + entries.reserve(entries_set_.size()); + for (EntrySet::const_iterator i = entries_set_.begin(); + i != entries_set_.end(); ++i) { + entries.push_back(&*i); } - std::sort(entry_hashes.begin(), entry_hashes.end(), - CompareHashesForTimestamp(entries_set_)); - // Remove as many entries from the index to get below |low_watermark_|. - std::vector<uint64_t>::iterator it = entry_hashes.begin(); + std::sort(entries.begin(), entries.end(), + [](const std::pair<const uint64_t, EntryMetadata>* a, + const std::pair<const uint64_t, EntryMetadata>* b) -> bool { + return a->second.RawTimeForSorting() < + b->second.RawTimeForSorting(); + }); + + // Remove as many entries from the index to get below |low_watermark_|, + // collecting least recently used hashes into |entry_hashes|. + std::vector<uint64_t> entry_hashes; + std::vector<const std::pair<const uint64_t, EntryMetadata>*>::iterator it = + entries.begin(); uint64_t evicted_so_far_size = 0; while (evicted_so_far_size < cache_size_ - low_watermark_) { - DCHECK(it != entry_hashes.end()); - EntrySet::iterator found_meta = entries_set_.find(*it); - DCHECK(found_meta != entries_set_.end()); - evicted_so_far_size += found_meta->second.GetEntrySize(); + DCHECK(it != entries.end()); + entry_hashes.push_back((*it)->first); + evicted_so_far_size += (*it)->second.GetEntrySize(); ++it; } - // Take out the rest of hashes from the eviction list. - entry_hashes.erase(it, entry_hashes.end()); SIMPLE_CACHE_UMA(COUNTS, "Eviction.EntryCount", cache_type_, entry_hashes.size()); SIMPLE_CACHE_UMA(TIMES, @@ -403,6 +385,13 @@ void SimpleIndex::InsertInEntrySet( entry_set->insert(std::make_pair(entry_hash, entry_metadata)); } +void SimpleIndex::InsertEntryForTesting(uint64_t entry_hash, + const EntryMetadata& entry_metadata) { + DCHECK(entries_set_.find(entry_hash) == entries_set_.end()); + InsertInEntrySet(entry_hash, entry_metadata, &entries_set_); + cache_size_ += entry_metadata.GetEntrySize(); +} + void SimpleIndex::PostponeWritingToDisk() { if (!initialized_) return; diff --git a/chromium/net/disk_cache/simple/simple_index.h b/chromium/net/disk_cache/simple/simple_index.h index 7758d91362a..2fd3e1fa598 100644 --- a/chromium/net/disk_cache/simple/simple_index.h +++ b/chromium/net/disk_cache/simple/simple_index.h @@ -51,6 +51,10 @@ class NET_EXPORT_PRIVATE EntryMetadata { base::Time GetLastUsedTime() const; void SetLastUsedTime(const base::Time& last_used_time); + uint32_t RawTimeForSorting() const { + return last_used_time_seconds_since_epoch_; + } + uint32_t GetEntrySize() const; void SetEntrySize(base::StrictNumeric<uint32_t> entry_size); @@ -135,6 +139,11 @@ class NET_EXPORT_PRIVATE SimpleIndex const EntryMetadata& entry_metadata, EntrySet* entry_set); + // For use in tests only. Updates cache_size_, but will not start evictions + // or adjust index writing time. Requires entry to not already be in the set. + void InsertEntryForTesting(uint64_t entry_hash, + const EntryMetadata& entry_metadata); + // Executes the |callback| when the index is ready. Allows multiple callbacks. int ExecuteWhenReady(const net::CompletionCallback& callback); diff --git a/chromium/net/disk_cache/simple/simple_index_file.cc b/chromium/net/disk_cache/simple/simple_index_file.cc index 7925a7adc33..3557a616068 100644 --- a/chromium/net/disk_cache/simple/simple_index_file.cc +++ b/chromium/net/disk_cache/simple/simple_index_file.cc @@ -120,7 +120,10 @@ bool WritePickleFile(base::Pickle* pickle, const base::FilePath& file_name) { // Called for each cache directory traversal iteration. void ProcessEntryFile(SimpleIndex::EntrySet* entries, - const base::FilePath& file_path) { + const base::FilePath& file_path, + base::Time last_accessed, + base::Time last_modified, + int64_t size) { static const size_t kEntryFilesLength = kEntryFilesHashLength + kEntryFilesSuffixLength; // Converting to std::string is OK since we never use UTF8 wide chars in our @@ -138,22 +141,17 @@ void ProcessEntryFile(SimpleIndex::EntrySet* entries, return; } - File::Info file_info; - if (!base::GetFileInfo(file_path, &file_info)) { - LOG(ERROR) << "Could not get file info for " << file_path.value(); - return; - } base::Time last_used_time; #if defined(OS_POSIX) // For POSIX systems, a last access time is available. However, it's not // guaranteed to be more accurate than mtime. It is no worse though. - last_used_time = file_info.last_accessed; + last_used_time = last_accessed; #endif if (last_used_time.is_null()) - last_used_time = file_info.last_modified; + last_used_time = last_modified; SimpleIndex::EntrySet::iterator it = entries->find(hash_key); - base::CheckedNumeric<uint32_t> total_entry_size = file_info.size; + base::CheckedNumeric<uint32_t> total_entry_size = size; if (it == entries->end()) { SimpleIndex::InsertInEntrySet( diff --git a/chromium/net/disk_cache/simple/simple_index_file.h b/chromium/net/disk_cache/simple/simple_index_file.h index 981a03dd7d1..0f10094b0a4 100644 --- a/chromium/net/disk_cache/simple/simple_index_file.h +++ b/chromium/net/disk_cache/simple/simple_index_file.h @@ -105,7 +105,10 @@ class NET_EXPORT_PRIVATE SimpleIndexFile { friend class WrappedSimpleIndexFile; // Used for cache directory traversal. - typedef base::Callback<void (const base::FilePath&)> EntryFileCallback; + using EntryFileCallback = base::Callback<void(const base::FilePath&, + base::Time last_accessed, + base::Time last_modified, + int64_t size)>; // When loading the entries from disk, add this many extra hash buckets to // prevent reallocation on the IO thread when merging in new live entries. diff --git a/chromium/net/disk_cache/simple/simple_index_file_posix.cc b/chromium/net/disk_cache/simple/simple_index_file_posix.cc index e0dd3dd126a..9fa387e030c 100644 --- a/chromium/net/disk_cache/simple/simple_index_file_posix.cc +++ b/chromium/net/disk_cache/simple/simple_index_file_posix.cc @@ -12,6 +12,7 @@ #include <memory> #include <string> +#include "base/files/file_util.h" #include "base/logging.h" namespace disk_cache { @@ -43,7 +44,14 @@ bool SimpleIndexFile::TraverseCacheDirectory( continue; const base::FilePath file_path = cache_path.Append( base::FilePath(file_name)); - entry_file_callback.Run(file_path); + base::File::Info file_info; + if (!base::GetFileInfo(file_path, &file_info)) { + LOG(ERROR) << "Could not get file info for " << file_path.value(); + continue; + } + + entry_file_callback.Run(file_path, file_info.last_accessed, + file_info.last_modified, file_info.size); } PLOG(ERROR) << "readdir_r " << cache_path.value(); return false; diff --git a/chromium/net/disk_cache/simple/simple_index_file_win.cc b/chromium/net/disk_cache/simple/simple_index_file_win.cc index 051d12deaf7..213dbc69361 100644 --- a/chromium/net/disk_cache/simple/simple_index_file_win.cc +++ b/chromium/net/disk_cache/simple/simple_index_file_win.cc @@ -25,7 +25,9 @@ bool SimpleIndexFile::TraverseCacheDirectory( file_path = enumerator.Next()) { if (file_path == current_directory || file_path == parent_directory) continue; - entry_file_callback.Run(file_path); + base::FileEnumerator::FileInfo info = enumerator.GetInfo(); + entry_file_callback.Run(file_path, base::Time(), info.GetLastModifiedTime(), + info.GetSize()); } return true; } diff --git a/chromium/net/dns/dns_protocol.h b/chromium/net/dns/dns_protocol.h index 416738a2bed..2c4478c4cad 100644 --- a/chromium/net/dns/dns_protocol.h +++ b/chromium/net/dns/dns_protocol.h @@ -135,12 +135,12 @@ static const uint8_t kRcodeNXDOMAIN = 3; static const uint8_t kRcodeNOTIMP = 4; static const uint8_t kRcodeREFUSED = 5; -// DNS flags. +// DNS header flags. +// +// https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-12 static const uint16_t kFlagResponse = 0x8000; -static const uint16_t kFlagRA = 0x80; -static const uint16_t kFlagRD = 0x100; -static const uint16_t kFlagTC = 0x200; -static const uint16_t kFlagAA = 0x400; +static const uint16_t kFlagRD = 0x100; // Recursion Desired - query flag. +static const uint16_t kFlagTC = 0x200; // Truncated - server flag. } // namespace dns_protocol diff --git a/chromium/net/dns/dns_query.cc b/chromium/net/dns/dns_query.cc index aa9bc70454e..ac74ca47961 100644 --- a/chromium/net/dns/dns_query.cc +++ b/chromium/net/dns/dns_query.cc @@ -13,14 +13,19 @@ namespace net { +namespace { + +const size_t kHeaderSize = sizeof(dns_protocol::Header); + +} // namespace + // DNS query consists of a 12-byte header followed by a question section. // For details, see RFC 1035 section 4.1.1. This header template sets RD // bit, which directs the name server to pursue query recursively, and sets // the QDCOUNT to 1, meaning the question section has a single entry. DnsQuery::DnsQuery(uint16_t id, const base::StringPiece& qname, uint16_t qtype) : qname_size_(qname.size()), - io_buffer_( - new IOBufferWithSize(sizeof(dns_protocol::Header) + question_size())), + io_buffer_(new IOBufferWithSize(kHeaderSize + question_size())), header_(reinterpret_cast<dns_protocol::Header*>(io_buffer_->data())) { DCHECK(!DNSDomainToString(qname).empty()); *header_ = {}; @@ -29,8 +34,8 @@ DnsQuery::DnsQuery(uint16_t id, const base::StringPiece& qname, uint16_t qtype) header_->qdcount = base::HostToNet16(1); // Write question section after the header. - base::BigEndianWriter writer( - io_buffer_->data() + sizeof(dns_protocol::Header), question_size()); + base::BigEndianWriter writer(io_buffer_->data() + kHeaderSize, + question_size()); writer.WriteBytes(qname.data(), qname.size()); writer.WriteU16(qtype); writer.WriteU16(dns_protocol::kClassIN); @@ -48,20 +53,18 @@ uint16_t DnsQuery::id() const { } base::StringPiece DnsQuery::qname() const { - return base::StringPiece(io_buffer_->data() + sizeof(dns_protocol::Header), - qname_size_); + return base::StringPiece(io_buffer_->data() + kHeaderSize, qname_size_); } uint16_t DnsQuery::qtype() const { uint16_t type; - base::ReadBigEndian<uint16_t>( - io_buffer_->data() + sizeof(dns_protocol::Header) + qname_size_, &type); + base::ReadBigEndian<uint16_t>(io_buffer_->data() + kHeaderSize + qname_size_, + &type); return type; } base::StringPiece DnsQuery::question() const { - return base::StringPiece(io_buffer_->data() + sizeof(dns_protocol::Header), - question_size()); + return base::StringPiece(io_buffer_->data() + kHeaderSize, question_size()); } void DnsQuery::set_flags(uint16_t flags) { diff --git a/chromium/net/dns/dns_reloader.cc b/chromium/net/dns/dns_reloader.cc index 74534e6b1ba..5e9165e2d15 100644 --- a/chromium/net/dns/dns_reloader.cc +++ b/chromium/net/dns/dns_reloader.cc @@ -92,7 +92,7 @@ class DnsReloader : public NetworkChangeNotifier::DNSObserver { base::Lock lock_; // Protects resolver_generation_. int resolver_generation_; - friend struct base::DefaultLazyInstanceTraits<DnsReloader>; + friend struct base::LazyInstanceTraitsBase<DnsReloader>; // We use thread local storage to identify which ReloadState to interact with. static base::ThreadLocalStorage::StaticSlot tls_index_; diff --git a/chromium/net/dns/dns_response.cc b/chromium/net/dns/dns_response.cc index f168a255f39..5d234244a09 100644 --- a/chromium/net/dns/dns_response.cc +++ b/chromium/net/dns/dns_response.cc @@ -21,6 +21,8 @@ namespace net { namespace { +const size_t kHeaderSize = sizeof(dns_protocol::Header); + const uint8_t kRcodeMask = 0xf; } // namespace @@ -185,30 +187,25 @@ bool DnsResponse::InitParse(int nbytes, const DnsQuery& query) { return false; // Match the question section. - const size_t hdr_size = sizeof(dns_protocol::Header); const base::StringPiece question = query.question(); - if (question != base::StringPiece(io_buffer_->data() + hdr_size, - question.size())) { + if (question != + base::StringPiece(io_buffer_->data() + kHeaderSize, question.size())) { return false; } // Construct the parser. - parser_ = DnsRecordParser(io_buffer_->data(), - nbytes, - hdr_size + question.size()); + parser_ = DnsRecordParser(io_buffer_->data(), nbytes, + kHeaderSize + question.size()); return true; } bool DnsResponse::InitParseWithoutQuery(int nbytes) { DCHECK_GE(nbytes, 0); - size_t hdr_size = sizeof(dns_protocol::Header); - - if (nbytes < static_cast<int>(hdr_size) || nbytes >= io_buffer_->size()) + if (nbytes < static_cast<int>(kHeaderSize) || nbytes >= io_buffer_->size()) return false; - parser_ = DnsRecordParser( - io_buffer_->data(), nbytes, hdr_size); + parser_ = DnsRecordParser(io_buffer_->data(), nbytes, kHeaderSize); unsigned qdcount = base::NetToHost16(header()->qdcount); for (unsigned i = 0; i < qdcount; ++i) { @@ -250,10 +247,9 @@ base::StringPiece DnsResponse::qname() const { // The response is HEADER QNAME QTYPE QCLASS ANSWER. // |parser_| is positioned at the beginning of ANSWER, so the end of QNAME is // two uint16_ts before it. - const size_t hdr_size = sizeof(dns_protocol::Header); const size_t qname_size = - parser_.GetOffset() - 2 * sizeof(uint16_t) - hdr_size; - return base::StringPiece(io_buffer_->data() + hdr_size, qname_size); + parser_.GetOffset() - 2 * sizeof(uint16_t) - kHeaderSize; + return base::StringPiece(io_buffer_->data() + kHeaderSize, qname_size); } uint16_t DnsResponse::qtype() const { diff --git a/chromium/net/dns/dns_util.cc b/chromium/net/dns/dns_util.cc index 217aedc5001..8eff1c6425e 100644 --- a/chromium/net/dns/dns_util.cc +++ b/chromium/net/dns/dns_util.cc @@ -10,10 +10,21 @@ #include <cstring> #include "base/metrics/field_trial.h" +#include "base/metrics/histogram_macros.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_split.h" #include "build/build_config.h" #include "net/base/address_list.h" +#include "net/dns/dns_protocol.h" + +namespace { + +// RFC 1035, section 2.3.4: labels 63 octets or less. +// Section 3.1: Each label is represented as a one octet length field followed +// by that number of octets. +const int kMaxLabelLength = 63; + +} // namespace #if defined(OS_POSIX) #include <netinet/in.h> @@ -34,12 +45,13 @@ namespace net { // Based on DJB's public domain code. bool DNSDomainFromDot(const base::StringPiece& dotted, std::string* out) { const char* buf = dotted.data(); - unsigned n = dotted.size(); - char label[63]; + size_t n = dotted.size(); + char label[kMaxLabelLength]; size_t labellen = 0; /* <= sizeof label */ - char name[255]; + char name[dns_protocol::kMaxNameLength]; size_t namelen = 0; /* <= sizeof name */ char ch; + bool valid_name = true; for (;;) { if (!n) @@ -60,9 +72,16 @@ bool DNSDomainFromDot(const base::StringPiece& dotted, std::string* out) { } if (labellen >= sizeof label) return false; + if (!IsValidHostLabelCharacter(ch, labellen == 0)) { + // TODO(palmer): In the future, when we can remove support for invalid + // names, return false here instead (and remove the UMA counter). + valid_name = false; + } label[labellen++] = ch; } + UMA_HISTOGRAM_BOOLEAN("Net.ValidDNSName", valid_name); + // Allow empty label at end of name to disable suffix search. if (labellen) { if (namelen + labellen + 1 > sizeof name) @@ -88,6 +107,11 @@ bool IsValidDNSDomain(const base::StringPiece& dotted) { return DNSDomainFromDot(dotted, &dns_formatted); } +bool IsValidHostLabelCharacter(char c, bool is_first_char) { + return (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || + (c >= '0' && c <= '9') || (!is_first_char && c == '-') || c == '_'; +} + std::string DNSDomainToString(const base::StringPiece& domain) { std::string ret; @@ -96,7 +120,7 @@ std::string DNSDomainToString(const base::StringPiece& domain) { if (domain[i] < 0) return std::string(); #endif - if (domain[i] > 63) + if (domain[i] > kMaxLabelLength) return std::string(); if (i) @@ -110,57 +134,6 @@ std::string DNSDomainToString(const base::StringPiece& domain) { return ret; } -bool HaveOnlyLoopbackAddresses() { -#if defined(OS_ANDROID) - return android::HaveOnlyLoopbackAddresses(); -#elif defined(OS_NACL) - NOTIMPLEMENTED(); - return false; -#elif defined(OS_POSIX) - struct ifaddrs* interface_addr = NULL; - int rv = getifaddrs(&interface_addr); - if (rv != 0) { - DVLOG(1) << "getifaddrs() failed with errno = " << errno; - return false; - } - - bool result = true; - for (struct ifaddrs* interface = interface_addr; - interface != NULL; - interface = interface->ifa_next) { - if (!(IFF_UP & interface->ifa_flags)) - continue; - if (IFF_LOOPBACK & interface->ifa_flags) - continue; - const struct sockaddr* addr = interface->ifa_addr; - if (!addr) - continue; - if (addr->sa_family == AF_INET6) { - // Safe cast since this is AF_INET6. - const struct sockaddr_in6* addr_in6 = - reinterpret_cast<const struct sockaddr_in6*>(addr); - const struct in6_addr* sin6_addr = &addr_in6->sin6_addr; - if (IN6_IS_ADDR_LOOPBACK(sin6_addr) || IN6_IS_ADDR_LINKLOCAL(sin6_addr)) - continue; - } - if (addr->sa_family != AF_INET6 && addr->sa_family != AF_INET) - continue; - - result = false; - break; - } - freeifaddrs(interface_addr); - return result; -#elif defined(OS_WIN) - // TODO(wtc): implement with the GetAdaptersAddresses function. - NOTIMPLEMENTED(); - return false; -#else - NOTIMPLEMENTED(); - return false; -#endif // defined(various platforms) -} - #if !defined(OS_NACL) namespace { diff --git a/chromium/net/dns/dns_util.h b/chromium/net/dns/dns_util.h index c81ffde34ad..81eb1a28ba1 100644 --- a/chromium/net/dns/dns_util.h +++ b/chromium/net/dns/dns_util.h @@ -27,16 +27,26 @@ NET_EXPORT_PRIVATE bool DNSDomainFromDot(const base::StringPiece& dotted, // Checks that a hostname is valid. Simple wrapper around DNSDomainFromDot. NET_EXPORT_PRIVATE bool IsValidDNSDomain(const base::StringPiece& dotted); +// Returns true if the character is valid in a DNS hostname label, whether in +// the first position or later in the label. +// +// This function asserts a looser form of the restrictions in RFC 7719 (section +// 2; https://tools.ietf.org/html/rfc7719#section-2): hostnames can include +// characters a-z, A-Z, 0-9, -, and _, and any of those characters (except -) +// are legal in the first position. The looser rules are necessary to support +// service records (initial _), and non-compliant but attested hostnames that +// include _. These looser rules also allow Punycode and hence IDN. +// +// TODO(palmer): In the future, when we can remove support for invalid names, +// this can be a private implementation detail of |DNSDomainFromDot|, and need +// not be NET_EXPORT_PRIVATE. +NET_EXPORT_PRIVATE bool IsValidHostLabelCharacter(char c, bool is_first_char); + // DNSDomainToString converts a domain in DNS format to a dotted string. // Excludes the dot at the end. NET_EXPORT_PRIVATE std::string DNSDomainToString( const base::StringPiece& domain); -// Returns true if it can determine that only loopback addresses are configured. -// i.e. if only 127.0.0.1 and ::1 are routable. -// Also returns false if it cannot determine this. -NET_EXPORT_PRIVATE bool HaveOnlyLoopbackAddresses(); - #if !defined(OS_NACL) NET_EXPORT_PRIVATE base::TimeDelta GetTimeDeltaForConnectionTypeFromFieldTrialOrDefault( diff --git a/chromium/net/dns/dns_util_unittest.cc b/chromium/net/dns/dns_util_unittest.cc index 1d534716b6a..7b01d4263b9 100644 --- a/chromium/net/dns/dns_util_unittest.cc +++ b/chromium/net/dns/dns_util_unittest.cc @@ -6,6 +6,28 @@ #include "testing/gtest/include/gtest/gtest.h" +namespace { + +bool IsValidDNSDomainName(const char* name) { + size_t length = strlen(name); + for (size_t i = 0; i < length; ++i) { + if (name[i] == '.') { + if (i == 0 || name[i - 1] == '.') { + return false; + } + continue; + } + + if (!net::IsValidHostLabelCharacter(name[i], + i == 0 || name[i - 1] == '.')) { + return false; + } + } + return true; +} + +} // namespace + namespace net { class DNSUtilTest : public testing::Test { @@ -69,4 +91,30 @@ TEST_F(DNSUtilTest, DNSDomainToString) { EXPECT_EQ("", DNSDomainToString("\x06")); } +TEST_F(DNSUtilTest, IsValidDNSDomain) { + const char* const bad_hostnames[] = { + "%20%20noodles.blorg", "noo dles.blorg ", "noo dles.blorg. ", + "^noodles.blorg", "noodles^.blorg", "noo&dles.blorg", + "noodles.blorg`", "www.-noodles.blorg", + }; + + // TODO(palmer): In the future, when we can remove support for invalid names, + // change the calls to from |IsValidDNSDomainName| to |IsValidDNSDomain|, and + // remove |IsValidDNSDomainName| (defined above). + + for (size_t i = 0; i < arraysize(bad_hostnames); ++i) { + EXPECT_FALSE(IsValidDNSDomainName(bad_hostnames[i])); + } + + const char* const good_hostnames[] = { + "www.noodles.blorg", "1www.noodles.blorg", "www.2noodles.blorg", + "www.n--oodles.blorg", "www.noodl_es.blorg", "www.no-_odles.blorg", + "www_.noodles.blorg", "www.noodles.blorg.", "_privet._tcp.local", + }; + + for (size_t i = 0; i < arraysize(good_hostnames); ++i) { + EXPECT_TRUE(IsValidDNSDomainName(good_hostnames[i])); + } +} + } // namespace net diff --git a/chromium/net/dns/fuzzed_host_resolver.cc b/chromium/net/dns/fuzzed_host_resolver.cc index d8e02325206..f44f3674ccf 100644 --- a/chromium/net/dns/fuzzed_host_resolver.cc +++ b/chromium/net/dns/fuzzed_host_resolver.cc @@ -223,7 +223,8 @@ void FuzzedHostResolver::SetDnsClientEnabled(bool enabled) { SetDnsClient(std::move(dns_client)); } -bool FuzzedHostResolver::IsIPv6Reachable(const NetLogWithSource& net_log) { +bool FuzzedHostResolver::IsGloballyReachable(const IPAddress& dest, + const NetLogWithSource& net_log) { return is_ipv6_reachable_; } diff --git a/chromium/net/dns/fuzzed_host_resolver.h b/chromium/net/dns/fuzzed_host_resolver.h index cc14578be32..7cb1b516305 100644 --- a/chromium/net/dns/fuzzed_host_resolver.h +++ b/chromium/net/dns/fuzzed_host_resolver.h @@ -58,7 +58,8 @@ class FuzzedHostResolver : public HostResolverImpl { private: // HostResolverImpl implementation: - bool IsIPv6Reachable(const NetLogWithSource& net_log) override; + bool IsGloballyReachable(const IPAddress& dest, + const NetLogWithSource& net_log) override; void RunLoopbackProbeJob() override; base::FuzzedDataProvider* data_provider_; diff --git a/chromium/net/dns/host_cache.h b/chromium/net/dns/host_cache.h index ccda0eb9a92..37cf204e3cc 100644 --- a/chromium/net/dns/host_cache.h +++ b/chromium/net/dns/host_cache.h @@ -79,6 +79,9 @@ class NET_EXPORT HostCache : NON_EXPORTED_BASE(public base::NonThreadSafe) { base::TimeTicks expires() const { return expires_; } + // Public for the net-internals UI. + int network_changes() const { return network_changes_; } + private: friend class HostCache; @@ -87,7 +90,6 @@ class NET_EXPORT HostCache : NON_EXPORTED_BASE(public base::NonThreadSafe) { base::TimeDelta ttl, int network_changes); - int network_changes() const { return network_changes_; } int total_hits() const { return total_hits_; } int stale_hits() const { return stale_hits_; } @@ -158,7 +160,7 @@ class NET_EXPORT HostCache : NON_EXPORTED_BASE(public base::NonThreadSafe) { // Following are used by net_internals UI. size_t max_entries() const; - + int network_changes() const { return network_changes_; } const EntryMap& entries() const { return entries_; } // Creates a default cache. diff --git a/chromium/net/dns/host_resolver.cc b/chromium/net/dns/host_resolver.cc index f0cd91b5787..1f6dcf9b65e 100644 --- a/chromium/net/dns/host_resolver.cc +++ b/chromium/net/dns/host_resolver.cc @@ -132,12 +132,12 @@ void HostResolver::InitializePersistence( const PersistCallback& persist_callback, std::unique_ptr<const base::Value> old_data) {} -void HostResolver::SetDefaultAddressFamily(AddressFamily address_family) { +void HostResolver::SetNoIPv6OnWifi(bool no_ipv6_on_wifi) { NOTREACHED(); } -AddressFamily HostResolver::GetDefaultAddressFamily() const { - return ADDRESS_FAMILY_UNSPECIFIED; +bool HostResolver::GetNoIPv6OnWifi() { + return false; } // static diff --git a/chromium/net/dns/host_resolver.h b/chromium/net/dns/host_resolver.h index 33cdd34e720..f909e7b004e 100644 --- a/chromium/net/dns/host_resolver.h +++ b/chromium/net/dns/host_resolver.h @@ -213,13 +213,10 @@ class NET_EXPORT HostResolver { const PersistCallback& persist_callback, std::unique_ptr<const base::Value> old_data); - // Sets the default AddressFamily to use when requests have left it - // unspecified. For example, this could be used to restrict resolution - // results to AF_INET by passing in ADDRESS_FAMILY_IPV4, or to - // AF_INET6 by passing in ADDRESS_FAMILY_IPV6. See http://crbug.com/696569 for - // why this option is necessary. - virtual void SetDefaultAddressFamily(AddressFamily address_family); - virtual AddressFamily GetDefaultAddressFamily() const; + // Sets the HostResolver to assume that IPv6 is unreachable when on a wifi + // connection. See https://crbug.com/696569 for further context. + virtual void SetNoIPv6OnWifi(bool no_ipv6_on_wifi); + virtual bool GetNoIPv6OnWifi(); // Creates a HostResolver implementation that queries the underlying system. // (Except if a unit-test has changed the global HostResolverProc using diff --git a/chromium/net/dns/host_resolver_impl.cc b/chromium/net/dns/host_resolver_impl.cc index 7596c776269..fd4c065b7d7 100644 --- a/chromium/net/dns/host_resolver_impl.cc +++ b/chromium/net/dns/host_resolver_impl.cc @@ -10,6 +10,16 @@ #include <netdb.h> #endif +#if defined(OS_POSIX) +#include <netinet/in.h> +#if !defined(OS_NACL) +#include <net/if.h> +#if !defined(OS_ANDROID) +#include <ifaddrs.h> +#endif // !defined(OS_ANDROID) +#endif // !defined(OS_NACL) +#endif // defined(OS_POSIX) + #include <cmath> #include <memory> #include <utility> @@ -69,6 +79,10 @@ #include "net/base/winsock_init.h" #endif +#if defined(OS_ANDROID) +#include "net/android/network_library.h" +#endif + namespace net { namespace { @@ -217,39 +231,6 @@ bool ResemblesMulticastDNSName(const std::string& hostname) { kSuffix, kSuffixLenTrimmed); } -// Attempts to connect a UDP socket to |dest|:53. -bool IsGloballyReachable(const IPAddress& dest, - const NetLogWithSource& net_log) { - // TODO(eroman): Remove ScopedTracker below once crbug.com/455942 is fixed. - tracked_objects::ScopedTracker tracking_profile_1( - FROM_HERE_WITH_EXPLICIT_FUNCTION("455942 IsGloballyReachable")); - - std::unique_ptr<DatagramClientSocket> socket( - ClientSocketFactory::GetDefaultFactory()->CreateDatagramClientSocket( - DatagramSocket::DEFAULT_BIND, RandIntCallback(), net_log.net_log(), - net_log.source())); - int rv = socket->Connect(IPEndPoint(dest, 53)); - if (rv != OK) - return false; - IPEndPoint endpoint; - rv = socket->GetLocalAddress(&endpoint); - if (rv != OK) - return false; - DCHECK_EQ(ADDRESS_FAMILY_IPV6, endpoint.GetFamily()); - const IPAddress& address = endpoint.address(); - - bool is_link_local = - (address.bytes()[0] == 0xFE) && ((address.bytes()[1] & 0xC0) == 0x80); - if (is_link_local) - return false; - - const uint8_t kTeredoPrefix[] = {0x20, 0x01, 0, 0}; - if (IPAddressStartsWith(address, kTeredoPrefix)) - return false; - - return true; -} - // Provide a common macro to simplify code and readability. We must use a // macro as the underlying HISTOGRAM macro creates static variables. #define DNS_HISTOGRAM(name, time) UMA_HISTOGRAM_CUSTOM_TIMES(name, time, \ @@ -337,6 +318,60 @@ bool IsAllIPv4Loopback(const AddressList& addresses) { return true; } +// Returns true if it can determine that only loopback addresses are configured. +// i.e. if only 127.0.0.1 and ::1 are routable. +// Also returns false if it cannot determine this. +bool HaveOnlyLoopbackAddresses() { +#if defined(OS_ANDROID) + return android::HaveOnlyLoopbackAddresses(); +#elif defined(OS_NACL) + NOTIMPLEMENTED(); + return false; +#elif defined(OS_POSIX) + struct ifaddrs* interface_addr = NULL; + int rv = getifaddrs(&interface_addr); + if (rv != 0) { + DVLOG(1) << "getifaddrs() failed with errno = " << errno; + return false; + } + + bool result = true; + for (struct ifaddrs* interface = interface_addr; + interface != NULL; + interface = interface->ifa_next) { + if (!(IFF_UP & interface->ifa_flags)) + continue; + if (IFF_LOOPBACK & interface->ifa_flags) + continue; + const struct sockaddr* addr = interface->ifa_addr; + if (!addr) + continue; + if (addr->sa_family == AF_INET6) { + // Safe cast since this is AF_INET6. + const struct sockaddr_in6* addr_in6 = + reinterpret_cast<const struct sockaddr_in6*>(addr); + const struct in6_addr* sin6_addr = &addr_in6->sin6_addr; + if (IN6_IS_ADDR_LOOPBACK(sin6_addr) || IN6_IS_ADDR_LINKLOCAL(sin6_addr)) + continue; + } + if (addr->sa_family != AF_INET6 && addr->sa_family != AF_INET) + continue; + + result = false; + break; + } + freeifaddrs(interface_addr); + return result; +#elif defined(OS_WIN) + // TODO(wtc): implement with the GetAdaptersAddresses function. + NOTIMPLEMENTED(); + return false; +#else + NOTIMPLEMENTED(); + return false; +#endif // defined(various platforms) +} + // Creates NetLog parameters when the resolve failed. std::unique_ptr<base::Value> NetLogProcTaskFailedCallback( uint32_t attempt_number, @@ -2011,7 +2046,7 @@ HostResolverImpl::HostResolverImpl( net_log_(net_log), received_dns_config_(false), num_dns_failures_(0), - default_address_family_(ADDRESS_FAMILY_UNSPECIFIED), + assume_ipv6_failure_on_wifi_(false), use_local_ipv6_(false), last_ipv6_probe_result_(true), resolved_known_ipv6_hostname_(false), @@ -2088,7 +2123,8 @@ int HostResolverImpl::ResolveHelper(const Key& key, } if (ServeFromCache(key, info, &net_error, addresses, allow_stale, stale_info)) { - source_net_log.AddEvent(NetLogEventType::HOST_RESOLVER_IMPL_CACHE_HIT); + source_net_log.AddEvent(NetLogEventType::HOST_RESOLVER_IMPL_CACHE_HIT, + addresses->CreateNetLogCallback()); // |ServeFromCache()| will set |*stale_info| as needed. RunCacheHitCallbacks(key, info); return net_error; @@ -2096,7 +2132,8 @@ int HostResolverImpl::ResolveHelper(const Key& key, // TODO(szym): Do not do this if nsswitch.conf instructs not to. // http://crbug.com/117655 if (ServeFromHosts(key, info, addresses)) { - source_net_log.AddEvent(NetLogEventType::HOST_RESOLVER_IMPL_HOSTS_HIT); + source_net_log.AddEvent(NetLogEventType::HOST_RESOLVER_IMPL_HOSTS_HIT, + addresses->CreateNetLogCallback()); MakeNotStale(stale_info); return OK; } @@ -2185,13 +2222,13 @@ int HostResolverImpl::ResolveStaleFromCache( return rv; } -void HostResolverImpl::SetDefaultAddressFamily(AddressFamily address_family) { +void HostResolverImpl::SetNoIPv6OnWifi(bool no_ipv6_on_wifi) { DCHECK(CalledOnValidThread()); - default_address_family_ = address_family; + assume_ipv6_failure_on_wifi_ = no_ipv6_on_wifi; } -AddressFamily HostResolverImpl::GetDefaultAddressFamily() const { - return default_address_family_; +bool HostResolverImpl::GetNoIPv6OnWifi() { + return assume_ipv6_failure_on_wifi_; } bool HostResolverImpl::ResolveAsIP(const Key& key, @@ -2206,11 +2243,6 @@ bool HostResolverImpl::ResolveAsIP(const Key& key, *net_error = OK; AddressFamily family = GetAddressFamily(*ip_address); - if (family == ADDRESS_FAMILY_IPV6 && - default_address_family_ == ADDRESS_FAMILY_IPV4) { - // Don't return IPv6 addresses if default address family is set to IPv4. - *net_error = ERR_NAME_NOT_RESOLVED; - } if (key.address_family != ADDRESS_FAMILY_UNSPECIFIED && key.address_family != family) { // Don't return IPv6 addresses for IPv4 queries, and vice versa. @@ -2353,9 +2385,6 @@ HostResolverImpl::Key HostResolverImpl::GetEffectiveKeyForRequest( info.host_resolver_flags() | additional_resolver_flags_; AddressFamily effective_address_family = info.address_family(); - if (info.address_family() == ADDRESS_FAMILY_UNSPECIFIED) - effective_address_family = default_address_family_; - if (effective_address_family == ADDRESS_FAMILY_UNSPECIFIED && // When resolving IPv4 literals, there's no need to probe for IPv6. // When resolving IPv6 literals, there's no benefit to artificially @@ -2372,6 +2401,14 @@ HostResolverImpl::Key HostResolverImpl::GetEffectiveKeyForRequest( } bool HostResolverImpl::IsIPv6Reachable(const NetLogWithSource& net_log) { + // Don't bother checking if the device is on WiFi and IPv6 is assumed to not + // work on WiFi. + if (assume_ipv6_failure_on_wifi_ && + NetworkChangeNotifier::GetConnectionType() == + NetworkChangeNotifier::CONNECTION_WIFI) { + return false; + } + // Cache the result for kIPv6ProbePeriodMs (measured from after // IsGloballyReachable() completes). bool cached = true; @@ -2388,6 +2425,38 @@ bool HostResolverImpl::IsIPv6Reachable(const NetLogWithSource& net_log) { return last_ipv6_probe_result_; } +bool HostResolverImpl::IsGloballyReachable(const IPAddress& dest, + const NetLogWithSource& net_log) { + // TODO(eroman): Remove ScopedTracker below once crbug.com/455942 is fixed. + tracked_objects::ScopedTracker tracking_profile_1( + FROM_HERE_WITH_EXPLICIT_FUNCTION("455942 IsGloballyReachable")); + + std::unique_ptr<DatagramClientSocket> socket( + ClientSocketFactory::GetDefaultFactory()->CreateDatagramClientSocket( + DatagramSocket::DEFAULT_BIND, RandIntCallback(), net_log.net_log(), + net_log.source())); + int rv = socket->Connect(IPEndPoint(dest, 53)); + if (rv != OK) + return false; + IPEndPoint endpoint; + rv = socket->GetLocalAddress(&endpoint); + if (rv != OK) + return false; + DCHECK_EQ(ADDRESS_FAMILY_IPV6, endpoint.GetFamily()); + const IPAddress& address = endpoint.address(); + + bool is_link_local = + (address.bytes()[0] == 0xFE) && ((address.bytes()[1] & 0xC0) == 0x80); + if (is_link_local) + return false; + + const uint8_t kTeredoPrefix[] = {0x20, 0x01, 0, 0}; + if (IPAddressStartsWith(address, kTeredoPrefix)) + return false; + + return true; +} + void HostResolverImpl::RunLoopbackProbeJob() { new LoopbackProbeJob(weak_ptr_factory_.GetWeakPtr(), worker_task_runner_.get()); @@ -2523,11 +2592,11 @@ void HostResolverImpl::UpdateDNSConfig(bool config_changed) { if (config_changed) { // If the DNS server has changed, existing cached info could be wrong so we - // have to drop our internal cache :( Note that OS level DNS caches, such + // have to expire our internal cache :( Note that OS level DNS caches, such // as NSCD's cache should be dropped automatically by the OS when // resolv.conf changes so we don't need to do anything to clear that cache. if (cache_.get()) { - cache_->clear(); + cache_->OnNetworkChange(); cache_hit_callbacks_.clear(); } diff --git a/chromium/net/dns/host_resolver_impl.h b/chromium/net/dns/host_resolver_impl.h index 24062d91ae0..f78d39ecaa0 100644 --- a/chromium/net/dns/host_resolver_impl.h +++ b/chromium/net/dns/host_resolver_impl.h @@ -158,8 +158,8 @@ class NET_EXPORT HostResolverImpl const PersistCallback& persist_callback, std::unique_ptr<const base::Value> old_data) override; - void SetDefaultAddressFamily(AddressFamily address_family) override; - AddressFamily GetDefaultAddressFamily() const override; + void SetNoIPv6OnWifi(bool no_ipv6_on_wifi) override; + bool GetNoIPv6OnWifi() override; void set_proc_params_for_test(const ProcTaskParams& proc_params) { proc_params_ = proc_params; @@ -256,7 +256,11 @@ class NET_EXPORT HostResolverImpl // Probes IPv6 support and returns true if IPv6 support is enabled. // Results are cached, i.e. when called repeatedly this method returns result // from the first probe for some time before probing again. - virtual bool IsIPv6Reachable(const NetLogWithSource& net_log); + bool IsIPv6Reachable(const NetLogWithSource& net_log); + + // Attempts to connect a UDP socket to |dest|:53. Virtual for testing. + virtual bool IsGloballyReachable(const IPAddress& dest, + const NetLogWithSource& net_log); // Asynchronously checks if only loopback IPs are available. virtual void RunLoopbackProbeJob(); @@ -349,9 +353,9 @@ class NET_EXPORT HostResolverImpl // Number of consecutive failures of DnsTask, counted when fallback succeeds. unsigned num_dns_failures_; - // Address family to use when the request doesn't specify one. See - // http://crbug.com/696569 for why the option is needed. - AddressFamily default_address_family_; + // True if IPv6 should not be attempted when on a WiFi connection. See + // https://crbug.com/696569 for further context. + bool assume_ipv6_failure_on_wifi_; // True if DnsConfigService detected that system configuration depends on // local IPv6 connectivity. Disables probing. diff --git a/chromium/net/dns/host_resolver_impl_unittest.cc b/chromium/net/dns/host_resolver_impl_unittest.cc index ce5776a91b6..c33515e3ad3 100644 --- a/chromium/net/dns/host_resolver_impl_unittest.cc +++ b/chromium/net/dns/host_resolver_impl_unittest.cc @@ -28,6 +28,7 @@ #include "base/time/time.h" #include "net/base/address_list.h" #include "net/base/ip_address.h" +#include "net/base/mock_network_change_notifier.h" #include "net/base/net_errors.h" #include "net/dns/dns_client.h" #include "net/dns/dns_test_util.h" @@ -462,7 +463,8 @@ class TestHostResolverImpl : public HostResolverImpl { private: const bool ipv6_reachable_; - bool IsIPv6Reachable(const NetLogWithSource& net_log) override { + bool IsGloballyReachable(const IPAddress& dest, + const NetLogWithSource& net_log) override { return ipv6_reachable_; } }; @@ -2405,6 +2407,88 @@ TEST_F(HostResolverImplDnsTest, ManuallyDisableDnsClientWithPendingRequests) { EXPECT_TRUE(requests_[2]->HasOneAddress("192.168.0.3", 80)); } +TEST_F(HostResolverImplDnsTest, NoIPv6OnWifi) { + test::ScopedMockNetworkChangeNotifier notifier; + CreateSerialResolver(); // To guarantee order of resolutions. + resolver_->SetNoIPv6OnWifi(true); + + notifier.mock_network_change_notifier()->SetConnectionType( + NetworkChangeNotifier::CONNECTION_WIFI); + // Needed so IPv6 availability check isn't skipped. + ChangeDnsConfig(CreateValidDnsConfig()); + + proc_->AddRule("h1", ADDRESS_FAMILY_UNSPECIFIED, "::3"); + proc_->AddRule("h1", ADDRESS_FAMILY_IPV4, "1.0.0.1"); + proc_->AddRule("h1", ADDRESS_FAMILY_IPV6, "::2"); + + CreateRequest("h1", 80, MEDIUM, ADDRESS_FAMILY_UNSPECIFIED); + CreateRequest("h1", 80, MEDIUM, ADDRESS_FAMILY_IPV4); + CreateRequest("h1", 80, MEDIUM, ADDRESS_FAMILY_IPV6); + + // Start all of the requests. + for (size_t i = 0u; i < requests_.size(); ++i) { + EXPECT_THAT(requests_[i]->Resolve(), IsError(ERR_IO_PENDING)) << i; + } + + proc_->SignalMultiple(requests_.size()); + + // Wait for all the requests to complete. + for (size_t i = 0u; i < requests_.size(); ++i) { + EXPECT_THAT(requests_[i]->WaitForResult(), IsOk()) << i; + } + + // Since the requests all had the same priority and we limited the thread + // count to 1, they should have completed in the same order as they were + // requested. + MockHostResolverProc::CaptureList capture_list = proc_->GetCaptureList(); + ASSERT_EQ(3u, capture_list.size()); + + EXPECT_EQ("h1", capture_list[0].hostname); + EXPECT_EQ(ADDRESS_FAMILY_IPV4, capture_list[0].address_family); + + EXPECT_EQ("h1", capture_list[1].hostname); + EXPECT_EQ(ADDRESS_FAMILY_IPV4, capture_list[1].address_family); + + EXPECT_EQ("h1", capture_list[2].hostname); + EXPECT_EQ(ADDRESS_FAMILY_IPV6, capture_list[2].address_family); + + // Now check that the correct resolved IP addresses were returned. + EXPECT_TRUE(requests_[0]->HasOneAddress("1.0.0.1", 80)); + EXPECT_TRUE(requests_[1]->HasOneAddress("1.0.0.1", 80)); + EXPECT_TRUE(requests_[2]->HasOneAddress("::2", 80)); + + // Now repeat the test on non-wifi to check that IPv6 is used as normal + // after the network changes. + notifier.mock_network_change_notifier()->SetConnectionType( + NetworkChangeNotifier::CONNECTION_4G); + base::RunLoop().RunUntilIdle(); // Wait for NetworkChangeNotifier. + + CreateRequest("h1", 80, MEDIUM, ADDRESS_FAMILY_UNSPECIFIED); + CreateRequest("h1", 80, MEDIUM, ADDRESS_FAMILY_IPV4); + CreateRequest("h1", 80, MEDIUM, ADDRESS_FAMILY_IPV6); + + // The IPv4 and IPv6 requests are in cache, but the UNSPECIFIED one isn't. + EXPECT_THAT(requests_[3]->Resolve(), IsError(ERR_IO_PENDING)); + EXPECT_THAT(requests_[4]->Resolve(), IsOk()); + EXPECT_THAT(requests_[5]->Resolve(), IsOk()); + + proc_->SignalMultiple(1); + + EXPECT_THAT(requests_[3]->WaitForResult(), IsOk()); + + // The MockHostResolverProc has only seen one new request. + capture_list = proc_->GetCaptureList(); + ASSERT_EQ(4u, capture_list.size()); + + EXPECT_EQ("h1", capture_list[3].hostname); + EXPECT_EQ(ADDRESS_FAMILY_UNSPECIFIED, capture_list[3].address_family); + + // Now check that the correct resolved IP addresses were returned. + EXPECT_TRUE(requests_[3]->HasOneAddress("::3", 80)); + EXPECT_TRUE(requests_[4]->HasOneAddress("1.0.0.1", 80)); + EXPECT_TRUE(requests_[5]->HasOneAddress("::2", 80)); +} + TEST_F(HostResolverImplTest, ResolveLocalHostname) { AddressList addresses; @@ -2522,98 +2606,4 @@ TEST_F(HostResolverImplTest, CacheHitCallback) { EXPECT_EQ(1, count2); } -// Tests that after changing the default AddressFamily to IPV4, requests -// with UNSPECIFIED address family map to IPV4. -TEST_F(HostResolverImplTest, SetDefaultAddressFamily_IPv4) { - CreateSerialResolver(); // To guarantee order of resolutions. - - proc_->AddRule("h1", ADDRESS_FAMILY_IPV4, "1.0.0.1"); - proc_->AddRule("h1", ADDRESS_FAMILY_IPV6, "::2"); - - resolver_->SetDefaultAddressFamily(ADDRESS_FAMILY_IPV4); - - CreateRequest("h1", 80, MEDIUM, ADDRESS_FAMILY_UNSPECIFIED); - CreateRequest("h1", 80, MEDIUM, ADDRESS_FAMILY_IPV4); - CreateRequest("h1", 80, MEDIUM, ADDRESS_FAMILY_IPV6); - - // Start all of the requests. - for (size_t i = 0; i < requests_.size(); ++i) { - EXPECT_EQ(ERR_IO_PENDING, requests_[i]->Resolve()) << i; - } - - proc_->SignalMultiple(requests_.size()); - - // Wait for all the requests to complete. - for (size_t i = 0u; i < requests_.size(); ++i) { - EXPECT_EQ(OK, requests_[i]->WaitForResult()) << i; - } - - // Since the requests all had the same priority and we limited the thread - // count to 1, they should have completed in the same order as they were - // requested. Moreover, request0 and request1 will have been serviced by - // the same job. - - MockHostResolverProc::CaptureList capture_list = proc_->GetCaptureList(); - ASSERT_EQ(2u, capture_list.size()); - - EXPECT_EQ("h1", capture_list[0].hostname); - EXPECT_EQ(ADDRESS_FAMILY_IPV4, capture_list[0].address_family); - - EXPECT_EQ("h1", capture_list[1].hostname); - EXPECT_EQ(ADDRESS_FAMILY_IPV6, capture_list[1].address_family); - - // Now check that the correct resolved IP addresses were returned. - EXPECT_TRUE(requests_[0]->HasOneAddress("1.0.0.1", 80)); - EXPECT_TRUE(requests_[1]->HasOneAddress("1.0.0.1", 80)); - EXPECT_TRUE(requests_[2]->HasOneAddress("::2", 80)); -} - -// This is the exact same test as SetDefaultAddressFamily_IPv4, except the -// default family is set to IPv6 and the family of requests is flipped where -// specified. -TEST_F(HostResolverImplTest, SetDefaultAddressFamily_IPv6) { - CreateSerialResolver(); // To guarantee order of resolutions. - - // Don't use IPv6 replacements here since some systems don't support it. - proc_->AddRule("h1", ADDRESS_FAMILY_IPV4, "1.0.0.1"); - proc_->AddRule("h1", ADDRESS_FAMILY_IPV6, "::2"); - - resolver_->SetDefaultAddressFamily(ADDRESS_FAMILY_IPV6); - - CreateRequest("h1", 80, MEDIUM, ADDRESS_FAMILY_UNSPECIFIED); - CreateRequest("h1", 80, MEDIUM, ADDRESS_FAMILY_IPV6); - CreateRequest("h1", 80, MEDIUM, ADDRESS_FAMILY_IPV4); - - // Start all of the requests. - for (size_t i = 0; i < requests_.size(); ++i) { - EXPECT_EQ(ERR_IO_PENDING, requests_[i]->Resolve()) << i; - } - - proc_->SignalMultiple(requests_.size()); - - // Wait for all the requests to complete. - for (size_t i = 0u; i < requests_.size(); ++i) { - EXPECT_EQ(OK, requests_[i]->WaitForResult()) << i; - } - - // Since the requests all had the same priority and we limited the thread - // count to 1, they should have completed in the same order as they were - // requested. Moreover, request0 and request1 will have been serviced by - // the same job. - - MockHostResolverProc::CaptureList capture_list = proc_->GetCaptureList(); - ASSERT_EQ(2u, capture_list.size()); - - EXPECT_EQ("h1", capture_list[0].hostname); - EXPECT_EQ(ADDRESS_FAMILY_IPV6, capture_list[0].address_family); - - EXPECT_EQ("h1", capture_list[1].hostname); - EXPECT_EQ(ADDRESS_FAMILY_IPV4, capture_list[1].address_family); - - // Now check that the correct resolved IP addresses were returned. - EXPECT_TRUE(requests_[0]->HasOneAddress("::2", 80)); - EXPECT_TRUE(requests_[1]->HasOneAddress("::2", 80)); - EXPECT_TRUE(requests_[2]->HasOneAddress("1.0.0.1", 80)); -} - } // namespace net diff --git a/chromium/net/dns/mapped_host_resolver.cc b/chromium/net/dns/mapped_host_resolver.cc index 39c313c74b3..dc14b65025c 100644 --- a/chromium/net/dns/mapped_host_resolver.cc +++ b/chromium/net/dns/mapped_host_resolver.cc @@ -56,12 +56,12 @@ std::unique_ptr<base::Value> MappedHostResolver::GetDnsConfigAsValue() const { return impl_->GetDnsConfigAsValue(); } -void MappedHostResolver::SetDefaultAddressFamily(AddressFamily address_family) { - impl_->SetDefaultAddressFamily(address_family); +void MappedHostResolver::SetNoIPv6OnWifi(bool no_ipv6_on_wifi) { + impl_->SetNoIPv6OnWifi(no_ipv6_on_wifi); } -AddressFamily MappedHostResolver::GetDefaultAddressFamily() const { - return impl_->GetDefaultAddressFamily(); +bool MappedHostResolver::GetNoIPv6OnWifi() { + return impl_->GetNoIPv6OnWifi(); } int MappedHostResolver::ApplyRules(RequestInfo* info) const { diff --git a/chromium/net/dns/mapped_host_resolver.h b/chromium/net/dns/mapped_host_resolver.h index 54342e2d9c1..5ae459cbae5 100644 --- a/chromium/net/dns/mapped_host_resolver.h +++ b/chromium/net/dns/mapped_host_resolver.h @@ -57,8 +57,8 @@ class NET_EXPORT MappedHostResolver : public HostResolver { void SetDnsClientEnabled(bool enabled) override; HostCache* GetHostCache() override; std::unique_ptr<base::Value> GetDnsConfigAsValue() const override; - void SetDefaultAddressFamily(AddressFamily address_family) override; - AddressFamily GetDefaultAddressFamily() const override; + void SetNoIPv6OnWifi(bool no_ipv6_on_wifi) override; + bool GetNoIPv6OnWifi() override; private: // Modify the request |info| according to |rules_|. Returns either OK or diff --git a/chromium/net/docs/certificate-transparency.md b/chromium/net/docs/certificate-transparency.md new file mode 100644 index 00000000000..7f4b6a9130b --- /dev/null +++ b/chromium/net/docs/certificate-transparency.md @@ -0,0 +1,203 @@ +# Certificate Transparency + +## Overview + +[Certificate Transparency](http://www.certificate-transparency.org/) (CT) is a +protocol designed to fix several structural flaws in the SSL/TLS certificate +ecosystem. Described by [RFC 6962](https://tools.ietf.org/html/rfc6962) and +the ongoing work in [RFC 6962-bis](https://datatracker.ietf.org/doc/draft-ietf-trans-rfc6962-bis/), +it provides a means of providing a public, append-only data structure that +can log certificates issued by [certificate authorities](https://en.wikipedia.org/wiki/Certificate_authority) (CAs). +By logging these certificates, it becomes possible for site operators to +detect when a certificate may have been issued for their domain without their +approval, and allows browsers and the wider ecosystem to verify that CAs are +following their expected and disclosed practices. + +## Certificate Transparency Basics + +Broadly speaking, the goal of supporting Certificate Transparency is to ensure +that certificates an application trusts will be publicly disclosed in a way +sufficient for site operators and application developers to ensure that +nothing is wrong. + +At the most basic level, it's possible to simply introduce Certificate +Transparency logs as trusted third parties, much like CAs are trusted third +parties. If the logs are operated by CAs, this may not be much of a security +improvement, but if the logs are operated by non-CA entities, this might serve +as a sufficient counter-balance to the risks. + +However, with more work, it's possible to minimize the trust afforded to +Certificate Transparency logs, and to automatically and cryptographically +verify they're complying with their stated policies. This can provide even +greater assurance to application developers, site operators, and their users, +that the security expected from certificates is actually being provided. + +For a more thorough threat analysis, see +https://datatracker.ietf.org/doc/draft-ietf-trans-threat-analysis/ that +discusses the different risks in Certificate Transparency, and how the +protocol addresses them. + +## Certificate Transparency in `//net` + +A goal of `//net` is to try to ensure that code is 'safe by default' when +used. As part of serving that goal, in order to make a TLS or QUIC connection +using code in `//net`, it's necessary for the `//net` embedder to make +a decision about Certificate Transparency, much like it is necessary to +provide a [`CertVerifier`](/net/cert/cert_verifier.h) that describes how to +verify the server's certificate. + +Because this is necessary to make a TLS or QUIC connection, this requirement +surfaces upwards through each layer in the stack - applying to things like +[`HttpNetworkSession`](/net/http/http_network_session.h) and upwards to +[`URLRequestContext`](/net/url_request/url_request_context.h). + +This requirement is expressed by requiring two separate, but related, objects +to be supplied: [`CTVerifier`](/net/cert/ct_verifier.h) and +[`CTPolicyEnforcer`](/net/cert/ct_policy_enforcer.h), which together can be used +to express an application's policies with respect to Certificate Transparency. + +As part of the goal of ensuring 'safe by default', `//net` also has various +policies related to certificates issued by particular CAs whose past actions +have created unnecessary security risk for TLS connections, and as a +consequence, are required to have their certificates disclosed using +Certificate Transparency in order to ensure that the security provided by +these CAs matches the level of security and assurance that other CAs provide. +These policies are implemented in +[`TransportSecurityState`](/net/http/transport_security_state.cc), via the +`ShouldRequireCT` method. + +### CTVerifier + +`CTVerifier` is the core interface for parsing and validating the structures +defined in RFC6962 (or future versions), and for providing basic information +about the [`SignedCertificateTimestamps`](https://tools.ietf.org/html/rfc6962#section-3.2) +present within the connection. + +### CTPolicyEnforcer + +`CTPolicyEnforcer` is the core class for expressing an application's policies +around how it expects Certificate Transparency to be used by the certificates +it trusts and the CAs that issue these certificates. + +`CTPolicyEnforcer` currently expresses two policies: + * How to treat [Extended Validation](https://cabforum.org/extended-validation-2/) + certificates (those for which a [`CertVerifier`](/net/cert/cert_verifier.h) + returned `CERT_STATUS_IS_EV`). + * How to treat all certificates, regardless of EV status. + +### TransportSecurityState + +The `TransportSecurityState::ShouldRequireCT` method implements the core logic +for determining whether or not a connection attempt should be rejected if it +does not comply with an application's Certificate Transparency policy. + +The implementation in `//net` provides a default implementation that tries to +ensure maximum security, by failing connections that do not abide by an +application's Certificate Transparency policy and are from CAs known to have +security issues in the past. + +Embedders can customize or override this by providing a +`TransportSecurityState::RequireCTDelegate` implementation, which allows +applications to inspect the connection information and determine whether +Certificate Transparency should be required, should not be required, or +whether the default logic in `//net` should be used. + +## Certificate Transparency in Chromium + +As part of the open-source implementation of Chrome, the policies related to +how Chromium code treats Certificate Transparency are documented at +https://www.chromium.org/Home/chromium-security/certificate-transparency . This +page includes the policies for how Chromium determines an acceptable set of +Certificate Transparency logs and what Certificate Transparency-related +information is expected to accompany certificates, both for EV and non-EV. + +The implementation of these policies lives within [`//net/cert`](/net/cert), and +includes: + * [`ct_known_logs.h`](/net/cert/ct_known_logs.h): The set of Certificate + Transparency logs known and qualified according to Chromium's + [Certificate Transparency Log Policy](https://www.chromium.org/Home/chromium-security/certificate-transparency/log-policy). + * [`multi_log_ct_verifier.h`](/net/cert/multi_log_ct_verifier.h): Capable of + parsing `SignedCertificateTimestamps` from a variety of logs and + validating their signatures, using the keys and information provided by + `ct_known_logs.h`. + * [`ct_policy_enforcer.h`](/net/cert/ct_policy_enforcer.h): A base class that + implements the Certificate Transparency in Chrome Policy, for both EV and + non-EV certificates. + +## Certificate Transparency for `//net` Consumers + +This section is intended for code that is open-sourced as part of the +Chromium projects, intended to be included within Google Chrome, and which +uses the `//net` APIs for purposes other than loading and rendering web +content. Particularly, consumers of `//net` APIs that are communicating with +a limited or defined set of endpoints and which don't use certificates issued +by CAs. This may also include testing tools and utilities, as these are not +generally shipped to users as part of Chrome. + +Not every TLS connection may need the security assurances that +Certificate Transparency aims to provide. For example, some consumers of +`//net` APIs in Chromium use mutual authentication with self-signed +certificates and which are authenticated out-of-band. For these connections, +Certificate Transparency is not relevant, and it's not necessary to parse +or enforce Certificate Transparency related information. + +For these cases, the approach is: + * [`do_nothing_ct_verifier.h`](/net/cert/do_nothing_ct_verifier.h): A no-op + CTVerifier that does not parse or verify Certificate Transparency-related + information. + * A derived `CTPolicyEnforcer` implementation that indicates all + certificates comply with its policies. + + **TODO(rsleevi):** Provide a `DoNothingCTPolicyEnforcer` + +As documented in these classes, care should be taken before using these, as +they provide much weaker security guarantees. In general, emailing +[net-dev@chromium.org](mailto:net-dev@chromium.org) or discussing it during a +security review is the right answer, and documenting at the instantiation +points why it is safe and acceptable to use these classes. + +## Certificate Transparency for `//net` Embedders + +This section is intended for code that is used in other open-source Chromium +based projects, but are not included in Google Chrome or related. This +includes projects based on `//net`, such as +[`//components/cronet`](/components/cronet) or other +[`//content`](/content) embedders. + +For projects and third party products that embed `//net`, the policies +that are included as part of the open-source repository may not be +appropriate. This is because the implementations may rely implicitly +or explicitly on several key guarantees that come from Google-branded +distributions and products, and may not be appropriate for other cases. + +These key expectations are: + * A release cycle aligned with Chrome releases; that is, every six weeks, + and on the same versions as Chrome releases. + * Widespread support for automatic updates. + * That [`base::GetBuildTime()`](/base/build_time.h) will reflect, to + some degree, when the tree was branched and/or released, and will not + be re-generated on recompilation. That is, this implies is_official_build + for binaries released to end-users, but is not enforced in code so that + developers can accurately test release behavior. + * Support for dynamic [`base::FieldTrial`](/base/metrics/field_trial.h) + configurations. + +For projects that don't support automatic updates, or which measure 'stable' +on the order of months to years, or which don't have tools suitable to +respond to changes in the Certificate Authority and Certificate Transparency +ecosystem, it may not be appropriate to enable Certificate Transparency +support yet. + +These issues are not unique or particular to Certificate Transparency - in +many ways, they're similar to issues already faced with determining which +CAs are trusted and how to successfully validate a TLS server's certificate. +However, as the Certificate Transparency ecosystem is still growing, it may be +suitable to disable support until some of the solutions to these challenges +stablize. + +To opt-out of enforcing Certificate Transparency, using the `DoNothing` +variants discussed above provides a suitable implementation that will opt to +'fail open' instead. This may provide less security, but provides greater +stability, and minimizes the risk that these `//net` embedding clients +might cause to the Certificate Transparency ecosystem or receive from enabling +Certificate Transparency. diff --git a/chromium/net/extras/sqlite/sqlite_channel_id_store.cc b/chromium/net/extras/sqlite/sqlite_channel_id_store.cc index ebcf7ec74ba..56c6f6b9c03 100644 --- a/chromium/net/extras/sqlite/sqlite_channel_id_store.cc +++ b/chromium/net/extras/sqlite/sqlite_channel_id_store.cc @@ -33,8 +33,36 @@ namespace { // Version number of the database. -const int kCurrentVersionNumber = 5; -const int kCompatibleVersionNumber = 5; +const int kCurrentVersionNumber = 6; +const int kCompatibleVersionNumber = 6; + +// Used in the DomainBoundCerts.DBLoadStatus histogram to record the status of +// the Channel ID database when loading it from disk. It reports reasons why the +// db could fail to load, or that it was loaded successfully. +// Do not change or re-use values. +enum DbLoadStatus { + // The path for the directory containing the db doesn't exist and couldn't be + // created. + PATH_DOES_NOT_EXIST = 0, + // Unable to open the database. + FAILED_TO_OPEN = 1, + // Failed to migrate the db to the current version. + MIGRATION_FAILED = 2, + // Unable to execute SELECT statement to load contents from db. + INVALID_SELECT_STATEMENT = 3, + // New database successfully created. + NEW_DB = 4, + // Database successfully loaded. + LOADED = 5, + // Database loaded, but one or more keys were skipped. + LOADED_WITH_ERRORS = 6, + DB_LOAD_STATUS_MAX +}; + +void RecordDbLoadStatus(DbLoadStatus status) { + UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.DBLoadStatus", status, + DB_LOAD_STATUS_MAX); +} } // namespace @@ -176,12 +204,10 @@ void SQLiteChannelIDStore::Backend::LoadInBackground( // Ensure the parent directory for storing certs is created before reading // from it. const base::FilePath dir = path_.DirName(); - if (!base::PathExists(dir) && !base::CreateDirectory(dir)) + if (!base::PathExists(dir) && !base::CreateDirectory(dir)) { + RecordDbLoadStatus(PATH_DOES_NOT_EXIST); return; - - int64_t db_size = 0; - if (base::GetFileSize(path_, &db_size)) - UMA_HISTOGRAM_COUNTS("DomainBoundCerts.DBSizeInKB", db_size / 1024); + } db_.reset(new sql::Connection); db_->set_histogram_tag("DomainBoundCerts"); @@ -191,11 +217,17 @@ void SQLiteChannelIDStore::Backend::LoadInBackground( base::Bind(&SQLiteChannelIDStore::Backend::DatabaseErrorCallback, base::Unretained(this))); + DbLoadStatus load_result = LOADED; + if (!base::PathExists(path_)) { + load_result = NEW_DB; + } + if (!db_->Open(path_)) { NOTREACHED() << "Unable to open cert DB."; if (corruption_detected_) KillDatabase(); db_.reset(); + RecordDbLoadStatus(FAILED_TO_OPEN); return; } @@ -205,6 +237,7 @@ void SQLiteChannelIDStore::Backend::LoadInBackground( KillDatabase(); meta_table_.Reset(); db_.reset(); + RecordDbLoadStatus(MIGRATION_FAILED); return; } @@ -212,28 +245,29 @@ void SQLiteChannelIDStore::Backend::LoadInBackground( // Slurp all the certs into the out-vector. sql::Statement smt(db_->GetUniqueStatement( - "SELECT host, private_key, public_key, creation_time FROM channel_id")); + "SELECT host, private_key, creation_time FROM channel_id")); if (!smt.is_valid()) { if (corruption_detected_) KillDatabase(); meta_table_.Reset(); db_.reset(); + RecordDbLoadStatus(INVALID_SELECT_STATEMENT); return; } while (smt.Step()) { - std::vector<uint8_t> private_key_from_db, public_key_from_db; + std::vector<uint8_t> private_key_from_db; smt.ColumnBlobAsVector(1, &private_key_from_db); - smt.ColumnBlobAsVector(2, &public_key_from_db); std::unique_ptr<crypto::ECPrivateKey> key( - crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( - private_key_from_db, public_key_from_db)); - if (!key) + crypto::ECPrivateKey::CreateFromPrivateKeyInfo(private_key_from_db)); + if (!key) { + load_result = LOADED_WITH_ERRORS; continue; + } std::unique_ptr<DefaultChannelIDStore::ChannelID> channel_id( new DefaultChannelIDStore::ChannelID( smt.ColumnString(0), // host - base::Time::FromInternalValue(smt.ColumnInt64(3)), std::move(key))); + base::Time::FromInternalValue(smt.ColumnInt64(2)), std::move(key))); channel_ids->push_back(std::move(channel_id)); } @@ -248,6 +282,7 @@ void SQLiteChannelIDStore::Backend::LoadInBackground( 50); DVLOG(1) << "loaded " << channel_ids->size() << " in " << load_time.InMilliseconds() << " ms"; + RecordDbLoadStatus(load_result); } bool SQLiteChannelIDStore::Backend::EnsureDatabaseVersion() { @@ -263,6 +298,8 @@ bool SQLiteChannelIDStore::Backend::EnsureDatabaseVersion() { } int cur_version = meta_table_.GetVersionNumber(); + UMA_HISTOGRAM_EXACT_LINEAR("DomainBoundCerts.DBVersion", cur_version, + kCurrentVersionNumber + 1); sql::Transaction transaction(db_.get()); if (!transaction.Begin()) @@ -286,10 +323,10 @@ bool SQLiteChannelIDStore::Backend::EnsureDatabaseVersion() { "SELECT origin, cert, private_key, cert_type FROM origin_bound_certs")); sql::Statement insert_statement(db_->GetUniqueStatement( "INSERT INTO channel_id (host, private_key, public_key, creation_time) " - "VALUES (?, ?, ?, ?)")); + "VALUES (?, ?, \"\", ?)")); if (!statement.is_valid() || !insert_statement.is_valid()) { LOG(WARNING) << "Unable to update server bound cert database to " - << "version 5."; + << "version 6."; return false; } @@ -299,8 +336,16 @@ bool SQLiteChannelIDStore::Backend::EnsureDatabaseVersion() { std::string origin = statement.ColumnString(0); std::string cert_from_db; statement.ColumnBlobAsString(1, &cert_from_db); - std::string private_key; - statement.ColumnBlobAsString(2, &private_key); + std::vector<uint8_t> encrypted_private_key, private_key; + statement.ColumnBlobAsVector(2, &encrypted_private_key); + std::unique_ptr<crypto::ECPrivateKey> key( + crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( + encrypted_private_key, std::vector<uint8_t>())); + if (!key || !key->ExportPrivateKey(&private_key)) { + LOG(WARNING) << "Unable to parse encrypted private key when migrating " + "Channel ID database to version 6."; + continue; + } // Parse the cert and extract the real value and then update the DB. scoped_refptr<X509Certificate> cert(X509Certificate::CreateFromBytes( cert_from_db.data(), static_cast<int>(cert_from_db.size()))); @@ -309,18 +354,10 @@ bool SQLiteChannelIDStore::Backend::EnsureDatabaseVersion() { insert_statement.BindString(0, origin); insert_statement.BindBlob(1, private_key.data(), static_cast<int>(private_key.size())); - base::StringPiece spki; - if (!asn1::ExtractSPKIFromDERCert(cert_from_db, &spki)) { - LOG(WARNING) << "Unable to extract SPKI from cert when migrating " - "channel id database to version 5."; - return false; - } - insert_statement.BindBlob(2, spki.data(), - static_cast<int>(spki.size())); - insert_statement.BindInt64(3, cert->valid_start().ToInternalValue()); + insert_statement.BindInt64(2, cert->valid_start().ToInternalValue()); if (!insert_statement.Run()) { LOG(WARNING) << "Unable to update channel id database to " - << "version 5."; + << "version 6."; return false; } } else { @@ -330,14 +367,50 @@ bool SQLiteChannelIDStore::Backend::EnsureDatabaseVersion() { << statement.ColumnString(0); } } + } else if (cur_version == 5) { + sql::Statement select( + db_->GetUniqueStatement("SELECT host, private_key FROM channel_id")); + sql::Statement update( + db_->GetUniqueStatement("UPDATE channel_id SET private_key = ?, " + "public_key = \"\" WHERE host = ?")); + if (!select.is_valid() || !update.is_valid()) { + LOG(WARNING) << "Invalid SQL statements to update Channel ID database to " + "version 6."; + return false; + } + + while (select.Step()) { + std::string host = select.ColumnString(0); + std::vector<uint8_t> encrypted_private_key, private_key; + select.ColumnBlobAsVector(1, &encrypted_private_key); + std::unique_ptr<crypto::ECPrivateKey> key( + crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( + encrypted_private_key, std::vector<uint8_t>())); + if (!key || !key->ExportPrivateKey(&private_key)) { + LOG(WARNING) << "Unable to parse encrypted private key when migrating " + "Channel ID database to version 6."; + continue; + } + update.Reset(true); + update.BindBlob(0, private_key.data(), + static_cast<int>(private_key.size())); + update.BindString(1, host); + if (!update.Run()) { + LOG(WARNING) << "UPDATE statement failed when updating Channel ID " + "database to version 6."; + return false; + } + } } if (cur_version < kCurrentVersionNumber) { - sql::Statement statement( - db_->GetUniqueStatement("DROP TABLE origin_bound_certs")); - if (!statement.Run()) { - LOG(WARNING) << "Error dropping old origin_bound_certs table"; - return false; + if (cur_version <= 4) { + sql::Statement statement( + db_->GetUniqueStatement("DROP TABLE origin_bound_certs")); + if (!statement.Run()) { + LOG(WARNING) << "Error dropping old origin_bound_certs table"; + return false; + } } meta_table_.SetVersionNumber(kCurrentVersionNumber); meta_table_.SetCompatibleVersionNumber(kCompatibleVersionNumber); @@ -408,10 +481,17 @@ void SQLiteChannelIDStore::Backend::DeleteAllInList( void SQLiteChannelIDStore::Backend::BatchOperation( PendingOperation::OperationType op, const DefaultChannelIDStore::ChannelID& channel_id) { - // Commit every 30 seconds. - static const int kCommitIntervalMs = 30 * 1000; - // Commit right away if we have more than 512 outstanding operations. - static const size_t kCommitAfterBatchSize = 512; + // These thresholds used to be 30 seconds or 512 outstanding operations (the + // same values used in CookieMonster). Since cookies can be bound to Channel + // IDs, it's possible for a cookie to get committed to the cookie database + // before the Channel ID it is bound to gets committed. Decreasing these + // thresholds increases the chance that the Channel ID will be committed + // before or at the same time as the cookie. + + // Commit every 2 seconds. + static const int kCommitIntervalMs = 2 * 1000; + // Commit right away if we have more than 3 outstanding operations. + static const size_t kCommitAfterBatchSize = 3; // We do a full copy of the cert here, and hopefully just here. std::unique_ptr<PendingOperation> po(new PendingOperation(op, channel_id)); @@ -474,8 +554,8 @@ void SQLiteChannelIDStore::Backend::Commit() { sql::Statement add_statement(db_->GetCachedStatement( SQL_FROM_HERE, - "INSERT INTO channel_id (host, private_key, public_key, " - "creation_time) VALUES (?,?,?,?)")); + "INSERT INTO channel_id (host, private_key, public_key, creation_time) " + "VALUES (?,?,\"\",?)")); if (!add_statement.is_valid()) return; @@ -496,17 +576,13 @@ void SQLiteChannelIDStore::Backend::Commit() { case PendingOperation::CHANNEL_ID_ADD: { add_statement.Reset(true); add_statement.BindString(0, po->channel_id().server_identifier()); - std::vector<uint8_t> private_key, public_key; - if (!po->channel_id().key()->ExportEncryptedPrivateKey(&private_key)) - continue; - if (!po->channel_id().key()->ExportPublicKey(&public_key)) + std::vector<uint8_t> private_key; + if (!po->channel_id().key()->ExportPrivateKey(&private_key)) continue; add_statement.BindBlob( 1, private_key.data(), static_cast<int>(private_key.size())); - add_statement.BindBlob(2, public_key.data(), - static_cast<int>(public_key.size())); add_statement.BindInt64( - 3, po->channel_id().creation_time().ToInternalValue()); + 2, po->channel_id().creation_time().ToInternalValue()); if (!add_statement.Run()) NOTREACHED() << "Could not add a server bound cert to the DB."; break; diff --git a/chromium/net/extras/sqlite/sqlite_channel_id_store_unittest.cc b/chromium/net/extras/sqlite/sqlite_channel_id_store_unittest.cc index 7c9b223e3e1..87f6083cd36 100644 --- a/chromium/net/extras/sqlite/sqlite_channel_id_store_unittest.cc +++ b/chromium/net/extras/sqlite/sqlite_channel_id_store_unittest.cc @@ -288,7 +288,7 @@ TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV1) { sql::Statement smt(db.GetUniqueStatement( "SELECT value FROM meta WHERE key = \"version\"")); ASSERT_TRUE(smt.Step()); - EXPECT_EQ(5, smt.ColumnInt(0)); + EXPECT_EQ(6, smt.ColumnInt(0)); EXPECT_FALSE(smt.Step()); } } @@ -364,7 +364,7 @@ TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV2) { sql::Statement smt(db.GetUniqueStatement( "SELECT value FROM meta WHERE key = \"version\"")); ASSERT_TRUE(smt.Step()); - EXPECT_EQ(5, smt.ColumnInt(0)); + EXPECT_EQ(6, smt.ColumnInt(0)); EXPECT_FALSE(smt.Step()); } } @@ -442,7 +442,7 @@ TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV3) { sql::Statement smt(db.GetUniqueStatement( "SELECT value FROM meta WHERE key = \"version\"")); ASSERT_TRUE(smt.Step()); - EXPECT_EQ(5, smt.ColumnInt(0)); + EXPECT_EQ(6, smt.ColumnInt(0)); EXPECT_FALSE(smt.Step()); } } @@ -536,7 +536,83 @@ TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV4) { sql::Statement smt(db.GetUniqueStatement( "SELECT value FROM meta WHERE key = \"version\"")); ASSERT_TRUE(smt.Step()); - EXPECT_EQ(5, smt.ColumnInt(0)); + EXPECT_EQ(6, smt.ColumnInt(0)); + EXPECT_FALSE(smt.Step()); + } + } +} + +TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV5) { + // Reset the store. We'll be using a different database for this test. + store_ = NULL; + + base::FilePath v5_db_path(temp_dir_.GetPath().AppendASCII("v5db")); + + std::string key_data; + std::string cert_data; + std::unique_ptr<crypto::ECPrivateKey> key; + ASSERT_NO_FATAL_FAILURE(ReadTestKeyAndCert(&key_data, &cert_data, &key)); + + // Create a version 5 database. + { + sql::Connection db; + ASSERT_TRUE(db.Open(v5_db_path)); + ASSERT_TRUE(db.Execute( + "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," + "value LONGVARCHAR);" + "INSERT INTO \"meta\" VALUES('version','5');" + "INSERT INTO \"meta\" VALUES('last_compatible_version','5');" + "CREATE TABLE channel_id (" + "host TEXT NOT NULL UNIQUE PRIMARY KEY," + "private_key BLOB NOT NULL," + "public_key BLOB NOT NULL," + "creation_time INTEGER);")); + + sql::Statement add_smt(db.GetUniqueStatement( + "INSERT INTO channel_id (host, private_key, public_key, creation_time) " + "VALUES (?,?,?,?)")); + add_smt.BindString(0, "google.com"); + add_smt.BindBlob(1, key_data.data(), key_data.size()); + add_smt.BindBlob(2, "", 0); + add_smt.BindInt64(3, GetTestCertCreationTime().ToInternalValue()); + ASSERT_TRUE(add_smt.Run()); + + // Malformed keys will be ignored and not migrated. + ASSERT_TRUE( + db.Execute("INSERT INTO \"channel_id\" VALUES(" + "'bar.com',X'AA',X'BB',3000);")); + } + + // Load and test the DB contents twice. First time ensures that we can use + // the updated values immediately. Second time ensures that the updated + // values are saved and read correctly on next load. + for (int i = 0; i < 2; ++i) { + SCOPED_TRACE(i); + + std::vector<std::unique_ptr<DefaultChannelIDStore::ChannelID>> channel_ids; + store_ = new SQLiteChannelIDStore(v5_db_path, + base::ThreadTaskRunnerHandle::Get()); + + // Load the database and ensure the certs can be read. + Load(&channel_ids); + ASSERT_EQ(1U, channel_ids.size()); + + ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); + ASSERT_EQ(GetTestCertCreationTime(), channel_ids[0]->creation_time()); + EXPECT_TRUE(KeysEqual(key.get(), channel_ids[0]->key())); + + store_ = NULL; + // Make sure we wait until the destructor has run. + base::RunLoop().RunUntilIdle(); + + // Verify the database version is updated. + { + sql::Connection db; + ASSERT_TRUE(db.Open(v5_db_path)); + sql::Statement smt(db.GetUniqueStatement( + "SELECT value FROM meta WHERE key = \"version\"")); + ASSERT_TRUE(smt.Step()); + EXPECT_EQ(6, smt.ColumnInt(0)); EXPECT_FALSE(smt.Step()); } } diff --git a/chromium/net/filter/filter_source_stream.cc b/chromium/net/filter/filter_source_stream.cc index 603bd703c8e..688d6927055 100644 --- a/chromium/net/filter/filter_source_stream.cc +++ b/chromium/net/filter/filter_source_stream.cc @@ -17,6 +17,12 @@ namespace net { namespace { +const char kDeflate[] = "deflate"; +const char kGZip[] = "gzip"; +const char kSdch[] = "sdch"; +const char kXGZip[] = "x-gzip"; +const char kBrotli[] = "br"; + const size_t kBufferSize = 32 * 1024; } // namespace @@ -67,6 +73,28 @@ std::string FilterSourceStream::Description() const { return next_type_string + "," + GetTypeAsString(); } +FilterSourceStream::SourceType FilterSourceStream::ParseEncodingType( + const std::string& encoding) { + if (encoding.empty()) { + return TYPE_NONE; + } else if (base::LowerCaseEqualsASCII(encoding, kBrotli)) { + return TYPE_BROTLI; + } else if (base::LowerCaseEqualsASCII(encoding, kDeflate)) { + return TYPE_DEFLATE; + } else if (base::LowerCaseEqualsASCII(encoding, kGZip) || + base::LowerCaseEqualsASCII(encoding, kXGZip)) { + return TYPE_GZIP; + } else if (base::LowerCaseEqualsASCII(encoding, kSdch)) { + return TYPE_SDCH; + } else { + return TYPE_UNKNOWN; + } +} + +void FilterSourceStream::ReportContentDecodingFailed(SourceType type) { + UMA_HISTOGRAM_ENUMERATION("Net.ContentDecodingFailed2", type, TYPE_MAX); +} + int FilterSourceStream::DoLoop(int result) { DCHECK_NE(STATE_NONE, next_state_); @@ -136,8 +164,7 @@ int FilterSourceStream::DoFilterData() { consumed_bytes == drainable_input_buffer_->BytesRemaining()); if (bytes_output == ERR_CONTENT_DECODING_FAILED) { - UMA_HISTOGRAM_ENUMERATION("Net.ContentDecodingFailed2.FilterType", type(), - TYPE_MAX); + ReportContentDecodingFailed(type()); } // FilterData() is not allowed to return ERR_IO_PENDING. DCHECK_NE(ERR_IO_PENDING, bytes_output); diff --git a/chromium/net/filter/filter_source_stream.h b/chromium/net/filter/filter_source_stream.h index 3d24bd1a921..4855dfc089d 100644 --- a/chromium/net/filter/filter_source_stream.h +++ b/chromium/net/filter/filter_source_stream.h @@ -38,6 +38,10 @@ class NET_EXPORT_PRIVATE FilterSourceStream : public SourceStream { std::string Description() const override; + static SourceType ParseEncodingType(const std::string& encoding); + + static void ReportContentDecodingFailed(SourceType type); + private: enum State { STATE_NONE, diff --git a/chromium/net/filter/filter_unittest.cc b/chromium/net/filter/filter_unittest.cc deleted file mode 100644 index d2b6afcf9ec..00000000000 --- a/chromium/net/filter/filter_unittest.cc +++ /dev/null @@ -1,213 +0,0 @@ -// Copyright 2014 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/filter/filter.h" - -#include <utility> - -#include "base/macros.h" -#include "net/base/io_buffer.h" -#include "net/filter/mock_filter_context.h" -#include "testing/gtest/include/gtest/gtest.h" - -namespace net { - -namespace { - -class PassThroughFilter : public Filter { - public: - PassThroughFilter() : Filter(FILTER_TYPE_UNSUPPORTED) {} - - FilterStatus ReadFilteredData(char* dest_buffer, int* dest_len) override { - return CopyOut(dest_buffer, dest_len); - } - - DISALLOW_COPY_AND_ASSIGN(PassThroughFilter); -}; - -} // namespace - -TEST(FilterTest, ContentTypeId) { - // Check for basic translation of Content-Encoding, including case variations. - EXPECT_EQ(Filter::FILTER_TYPE_DEFLATE, - Filter::ConvertEncodingToType("deflate")); - EXPECT_EQ(Filter::FILTER_TYPE_DEFLATE, - Filter::ConvertEncodingToType("deflAte")); - EXPECT_EQ(Filter::FILTER_TYPE_GZIP, - Filter::ConvertEncodingToType("gzip")); - EXPECT_EQ(Filter::FILTER_TYPE_GZIP, - Filter::ConvertEncodingToType("GzIp")); - EXPECT_EQ(Filter::FILTER_TYPE_GZIP, - Filter::ConvertEncodingToType("x-gzip")); - EXPECT_EQ(Filter::FILTER_TYPE_GZIP, - Filter::ConvertEncodingToType("X-GzIp")); - EXPECT_EQ(Filter::FILTER_TYPE_SDCH, - Filter::ConvertEncodingToType("sdch")); - EXPECT_EQ(Filter::FILTER_TYPE_SDCH, - Filter::ConvertEncodingToType("sDcH")); - EXPECT_EQ(Filter::FILTER_TYPE_UNSUPPORTED, - Filter::ConvertEncodingToType("weird")); - EXPECT_EQ(Filter::FILTER_TYPE_UNSUPPORTED, - Filter::ConvertEncodingToType("strange")); -} - -TEST(FilterTest, SdchEncoding) { - // Handle content encodings including SDCH. - const std::string kTextHtmlMime("text/html"); - MockFilterContext filter_context; - // Empty handle indicates to filter that SDCH is active. - filter_context.SetSdchResponse( - SdchManager::CreateEmptyDictionarySetForTesting()); - - std::vector<Filter::FilterType> encoding_types; - - // Check for most common encoding, and verify it survives unchanged. - encoding_types.clear(); - encoding_types.push_back(Filter::FILTER_TYPE_SDCH); - encoding_types.push_back(Filter::FILTER_TYPE_GZIP); - filter_context.SetMimeType(kTextHtmlMime); - Filter::FixupEncodingTypes(filter_context, &encoding_types); - ASSERT_EQ(2U, encoding_types.size()); - EXPECT_EQ(Filter::FILTER_TYPE_SDCH, encoding_types[0]); - EXPECT_EQ(Filter::FILTER_TYPE_GZIP, encoding_types[1]); - - // Unchanged even with other mime types. - encoding_types.clear(); - encoding_types.push_back(Filter::FILTER_TYPE_SDCH); - encoding_types.push_back(Filter::FILTER_TYPE_GZIP); - filter_context.SetMimeType("other/type"); - Filter::FixupEncodingTypes(filter_context, &encoding_types); - ASSERT_EQ(2U, encoding_types.size()); - EXPECT_EQ(Filter::FILTER_TYPE_SDCH, encoding_types[0]); - EXPECT_EQ(Filter::FILTER_TYPE_GZIP, encoding_types[1]); - - // Solo SDCH is extended to include optional gunzip. - encoding_types.clear(); - encoding_types.push_back(Filter::FILTER_TYPE_SDCH); - Filter::FixupEncodingTypes(filter_context, &encoding_types); - ASSERT_EQ(2U, encoding_types.size()); - EXPECT_EQ(Filter::FILTER_TYPE_SDCH, encoding_types[0]); - EXPECT_EQ(Filter::FILTER_TYPE_GZIP_HELPING_SDCH, encoding_types[1]); -} - -TEST(FilterTest, MissingSdchEncoding) { - // Handle interesting case where entire SDCH encoding assertion "got lost." - const std::string kTextHtmlMime("text/html"); - MockFilterContext filter_context; - filter_context.SetSdchResponse( - SdchManager::CreateEmptyDictionarySetForTesting()); - - std::vector<Filter::FilterType> encoding_types; - - // Loss of encoding, but it was an SDCH response with html type. - encoding_types.clear(); - filter_context.SetMimeType(kTextHtmlMime); - Filter::FixupEncodingTypes(filter_context, &encoding_types); - ASSERT_EQ(2U, encoding_types.size()); - EXPECT_EQ(Filter::FILTER_TYPE_SDCH_POSSIBLE, encoding_types[0]); - EXPECT_EQ(Filter::FILTER_TYPE_GZIP_HELPING_SDCH, encoding_types[1]); - - // Loss of encoding, but it was an SDCH response with a prefix that says it - // was an html type. Note that it *should* be the case that a precise match - // with "text/html" we be collected by GetMimeType() and passed in, but we - // coded the fixup defensively (scanning for a prefix of "text/html", so this - // is an example which could survive such confusion in the caller). - encoding_types.clear(); - filter_context.SetMimeType("text/html; charset=UTF-8"); - Filter::FixupEncodingTypes(filter_context, &encoding_types); - ASSERT_EQ(2U, encoding_types.size()); - EXPECT_EQ(Filter::FILTER_TYPE_SDCH_POSSIBLE, encoding_types[0]); - EXPECT_EQ(Filter::FILTER_TYPE_GZIP_HELPING_SDCH, encoding_types[1]); - - // No encoding, but it was an SDCH response with non-html type. - encoding_types.clear(); - filter_context.SetMimeType("other/mime"); - Filter::FixupEncodingTypes(filter_context, &encoding_types); - ASSERT_EQ(2U, encoding_types.size()); - EXPECT_EQ(Filter::FILTER_TYPE_SDCH_POSSIBLE, encoding_types[0]); - EXPECT_EQ(Filter::FILTER_TYPE_GZIP_HELPING_SDCH, encoding_types[1]); -} - -// FixupEncodingTypes() should leave gzip encoding intact. -TEST(FilterTest, Gzip) { - const std::string kUrl("http://example.com/foo"); - MockFilterContext filter_context; - std::vector<Filter::FilterType> encoding_types; - filter_context.SetURL(GURL(kUrl)); - - Filter::FixupEncodingTypes(filter_context, &encoding_types); - EXPECT_EQ(0U, encoding_types.size()); - - encoding_types.clear(); - encoding_types.push_back(Filter::FILTER_TYPE_GZIP); - Filter::FixupEncodingTypes(filter_context, &encoding_types); - ASSERT_EQ(1U, encoding_types.size()); - EXPECT_EQ(Filter::FILTER_TYPE_GZIP, encoding_types.front()); -} - -// Make sure a series of three pass-through filters copies the data cleanly. -// Regression test for http://crbug.com/418975. -TEST(FilterTest, ThreeFilterChain) { - std::unique_ptr<PassThroughFilter> filter1(new PassThroughFilter); - std::unique_ptr<PassThroughFilter> filter2(new PassThroughFilter); - std::unique_ptr<PassThroughFilter> filter3(new PassThroughFilter); - - filter1->InitBuffer(32 * 1024); - filter2->InitBuffer(32 * 1024); - filter3->InitBuffer(32 * 1024); - - filter2->next_filter_ = std::move(filter3); - filter1->next_filter_ = std::move(filter2); - - // Initialize the input array with a varying byte sequence. - const size_t input_array_size = 64 * 1024; - char input_array[input_array_size]; - size_t read_array_index = 0; - for (size_t i = 0; i < input_array_size; i++) { - input_array[i] = i % 113; - } - - const size_t output_array_size = 4 * 1024; - char output_array[output_array_size]; - - size_t compare_array_index = 0; - - do { - // Read data from the filter chain. - int amount_read = output_array_size; - Filter::FilterStatus status = filter1->ReadData(output_array, &amount_read); - EXPECT_NE(Filter::FILTER_ERROR, status); - EXPECT_EQ(0, memcmp(output_array, input_array + compare_array_index, - amount_read)); - compare_array_index += amount_read; - - // Detect the various indications that data transfer along the chain is - // complete. - if (Filter::FILTER_DONE == status || Filter::FILTER_ERROR == status || - (Filter::FILTER_OK == status && amount_read == 0) || - (Filter::FILTER_NEED_MORE_DATA == status && - read_array_index == input_array_size)) - break; - - if (Filter::FILTER_OK == status) - continue; - - // Write needed data into the filter chain. - ASSERT_EQ(Filter::FILTER_NEED_MORE_DATA, status); - ASSERT_NE(0, filter1->stream_buffer_size()); - size_t amount_to_copy = std::min( - static_cast<size_t>(filter1->stream_buffer_size()), - input_array_size - read_array_index); - memcpy(filter1->stream_buffer()->data(), - input_array + read_array_index, - amount_to_copy); - filter1->FlushStreamBuffer(amount_to_copy); - read_array_index += amount_to_copy; - } while (true); - - EXPECT_EQ(read_array_index, input_array_size); - EXPECT_EQ(compare_array_index, input_array_size); -} - -} // Namespace net diff --git a/chromium/net/filter/source_stream_type_list.h b/chromium/net/filter/source_stream_type_list.h index 2b020eed182..70975a8104b 100644 --- a/chromium/net/filter/source_stream_type_list.h +++ b/chromium/net/filter/source_stream_type_list.h @@ -12,3 +12,5 @@ SOURCE_STREAM_TYPE(SDCH) SOURCE_STREAM_TYPE(SDCH_POSSIBLE) SOURCE_STREAM_TYPE(INVALID) SOURCE_STREAM_TYPE(NONE) +SOURCE_STREAM_TYPE(REJECTED) +SOURCE_STREAM_TYPE(UNKNOWN) diff --git a/chromium/net/ftp/ftp_util.cc b/chromium/net/ftp/ftp_util.cc index a66845300f4..4af3603079b 100644 --- a/chromium/net/ftp/ftp_util.cc +++ b/chromium/net/ftp/ftp_util.cc @@ -9,6 +9,7 @@ #include "base/i18n/case_conversion.h" #include "base/i18n/char_iterator.h" +#include "base/i18n/unicodestring.h" #include "base/logging.h" #include "base/macros.h" #include "base/memory/singleton.h" @@ -175,8 +176,8 @@ class AbbreviatedMonthsMap { format_symbols.getShortMonths(months_count); for (int32_t month = 0; month < months_count; month++) { - base::string16 month_name(months[month].getBuffer(), - static_cast<size_t>(months[month].length())); + base::string16 month_name( + base::i18n::UnicodeStringToString16(months[month])); // Ignore the case of the month names. The simplest way to handle that // is to make everything lowercase. diff --git a/chromium/net/http/BUILD.gn b/chromium/net/http/BUILD.gn new file mode 100644 index 00000000000..72f6d696d22 --- /dev/null +++ b/chromium/net/http/BUILD.gn @@ -0,0 +1,26 @@ +# Copyright 2017 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +import("//build/compiled_action.gni") + +compiled_action_foreach("transport_security_state_unittest_data") { + tool = "//net/tools/transport_security_state_generator" + sources = [ + "transport_security_state_static_unittest1.json", + "transport_security_state_static_unittest2.json", + "transport_security_state_static_unittest3.json", + ] + + # Inputs in order expected by the command line of the tool. + inputs = [ + "transport_security_state_static_unittest.pins", + "transport_security_state_static_unittest.template", + ] + outputs = [ + "$target_gen_dir/{{source_name_part}}.h", + ] + args = + [ rebase_path("{{source_name_part}}.json", root_build_dir) ] + + rebase_path(inputs, root_build_dir) + rebase_path(outputs, root_build_dir) +} diff --git a/chromium/net/http/bidirectional_stream.cc b/chromium/net/http/bidirectional_stream.cc index f9786208c14..a8fe3adb7f4 100644 --- a/chromium/net/http/bidirectional_stream.cc +++ b/chromium/net/http/bidirectional_stream.cc @@ -18,7 +18,6 @@ #include "net/base/load_flags.h" #include "net/base/net_errors.h" #include "net/http/bidirectional_stream_request_info.h" -#include "net/http/http_log_util.h" #include "net/http/http_network_session.h" #include "net/http/http_response_headers.h" #include "net/http/http_stream.h" @@ -28,6 +27,7 @@ #include "net/log/net_log_source_type.h" #include "net/spdy/spdy_header_block.h" #include "net/spdy/spdy_http_utils.h" +#include "net/spdy/spdy_log_util.h" #include "net/ssl/ssl_cert_request_info.h" #include "net/ssl/ssl_config.h" #include "url/gurl.h" @@ -123,7 +123,9 @@ BidirectionalStream::BidirectionalStream( stream_request_.reset( session->http_stream_factory()->RequestBidirectionalStreamImpl( http_request_info, request_info_->priority, server_ssl_config, - server_ssl_config, this, net_log_)); + server_ssl_config, this, + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, net_log_)); // Check that this call cannot fail to set a non-NULL |stream_request_|. DCHECK(stream_request_); // Check that HttpStreamFactory does not invoke OnBidirectionalStreamImplReady diff --git a/chromium/net/http/disk_cache_based_quic_server_info.cc b/chromium/net/http/disk_cache_based_quic_server_info.cc index 2d4251b497f..b149fc95ae2 100644 --- a/chromium/net/http/disk_cache_based_quic_server_info.cc +++ b/chromium/net/http/disk_cache_based_quic_server_info.cc @@ -10,6 +10,7 @@ #include "base/logging.h" #include "base/metrics/histogram_macros.h" #include "base/stl_util.h" +#include "base/trace_event/memory_usage_estimator.h" #include "net/base/completion_callback.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" @@ -185,6 +186,15 @@ void DiskCacheBasedQuicServerInfo::OnExternalCacheHit() { backend_->OnExternalCacheHit(key()); } +size_t DiskCacheBasedQuicServerInfo::EstimateMemoryUsage() const { + return base::trace_event::EstimateMemoryUsage(new_data_) + + base::trace_event::EstimateMemoryUsage(pending_write_data_) + + base::trace_event::EstimateMemoryUsage(server_id_) + + (read_buffer_ == nullptr ? 0 : read_buffer_->size()) + + (write_buffer_ == nullptr ? 0 : write_buffer_->size()) + + base::trace_event::EstimateMemoryUsage(data_); +} + std::string DiskCacheBasedQuicServerInfo::key() const { return "quicserverinfo:" + server_id_.ToString(); } @@ -335,14 +345,14 @@ int DiskCacheBasedQuicServerInfo::DoRead() { return OK; } - read_buffer_ = new IOBuffer(size); + read_buffer_ = new IOBufferWithSize(size); state_ = READ_COMPLETE; return entry_->ReadData( 0 /* index */, 0 /* offset */, read_buffer_.get(), size, io_callback_); } int DiskCacheBasedQuicServerInfo::DoWrite() { - write_buffer_ = new IOBuffer(new_data_.size()); + write_buffer_ = new IOBufferWithSize(new_data_.size()); memcpy(write_buffer_->data(), new_data_.data(), new_data_.size()); state_ = WRITE_COMPLETE; diff --git a/chromium/net/http/disk_cache_based_quic_server_info.h b/chromium/net/http/disk_cache_based_quic_server_info.h index 4b0ee09166d..2396f8c5b34 100644 --- a/chromium/net/http/disk_cache_based_quic_server_info.h +++ b/chromium/net/http/disk_cache_based_quic_server_info.h @@ -20,7 +20,7 @@ namespace net { class HttpCache; -class IOBuffer; +class IOBufferWithSize; class QuicServerId; // DiskCacheBasedQuicServerInfo fetches information about a QUIC server from @@ -43,6 +43,7 @@ class NET_EXPORT_PRIVATE DiskCacheBasedQuicServerInfo bool IsReadyToPersist() override; void Persist() override; void OnExternalCacheHit() override; + size_t EstimateMemoryUsage() const override; private: struct CacheOperationDataShim; @@ -118,8 +119,8 @@ class NET_EXPORT_PRIVATE DiskCacheBasedQuicServerInfo disk_cache::Backend* backend_; disk_cache::Entry* entry_; CompletionCallback wait_for_ready_callback_; - scoped_refptr<IOBuffer> read_buffer_; - scoped_refptr<IOBuffer> write_buffer_; + scoped_refptr<IOBufferWithSize> read_buffer_; + scoped_refptr<IOBufferWithSize> write_buffer_; std::string data_; base::TimeTicks load_start_time_; FailureReason last_failure_; diff --git a/chromium/net/http/http_auth_cache.cc b/chromium/net/http/http_auth_cache.cc index 9c073bdf58e..75f794dea04 100644 --- a/chromium/net/http/http_auth_cache.cc +++ b/chromium/net/http/http_auth_cache.cc @@ -6,6 +6,7 @@ #include "base/logging.h" #include "base/metrics/histogram_macros.h" +#include "base/stl_util.h" #include "base/strings/string_util.h" namespace { @@ -50,7 +51,7 @@ void CheckOriginIsValid(const GURL& origin) { DCHECK(origin.GetOrigin() == origin); } -// Functor used by remove_if. +// Functor used by EraseIf. struct IsEnclosedBy { explicit IsEnclosedBy(const std::string& path) : path(path) { } bool operator() (const std::string& x) const { @@ -200,7 +201,7 @@ void HttpAuthCache::Entry::AddPath(const std::string& path) { std::string parent_dir = GetParentDirectory(path); if (!HasEnclosingPath(parent_dir, NULL)) { // Remove any entries that have been subsumed by the new entry. - paths_.remove_if(IsEnclosedBy(parent_dir)); + base::EraseIf(paths_, IsEnclosedBy(parent_dir)); bool evicted = false; // Failsafe to prevent unbounded memory growth of the cache. @@ -254,7 +255,7 @@ bool HttpAuthCache::Remove(const GURL& origin, void HttpAuthCache::ClearEntriesAddedWithin(base::TimeDelta duration) { base::TimeTicks begin_time = base::TimeTicks::Now() - duration; - entries_.remove_if([begin_time](const Entry& entry) { + base::EraseIf(entries_, [begin_time](const Entry& entry) { return entry.creation_time_ >= begin_time; }); } diff --git a/chromium/net/http/http_auth_filter_win.h b/chromium/net/http/http_auth_filter_win.h deleted file mode 100644 index d2c0af4a09d..00000000000 --- a/chromium/net/http/http_auth_filter_win.h +++ /dev/null @@ -1,37 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_HTTP_HTTP_AUTH_FILTER_WIN_H_ -#define NET_HTTP_HTTP_AUTH_FILTER_WIN_H_ - -#include "build/build_config.h" - -#if defined(OS_WIN) -#include "base/strings/string16.h" - -namespace net { - -enum RegistryHiveType { - CURRENT_USER, - LOCAL_MACHINE -}; - -namespace http_auth { - -// The common path to all the registry keys containing domain zone information. -extern const base::char16 kRegistryInternetSettings[]; -extern const base::char16 kSettingsMachineOnly[]; -extern const base::char16* kRegistryEntries[3]; // L"http", L"https", and L"*" - -extern const base::char16* GetRegistryWhitelistKey(); -// Override the whitelist key. Passing in NULL restores the default value. -extern void SetRegistryWhitelistKey(const base::char16* new_whitelist_key); -extern bool UseOnlyMachineSettings(); - -} // namespace http_auth - -} // namespace net -#endif // OS_WIN - -#endif // NET_HTTP_HTTP_AUTH_FILTER_WIN_H_ diff --git a/chromium/net/http/http_basic_stream.cc b/chromium/net/http/http_basic_stream.cc index 312b927851b..3a85a6df816 100644 --- a/chromium/net/http/http_basic_stream.cc +++ b/chromium/net/http/http_basic_stream.cc @@ -99,6 +99,11 @@ bool HttpBasicStream::GetLoadTimingInfo( load_timing_info); } +bool HttpBasicStream::GetAlternativeService( + AlternativeService* alternative_service) const { + return false; +} + void HttpBasicStream::GetSSLInfo(SSLInfo* ssl_info) { parser()->GetSSLInfo(ssl_info); } diff --git a/chromium/net/http/http_basic_stream.h b/chromium/net/http/http_basic_stream.h index 4f595c92f8a..cf0d65d2a47 100644 --- a/chromium/net/http/http_basic_stream.h +++ b/chromium/net/http/http_basic_stream.h @@ -72,6 +72,9 @@ class NET_EXPORT_PRIVATE HttpBasicStream : public HttpStream { bool GetLoadTimingInfo(LoadTimingInfo* load_timing_info) const override; + bool GetAlternativeService( + AlternativeService* alternative_service) const override; + void GetSSLInfo(SSLInfo* ssl_info) override; void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info) override; diff --git a/chromium/net/http/http_cache.cc b/chromium/net/http/http_cache.cc index 1dc390a474c..bf423eccf48 100644 --- a/chromium/net/http/http_cache.cc +++ b/chromium/net/http/http_cache.cc @@ -130,9 +130,9 @@ struct HttpCache::PendingOp { // Returns the estimate of dynamically allocated memory in bytes. size_t EstimateMemoryUsage() const { - // |disk_entry| is tracked in |backend|. - return base::trace_event::EstimateMemoryUsage(backend) + - base::trace_event::EstimateMemoryUsage(writer) + + // Note that backend isn't counted because it doesn't provide an EMU + // function. + return base::trace_event::EstimateMemoryUsage(writer) + base::trace_event::EstimateMemoryUsage(pending_queue); } @@ -512,16 +512,17 @@ void HttpCache::DumpMemoryStats(base::trace_event::ProcessMemoryDump* pmd, const std::string& parent_absolute_name) const { // Skip tracking members like |clock_| and |backend_factory_| because they // don't allocate. - base::trace_event::MemoryAllocatorDump* dump = - pmd->CreateAllocatorDump(parent_absolute_name + "/http_cache"); - dump->AddScalar( - base::trace_event::MemoryAllocatorDump::kNameSize, - base::trace_event::MemoryAllocatorDump::kUnitsBytes, - base::trace_event::EstimateMemoryUsage(disk_cache_) + - base::trace_event::EstimateMemoryUsage(active_entries_) + - base::trace_event::EstimateMemoryUsage(doomed_entries_) + - base::trace_event::EstimateMemoryUsage(playback_cache_map_) + - base::trace_event::EstimateMemoryUsage(pending_ops_)); + std::string name = parent_absolute_name + "/http_cache"; + base::trace_event::MemoryAllocatorDump* dump = pmd->CreateAllocatorDump(name); + size_t size = base::trace_event::EstimateMemoryUsage(active_entries_) + + base::trace_event::EstimateMemoryUsage(doomed_entries_) + + base::trace_event::EstimateMemoryUsage(playback_cache_map_) + + base::trace_event::EstimateMemoryUsage(pending_ops_); + if (disk_cache_) + size += disk_cache_->DumpMemoryStats(pmd, name); + + dump->AddScalar(base::trace_event::MemoryAllocatorDump::kNameSize, + base::trace_event::MemoryAllocatorDump::kUnitsBytes, size); } //----------------------------------------------------------------------------- diff --git a/chromium/net/http/http_cache_transaction.cc b/chromium/net/http/http_cache_transaction.cc index ede3541aa40..51894465074 100644 --- a/chromium/net/http/http_cache_transaction.cc +++ b/chromium/net/http/http_cache_transaction.cc @@ -13,23 +13,20 @@ #include <algorithm> #include <string> +#include "base/auto_reset.h" #include "base/bind.h" #include "base/callback_helpers.h" #include "base/compiler_specific.h" -#include "base/format_macros.h" #include "base/location.h" #include "base/macros.h" #include "base/metrics/histogram_macros.h" #include "base/metrics/sparse_histogram.h" #include "base/single_thread_task_runner.h" #include "base/strings/string_number_conversions.h" // For HexEncode. -#include "base/strings/string_piece.h" #include "base/strings/string_util.h" // For LowerCaseEqualsASCII. -#include "base/strings/stringprintf.h" #include "base/threading/thread_task_runner_handle.h" #include "base/time/clock.h" #include "base/trace_event/trace_event.h" -#include "base/values.h" #include "net/base/auth.h" #include "net/base/load_flags.h" #include "net/base/load_timing_info.h" @@ -55,9 +52,6 @@ using CacheEntryStatus = HttpResponseInfo::CacheEntryStatus; namespace { -// TODO(ricea): Move this to HttpResponseHeaders once it is standardised. -static const char kFreshnessHeader[] = "Resource-Freshness"; - // From http://tools.ietf.org/html/draft-ietf-httpbis-p6-cache-21#section-6 // a "non-error response" is one with a 2xx (Successful) or 3xx // (Redirection) status code. @@ -75,13 +69,6 @@ void RecordNoStoreHeaderHistogram(int load_flags, } } -enum ExternallyConditionalizedType { - EXTERNALLY_CONDITIONALIZED_CACHE_REQUIRES_VALIDATION, - EXTERNALLY_CONDITIONALIZED_CACHE_USABLE, - EXTERNALLY_CONDITIONALIZED_MISMATCHED_VALIDATORS, - EXTERNALLY_CONDITIONALIZED_MAX -}; - } // namespace #define CACHE_STATUS_HISTOGRAMS(type) \ @@ -190,6 +177,7 @@ HttpCache::Transaction::Transaction(RequestPriority priority, HttpCache* cache) total_received_bytes_(0), total_sent_bytes_(0), websocket_handshake_stream_base_create_helper_(NULL), + in_do_loop_(false), weak_factory_(this) { TRACE_EVENT0("io", "HttpCacheTransaction::Transaction"); static_assert(HttpCache::Transaction::kNumValidationHeaders == @@ -712,12 +700,16 @@ size_t HttpCache::Transaction::EstimateMemoryUsage() const { // Like examples 2-4, only CacheToggleUnusedSincePrefetch* is inserted between // CacheReadResponse* and CacheDispatchValidation. int HttpCache::Transaction::DoLoop(int result) { - DCHECK(next_state_ != STATE_NONE); + DCHECK_NE(STATE_UNSET, next_state_); + DCHECK_NE(STATE_NONE, next_state_); + DCHECK(!in_do_loop_); int rv = result; do { State state = next_state_; - next_state_ = STATE_NONE; + next_state_ = STATE_UNSET; + base::AutoReset<bool> scoped_in_do_loop(&in_do_loop_, true); + switch (state) { case STATE_GET_BACKEND: DCHECK_EQ(OK, rv); @@ -879,10 +871,12 @@ int HttpCache::Transaction::DoLoop(int result) { rv = DoCacheWriteTruncatedResponseComplete(rv); break; default: - NOTREACHED() << "bad state"; + NOTREACHED() << "bad state " << state; rv = ERR_FAILED; break; } + DCHECK(next_state_ != STATE_UNSET) << "Previous state was " << state; + } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE); if (rv != ERR_IO_PENDING && !callback_.is_null()) { @@ -895,7 +889,7 @@ int HttpCache::Transaction::DoLoop(int result) { int HttpCache::Transaction::DoGetBackend() { cache_pending_ = true; - next_state_ = STATE_GET_BACKEND_COMPLETE; + TransitionToState(STATE_GET_BACKEND_COMPLETE); net_log_.BeginEvent(NetLogEventType::HTTP_CACHE_GET_BACKEND); return cache_->GetBackendForTransaction(this); } @@ -913,6 +907,7 @@ int HttpCache::Transaction::DoGetBackendComplete(int result) { if (effective_load_flags_ & LOAD_ONLY_FROM_CACHE) { if (effective_load_flags_ & LOAD_BYPASS_CACHE) { // The client has asked for nonsense. + TransitionToState(STATE_NONE); return ERR_CACHE_MISS; } mode_ = READ; @@ -950,17 +945,19 @@ int HttpCache::Transaction::DoGetBackendComplete(int result) { // If must use cache, then we must fail. This can happen for back/forward // navigations to a page generated via a form post. - if (!(mode_ & READ) && effective_load_flags_ & LOAD_ONLY_FROM_CACHE) + if (!(mode_ & READ) && effective_load_flags_ & LOAD_ONLY_FROM_CACHE) { + TransitionToState(STATE_NONE); return ERR_CACHE_MISS; + } if (mode_ == NONE) { if (partial_) { partial_->RestoreHeaders(&custom_request_->extra_headers); partial_.reset(); } - next_state_ = STATE_SEND_REQUEST; + TransitionToState(STATE_SEND_REQUEST); } else { - next_state_ = STATE_INIT_ENTRY; + TransitionToState(STATE_INIT_ENTRY); } // This is only set if we have something to do with the response. @@ -973,22 +970,24 @@ int HttpCache::Transaction::DoInitEntry() { TRACE_EVENT0("io", "HttpCacheTransaction::DoInitEntry"); DCHECK(!new_entry_); - if (!cache_.get()) + if (!cache_.get()) { + TransitionToState(STATE_NONE); return ERR_UNEXPECTED; + } if (mode_ == WRITE) { - next_state_ = STATE_DOOM_ENTRY; + TransitionToState(STATE_DOOM_ENTRY); return OK; } - next_state_ = STATE_OPEN_ENTRY; + TransitionToState(STATE_OPEN_ENTRY); return OK; } int HttpCache::Transaction::DoOpenEntry() { TRACE_EVENT0("io", "HttpCacheTransaction::DoOpenEntry"); DCHECK(!new_entry_); - next_state_ = STATE_OPEN_ENTRY_COMPLETE; + TransitionToState(STATE_OPEN_ENTRY_COMPLETE); cache_pending_ = true; net_log_.BeginEvent(NetLogEventType::HTTP_CACHE_OPEN_ENTRY); first_cache_access_since_ = TimeTicks::Now(); @@ -1004,12 +1003,12 @@ int HttpCache::Transaction::DoOpenEntryComplete(int result) { result); cache_pending_ = false; if (result == OK) { - next_state_ = STATE_ADD_TO_ENTRY; + TransitionToState(STATE_ADD_TO_ENTRY); return OK; } if (result == ERR_CACHE_RACE) { - next_state_ = STATE_INIT_ENTRY; + TransitionToState(STATE_INIT_ENTRY); return OK; } @@ -1017,30 +1016,31 @@ int HttpCache::Transaction::DoOpenEntryComplete(int result) { (request_->method == "HEAD" && mode_ == READ_WRITE)) { DCHECK(mode_ == READ_WRITE || mode_ == WRITE || request_->method == "HEAD"); mode_ = NONE; - next_state_ = STATE_SEND_REQUEST; + TransitionToState(STATE_SEND_REQUEST); return OK; } if (mode_ == READ_WRITE) { mode_ = WRITE; - next_state_ = STATE_CREATE_ENTRY; + TransitionToState(STATE_CREATE_ENTRY); return OK; } if (mode_ == UPDATE) { // There is no cache entry to update; proceed without caching. mode_ = NONE; - next_state_ = STATE_SEND_REQUEST; + TransitionToState(STATE_SEND_REQUEST); return OK; } // The entry does not exist, and we are not permitted to create a new entry, // so we must fail. + TransitionToState(STATE_NONE); return ERR_CACHE_MISS; } int HttpCache::Transaction::DoDoomEntry() { TRACE_EVENT0("io", "HttpCacheTransaction::DoDoomEntry"); - next_state_ = STATE_DOOM_ENTRY_COMPLETE; + TransitionToState(STATE_DOOM_ENTRY_COMPLETE); cache_pending_ = true; if (first_cache_access_since_.is_null()) first_cache_access_since_ = TimeTicks::Now(); @@ -1052,17 +1052,16 @@ int HttpCache::Transaction::DoDoomEntryComplete(int result) { TRACE_EVENT0("io", "HttpCacheTransaction::DoDoomEntryComplete"); net_log_.EndEventWithNetErrorCode(NetLogEventType::HTTP_CACHE_DOOM_ENTRY, result); - next_state_ = STATE_CREATE_ENTRY; cache_pending_ = false; - if (result == ERR_CACHE_RACE) - next_state_ = STATE_INIT_ENTRY; + TransitionToState(result == ERR_CACHE_RACE ? STATE_INIT_ENTRY + : STATE_CREATE_ENTRY); return OK; } int HttpCache::Transaction::DoCreateEntry() { TRACE_EVENT0("io", "HttpCacheTransaction::DoCreateEntry"); DCHECK(!new_entry_); - next_state_ = STATE_CREATE_ENTRY_COMPLETE; + TransitionToState(STATE_CREATE_ENTRY_COMPLETE); cache_pending_ = true; net_log_.BeginEvent(NetLogEventType::HTTP_CACHE_CREATE_ENTRY); return cache_->CreateEntry(cache_key_, &new_entry_, this); @@ -1078,11 +1077,11 @@ int HttpCache::Transaction::DoCreateEntryComplete(int result) { cache_pending_ = false; switch (result) { case OK: - next_state_ = STATE_ADD_TO_ENTRY; + TransitionToState(STATE_ADD_TO_ENTRY); break; case ERR_CACHE_RACE: - next_state_ = STATE_INIT_ENTRY; + TransitionToState(STATE_INIT_ENTRY); break; default: @@ -1094,7 +1093,7 @@ int HttpCache::Transaction::DoCreateEntryComplete(int result) { mode_ = NONE; if (partial_) partial_->RestoreHeaders(&custom_request_->extra_headers); - next_state_ = STATE_SEND_REQUEST; + TransitionToState(STATE_SEND_REQUEST); } return OK; } @@ -1103,14 +1102,17 @@ int HttpCache::Transaction::DoAddToEntry() { TRACE_EVENT0("io", "HttpCacheTransaction::DoAddToEntry"); DCHECK(new_entry_); cache_pending_ = true; - next_state_ = STATE_ADD_TO_ENTRY_COMPLETE; + TransitionToState(STATE_ADD_TO_ENTRY_COMPLETE); net_log_.BeginEvent(NetLogEventType::HTTP_CACHE_ADD_TO_ENTRY); DCHECK(entry_lock_waiting_since_.is_null()); entry_lock_waiting_since_ = TimeTicks::Now(); int rv = cache_->AddTransactionToEntry(new_entry_, this); if (rv == ERR_IO_PENDING) { if (bypass_lock_for_test_) { - OnAddToEntryTimeout(entry_lock_waiting_since_); + base::ThreadTaskRunnerHandle::Get()->PostTask( + FROM_HERE, + base::Bind(&HttpCache::Transaction::OnAddToEntryTimeout, + weak_factory_.GetWeakPtr(), entry_lock_waiting_since_)); } else { int timeout_milliseconds = 20 * 1000; if (partial_ && new_entry_->writer && @@ -1160,17 +1162,19 @@ int HttpCache::Transaction::DoAddToEntryComplete(int result) { new_entry_ = NULL; if (result == ERR_CACHE_RACE) { - next_state_ = STATE_INIT_ENTRY; + TransitionToState(STATE_INIT_ENTRY); return OK; } if (result == ERR_CACHE_LOCK_TIMEOUT) { - if (mode_ == READ) + if (mode_ == READ) { + TransitionToState(STATE_NONE); return ERR_CACHE_MISS; + } // The cache is busy, bypass it for this transaction. mode_ = NONE; - next_state_ = STATE_SEND_REQUEST; + TransitionToState(STATE_SEND_REQUEST); if (partial_) { partial_->RestoreHeaders(&custom_request_->extra_headers); partial_.reset(); @@ -1180,19 +1184,21 @@ int HttpCache::Transaction::DoAddToEntryComplete(int result) { open_entry_last_used_ = entry_->disk_entry->GetLastUsed(); + // TODO(jkarlin): We should either handle the case or DCHECK. if (result != OK) { NOTREACHED(); + TransitionToState(STATE_NONE); return result; } if (mode_ == WRITE) { if (partial_) partial_->RestoreHeaders(&custom_request_->extra_headers); - next_state_ = STATE_SEND_REQUEST; + TransitionToState(STATE_SEND_REQUEST); } else { // We have to read the headers from the cached entry. DCHECK(mode_ & READ_META); - next_state_ = STATE_CACHE_READ_RESPONSE; + TransitionToState(STATE_CACHE_READ_RESPONSE); } return OK; } @@ -1200,7 +1206,7 @@ int HttpCache::Transaction::DoAddToEntryComplete(int result) { int HttpCache::Transaction::DoCacheReadResponse() { TRACE_EVENT0("io", "HttpCacheTransaction::DoCacheReadResponse"); DCHECK(entry_); - next_state_ = STATE_CACHE_READ_RESPONSE_COMPLETE; + TransitionToState(STATE_CACHE_READ_RESPONSE_COMPLETE); io_buf_len_ = entry_->disk_entry->GetDataSize(kResponseInfoIndex); read_buf_ = new IOBuffer(io_buf_len_); @@ -1241,7 +1247,7 @@ int HttpCache::Transaction::DoCacheReadResponseComplete(int result) { // will fall back to the network after the timeout. DCHECK(!partial_); mode_ = NONE; - next_state_ = STATE_SEND_REQUEST; + TransitionToState(STATE_SEND_REQUEST); return OK; } @@ -1250,11 +1256,11 @@ int HttpCache::Transaction::DoCacheReadResponseComplete(int result) { // Either this is the first use of an entry since it was prefetched XOR // this is a prefetch. The value of response.unused_since_prefetch is // valid for this transaction but the bit needs to be flipped in storage. - next_state_ = STATE_TOGGLE_UNUSED_SINCE_PREFETCH; + TransitionToState(STATE_TOGGLE_UNUSED_SINCE_PREFETCH); return OK; } - next_state_ = STATE_CACHE_DISPATCH_VALIDATION; + TransitionToState(STATE_CACHE_DISPATCH_VALIDATION); return OK; } @@ -1267,7 +1273,7 @@ int HttpCache::Transaction::DoCacheToggleUnusedSincePrefetch() { // transaction then metadata will be written to cache twice. If prefetching // becomes more common, consider combining the writes. - next_state_ = STATE_TOGGLE_UNUSED_SINCE_PREFETCH_COMPLETE; + TransitionToState(STATE_TOGGLE_UNUSED_SINCE_PREFETCH_COMPLETE); return WriteResponseInfoToEntry(false); } @@ -1278,7 +1284,7 @@ int HttpCache::Transaction::DoCacheToggleUnusedSincePrefetchComplete( "HttpCacheTransaction::DoCacheToggleUnusedSincePrefetchComplete"); // Restore the original value for this transaction. response_.unused_since_prefetch = !response_.unused_since_prefetch; - next_state_ = STATE_CACHE_DISPATCH_VALIDATION; + TransitionToState(STATE_CACHE_DISPATCH_VALIDATION); return OnWriteResponseInfoToEntryComplete(result); } @@ -1317,24 +1323,28 @@ int HttpCache::Transaction::DoCacheDispatchValidation() { } int HttpCache::Transaction::DoCacheQueryData() { - next_state_ = STATE_CACHE_QUERY_DATA_COMPLETE; + TransitionToState(STATE_CACHE_QUERY_DATA_COMPLETE); return entry_->disk_entry->ReadyForSparseIO(io_callback_); } int HttpCache::Transaction::DoCacheQueryDataComplete(int result) { DCHECK_EQ(OK, result); - if (!cache_.get()) + if (!cache_.get()) { + TransitionToState(STATE_NONE); return ERR_UNEXPECTED; + } return ValidateEntryHeadersAndContinue(); } // We may end up here multiple times for a given request. int HttpCache::Transaction::DoStartPartialCacheValidation() { - if (mode_ == NONE) + if (mode_ == NONE) { + TransitionToState(STATE_NONE); return OK; + } - next_state_ = STATE_COMPLETE_PARTIAL_CACHE_VALIDATION; + TransitionToState(STATE_COMPLETE_PARTIAL_CACHE_VALIDATION); return partial_->ShouldValidateCache(entry_->disk_entry, io_callback_); } @@ -1347,17 +1357,20 @@ int HttpCache::Transaction::DoCompletePartialCacheValidation(int result) { cache_->DoneReadingFromEntry(entry_, this); entry_ = NULL; } + TransitionToState(STATE_NONE); return result; } - if (result < 0) + if (result < 0) { + TransitionToState(STATE_NONE); return result; + } partial_->PrepareCacheValidation(entry_->disk_entry, &custom_request_->extra_headers); if (reading_ && partial_->IsCurrentRangeCached()) { - next_state_ = STATE_CACHE_READ_DATA; + TransitionToState(STATE_CACHE_READ_DATA); return OK; } @@ -1374,8 +1387,10 @@ int HttpCache::Transaction::DoSendRequest() { // Create a network transaction. int rv = cache_->network_layer_->CreateTransaction(priority_, &network_trans_); - if (rv != OK) + if (rv != OK) { + TransitionToState(STATE_NONE); return rv; + } network_trans_->SetBeforeNetworkStartCallback(before_network_start_callback_); network_trans_->SetBeforeHeadersSentCallback(before_headers_sent_callback_); @@ -1387,15 +1402,17 @@ int HttpCache::Transaction::DoSendRequest() { network_trans_->SetWebSocketHandshakeStreamCreateHelper( websocket_handshake_stream_base_create_helper_); - next_state_ = STATE_SEND_REQUEST_COMPLETE; + TransitionToState(STATE_SEND_REQUEST_COMPLETE); rv = network_trans_->Start(request_, io_callback_, net_log_); return rv; } int HttpCache::Transaction::DoSendRequestComplete(int result) { TRACE_EVENT0("io", "HttpCacheTransaction::DoSendRequestComplete"); - if (!cache_.get()) + if (!cache_.get()) { + TransitionToState(STATE_NONE); return ERR_UNEXPECTED; + } // If we tried to conditionalize the request and failed, we know // we won't be reading from the cache after this point. @@ -1403,7 +1420,7 @@ int HttpCache::Transaction::DoSendRequestComplete(int result) { mode_ = WRITE; if (result == OK) { - next_state_ = STATE_SUCCESSFUL_SEND_REQUEST; + TransitionToState(STATE_SUCCESSFUL_SEND_REQUEST); return OK; } @@ -1424,6 +1441,7 @@ int HttpCache::Transaction::DoSendRequestComplete(int result) { DoneWritingToEntry(true); } + TransitionToState(STATE_NONE); return result; } @@ -1436,15 +1454,17 @@ int HttpCache::Transaction::DoSuccessfulSendRequest() { if (new_response->headers->response_code() == 401 || new_response->headers->response_code() == 407) { SetAuthResponse(*new_response); - if (!reading_) + if (!reading_) { + TransitionToState(STATE_NONE); return OK; + } // We initiated a second request the caller doesn't know about. We should be // able to authenticate this request because we should have authenticated // this URL moments ago. if (IsReadyToRestartForAuth()) { DCHECK(!response_.auth_challenge.get()); - next_state_ = STATE_SEND_REQUEST_COMPLETE; + TransitionToState(STATE_SEND_REQUEST_COMPLETE); // In theory we should check to see if there are new cookies, but there // is no way to do that from here. return network_trans_->RestartWithAuth(AuthCredentials(), io_callback_); @@ -1460,6 +1480,7 @@ int HttpCache::Transaction::DoSuccessfulSendRequest() { mode_ = NONE; partial_.reset(); ResetNetworkTransaction(); + TransitionToState(STATE_NONE); return ERR_CACHE_AUTH_FAILURE_AFTER_READ; } @@ -1474,7 +1495,7 @@ int HttpCache::Transaction::DoSuccessfulSendRequest() { SetResponse(HttpResponseInfo()); ResetNetworkTransaction(); new_response_ = NULL; - next_state_ = STATE_SEND_REQUEST; + TransitionToState(STATE_SEND_REQUEST); return OK; } @@ -1515,6 +1536,7 @@ int HttpCache::Transaction::DoSuccessfulSendRequest() { (request_->method == "GET" || request_->method == "POST")) { // If there is an active entry it may be destroyed with this transaction. SetResponse(*new_response_); + TransitionToState(STATE_NONE); return OK; } @@ -1522,21 +1544,20 @@ int HttpCache::Transaction::DoSuccessfulSendRequest() { if (mode_ == READ_WRITE || mode_ == UPDATE) { if (new_response->headers->response_code() == 304 || handling_206_) { UpdateCacheEntryStatus(CacheEntryStatus::ENTRY_VALIDATED); - next_state_ = STATE_UPDATE_CACHED_RESPONSE; + TransitionToState(STATE_UPDATE_CACHED_RESPONSE); return OK; } UpdateCacheEntryStatus(CacheEntryStatus::ENTRY_UPDATED); mode_ = WRITE; } - next_state_ = STATE_OVERWRITE_CACHED_RESPONSE; + TransitionToState(STATE_OVERWRITE_CACHED_RESPONSE); return OK; } // We received 304 or 206 and we want to update the cached response headers. int HttpCache::Transaction::DoUpdateCachedResponse() { TRACE_EVENT0("io", "HttpCacheTransaction::DoUpdateCachedResponse"); - next_state_ = STATE_UPDATE_CACHED_RESPONSE_COMPLETE; int rv = OK; // Update the cached response based on the headers and properties of // new_response_. @@ -1561,28 +1582,32 @@ int HttpCache::Transaction::DoUpdateCachedResponse() { int ret = cache_->DoomEntry(cache_key_, NULL); DCHECK_EQ(OK, ret); } + TransitionToState(STATE_UPDATE_CACHED_RESPONSE_COMPLETE); } else { // If we are already reading, we already updated the headers for this // request; doing it again will change Content-Length. if (!reading_) { - next_state_ = STATE_CACHE_WRITE_UPDATED_RESPONSE; + TransitionToState(STATE_CACHE_WRITE_UPDATED_RESPONSE); rv = OK; + } else { + TransitionToState(STATE_UPDATE_CACHED_RESPONSE_COMPLETE); } } + return rv; } int HttpCache::Transaction::DoCacheWriteUpdatedResponse() { TRACE_EVENT0("io", "HttpCacheTransaction::DoCacheWriteUpdatedResponse"); - next_state_ = STATE_CACHE_WRITE_UPDATED_RESPONSE_COMPLETE; + TransitionToState(STATE_CACHE_WRITE_UPDATED_RESPONSE_COMPLETE); return WriteResponseInfoToEntry(false); } int HttpCache::Transaction::DoCacheWriteUpdatedResponseComplete(int result) { TRACE_EVENT0("io", "HttpCacheTransaction::DoCacheWriteUpdatedResponseComplete"); - next_state_ = STATE_UPDATE_CACHED_RESPONSE_COMPLETE; + TransitionToState(STATE_UPDATE_CACHED_RESPONSE_COMPLETE); return OnWriteResponseInfoToEntryComplete(result); } @@ -1611,18 +1636,18 @@ int HttpCache::Transaction::DoUpdateCachedResponseComplete(int result) { // the first part to the user. ResetNetworkTransaction(); new_response_ = NULL; - next_state_ = STATE_START_PARTIAL_CACHE_VALIDATION; + TransitionToState(STATE_START_PARTIAL_CACHE_VALIDATION); partial_->SetRangeToStartDownload(); return OK; } - next_state_ = STATE_OVERWRITE_CACHED_RESPONSE; + TransitionToState(STATE_OVERWRITE_CACHED_RESPONSE); return OK; } int HttpCache::Transaction::DoOverwriteCachedResponse() { TRACE_EVENT0("io", "HttpCacheTransaction::DoOverwriteCachedResponse"); if (mode_ & READ) { - next_state_ = STATE_PARTIAL_HEADERS_RECEIVED; + TransitionToState(STATE_PARTIAL_HEADERS_RECEIVED); return OK; } @@ -1637,6 +1662,7 @@ int HttpCache::Transaction::DoOverwriteCachedResponse() { DoneWritingToEntry(false); mode_ = NONE; new_response_ = NULL; + TransitionToState(STATE_NONE); return OK; } @@ -1646,29 +1672,29 @@ int HttpCache::Transaction::DoOverwriteCachedResponse() { DoneWritingToEntry(false); if (partial_) partial_->FixResponseHeaders(response_.headers.get(), true); - next_state_ = STATE_PARTIAL_HEADERS_RECEIVED; + TransitionToState(STATE_PARTIAL_HEADERS_RECEIVED); return OK; } - next_state_ = STATE_CACHE_WRITE_RESPONSE; + TransitionToState(STATE_CACHE_WRITE_RESPONSE); return OK; } int HttpCache::Transaction::DoCacheWriteResponse() { TRACE_EVENT0("io", "HttpCacheTransaction::DoCacheWriteResponse"); - next_state_ = STATE_CACHE_WRITE_RESPONSE_COMPLETE; + TransitionToState(STATE_CACHE_WRITE_RESPONSE_COMPLETE); return WriteResponseInfoToEntry(truncated_); } int HttpCache::Transaction::DoCacheWriteResponseComplete(int result) { TRACE_EVENT0("io", "HttpCacheTransaction::DoCacheWriteResponseComplete"); - next_state_ = STATE_TRUNCATE_CACHED_DATA; + TransitionToState(STATE_TRUNCATE_CACHED_DATA); return OnWriteResponseInfoToEntryComplete(result); } int HttpCache::Transaction::DoTruncateCachedData() { TRACE_EVENT0("io", "HttpCacheTransaction::DoTruncateCachedData"); - next_state_ = STATE_TRUNCATE_CACHED_DATA_COMPLETE; + TransitionToState(STATE_TRUNCATE_CACHED_DATA_COMPLETE); if (!entry_) return OK; if (net_log_.IsCapturing()) @@ -1686,13 +1712,13 @@ int HttpCache::Transaction::DoTruncateCachedDataComplete(int result) { } } - next_state_ = STATE_TRUNCATE_CACHED_METADATA; + TransitionToState(STATE_TRUNCATE_CACHED_METADATA); return OK; } int HttpCache::Transaction::DoTruncateCachedMetadata() { TRACE_EVENT0("io", "HttpCacheTransaction::DoTruncateCachedMetadata"); - next_state_ = STATE_TRUNCATE_CACHED_METADATA_COMPLETE; + TransitionToState(STATE_TRUNCATE_CACHED_METADATA_COMPLETE); if (!entry_) return OK; @@ -1710,28 +1736,34 @@ int HttpCache::Transaction::DoTruncateCachedMetadataComplete(int result) { } } - next_state_ = STATE_PARTIAL_HEADERS_RECEIVED; + TransitionToState(STATE_PARTIAL_HEADERS_RECEIVED); return OK; } int HttpCache::Transaction::DoPartialHeadersReceived() { new_response_ = NULL; - if (entry_ && !partial_ && entry_->disk_entry->GetDataSize(kMetadataIndex)) - next_state_ = STATE_CACHE_READ_METADATA; - if (!partial_) + if (!partial_) { + if (entry_ && entry_->disk_entry->GetDataSize(kMetadataIndex)) + TransitionToState(STATE_CACHE_READ_METADATA); + else + TransitionToState(STATE_NONE); return OK; + } if (reading_) { if (network_trans_.get()) { - next_state_ = STATE_NETWORK_READ; + TransitionToState(STATE_NETWORK_READ); } else { - next_state_ = STATE_CACHE_READ_DATA; + TransitionToState(STATE_CACHE_READ_DATA); } } else if (mode_ != NONE) { // We are about to return the headers for a byte-range request to the user, // so let's fix them. partial_->FixResponseHeaders(response_.headers.get(), true); + TransitionToState(STATE_NONE); + } else { + TransitionToState(STATE_NONE); } return OK; } @@ -1740,7 +1772,7 @@ int HttpCache::Transaction::DoCacheReadMetadata() { TRACE_EVENT0("io", "HttpCacheTransaction::DoCacheReadMetadata"); DCHECK(entry_); DCHECK(!response_.metadata.get()); - next_state_ = STATE_CACHE_READ_METADATA_COMPLETE; + TransitionToState(STATE_CACHE_READ_METADATA_COMPLETE); response_.metadata = new IOBufferWithSize(entry_->disk_entry->GetDataSize(kMetadataIndex)); @@ -1758,12 +1790,13 @@ int HttpCache::Transaction::DoCacheReadMetadataComplete(int result) { result); if (result != response_.metadata->size()) return OnCacheReadError(result, false); + TransitionToState(STATE_NONE); return OK; } int HttpCache::Transaction::DoNetworkRead() { TRACE_EVENT0("io", "HttpCacheTransaction::DoNetworkRead"); - next_state_ = STATE_NETWORK_READ_COMPLETE; + TransitionToState(STATE_NETWORK_READ_COMPLETE); return network_trans_->Read(read_buf_.get(), io_buf_len_, io_callback_); } @@ -1771,25 +1804,32 @@ int HttpCache::Transaction::DoNetworkReadComplete(int result) { TRACE_EVENT0("io", "HttpCacheTransaction::DoNetworkReadComplete"); DCHECK(mode_ & WRITE || mode_ == NONE); - if (!cache_.get()) + if (!cache_.get()) { + TransitionToState(STATE_NONE); return ERR_UNEXPECTED; + } // If there is an error or we aren't saving the data, we are done; just wait // until the destructor runs to see if we can keep the data. - if (mode_ == NONE || result < 0) + if (mode_ == NONE || result < 0) { + TransitionToState(STATE_NONE); return result; + } - next_state_ = STATE_CACHE_WRITE_DATA; + TransitionToState(STATE_CACHE_WRITE_DATA); return result; } int HttpCache::Transaction::DoCacheReadData() { TRACE_EVENT0("io", "HttpCacheTransaction::DoCacheReadData"); - if (request_->method == "HEAD") + + if (request_->method == "HEAD") { + TransitionToState(STATE_NONE); return 0; + } DCHECK(entry_); - next_state_ = STATE_CACHE_READ_DATA_COMPLETE; + TransitionToState(STATE_CACHE_READ_DATA_COMPLETE); if (net_log_.IsCapturing()) net_log_.BeginEvent(NetLogEventType::HTTP_CACHE_READ_DATA); @@ -1810,8 +1850,10 @@ int HttpCache::Transaction::DoCacheReadDataComplete(int result) { result); } - if (!cache_.get()) + if (!cache_.get()) { + TransitionToState(STATE_NONE); return ERR_UNEXPECTED; + } if (partial_) { // Partial requests are confusing to report in histograms because they may @@ -1829,12 +1871,14 @@ int HttpCache::Transaction::DoCacheReadDataComplete(int result) { } else { return OnCacheReadError(result, false); } + + TransitionToState(STATE_NONE); return result; } int HttpCache::Transaction::DoCacheWriteData(int num_bytes) { TRACE_EVENT0("io", "HttpCacheTransaction::DoCacheWriteData"); - next_state_ = STATE_CACHE_WRITE_DATA_COMPLETE; + TransitionToState(STATE_CACHE_WRITE_DATA_COMPLETE); write_len_ = num_bytes; if (entry_) { if (net_log_.IsCapturing()) @@ -1857,8 +1901,10 @@ int HttpCache::Transaction::DoCacheWriteDataComplete(int result) { result); } } - if (!cache_.get()) + if (!cache_.get()) { + TransitionToState(STATE_NONE); return ERR_UNEXPECTED; + } if (result != write_len_) { DLOG(ERROR) << "failed to write response data to cache"; @@ -1891,18 +1937,20 @@ int HttpCache::Transaction::DoCacheWriteDataComplete(int result) { } } + TransitionToState(STATE_NONE); return result; } int HttpCache::Transaction::DoCacheWriteTruncatedResponse() { TRACE_EVENT0("io", "HttpCacheTransaction::DoCacheWriteTruncatedResponse"); - next_state_ = STATE_CACHE_WRITE_TRUNCATED_RESPONSE_COMPLETE; + TransitionToState(STATE_CACHE_WRITE_TRUNCATED_RESPONSE_COMPLETE); return WriteResponseInfoToEntry(true); } int HttpCache::Transaction::DoCacheWriteTruncatedResponseComplete(int result) { TRACE_EVENT0("io", "HttpCacheTransaction::DoCacheWriteTruncatedResponse"); + TransitionToState(STATE_NONE); return OnWriteResponseInfoToEntryComplete(result); } @@ -2036,23 +2084,31 @@ bool HttpCache::Transaction::ShouldPassThrough() { int HttpCache::Transaction::BeginCacheRead() { // We don't support any combination of LOAD_ONLY_FROM_CACHE and byte ranges. + // TODO(jkarlin): Either handle this case or DCHECK. if (response_.headers->response_code() == 206 || partial_) { NOTREACHED(); + TransitionToState(STATE_NONE); return ERR_CACHE_MISS; } // We don't have the whole resource. - if (truncated_) + if (truncated_) { + TransitionToState(STATE_NONE); return ERR_CACHE_MISS; + } - if (RequiresValidation() != VALIDATION_NONE) + if (RequiresValidation()) { + TransitionToState(STATE_NONE); return ERR_CACHE_MISS; + } if (request_->method == "HEAD") FixHeadersForHead(); if (entry_->disk_entry->GetDataSize(kMetadataIndex)) - next_state_ = STATE_CACHE_READ_METADATA; + TransitionToState(STATE_CACHE_READ_METADATA); + else + TransitionToState(STATE_NONE); return OK; } @@ -2060,16 +2116,7 @@ int HttpCache::Transaction::BeginCacheRead() { int HttpCache::Transaction::BeginCacheValidation() { DCHECK_EQ(mode_, READ_WRITE); - ValidationType required_validation = RequiresValidation(); - - bool skip_validation = (required_validation == VALIDATION_NONE); - - if ((effective_load_flags_ & LOAD_SUPPORT_ASYNC_REVALIDATION) && - required_validation == VALIDATION_ASYNCHRONOUS) { - DCHECK_EQ(request_->method, "GET"); - skip_validation = true; - response_.async_revalidation_required = true; - } + bool skip_validation = !RequiresValidation(); if (request_->method == "HEAD" && (truncated_ || response_.headers->response_code() == 206)) { @@ -2078,7 +2125,7 @@ int HttpCache::Transaction::BeginCacheValidation() { return SetupEntryForRead(); // Bail out! - next_state_ = STATE_SEND_REQUEST; + TransitionToState(STATE_SEND_REQUEST); mode_ = NONE; return OK; } @@ -2116,7 +2163,7 @@ int HttpCache::Transaction::BeginCacheValidation() { DCHECK_NE(206, response_.headers->response_code()); } - next_state_ = STATE_SEND_REQUEST; + TransitionToState(STATE_SEND_REQUEST); } return OK; } @@ -2143,7 +2190,7 @@ int HttpCache::Transaction::BeginPartialCacheValidation() { } } - next_state_ = STATE_CACHE_QUERY_DATA; + TransitionToState(STATE_CACHE_QUERY_DATA); return OK; } @@ -2164,7 +2211,7 @@ int HttpCache::Transaction::ValidateEntryHeadersAndContinue() { invalid_range_ = true; } - next_state_ = STATE_START_PARTIAL_CACHE_VALIDATION; + TransitionToState(STATE_START_PARTIAL_CACHE_VALIDATION); return OK; } @@ -2191,23 +2238,7 @@ int HttpCache::Transaction::BeginExternallyConditionalizedRequest() { } } - // TODO(ricea): This calculation is expensive to perform just to collect - // statistics. Either remove it or use the result, depending on the result of - // the experiment. - ExternallyConditionalizedType type = - EXTERNALLY_CONDITIONALIZED_CACHE_USABLE; - if (mode_ == NONE) - type = EXTERNALLY_CONDITIONALIZED_MISMATCHED_VALIDATORS; - else if (RequiresValidation() != VALIDATION_NONE) - type = EXTERNALLY_CONDITIONALIZED_CACHE_REQUIRES_VALIDATION; - - // TODO(ricea): Add CACHE_USABLE_STALE once stale-while-revalidate CL landed. - // TODO(ricea): Either remove this histogram or make it permanent by M40. - UMA_HISTOGRAM_ENUMERATION("HttpCache.ExternallyConditionalized", - type, - EXTERNALLY_CONDITIONALIZED_MAX); - - next_state_ = STATE_SEND_REQUEST; + TransitionToState(STATE_SEND_REQUEST); return OK; } @@ -2251,7 +2282,7 @@ int HttpCache::Transaction::RestartNetworkRequestWithAuth( return rv; } -ValidationType HttpCache::Transaction::RequiresValidation() { +bool HttpCache::Transaction::RequiresValidation() { // TODO(darin): need to do more work here: // - make sure we have a matching request method // - watch out for cached responses that depend on authentication @@ -2262,11 +2293,11 @@ ValidationType HttpCache::Transaction::RequiresValidation() { *response_.headers.get())) { vary_mismatch_ = true; validation_cause_ = VALIDATION_CAUSE_VARY_MISMATCH; - return VALIDATION_SYNCHRONOUS; + return true; } if (effective_load_flags_ & LOAD_SKIP_CACHE_VALIDATION) - return VALIDATION_NONE; + return false; if (response_.unused_since_prefetch && !(effective_load_flags_ & LOAD_PREFETCH) && @@ -2275,23 +2306,21 @@ ValidationType HttpCache::Transaction::RequiresValidation() { cache_->clock_->Now()) < TimeDelta::FromMinutes(kPrefetchReuseMins)) { // The first use of a resource after prefetch within a short window skips // validation. - return VALIDATION_NONE; + return false; } if (effective_load_flags_ & LOAD_VALIDATE_CACHE) { validation_cause_ = VALIDATION_CAUSE_VALIDATE_FLAG; - return VALIDATION_SYNCHRONOUS; + return true; } if (request_->method == "PUT" || request_->method == "DELETE") - return VALIDATION_SYNCHRONOUS; + return true; - ValidationType validation_required_by_headers = - response_.headers->RequiresValidation(response_.request_time, - response_.response_time, - cache_->clock_->Now()); + bool validation_required_by_headers = response_.headers->RequiresValidation( + response_.request_time, response_.response_time, cache_->clock_->Now()); - if (validation_required_by_headers != VALIDATION_NONE) { + if (validation_required_by_headers) { HttpResponseHeaders::FreshnessLifetimes lifetimes = response_.headers->GetFreshnessLifetimes(response_.response_time); if (lifetimes.freshness == base::TimeDelta()) { @@ -2305,12 +2334,6 @@ ValidationType HttpCache::Transaction::RequiresValidation() { } } - if (validation_required_by_headers == VALIDATION_ASYNCHRONOUS) { - // Asynchronous revalidation is only supported for GET methods. - if (request_->method != "GET") - return VALIDATION_SYNCHRONOUS; - } - return validation_required_by_headers; } @@ -2358,26 +2381,6 @@ bool HttpCache::Transaction::ConditionalizeRequest() { bool use_if_range = partial_ && !partial_->IsCurrentRangeCached() && !invalid_range_; - if (!use_if_range) { - // stale-while-revalidate is not useful when we only have a partial response - // cached, so don't set the header in that case. - HttpResponseHeaders::FreshnessLifetimes lifetimes = - response_.headers->GetFreshnessLifetimes(response_.response_time); - if (lifetimes.staleness > TimeDelta()) { - TimeDelta current_age = response_.headers->GetCurrentAge( - response_.request_time, response_.response_time, - cache_->clock_->Now()); - - custom_request_->extra_headers.SetHeader( - kFreshnessHeader, - base::StringPrintf("max-age=%" PRId64 - ",stale-while-revalidate=%" PRId64 ",age=%" PRId64, - lifetimes.freshness.InSeconds(), - lifetimes.staleness.InSeconds(), - current_age.InSeconds())); - } - } - if (!etag_value.empty()) { if (use_if_range) { // We don't want to switch to WRITE mode if we don't have this block of a @@ -2559,7 +2562,7 @@ int HttpCache::Transaction::SetupEntryForRead() { if (truncated_ || is_sparse_ || !invalid_range_) { // We are going to return the saved response headers to the caller, so // we may need to adjust them first. - next_state_ = STATE_PARTIAL_HEADERS_RECEIVED; + TransitionToState(STATE_PARTIAL_HEADERS_RECEIVED); return OK; } else { partial_.reset(); @@ -2572,7 +2575,9 @@ int HttpCache::Transaction::SetupEntryForRead() { FixHeadersForHead(); if (entry_->disk_entry->GetDataSize(kMetadataIndex)) - next_state_ = STATE_CACHE_READ_METADATA; + TransitionToState(STATE_CACHE_READ_METADATA); + else + TransitionToState(STATE_NONE); return OK; } @@ -2678,10 +2683,11 @@ int HttpCache::Transaction::OnCacheReadError(int result, bool restart) { entry_ = NULL; is_sparse_ = false; partial_.reset(); - next_state_ = STATE_GET_BACKEND; + TransitionToState(STATE_GET_BACKEND); return OK; } + TransitionToState(STATE_NONE); return ERR_CACHE_READ_FAILURE; } @@ -2716,7 +2722,9 @@ int HttpCache::Transaction::DoPartialNetworkReadCompleted(int result) { if (result == 0) { // We need to move on to the next range. ResetNetworkTransaction(); - next_state_ = STATE_START_PARTIAL_CACHE_VALIDATION; + TransitionToState(STATE_START_PARTIAL_CACHE_VALIDATION); + } else { + TransitionToState(STATE_NONE); } return result; } @@ -2726,9 +2734,11 @@ int HttpCache::Transaction::DoPartialCacheReadCompleted(int result) { if (result == 0 && mode_ == READ_WRITE) { // We need to move on to the next range. - next_state_ = STATE_START_PARTIAL_CACHE_VALIDATION; + TransitionToState(STATE_START_PARTIAL_CACHE_VALIDATION); } else if (result < 0) { return OnCacheReadError(result, false); + } else { + TransitionToState(STATE_NONE); } return result; } @@ -2741,7 +2751,7 @@ int HttpCache::Transaction::DoRestartPartialRequest() { // to Doom the entry again). mode_ = WRITE; ResetPartialState(!range_requested_); - next_state_ = STATE_CREATE_ENTRY; + TransitionToState(STATE_CREATE_ENTRY); return OK; } @@ -3006,4 +3016,11 @@ void HttpCache::Transaction::OnIOComplete(int result) { DoLoop(result); } +void HttpCache::Transaction::TransitionToState(State state) { + // Ensure that the state is only set once per Do* state. + DCHECK(in_do_loop_); + DCHECK_EQ(STATE_UNSET, next_state_) << "Next state is " << state; + next_state_ = state; +} + } // namespace net diff --git a/chromium/net/http/http_cache_transaction.h b/chromium/net/http/http_cache_transaction.h index 2d249c1eda0..51c0db70256 100644 --- a/chromium/net/http/http_cache_transaction.h +++ b/chromium/net/http/http_cache_transaction.h @@ -179,6 +179,8 @@ class HttpCache::Transaction : public HttpTransaction { }; enum State { + STATE_UNSET, + // Normally, states are traversed in approximately this order. STATE_NONE, STATE_GET_BACKEND, @@ -336,9 +338,8 @@ class HttpCache::Transaction : public HttpTransaction { // Returns network error code. int RestartNetworkRequestWithAuth(const AuthCredentials& credentials); - // Called to determine if we need to validate the cache entry before using it, - // and whether the validation should be synchronous or asynchronous. - ValidationType RequiresValidation(); + // Called to determine if we need to validate the cache entry before using it. + bool RequiresValidation(); // Called to make the request conditional (to ask the server if the cached // copy is valid). Returns true if able to make the request conditional. @@ -432,6 +433,10 @@ class HttpCache::Transaction : public HttpTransaction { // Called to signal completion of asynchronous IO. void OnIOComplete(int result); + // When in a DoLoop, use this to set the next state as it verifies that the + // state isn't set twice. + void TransitionToState(State state); + State next_state_; const HttpRequestInfo* request_; RequestPriority priority_; @@ -506,6 +511,9 @@ class HttpCache::Transaction : public HttpTransaction { BeforeNetworkStartCallback before_network_start_callback_; BeforeHeadersSentCallback before_headers_sent_callback_; + // True if the Transaction is currently processing the DoLoop. + bool in_do_loop_; + base::WeakPtrFactory<Transaction> weak_factory_; DISALLOW_COPY_AND_ASSIGN(Transaction); diff --git a/chromium/net/http/http_cache_unittest.cc b/chromium/net/http/http_cache_unittest.cc index 71509a421e2..ca9c5d9f61a 100644 --- a/chromium/net/http/http_cache_unittest.cc +++ b/chromium/net/http/http_cache_unittest.cc @@ -18,6 +18,7 @@ #include "base/memory/ptr_util.h" #include "base/message_loop/message_loop.h" #include "base/run_loop.h" +#include "base/stl_util.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" @@ -649,9 +650,7 @@ bool ShouldIgnoreLogEntry(const TestNetLogEntry& entry) { // Modifies |entries| to only include log entries created by the cache layer and // asserted on in these tests. void FilterLogEntries(TestNetLogEntry::List* entries) { - entries->erase(std::remove_if(entries->begin(), entries->end(), - &ShouldIgnoreLogEntry), - entries->end()); + base::EraseIf(*entries, ShouldIgnoreLogEntry); } bool LogContainsEventType(const BoundTestNetLog& log, @@ -7945,149 +7944,6 @@ TEST_F(HttpCachePrefetchValidationTest, ValidateOnDelayedSecondPrefetch) { EXPECT_FALSE(TransactionRequiredNetwork(LOAD_NORMAL)); } -static void CheckResourceFreshnessHeader(const HttpRequestInfo* request, - std::string* response_status, - std::string* response_headers, - std::string* response_data) { - std::string value; - EXPECT_TRUE(request->extra_headers.GetHeader("Resource-Freshness", &value)); - EXPECT_EQ("max-age=3600,stale-while-revalidate=7200,age=10801", value); -} - -// Verify that the Resource-Freshness header is sent on a revalidation if the -// stale-while-revalidate directive was on the response. -TEST(HttpCache, ResourceFreshnessHeaderSent) { - MockHttpCache cache; - - ScopedMockTransaction stale_while_revalidate_transaction( - kSimpleGET_Transaction); - stale_while_revalidate_transaction.response_headers = - "Last-Modified: Sat, 18 Apr 2007 01:10:43 GMT\n" - "Age: 10801\n" - "Cache-Control: max-age=3600,stale-while-revalidate=7200\n"; - - // Write to the cache. - RunTransactionTest(cache.http_cache(), stale_while_revalidate_transaction); - - EXPECT_EQ(1, cache.network_layer()->transaction_count()); - - // Send the request again and check that Resource-Freshness header is added. - stale_while_revalidate_transaction.handler = CheckResourceFreshnessHeader; - - RunTransactionTest(cache.http_cache(), stale_while_revalidate_transaction); - - EXPECT_EQ(2, cache.network_layer()->transaction_count()); -} - -static void CheckResourceFreshnessAbsent(const HttpRequestInfo* request, - std::string* response_status, - std::string* response_headers, - std::string* response_data) { - EXPECT_FALSE(request->extra_headers.HasHeader("Resource-Freshness")); -} - -// Verify that the Resource-Freshness header is not sent when -// stale-while-revalidate is 0. -TEST(HttpCache, ResourceFreshnessHeaderNotSent) { - MockHttpCache cache; - - ScopedMockTransaction stale_while_revalidate_transaction( - kSimpleGET_Transaction); - stale_while_revalidate_transaction.response_headers = - "Last-Modified: Sat, 18 Apr 2007 01:10:43 GMT\n" - "Age: 10801\n" - "Cache-Control: max-age=3600,stale-while-revalidate=0\n"; - - // Write to the cache. - RunTransactionTest(cache.http_cache(), stale_while_revalidate_transaction); - - EXPECT_EQ(1, cache.network_layer()->transaction_count()); - - // Send the request again and check that Resource-Freshness header is absent. - stale_while_revalidate_transaction.handler = CheckResourceFreshnessAbsent; - - RunTransactionTest(cache.http_cache(), stale_while_revalidate_transaction); - - EXPECT_EQ(2, cache.network_layer()->transaction_count()); -} - -TEST(HttpCache, StaleContentNotUsedWhenLoadFlagNotSet) { - MockHttpCache cache; - - ScopedMockTransaction stale_while_revalidate_transaction( - kSimpleGET_Transaction); - - stale_while_revalidate_transaction.response_headers = - "Last-Modified: Sat, 18 Apr 2007 01:10:43 GMT\n" - "Age: 10801\n" - "Cache-Control: max-age=0,stale-while-revalidate=86400\n"; - - // Write to the cache. - RunTransactionTest(cache.http_cache(), stale_while_revalidate_transaction); - - EXPECT_EQ(1, cache.network_layer()->transaction_count()); - - // Send the request again and check that it is sent to the network again. - HttpResponseInfo response_info; - RunTransactionTestWithResponseInfo( - cache.http_cache(), stale_while_revalidate_transaction, &response_info); - - EXPECT_EQ(2, cache.network_layer()->transaction_count()); - EXPECT_FALSE(response_info.async_revalidation_required); -} - -TEST(HttpCache, StaleContentUsedWhenLoadFlagSetAndUsable) { - MockHttpCache cache; - - ScopedMockTransaction stale_while_revalidate_transaction( - kSimpleGET_Transaction); - stale_while_revalidate_transaction.load_flags |= - LOAD_SUPPORT_ASYNC_REVALIDATION; - stale_while_revalidate_transaction.response_headers = - "Last-Modified: Sat, 18 Apr 2007 01:10:43 GMT\n" - "Age: 10801\n" - "Cache-Control: max-age=0,stale-while-revalidate=86400\n"; - - // Write to the cache. - RunTransactionTest(cache.http_cache(), stale_while_revalidate_transaction); - - EXPECT_EQ(1, cache.network_layer()->transaction_count()); - - // Send the request again and check that it is not sent to the network again. - HttpResponseInfo response_info; - RunTransactionTestWithResponseInfo( - cache.http_cache(), stale_while_revalidate_transaction, &response_info); - - EXPECT_EQ(1, cache.network_layer()->transaction_count()); - EXPECT_TRUE(response_info.async_revalidation_required); -} - -TEST(HttpCache, StaleContentNotUsedWhenUnusable) { - MockHttpCache cache; - - ScopedMockTransaction stale_while_revalidate_transaction( - kSimpleGET_Transaction); - stale_while_revalidate_transaction.load_flags |= - LOAD_SUPPORT_ASYNC_REVALIDATION; - stale_while_revalidate_transaction.response_headers = - "Last-Modified: Sat, 18 Apr 2007 01:10:43 GMT\n" - "Age: 10801\n" - "Cache-Control: max-age=0,stale-while-revalidate=1800\n"; - - // Write to the cache. - RunTransactionTest(cache.http_cache(), stale_while_revalidate_transaction); - - EXPECT_EQ(1, cache.network_layer()->transaction_count()); - - // Send the request again and check that it is sent to the network again. - HttpResponseInfo response_info; - RunTransactionTestWithResponseInfo( - cache.http_cache(), stale_while_revalidate_transaction, &response_info); - - EXPECT_EQ(2, cache.network_layer()->transaction_count()); - EXPECT_FALSE(response_info.async_revalidation_required); -} - // Tests that we allow multiple simultaneous, non-overlapping transactions to // take place on a sparse entry. TEST(HttpCache, RangeGET_MultipleRequests) { @@ -8387,13 +8243,14 @@ TEST_P(HttpCacheMemoryDumpTest, DumpMemoryStats) { std::unique_ptr<base::trace_event::ProcessMemoryDump> process_memory_dump( new base::trace_event::ProcessMemoryDump(nullptr, dump_args)); base::trace_event::MemoryAllocatorDump* parent_dump = - process_memory_dump->CreateAllocatorDump("net/url_request_context_0x123"); + process_memory_dump->CreateAllocatorDump( + "net/url_request_context/main/0x123"); cache.http_cache()->DumpMemoryStats(process_memory_dump.get(), parent_dump->absolute_name()); const base::trace_event::MemoryAllocatorDump* dump = process_memory_dump->GetAllocatorDump( - "net/url_request_context_0x123/http_cache"); + "net/url_request_context/main/0x123/http_cache"); ASSERT_NE(nullptr, dump); std::unique_ptr<base::Value> raw_attrs = dump->attributes_for_testing()->ToBaseValue(); diff --git a/chromium/net/http/http_log_util.cc b/chromium/net/http/http_log_util.cc index f92d3eee9e7..37aea039607 100644 --- a/chromium/net/http/http_log_util.cc +++ b/chromium/net/http/http_log_util.cc @@ -4,14 +4,10 @@ #include "net/http/http_log_util.h" -#include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" -#include "base/values.h" #include "net/http/http_auth_challenge_tokenizer.h" #include "net/http/http_auth_scheme.h" -#include "net/http/http_util.h" -#include "net/log/net_log_capture_mode.h" namespace net { @@ -77,30 +73,4 @@ std::string ElideHeaderValueForNetLog(NetLogCaptureMode capture_mode, std::string(redact_end, value.end()); } -std::string ElideGoAwayDebugDataForNetLog(NetLogCaptureMode capture_mode, - base::StringPiece debug_data) { - // Note: this logic should be kept in sync with stripGoAwayDebugData in - // chrome/browser/resources/net_internals/log_view_painter.js. - if (capture_mode.include_cookies_and_credentials()) { - return debug_data.as_string(); - } - - return std::string("[") + base::SizeTToString(debug_data.size()) + - std::string(" bytes were stripped]"); -} - -std::unique_ptr<base::ListValue> ElideSpdyHeaderBlockForNetLog( - const SpdyHeaderBlock& headers, - NetLogCaptureMode capture_mode) { - std::unique_ptr<base::ListValue> headers_list(new base::ListValue()); - for (SpdyHeaderBlock::const_iterator it = headers.begin(); - it != headers.end(); ++it) { - headers_list->AppendString( - it->first.as_string() + ": " + - ElideHeaderValueForNetLog(capture_mode, it->first.as_string(), - it->second.as_string())); - } - return headers_list; -} - } // namespace net diff --git a/chromium/net/http/http_log_util.h b/chromium/net/http/http_log_util.h index ead8e7b1bb1..15a58f7f0b6 100644 --- a/chromium/net/http/http_log_util.h +++ b/chromium/net/http/http_log_util.h @@ -7,18 +7,11 @@ #include <string> -#include "base/strings/string_piece.h" #include "net/base/net_export.h" -#include "net/spdy/spdy_header_block.h" - -namespace base { -class ListValue; -} // namespace base +#include "net/log/net_log_capture_mode.h" namespace net { -class NetLogCaptureMode; - // Given an HTTP header |header| with value |value|, returns the elided version // of the header value at |log_level|. NET_EXPORT_PRIVATE std::string ElideHeaderValueForNetLog( @@ -26,17 +19,6 @@ NET_EXPORT_PRIVATE std::string ElideHeaderValueForNetLog( const std::string& header, const std::string& value); -// Given an HTTP/2 GOAWAY frame |debug_data|, returns the elided version -// according to |capture_mode|. -NET_EXPORT_PRIVATE std::string ElideGoAwayDebugDataForNetLog( - NetLogCaptureMode capture_mode, - base::StringPiece debug_data); - -// Given a SpdyHeaderBlock, return its base::ListValue representation. -std::unique_ptr<base::ListValue> ElideSpdyHeaderBlockForNetLog( - const SpdyHeaderBlock& headers, - NetLogCaptureMode capture_mode); - } // namespace net #endif // NET_HTTP_HTTP_LOG_UTIL_H_ diff --git a/chromium/net/http/http_log_util_unittest.cc b/chromium/net/http/http_log_util_unittest.cc index 5905f973c98..9b6ec8f8646 100644 --- a/chromium/net/http/http_log_util_unittest.cc +++ b/chromium/net/http/http_log_util_unittest.cc @@ -4,7 +4,6 @@ #include "net/http/http_log_util.h" -#include "net/log/net_log_capture_mode.h" #include "testing/gtest/include/gtest/gtest.h" namespace net { @@ -70,14 +69,4 @@ TEST(HttpLogUtilTest, ElideHeaderValueForNetLog) { "WWW-Authenticate", "NTLM 1234 ")); } -TEST(HttpLogUtilTest, ElideGoAwayDebugDataForNetLog) { - // Only elide for appropriate log level. - EXPECT_EQ( - "[6 bytes were stripped]", - ElideGoAwayDebugDataForNetLog(NetLogCaptureMode::Default(), "foobar")); - EXPECT_EQ("foobar", - ElideGoAwayDebugDataForNetLog( - NetLogCaptureMode::IncludeCookiesAndCredentials(), "foobar")); -} - -} // namspace net +} // namespace net diff --git a/chromium/net/http/http_network_session.cc b/chromium/net/http/http_network_session.cc index b57653a3b77..4b7bcd3fe3c 100644 --- a/chromium/net/http/http_network_session.cc +++ b/chromium/net/http/http_network_session.cc @@ -126,7 +126,8 @@ HttpNetworkSession::Params::Params() enable_http2_alternative_service_with_different_host(false), enable_quic_alternative_service_with_different_host(true), enable_quic(false), - disable_quic_on_timeout_with_open_streams(false), + mark_quic_broken_when_network_blackholes(false), + retry_without_alt_svc_on_quic_errors(false), quic_always_require_handshake_confirmation(false), quic_disable_connection_pooling(false), quic_load_server_info_timeout_srtt_multiplier(0.25f), @@ -210,7 +211,7 @@ HttpNetworkSession::HttpNetworkSession(const Params& params) params.quic_delay_tcp_race, params.quic_max_server_configs_stored_in_properties, params.quic_close_sessions_on_ip_change, - params.disable_quic_on_timeout_with_open_streams, + params.mark_quic_broken_when_network_blackholes, params.quic_idle_connection_timeout_seconds, params.quic_reduced_ping_timeout_seconds, params.quic_packet_reader_yield_after_duration_milliseconds, @@ -358,9 +359,6 @@ std::unique_ptr<base::Value> HttpNetworkSession::QuicInfoToValue() const { params_.quic_packet_reader_yield_after_duration_milliseconds); dict->SetBoolean("disable_preconnect_if_0rtt", params_.quic_disable_preconnect_if_0rtt); - dict->SetBoolean("disable_quic_on_timeout_with_open_streams", - params_.disable_quic_on_timeout_with_open_streams); - dict->SetBoolean("is_quic_disabled", quic_stream_factory_.IsQuicDisabled()); dict->SetBoolean("force_hol_blocking", params_.quic_force_hol_blocking); dict->SetBoolean("race_cert_verification", params_.quic_race_cert_verification); diff --git a/chromium/net/http/http_network_session.h b/chromium/net/http/http_network_session.h index b0ed8c0c0df..afa78179b24 100644 --- a/chromium/net/http/http_network_session.h +++ b/chromium/net/http/http_network_session.h @@ -119,8 +119,12 @@ class NET_EXPORT HttpNetworkSession // Enables QUIC support. bool enable_quic; - // Disable QUIC if a connection times out with open streams. - bool disable_quic_on_timeout_with_open_streams; + // Marks a QUIC server broken when a connection blackholes after the + // handshake is confirmed. + bool mark_quic_broken_when_network_blackholes; + // Retry requests which fail with QUIC_PROTOCOL_ERROR, and mark QUIC + // broken if the retry succeeds. + bool retry_without_alt_svc_on_quic_errors; // Disables QUIC's 0-RTT behavior. bool quic_always_require_handshake_confirmation; // Disables QUIC connection pooling. diff --git a/chromium/net/http/http_network_transaction.cc b/chromium/net/http/http_network_transaction.cc index a5395d758bc..6aebf9b8416 100644 --- a/chromium/net/http/http_network_transaction.cc +++ b/chromium/net/http/http_network_transaction.cc @@ -32,6 +32,7 @@ #include "net/base/net_errors.h" #include "net/base/upload_data_stream.h" #include "net/base/url_util.h" +#include "net/filter/filter_source_stream.h" #include "net/http/http_auth.h" #include "net/http/http_auth_handler.h" #include "net/http/http_auth_handler_factory.h" @@ -100,9 +101,10 @@ HttpNetworkTransaction::HttpNetworkTransaction(RequestPriority priority, total_sent_bytes_(0), next_state_(STATE_NONE), establishing_tunnel_(false), + enable_ip_based_pooling_(true), + enable_alternative_services_(true), websocket_handshake_stream_base_create_helper_(NULL), - net_error_details_() { -} + net_error_details_() {} HttpNetworkTransaction::~HttpNetworkTransaction() { if (stream_.get()) { @@ -545,6 +547,12 @@ void HttpNetworkTransaction::OnNeedsProxyAuth( establishing_tunnel_ = true; response_.headers = proxy_response.headers; response_.auth_challenge = proxy_response.auth_challenge; + + if (response_.headers.get() && !ContentEncodingsValid()) { + DoCallback(ERR_CONTENT_DECODING_FAILED); + return; + } + headers_valid_ = true; server_ssl_config_ = used_ssl_config; proxy_info_ = used_proxy_info; @@ -843,26 +851,23 @@ int HttpNetworkTransaction::DoCreateStream() { response_.network_accessed = true; next_state_ = STATE_CREATE_STREAM_COMPLETE; + // IP based pooling is only enabled on a retry after 421 Misdirected Request + // is received. Alternative Services are also disabled in this case (though + // they can also be disabled when retrying after a QUIC error). + if (!enable_ip_based_pooling_) + DCHECK(!enable_alternative_services_); if (ForWebSocketHandshake()) { stream_request_.reset( session_->http_stream_factory_for_websocket() ->RequestWebSocketHandshakeStream( - *request_, - priority_, - server_ssl_config_, - proxy_ssl_config_, - this, - websocket_handshake_stream_base_create_helper_, - net_log_)); + *request_, priority_, server_ssl_config_, proxy_ssl_config_, + this, websocket_handshake_stream_base_create_helper_, + enable_ip_based_pooling_, enable_alternative_services_, + net_log_)); } else { - stream_request_.reset( - session_->http_stream_factory()->RequestStream( - *request_, - priority_, - server_ssl_config_, - proxy_ssl_config_, - this, - net_log_)); + stream_request_.reset(session_->http_stream_factory()->RequestStream( + *request_, priority_, server_ssl_config_, proxy_ssl_config_, this, + enable_ip_based_pooling_, enable_alternative_services_, net_log_)); } DCHECK(stream_request_.get()); return ERR_IO_PENDING; @@ -1246,6 +1251,9 @@ int HttpNetworkTransaction::DoReadHeadersComplete(int result) { DCHECK(response_.headers.get()); + if (response_.headers.get() && !ContentEncodingsValid()) + return ERR_CONTENT_DECODING_FAILED; + // On a 408 response from the server ("Request Timeout") on a stale socket, // retry the request. // Headers can be NULL because of http://crbug.com/384554. @@ -1292,6 +1300,10 @@ int HttpNetworkTransaction::DoReadHeadersComplete(int result) { return OK; } + if (response_.headers->response_code() == 421) { + return HandleIOError(ERR_MISDIRECTED_REQUEST); + } + if (IsSecureRequest()) { session_->http_stream_factory()->ProcessAlternativeServices( session_, response_.headers.get(), url::SchemeHostPort(request_->url)); @@ -1346,6 +1358,14 @@ int HttpNetworkTransaction::DoReadBodyComplete(int result) { // again in ~HttpNetworkTransaction. Clean that up. // The next Read call will return 0 (EOF). + + // This transaction was successful. If it had been retried because of an + // error with an alternative service, mark that alternative service broken. + if (!enable_alternative_services_ && + retried_alternative_service_.protocol != kProtoUnknown) { + session_->http_server_properties()->MarkAlternativeServiceBroken( + retried_alternative_service_); + } } // Clear these to avoid leaving around old state. @@ -1546,6 +1566,48 @@ int HttpNetworkTransaction::HandleIOError(int error) { ResetConnectionAndRequestForResend(); error = OK; break; + case ERR_QUIC_PROTOCOL_ERROR: + if (GetResponseHeaders() != nullptr || + !stream_->GetAlternativeService(&retried_alternative_service_)) { + // If the response headers have already been recieved and passed up + // then the request can not be retried. Also, if there was no + // alternative service used for this request, then there is no + // alternative service to be disabled. + break; + } + if (session_->http_server_properties()->IsAlternativeServiceBroken( + retried_alternative_service_)) { + // If the alternative service was marked as broken while the request + // was in flight, retry the request which will not use the broken + // alternative service. + net_log_.AddEventWithNetErrorCode( + NetLogEventType::HTTP_TRANSACTION_RESTART_AFTER_ERROR, error); + ResetConnectionAndRequestForResend(); + error = OK; + } else if (session_->params().retry_without_alt_svc_on_quic_errors) { + // Disable alternative services for this request and retry it. If the + // retry succeeds, then the alternative service will be marked as + // broken then. + enable_alternative_services_ = false; + net_log_.AddEventWithNetErrorCode( + NetLogEventType::HTTP_TRANSACTION_RESTART_AFTER_ERROR, error); + ResetConnectionAndRequestForResend(); + error = OK; + } + break; + case ERR_MISDIRECTED_REQUEST: + // If this is the second try, just give up. + if (!enable_ip_based_pooling_ && !enable_alternative_services_) + return OK; + // Otherwise retry the request with both IP based pooling + // and Alternative Services disabled. + enable_ip_based_pooling_ = false; + enable_alternative_services_ = false; + net_log_.AddEventWithNetErrorCode( + NetLogEventType::HTTP_TRANSACTION_RESTART_AFTER_ERROR, error); + ResetConnectionAndRequestForResend(); + error = OK; + break; } return error; } @@ -1711,4 +1773,56 @@ void HttpNetworkTransaction::CopyConnectionAttemptsFromStreamRequest() { connection_attempts_.push_back(attempt); } +bool HttpNetworkTransaction::ContentEncodingsValid() const { + HttpResponseHeaders* headers = GetResponseHeaders(); + DCHECK(headers); + + std::string accept_encoding; + request_headers_.GetHeader(HttpRequestHeaders::kAcceptEncoding, + &accept_encoding); + std::set<std::string> allowed_encodings; + if (!HttpUtil::ParseAcceptEncoding(accept_encoding, &allowed_encodings)) { + FilterSourceStream::ReportContentDecodingFailed(SourceStream::TYPE_INVALID); + return false; + } + + std::string content_encoding; + headers->GetNormalizedHeader("Content-Encoding", &content_encoding); + std::set<std::string> used_encodings; + if (!HttpUtil::ParseContentEncoding(content_encoding, &used_encodings)) { + FilterSourceStream::ReportContentDecodingFailed(SourceStream::TYPE_INVALID); + return false; + } + + // When "Accept-Encoding" is not specified, it is parsed as "*". + // If "*" encoding is advertised, then any encoding should be "accepted". + // This does not mean, that it will be successfully decoded. + if (allowed_encodings.find("*") != allowed_encodings.end()) + return true; + + bool result = true; + for (auto const& encoding : used_encodings) { + SourceStream::SourceType source_type = + FilterSourceStream::ParseEncodingType(encoding); + // We don't reject encodings we are not aware. They just will not decode. + if (source_type == SourceStream::TYPE_UNKNOWN) + continue; + if (allowed_encodings.find(encoding) == allowed_encodings.end()) { + FilterSourceStream::ReportContentDecodingFailed( + SourceStream::TYPE_REJECTED); + result = false; + break; + } + } + + // Temporary workaround for http://crbug.com/714514 + if (headers->IsRedirect(nullptr)) { + UMA_HISTOGRAM_BOOLEAN("Net.RedirectWithUnadvertisedContentEncoding", + !result); + return true; + } + + return result; +} + } // namespace net diff --git a/chromium/net/http/http_network_transaction.h b/chromium/net/http/http_network_transaction.h index 9d9a5629882..6aa35e4d6e5 100644 --- a/chromium/net/http/http_network_transaction.h +++ b/chromium/net/http/http_network_transaction.h @@ -296,6 +296,10 @@ class NET_EXPORT_PRIVATE HttpNetworkTransaction void CopyConnectionAttemptsFromStreamRequest(); + // Returns true if response "Content-Encoding" headers respect + // "Accept-Encoding". + bool ContentEncodingsValid() const; + scoped_refptr<HttpAuthController> auth_controllers_[HttpAuth::AUTH_NUM_TARGETS]; @@ -369,6 +373,17 @@ class NET_EXPORT_PRIVATE HttpNetworkTransaction // read from the socket until the tunnel is done. bool establishing_tunnel_; + // Enable pooling to a SpdySession with matching IP and certificate + // even if the SpdySessionKey is different. + bool enable_ip_based_pooling_; + + // Enable using alternative services for the request. + bool enable_alternative_services_; + + // When a request is retried because of errors with the alternative service, + // this will store the alternative service used. + AlternativeService retried_alternative_service_; + // The helper object to use to create WebSocketHandshakeStreamBase // objects. Only relevant when establishing a WebSocket connection. WebSocketHandshakeStreamBase::CreateHelper* diff --git a/chromium/net/http/http_network_transaction_unittest.cc b/chromium/net/http/http_network_transaction_unittest.cc index c7a93f09db4..3960170ba47 100644 --- a/chromium/net/http/http_network_transaction_unittest.cc +++ b/chromium/net/http/http_network_transaction_unittest.cc @@ -684,6 +684,7 @@ class CaptureGroupNameSocketPool : public ParentPool { std::unique_ptr<StreamSocket> socket, int id) override {} void CloseIdleSockets() override {} + void CloseIdleSocketsInGroup(const std::string& group_name) override {} int IdleSocketCount() const override { return 0; } int IdleSocketCountInGroup(const std::string& group_name) const override { return 0; @@ -9812,8 +9813,9 @@ TEST_F(HttpNetworkTransactionTest, UploadUnreadableFile) { base::FilePath temp_file; ASSERT_TRUE(base::CreateTemporaryFile(&temp_file)); std::string temp_file_content("Unreadable file."); - ASSERT_TRUE(base::WriteFile(temp_file, temp_file_content.c_str(), - temp_file_content.length())); + ASSERT_EQ(static_cast<int>(temp_file_content.length()), + base::WriteFile(temp_file, temp_file_content.c_str(), + temp_file_content.length())); ASSERT_TRUE(base::MakeFileUnreadable(temp_file)); std::vector<std::unique_ptr<UploadElementReader>> element_readers; @@ -13593,6 +13595,137 @@ TEST_F(HttpNetworkTransactionTest, UseIPConnectionPoolingAfterResolution) { EXPECT_EQ("hello!", response_data); } +// Regression test for https://crbug.com/546991. +// The server might not be able to serve an IP pooled request, and might send a +// 421 Misdirected Request response status to indicate this. +// HttpNetworkTransaction should reset the request and retry without IP pooling. +TEST_F(HttpNetworkTransactionTest, RetryWithoutConnectionPooling) { + // Two hosts resolve to the same IP address. + const std::string ip_addr = "1.2.3.4"; + IPAddress ip; + ASSERT_TRUE(ip.AssignFromIPLiteral(ip_addr)); + IPEndPoint peer_addr = IPEndPoint(ip, 443); + + session_deps_.host_resolver.reset(new MockCachingHostResolver()); + session_deps_.host_resolver->rules()->AddRule("www.example.org", ip_addr); + session_deps_.host_resolver->rules()->AddRule("mail.example.org", ip_addr); + + std::unique_ptr<HttpNetworkSession> session(CreateSession(&session_deps_)); + + // Two requests on the first connection. + SpdySerializedFrame req1( + spdy_util_.ConstructSpdyGet("https://www.example.org", 1, LOWEST)); + spdy_util_.UpdateWithStreamDestruction(1); + SpdySerializedFrame req2( + spdy_util_.ConstructSpdyGet("https://mail.example.org", 3, LOWEST)); + SpdySerializedFrame rst( + spdy_util_.ConstructSpdyRstStream(3, ERROR_CODE_CANCEL)); + MockWrite writes1[] = { + CreateMockWrite(req1, 0), CreateMockWrite(req2, 3), + CreateMockWrite(rst, 6), + }; + + // The first one succeeds, the second gets error 421 Misdirected Request. + SpdySerializedFrame resp1(spdy_util_.ConstructSpdyGetReply(nullptr, 0, 1)); + SpdySerializedFrame body1(spdy_util_.ConstructSpdyDataFrame(1, true)); + SpdyHeaderBlock response_headers; + response_headers[SpdyTestUtil::GetStatusKey()] = "421"; + SpdySerializedFrame resp2( + spdy_util_.ConstructSpdyReply(3, std::move(response_headers))); + MockRead reads1[] = {CreateMockRead(resp1, 1), CreateMockRead(body1, 2), + CreateMockRead(resp2, 4), MockRead(ASYNC, 0, 5)}; + + MockConnect connect1(ASYNC, OK, peer_addr); + SequencedSocketData data1(connect1, reads1, arraysize(reads1), writes1, + arraysize(writes1)); + session_deps_.socket_factory->AddSocketDataProvider(&data1); + + AddSSLSocketData(); + + // Retry the second request on a second connection. + SpdyTestUtil spdy_util2; + SpdySerializedFrame req3( + spdy_util2.ConstructSpdyGet("https://mail.example.org", 1, LOWEST)); + MockWrite writes2[] = { + CreateMockWrite(req3, 0), + }; + + SpdySerializedFrame resp3(spdy_util2.ConstructSpdyGetReply(nullptr, 0, 1)); + SpdySerializedFrame body3(spdy_util2.ConstructSpdyDataFrame(1, true)); + MockRead reads2[] = {CreateMockRead(resp3, 1), CreateMockRead(body3, 2), + MockRead(ASYNC, 0, 3)}; + + MockConnect connect2(ASYNC, OK, peer_addr); + SequencedSocketData data2(connect2, reads2, arraysize(reads2), writes2, + arraysize(writes2)); + session_deps_.socket_factory->AddSocketDataProvider(&data2); + + AddSSLSocketData(); + + // Preload mail.example.org into HostCache. + HostPortPair host_port("mail.example.org", 443); + HostResolver::RequestInfo resolve_info(host_port); + AddressList ignored; + std::unique_ptr<HostResolver::Request> request; + TestCompletionCallback callback; + int rv = session_deps_.host_resolver->Resolve(resolve_info, DEFAULT_PRIORITY, + &ignored, callback.callback(), + &request, NetLogWithSource()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + rv = callback.WaitForResult(); + EXPECT_THAT(rv, IsOk()); + + HttpRequestInfo request1; + request1.method = "GET"; + request1.url = GURL("https://www.example.org/"); + request1.load_flags = 0; + HttpNetworkTransaction trans1(DEFAULT_PRIORITY, session.get()); + + rv = trans1.Start(&request1, callback.callback(), NetLogWithSource()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + rv = callback.WaitForResult(); + EXPECT_THAT(rv, IsOk()); + + const HttpResponseInfo* response = trans1.GetResponseInfo(); + ASSERT_TRUE(response); + ASSERT_TRUE(response->headers); + EXPECT_EQ("HTTP/1.1 200", response->headers->GetStatusLine()); + EXPECT_TRUE(response->was_fetched_via_spdy); + EXPECT_TRUE(response->was_alpn_negotiated); + std::string response_data; + ASSERT_THAT(ReadTransaction(&trans1, &response_data), IsOk()); + EXPECT_EQ("hello!", response_data); + + HttpRequestInfo request2; + request2.method = "GET"; + request2.url = GURL("https://mail.example.org/"); + request2.load_flags = 0; + HttpNetworkTransaction trans2(DEFAULT_PRIORITY, session.get()); + + BoundTestNetLog log; + rv = trans2.Start(&request2, callback.callback(), log.bound()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + rv = callback.WaitForResult(); + EXPECT_THAT(rv, IsOk()); + + response = trans2.GetResponseInfo(); + ASSERT_TRUE(response); + ASSERT_TRUE(response->headers); + EXPECT_EQ("HTTP/1.1 200", response->headers->GetStatusLine()); + EXPECT_TRUE(response->was_fetched_via_spdy); + EXPECT_TRUE(response->was_alpn_negotiated); + ASSERT_THAT(ReadTransaction(&trans2, &response_data), IsOk()); + EXPECT_EQ("hello!", response_data); + + TestNetLogEntry::List entries; + log.GetEntries(&entries); + size_t pos = ExpectLogContainsSomewhere( + entries, 0, NetLogEventType::HTTP_TRANSACTION_RESTART_AFTER_ERROR, + NetLogEventPhase::NONE); + EXPECT_TRUE(entries[pos].GetIntegerValue("net_error", &rv)); + EXPECT_THAT(rv, IsError(ERR_MISDIRECTED_REQUEST)); +} + class OneTimeCachingHostResolver : public HostResolver { public: explicit OneTimeCachingHostResolver(const HostPortPair& host_port) @@ -14837,6 +14970,12 @@ class FakeStream : public HttpStream, return false; } + bool GetAlternativeService( + AlternativeService* alternative_service) const override { + ADD_FAILURE(); + return false; + } + void GetSSLInfo(SSLInfo* ssl_info) override { ADD_FAILURE(); } void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info) override { @@ -14952,6 +15091,8 @@ class FakeStreamFactory : public HttpStreamFactory { const SSLConfig& server_ssl_config, const SSLConfig& proxy_ssl_config, HttpStreamRequest::Delegate* delegate, + bool enable_ip_based_pooling, + bool enable_alternative_services, const NetLogWithSource& net_log) override { FakeStreamRequest* fake_request = new FakeStreamRequest(priority, delegate); last_stream_request_ = fake_request->AsWeakPtr(); @@ -14964,6 +15105,8 @@ class FakeStreamFactory : public HttpStreamFactory { const SSLConfig& server_ssl_config, const SSLConfig& proxy_ssl_config, HttpStreamRequest::Delegate* delegate, + bool enable_ip_based_pooling, + bool enable_alternative_services, const NetLogWithSource& net_log) override { NOTREACHED(); return nullptr; @@ -14976,6 +15119,8 @@ class FakeStreamFactory : public HttpStreamFactory { const SSLConfig& proxy_ssl_config, HttpStreamRequest::Delegate* delegate, WebSocketHandshakeStreamBase::CreateHelper* create_helper, + bool enable_ip_based_pooling, + bool enable_alternative_services, const NetLogWithSource& net_log) override { FakeStreamRequest* fake_request = new FakeStreamRequest(priority, delegate, create_helper); @@ -15077,6 +15222,12 @@ class FakeWebSocketBasicHandshakeStream : public WebSocketHandshakeStreamBase { return false; } + bool GetAlternativeService( + AlternativeService* alternative_service) const override { + ADD_FAILURE(); + return false; + } + void GetSSLInfo(SSLInfo* ssl_info) override {} void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info) override { @@ -16524,4 +16675,77 @@ TEST_F(HttpNetworkTransactionTest, TokenBindingSpdy) { } #endif // !defined(OS_IOS) +void CheckContentEncodingMatching(SpdySessionDependencies* session_deps, + const std::string& accept_encoding, + const std::string& content_encoding, + const std::string& location, + bool should_match) { + HttpRequestInfo request; + request.method = "GET"; + request.url = GURL("http://www.foo.com/"); + request.extra_headers.SetHeader(HttpRequestHeaders::kAcceptEncoding, + accept_encoding); + + std::unique_ptr<HttpNetworkSession> session(CreateSession(session_deps)); + HttpNetworkTransaction trans(DEFAULT_PRIORITY, session.get()); + // Send headers successfully, but get an error while sending the body. + MockWrite data_writes[] = { + MockWrite("GET / HTTP/1.1\r\n" + "Host: www.foo.com\r\n" + "Connection: keep-alive\r\n" + "Accept-Encoding: "), + MockWrite(accept_encoding.data()), MockWrite("\r\n\r\n"), + }; + + std::string response_code = "200 OK"; + std::string extra; + if (!location.empty()) { + response_code = "301 Redirect\r\nLocation: "; + response_code.append(location); + } + + MockRead data_reads[] = { + MockRead("HTTP/1.0 "), + MockRead(response_code.data()), + MockRead("\r\nContent-Encoding: "), + MockRead(content_encoding.data()), + MockRead("\r\n\r\n"), + MockRead(SYNCHRONOUS, OK), + }; + StaticSocketDataProvider data(data_reads, arraysize(data_reads), data_writes, + arraysize(data_writes)); + session_deps->socket_factory->AddSocketDataProvider(&data); + + TestCompletionCallback callback; + + int rv = trans.Start(&request, callback.callback(), NetLogWithSource()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + + rv = callback.WaitForResult(); + if (should_match) { + EXPECT_THAT(rv, IsOk()); + } else { + EXPECT_THAT(rv, IsError(ERR_CONTENT_DECODING_FAILED)); + } +} + +TEST_F(HttpNetworkTransactionTest, MatchContentEncoding1) { + CheckContentEncodingMatching(&session_deps_, "gzip,sdch", "br", "", false); +} + +TEST_F(HttpNetworkTransactionTest, MatchContentEncoding2) { + CheckContentEncodingMatching(&session_deps_, "identity;q=1, *;q=0", "", "", + true); +} + +TEST_F(HttpNetworkTransactionTest, MatchContentEncoding3) { + CheckContentEncodingMatching(&session_deps_, "identity;q=1, *;q=0", "gzip", + "", false); +} + +TEST_F(HttpNetworkTransactionTest, MatchContentEncoding4) { + CheckContentEncodingMatching(&session_deps_, "identity;q=1, *;q=0", "gzip", + "www.foo.com/other", true); +} + } // namespace net diff --git a/chromium/net/http/http_proxy_client_socket_pool.cc b/chromium/net/http/http_proxy_client_socket_pool.cc index b83e9249ecf..bda4e95b500 100644 --- a/chromium/net/http/http_proxy_client_socket_pool.cc +++ b/chromium/net/http/http_proxy_client_socket_pool.cc @@ -266,6 +266,11 @@ void HttpProxyClientSocketPool::CloseIdleSockets() { base_.CloseIdleSockets(); } +void HttpProxyClientSocketPool::CloseIdleSocketsInGroup( + const std::string& group_name) { + base_.CloseIdleSocketsInGroup(group_name); +} + int HttpProxyClientSocketPool::IdleSocketCount() const { return base_.idle_socket_count(); } diff --git a/chromium/net/http/http_proxy_client_socket_pool.h b/chromium/net/http/http_proxy_client_socket_pool.h index a16702d65ff..27fc44474f0 100644 --- a/chromium/net/http/http_proxy_client_socket_pool.h +++ b/chromium/net/http/http_proxy_client_socket_pool.h @@ -176,6 +176,8 @@ class NET_EXPORT_PRIVATE HttpProxyClientSocketPool void CloseIdleSockets() override; + void CloseIdleSocketsInGroup(const std::string& group_name) override; + int IdleSocketCount() const override; int IdleSocketCountInGroup(const std::string& group_name) const override; diff --git a/chromium/net/http/http_proxy_client_socket_pool_unittest.cc b/chromium/net/http/http_proxy_client_socket_pool_unittest.cc index d782c703493..ab6ef810b07 100644 --- a/chromium/net/http/http_proxy_client_socket_pool_unittest.cc +++ b/chromium/net/http/http_proxy_client_socket_pool_unittest.cc @@ -10,6 +10,7 @@ #include "base/compiler_specific.h" #include "base/strings/string_util.h" #include "base/strings/utf_string_conversions.h" +#include "base/test/histogram_tester.h" #include "net/base/net_errors.h" #include "net/base/proxy_delegate.h" #include "net/base/test_completion_callback.h" @@ -191,6 +192,8 @@ class HttpProxyClientSocketPoolTest return transport_socket_pool_.last_request_priority(); } + const base::HistogramTester& histogram_tester() { return histogram_tester_; } + private: SpdySessionDependencies session_deps_; @@ -201,6 +204,8 @@ class HttpProxyClientSocketPoolTest std::unique_ptr<HttpNetworkSession> session_; + base::HistogramTester histogram_tester_; + protected: SpdyTestUtil spdy_util_; std::unique_ptr<SSLSocketDataProvider> ssl_data_; @@ -230,6 +235,12 @@ TEST_P(HttpProxyClientSocketPoolTest, NoTunnel) { EXPECT_FALSE(proxy_delegate->on_before_tunnel_request_called()); EXPECT_FALSE(proxy_delegate->on_tunnel_headers_received_called()); EXPECT_TRUE(proxy_delegate->on_tunnel_request_completed_called()); + + bool is_secure_proxy = GetParam() == HTTPS || GetParam() == SPDY; + histogram_tester().ExpectTotalCount( + "Net.HttpProxy.ConnectLatency.Insecure.Success", is_secure_proxy ? 0 : 1); + histogram_tester().ExpectTotalCount( + "Net.HttpProxy.ConnectLatency.Secure.Success", is_secure_proxy ? 1 : 0); } // Make sure that HttpProxyConnectJob passes on its priority to its @@ -440,6 +451,12 @@ TEST_P(HttpProxyClientSocketPoolTest, TCPError) { EXPECT_FALSE(handle_.is_initialized()); EXPECT_FALSE(handle_.socket()); + + bool is_secure_proxy = GetParam() == HTTPS; + histogram_tester().ExpectTotalCount( + "Net.HttpProxy.ConnectLatency.Insecure.Error", is_secure_proxy ? 0 : 1); + histogram_tester().ExpectTotalCount( + "Net.HttpProxy.ConnectLatency.Secure.Error", is_secure_proxy ? 1 : 0); } TEST_P(HttpProxyClientSocketPoolTest, SSLError) { @@ -468,6 +485,10 @@ TEST_P(HttpProxyClientSocketPoolTest, SSLError) { EXPECT_FALSE(handle_.is_initialized()); EXPECT_FALSE(handle_.socket()); + histogram_tester().ExpectTotalCount( + "Net.HttpProxy.ConnectLatency.Secure.Error", 1); + histogram_tester().ExpectTotalCount( + "Net.HttpProxy.ConnectLatency.Insecure.Error", 0); } TEST_P(HttpProxyClientSocketPoolTest, SslClientAuth) { @@ -496,6 +517,10 @@ TEST_P(HttpProxyClientSocketPoolTest, SslClientAuth) { EXPECT_FALSE(handle_.is_initialized()); EXPECT_FALSE(handle_.socket()); + histogram_tester().ExpectTotalCount( + "Net.HttpProxy.ConnectLatency.Secure.Error", 1); + histogram_tester().ExpectTotalCount( + "Net.HttpProxy.ConnectLatency.Insecure.Error", 0); } TEST_P(HttpProxyClientSocketPoolTest, TunnelUnexpectedClose) { diff --git a/chromium/net/http/http_proxy_client_socket_wrapper.cc b/chromium/net/http/http_proxy_client_socket_wrapper.cc index f5e258e86cd..0d939118eb6 100644 --- a/chromium/net/http/http_proxy_client_socket_wrapper.cc +++ b/chromium/net/http/http_proxy_client_socket_wrapper.cc @@ -10,6 +10,7 @@ #include "base/bind_helpers.h" #include "base/callback_helpers.h" #include "base/memory/weak_ptr.h" +#include "base/metrics/histogram_macros.h" #include "base/profiler/scoped_tracker.h" #include "base/values.h" #include "net/base/proxy_delegate.h" @@ -387,6 +388,7 @@ int HttpProxyClientSocketWrapper::DoLoop(int result) { } int HttpProxyClientSocketWrapper::DoBeginConnect() { + connect_start_time_ = base::TimeTicks::Now(); SetConnectTimer(connect_timeout_duration_); if (transport_params_) { next_state_ = STATE_TCP_CONNECT; @@ -408,8 +410,11 @@ int HttpProxyClientSocketWrapper::DoTransportConnect() { } int HttpProxyClientSocketWrapper::DoTransportConnectComplete(int result) { - if (result != OK) + if (result != OK) { + UMA_HISTOGRAM_MEDIUM_TIMES("Net.HttpProxy.ConnectLatency.Insecure.Error", + base::TimeTicks::Now() - connect_start_time_); return ERR_PROXY_CONNECTION_FAILED; + } // Reset the timer to just the length of time allowed for HttpProxy handshake // so that a fast TCP connection plus a slow HttpProxy failure doesn't take @@ -424,7 +429,9 @@ int HttpProxyClientSocketWrapper::DoSSLConnect() { if (tunnel_) { SpdySessionKey key(GetDestination().host_port_pair(), ProxyServer::Direct(), PRIVACY_MODE_DISABLED); - if (spdy_session_pool_->FindAvailableSession(key, GURL(), net_log_)) { + if (spdy_session_pool_->FindAvailableSession( + key, GURL(), + /* enable_ip_based_pooling = */ true, net_log_)) { using_spdy_ = true; next_state_ = STATE_SPDY_PROXY_CREATE_STREAM; return OK; @@ -443,6 +450,8 @@ int HttpProxyClientSocketWrapper::DoSSLConnectComplete(int result) { if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { DCHECK( transport_socket_handle_->ssl_error_response_info().cert_request_info); + UMA_HISTOGRAM_MEDIUM_TIMES("Net.HttpProxy.ConnectLatency.Secure.Error", + base::TimeTicks::Now() - connect_start_time_); error_response_info_.reset(new HttpResponseInfo( transport_socket_handle_->ssl_error_response_info())); error_response_info_->cert_request_info->is_proxy = true; @@ -450,6 +459,8 @@ int HttpProxyClientSocketWrapper::DoSSLConnectComplete(int result) { } if (IsCertificateError(result)) { + UMA_HISTOGRAM_MEDIUM_TIMES("Net.HttpProxy.ConnectLatency.Secure.Error", + base::TimeTicks::Now() - connect_start_time_); if (ssl_params_->load_flags() & LOAD_IGNORE_ALL_CERT_ERRORS) { result = OK; } else { @@ -467,6 +478,8 @@ int HttpProxyClientSocketWrapper::DoSSLConnectComplete(int result) { return ERR_SPDY_SESSION_ALREADY_EXISTS; } if (result < 0) { + UMA_HISTOGRAM_MEDIUM_TIMES("Net.HttpProxy.ConnectLatency.Secure.Error", + base::TimeTicks::Now() - connect_start_time_); if (transport_socket_handle_->socket()) transport_socket_handle_->socket()->Disconnect(); return ERR_PROXY_CONNECTION_FAILED; @@ -499,6 +512,14 @@ int HttpProxyClientSocketWrapper::DoSSLConnectComplete(int result) { int HttpProxyClientSocketWrapper::DoHttpProxyConnect() { next_state_ = STATE_HTTP_PROXY_CONNECT_COMPLETE; + if (transport_params_) { + UMA_HISTOGRAM_MEDIUM_TIMES("Net.HttpProxy.ConnectLatency.Insecure.Success", + base::TimeTicks::Now() - connect_start_time_); + } else { + UMA_HISTOGRAM_MEDIUM_TIMES("Net.HttpProxy.ConnectLatency.Secure.Success", + base::TimeTicks::Now() - connect_start_time_); + } + // Add a HttpProxy connection on top of the tcp socket. transport_socket_.reset(new HttpProxyClientSocket( transport_socket_handle_.release(), user_agent_, endpoint_, @@ -522,7 +543,9 @@ int HttpProxyClientSocketWrapper::DoSpdyProxyCreateStream() { SpdySessionKey key(GetDestination().host_port_pair(), ProxyServer::Direct(), PRIVACY_MODE_DISABLED); base::WeakPtr<SpdySession> spdy_session = - spdy_session_pool_->FindAvailableSession(key, GURL(), net_log_); + spdy_session_pool_->FindAvailableSession( + key, GURL(), + /* enable_ip_based_pooling = */ true, net_log_); // It's possible that a session to the proxy has recently been created if (spdy_session) { if (transport_socket_handle_.get()) { @@ -614,6 +637,18 @@ void HttpProxyClientSocketWrapper::ConnectTimeout() { DCHECK_NE(STATE_NONE, next_state_); DCHECK(!connect_callback_.is_null()); + if (next_state_ == STATE_TCP_CONNECT_COMPLETE || + next_state_ == STATE_SSL_CONNECT_COMPLETE) { + if (transport_params_) { + UMA_HISTOGRAM_MEDIUM_TIMES( + "Net.HttpProxy.ConnectLatency.Insecure.TimedOut", + base::TimeTicks::Now() - connect_start_time_); + } else { + UMA_HISTOGRAM_MEDIUM_TIMES("Net.HttpProxy.ConnectLatency.Secure.TimedOut", + base::TimeTicks::Now() - connect_start_time_); + } + } + NotifyProxyDelegateOfCompletion(ERR_CONNECTION_TIMED_OUT); CompletionCallback callback = connect_callback_; diff --git a/chromium/net/http/http_proxy_client_socket_wrapper.h b/chromium/net/http/http_proxy_client_socket_wrapper.h index d6184a88bed..902b4e79609 100644 --- a/chromium/net/http/http_proxy_client_socket_wrapper.h +++ b/chromium/net/http/http_proxy_client_socket_wrapper.h @@ -205,6 +205,9 @@ class HttpProxyClientSocketWrapper : public ProxyClientSocket { base::OneShotTimer connect_timer_; + // Time when the connection to the proxy was started. + base::TimeTicks connect_start_time_; + DISALLOW_COPY_AND_ASSIGN(HttpProxyClientSocketWrapper); }; diff --git a/chromium/net/http/http_request_headers.cc b/chromium/net/http/http_request_headers.cc index 18e6def6bb2..3d97a3e9ace 100644 --- a/chromium/net/http/http_request_headers.cc +++ b/chromium/net/http/http_request_headers.cc @@ -227,7 +227,7 @@ bool HttpRequestHeaders::FromNetLogParam(const base::Value* event_param, it != header_list->end(); ++it) { std::string header_line; - if (!(*it)->GetAsString(&header_line)) { + if (!it->GetAsString(&header_line)) { headers->Clear(); *request_line = ""; return false; diff --git a/chromium/net/http/http_response_body_drainer_unittest.cc b/chromium/net/http/http_response_body_drainer_unittest.cc index 6b725dad891..44943e291f3 100644 --- a/chromium/net/http/http_response_body_drainer_unittest.cc +++ b/chromium/net/http/http_response_body_drainer_unittest.cc @@ -108,6 +108,10 @@ class MockHttpStream : public HttpStream { bool CanReuseConnection() const override { return can_reuse_connection_; } int64_t GetTotalReceivedBytes() const override { return 0; } int64_t GetTotalSentBytes() const override { return 0; } + bool GetAlternativeService( + AlternativeService* alternative_service) const override { + return false; + } void GetSSLInfo(SSLInfo* ssl_info) override {} void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info) override {} bool GetRemoteEndpoint(IPEndPoint* endpoint) override { return false; } diff --git a/chromium/net/http/http_response_headers.cc b/chromium/net/http/http_response_headers.cc index d0b2fc18ced..cb985f5ccaa 100644 --- a/chromium/net/http/http_response_headers.cc +++ b/chromium/net/http/http_response_headers.cc @@ -917,28 +917,14 @@ bool HttpResponseHeaders::IsRedirectResponseCode(int response_code) { // Of course, there are other factors that can force a response to always be // validated or re-fetched. // -// From RFC 5861 section 3, a stale response may be used while revalidation is -// performed in the background if -// -// freshness_lifetime + stale_while_revalidate > current_age -// -ValidationType HttpResponseHeaders::RequiresValidation( - const Time& request_time, - const Time& response_time, - const Time& current_time) const { +bool HttpResponseHeaders::RequiresValidation(const Time& request_time, + const Time& response_time, + const Time& current_time) const { FreshnessLifetimes lifetimes = GetFreshnessLifetimes(response_time); - if (lifetimes.freshness.is_zero() && lifetimes.staleness.is_zero()) - return VALIDATION_SYNCHRONOUS; - - TimeDelta age = GetCurrentAge(request_time, response_time, current_time); - - if (lifetimes.freshness > age) - return VALIDATION_NONE; - - if (lifetimes.freshness + lifetimes.staleness > age) - return VALIDATION_ASYNCHRONOUS; - - return VALIDATION_SYNCHRONOUS; + if (lifetimes.freshness.is_zero()) + return true; + return lifetimes.freshness <= + GetCurrentAge(request_time, response_time, current_time); } // From RFC 2616 section 13.2.4: @@ -961,9 +947,6 @@ ValidationType HttpResponseHeaders::RequiresValidation( // // freshness_lifetime = (date_value - last_modified_value) * 0.10 // -// If the stale-while-revalidate directive is present, then it is used to set -// the |staleness| time, unless it overridden by another directive. -// HttpResponseHeaders::FreshnessLifetimes HttpResponseHeaders::GetFreshnessLifetimes(const Time& response_time) const { FreshnessLifetimes lifetimes; @@ -978,13 +961,6 @@ HttpResponseHeaders::GetFreshnessLifetimes(const Time& response_time) const { return lifetimes; } - // Cache-Control directive must_revalidate overrides stale-while-revalidate. - bool must_revalidate = HasHeaderValue("cache-control", "must-revalidate"); - - if (must_revalidate || !GetStaleWhileRevalidateValue(&lifetimes.staleness)) { - DCHECK_EQ(TimeDelta(), lifetimes.staleness); - } - // NOTE: "Cache-Control: max-age" overrides Expires, so we only check the // Expires header after checking for max-age in GetFreshnessLifetimes. This // is important since "Expires: <date in the past>" means not fresh, but @@ -1035,7 +1011,8 @@ HttpResponseHeaders::GetFreshnessLifetimes(const Time& response_time) const { // experimental RFC that adds 308 permanent redirect as well, for which "any // future references ... SHOULD use one of the returned URIs." if ((response_code_ == 200 || response_code_ == 203 || - response_code_ == 206) && !must_revalidate) { + response_code_ == 206) && + !HasHeaderValue("cache-control", "must-revalidate")) { // TODO(darin): Implement a smarter heuristic. Time last_modified_value; if (GetLastModifiedValue(&last_modified_value)) { @@ -1051,13 +1028,11 @@ HttpResponseHeaders::GetFreshnessLifetimes(const Time& response_time) const { if (response_code_ == 300 || response_code_ == 301 || response_code_ == 308 || response_code_ == 410) { lifetimes.freshness = TimeDelta::Max(); - lifetimes.staleness = TimeDelta(); // It should never be stale. return lifetimes; } // Our heuristic freshness estimate for this resource is 0 seconds, in - // accordance with common browser behaviour. However, stale-while-revalidate - // may still apply. + // accordance with common browser behaviour. DCHECK_EQ(TimeDelta(), lifetimes.freshness); return lifetimes; } @@ -1168,11 +1143,6 @@ bool HttpResponseHeaders::GetExpiresValue(Time* result) const { return GetTimeValuedHeader("Expires", result); } -bool HttpResponseHeaders::GetStaleWhileRevalidateValue( - TimeDelta* result) const { - return GetCacheControlDirective("stale-while-revalidate", result); -} - bool HttpResponseHeaders::GetTimeValuedHeader(const std::string& name, Time* result) const { std::string value; @@ -1335,7 +1305,7 @@ bool HttpResponseHeaders::FromNetLogParam( it != header_list->end(); ++it) { std::string header_line; - if (!(*it)->GetAsString(&header_line)) + if (!it->GetAsString(&header_line)) return false; raw_headers.append(header_line); diff --git a/chromium/net/http/http_response_headers.h b/chromium/net/http/http_response_headers.h index 167980df25c..d5392b3115f 100644 --- a/chromium/net/http/http_response_headers.h +++ b/chromium/net/http/http_response_headers.h @@ -32,12 +32,6 @@ namespace net { class HttpByteRange; class NetLogCaptureMode; -enum ValidationType { - VALIDATION_NONE, // The resource is fresh. - VALIDATION_ASYNCHRONOUS, // The resource requires async revalidation. - VALIDATION_SYNCHRONOUS // The resource requires sync revalidation. -}; - // HttpResponseHeaders: parses and holds HTTP response headers. class NET_EXPORT HttpResponseHeaders : public base::RefCountedThreadSafe<HttpResponseHeaders> { @@ -56,9 +50,6 @@ class NET_EXPORT HttpResponseHeaders struct FreshnessLifetimes { // How long the resource will be fresh for. base::TimeDelta freshness; - // How long after becoming not fresh that the resource will be stale but - // usable (if async revalidation is enabled). - base::TimeDelta staleness; }; static const char kContentRange[]; @@ -210,24 +201,21 @@ class NET_EXPORT HttpResponseHeaders // redirect. static bool IsRedirectResponseCode(int response_code); - // Returns VALIDATION_NONE if the response can be reused without - // validation. VALIDATION_ASYNCHRONOUS means the response can be re-used, but - // asynchronous revalidation must be performed. VALIDATION_SYNCHRONOUS means + // Returns false if the response can be reused without validation. true means // that the result cannot be reused without revalidation. // The result is relative to the current_time parameter, which is // a parameter to support unit testing. The request_time parameter indicates // the time at which the request was made that resulted in this response, // which was received at response_time. - ValidationType RequiresValidation(const base::Time& request_time, - const base::Time& response_time, - const base::Time& current_time) const; + bool RequiresValidation(const base::Time& request_time, + const base::Time& response_time, + const base::Time& current_time) const; // Calculates the amount of time the server claims the response is fresh from // the time the response was generated. See section 13.2.4 of RFC 2616. See // RequiresValidation for a description of the response_time parameter. See // the definition of FreshnessLifetimes above for the meaning of the return - // value. See RFC 5861 section 3 for the definition of - // stale-while-revalidate. + // value. FreshnessLifetimes GetFreshnessLifetimes( const base::Time& response_time) const; @@ -245,7 +233,6 @@ class NET_EXPORT HttpResponseHeaders bool GetDateValue(base::Time* value) const; bool GetLastModifiedValue(base::Time* value) const; bool GetExpiresValue(base::Time* value) const; - bool GetStaleWhileRevalidateValue(base::TimeDelta* value) const; // Extracts the time value of a particular header. This method looks for the // first matching header value and parses its value as a HTTP-date. diff --git a/chromium/net/http/http_response_headers_unittest.cc b/chromium/net/http/http_response_headers_unittest.cc index 3e0c2511851..5ffc0e80ebb 100644 --- a/chromium/net/http/http_response_headers_unittest.cc +++ b/chromium/net/http/http_response_headers_unittest.cc @@ -75,16 +75,6 @@ class HttpResponseHeadersCacheControlTest : public HttpResponseHeadersTest { return max_age_value; } - // Get the stale-while-revalidate value. This should only be used in tests - // where a valid max-age parameter is expected to be present. - TimeDelta GetStaleWhileRevalidateValue() { - DCHECK(headers_.get()) << "Call InitializeHeadersWithCacheControl() first"; - TimeDelta stale_while_revalidate_value; - EXPECT_TRUE( - headers()->GetStaleWhileRevalidateValue(&stale_while_revalidate_value)); - return stale_while_revalidate_value; - } - private: scoped_refptr<HttpResponseHeaders> headers_; TimeDelta delta_; @@ -808,7 +798,7 @@ INSTANTIATE_TEST_CASE_P(HttpResponseHeaders, struct RequiresValidationTestData { const char* headers; - ValidationType validation_type; + bool requires_validation; }; class RequiresValidationTest @@ -831,41 +821,41 @@ TEST_P(RequiresValidationTest, RequiresValidation) { HeadersToRaw(&headers); scoped_refptr<HttpResponseHeaders> parsed(new HttpResponseHeaders(headers)); - ValidationType validation_type = + bool requires_validation = parsed->RequiresValidation(request_time, response_time, current_time); - EXPECT_EQ(test.validation_type, validation_type); + EXPECT_EQ(test.requires_validation, requires_validation); } const struct RequiresValidationTestData requires_validation_tests[] = { // No expiry info: expires immediately. { "HTTP/1.1 200 OK\n" "\n", - VALIDATION_SYNCHRONOUS + true }, // No expiry info: expires immediately. { "HTTP/1.1 200 OK\n" "\n", - VALIDATION_SYNCHRONOUS + true }, // Valid for a little while. { "HTTP/1.1 200 OK\n" "cache-control: max-age=10000\n" "\n", - VALIDATION_NONE + false }, // Expires in the future. { "HTTP/1.1 200 OK\n" "date: Wed, 28 Nov 2007 00:40:11 GMT\n" "expires: Wed, 28 Nov 2007 01:00:00 GMT\n" "\n", - VALIDATION_NONE + false }, // Already expired. { "HTTP/1.1 200 OK\n" "date: Wed, 28 Nov 2007 00:40:11 GMT\n" "expires: Wed, 28 Nov 2007 00:00:00 GMT\n" "\n", - VALIDATION_SYNCHRONOUS + true }, // Max-age trumps expires. { "HTTP/1.1 200 OK\n" @@ -873,77 +863,77 @@ const struct RequiresValidationTestData requires_validation_tests[] = { "expires: Wed, 28 Nov 2007 00:00:00 GMT\n" "cache-control: max-age=10000\n" "\n", - VALIDATION_NONE + false }, // Last-modified heuristic: modified a while ago. { "HTTP/1.1 200 OK\n" "date: Wed, 28 Nov 2007 00:40:11 GMT\n" "last-modified: Wed, 27 Nov 2007 08:00:00 GMT\n" "\n", - VALIDATION_NONE + false }, { "HTTP/1.1 203 Non-Authoritative Information\n" "date: Wed, 28 Nov 2007 00:40:11 GMT\n" "last-modified: Wed, 27 Nov 2007 08:00:00 GMT\n" "\n", - VALIDATION_NONE + false }, { "HTTP/1.1 206 Partial Content\n" "date: Wed, 28 Nov 2007 00:40:11 GMT\n" "last-modified: Wed, 27 Nov 2007 08:00:00 GMT\n" "\n", - VALIDATION_NONE + false }, // Last-modified heuristic: modified recently. { "HTTP/1.1 200 OK\n" "date: Wed, 28 Nov 2007 00:40:11 GMT\n" "last-modified: Wed, 28 Nov 2007 00:40:10 GMT\n" "\n", - VALIDATION_SYNCHRONOUS + true }, { "HTTP/1.1 203 Non-Authoritative Information\n" "date: Wed, 28 Nov 2007 00:40:11 GMT\n" "last-modified: Wed, 28 Nov 2007 00:40:10 GMT\n" "\n", - VALIDATION_SYNCHRONOUS + true }, { "HTTP/1.1 206 Partial Content\n" "date: Wed, 28 Nov 2007 00:40:11 GMT\n" "last-modified: Wed, 28 Nov 2007 00:40:10 GMT\n" "\n", - VALIDATION_SYNCHRONOUS + true }, // Cached permanent redirect. { "HTTP/1.1 301 Moved Permanently\n" "\n", - VALIDATION_NONE + false }, // Another cached permanent redirect. { "HTTP/1.1 308 Permanent Redirect\n" "\n", - VALIDATION_NONE + false }, // Cached redirect: not reusable even though by default it would be. { "HTTP/1.1 300 Multiple Choices\n" "Cache-Control: no-cache\n" "\n", - VALIDATION_SYNCHRONOUS + true }, // Cached forever by default. { "HTTP/1.1 410 Gone\n" "\n", - VALIDATION_NONE + false }, // Cached temporary redirect: not reusable. { "HTTP/1.1 302 Found\n" "\n", - VALIDATION_SYNCHRONOUS + true }, // Cached temporary redirect: reusable. { "HTTP/1.1 302 Found\n" "cache-control: max-age=10000\n" "\n", - VALIDATION_NONE + false }, // Cache-control: max-age=N overrides expires: date in the past. { "HTTP/1.1 200 OK\n" @@ -951,7 +941,7 @@ const struct RequiresValidationTestData requires_validation_tests[] = { "expires: Wed, 28 Nov 2007 00:20:11 GMT\n" "cache-control: max-age=10000\n" "\n", - VALIDATION_NONE + false }, // Cache-control: no-store overrides expires: in the future. { "HTTP/1.1 200 OK\n" @@ -959,7 +949,7 @@ const struct RequiresValidationTestData requires_validation_tests[] = { "expires: Wed, 29 Nov 2007 00:40:11 GMT\n" "cache-control: no-store,private,no-cache=\"foo\"\n" "\n", - VALIDATION_SYNCHRONOUS + true }, // Pragma: no-cache overrides last-modified heuristic. { "HTTP/1.1 200 OK\n" @@ -967,60 +957,14 @@ const struct RequiresValidationTestData requires_validation_tests[] = { "last-modified: Wed, 27 Nov 2007 08:00:00 GMT\n" "pragma: no-cache\n" "\n", - VALIDATION_SYNCHRONOUS + true }, // max-age has expired, needs synchronous revalidation { "HTTP/1.1 200 OK\n" "date: Wed, 28 Nov 2007 00:40:11 GMT\n" "cache-control: max-age=300\n" "\n", - VALIDATION_SYNCHRONOUS - }, - // max-age has expired, stale-while-revalidate has not, eligible for - // asynchronous revalidation - { "HTTP/1.1 200 OK\n" - "date: Wed, 28 Nov 2007 00:40:11 GMT\n" - "cache-control: max-age=300, stale-while-revalidate=3600\n" - "\n", - VALIDATION_ASYNCHRONOUS - }, - // max-age and stale-while-revalidate have expired, needs synchronous - // revalidation - { "HTTP/1.1 200 OK\n" - "date: Wed, 28 Nov 2007 00:40:11 GMT\n" - "cache-control: max-age=300, stale-while-revalidate=5\n" - "\n", - VALIDATION_SYNCHRONOUS - }, - // max-age is 0, stale-while-revalidate is large enough to permit - // asynchronous revalidation - { "HTTP/1.1 200 OK\n" - "date: Wed, 28 Nov 2007 00:40:11 GMT\n" - "cache-control: max-age=0, stale-while-revalidate=360\n" - "\n", - VALIDATION_ASYNCHRONOUS - }, - // stale-while-revalidate must not override no-cache or similar directives. - { "HTTP/1.1 200 OK\n" - "date: Wed, 28 Nov 2007 00:40:11 GMT\n" - "cache-control: no-cache, stale-while-revalidate=360\n" - "\n", - VALIDATION_SYNCHRONOUS - }, - // max-age has not expired, so no revalidation is needed. - { "HTTP/1.1 200 OK\n" - "date: Wed, 28 Nov 2007 00:40:11 GMT\n" - "cache-control: max-age=3600, stale-while-revalidate=3600\n" - "\n", - VALIDATION_NONE - }, - // must-revalidate overrides stale-while-revalidate, so synchronous validation - // is needed. - { "HTTP/1.1 200 OK\n" - "date: Wed, 28 Nov 2007 00:40:11 GMT\n" - "cache-control: must-revalidate, max-age=300, stale-while-revalidate=3600\n" - "\n", - VALIDATION_SYNCHRONOUS + true }, // TODO(darin): Add many many more tests here. @@ -2193,36 +2137,6 @@ INSTANTIATE_TEST_CASE_P(HttpResponseHeadersCacheControl, MaxAgeEdgeCasesTest, testing::ValuesIn(max_age_tests)); -TEST_F(HttpResponseHeadersCacheControlTest, - AbsentStaleWhileRevalidateReturnsFalse) { - InitializeHeadersWithCacheControl("max-age=3600"); - EXPECT_FALSE(headers()->GetStaleWhileRevalidateValue(TimeDeltaPointer())); -} - -TEST_F(HttpResponseHeadersCacheControlTest, - StaleWhileRevalidateWithoutValueRejected) { - InitializeHeadersWithCacheControl("max-age=3600,stale-while-revalidate="); - EXPECT_FALSE(headers()->GetStaleWhileRevalidateValue(TimeDeltaPointer())); -} - -TEST_F(HttpResponseHeadersCacheControlTest, - StaleWhileRevalidateWithInvalidValueTreatedAsZero) { - InitializeHeadersWithCacheControl("max-age=3600,stale-while-revalidate=true"); - EXPECT_EQ(TimeDelta(), GetStaleWhileRevalidateValue()); -} - -TEST_F(HttpResponseHeadersCacheControlTest, StaleWhileRevalidateValueReturned) { - InitializeHeadersWithCacheControl("max-age=3600,stale-while-revalidate=7200"); - EXPECT_EQ(TimeDelta::FromSeconds(7200), GetStaleWhileRevalidateValue()); -} - -TEST_F(HttpResponseHeadersCacheControlTest, - FirstStaleWhileRevalidateValueUsed) { - InitializeHeadersWithCacheControl( - "stale-while-revalidate=1,stale-while-revalidate=7200"); - EXPECT_EQ(TimeDelta::FromSeconds(1), GetStaleWhileRevalidateValue()); -} - struct GetCurrentAgeTestData { const char* headers; const char* request_time; diff --git a/chromium/net/http/http_response_info.cc b/chromium/net/http/http_response_info.cc index 06a40089bf8..ff94a6de3cd 100644 --- a/chromium/net/http/http_response_info.cc +++ b/chromium/net/http/http_response_info.cc @@ -130,7 +130,6 @@ HttpResponseInfo::HttpResponseInfo() was_fetched_via_proxy(false), did_use_http_auth(false), unused_since_prefetch(false), - async_revalidation_required(false), connection_info(CONNECTION_INFO_UNKNOWN) {} HttpResponseInfo::HttpResponseInfo(const HttpResponseInfo& rhs) @@ -144,7 +143,6 @@ HttpResponseInfo::HttpResponseInfo(const HttpResponseInfo& rhs) proxy_server(rhs.proxy_server), did_use_http_auth(rhs.did_use_http_auth), unused_since_prefetch(rhs.unused_since_prefetch), - async_revalidation_required(rhs.async_revalidation_required), socket_address(rhs.socket_address), alpn_negotiated_protocol(rhs.alpn_negotiated_protocol), connection_info(rhs.connection_info), @@ -171,7 +169,6 @@ HttpResponseInfo& HttpResponseInfo::operator=(const HttpResponseInfo& rhs) { was_fetched_via_proxy = rhs.was_fetched_via_proxy; did_use_http_auth = rhs.did_use_http_auth; unused_since_prefetch = rhs.unused_since_prefetch; - async_revalidation_required = rhs.async_revalidation_required; socket_address = rhs.socket_address; alpn_negotiated_protocol = rhs.alpn_negotiated_protocol; connection_info = rhs.connection_info; diff --git a/chromium/net/http/http_response_info.h b/chromium/net/http/http_response_info.h index a7aa7e9d994..22b3d07dc1d 100644 --- a/chromium/net/http/http_response_info.h +++ b/chromium/net/http/http_response_info.h @@ -143,11 +143,6 @@ class NET_EXPORT HttpResponseInfo { // used since. bool unused_since_prefetch; - // True if this resource is stale and requires async revalidation. - // This value is not persisted by Persist(); it is only ever set when the - // response is retrieved from the cache. - bool async_revalidation_required; - // Remote address of the socket which fetched this resource. // // NOTE: If the response was served from the cache (was_cached is true), diff --git a/chromium/net/http/http_response_info_unittest.cc b/chromium/net/http/http_response_info_unittest.cc index 3490834ccc7..13cfcc336f7 100644 --- a/chromium/net/http/http_response_info_unittest.cc +++ b/chromium/net/http/http_response_info_unittest.cc @@ -72,30 +72,6 @@ TEST_F(HttpResponseInfoTest, PKPBypassPersistFalse) { EXPECT_FALSE(restored_response_info.ssl_info.pkp_bypassed); } -TEST_F(HttpResponseInfoTest, AsyncRevalidationRequiredDefault) { - EXPECT_FALSE(response_info_.async_revalidation_required); -} - -TEST_F(HttpResponseInfoTest, AsyncRevalidationRequiredCopy) { - response_info_.async_revalidation_required = true; - net::HttpResponseInfo response_info_clone(response_info_); - EXPECT_TRUE(response_info_clone.async_revalidation_required); -} - -TEST_F(HttpResponseInfoTest, AsyncRevalidationRequiredAssign) { - response_info_.async_revalidation_required = true; - net::HttpResponseInfo response_info_clone; - response_info_clone = response_info_; - EXPECT_TRUE(response_info_clone.async_revalidation_required); -} - -TEST_F(HttpResponseInfoTest, AsyncRevalidationRequiredNotPersisted) { - response_info_.async_revalidation_required = true; - net::HttpResponseInfo restored_response_info; - PickleAndRestore(response_info_, &restored_response_info); - EXPECT_FALSE(restored_response_info.async_revalidation_required); -} - TEST_F(HttpResponseInfoTest, FailsInitFromPickleWithInvalidSCTStatus) { // A valid certificate is needed for ssl_info.is_valid() to be true // so that the SCTs would be serialized. diff --git a/chromium/net/http/http_server_properties.cc b/chromium/net/http/http_server_properties.cc index 1e5471c5e0c..2d7bcecc1cf 100644 --- a/chromium/net/http/http_server_properties.cc +++ b/chromium/net/http/http_server_properties.cc @@ -92,6 +92,12 @@ std::string AlternativeServiceInfo::ToString() const { exploded.day_of_month, exploded.hour, exploded.minute, exploded.second); } +std::ostream& operator<<(std::ostream& os, + const AlternativeService& alternative_service) { + os << alternative_service.ToString(); + return os; +} + // static void HttpServerProperties::ForceHTTP11(SSLConfig* ssl_config) { ssl_config->alpn_protos.clear(); diff --git a/chromium/net/http/http_server_properties.h b/chromium/net/http/http_server_properties.h index 6ba72dcf713..7efbf1ab536 100644 --- a/chromium/net/http/http_server_properties.h +++ b/chromium/net/http/http_server_properties.h @@ -8,6 +8,7 @@ #include <stdint.h> #include <map> +#include <ostream> #include <string> #include <tuple> #include <vector> @@ -59,6 +60,7 @@ enum BrokenAlternateProtocolLocation { BROKEN_ALTERNATE_PROTOCOL_LOCATION_QUIC_STREAM_FACTORY = 1, BROKEN_ALTERNATE_PROTOCOL_LOCATION_HTTP_STREAM_FACTORY_IMPL_JOB_ALT = 2, BROKEN_ALTERNATE_PROTOCOL_LOCATION_HTTP_STREAM_FACTORY_IMPL_JOB_MAIN = 3, + BROKEN_ALTERNATE_PROTOCOL_LOCATION_QUIC_HTTP_STREAM = 4, BROKEN_ALTERNATE_PROTOCOL_LOCATION_MAX, }; @@ -108,6 +110,10 @@ struct NET_EXPORT AlternativeService { uint16_t port; }; +NET_EXPORT_PRIVATE std::ostream& operator<<( + std::ostream& os, + const AlternativeService& alternative_service); + struct NET_EXPORT AlternativeServiceInfo { AlternativeServiceInfo() : alternative_service() {} @@ -175,6 +181,9 @@ typedef std::vector<AlternativeService> AlternativeServiceVector; typedef std::vector<AlternativeServiceInfo> AlternativeServiceInfoVector; typedef base::MRUCache<url::SchemeHostPort, AlternativeServiceInfoVector> AlternativeServiceMap; +// Map to the number of times each alternative service has been marked broken. +typedef base::MRUCache<AlternativeService, int> + RecentlyBrokenAlternativeServices; typedef base::MRUCache<url::SchemeHostPort, ServerNetworkStats> ServerNetworkStatsMap; typedef base::MRUCache<QuicServerId, std::string> QuicServerInfoMap; @@ -293,10 +302,14 @@ class NET_EXPORT HttpServerProperties { virtual void SetSupportsQuic(bool used_quic, const IPAddress& last_address) = 0; - // Sets |stats| for |host_port_pair|. + // Sets |stats| for |server|. virtual void SetServerNetworkStats(const url::SchemeHostPort& server, ServerNetworkStats stats) = 0; + // Clears any stats for |server|. + virtual void ClearServerNetworkStats(const url::SchemeHostPort& server) = 0; + + // Returns any stats for |server| or nullptr if there are none. virtual const ServerNetworkStats* GetServerNetworkStats( const url::SchemeHostPort& server) = 0; diff --git a/chromium/net/http/http_server_properties_impl.cc b/chromium/net/http/http_server_properties_impl.cc index c020b046d1e..6ea3b86a37e 100644 --- a/chromium/net/http/http_server_properties_impl.cc +++ b/chromium/net/http/http_server_properties_impl.cc @@ -33,6 +33,8 @@ const int kBrokenDelayMaxShift = 9; HttpServerPropertiesImpl::HttpServerPropertiesImpl() : spdy_servers_map_(SpdyServersMap::NO_AUTO_EVICT), alternative_service_map_(AlternativeServiceMap::NO_AUTO_EVICT), + recently_broken_alternative_services_( + RecentlyBrokenAlternativeServices::NO_AUTO_EVICT), server_network_stats_map_(ServerNetworkStatsMap::NO_AUTO_EVICT), quic_server_info_map_(QuicServerInfoMap::NO_AUTO_EVICT), max_server_configs_stored_in_properties_(kMaxQuicServersToPersist), @@ -454,8 +456,13 @@ void HttpServerPropertiesImpl::MarkAlternativeServiceBroken( LOG(DFATAL) << "Trying to mark unknown alternate protocol broken."; return; } - ++recently_broken_alternative_services_[alternative_service]; - int shift = recently_broken_alternative_services_[alternative_service] - 1; + auto it = recently_broken_alternative_services_.Get(alternative_service); + int shift = 0; + if (it == recently_broken_alternative_services_.end()) { + recently_broken_alternative_services_.Put(alternative_service, 1); + } else { + shift = it->second++; + } if (shift > kBrokenDelayMaxShift) shift = kBrokenDelayMaxShift; base::TimeDelta delay = @@ -477,9 +484,10 @@ void HttpServerPropertiesImpl::MarkAlternativeServiceBroken( void HttpServerPropertiesImpl::MarkAlternativeServiceRecentlyBroken( const AlternativeService& alternative_service) { - if (!base::ContainsKey(recently_broken_alternative_services_, - alternative_service)) - recently_broken_alternative_services_[alternative_service] = 1; + if (recently_broken_alternative_services_.Get(alternative_service) == + recently_broken_alternative_services_.end()) { + recently_broken_alternative_services_.Put(alternative_service, 1); + } } bool HttpServerPropertiesImpl::IsAlternativeServiceBroken( @@ -493,8 +501,9 @@ bool HttpServerPropertiesImpl::WasAlternativeServiceRecentlyBroken( const AlternativeService& alternative_service) { if (alternative_service.protocol == kProtoUnknown) return false; - return base::ContainsKey(recently_broken_alternative_services_, - alternative_service); + + return recently_broken_alternative_services_.Get(alternative_service) != + recently_broken_alternative_services_.end(); } void HttpServerPropertiesImpl::ConfirmAlternativeService( @@ -502,7 +511,10 @@ void HttpServerPropertiesImpl::ConfirmAlternativeService( if (alternative_service.protocol == kProtoUnknown) return; broken_alternative_services_.erase(alternative_service); - recently_broken_alternative_services_.erase(alternative_service); + auto it = recently_broken_alternative_services_.Get(alternative_service); + if (it != recently_broken_alternative_services_.end()) { + recently_broken_alternative_services_.Erase(it); + } } const AlternativeServiceMap& HttpServerPropertiesImpl::alternative_service_map() @@ -565,6 +577,14 @@ void HttpServerPropertiesImpl::SetServerNetworkStats( server_network_stats_map_.Put(server, stats); } +void HttpServerPropertiesImpl::ClearServerNetworkStats( + const url::SchemeHostPort& server) { + ServerNetworkStatsMap::iterator it = server_network_stats_map_.Get(server); + if (it != server_network_stats_map_.end()) { + server_network_stats_map_.Erase(it); + } +} + const ServerNetworkStats* HttpServerPropertiesImpl::GetServerNetworkStats( const url::SchemeHostPort& server) { ServerNetworkStatsMap::iterator it = server_network_stats_map_.Get(server); diff --git a/chromium/net/http/http_server_properties_impl.h b/chromium/net/http/http_server_properties_impl.h index eed9e46f552..b483bb296b1 100644 --- a/chromium/net/http/http_server_properties_impl.h +++ b/chromium/net/http/http_server_properties_impl.h @@ -109,6 +109,7 @@ class NET_EXPORT HttpServerPropertiesImpl void SetSupportsQuic(bool used_quic, const IPAddress& address) override; void SetServerNetworkStats(const url::SchemeHostPort& server, ServerNetworkStats stats) override; + void ClearServerNetworkStats(const url::SchemeHostPort& server) override; const ServerNetworkStats* GetServerNetworkStats( const url::SchemeHostPort& server) override; const ServerNetworkStatsMap& server_network_stats_map() const override; @@ -138,8 +139,6 @@ class NET_EXPORT HttpServerPropertiesImpl base::TimeTicks, AlternativeServiceHash> BrokenAlternativeServices; - // Map to the number of times each alternative service has been marked broken. - typedef std::map<AlternativeService, int> RecentlyBrokenAlternativeServices; // Return the iterator for |server|, or for its canonical host, or end. AlternativeServiceMap::const_iterator GetAlternateProtocolIterator( diff --git a/chromium/net/http/http_server_properties_impl_unittest.cc b/chromium/net/http/http_server_properties_impl_unittest.cc index ec278578eb2..57a15bcc379 100644 --- a/chromium/net/http/http_server_properties_impl_unittest.cc +++ b/chromium/net/http/http_server_properties_impl_unittest.cc @@ -29,7 +29,13 @@ class HttpServerPropertiesImplPeer { base::TimeTicks when) { impl.broken_alternative_services_.insert( std::make_pair(alternative_service, when)); - ++impl.recently_broken_alternative_services_[alternative_service]; + auto it = + impl.recently_broken_alternative_services_.Get(alternative_service); + if (it == impl.recently_broken_alternative_services_.end()) { + impl.recently_broken_alternative_services_.Put(alternative_service, 1); + } else { + it->second++; + } } static void ExpireBrokenAlternateProtocolMappings( @@ -38,10 +44,6 @@ class HttpServerPropertiesImplPeer { } }; -void PrintTo(const AlternativeService& alternative_service, std::ostream* os) { - *os << alternative_service.ToString(); -} - namespace { const int kMaxSupportsSpdyServerHosts = 500; @@ -1110,6 +1112,17 @@ TEST_F(ServerNetworkStatsServerPropertiesTest, SetServerNetworkStats) { EXPECT_EQ(NULL, impl_.GetServerNetworkStats(foo_https_server)); } +TEST_F(ServerNetworkStatsServerPropertiesTest, ClearServerNetworkStats) { + ServerNetworkStats stats; + stats.srtt = base::TimeDelta::FromMicroseconds(10); + stats.bandwidth_estimate = QuicBandwidth::FromBitsPerSecond(100); + url::SchemeHostPort foo_https_server("https", "foo", 443); + impl_.SetServerNetworkStats(foo_https_server, stats); + + impl_.ClearServerNetworkStats(foo_https_server); + EXPECT_EQ(nullptr, impl_.GetServerNetworkStats(foo_https_server)); +} + typedef HttpServerPropertiesImplTest QuicServerInfoServerPropertiesTest; TEST_F(QuicServerInfoServerPropertiesTest, Set) { diff --git a/chromium/net/http/http_server_properties_manager.cc b/chromium/net/http/http_server_properties_manager.cc index 0c3fe871614..f927874e489 100644 --- a/chromium/net/http/http_server_properties_manager.cc +++ b/chromium/net/http/http_server_properties_manager.cc @@ -312,6 +312,16 @@ void HttpServerPropertiesManager::SetServerNetworkStats( ScheduleUpdatePrefsOnNetworkThread(SET_SERVER_NETWORK_STATS); } +void HttpServerPropertiesManager::ClearServerNetworkStats( + const url::SchemeHostPort& server) { + DCHECK(network_task_runner_->RunsTasksOnCurrentThread()); + bool need_update = + http_server_properties_impl_->GetServerNetworkStats(server) != nullptr; + http_server_properties_impl_->ClearServerNetworkStats(server); + if (need_update) + ScheduleUpdatePrefsOnNetworkThread(CLEAR_SERVER_NETWORK_STATS); +} + const ServerNetworkStats* HttpServerPropertiesManager::GetServerNetworkStats( const url::SchemeHostPort& server) { DCHECK(network_task_runner_->RunsTasksOnCurrentThread()); @@ -483,7 +493,7 @@ void HttpServerPropertiesManager::UpdateCacheFromPrefsOnPrefThread() { } else { for (base::ListValue::const_iterator it = servers_list->begin(); it != servers_list->end(); ++it) { - if (!(*it)->GetAsDictionary(&servers_dict)) { + if (!it->GetAsDictionary(&servers_dict)) { DVLOG(1) << "Malformed http_server_properties for servers dictionary."; detected_corrupted_prefs = true; continue; @@ -641,7 +651,7 @@ bool HttpServerPropertiesManager::AddToAlternativeServiceMap( AlternativeServiceInfoVector alternative_service_info_vector; for (const auto& alternative_service_list_item : *alternative_service_list) { const base::DictionaryValue* alternative_service_dict; - if (!alternative_service_list_item->GetAsDictionary( + if (!alternative_service_list_item.GetAsDictionary( &alternative_service_dict)) return false; AlternativeServiceInfo alternative_service_info; diff --git a/chromium/net/http/http_server_properties_manager.h b/chromium/net/http/http_server_properties_manager.h index 5ccc7d52a17..17f6312089b 100644 --- a/chromium/net/http/http_server_properties_manager.h +++ b/chromium/net/http/http_server_properties_manager.h @@ -150,6 +150,7 @@ class NET_EXPORT HttpServerPropertiesManager : public HttpServerProperties { void SetSupportsQuic(bool used_quic, const IPAddress& last_address) override; void SetServerNetworkStats(const url::SchemeHostPort& server, ServerNetworkStats stats) override; + void ClearServerNetworkStats(const url::SchemeHostPort& server) override; const ServerNetworkStats* GetServerNetworkStats( const url::SchemeHostPort& server) override; const ServerNetworkStatsMap& server_network_stats_map() const override; @@ -167,6 +168,8 @@ class NET_EXPORT HttpServerPropertiesManager : public HttpServerProperties { protected: // The location where ScheduleUpdatePrefsOnNetworkThread was called. + // Must be kept up to date with HttpServerPropertiesUpdatePrefsLocation in + // histograms.xml. enum Location { SUPPORTS_SPDY = 0, HTTP_11_REQUIRED = 1, @@ -182,7 +185,8 @@ class NET_EXPORT HttpServerPropertiesManager : public HttpServerProperties { SET_SERVER_NETWORK_STATS = 11, DETECTED_CORRUPTED_PREFS = 12, SET_QUIC_SERVER_INFO = 13, - NUM_LOCATIONS = 14, + CLEAR_SERVER_NETWORK_STATS = 14, + NUM_LOCATIONS = 15, }; // -------------------- diff --git a/chromium/net/http/http_server_properties_manager_unittest.cc b/chromium/net/http/http_server_properties_manager_unittest.cc index 35da22f80a6..7ab1f662a68 100644 --- a/chromium/net/http/http_server_properties_manager_unittest.cc +++ b/chromium/net/http/http_server_properties_manager_unittest.cc @@ -929,6 +929,24 @@ TEST_P(HttpServerPropertiesManagerTest, ServerNetworkStats) { const ServerNetworkStats* stats2 = http_server_props_manager_->GetServerNetworkStats(mail_server); EXPECT_EQ(10, stats2->srtt.ToInternalValue()); + + ExpectPrefsUpdate(1); + ExpectScheduleUpdatePrefsOnNetworkThread(); + + http_server_props_manager_->ClearServerNetworkStats(mail_server); + + // Run the task. + EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); + EXPECT_TRUE(net_test_task_runner_->HasPendingTask()); + net_test_task_runner_->FastForwardUntilNoTasksRemain(); + EXPECT_TRUE(pref_test_task_runner_->HasPendingTask()); + pref_test_task_runner_->FastForwardUntilNoTasksRemain(); + EXPECT_FALSE(net_test_task_runner_->HasPendingTask()); + EXPECT_FALSE(pref_test_task_runner_->HasPendingTask()); + + Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); + EXPECT_EQ(nullptr, + http_server_props_manager_->GetServerNetworkStats(mail_server)); } TEST_P(HttpServerPropertiesManagerTest, QuicServerInfo) { @@ -1380,7 +1398,7 @@ TEST_P(HttpServerPropertiesManagerTest, ASSERT_TRUE(pref_dict.GetListWithoutPathExpansion("servers", &servers_list)); base::ListValue::const_iterator it = servers_list->begin(); const base::DictionaryValue* server_pref_dict; - ASSERT_TRUE((*it)->GetAsDictionary(&server_pref_dict)); + ASSERT_TRUE(it->GetAsDictionary(&server_pref_dict)); const base::DictionaryValue* example_pref_dict; diff --git a/chromium/net/http/http_stream.h b/chromium/net/http/http_stream.h index 3def66ee9a2..78458e4b292 100644 --- a/chromium/net/http/http_stream.h +++ b/chromium/net/http/http_stream.h @@ -30,6 +30,7 @@ class ECPrivateKey; namespace net { +struct AlternativeService; class HttpNetworkSession; class HttpRequestHeaders; struct HttpRequestInfo; @@ -150,6 +151,11 @@ class NET_EXPORT_PRIVATE HttpStream { // undefined. virtual void GetSSLInfo(SSLInfo* ssl_info) = 0; + // Returns true and populates |alternative_service| if an alternative service + // was used to for this stream. Otherwise returns false. + virtual bool GetAlternativeService( + AlternativeService* alternative_service) const = 0; + // Get the SSLCertRequestInfo associated with this stream's connection. // This should only be called for streams over SSL sockets, otherwise the // behavior is undefined. diff --git a/chromium/net/http/http_stream_factory.h b/chromium/net/http/http_stream_factory.h index ecbe88202fe..95aca6b6ed6 100644 --- a/chromium/net/http/http_stream_factory.h +++ b/chromium/net/http/http_stream_factory.h @@ -208,6 +208,8 @@ class NET_EXPORT HttpStreamFactory { const SSLConfig& server_ssl_config, const SSLConfig& proxy_ssl_config, HttpStreamRequest::Delegate* delegate, + bool enable_ip_based_pooling, + bool enable_alternative_services, const NetLogWithSource& net_log) = 0; // Request a WebSocket handshake stream. @@ -220,6 +222,8 @@ class NET_EXPORT HttpStreamFactory { const SSLConfig& proxy_ssl_config, HttpStreamRequest::Delegate* delegate, WebSocketHandshakeStreamBase::CreateHelper* create_helper, + bool enable_ip_based_pooling, + bool enable_alternative_services, const NetLogWithSource& net_log) = 0; // Request a BidirectionalStreamImpl. @@ -231,6 +235,8 @@ class NET_EXPORT HttpStreamFactory { const SSLConfig& server_ssl_config, const SSLConfig& proxy_ssl_config, HttpStreamRequest::Delegate* delegate, + bool enable_ip_based_pooling, + bool enable_alternative_services, const NetLogWithSource& net_log) = 0; // Requests that enough connections for |num_streams| be opened. diff --git a/chromium/net/http/http_stream_factory_impl.cc b/chromium/net/http/http_stream_factory_impl.cc index 0a742d12842..9c38e69f1c9 100644 --- a/chromium/net/http/http_stream_factory_impl.cc +++ b/chromium/net/http/http_stream_factory_impl.cc @@ -50,10 +50,12 @@ class DefaultJobFactory : public HttpStreamFactoryImpl::JobFactory { const SSLConfig& proxy_ssl_config, HostPortPair destination, GURL origin_url, + bool enable_ip_based_pooling, NetLog* net_log) override { return new HttpStreamFactoryImpl::Job( delegate, job_type, session, request_info, priority, server_ssl_config, - proxy_ssl_config, destination, origin_url, net_log); + proxy_ssl_config, destination, origin_url, enable_ip_based_pooling, + net_log); } HttpStreamFactoryImpl::Job* CreateJob( @@ -67,11 +69,12 @@ class DefaultJobFactory : public HttpStreamFactoryImpl::JobFactory { HostPortPair destination, GURL origin_url, AlternativeService alternative_service, + bool enable_ip_based_pooling, NetLog* net_log) override { return new HttpStreamFactoryImpl::Job( delegate, job_type, session, request_info, priority, server_ssl_config, proxy_ssl_config, destination, origin_url, alternative_service, - ProxyServer(), net_log); + ProxyServer(), enable_ip_based_pooling, net_log); } HttpStreamFactoryImpl::Job* CreateJob( @@ -85,11 +88,12 @@ class DefaultJobFactory : public HttpStreamFactoryImpl::JobFactory { HostPortPair destination, GURL origin_url, const ProxyServer& alternative_proxy_server, + bool enable_ip_based_pooling, NetLog* net_log) override { return new HttpStreamFactoryImpl::Job( delegate, job_type, session, request_info, priority, server_ssl_config, proxy_ssl_config, destination, origin_url, AlternativeService(), - alternative_proxy_server, net_log); + alternative_proxy_server, enable_ip_based_pooling, net_log); } }; @@ -99,11 +103,13 @@ HttpStreamFactoryImpl::HttpStreamFactoryImpl(HttpNetworkSession* session, bool for_websockets) : session_(session), job_factory_(new DefaultJobFactory()), - for_websockets_(for_websockets) {} + for_websockets_(for_websockets), + last_logged_job_controller_count_(0) {} HttpStreamFactoryImpl::~HttpStreamFactoryImpl() { - DCHECK(request_map_.empty()); DCHECK(spdy_session_request_map_.empty()); + UMA_HISTOGRAM_COUNTS_1M("Net.JobControllerSet.CountOfJobControllerAtShutDown", + job_controller_set_.size()); } HttpStreamRequest* HttpStreamFactoryImpl::RequestStream( @@ -112,11 +118,14 @@ HttpStreamRequest* HttpStreamFactoryImpl::RequestStream( const SSLConfig& server_ssl_config, const SSLConfig& proxy_ssl_config, HttpStreamRequest::Delegate* delegate, + bool enable_ip_based_pooling, + bool enable_alternative_services, const NetLogWithSource& net_log) { DCHECK(!for_websockets_); - return RequestStreamInternal(request_info, priority, server_ssl_config, - proxy_ssl_config, delegate, nullptr, - HttpStreamRequest::HTTP_STREAM, net_log); + return RequestStreamInternal( + request_info, priority, server_ssl_config, proxy_ssl_config, delegate, + nullptr, HttpStreamRequest::HTTP_STREAM, enable_ip_based_pooling, + enable_alternative_services, net_log); } HttpStreamRequest* HttpStreamFactoryImpl::RequestWebSocketHandshakeStream( @@ -126,12 +135,15 @@ HttpStreamRequest* HttpStreamFactoryImpl::RequestWebSocketHandshakeStream( const SSLConfig& proxy_ssl_config, HttpStreamRequest::Delegate* delegate, WebSocketHandshakeStreamBase::CreateHelper* create_helper, + bool enable_ip_based_pooling, + bool enable_alternative_services, const NetLogWithSource& net_log) { DCHECK(for_websockets_); DCHECK(create_helper); - return RequestStreamInternal(request_info, priority, server_ssl_config, - proxy_ssl_config, delegate, create_helper, - HttpStreamRequest::HTTP_STREAM, net_log); + return RequestStreamInternal( + request_info, priority, server_ssl_config, proxy_ssl_config, delegate, + create_helper, HttpStreamRequest::HTTP_STREAM, enable_ip_based_pooling, + enable_alternative_services, net_log); } HttpStreamRequest* HttpStreamFactoryImpl::RequestBidirectionalStreamImpl( @@ -140,13 +152,16 @@ HttpStreamRequest* HttpStreamFactoryImpl::RequestBidirectionalStreamImpl( const SSLConfig& server_ssl_config, const SSLConfig& proxy_ssl_config, HttpStreamRequest::Delegate* delegate, + bool enable_ip_based_pooling, + bool enable_alternative_services, const NetLogWithSource& net_log) { DCHECK(!for_websockets_); DCHECK(request_info.url.SchemeIs(url::kHttpsScheme)); return RequestStreamInternal( request_info, priority, server_ssl_config, proxy_ssl_config, delegate, - nullptr, HttpStreamRequest::BIDIRECTIONAL_STREAM, net_log); + nullptr, HttpStreamRequest::BIDIRECTIONAL_STREAM, enable_ip_based_pooling, + enable_alternative_services, net_log); } HttpStreamRequest* HttpStreamFactoryImpl::RequestStreamInternal( @@ -158,10 +173,15 @@ HttpStreamRequest* HttpStreamFactoryImpl::RequestStreamInternal( WebSocketHandshakeStreamBase::CreateHelper* websocket_handshake_stream_create_helper, HttpStreamRequest::StreamType stream_type, + bool enable_ip_based_pooling, + bool enable_alternative_services, const NetLogWithSource& net_log) { + AddJobControllerCountToHistograms(); + auto job_controller = base::MakeUnique<JobController>( this, delegate, session_, job_factory_.get(), request_info, - /*is_preconnect=*/false); + /* is_preconnect = */ false, enable_ip_based_pooling, + enable_alternative_services); JobController* job_controller_raw_ptr = job_controller.get(); job_controller_set_.insert(std::move(job_controller)); Request* request = job_controller_raw_ptr->Start( @@ -174,6 +194,8 @@ HttpStreamRequest* HttpStreamFactoryImpl::RequestStreamInternal( void HttpStreamFactoryImpl::PreconnectStreams( int num_streams, const HttpRequestInfo& request_info) { + AddJobControllerCountToHistograms(); + SSLConfig server_ssl_config; SSLConfig proxy_ssl_config; session_->GetSSLConfig(request_info, &server_ssl_config, &proxy_ssl_config); @@ -185,7 +207,9 @@ void HttpStreamFactoryImpl::PreconnectStreams( auto job_controller = base::MakeUnique<JobController>( this, nullptr, session_, job_factory_.get(), request_info, - /*is_preconnect=*/true); + /* is_preconnect = */ true, + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true); JobController* job_controller_raw_ptr = job_controller.get(); job_controller_set_.insert(std::move(job_controller)); job_controller_raw_ptr->Preconnect(num_streams, request_info, @@ -203,7 +227,8 @@ void HttpStreamFactoryImpl::OnNewSpdySessionReady( const ProxyInfo& used_proxy_info, bool was_alpn_negotiated, NextProto negotiated_protocol, - bool using_spdy) { + bool using_spdy, + NetLogSource source_dependency) { while (true) { if (!spdy_session) break; @@ -227,13 +252,13 @@ void HttpStreamFactoryImpl::OnNewSpdySessionReady( HttpStreamRequest::BIDIRECTIONAL_STREAM) { request->OnBidirectionalStreamImplReady( used_ssl_config, used_proxy_info, - new BidirectionalStreamSpdyImpl(spdy_session)); + new BidirectionalStreamSpdyImpl(spdy_session, source_dependency)); } else { bool use_relative_url = direct || request->url().SchemeIs(url::kHttpsScheme); - request->OnStreamReady( - used_ssl_config, used_proxy_info, - new SpdyHttpStream(spdy_session, use_relative_url)); + request->OnStreamReady(used_ssl_config, used_proxy_info, + new SpdyHttpStream(spdy_session, use_relative_url, + source_dependency)); } } // TODO(mbelshe): Alert other valid requests. @@ -332,6 +357,44 @@ bool HttpStreamFactoryImpl::ProxyServerSupportsPriorities( scheme_host_port); } +void HttpStreamFactoryImpl::AddJobControllerCountToHistograms() { + // Only log the count of JobControllers when the count is hitting one of the + // boundaries for the first time which is a multiple of 100: 100, 200, 300, + // etc. + if (job_controller_set_.size() % 100 != 0 || + job_controller_set_.size() <= last_logged_job_controller_count_) { + return; + } + last_logged_job_controller_count_ = job_controller_set_.size(); + + UMA_HISTOGRAM_COUNTS_1M("Net.JobControllerSet.CountOfJobController", + job_controller_set_.size()); + + int alt_job_count = 0; + int main_job_count = 0; + int preconnect_controller_count = 0; + for (const auto& job_controller : job_controller_set_) { + DCHECK(job_controller->HasPendingAltJob() || + job_controller->HasPendingMainJob()); + // For a preconnect controller, it should have exactly the main job. + if (job_controller->is_preconnect()) { + preconnect_controller_count++; + continue; + } + // For non-preconnects. + if (job_controller->HasPendingAltJob()) + alt_job_count++; + if (job_controller->HasPendingMainJob()) + main_job_count++; + } + UMA_HISTOGRAM_COUNTS_1M("Net.JobControllerSet.CountOfPreconnect", + preconnect_controller_count); + UMA_HISTOGRAM_COUNTS_1M("Net.JobControllerSet.CountOfNonPreconnectAltJob", + alt_job_count); + UMA_HISTOGRAM_COUNTS_1M("Net.JobControllerSet.CountOfNonPreconnectMainJob", + main_job_count); +} + void HttpStreamFactoryImpl::DumpMemoryStats( base::trace_event::ProcessMemoryDump* pmd, const std::string& parent_absolute_name) const { diff --git a/chromium/net/http/http_stream_factory_impl.h b/chromium/net/http/http_stream_factory_impl.h index fee31c64125..53f45368368 100644 --- a/chromium/net/http/http_stream_factory_impl.h +++ b/chromium/net/http/http_stream_factory_impl.h @@ -19,6 +19,7 @@ #include "net/base/privacy_mode.h" #include "net/base/request_priority.h" #include "net/http/http_stream_factory.h" +#include "net/log/net_log_source.h" #include "net/proxy/proxy_server.h" #include "net/socket/ssl_client_socket.h" #include "net/spdy/spdy_session_key.h" @@ -48,6 +49,8 @@ class NET_EXPORT_PRIVATE HttpStreamFactoryImpl : public HttpStreamFactory { const SSLConfig& server_ssl_config, const SSLConfig& proxy_ssl_config, HttpStreamRequest::Delegate* delegate, + bool enable_ip_based_pooling, + bool enable_alternative_services, const NetLogWithSource& net_log) override; HttpStreamRequest* RequestWebSocketHandshakeStream( @@ -57,6 +60,8 @@ class NET_EXPORT_PRIVATE HttpStreamFactoryImpl : public HttpStreamFactory { const SSLConfig& proxy_ssl_config, HttpStreamRequest::Delegate* delegate, WebSocketHandshakeStreamBase::CreateHelper* create_helper, + bool enable_ip_based_pooling, + bool enable_alternative_services, const NetLogWithSource& net_log) override; HttpStreamRequest* RequestBidirectionalStreamImpl( @@ -65,6 +70,8 @@ class NET_EXPORT_PRIVATE HttpStreamFactoryImpl : public HttpStreamFactory { const SSLConfig& server_ssl_config, const SSLConfig& proxy_ssl_config, HttpStreamRequest::Delegate* delegate, + bool enable_ip_based_pooling, + bool enable_alternative_services, const NetLogWithSource& net_log) override; void PreconnectStreams(int num_streams, const HttpRequestInfo& info) override; @@ -121,6 +128,8 @@ class NET_EXPORT_PRIVATE HttpStreamFactoryImpl : public HttpStreamFactory { HttpStreamRequest::Delegate* delegate, WebSocketHandshakeStreamBase::CreateHelper* create_helper, HttpStreamRequest::StreamType stream_type, + bool enable_ip_based_pooling, + bool enable_alternative_services, const NetLogWithSource& net_log); // Called when a SpdySession is ready. It will find appropriate Requests and @@ -132,7 +141,8 @@ class NET_EXPORT_PRIVATE HttpStreamFactoryImpl : public HttpStreamFactory { const ProxyInfo& used_proxy_info, bool was_alpn_negotiated, NextProto negotiated_protocol, - bool using_spdy); + bool using_spdy, + NetLogSource source_dependency); // Called when the Job detects that the endpoint indicated by the // Alternate-Protocol does not work. Lets the factory update @@ -161,12 +171,12 @@ class NET_EXPORT_PRIVATE HttpStreamFactoryImpl : public HttpStreamFactory { // priorities. bool ProxyServerSupportsPriorities(const ProxyInfo& proxy_info) const; - HttpNetworkSession* const session_; + // Adds the count of JobControllers that are not completed to UMA histogram if + // the count is a multiple of 100: 100, 200, 400, etc. Break down + // JobControllers count based on the type of JobController. + void AddJobControllerCountToHistograms(); - // All Requests are handed out to clients. By the time HttpStreamFactoryImpl - // is destroyed, all Requests should be deleted (which should remove them from - // |request_map_|. The Requests will delete the corresponding job. - std::map<const Job*, Request*> request_map_; + HttpNetworkSession* const session_; // All Requests/Preconnects are assigned with a JobController to manage // serving Job(s). JobController might outlive Request when Request @@ -186,6 +196,9 @@ class NET_EXPORT_PRIVATE HttpStreamFactoryImpl : public HttpStreamFactory { const bool for_websockets_; + // The count of JobControllers that was most recently logged to histograms. + size_t last_logged_job_controller_count_; + DISALLOW_COPY_AND_ASSIGN(HttpStreamFactoryImpl); }; diff --git a/chromium/net/http/http_stream_factory_impl_job.cc b/chromium/net/http/http_stream_factory_impl_job.cc index c837f75a078..398f84e194c 100644 --- a/chromium/net/http/http_stream_factory_impl_job.cc +++ b/chromium/net/http/http_stream_factory_impl_job.cc @@ -170,6 +170,7 @@ HttpStreamFactoryImpl::Job::Job(Delegate* delegate, const SSLConfig& proxy_ssl_config, HostPortPair destination, GURL origin_url, + bool enable_ip_based_pooling, NetLog* net_log) : Job(delegate, job_type, @@ -182,6 +183,7 @@ HttpStreamFactoryImpl::Job::Job(Delegate* delegate, origin_url, AlternativeService(), ProxyServer(), + enable_ip_based_pooling, net_log) {} HttpStreamFactoryImpl::Job::Job(Delegate* delegate, @@ -195,6 +197,7 @@ HttpStreamFactoryImpl::Job::Job(Delegate* delegate, GURL origin_url, AlternativeService alternative_service, const ProxyServer& alternative_proxy_server, + bool enable_ip_based_pooling, NetLog* net_log) : request_info_(request_info), priority_(priority), @@ -211,12 +214,15 @@ HttpStreamFactoryImpl::Job::Job(Delegate* delegate, origin_url_(origin_url), alternative_service_(alternative_service), alternative_proxy_server_(alternative_proxy_server), + enable_ip_based_pooling_(enable_ip_based_pooling), delegate_(delegate), job_type_(job_type), - using_ssl_(false), + using_ssl_(origin_url_.SchemeIs(url::kHttpsScheme) || + origin_url_.SchemeIs(url::kWssScheme)), using_spdy_(false), using_quic_(false), - quic_request_(session_->quic_stream_factory()), + quic_request_(session_->quic_stream_factory(), + session_->http_server_properties()), using_existing_quic_session_(false), establishing_tunnel_(false), was_alpn_negotiated_(false), @@ -328,17 +334,6 @@ void HttpStreamFactoryImpl::Job::Resume() { void HttpStreamFactoryImpl::Job::Orphan() { net_log_.AddEvent(NetLogEventType::HTTP_STREAM_JOB_ORPHANED); - - if (delegate_->for_websockets()) { - // We cancel this job because a WebSocketHandshakeStream can't be created - // without a WebSocketHandshakeStreamBase::CreateHelper which is stored in - // the Request class and isn't retrievable by this job. - if (connection_ && connection_->socket()) { - connection_->socket()->Disconnect(); - } - delegate_->OnOrphanedJobComplete(this); - } - // |this| may be deleted after this call. } void HttpStreamFactoryImpl::Job::SetPriority(RequestPriority priority) { @@ -523,10 +518,6 @@ void HttpStreamFactoryImpl::Job::OnHttpsProxyTunnelResponseCallback( void HttpStreamFactoryImpl::Job::OnPreconnectsComplete() { DCHECK(!new_spdy_session_); - if (new_spdy_session_.get()) { - delegate_->OnNewSpdySessionReady(this, new_spdy_session_, - spdy_session_direct_); - } delegate_->OnPreconnectsComplete(this); // |this| may be deleted after this call. } @@ -536,13 +527,14 @@ int HttpStreamFactoryImpl::Job::OnHostResolution( SpdySessionPool* spdy_session_pool, const SpdySessionKey& spdy_session_key, const GURL& origin_url, + bool enable_ip_based_pooling, const AddressList& addresses, const NetLogWithSource& net_log) { // It is OK to dereference spdy_session_pool, because the // ClientSocketPoolManager will be destroyed in the same callback that // destroys the SpdySessionPool. - return spdy_session_pool->FindAvailableSession(spdy_session_key, origin_url, - net_log) + return spdy_session_pool->FindAvailableSession( + spdy_session_key, origin_url, enable_ip_based_pooling, net_log) ? ERR_SPDY_SESSION_ALREADY_EXISTS : OK; } @@ -729,7 +721,7 @@ int HttpStreamFactoryImpl::Job::StartInternal() { } int HttpStreamFactoryImpl::Job::DoStart() { - const NetLogWithSource* net_log = delegate_->GetNetLog(this); + const NetLogWithSource* net_log = delegate_->GetNetLog(); if (net_log) { net_log_.BeginEvent( @@ -847,6 +839,7 @@ int HttpStreamFactoryImpl::Job::DoWaitComplete(int result) { } int HttpStreamFactoryImpl::Job::DoInitConnection() { + net_log_.BeginEvent(NetLogEventType::HTTP_STREAM_JOB_INIT_CONNECTION); int result = DoInitConnectionImpl(); if (result != ERR_SPDY_SESSION_ALREADY_EXISTS) delegate_->OnConnectionInitialized(this, result); @@ -868,8 +861,6 @@ int HttpStreamFactoryImpl::Job::DoInitConnectionImpl() { return OK; } - using_ssl_ = origin_url_.SchemeIs(url::kHttpsScheme) || - origin_url_.SchemeIs(url::kWssScheme); using_spdy_ = false; if (ShouldForceQuic()) @@ -917,9 +908,6 @@ int HttpStreamFactoryImpl::Job::DoInitConnectionImpl() { replacements.ClearQuery(); replacements.ClearRef(); url = url.ReplaceComponents(replacements); - - if (session_->quic_stream_factory()->IsQuicDisabled()) - return ERR_QUIC_PROTOCOL_ERROR; } else { DCHECK(using_ssl_); // The certificate of a QUIC alternative server is expected to be valid @@ -952,7 +940,7 @@ int HttpStreamFactoryImpl::Job::DoInitConnectionImpl() { if (CanUseExistingSpdySession()) { base::WeakPtr<SpdySession> spdy_session = session_->spdy_session_pool()->FindAvailableSession( - spdy_session_key, origin_url_, net_log_); + spdy_session_key, origin_url_, enable_ip_based_pooling_, net_log_); if (spdy_session) { // If we're preconnecting, but we already have a SpdySession, we don't // actually need to preconnect any sockets, so we're done. @@ -999,7 +987,7 @@ int HttpStreamFactoryImpl::Job::DoInitConnectionImpl() { OnHostResolutionCallback resolution_callback = CanUseExistingSpdySession() ? base::Bind(&Job::OnHostResolution, session_->spdy_session_pool(), - spdy_session_key, origin_url_) + spdy_session_key, origin_url_, enable_ip_based_pooling_) : OnHostResolutionCallback(); if (delegate_->for_websockets()) { // TODO(ricea): Re-enable NPN when WebSockets over SPDY is supported. @@ -1021,6 +1009,7 @@ int HttpStreamFactoryImpl::Job::DoInitConnectionImpl() { } int HttpStreamFactoryImpl::Job::DoInitConnectionComplete(int result) { + net_log_.EndEvent(NetLogEventType::HTTP_STREAM_JOB_INIT_CONNECTION); if (job_type_ == PRECONNECT) { if (using_quic_) return result; @@ -1034,7 +1023,7 @@ int HttpStreamFactoryImpl::Job::DoInitConnectionComplete(int result) { SpdySessionKey spdy_session_key = GetSpdySessionKey(); existing_spdy_session_ = session_->spdy_session_pool()->FindAvailableSession( - spdy_session_key, origin_url_, net_log_); + spdy_session_key, origin_url_, enable_ip_based_pooling_, net_log_); if (existing_spdy_session_) { using_spdy_ = true; next_state_ = STATE_CREATE_STREAM; @@ -1045,16 +1034,6 @@ int HttpStreamFactoryImpl::Job::DoInitConnectionComplete(int result) { return OK; } - if (proxy_info_.is_quic()) { - DCHECK(using_quic_); - // Mark QUIC proxy as bad if QUIC got disabled. - // Underlying QUIC layer would have closed the connection. - if (session_->quic_stream_factory()->IsQuicDisabled()) { - using_quic_ = false; - return ReconsiderProxyAfterError(ERR_QUIC_PROTOCOL_ERROR); - } - } - // |result| may be the result of any of the stacked pools. The following // logic is used when determining how to interpret an error. // If |result| < 0: @@ -1183,7 +1162,8 @@ int HttpStreamFactoryImpl::Job::SetSpdyHttpStreamOrBidirectionalStreamImpl( if (delegate_->for_websockets()) return ERR_NOT_IMPLEMENTED; if (stream_type_ == HttpStreamRequest::BIDIRECTIONAL_STREAM) { - bidirectional_stream_impl_.reset(new BidirectionalStreamSpdyImpl(session)); + bidirectional_stream_impl_.reset( + new BidirectionalStreamSpdyImpl(session, net_log_.source())); return OK; } @@ -1193,7 +1173,8 @@ int HttpStreamFactoryImpl::Job::SetSpdyHttpStreamOrBidirectionalStreamImpl( bool use_relative_url = direct || request_info_.url.SchemeIs(url::kHttpsScheme); - stream_.reset(new SpdyHttpStream(session, use_relative_url)); + stream_.reset( + new SpdyHttpStream(session, use_relative_url, net_log_.source())); return OK; } @@ -1246,7 +1227,7 @@ int HttpStreamFactoryImpl::Job::DoCreateStream() { if (!existing_spdy_session_) { existing_spdy_session_ = session_->spdy_session_pool()->FindAvailableSession( - spdy_session_key, origin_url_, net_log_); + spdy_session_key, origin_url_, enable_ip_based_pooling_, net_log_); } bool direct = !IsHttpsProxyAndHttpUrl(); if (existing_spdy_session_.get()) { @@ -1261,6 +1242,11 @@ int HttpStreamFactoryImpl::Job::DoCreateStream() { return set_result; } + // Close idle sockets in this group, since subsequent requests will go over + // |spdy_session|. + if (connection_->socket()->IsConnected()) + connection_->CloseIdleSocketsInGroup(); + base::WeakPtr<SpdySession> spdy_session = session_->spdy_session_pool()->CreateAvailableSessionFromSocket( spdy_session_key, std::move(connection_), net_log_, using_ssl_); diff --git a/chromium/net/http/http_stream_factory_impl_job.h b/chromium/net/http/http_stream_factory_impl_job.h index 9201edce42c..f73587a2bf8 100644 --- a/chromium/net/http/http_stream_factory_impl_job.h +++ b/chromium/net/http/http_stream_factory_impl_job.h @@ -119,9 +119,6 @@ class HttpStreamFactoryImpl::Job { const base::WeakPtr<SpdySession>& spdy_session, bool direct) = 0; - // Invoked when the orphaned |job| finishes. - virtual void OnOrphanedJobComplete(const Job* job) = 0; - // Invoked when the |job| finishes pre-connecting sockets. virtual void OnPreconnectsComplete(Job* job) = 0; @@ -148,7 +145,7 @@ class HttpStreamFactoryImpl::Job { // Remove session from the SpdySessionRequestMap. virtual void RemoveRequestFromSpdySessionRequestMapForJob(Job* job) = 0; - virtual const NetLogWithSource* GetNetLog(Job* job) const = 0; + virtual const NetLogWithSource* GetNetLog() const = 0; virtual WebSocketHandshakeStreamBase::CreateHelper* websocket_handshake_stream_create_helper() = 0; @@ -170,6 +167,7 @@ class HttpStreamFactoryImpl::Job { const SSLConfig& proxy_ssl_config, HostPortPair destination, GURL origin_url, + bool enable_ip_based_pooling, NetLog* net_log); // Constructor for the alternative Job. The Job is owned by |delegate|, hence @@ -191,6 +189,7 @@ class HttpStreamFactoryImpl::Job { GURL origin_url, AlternativeService alternative_service, const ProxyServer& alternative_proxy_server, + bool enable_ip_based_pooling, NetLog* net_log); virtual ~Job(); @@ -392,6 +391,7 @@ class HttpStreamFactoryImpl::Job { static int OnHostResolution(SpdySessionPool* spdy_session_pool, const SpdySessionKey& spdy_session_key, const GURL& origin_url, + bool enable_ip_based_pooling, const AddressList& addresses, const NetLogWithSource& net_log); @@ -424,13 +424,17 @@ class HttpStreamFactoryImpl::Job { // request. const ProxyServer alternative_proxy_server_; + // Enable pooling to a SpdySession with matching IP and certificate + // even if the SpdySessionKey is different. + const bool enable_ip_based_pooling_; + // Unowned. |this| job is owned by |delegate_|. Delegate* delegate_; const JobType job_type_; - // True if handling a HTTPS request, or using SPDY with SSL - bool using_ssl_; + // True if handling a HTTPS request. + const bool using_ssl_; // True if this network transaction is using SPDY instead of HTTP. bool using_spdy_; @@ -442,12 +446,6 @@ class HttpStreamFactoryImpl::Job { // True if this job used an existing QUIC session. bool using_existing_quic_session_; - // Force quic for a specific port. - int force_quic_port_; - - scoped_refptr<HttpAuthController> - auth_controllers_[HttpAuth::AUTH_NUM_TARGETS]; - // True when the tunnel is in the process of being established - we can't // read from the socket until the tunnel is done. bool establishing_tunnel_; @@ -502,6 +500,7 @@ class HttpStreamFactoryImpl::JobFactory { HostPortPair destination, GURL origin_url, AlternativeService alternative_service, + bool enable_ip_based_pooling, NetLog* net_log) = 0; // Creates an alternative proxy server Job. @@ -516,6 +515,7 @@ class HttpStreamFactoryImpl::JobFactory { HostPortPair destination, GURL origin_url, const ProxyServer& alternative_proxy_server, + bool enable_ip_based_pooling, NetLog* net_log) = 0; // Creates a non-alternative Job. @@ -529,6 +529,7 @@ class HttpStreamFactoryImpl::JobFactory { const SSLConfig& proxy_ssl_config, HostPortPair destination, GURL origin_url, + bool enable_ip_based_pooling, NetLog* net_log) = 0; }; diff --git a/chromium/net/http/http_stream_factory_impl_job_controller.cc b/chromium/net/http/http_stream_factory_impl_job_controller.cc index aa2a95ca1f3..ec3827716e3 100644 --- a/chromium/net/http/http_stream_factory_impl_job_controller.cc +++ b/chromium/net/http/http_stream_factory_impl_job_controller.cc @@ -13,6 +13,7 @@ #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" #include "base/threading/thread_task_runner_handle.h" +#include "base/trace_event/memory_usage_estimator.h" #include "base/values.h" #include "net/base/host_mapping_rules.h" #include "net/base/proxy_delegate.h" @@ -48,13 +49,17 @@ HttpStreamFactoryImpl::JobController::JobController( HttpNetworkSession* session, JobFactory* job_factory, const HttpRequestInfo& request_info, - bool is_preconnect) + bool is_preconnect, + bool enable_ip_based_pooling, + bool enable_alternative_services) : factory_(factory), session_(session), job_factory_(job_factory), request_(nullptr), delegate_(delegate), is_preconnect_(is_preconnect), + enable_ip_based_pooling_(enable_ip_based_pooling), + enable_alternative_services_(enable_alternative_services), alternative_job_net_error_(OK), job_bound_(false), main_job_is_blocked_(false), @@ -149,7 +154,7 @@ void HttpStreamFactoryImpl::JobController::Preconnect( main_job_.reset(job_factory_->CreateJob( this, PRECONNECT, session_, request_info, IDLE, server_ssl_config, proxy_ssl_config, destination, origin_url, alternative_service, - session_->net_log())); + enable_ip_based_pooling_, session_->net_log())); main_job_->Preconnect(num_streams); } @@ -299,7 +304,6 @@ void HttpStreamFactoryImpl::JobController::OnStreamFailed( if (main_job_ && alternative_job_) { // Hey, we've got other jobs! Maybe one of them will succeed, let's just // ignore this failure. - factory_->request_map_.erase(job); if (job->job_type() == MAIN) { main_job_.reset(); } else { @@ -432,8 +436,7 @@ void HttpStreamFactoryImpl::JobController::OnResolveProxyComplete( alternative_job_.reset(job_factory_->CreateJob( this, ALTERNATIVE, session_, request_info, priority, server_ssl_config, proxy_ssl_config, destination, origin_url, alternative_proxy_server, - job->net_log().net_log())); - AttachJob(alternative_job_.get()); + enable_ip_based_pooling_, job->net_log().net_log())); can_start_alternative_proxy_job_ = false; main_job_is_blocked_ = true; @@ -461,6 +464,7 @@ void HttpStreamFactoryImpl::JobController::OnNewSpdySessionReady( const bool was_alpn_negotiated = job->was_alpn_negotiated(); const NextProto negotiated_protocol = job->negotiated_protocol(); const bool using_spdy = job->using_spdy(); + const NetLogSource source_dependency = job->net_log().source(); // Cache this so we can still use it if the JobController is deleted. HttpStreamFactoryImpl* factory = factory_; @@ -504,7 +508,8 @@ void HttpStreamFactoryImpl::JobController::OnNewSpdySessionReady( if (spdy_session && spdy_session->IsAvailable()) { factory->OnNewSpdySessionReady(spdy_session, direct, used_ssl_config, used_proxy_info, was_alpn_negotiated, - negotiated_protocol, using_spdy); + negotiated_protocol, using_spdy, + source_dependency); } if (is_job_orphaned) { OnOrphanedJobComplete(job); @@ -655,8 +660,8 @@ void HttpStreamFactoryImpl::JobController:: } } -const NetLogWithSource* HttpStreamFactoryImpl::JobController::GetNetLog( - Job* job) const { +const NetLogWithSource* HttpStreamFactoryImpl::JobController::GetNetLog() + const { return &net_log_; } @@ -677,12 +682,8 @@ bool HttpStreamFactoryImpl::JobController::HasPendingAltJob() const { } size_t HttpStreamFactoryImpl::JobController::EstimateMemoryUsage() const { - size_t estimated_size = 0; - if (main_job_) - estimated_size += main_job_->EstimateMemoryUsage(); - if (alternative_job_) - estimated_size += alternative_job_->EstimateMemoryUsage(); - return estimated_size; + return base::trace_event::EstimateMemoryUsage(main_job_) + + base::trace_event::EstimateMemoryUsage(alternative_job_); } WebSocketHandshakeStreamBase::CreateHelper* HttpStreamFactoryImpl:: @@ -705,8 +706,8 @@ void HttpStreamFactoryImpl::JobController::CreateJobs( main_job_.reset(job_factory_->CreateJob( this, MAIN, session_, request_info, priority, server_ssl_config, - proxy_ssl_config, destination, origin_url, net_log_.net_log())); - AttachJob(main_job_.get()); + proxy_ssl_config, destination, origin_url, enable_ip_based_pooling_, + net_log_.net_log())); // Create an alternative job if alternative service is set up for this domain. const AlternativeService alternative_service = @@ -726,8 +727,7 @@ void HttpStreamFactoryImpl::JobController::CreateJobs( alternative_job_.reset(job_factory_->CreateJob( this, ALTERNATIVE, session_, request_info, priority, server_ssl_config, proxy_ssl_config, alternative_destination, origin_url, - alternative_service, net_log_.net_log())); - AttachJob(alternative_job_.get()); + alternative_service, enable_ip_based_pooling_, net_log_.net_log())); main_job_is_blocked_ = true; alternative_job_->Start(request_->stream_type()); @@ -740,11 +740,6 @@ void HttpStreamFactoryImpl::JobController::CreateJobs( main_job_->Start(request_->stream_type()); } -void HttpStreamFactoryImpl::JobController::AttachJob(Job* job) { - DCHECK(job); - factory_->request_map_[job] = request_; -} - void HttpStreamFactoryImpl::JobController::BindJob(Job* job) { DCHECK(request_); DCHECK(job); @@ -754,7 +749,6 @@ void HttpStreamFactoryImpl::JobController::BindJob(Job* job) { job_bound_ = true; bound_job_ = job; - factory_->request_map_.erase(job); request_->net_log().AddEvent( NetLogEventType::HTTP_STREAM_REQUEST_BOUND_TO_JOB, @@ -771,27 +765,22 @@ void HttpStreamFactoryImpl::JobController::CancelJobs() { RemoveRequestFromSpdySessionRequestMap(); if (job_bound_) return; - if (alternative_job_) { - factory_->request_map_.erase(alternative_job_.get()); + if (alternative_job_) alternative_job_.reset(); - } - if (main_job_) { - factory_->request_map_.erase(main_job_.get()); + if (main_job_) main_job_.reset(); - } } void HttpStreamFactoryImpl::JobController::OrphanUnboundJob() { DCHECK(request_); + DCHECK(bound_job_); RemoveRequestFromSpdySessionRequestMap(); - DCHECK(bound_job_); if (bound_job_->job_type() == MAIN && alternative_job_) { - factory_->request_map_.erase(alternative_job_.get()); + DCHECK(!for_websockets()); alternative_job_->Orphan(); } else if (bound_job_->job_type() == ALTERNATIVE && main_job_) { // Orphan main job. - factory_->request_map_.erase(main_job_.get()); // If ResumeMainJob() is not executed, reset |main_job_|. Otherwise, // OnOrphanedJobComplete() will clean up |this| when the job completes. // Use |main_job_is_blocked_| and |!main_job_wait_time_.is_zero()| instead @@ -801,6 +790,7 @@ void HttpStreamFactoryImpl::JobController::OrphanUnboundJob() { DCHECK(alternative_job_); main_job_.reset(); } else { + DCHECK(!for_websockets()); main_job_->Orphan(); } } @@ -894,7 +884,6 @@ void HttpStreamFactoryImpl::JobController::ReportBrokenAlternativeService() { session_->http_server_properties()->MarkAlternativeServiceBroken( failed_alternative_service_); } - session_->quic_stream_factory()->OnTcpJobCompleted(true); } void HttpStreamFactoryImpl::JobController::MaybeNotifyFactoryOfCompletion() { @@ -938,6 +927,9 @@ HttpStreamFactoryImpl::JobController::GetAlternativeServiceFor( const HttpRequestInfo& request_info, HttpStreamRequest::Delegate* delegate, HttpStreamRequest::StreamType stream_type) { + if (!enable_alternative_services_) + return AlternativeService(); + AlternativeService alternative_service = GetAlternativeServiceForInternal(request_info, delegate, stream_type); AlternativeServiceType type; @@ -1041,9 +1033,6 @@ HttpStreamFactoryImpl::JobController::GetAlternativeServiceForInternal( continue; } - if (session_->quic_stream_factory()->IsQuicDisabled()) - continue; - if (!original_url.SchemeIs(url::kHttpsScheme)) continue; @@ -1079,6 +1068,10 @@ bool HttpStreamFactoryImpl::JobController:: const GURL& url, ProxyServer* alternative_proxy_server) const { DCHECK(!alternative_proxy_server->is_valid()); + + if (!enable_alternative_services_) + return false; + if (!can_start_alternative_proxy_job_) { // Either an alternative service job or an alternative proxy server job has // already been started. @@ -1129,11 +1122,9 @@ bool HttpStreamFactoryImpl::JobController:: } if (alternative_proxy_server->is_quic()) { - // Check that QUIC is enabled globally, and it is not disabled. - if (!session_->IsQuicEnabled() || - session_->quic_stream_factory()->IsQuicDisabled()) { + // Check that QUIC is enabled globally. + if (!session_->IsQuicEnabled()) return false; - } } return true; diff --git a/chromium/net/http/http_stream_factory_impl_job_controller.h b/chromium/net/http/http_stream_factory_impl_job_controller.h index c57ecd4769e..9a43bfb6149 100644 --- a/chromium/net/http/http_stream_factory_impl_job_controller.h +++ b/chromium/net/http/http_stream_factory_impl_job_controller.h @@ -24,7 +24,9 @@ class HttpStreamFactoryImpl::JobController HttpNetworkSession* session, JobFactory* job_factory, const HttpRequestInfo& request_info, - bool is_preconnect); + bool is_preconnect, + bool enable_ip_based_pooling, + bool enable_alternative_services); ~JobController() override; @@ -134,9 +136,6 @@ class HttpStreamFactoryImpl::JobController const base::WeakPtr<SpdySession>& spdy_session, bool direct) override; - // Invoked when the orphaned |job| finishes. - void OnOrphanedJobComplete(const Job* job) override; - // Invoked when the |job| finishes pre-connecting sockets. void OnPreconnectsComplete(Job* job) override; @@ -164,7 +163,7 @@ class HttpStreamFactoryImpl::JobController // Remove session from the SpdySessionRequestMap. void RemoveRequestFromSpdySessionRequestMapForJob(Job* job) override; - const NetLogWithSource* GetNetLog(Job* job) const override; + const NetLogWithSource* GetNetLog() const override; void MaybeSetWaitTimeForMainJob(const base::TimeDelta& delay) override; @@ -193,9 +192,6 @@ class HttpStreamFactoryImpl::JobController HttpStreamRequest::Delegate* delegate, HttpStreamRequest::StreamType stream_type); - // Attaches |job| to |request_|. Does not mean that |request_| will use |job|. - void AttachJob(Job* job); - // Called to bind |job| to the |request_| and orphan all other jobs that are // still associated with |request_|. void BindJob(Job* job); @@ -209,6 +205,9 @@ class HttpStreamFactoryImpl::JobController // completion. void OrphanUnboundJob(); + // Invoked when the orphaned |job| finishes. + void OnOrphanedJobComplete(const Job* job); + // Called when a Job succeeds. void OnJobSucceeded(Job* job); @@ -288,6 +287,13 @@ class HttpStreamFactoryImpl::JobController // True if this JobController is used to preconnect streams. const bool is_preconnect_; + // Enable pooling to a SpdySession with matching IP and certificate even if + // the SpdySessionKey is different. + const bool enable_ip_based_pooling_; + + // Enable using alternative services for the request. + const bool enable_alternative_services_; + // |main_job_| is a job waiting to see if |alternative_job_| can reuse a // connection. If |alternative_job_| is unable to do so, |this| will notify // |main_job_| to proceed and then race the two jobs. diff --git a/chromium/net/http/http_stream_factory_impl_job_controller_unittest.cc b/chromium/net/http/http_stream_factory_impl_job_controller_unittest.cc index 4fc8545c681..1c000414738 100644 --- a/chromium/net/http/http_stream_factory_impl_job_controller_unittest.cc +++ b/chromium/net/http/http_stream_factory_impl_job_controller_unittest.cc @@ -23,7 +23,7 @@ #include "net/proxy/proxy_config_service_fixed.h" #include "net/proxy/proxy_info.h" #include "net/proxy/proxy_service.h" -#include "net/quic/test_tools/quic_stream_factory_peer.h" +#include "net/quic/chromium/quic_stream_factory_peer.h" #include "net/socket/socket_test_util.h" #include "net/spdy/spdy_test_util_common.h" #include "testing/gmock/include/gmock/gmock.h" @@ -72,6 +72,8 @@ class FailingHostResolver : public MockHostResolverBase { } }; +// TODO(xunjieli): This should just use HangingHostResolver from +// mock_host_resolver.h class HangingResolver : public MockHostResolverBase { public: HangingResolver() : MockHostResolverBase(false /*use_caching*/) {} @@ -124,13 +126,37 @@ class JobControllerPeer { class HttpStreamFactoryImplJobControllerTest : public ::testing::Test { public: HttpStreamFactoryImplJobControllerTest() - : session_deps_(ProxyService::CreateDirect()) { + : session_deps_(ProxyService::CreateDirect()), + use_alternative_proxy_(false), + is_preconnect_(false), + enable_ip_based_pooling_(true), + enable_alternative_services_(true), + test_proxy_delegate_(nullptr) { session_deps_.enable_quic = true; } - void Initialize(const HttpRequestInfo& request_info, - bool use_alternative_proxy, - bool is_preconnect) { + void UseAlternativeProxy() { + ASSERT_FALSE(test_proxy_delegate_); + use_alternative_proxy_ = true; + } + + void SetPreconnect() { + ASSERT_FALSE(test_proxy_delegate_); + is_preconnect_ = true; + } + + void DisableIPBasedPooling() { + ASSERT_FALSE(test_proxy_delegate_); + enable_ip_based_pooling_ = false; + } + + void DisableAlternativeServices() { + ASSERT_FALSE(test_proxy_delegate_); + enable_alternative_services_ = false; + } + + void Initialize(const HttpRequestInfo& request_info) { + ASSERT_FALSE(test_proxy_delegate_); std::unique_ptr<TestProxyDelegate> test_proxy_delegate( new TestProxyDelegate()); test_proxy_delegate_ = test_proxy_delegate.get(); @@ -140,7 +166,7 @@ class HttpStreamFactoryImplJobControllerTest : public ::testing::Test { EXPECT_TRUE(test_proxy_delegate->alternative_proxy_server().is_quic()); session_deps_.proxy_delegate = std::move(test_proxy_delegate); - if (use_alternative_proxy) { + if (use_alternative_proxy_) { std::unique_ptr<ProxyService> proxy_service = ProxyService::CreateFixedFromPacResult("HTTPS myproxy.org:443"); session_deps_.proxy_service = std::move(proxy_service); @@ -150,7 +176,8 @@ class HttpStreamFactoryImplJobControllerTest : public ::testing::Test { static_cast<HttpStreamFactoryImpl*>(session_->http_stream_factory()); job_controller_ = new HttpStreamFactoryImpl::JobController( factory_, &request_delegate_, session_.get(), &job_factory_, - request_info, is_preconnect); + request_info, is_preconnect_, enable_ip_based_pooling_, + enable_alternative_services_); HttpStreamFactoryImplPeer::AddJobController(factory_, job_controller_); } @@ -180,8 +207,6 @@ class HttpStreamFactoryImplJobControllerTest : public ::testing::Test { alternative_service_vector[0])); } - // Not owned by |this|. - TestProxyDelegate* test_proxy_delegate_; TestJobFactory job_factory_; MockHttpStreamRequestDelegate request_delegate_; SpdySessionDependencies session_deps_; @@ -190,6 +215,15 @@ class HttpStreamFactoryImplJobControllerTest : public ::testing::Test { HttpStreamFactoryImpl::JobController* job_controller_; std::unique_ptr<HttpStreamFactoryImpl::Request> request_; + private: + bool use_alternative_proxy_; + bool is_preconnect_; + bool enable_ip_based_pooling_; + bool enable_alternative_services_; + + // Not owned by |this|. + TestProxyDelegate* test_proxy_delegate_; + DISALLOW_COPY_AND_ASSIGN(HttpStreamFactoryImplJobControllerTest); }; @@ -208,7 +242,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, request_info.method = "GET"; request_info.url = GURL("http://www.google.com"); - Initialize(request_info, false, false); + Initialize(request_info); request_.reset( job_controller_->Start(request_info, &request_delegate_, nullptr, @@ -238,7 +272,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, request_info.method = "GET"; request_info.url = GURL("http://www.google.com"); - Initialize(request_info, false, false); + Initialize(request_info); request_.reset( job_controller_->Start(request_info, &request_delegate_, nullptr, @@ -272,7 +306,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, CancelJobsBeforeBinding) { request_info.method = "GET"; request_info.url = GURL("https://www.google.com"); - Initialize(request_info, false, false); + Initialize(request_info); url::SchemeHostPort server(request_info.url); AlternativeService alternative_service(kProtoQUIC, server.host(), 443); SetAlternativeService(request_info, alternative_service); @@ -306,7 +340,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, OnStreamFailedForBothJobs) { request_info.method = "GET"; request_info.url = GURL("https://www.google.com"); - Initialize(request_info, false, false); + Initialize(request_info); url::SchemeHostPort server(request_info.url); AlternativeService alternative_service(kProtoQUIC, server.host(), 443); SetAlternativeService(request_info, alternative_service); @@ -350,7 +384,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, request_info.method = "GET"; request_info.url = GURL("https://www.google.com"); - Initialize(request_info, false, false); + Initialize(request_info); url::SchemeHostPort server(request_info.url); AlternativeService alternative_service(kProtoQUIC, server.host(), 443); SetAlternativeService(request_info, alternative_service); @@ -401,7 +435,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, request_info.method = "GET"; request_info.url = GURL("https://www.google.com"); - Initialize(request_info, false, false); + Initialize(request_info); url::SchemeHostPort server(request_info.url); AlternativeService alternative_service(kProtoQUIC, server.host(), 443); @@ -448,7 +482,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, request_info.method = "GET"; request_info.url = GURL("https://www.google.com"); - Initialize(request_info, false, false); + Initialize(request_info); url::SchemeHostPort server(request_info.url); AlternativeService alternative_service(kProtoQUIC, server.host(), 443); @@ -515,7 +549,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, request_info.method = "GET"; request_info.url = GURL("https://www.google.com"); - Initialize(request_info, false, false); + Initialize(request_info); url::SchemeHostPort server(request_info.url); AlternativeService alternative_service(kProtoQUIC, server.host(), 443); @@ -560,7 +594,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, request_info.method = "GET"; request_info.url = GURL("https://www.google.com"); - Initialize(request_info, false, false); + Initialize(request_info); url::SchemeHostPort server(request_info.url); AlternativeService alternative_service(kProtoQUIC, server.host(), 443); @@ -612,7 +646,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, HttpRequestInfo request_info; request_info.method = "GET"; request_info.url = GURL("https://www.google.com"); - Initialize(request_info, false, false); + Initialize(request_info); url::SchemeHostPort server(request_info.url); AlternativeService alternative_service(kProtoQUIC, server.host(), 443); @@ -662,7 +696,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, GetLoadStateAfterMainJobFailed) { request_info.method = "GET"; request_info.url = GURL("https://www.google.com"); - Initialize(request_info, false, false); + Initialize(request_info); url::SchemeHostPort server(request_info.url); AlternativeService alternative_service(kProtoQUIC, server.host(), 443); SetAlternativeService(request_info, alternative_service); @@ -709,7 +743,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, DoNotResumeMainJobBeforeWait) { request_info.method = "GET"; request_info.url = GURL("https://www.google.com"); - Initialize(request_info, false, false); + Initialize(request_info); url::SchemeHostPort server(request_info.url); AlternativeService alternative_service(kProtoQUIC, server.host(), 443); SetAlternativeService(request_info, alternative_service); @@ -733,7 +767,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, InvalidPortForQuic) { // Using a restricted port 101 for QUIC should fail and the alternative job // should post OnStreamFailedCall on the controller to resume the main job. - Initialize(request_info, false, false); + Initialize(request_info); url::SchemeHostPort server(request_info.url); AlternativeService alternative_service(kProtoQUIC, server.host(), 101); @@ -774,7 +808,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, request_info.method = "GET"; request_info.url = GURL("https://www.google.com"); - Initialize(request_info, false, false); + Initialize(request_info); // Set a SPDY alternative service for the server. url::SchemeHostPort server(request_info.url); @@ -837,7 +871,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, request_info.method = "GET"; request_info.url = GURL("https://www.google.com"); - Initialize(request_info, false, false); + Initialize(request_info); url::SchemeHostPort server(request_info.url); AlternativeService alternative_service(kProtoQUIC, server.host(), 443); SetAlternativeService(request_info, alternative_service); @@ -882,14 +916,16 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, TEST_F(HttpStreamFactoryImplJobControllerTest, DelayedTCP) { base::ScopedMockTimeMessageLoopTaskRunner test_task_runner; - HangingResolver* resolver = new HangingResolver(); - session_deps_.host_resolver.reset(resolver); + auto failing_resolver = base::MakeUnique<MockHostResolver>(); + failing_resolver->set_ondemand_mode(true); + failing_resolver->rules()->AddSimulatedFailure("*google.com"); + session_deps_.host_resolver = std::move(failing_resolver); HttpRequestInfo request_info; request_info.method = "GET"; request_info.url = GURL("https://www.google.com"); - Initialize(request_info, false, false); + Initialize(request_info); // Enable delayed TCP and set time delay for waiting job. QuicStreamFactory* quic_stream_factory = session_->quic_stream_factory(); @@ -931,10 +967,12 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, DelayedTCP) { // OnStreamFailed will post a task to resume the main job immediately but // won't call Resume() on the main job since it's been resumed already. EXPECT_CALL(*job_factory_.main_job(), Resume()).Times(0); - job_controller_->OnStreamFailed(job_factory_.alternative_job(), - ERR_NETWORK_CHANGED, SSLConfig()); + // Now unblock Resolver so that alternate job (and QuicStreamFactory::Job) can + // be cleaned up. + session_deps_.host_resolver->ResolveAllPending(); EXPECT_EQ(1u, test_task_runner->GetPendingTaskCount()); test_task_runner->FastForwardUntilNoTasksRemain(); + EXPECT_FALSE(job_controller_->alternative_job()); } // Test that main job is blocked for kMaxDelayTimeForMainJob(3s) if @@ -947,14 +985,16 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, DelayedTCPWithLargeSrtt) { base::ScopedMockTimeMessageLoopTaskRunner test_task_runner; // The max delay time should be in sync with .cc file. base::TimeDelta kMaxDelayTimeForMainJob = base::TimeDelta::FromSeconds(3); - HangingResolver* resolver = new HangingResolver(); - session_deps_.host_resolver.reset(resolver); + auto failing_resolver = base::MakeUnique<MockHostResolver>(); + failing_resolver->set_ondemand_mode(true); + failing_resolver->rules()->AddSimulatedFailure("*google.com"); + session_deps_.host_resolver = std::move(failing_resolver); HttpRequestInfo request_info; request_info.method = "GET"; request_info.url = GURL("https://www.google.com"); - Initialize(request_info, false, false); + Initialize(request_info); // Enable delayed TCP and set a extremely large time delay for waiting job. QuicStreamFactory* quic_stream_factory = session_->quic_stream_factory(); @@ -988,6 +1028,13 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, DelayedTCPWithLargeSrtt) { // main job is resumed. test_task_runner->FastForwardBy(kMaxDelayTimeForMainJob); EXPECT_FALSE(test_task_runner->HasPendingTask()); + + // Now unblock Resolver so that alternate job (and QuicStreamFactory::Job) can + // be cleaned up. + session_deps_.host_resolver->ResolveAllPending(); + EXPECT_EQ(1u, test_task_runner->GetPendingTaskCount()); + test_task_runner->FastForwardUntilNoTasksRemain(); + EXPECT_FALSE(job_controller_->alternative_job()); } TEST_F(HttpStreamFactoryImplJobControllerTest, @@ -996,14 +1043,16 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, // could verify the main job is resumed with appropriate delay. base::ScopedMockTimeMessageLoopTaskRunner test_task_runner; - HangingResolver* resolver = new HangingResolver(); - session_deps_.host_resolver.reset(resolver); + auto failing_resolver = base::MakeUnique<MockHostResolver>(); + failing_resolver->set_ondemand_mode(true); + failing_resolver->rules()->AddSimulatedFailure("*google.com"); + session_deps_.host_resolver = std::move(failing_resolver); HttpRequestInfo request_info; request_info.method = "GET"; request_info.url = GURL("https://www.google.com"); - Initialize(request_info, false, false); + Initialize(request_info); // Enable delayed TCP and set time delay for waiting job. QuicStreamFactory* quic_stream_factory = session_->quic_stream_factory(); @@ -1035,8 +1084,8 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, // |alternative_job| fails but should not report status to Request. EXPECT_CALL(request_delegate_, OnStreamFailed(_, _)).Times(0); - job_controller_->OnStreamFailed(job_factory_.alternative_job(), - ERR_NETWORK_CHANGED, SSLConfig()); + // Now unblock Resolver to fail the alternate job. + session_deps_.host_resolver->ResolveAllPending(); EXPECT_EQ(2u, test_task_runner->GetPendingTaskCount()); // Verify the main job will be resumed immediately. @@ -1052,6 +1101,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, EXPECT_CALL(*job_factory_.main_job(), Resume()).Times(0); test_task_runner->FastForwardBy(base::TimeDelta::FromMicroseconds(15)); EXPECT_FALSE(test_task_runner->HasPendingTask()); + EXPECT_FALSE(job_controller_->alternative_job()); } // Verifies that the alternative proxy server job is not created if the URL @@ -1064,7 +1114,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, HttpsURL) { HttpRequestInfo request_info; request_info.method = "GET"; request_info.url = GURL("https://mail.example.org/"); - Initialize(request_info, false, false); + Initialize(request_info); EXPECT_TRUE(test_proxy_delegate()->alternative_proxy_server().is_quic()); request_.reset( @@ -1091,7 +1141,7 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, HttpURLWithNoProxy) { request_info.method = "GET"; request_info.url = GURL("http://mail.example.org/"); - Initialize(request_info, false, false); + Initialize(request_info); EXPECT_TRUE(test_proxy_delegate()->alternative_proxy_server().is_quic()); request_.reset( @@ -1115,14 +1165,17 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, DelayedTCPAlternativeProxy) { // could verify the main job is resumed with appropriate delay. base::ScopedMockTimeMessageLoopTaskRunner test_task_runner; - // Using hanging resolver will cause the alternative job to hang indefinitely. - HangingResolver* resolver = new HangingResolver(); - session_deps_.host_resolver.reset(resolver); + auto failing_resolver = base::MakeUnique<MockHostResolver>(); + failing_resolver->set_ondemand_mode(true); + failing_resolver->rules()->AddSimulatedFailure("*myproxy.org"); + session_deps_.host_resolver = std::move(failing_resolver); + + UseAlternativeProxy(); HttpRequestInfo request_info; request_info.method = "GET"; request_info.url = GURL("http://mail.example.org/"); - Initialize(request_info, true, false); + Initialize(request_info); EXPECT_TRUE(test_proxy_delegate()->alternative_proxy_server().is_quic()); @@ -1164,6 +1217,13 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, DelayedTCPAlternativeProxy) { EXPECT_TRUE(test_proxy_delegate()->alternative_proxy_server().is_valid()); EXPECT_EQ(1, test_proxy_delegate()->get_alternative_proxy_invocations()); EXPECT_FALSE(test_task_runner->HasPendingTask()); + + // Now unblock Resolver so that alternate job (and QuicStreamFactory::Job) can + // be cleaned up. + session_deps_.host_resolver->ResolveAllPending(); + EXPECT_EQ(1u, test_task_runner->GetPendingTaskCount()); + test_task_runner->FastForwardUntilNoTasksRemain(); + EXPECT_FALSE(job_controller_->alternative_job()); } // Verifies that the alternative proxy server job fails immediately, and the @@ -1174,10 +1234,12 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, FailAlternativeProxy) { FailingHostResolver* resolver = new FailingHostResolver(); session_deps_.host_resolver.reset(resolver); + UseAlternativeProxy(); + HttpRequestInfo request_info; request_info.method = "GET"; request_info.url = GURL("http://mail.example.org/"); - Initialize(request_info, true, false); + Initialize(request_info); EXPECT_TRUE(test_proxy_delegate()->alternative_proxy_server().is_quic()); // Enable delayed TCP and set time delay for waiting job. @@ -1220,10 +1282,13 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, FailAlternativeProxy) { TEST_F(HttpStreamFactoryImplJobControllerTest, AlternativeProxyServerJobFailsAfterMainJobSucceeds) { base::HistogramTester histogram_tester; + + UseAlternativeProxy(); + HttpRequestInfo request_info; request_info.method = "GET"; request_info.url = GURL("http://www.google.com"); - Initialize(request_info, true, false); + Initialize(request_info); url::SchemeHostPort server(request_info.url); @@ -1267,10 +1332,12 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, SequencedSocketData data(reads, arraysize(reads), nullptr, 0); session_deps_.socket_factory->AddSocketDataProvider(&data); + SetPreconnect(); + HttpRequestInfo request_info; request_info.method = "GET"; request_info.url = GURL("http://www.example.com"); - Initialize(request_info, false, /*is_preconnect=*/true); + Initialize(request_info); url::SchemeHostPort server(request_info.url); @@ -1290,6 +1357,64 @@ TEST_F(HttpStreamFactoryImplJobControllerTest, EXPECT_TRUE(HttpStreamFactoryImplPeer::IsJobControllerDeleted(factory_)); } +class HttpStreamFactoryImplJobControllerMisdirectedRequestRetry + : public HttpStreamFactoryImplJobControllerTest, + public ::testing::WithParamInterface<::testing::tuple<bool, bool>> {}; + +INSTANTIATE_TEST_CASE_P( + /* no prefix */, + HttpStreamFactoryImplJobControllerMisdirectedRequestRetry, + ::testing::Combine(::testing::Bool(), ::testing::Bool())); + +TEST_P(HttpStreamFactoryImplJobControllerMisdirectedRequestRetry, + DisableIPBasedPoolingAndAlternativeServices) { + const bool enable_ip_based_pooling = ::testing::get<0>(GetParam()); + const bool enable_alternative_services = ::testing::get<1>(GetParam()); + + ProxyConfig proxy_config; + proxy_config.set_auto_detect(true); + // Use asynchronous proxy resolver. + MockAsyncProxyResolverFactory* proxy_resolver_factory = + new MockAsyncProxyResolverFactory(false); + session_deps_.proxy_service.reset( + new ProxyService(base::MakeUnique<ProxyConfigServiceFixed>(proxy_config), + base::WrapUnique(proxy_resolver_factory), nullptr)); + HttpRequestInfo request_info; + request_info.method = "GET"; + request_info.url = GURL("https://www.google.com"); + + if (!enable_ip_based_pooling) + DisableIPBasedPooling(); + if (!enable_alternative_services) + DisableAlternativeServices(); + + Initialize(request_info); + + url::SchemeHostPort server(request_info.url); + AlternativeService alternative_service(kProtoQUIC, server.host(), 443); + SetAlternativeService(request_info, alternative_service); + + request_.reset( + job_controller_->Start(request_info, &request_delegate_, nullptr, + NetLogWithSource(), HttpStreamRequest::HTTP_STREAM, + DEFAULT_PRIORITY, SSLConfig(), SSLConfig())); + EXPECT_TRUE(job_controller_->main_job()); + if (enable_alternative_services) { + EXPECT_TRUE(job_controller_->alternative_job()); + } else { + EXPECT_FALSE(job_controller_->alternative_job()); + } + + // |main_job| succeeds and should report status to Request. + HttpStream* http_stream = + new HttpBasicStream(base::MakeUnique<ClientSocketHandle>(), false, false); + job_factory_.main_job()->SetStream(http_stream); + + EXPECT_CALL(request_delegate_, OnStreamReady(_, _, http_stream)) + .WillOnce(Invoke(DeleteHttpStreamPointer)); + job_controller_->OnStreamReady(job_factory_.main_job(), SSLConfig()); +} + class HttpStreamFactoryImplJobControllerPreconnectTest : public HttpStreamFactoryImplJobControllerTest, public ::testing::WithParamInterface<bool> { @@ -1311,7 +1436,9 @@ class HttpStreamFactoryImplJobControllerPreconnectTest request_info_.url = GURL("https://www.example.com"); job_controller_ = new HttpStreamFactoryImpl::JobController( factory_, &request_delegate_, session_.get(), &job_factory_, - request_info_, true); + request_info_, /* is_preconnect = */ true, + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true); HttpStreamFactoryImplPeer::AddJobController(factory_, job_controller_); } diff --git a/chromium/net/http/http_stream_factory_impl_request_unittest.cc b/chromium/net/http/http_stream_factory_impl_request_unittest.cc index 660fb2ddcd1..b2bff0eafc1 100644 --- a/chromium/net/http/http_stream_factory_impl_request_unittest.cc +++ b/chromium/net/http/http_stream_factory_impl_request_unittest.cc @@ -35,7 +35,9 @@ TEST_F(HttpStreamFactoryImplRequestTest, SetPriority) { HttpRequestInfo request_info; auto job_controller = base::MakeUnique<HttpStreamFactoryImpl::JobController>( factory, &request_delegate, session.get(), &job_factory, request_info, - /*is_preconnect=*/false); + /* is_preconnect = */ false, + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true); HttpStreamFactoryImpl::JobController* job_controller_raw_ptr = job_controller.get(); factory->job_controller_set_.insert(std::move(job_controller)); diff --git a/chromium/net/http/http_stream_factory_impl_unittest.cc b/chromium/net/http/http_stream_factory_impl_unittest.cc index 4af0225298c..833c4292e13 100644 --- a/chromium/net/http/http_stream_factory_impl_unittest.cc +++ b/chromium/net/http/http_stream_factory_impl_unittest.cc @@ -41,11 +41,11 @@ #include "net/proxy/proxy_service.h" #include "net/quic/chromium/mock_crypto_client_stream_factory.h" #include "net/quic/chromium/quic_http_utils.h" +#include "net/quic/chromium/quic_stream_factory_peer.h" #include "net/quic/chromium/quic_test_packet_maker.h" #include "net/quic/core/quic_server_id.h" #include "net/quic/test_tools/crypto_test_utils.h" #include "net/quic/test_tools/mock_random.h" -#include "net/quic/test_tools/quic_stream_factory_peer.h" #include "net/quic/test_tools/quic_test_utils.h" #include "net/socket/client_socket_handle.h" #include "net/socket/mock_client_socket_pool_manager.h" @@ -127,6 +127,10 @@ class MockWebSocketHandshakeStream : public WebSocketHandshakeStreamBase { bool GetLoadTimingInfo(LoadTimingInfo* load_timing_info) const override { return false; } + bool GetAlternativeService( + AlternativeService* alternative_service) const override { + return false; + } void GetSSLInfo(SSLInfo* ssl_info) override {} void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info) override {} bool GetRemoteEndpoint(IPEndPoint* endpoint) override { return false; } @@ -189,7 +193,7 @@ class StreamRequestWaiter : public HttpStreamRequest::Delegate { HttpStream* stream) override { stream_done_ = true; if (waiting_for_stream_) - base::MessageLoop::current()->QuitWhenIdle(); + loop_.Quit(); stream_.reset(stream); used_ssl_config_ = used_ssl_config; used_proxy_info_ = used_proxy_info; @@ -201,7 +205,7 @@ class StreamRequestWaiter : public HttpStreamRequest::Delegate { WebSocketHandshakeStreamBase* stream) override { stream_done_ = true; if (waiting_for_stream_) - base::MessageLoop::current()->QuitWhenIdle(); + loop_.Quit(); websocket_stream_.reset(stream); used_ssl_config_ = used_ssl_config; used_proxy_info_ = used_proxy_info; @@ -213,7 +217,7 @@ class StreamRequestWaiter : public HttpStreamRequest::Delegate { BidirectionalStreamImpl* stream) override { stream_done_ = true; if (waiting_for_stream_) - base::MessageLoop::current()->QuitWhenIdle(); + loop_.Quit(); bidirectional_stream_impl_.reset(stream); used_ssl_config_ = used_ssl_config; used_proxy_info_ = used_proxy_info; @@ -222,7 +226,7 @@ class StreamRequestWaiter : public HttpStreamRequest::Delegate { void OnStreamFailed(int status, const SSLConfig& used_ssl_config) override { stream_done_ = true; if (waiting_for_stream_) - base::MessageLoop::current()->QuitWhenIdle(); + loop_.Quit(); used_ssl_config_ = used_ssl_config; error_status_ = status; } @@ -249,7 +253,7 @@ class StreamRequestWaiter : public HttpStreamRequest::Delegate { void WaitForStream() { while (!stream_done_) { waiting_for_stream_ = true; - base::RunLoop().Run(); + loop_.Run(); waiting_for_stream_ = false; } } @@ -280,6 +284,7 @@ class StreamRequestWaiter : public HttpStreamRequest::Delegate { private: bool waiting_for_stream_; bool stream_done_; + base::RunLoop loop_; std::unique_ptr<HttpStream> stream_; std::unique_ptr<WebSocketHandshakeStreamBase> websocket_stream_; std::unique_ptr<BidirectionalStreamImpl> bidirectional_stream_impl_; @@ -692,7 +697,8 @@ TEST_F(HttpStreamFactoryTest, JobNotifiesProxy) { std::unique_ptr<HttpStreamRequest> request( session->http_stream_factory()->RequestStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); // The proxy that failed should now be known to the proxy_service as bad. @@ -776,7 +782,8 @@ TEST_F(HttpStreamFactoryTest, QuicProxyMarkedAsBad) { std::unique_ptr<HttpStreamRequest> request( session->http_stream_factory()->RequestStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); // The proxy that failed should now be known to the proxy_service as bad. @@ -979,7 +986,8 @@ TEST_F(HttpStreamFactoryTest, WithQUICAlternativeProxyMarkedAsBad) { std::unique_ptr<HttpStreamRequest> request( session->http_stream_factory()->RequestStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); // The proxy that failed should now be known to the proxy_service as @@ -1082,7 +1090,8 @@ TEST_F(HttpStreamFactoryTest, WithQUICAlternativeProxyNotMarkedAsBad) { std::unique_ptr<HttpStreamRequest> request( session->http_stream_factory()->RequestStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); // The proxy that failed should now be known to the proxy_service as @@ -1426,7 +1435,8 @@ TEST_F(HttpStreamFactoryTest, PrivacyModeDisablesChannelId) { std::unique_ptr<HttpStreamRequest> request( session->http_stream_factory()->RequestStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); // The stream shouldn't come from spdy as we are using different privacy mode @@ -1502,7 +1512,8 @@ TEST_F(HttpStreamFactoryTest, PrivacyModeUsesDifferentSocketPoolGroup) { std::unique_ptr<HttpStreamRequest> request1( session->http_stream_factory()->RequestStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); EXPECT_EQ(GetSocketPoolGroupCount(ssl_pool), 1); @@ -1510,7 +1521,8 @@ TEST_F(HttpStreamFactoryTest, PrivacyModeUsesDifferentSocketPoolGroup) { std::unique_ptr<HttpStreamRequest> request2( session->http_stream_factory()->RequestStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); EXPECT_EQ(GetSocketPoolGroupCount(ssl_pool), 1); @@ -1519,7 +1531,8 @@ TEST_F(HttpStreamFactoryTest, PrivacyModeUsesDifferentSocketPoolGroup) { std::unique_ptr<HttpStreamRequest> request3( session->http_stream_factory()->RequestStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); EXPECT_EQ(GetSocketPoolGroupCount(ssl_pool), 2); @@ -1548,7 +1561,8 @@ TEST_F(HttpStreamFactoryTest, GetLoadState) { std::unique_ptr<HttpStreamRequest> request( session->http_stream_factory()->RequestStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); EXPECT_EQ(LOAD_STATE_RESOLVING_HOST, request->GetLoadState()); @@ -1577,7 +1591,8 @@ TEST_F(HttpStreamFactoryTest, RequestHttpStream) { std::unique_ptr<HttpStreamRequest> request( session->http_stream_factory()->RequestStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); EXPECT_TRUE(waiter.stream_done()); ASSERT_TRUE(nullptr != waiter.stream()); @@ -1626,7 +1641,8 @@ TEST_F(HttpStreamFactoryTest, ReprioritizeAfterStreamReceived) { std::unique_ptr<HttpStreamRequest> request( session->http_stream_factory()->RequestStream( request_info, LOWEST, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); EXPECT_FALSE(waiter.stream_done()); // Confirm a stream has been created by asserting that a new session @@ -1669,7 +1685,8 @@ TEST_F(HttpStreamFactoryTest, RequestHttpStreamOverSSL) { std::unique_ptr<HttpStreamRequest> request( session->http_stream_factory()->RequestStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); EXPECT_TRUE(waiter.stream_done()); ASSERT_TRUE(nullptr != waiter.stream()); @@ -1711,7 +1728,8 @@ TEST_F(HttpStreamFactoryTest, RequestHttpStreamOverProxy) { std::unique_ptr<HttpStreamRequest> request( session->http_stream_factory()->RequestStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); EXPECT_TRUE(waiter.stream_done()); ASSERT_TRUE(nullptr != waiter.stream()); @@ -1793,7 +1811,8 @@ TEST_F(HttpStreamFactoryTest, RequestHttpStreamOverProxyWithPreconnects) { std::unique_ptr<HttpStreamRequest> request( session->http_stream_factory()->RequestStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); EXPECT_TRUE(waiter.stream_done()); ASSERT_TRUE(nullptr != waiter.stream()); @@ -1842,7 +1861,9 @@ TEST_F(HttpStreamFactoryTest, RequestWebSocketBasicHandshakeStream) { session->http_stream_factory_for_websocket() ->RequestWebSocketHandshakeStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - &create_helper, NetLogWithSource())); + &create_helper, + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); EXPECT_TRUE(waiter.stream_done()); EXPECT_TRUE(nullptr == waiter.stream()); @@ -1885,7 +1906,9 @@ TEST_F(HttpStreamFactoryTest, RequestWebSocketBasicHandshakeStreamOverSSL) { session->http_stream_factory_for_websocket() ->RequestWebSocketHandshakeStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - &create_helper, NetLogWithSource())); + &create_helper, + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); EXPECT_TRUE(waiter.stream_done()); EXPECT_TRUE(nullptr == waiter.stream()); @@ -1926,7 +1949,9 @@ TEST_F(HttpStreamFactoryTest, RequestWebSocketBasicHandshakeStreamOverProxy) { session->http_stream_factory_for_websocket() ->RequestWebSocketHandshakeStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - &create_helper, NetLogWithSource())); + &create_helper, + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); EXPECT_TRUE(waiter.stream_done()); EXPECT_TRUE(nullptr == waiter.stream()); @@ -1980,7 +2005,8 @@ TEST_F(HttpStreamFactoryTest, RequestSpdyHttpStreamHttpsURL) { std::unique_ptr<HttpStreamRequest> request( session->http_stream_factory()->RequestStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); EXPECT_TRUE(waiter.stream_done()); EXPECT_TRUE(nullptr == waiter.websocket_stream()); @@ -2034,7 +2060,8 @@ TEST_F(HttpStreamFactoryTest, RequestSpdyHttpStreamHttpURL) { std::unique_ptr<HttpStreamRequest> request( session->http_stream_factory()->RequestStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); EXPECT_TRUE(waiter.stream_done()); EXPECT_TRUE(nullptr == waiter.websocket_stream()); @@ -2053,6 +2080,94 @@ TEST_F(HttpStreamFactoryTest, RequestSpdyHttpStreamHttpURL) { EXPECT_TRUE(http_server_properties->GetSupportsSpdy(scheme_host_port)); } +// Tests that when a new SpdySession is established, duplicated idle H2 sockets +// to the same server are closed. +TEST_F(HttpStreamFactoryTest, NewSpdySessionCloseIdleH2Sockets) { + SpdySessionDependencies session_deps(ProxyService::CreateDirect()); + + const int kNumIdleSockets = 4; + MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING)}; + std::vector<std::unique_ptr<SequencedSocketData>> providers; + SSLSocketDataProvider ssl_socket_data(ASYNC, OK); + ssl_socket_data.next_proto = kProtoHTTP2; + for (int i = 0; i < kNumIdleSockets; i++) { + auto provider = base::MakeUnique<SequencedSocketData>( + reads, arraysize(reads), nullptr, 0); + provider->set_connect_data(MockConnect(ASYNC, OK)); + session_deps.socket_factory->AddSocketDataProvider(provider.get()); + providers.push_back(std::move(provider)); + session_deps.socket_factory->AddSSLSocketDataProvider(&ssl_socket_data); + } + + std::unique_ptr<HttpNetworkSession> session( + SpdySessionDependencies::SpdyCreateSession(&session_deps)); + + HostPortPair host_port_pair("www.google.com", 443); + + // Create some HTTP/2 sockets. + std::vector<std::unique_ptr<ClientSocketHandle>> handles; + for (size_t i = 0; i < kNumIdleSockets; i++) { + scoped_refptr<TransportSocketParams> transport_params( + new TransportSocketParams( + host_port_pair, false, OnHostResolutionCallback(), + TransportSocketParams::COMBINE_CONNECT_AND_WRITE_DEFAULT)); + + auto connection = base::MakeUnique<ClientSocketHandle>(); + TestCompletionCallback callback; + + SSLConfig ssl_config; + scoped_refptr<SSLSocketParams> ssl_params( + new SSLSocketParams(transport_params, nullptr, nullptr, host_port_pair, + ssl_config, PRIVACY_MODE_DISABLED, 0, false)); + std::string group_name = "ssl/" + host_port_pair.ToString(); + int rv = connection->Init( + group_name, ssl_params, MEDIUM, + ClientSocketPool::RespectLimits::ENABLED, callback.callback(), + session->GetSSLSocketPool(HttpNetworkSession::NORMAL_SOCKET_POOL), + NetLogWithSource()); + rv = callback.GetResult(rv); + handles.push_back(std::move(connection)); + } + + // Releases handles now, and these sockets should go into the socket pool. + handles.clear(); + EXPECT_EQ(kNumIdleSockets, + session->GetSSLSocketPool(HttpNetworkSession::NORMAL_SOCKET_POOL) + ->IdleSocketCount()); + + // Request two streams at once and make sure they use the same connection. + HttpRequestInfo request_info; + request_info.method = "GET"; + request_info.url = GURL("https://www.google.com"); + request_info.load_flags = 0; + + SSLConfig ssl_config; + StreamRequestWaiter waiter1; + StreamRequestWaiter waiter2; + std::unique_ptr<HttpStreamRequest> request1( + session->http_stream_factory()->RequestStream( + request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter1, + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); + std::unique_ptr<HttpStreamRequest> request2( + session->http_stream_factory()->RequestStream( + request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter2, + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); + waiter1.WaitForStream(); + waiter2.WaitForStream(); + EXPECT_TRUE(waiter1.stream_done()); + EXPECT_TRUE(waiter2.stream_done()); + ASSERT_NE(nullptr, waiter1.stream()); + ASSERT_NE(nullptr, waiter2.stream()); + ASSERT_NE(waiter1.stream(), waiter2.stream()); + + // Establishing the SpdySession will close idle H2 sockets. + EXPECT_EQ(0, session->GetSSLSocketPool(HttpNetworkSession::NORMAL_SOCKET_POOL) + ->IdleSocketCount()); + EXPECT_EQ(1, GetSpdySessionCount(session.get())); +} + TEST_F(HttpStreamFactoryTest, RequestBidirectionalStreamImpl) { SpdySessionDependencies session_deps(ProxyService::CreateDirect()); @@ -2080,7 +2195,8 @@ TEST_F(HttpStreamFactoryTest, RequestBidirectionalStreamImpl) { std::unique_ptr<HttpStreamRequest> request( session->http_stream_factory()->RequestBidirectionalStreamImpl( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); EXPECT_TRUE(waiter.stream_done()); EXPECT_FALSE(waiter.websocket_stream()); @@ -2253,7 +2369,8 @@ TEST_P(HttpStreamFactoryBidirectionalQuicTest, std::unique_ptr<HttpStreamRequest> request( session()->http_stream_factory()->RequestBidirectionalStreamImpl( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); EXPECT_TRUE(waiter.stream_done()); @@ -2318,7 +2435,8 @@ TEST_P(HttpStreamFactoryBidirectionalQuicTest, std::unique_ptr<HttpStreamRequest> request( session()->http_stream_factory()->RequestBidirectionalStreamImpl( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); EXPECT_TRUE(waiter.stream_done()); @@ -2380,7 +2498,8 @@ TEST_P(HttpStreamFactoryBidirectionalQuicTest, std::unique_ptr<HttpStreamRequest> request( session()->http_stream_factory()->RequestBidirectionalStreamImpl( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); EXPECT_TRUE(waiter.stream_done()); @@ -2447,7 +2566,8 @@ TEST_F(HttpStreamFactoryTest, RequestBidirectionalStreamImplFailure) { std::unique_ptr<HttpStreamRequest> request( session->http_stream_factory()->RequestBidirectionalStreamImpl( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - NetLogWithSource())); + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); EXPECT_TRUE(waiter.stream_done()); ASSERT_THAT(waiter.error_status(), IsError(ERR_FAILED)); @@ -2495,7 +2615,9 @@ TEST_F(HttpStreamFactoryTest, RequestWebSocketSpdyHandshakeStreamButGetSSL) { session->http_stream_factory_for_websocket() ->RequestWebSocketHandshakeStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter1, - &create_helper, NetLogWithSource())); + &create_helper, + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter1.WaitForStream(); EXPECT_TRUE(waiter1.stream_done()); ASSERT_TRUE(nullptr != waiter1.websocket_stream()); @@ -2542,7 +2664,9 @@ TEST_F(HttpStreamFactoryTest, DISABLED_RequestWebSocketSpdyHandshakeStream) { session->http_stream_factory_for_websocket() ->RequestWebSocketHandshakeStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter1, - &create_helper, NetLogWithSource())); + &create_helper, + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter1.WaitForStream(); EXPECT_TRUE(waiter1.stream_done()); ASSERT_TRUE(nullptr != waiter1.websocket_stream()); @@ -2555,7 +2679,9 @@ TEST_F(HttpStreamFactoryTest, DISABLED_RequestWebSocketSpdyHandshakeStream) { session->http_stream_factory_for_websocket() ->RequestWebSocketHandshakeStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter2, - &create_helper, NetLogWithSource())); + &create_helper, + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter2.WaitForStream(); EXPECT_TRUE(waiter2.stream_done()); ASSERT_TRUE(nullptr != waiter2.websocket_stream()); @@ -2621,7 +2747,9 @@ TEST_F(HttpStreamFactoryTest, DISABLED_OrphanedWebSocketStream) { session->http_stream_factory_for_websocket() ->RequestWebSocketHandshakeStream( request_info, DEFAULT_PRIORITY, ssl_config, ssl_config, &waiter, - &create_helper, NetLogWithSource())); + &create_helper, + /* enable_ip_based_pooling = */ true, + /* enable_alternative_services = */ true, NetLogWithSource())); waiter.WaitForStream(); EXPECT_TRUE(waiter.stream_done()); EXPECT_TRUE(nullptr == waiter.stream()); diff --git a/chromium/net/http/http_stream_factory_test_util.cc b/chromium/net/http/http_stream_factory_test_util.cc index 50d083073d7..55fb736e568 100644 --- a/chromium/net/http/http_stream_factory_test_util.cc +++ b/chromium/net/http/http_stream_factory_test_util.cc @@ -23,6 +23,7 @@ MockHttpStreamFactoryImplJob::MockHttpStreamFactoryImplJob( const SSLConfig& proxy_ssl_config, HostPortPair destination, GURL origin_url, + bool enable_ip_based_pooling, NetLog* net_log) : HttpStreamFactoryImpl::Job(delegate, job_type, @@ -33,6 +34,7 @@ MockHttpStreamFactoryImplJob::MockHttpStreamFactoryImplJob( proxy_ssl_config, destination, origin_url, + enable_ip_based_pooling, net_log) { DCHECK(!is_waiting()); } @@ -49,6 +51,7 @@ MockHttpStreamFactoryImplJob::MockHttpStreamFactoryImplJob( GURL origin_url, AlternativeService alternative_service, const ProxyServer& alternative_proxy_server, + bool enable_ip_based_pooling, NetLog* net_log) : HttpStreamFactoryImpl::Job(delegate, job_type, @@ -61,6 +64,7 @@ MockHttpStreamFactoryImplJob::MockHttpStreamFactoryImplJob( origin_url, alternative_service, alternative_proxy_server, + enable_ip_based_pooling, net_log) {} MockHttpStreamFactoryImplJob::~MockHttpStreamFactoryImplJob() {} @@ -82,6 +86,7 @@ HttpStreamFactoryImpl::Job* TestJobFactory::CreateJob( const SSLConfig& proxy_ssl_config, HostPortPair destination, GURL origin_url, + bool enable_ip_based_pooling, NetLog* net_log) { DCHECK(!main_job_); @@ -90,7 +95,7 @@ HttpStreamFactoryImpl::Job* TestJobFactory::CreateJob( main_job_ = new MockHttpStreamFactoryImplJob( delegate, job_type, session, request_info, priority, SSLConfig(), - SSLConfig(), destination, origin_url, nullptr); + SSLConfig(), destination, origin_url, enable_ip_based_pooling, nullptr); return main_job_; } @@ -106,12 +111,13 @@ HttpStreamFactoryImpl::Job* TestJobFactory::CreateJob( HostPortPair destination, GURL origin_url, AlternativeService alternative_service, + bool enable_ip_based_pooling, NetLog* net_log) { DCHECK(!alternative_job_); alternative_job_ = new MockHttpStreamFactoryImplJob( delegate, job_type, session, request_info, priority, SSLConfig(), SSLConfig(), destination, origin_url, alternative_service, ProxyServer(), - nullptr); + enable_ip_based_pooling, nullptr); return alternative_job_; } @@ -127,12 +133,13 @@ HttpStreamFactoryImpl::Job* TestJobFactory::CreateJob( HostPortPair destination, GURL origin_url, const ProxyServer& alternative_proxy_server, + bool enable_ip_based_pooling, NetLog* net_log) { DCHECK(!alternative_job_); alternative_job_ = new MockHttpStreamFactoryImplJob( delegate, job_type, session, request_info, priority, SSLConfig(), SSLConfig(), destination, origin_url, AlternativeService(), - alternative_proxy_server, nullptr); + alternative_proxy_server, enable_ip_based_pooling, nullptr); return alternative_job_; } diff --git a/chromium/net/http/http_stream_factory_test_util.h b/chromium/net/http/http_stream_factory_test_util.h index 39df572d677..a8de702be92 100644 --- a/chromium/net/http/http_stream_factory_test_util.h +++ b/chromium/net/http/http_stream_factory_test_util.h @@ -101,6 +101,7 @@ class MockHttpStreamFactoryImplJob : public HttpStreamFactoryImpl::Job { const SSLConfig& proxy_ssl_config, HostPortPair destination, GURL origin_url, + bool enable_ip_based_pooling, NetLog* net_log); MockHttpStreamFactoryImplJob(HttpStreamFactoryImpl::Job::Delegate* delegate, @@ -114,6 +115,7 @@ class MockHttpStreamFactoryImplJob : public HttpStreamFactoryImpl::Job { GURL origin_url, AlternativeService alternative_service, const ProxyServer& alternative_proxy_server, + bool enable_ip_based_pooling, NetLog* net_log); ~MockHttpStreamFactoryImplJob() override; @@ -139,6 +141,7 @@ class TestJobFactory : public HttpStreamFactoryImpl::JobFactory { const SSLConfig& proxy_ssl_config, HostPortPair destination, GURL origin_url, + bool enable_ip_based_pooling, NetLog* net_log) override; HttpStreamFactoryImpl::Job* CreateJob( @@ -152,6 +155,7 @@ class TestJobFactory : public HttpStreamFactoryImpl::JobFactory { HostPortPair destination, GURL origin_url, AlternativeService alternative_service, + bool enable_ip_based_pooling, NetLog* net_log) override; HttpStreamFactoryImpl::Job* CreateJob( @@ -165,6 +169,7 @@ class TestJobFactory : public HttpStreamFactoryImpl::JobFactory { HostPortPair destination, GURL origin_url, const ProxyServer& alternative_proxy_server, + bool enable_ip_based_pooling, NetLog* net_log) override; MockHttpStreamFactoryImplJob* main_job() const { return main_job_; } diff --git a/chromium/net/http/http_util.cc b/chromium/net/http/http_util.cc index 62bed8c449c..b1ff9443b64 100644 --- a/chromium/net/http/http_util.cc +++ b/chromium/net/http/http_util.cc @@ -10,6 +10,7 @@ #include <algorithm> #include "base/logging.h" +#include "base/stl_util.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_piece.h" #include "base/strings/string_tokenizer.h" @@ -707,8 +708,8 @@ std::string HttpUtil::AssembleRawHeaders(const char* input_begin, // Use '\0' as the canonical line terminator. If the input already contained // any embeded '\0' characters we will strip them first to avoid interpreting // them as line breaks. - raw_headers.erase(std::remove(raw_headers.begin(), raw_headers.end(), '\0'), - raw_headers.end()); + base::Erase(raw_headers, '\0'); + std::replace(raw_headers.begin(), raw_headers.end(), '\n', '\0'); return raw_headers; @@ -1048,4 +1049,108 @@ bool HttpUtil::NameValuePairsIterator::IsQuote(char c) const { return HttpUtil::IsQuote(c); } +bool HttpUtil::ParseAcceptEncoding(const std::string& accept_encoding, + std::set<std::string>* allowed_encodings) { + DCHECK(allowed_encodings); + if (accept_encoding.find_first_of("\"") != std::string::npos) + return false; + allowed_encodings->clear(); + + base::StringTokenizer tokenizer(accept_encoding.begin(), + accept_encoding.end(), ","); + while (tokenizer.GetNext()) { + base::StringPiece entry = tokenizer.token_piece(); + entry = TrimLWS(entry); + size_t semicolon_pos = entry.find(';'); + if (semicolon_pos == base::StringPiece::npos) { + if (entry.find_first_of(HTTP_LWS) != base::StringPiece::npos) + return false; + allowed_encodings->insert(base::ToLowerASCII(entry)); + continue; + } + base::StringPiece encoding = entry.substr(0, semicolon_pos); + encoding = TrimLWS(encoding); + if (encoding.find_first_of(HTTP_LWS) != base::StringPiece::npos) + return false; + base::StringPiece params = entry.substr(semicolon_pos + 1); + params = TrimLWS(params); + size_t equals_pos = params.find('='); + if (equals_pos == base::StringPiece::npos) + return false; + base::StringPiece param_name = params.substr(0, equals_pos); + param_name = TrimLWS(param_name); + if (!base::LowerCaseEqualsASCII(param_name, "q")) + return false; + base::StringPiece qvalue = params.substr(equals_pos + 1); + qvalue = TrimLWS(qvalue); + if (qvalue.empty()) + return false; + if (qvalue[0] == '1') { + if (base::StringPiece("1.000").starts_with(qvalue)) { + allowed_encodings->insert(base::ToLowerASCII(encoding)); + continue; + } + return false; + } + if (qvalue[0] != '0') + return false; + if (qvalue.length() == 1) + continue; + if (qvalue.length() <= 2 || qvalue.length() > 5) + return false; + if (qvalue[1] != '.') + return false; + bool nonzero_number = false; + for (size_t i = 2; i < qvalue.length(); ++i) { + if (!base::IsAsciiDigit(qvalue[i])) + return false; + if (qvalue[i] != '0') + nonzero_number = true; + } + if (nonzero_number) + allowed_encodings->insert(base::ToLowerASCII(encoding)); + } + + // RFC 7231 5.3.4 "A request without an Accept-Encoding header field implies + // that the user agent has no preferences regarding content-codings." + if (allowed_encodings->empty()) { + allowed_encodings->insert("*"); + return true; + } + + // Any browser must support "identity". + allowed_encodings->insert("identity"); + + // RFC says gzip == x-gzip; mirror it here for easier matching. + if (allowed_encodings->find("gzip") != allowed_encodings->end()) + allowed_encodings->insert("x-gzip"); + if (allowed_encodings->find("x-gzip") != allowed_encodings->end()) + allowed_encodings->insert("gzip"); + + // RFC says compress == x-compress; mirror it here for easier matching. + if (allowed_encodings->find("compress") != allowed_encodings->end()) + allowed_encodings->insert("x-compress"); + if (allowed_encodings->find("x-compress") != allowed_encodings->end()) + allowed_encodings->insert("compress"); + return true; +} + +bool HttpUtil::ParseContentEncoding(const std::string& content_encoding, + std::set<std::string>* used_encodings) { + DCHECK(used_encodings); + if (content_encoding.find_first_of("\"=;*") != std::string::npos) + return false; + used_encodings->clear(); + + base::StringTokenizer encoding_tokenizer(content_encoding.begin(), + content_encoding.end(), ","); + while (encoding_tokenizer.GetNext()) { + base::StringPiece encoding = TrimLWS(encoding_tokenizer.token_piece()); + if (encoding.find_first_of(HTTP_LWS) != base::StringPiece::npos) + return false; + used_encodings->insert(base::ToLowerASCII(encoding)); + } + return true; +} + } // namespace net diff --git a/chromium/net/http/http_util.h b/chromium/net/http/http_util.h index 267b9640094..cb3de359c1d 100644 --- a/chromium/net/http/http_util.h +++ b/chromium/net/http/http_util.h @@ -8,6 +8,7 @@ #include <stddef.h> #include <stdint.h> +#include <set> #include <string> #include <vector> @@ -230,6 +231,21 @@ class NET_EXPORT HttpUtil { // returned by GetStatusCodesForHistogram. static int MapStatusCodeForHistogram(int code); + // Returns true if |accept_encoding| is well-formed. Parsed encodings turned + // to lower case, are placed to provided string-set. Resulting set is + // augmented to fulfill the RFC 2616 and RFC 7231 recommendations, e.g. if + // there is no encodings specified, then {"*"} is returned to denote that + // client has to encoding preferences (but it does not imply that the + // user agent will be able to correctly process all encodings). + static bool ParseAcceptEncoding(const std::string& accept_encoding, + std::set<std::string>* allowed_encodings); + + // Returns true if |content_encoding| is well-formed. Parsed encodings turned + // to lower case, are placed to provided string-set. See sections 14.11 and + // 3.5 of RFC 2616. + static bool ParseContentEncoding(const std::string& content_encoding, + std::set<std::string>* used_encodings); + // Used to iterate over the name/value pairs of HTTP headers. To iterate // over the values in a multi-value header, use ValuesIterator. // See AssembleRawHeaders for joining line continuations (this iterator diff --git a/chromium/net/http/http_util_unittest.cc b/chromium/net/http/http_util_unittest.cc index 3560e2f4776..f56f48ebdae 100644 --- a/chromium/net/http/http_util_unittest.cc +++ b/chromium/net/http/http_util_unittest.cc @@ -1322,4 +1322,84 @@ TEST(HttpUtilTest, IsLWS) { EXPECT_TRUE(HttpUtil::IsLWS(' ')); } +TEST(HttpUtilTest, ParseAcceptEncoding) { + const struct { + const char* const value; + const char* const expected; + } tests[] = { + {"", "*"}, + {"identity;q=1, *;q=0", "identity"}, + {"identity", "identity"}, + {"FOO, Bar", "bar|foo|identity"}, + {"foo; q=1", "foo|identity"}, + {"abc, foo; Q=1.0", "abc|foo|identity"}, + {"abc, foo;q= 1.00 , bar", "abc|bar|foo|identity"}, + {"abc, foo; q=1.000, bar", "abc|bar|foo|identity"}, + {"abc, foo ; q = 0 , bar", "abc|bar|identity"}, + {"abc, foo; q=0.0, bar", "abc|bar|identity"}, + {"abc, foo; q=0.00, bar", "abc|bar|identity"}, + {"abc, foo; q=0.000, bar", "abc|bar|identity"}, + {"abc, foo; q=0.001, bar", "abc|bar|foo|identity"}, + {"gzip", "gzip|identity|x-gzip"}, + {"x-gzip", "gzip|identity|x-gzip"}, + {"compress", "compress|identity|x-compress"}, + {"x-compress", "compress|identity|x-compress"}, + {"x-compress", "compress|identity|x-compress"}, + {"foo bar", "INVALID"}, + {"foo;", "INVALID"}, + {"foo;w=1", "INVALID"}, + {"foo;q+1", "INVALID"}, + {"foo;q=2", "INVALID"}, + {"foo;q=1.001", "INVALID"}, + {"foo;q=0.", "INVALID"}, + {"foo,\"bar\"", "INVALID"}, + }; + + for (size_t i = 0; i < arraysize(tests); ++i) { + std::string value(tests[i].value); + std::string reformatted; + std::set<std::string> allowed_encodings; + if (!HttpUtil::ParseAcceptEncoding(value, &allowed_encodings)) { + reformatted = "INVALID"; + } else { + std::vector<std::string> encodings_list; + for (auto const& encoding : allowed_encodings) + encodings_list.push_back(encoding); + reformatted = base::JoinString(encodings_list, "|"); + } + EXPECT_STREQ(tests[i].expected, reformatted.c_str()) + << "value=\"" << value << "\""; + } +} + +TEST(HttpUtilTest, ParseContentEncoding) { + const struct { + const char* const value; + const char* const expected; + } tests[] = { + {"", ""}, + {"identity;q=1, *;q=0", "INVALID"}, + {"identity", "identity"}, + {"FOO, zergli , Bar", "bar|foo|zergli"}, + {"foo, *", "INVALID"}, + {"foo,\"bar\"", "INVALID"}, + }; + + for (size_t i = 0; i < arraysize(tests); ++i) { + std::string value(tests[i].value); + std::string reformatted; + std::set<std::string> used_encodings; + if (!HttpUtil::ParseContentEncoding(value, &used_encodings)) { + reformatted = "INVALID"; + } else { + std::vector<std::string> encodings_list; + for (auto const& encoding : used_encodings) + encodings_list.push_back(encoding); + reformatted = base::JoinString(encodings_list, "|"); + } + EXPECT_STREQ(tests[i].expected, reformatted.c_str()) + << "value=\"" << value << "\""; + } +} + } // namespace net diff --git a/chromium/net/http/mock_http_cache.cc b/chromium/net/http/mock_http_cache.cc index 902095aa13f..47125a30cc5 100644 --- a/chromium/net/http/mock_http_cache.cc +++ b/chromium/net/http/mock_http_cache.cc @@ -515,8 +515,10 @@ void MockDiskCache::GetStats(base::StringPairs* stats) { void MockDiskCache::OnExternalCacheHit(const std::string& key) { } -size_t MockDiskCache::EstimateMemoryUsage() const { - return 0; +size_t MockDiskCache::DumpMemoryStats( + base::trace_event::ProcessMemoryDump* pmd, + const std::string& parent_absolute_name) const { + return 0u; } void MockDiskCache::ReleaseAll() { diff --git a/chromium/net/http/mock_http_cache.h b/chromium/net/http/mock_http_cache.h index f6a805c34f5..a24200bf834 100644 --- a/chromium/net/http/mock_http_cache.h +++ b/chromium/net/http/mock_http_cache.h @@ -134,7 +134,9 @@ class MockDiskCache : public disk_cache::Backend { std::unique_ptr<Iterator> CreateIterator() override; void GetStats(base::StringPairs* stats) override; void OnExternalCacheHit(const std::string& key) override; - size_t EstimateMemoryUsage() const override; + size_t DumpMemoryStats( + base::trace_event::ProcessMemoryDump* pmd, + const std::string& parent_absolute_name) const override; // Returns number of times a cache entry was successfully opened. int open_count() const { return open_count_; } diff --git a/chromium/net/http/proxy_connect_redirect_http_stream.cc b/chromium/net/http/proxy_connect_redirect_http_stream.cc index 5b8a2bcc43a..a493f332874 100644 --- a/chromium/net/http/proxy_connect_redirect_http_stream.cc +++ b/chromium/net/http/proxy_connect_redirect_http_stream.cc @@ -79,6 +79,11 @@ int64_t ProxyConnectRedirectHttpStream::GetTotalSentBytes() const { return 0; } +bool ProxyConnectRedirectHttpStream::GetAlternativeService( + AlternativeService* alternative_service) const { + return false; +} + bool ProxyConnectRedirectHttpStream::GetLoadTimingInfo( LoadTimingInfo* load_timing_info) const { if (!has_load_timing_info_) diff --git a/chromium/net/http/proxy_connect_redirect_http_stream.h b/chromium/net/http/proxy_connect_redirect_http_stream.h index 74d91362463..c66aa21bcb0 100644 --- a/chromium/net/http/proxy_connect_redirect_http_stream.h +++ b/chromium/net/http/proxy_connect_redirect_http_stream.h @@ -51,6 +51,8 @@ class ProxyConnectRedirectHttpStream : public HttpStream { int64_t GetTotalReceivedBytes() const override; int64_t GetTotalSentBytes() const override; + bool GetAlternativeService( + AlternativeService* alternative_service) const override; // This function may be called. bool GetLoadTimingInfo(LoadTimingInfo* load_timing_info) const override; diff --git a/chromium/net/http/transport_security_persister_unittest.cc b/chromium/net/http/transport_security_persister_unittest.cc index c48f3c0ef03..6e7e8047a8b 100644 --- a/chromium/net/http/transport_security_persister_unittest.cc +++ b/chromium/net/http/transport_security_persister_unittest.cc @@ -144,7 +144,8 @@ TEST_F(TransportSecurityPersisterTest, SerializeData3) { // than block.) Use a different basename just for cleanliness. base::FilePath path = temp_dir_.GetPath().AppendASCII("TransportSecurityPersisterTest"); - EXPECT_TRUE(base::WriteFile(path, serialized.c_str(), serialized.size())); + EXPECT_EQ(static_cast<int>(serialized.size()), + base::WriteFile(path, serialized.c_str(), serialized.size())); // Read the data back. std::string persisted; diff --git a/chromium/net/http/transport_security_state.cc b/chromium/net/http/transport_security_state.cc index 5f82c2897b5..2e829ad4a9e 100644 --- a/chromium/net/http/transport_security_state.cc +++ b/chromium/net/http/transport_security_state.cc @@ -47,6 +47,9 @@ const size_t kMaxHPKPReportCacheEntries = 50; const int kTimeToRememberHPKPReportsMins = 60; const size_t kReportCacheKeyLength = 16; +// Points to the active transport security state source. +const TransportSecurityStateSource* g_hsts_source = &kHSTSSource; + // Override for ShouldRequireCT() for unit tests. Possible values: // -1: Unless a delegate says otherwise, do not require CT. // 0: Use the default implementation (e.g. production) @@ -91,7 +94,7 @@ std::unique_ptr<base::ListValue> GetPEMEncodedChainAsList( std::vector<std::string> pem_encoded_chain; cert_chain->GetPEMEncodedChain(&pem_encoded_chain); for (const std::string& cert : pem_encoded_chain) - result->Append(base::MakeUnique<base::StringValue>(cert)); + result->Append(base::MakeUnique<base::Value>(cert)); return result; } @@ -157,7 +160,7 @@ bool GetHPKPReport(const HostPortPair& host_port_pair, known_pin += "\"" + base64_value + "\""; known_pin_list->Append( - std::unique_ptr<base::Value>(new base::StringValue(known_pin))); + std::unique_ptr<base::Value>(new base::Value(known_pin))); } report.Set("known-pins", std::move(known_pin_list)); @@ -434,9 +437,11 @@ struct PreloadResult { bool DecodeHSTSPreloadRaw(const std::string& search_hostname, bool* out_found, PreloadResult* out) { - HuffmanDecoder huffman(kHSTSHuffmanTree, sizeof(kHSTSHuffmanTree)); - BitReader reader(kPreloadedHSTSData, kPreloadedHSTSBits); - size_t bit_offset = kHSTSRootPosition; + HuffmanDecoder huffman(g_hsts_source->huffman_tree, + g_hsts_source->huffman_tree_size); + BitReader reader(g_hsts_source->preloaded_data, + g_hsts_source->preloaded_bits); + size_t bit_offset = g_hsts_source->root_position; static const char kEndOfString = 0; static const char kEndOfTable = 127; @@ -721,6 +726,11 @@ bool SerializeExpectStapleReport(const HostPortPair& host_port_pair, } // namespace +void SetTransportSecurityStateSourceForTesting( + const TransportSecurityStateSource* source) { + g_hsts_source = source ? source : &kHSTSSource; +} + TransportSecurityState::TransportSecurityState() : enable_static_pins_(true), enable_static_expect_ct_(true), @@ -729,7 +739,7 @@ TransportSecurityState::TransportSecurityState() sent_reports_cache_(kMaxHPKPReportCacheEntries) { // Static pinning is only enabled for official builds to make sure that // others don't end up with pins that cannot be easily updated. -#if !defined(OFFICIAL_BUILD) || defined(OS_ANDROID) || defined(OS_IOS) +#if !defined(GOOGLE_CHROME_BUILD) || defined(OS_ANDROID) || defined(OS_IOS) enable_static_pins_ = false; enable_static_expect_ct_ = false; #endif @@ -1104,8 +1114,8 @@ bool TransportSecurityState::GetStaticExpectCTState( return false; expect_ct_state->domain = host.substr(result.hostname_offset); - expect_ct_state->report_uri = - GURL(kExpectCTReportURIs[result.expect_ct_report_uri_id]); + expect_ct_state->report_uri = GURL( + g_hsts_source->expect_ct_report_uris[result.expect_ct_report_uri_id]); return true; } @@ -1128,7 +1138,8 @@ bool TransportSecurityState::GetStaticExpectStapleState( expect_staple_state->include_subdomains = result.expect_staple_include_subdomains; expect_staple_state->report_uri = - GURL(kExpectStapleReportURIs[result.expect_staple_report_uri_id]); + GURL(g_hsts_source + ->expect_staple_report_uris[result.expect_staple_report_uri_id]); return true; } @@ -1432,9 +1443,10 @@ bool TransportSecurityState::GetStaticDomainState(const std::string& host, pkp_state->include_subdomains = result.pkp_include_subdomains; pkp_state->last_observed = base::GetBuildTime(); - if (result.pinset_id >= arraysize(kPinsets)) + if (result.pinset_id >= g_hsts_source->pinsets_count) return false; - const Pinset *pinset = &kPinsets[result.pinset_id]; + const TransportSecurityStateSource::Pinset* pinset = + &g_hsts_source->pinsets[result.pinset_id]; if (pinset->report_uri != kNoReportURI) pkp_state->report_uri = GURL(pinset->report_uri); diff --git a/chromium/net/http/transport_security_state.h b/chromium/net/http/transport_security_state.h index a55cf62d417..5d3c126dcc2 100644 --- a/chromium/net/http/transport_security_state.h +++ b/chromium/net/http/transport_security_state.h @@ -19,6 +19,7 @@ #include "net/base/expiring_cache.h" #include "net/base/hash_value.h" #include "net/base/net_export.h" +#include "net/http/transport_security_state_source.h" #include "url/gurl.h" namespace net { @@ -27,6 +28,9 @@ class HostPortPair; class SSLInfo; class X509Certificate; +void NET_EXPORT_PRIVATE SetTransportSecurityStateSourceForTesting( + const TransportSecurityStateSource* source); + // Tracks which hosts have enabled strict transport security and/or public // key pins. // diff --git a/chromium/net/http/transport_security_state_ct_policies.inc b/chromium/net/http/transport_security_state_ct_policies.inc index 60d8dfba996..50f079022a8 100644 --- a/chromium/net/http/transport_security_state_ct_policies.inc +++ b/chromium/net/http/transport_security_state_ct_policies.inc @@ -218,9 +218,6 @@ const SHA256HashValue kSymantecExceptions[] = { {{0x72, 0x89, 0xc0, 0x6d, 0xed, 0xd1, 0x6b, 0x71, 0xa7, 0xdc, 0xca, 0x66, 0x57, 0x85, 0x72, 0xe2, 0xe1, 0x09, 0xb1, 0x1d, 0x70, 0xad, 0x04, 0xc2, 0x60, 0x1b, 0x67, 0x43, 0xbc, 0x66, 0xd0, 0x7b}}, - {{0xa5, 0x3d, 0xb6, 0x10, 0x6b, 0xb7, 0x60, 0x35, 0x4c, 0xed, 0x90, - 0x45, 0xfb, 0x06, 0xeb, 0x06, 0xaf, 0x85, 0xe6, 0xb1, 0x18, 0xc0, - 0x62, 0xed, 0x13, 0xc3, 0x05, 0x1d, 0xfe, 0xb8, 0xd4, 0x9c}}, {{0xb5, 0xcf, 0x82, 0xd4, 0x7e, 0xf9, 0x82, 0x3f, 0x9a, 0xa7, 0x8f, 0x12, 0x31, 0x86, 0xc5, 0x2e, 0x88, 0x79, 0xea, 0x84, 0xb0, 0xf8, 0x22, 0xc9, 0x1d, 0x83, 0xe0, 0x42, 0x79, 0xb7, 0x8f, 0xd5}}, diff --git a/chromium/net/http/transport_security_state_source.h b/chromium/net/http/transport_security_state_source.h new file mode 100644 index 00000000000..206746d04ba --- /dev/null +++ b/chromium/net/http/transport_security_state_source.h @@ -0,0 +1,30 @@ +// Copyright (c) 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_SOURCE_H_ +#define NET_HTTP_TRANSPORT_SECURITY_STATE_SOURCE_H_ + +namespace net { + +struct TransportSecurityStateSource { + struct Pinset { + const char* const* const accepted_pins; + const char* const* const rejected_pins; + const char* const report_uri; + }; + + const uint8_t* huffman_tree; + size_t huffman_tree_size; + const uint8_t* preloaded_data; + size_t preloaded_bits; + size_t root_position; + const char* const* expect_ct_report_uris; + const char* const* expect_staple_report_uris; + const Pinset* pinsets; + size_t pinsets_count; +}; + +} // namespace net + +#endif // NET_HTTP_TRANSPORT_SECURITY_STATE_SOURCE_H_ diff --git a/chromium/net/http/transport_security_state_static.h b/chromium/net/http/transport_security_state_static.h index c1ed98a05e8..3ba7f71ada7 100644 --- a/chromium/net/http/transport_security_state_static.h +++ b/chromium/net/http/transport_security_state_static.h @@ -9,6 +9,8 @@ #include <stdint.h> +#include "net/http/transport_security_state_source.h" + enum SecondLevelDomainName { DOMAIN_NOT_PINNED, DOMAIN_GOOGLE_COM, @@ -580,7 +582,7 @@ static const char kSPKIHash_YahooBackup2[] = static const char* const kExpectCTReportURIs[] = { "https://clients3.google.com/ct_upload", "https://log.getdropbox.com/log/expectct", - NULL, + nullptr, }; static const char* const kExpectStapleReportURIs[] = { @@ -589,12 +591,12 @@ static const char* const kExpectStapleReportURIs[] = { "https://reporting.caddyserver.com/expect-staple", "https://asac.casa/expectstaple.jsp", "https://scotthelme.report-uri.io/r/default/staple/reportOnly", - NULL, + nullptr, }; // kNoRejectedPublicKeys is a placeholder for when no public keys are rejected. static const char* const kNoRejectedPublicKeys[] = { - NULL, + nullptr, }; // kNoReportURI is a placeholder for when a pinset does not have a report URI. @@ -619,7 +621,7 @@ static const char* const kDropboxAcceptableCerts[] = { kSPKIHash_ThawtePrimaryRootCA_G2, kSPKIHash_ThawtePrimaryRootCA_G3, kSPKIHash_ThawtePrimaryRootCA, - NULL, + nullptr, }; static const char kDropboxReportURI[] = "https://log.getdropbox.com/hpkp"; @@ -628,7 +630,7 @@ static const char* const kFacebookAcceptableCerts[] = { kSPKIHash_DigiCertECCSecureServerCA, kSPKIHash_DigiCertEVRoot, kSPKIHash_FacebookBackup, - NULL, + nullptr, }; static const char* const kGoogleAcceptableCerts[] = { @@ -636,7 +638,7 @@ static const char* const kGoogleAcceptableCerts[] = { kSPKIHash_GoogleG2, kSPKIHash_GeoTrustGlobal, kSPKIHash_GlobalSignRootCA_R2, - NULL, + nullptr, }; static const char kGoogleReportURI[] = "http://clients3.google.com/cert_upload_json"; @@ -651,7 +653,7 @@ static const char* const kNightxAcceptableCerts[] = { kSPKIHash_DigiCertAssuredIDRoot, kSPKIHash_COMODOCertificationAuthority, kSPKIHash_AddTrustExternalCARoot, - NULL, + nullptr, }; static const char kNightxReportURI[] = "http://l.nightx.uk/report/hpkp"; @@ -660,7 +662,7 @@ static const char* const kSpideroakAcceptableCerts[] = { kSPKIHash_DigiCertEVRoot, kSPKIHash_SpiderOak2, kSPKIHash_SpiderOak3, - NULL, + nullptr, }; static const char* const kSwehackComAcceptableCerts[] = { @@ -670,12 +672,12 @@ static const char* const kSwehackComAcceptableCerts[] = { kSPKIHash_DSTRootCAX3, kSPKIHash_SwehackBackup, kSPKIHash_COMODORSADomainValidationSecureServerCA, - NULL, + nullptr, }; static const char* const kTestAcceptableCerts[] = { kSPKIHash_TestSPKI, - NULL, + nullptr, }; static const char* const kTorAcceptableCerts[] = { @@ -686,7 +688,7 @@ static const char* const kTorAcceptableCerts[] = { kSPKIHash_Tor3, kSPKIHash_LetsEncryptAuthorityPrimary_X1_X3, kSPKIHash_LetsEncryptAuthorityBackup_X2_X4, - NULL, + nullptr, }; static const char* const kTwitterCDNAcceptableCerts[] = { @@ -732,7 +734,7 @@ static const char* const kTwitterCDNAcceptableCerts[] = { kSPKIHash_GlobalSignRootCA, kSPKIHash_GlobalSignRootCA_R2, kSPKIHash_GlobalSignRootCA_R3, - NULL, + nullptr, }; static const char kTwitterCDNReportURI[] = "http://l.twimg.com/i/hpkp_report"; @@ -758,7 +760,7 @@ static const char* const kTwitterComAcceptableCerts[] = { kSPKIHash_DigiCertEVRoot, kSPKIHash_DigiCertAssuredIDRoot, kSPKIHash_Twitter1, - NULL, + nullptr, }; static const char kTwitterComReportURI[] = "http://l.twimg.com/i/hpkp_report"; @@ -778,16 +780,10 @@ static const char* const kYahooAcceptableCerts[] = { kSPKIHash_DigiCertEVRoot, kSPKIHash_YahooBackup1, kSPKIHash_YahooBackup2, - NULL, -}; - -struct Pinset { - const char* const* const accepted_pins; - const char* const* const rejected_pins; - const char* const report_uri; + nullptr, }; -static const struct Pinset kPinsets[] = { +static const net::TransportSecurityStateSource::Pinset kPinsets[] = { {kDropboxAcceptableCerts, kNoRejectedPublicKeys, kDropboxReportURI}, {kFacebookAcceptableCerts, kNoRejectedPublicKeys, kNoReportURI}, {kGoogleAcceptableCerts, kNoRejectedPublicKeys, kGoogleReportURI}, @@ -18426,4 +18422,11 @@ static const uint8_t kPreloadedHSTSData[] = { static const unsigned kPreloadedHSTSBits = 1689888; static const unsigned kHSTSRootPosition = 1689210; +static const net::TransportSecurityStateSource kHSTSSource = { + kHSTSHuffmanTree, sizeof(kHSTSHuffmanTree), + kPreloadedHSTSData, kPreloadedHSTSBits, + kHSTSRootPosition, kExpectCTReportURIs, + kExpectStapleReportURIs, kPinsets, + arraysize(kPinsets)}; + #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_STATIC_H_ diff --git a/chromium/net/http/transport_security_state_static_unittest.pins b/chromium/net/http/transport_security_state_static_unittest.pins new file mode 100644 index 00000000000..36ef2f10e7f --- /dev/null +++ b/chromium/net/http/transport_security_state_static_unittest.pins @@ -0,0 +1,12 @@ +# Copyright 2017 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +# +# This is a HSTS pins file used by the unittests. For more information on the +# content and format see the comments in transport_security_state_static.pins. + +TestSPKI1 +sha256/AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQE= + +TestSPKI2 +sha256/AgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI= diff --git a/chromium/net/http/transport_security_state_static_unittest.template b/chromium/net/http/transport_security_state_static_unittest.template new file mode 100644 index 00000000000..e766145ec3f --- /dev/null +++ b/chromium/net/http/transport_security_state_static_unittest.template @@ -0,0 +1,48 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// This file is generated by net/tools/transport_security_state_generator/. +// See transport_security_state_static.template for more information on the data +// in this file. + +#include <stdint.h> + +#include "net/http/transport_security_state_source.h" + +enum SecondLevelDomainName [[DOMAIN_IDS]]; + +[[SPKI_HASHES]] + +static const char* const kExpectCTReportURIs[] = [[EXPECT_CT_REPORT_URIS]]; + +static const char* const kExpectStapleReportURIs[] = [[EXPECT_STAPLE_REPORT_URIS]]; + +static const char* const kNoRejectedPublicKeys[] = { + NULL, +}; + +static const char kNoReportURI[] = ""; + +[[ACCEPTABLE_CERTS]] + +static const struct net::TransportSecurityStateSource::Pinset kPinsets[] = [[PINSETS]]; + +static const uint8_t kHSTSHuffmanTree[] = [[HUFFMAN_TREE]]; + +static const uint8_t kPreloadedHSTSData[] = [[HSTS_TRIE]]; + +static const unsigned kPreloadedHSTSBits = [[HSTS_TRIE_BITS]]; +static const unsigned kHSTSRootPosition = [[HSTS_TRIE_ROOT]]; + +static const net::TransportSecurityStateSource kHSTSSource = { + kHSTSHuffmanTree, + sizeof(kHSTSHuffmanTree), + kPreloadedHSTSData, + kPreloadedHSTSBits, + kHSTSRootPosition, + kExpectCTReportURIs, + kExpectStapleReportURIs, + kPinsets, + arraysize(kPinsets) +}; diff --git a/chromium/net/http/transport_security_state_static_unittest1.json b/chromium/net/http/transport_security_state_static_unittest1.json new file mode 100644 index 00000000000..65d891b2f05 --- /dev/null +++ b/chromium/net/http/transport_security_state_static_unittest1.json @@ -0,0 +1,38 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// This is a HSTS preloaded list used by the unittests. For more information +// on the content and format see the comments in +// transport_security_state_static.json. + +{ + "pinsets": [ + { + "name": "test1", + "static_spki_hashes": [ + "TestSPKI1" + ], + "bad_static_spki_hashes": [ + "TestSPKI2" + ] + }, { + "name": "test2", + "static_spki_hashes": [ + "TestSPKI2" + ] + } + ], + "entries": [ + { + "name": "hsts.example.com", + "mode": "force-https", + "include_subdomains": true, + "pins": "test1" + } + ], + "domain_ids": [ + "NOT_PINNED", + "EXAMPLE_COM" + ] +} diff --git a/chromium/net/http/transport_security_state_static_unittest2.json b/chromium/net/http/transport_security_state_static_unittest2.json new file mode 100644 index 00000000000..ac54ced5207 --- /dev/null +++ b/chromium/net/http/transport_security_state_static_unittest2.json @@ -0,0 +1,61 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// This is a HSTS preloaded list used by the unittests. For more information +// on the content and format see the comments in +// transport_security_state_static.json. + +{ + "pinsets": [ + { + "name": "test1", + "static_spki_hashes": [ + "TestSPKI1" + ], + "report_uri": "https://report.example.com/hpkp-upload" + }, { + "name": "test2", + "static_spki_hashes": [ + "TestSPKI2" + ], + "bad_static_spki_hashes": [ + "TestSPKI1" + ] + } + ], + "entries": [ + { + "name": "hsts.example.com", + "mode": "force-https" + }, { + "name": "hpkp.example.com", + "include_subdomains_for_pinning": true, + "pins": "test1" + }, { + "name": "expect-ct.example.com", + "expect_ct": true, + "expect_ct_report_uri": "https://report.example.com/ct-upload" + }, { + "name": "expect-staple.example.com", + "expect_staple": true, + "expect_staple_report_uri": "https://report.example.com/staple-upload", + "include_subdomains_for_expect_staple": false + }, { + "name": "mix.example.com", + "mode": "force-https", + "include_subdomains": false, + "pins": "test2", + "include_subdomains_for_pinning": true, + "expect_ct": true, + "expect_ct_report_uri": "https://report.example.com/ct-upload-alt", + "expect_staple": true, + "expect_staple_report_uri": "https://report.example.com/staple-upload-alt", + "include_subdomains_for_expect_staple": true + } + ], + "domain_ids": [ + "NOT_PINNED", + "EXAMPLE_COM" + ] +} diff --git a/chromium/net/http/transport_security_state_static_unittest3.json b/chromium/net/http/transport_security_state_static_unittest3.json new file mode 100644 index 00000000000..5de921cdea5 --- /dev/null +++ b/chromium/net/http/transport_security_state_static_unittest3.json @@ -0,0 +1,69 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// This is a HSTS preloaded list used by the unittests. For more information +// on the content and format see the comments in +// transport_security_state_static.json. + +{ + "pinsets": [ + { + "name": "test1", + "static_spki_hashes": [ + "TestSPKI1" + ], + "report_uri": "https://report.example.com/hpkp-upload" + }, { + "name": "test2", + "static_spki_hashes": [ + "TestSPKI2" + ], + "bad_static_spki_hashes": [ + "TestSPKI1" + ] + } + ], + "entries": [ + { + "name": "example.com", + "mode": "force-https", + "include_subdomains": true, + "expect_staple": true, + "expect_staple_report_uri": "https://report.example.com/staple-upload" + }, { + "name": "hpkp.example.com", + "include_subdomains_for_pinning": true, + "pins": "test1" + }, { + "name": "example.org", + "mode": "force-https", + "expect_ct": true, + "expect_ct_report_uri": "https://report.example.org/ct-upload" + }, { + "name": "badssl.com", + "include_subdomains": true, + "pins": "test1", + "expect_staple": true, + "expect_staple_report_uri": "https://report.badssl.com/staple-upload", + "include_subdomains_for_expect_staple": true + }, { + "name": "mix.badssl.com", + "mode": "force-https", + "include_subdomains": false, + "pins": "test2", + "include_subdomains_for_pinning": true, + "expect_ct": true, + "expect_ct_report_uri": "https://report.example.com/ct-upload", + "expect_staple": true, + "include_subdomains_for_expect_staple": true, + "expect_staple_report_uri": "https://report.badssl.com/staple-upload" + } + ], + "domain_ids": [ + "NOT_PINNED", + "EXAMPLE_COM", + "EXAMPLE_ORG", + "BADSSL_COM" + ] +} diff --git a/chromium/net/http/transport_security_state_unittest.cc b/chromium/net/http/transport_security_state_unittest.cc index 7fb0b491049..be41ec32f29 100644 --- a/chromium/net/http/transport_security_state_unittest.cc +++ b/chromium/net/http/transport_security_state_unittest.cc @@ -42,6 +42,16 @@ namespace net { namespace { +namespace test1 { +#include "net/http/transport_security_state_static_unittest1.h" +} +namespace test2 { +#include "net/http/transport_security_state_static_unittest2.h" +} +namespace test3 { +#include "net/http/transport_security_state_static_unittest3.h" +} + const char kHost[] = "example.test"; const char kSubdomain[] = "foo.example.test"; const uint16_t kPort = 443; @@ -353,6 +363,10 @@ void CheckExpectStapleReport(TransportSecurityState* state, class TransportSecurityStateTest : public testing::Test { public: + ~TransportSecurityStateTest() override { + SetTransportSecurityStateSourceForTesting(nullptr); + } + void SetUp() override { crypto::EnsureOpenSSLInit(); } @@ -382,6 +396,12 @@ class TransportSecurityStateTest : public testing::Test { return spki_hashes; } + static HashValue GetSampleSPKIHash(uint8_t value) { + HashValue hash(HASH_VALUE_SHA256); + memset(hash.data(), value, hash.size()); + return hash; + } + protected: bool GetStaticDomainState(TransportSecurityState* state, const std::string& host, @@ -1998,6 +2018,271 @@ TEST_F(TransportSecurityStateTest, ExpectCTReporter) { EXPECT_EQ(GURL(kExpectCTStaticReportURI), reporter.report_uri()); } +// Simple test for the HSTS preload process. The trie (generated from +// transport_security_state_static_unittest1.json) contains 1 entry. Test that +// the lookup methods can find the entry and correctly decode the different +// preloaded states (HSTS, HPKP, Expect-CT, and Expect-Staple). +TEST_F(TransportSecurityStateTest, DecodePreloadedSingle) { + SetTransportSecurityStateSourceForTesting(&test1::kHSTSSource); + + TransportSecurityState state; + TransportSecurityStateTest::EnableStaticPins(&state); + TransportSecurityStateTest::EnableStaticExpectCT(&state); + TransportSecurityStateTest::SetEnableStaticExpectStaple(&state, true); + + TransportSecurityState::STSState sts_state; + TransportSecurityState::PKPState pkp_state; + EXPECT_TRUE( + GetStaticDomainState(&state, "hsts.example.com", &sts_state, &pkp_state)); + EXPECT_TRUE(sts_state.include_subdomains); + EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, + sts_state.upgrade_mode); + EXPECT_TRUE(pkp_state.include_subdomains); + EXPECT_EQ(GURL(), pkp_state.report_uri); + ASSERT_EQ(1u, pkp_state.spki_hashes.size()); + EXPECT_EQ(pkp_state.spki_hashes[0], GetSampleSPKIHash(0x1)); + ASSERT_EQ(1u, pkp_state.bad_spki_hashes.size()); + EXPECT_EQ(pkp_state.bad_spki_hashes[0], GetSampleSPKIHash(0x2)); + + TransportSecurityState::ExpectCTState ct_state; + EXPECT_FALSE(GetExpectCTState(&state, "hsts.example.com", &ct_state)); + + TransportSecurityState::ExpectStapleState staple_state; + EXPECT_FALSE(GetExpectStapleState(&state, "hsts.example.com", &staple_state)); +} + +// More advanced test for the HSTS preload process where the trie (generated +// from transport_security_state_static_unittest2.json) contains multiple +// entries with a common prefix. Test that the lookup methods can find all +// entries and correctly decode the different preloaded states (HSTS, HPKP, +// Expect-CT, and Expect-Staple) for each entry. +TEST_F(TransportSecurityStateTest, DecodePreloadedMultiplePrefix) { + SetTransportSecurityStateSourceForTesting(&test2::kHSTSSource); + + TransportSecurityState state; + TransportSecurityStateTest::EnableStaticPins(&state); + TransportSecurityStateTest::EnableStaticExpectCT(&state); + TransportSecurityStateTest::SetEnableStaticExpectStaple(&state, true); + + TransportSecurityState::STSState sts_state; + TransportSecurityState::PKPState pkp_state; + TransportSecurityState::ExpectCTState ct_state; + TransportSecurityState::ExpectStapleState staple_state; + + EXPECT_TRUE( + GetStaticDomainState(&state, "hsts.example.com", &sts_state, &pkp_state)); + EXPECT_FALSE(sts_state.include_subdomains); + EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, + sts_state.upgrade_mode); + EXPECT_FALSE(pkp_state.include_subdomains); + EXPECT_EQ(GURL(), pkp_state.report_uri); + EXPECT_EQ(0U, pkp_state.spki_hashes.size()); + EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); + EXPECT_FALSE(GetExpectCTState(&state, "hsts.example.com", &ct_state)); + EXPECT_FALSE(GetExpectStapleState(&state, "hsts.example.com", &staple_state)); + + sts_state = TransportSecurityState::STSState(); + pkp_state = TransportSecurityState::PKPState(); + ct_state = TransportSecurityState::ExpectCTState(); + staple_state = TransportSecurityState::ExpectStapleState(); + EXPECT_TRUE( + GetStaticDomainState(&state, "hpkp.example.com", &sts_state, &pkp_state)); + EXPECT_FALSE(sts_state.include_subdomains); + EXPECT_EQ(TransportSecurityState::STSState::MODE_DEFAULT, + sts_state.upgrade_mode); + EXPECT_TRUE(pkp_state.include_subdomains); + EXPECT_EQ(GURL("https://report.example.com/hpkp-upload"), + pkp_state.report_uri); + EXPECT_EQ(1U, pkp_state.spki_hashes.size()); + EXPECT_EQ(pkp_state.spki_hashes[0], GetSampleSPKIHash(0x1)); + EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); + EXPECT_FALSE(GetExpectCTState(&state, "hpkp.example.com", &ct_state)); + EXPECT_FALSE(GetExpectStapleState(&state, "hpkp.example.com", &staple_state)); + + sts_state = TransportSecurityState::STSState(); + pkp_state = TransportSecurityState::PKPState(); + ct_state = TransportSecurityState::ExpectCTState(); + staple_state = TransportSecurityState::ExpectStapleState(); + EXPECT_TRUE(GetStaticDomainState(&state, "expect-ct.example.com", &sts_state, + &pkp_state)); + EXPECT_FALSE(sts_state.include_subdomains); + EXPECT_EQ(TransportSecurityState::STSState::MODE_DEFAULT, + sts_state.upgrade_mode); + EXPECT_FALSE(pkp_state.include_subdomains); + EXPECT_EQ(GURL(), pkp_state.report_uri); + EXPECT_EQ(0U, pkp_state.spki_hashes.size()); + EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); + EXPECT_TRUE(GetExpectCTState(&state, "expect-ct.example.com", &ct_state)); + EXPECT_EQ(GURL("https://report.example.com/ct-upload"), ct_state.report_uri); + EXPECT_FALSE( + GetExpectStapleState(&state, "expect-ct.example.com", &staple_state)); + + sts_state = TransportSecurityState::STSState(); + pkp_state = TransportSecurityState::PKPState(); + ct_state = TransportSecurityState::ExpectCTState(); + staple_state = TransportSecurityState::ExpectStapleState(); + EXPECT_TRUE(GetStaticDomainState(&state, "expect-staple.example.com", + &sts_state, &pkp_state)); + EXPECT_FALSE(sts_state.include_subdomains); + EXPECT_EQ(TransportSecurityState::STSState::MODE_DEFAULT, + sts_state.upgrade_mode); + EXPECT_FALSE(pkp_state.include_subdomains); + EXPECT_EQ(GURL(), pkp_state.report_uri); + EXPECT_EQ(0U, pkp_state.spki_hashes.size()); + EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); + EXPECT_FALSE( + GetExpectCTState(&state, "expect-staple.example.com", &ct_state)); + EXPECT_TRUE( + GetExpectStapleState(&state, "expect-staple.example.com", &staple_state)); + EXPECT_FALSE(staple_state.include_subdomains); + EXPECT_EQ(GURL("https://report.example.com/staple-upload"), + staple_state.report_uri); + + sts_state = TransportSecurityState::STSState(); + pkp_state = TransportSecurityState::PKPState(); + ct_state = TransportSecurityState::ExpectCTState(); + staple_state = TransportSecurityState::ExpectStapleState(); + EXPECT_TRUE( + GetStaticDomainState(&state, "mix.example.com", &sts_state, &pkp_state)); + EXPECT_FALSE(sts_state.include_subdomains); + EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, + sts_state.upgrade_mode); + EXPECT_TRUE(pkp_state.include_subdomains); + EXPECT_EQ(GURL(), pkp_state.report_uri); + EXPECT_EQ(1U, pkp_state.spki_hashes.size()); + EXPECT_EQ(pkp_state.spki_hashes[0], GetSampleSPKIHash(0x2)); + EXPECT_EQ(1U, pkp_state.bad_spki_hashes.size()); + EXPECT_EQ(pkp_state.bad_spki_hashes[0], GetSampleSPKIHash(0x1)); + EXPECT_TRUE(GetExpectCTState(&state, "mix.example.com", &ct_state)); + EXPECT_EQ(GURL("https://report.example.com/ct-upload-alt"), + ct_state.report_uri); + EXPECT_TRUE(GetExpectStapleState(&state, "mix.example.com", &staple_state)); + EXPECT_TRUE(staple_state.include_subdomains); + EXPECT_EQ(GURL("https://report.example.com/staple-upload-alt"), + staple_state.report_uri); +} + +// More advanced test for the HSTS preload process where the trie (generated +// from transport_security_state_static_unittest3.json) contains a mix of +// entries. Some entries share a prefix with the prefix also having its own +// preloaded state while others share no prefix. This results in a trie with +// several different internal structures. Test that the lookup methods can find +// all entries and correctly decode the different preloaded states (HSTS, HPKP, +// Expect-CT, and Expect-Staple) for each entry. +TEST_F(TransportSecurityStateTest, DecodePreloadedMultipleMix) { + SetTransportSecurityStateSourceForTesting(&test3::kHSTSSource); + + TransportSecurityState state; + TransportSecurityStateTest::EnableStaticPins(&state); + TransportSecurityStateTest::EnableStaticExpectCT(&state); + TransportSecurityStateTest::SetEnableStaticExpectStaple(&state, true); + + TransportSecurityState::STSState sts_state; + TransportSecurityState::PKPState pkp_state; + TransportSecurityState::ExpectCTState ct_state; + TransportSecurityState::ExpectStapleState staple_state; + + EXPECT_TRUE( + GetStaticDomainState(&state, "example.com", &sts_state, &pkp_state)); + EXPECT_TRUE(sts_state.include_subdomains); + EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, + sts_state.upgrade_mode); + EXPECT_FALSE(pkp_state.include_subdomains); + EXPECT_EQ(GURL(), pkp_state.report_uri); + EXPECT_EQ(0U, pkp_state.spki_hashes.size()); + EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); + EXPECT_FALSE(GetExpectCTState(&state, "example.com", &ct_state)); + EXPECT_EQ(GURL(), ct_state.report_uri); + EXPECT_TRUE(GetExpectStapleState(&state, "example.com", &staple_state)); + EXPECT_FALSE(staple_state.include_subdomains); + EXPECT_EQ(GURL("https://report.example.com/staple-upload"), + staple_state.report_uri); + + sts_state = TransportSecurityState::STSState(); + pkp_state = TransportSecurityState::PKPState(); + ct_state = TransportSecurityState::ExpectCTState(); + staple_state = TransportSecurityState::ExpectStapleState(); + EXPECT_TRUE( + GetStaticDomainState(&state, "hpkp.example.com", &sts_state, &pkp_state)); + EXPECT_FALSE(sts_state.include_subdomains); + EXPECT_EQ(TransportSecurityState::STSState::MODE_DEFAULT, + sts_state.upgrade_mode); + EXPECT_TRUE(pkp_state.include_subdomains); + EXPECT_EQ(GURL("https://report.example.com/hpkp-upload"), + pkp_state.report_uri); + EXPECT_EQ(1U, pkp_state.spki_hashes.size()); + EXPECT_EQ(pkp_state.spki_hashes[0], GetSampleSPKIHash(0x1)); + EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); + EXPECT_FALSE(GetExpectCTState(&state, "hpkp.example.com", &ct_state)); + EXPECT_EQ(GURL(), ct_state.report_uri); + EXPECT_FALSE(GetExpectStapleState(&state, "hpkp.example.com", &staple_state)); + EXPECT_FALSE(staple_state.include_subdomains); + EXPECT_EQ(GURL(), staple_state.report_uri); + + sts_state = TransportSecurityState::STSState(); + pkp_state = TransportSecurityState::PKPState(); + ct_state = TransportSecurityState::ExpectCTState(); + staple_state = TransportSecurityState::ExpectStapleState(); + EXPECT_TRUE( + GetStaticDomainState(&state, "example.org", &sts_state, &pkp_state)); + EXPECT_FALSE(sts_state.include_subdomains); + EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, + sts_state.upgrade_mode); + EXPECT_FALSE(pkp_state.include_subdomains); + EXPECT_EQ(GURL(), pkp_state.report_uri); + EXPECT_EQ(0U, pkp_state.spki_hashes.size()); + EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); + EXPECT_TRUE(GetExpectCTState(&state, "example.org", &ct_state)); + EXPECT_EQ(GURL("https://report.example.org/ct-upload"), ct_state.report_uri); + EXPECT_FALSE(GetExpectStapleState(&state, "example.org", &staple_state)); + EXPECT_FALSE(staple_state.include_subdomains); + EXPECT_EQ(GURL(), staple_state.report_uri); + + sts_state = TransportSecurityState::STSState(); + pkp_state = TransportSecurityState::PKPState(); + ct_state = TransportSecurityState::ExpectCTState(); + staple_state = TransportSecurityState::ExpectStapleState(); + EXPECT_TRUE( + GetStaticDomainState(&state, "badssl.com", &sts_state, &pkp_state)); + EXPECT_TRUE(sts_state.include_subdomains); + EXPECT_EQ(TransportSecurityState::STSState::MODE_DEFAULT, + sts_state.upgrade_mode); + EXPECT_TRUE(pkp_state.include_subdomains); + EXPECT_EQ(GURL("https://report.example.com/hpkp-upload"), + pkp_state.report_uri); + EXPECT_EQ(1U, pkp_state.spki_hashes.size()); + EXPECT_EQ(pkp_state.spki_hashes[0], GetSampleSPKIHash(0x1)); + EXPECT_EQ(0U, pkp_state.bad_spki_hashes.size()); + EXPECT_FALSE(GetExpectCTState(&state, "badssl.com", &ct_state)); + EXPECT_EQ(GURL(), ct_state.report_uri); + EXPECT_TRUE(GetExpectStapleState(&state, "badssl.com", &staple_state)); + EXPECT_TRUE(staple_state.include_subdomains); + EXPECT_EQ(GURL("https://report.badssl.com/staple-upload"), + staple_state.report_uri); + + sts_state = TransportSecurityState::STSState(); + pkp_state = TransportSecurityState::PKPState(); + ct_state = TransportSecurityState::ExpectCTState(); + staple_state = TransportSecurityState::ExpectStapleState(); + EXPECT_TRUE( + GetStaticDomainState(&state, "mix.badssl.com", &sts_state, &pkp_state)); + EXPECT_FALSE(sts_state.include_subdomains); + EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS, + sts_state.upgrade_mode); + EXPECT_TRUE(pkp_state.include_subdomains); + EXPECT_EQ(GURL(), pkp_state.report_uri); + EXPECT_EQ(1U, pkp_state.spki_hashes.size()); + EXPECT_EQ(pkp_state.spki_hashes[0], GetSampleSPKIHash(0x2)); + EXPECT_EQ(1U, pkp_state.bad_spki_hashes.size()); + EXPECT_EQ(pkp_state.bad_spki_hashes[0], GetSampleSPKIHash(0x1)); + EXPECT_TRUE(GetExpectCTState(&state, "mix.badssl.com", &ct_state)); + EXPECT_EQ(GURL("https://report.example.com/ct-upload"), ct_state.report_uri); + EXPECT_TRUE(GetExpectStapleState(&state, "mix.badssl.com", &staple_state)); + EXPECT_TRUE(staple_state.include_subdomains); + EXPECT_EQ(GURL("https://report.badssl.com/staple-upload"), + staple_state.report_uri); +} + static const struct ExpectStapleErrorResponseData { OCSPVerifyResult::ResponseStatus response_status; std::string response_status_string; diff --git a/chromium/net/http2/decoder/http2_frame_decoder_test.cc b/chromium/net/http2/decoder/http2_frame_decoder_test.cc index a2380d9e139..60089478ca3 100644 --- a/chromium/net/http2/decoder/http2_frame_decoder_test.cc +++ b/chromium/net/http2/decoder/http2_frame_decoder_test.cc @@ -11,10 +11,10 @@ #include <vector> #include "base/logging.h" -#include "net/http2/decoder/frame_parts.h" -#include "net/http2/decoder/frame_parts_collector_listener.h" #include "net/http2/http2_constants.h" #include "net/http2/platform/api/http2_reconstruct_object.h" +#include "net/http2/test_tools/frame_parts.h" +#include "net/http2/test_tools/frame_parts_collector_listener.h" #include "net/http2/tools/failure.h" #include "net/http2/tools/http2_random.h" #include "net/http2/tools/random_decoder_test.h" diff --git a/chromium/net/http2/decoder/payload_decoders/altsvc_payload_decoder_test.cc b/chromium/net/http2/decoder/payload_decoders/altsvc_payload_decoder_test.cc index 5fa62d61fa3..87f9074a427 100644 --- a/chromium/net/http2/decoder/payload_decoders/altsvc_payload_decoder_test.cc +++ b/chromium/net/http2/decoder/payload_decoders/altsvc_payload_decoder_test.cc @@ -9,12 +9,12 @@ #include <string> #include "base/logging.h" -#include "net/http2/decoder/frame_parts.h" -#include "net/http2/decoder/frame_parts_collector.h" #include "net/http2/decoder/http2_frame_decoder_listener.h" #include "net/http2/decoder/payload_decoders/payload_decoder_base_test_util.h" #include "net/http2/http2_constants.h" #include "net/http2/http2_structures_test_util.h" +#include "net/http2/test_tools/frame_parts.h" +#include "net/http2/test_tools/frame_parts_collector.h" #include "net/http2/tools/http2_frame_builder.h" #include "net/http2/tools/http2_random.h" #include "net/http2/tools/random_decoder_test.h" diff --git a/chromium/net/http2/decoder/payload_decoders/continuation_payload_decoder_test.cc b/chromium/net/http2/decoder/payload_decoders/continuation_payload_decoder_test.cc index 32440396a39..33657f975e4 100644 --- a/chromium/net/http2/decoder/payload_decoders/continuation_payload_decoder_test.cc +++ b/chromium/net/http2/decoder/payload_decoders/continuation_payload_decoder_test.cc @@ -10,12 +10,12 @@ #include <type_traits> #include "base/logging.h" -#include "net/http2/decoder/frame_parts.h" -#include "net/http2/decoder/frame_parts_collector.h" #include "net/http2/decoder/http2_frame_decoder_listener.h" #include "net/http2/decoder/payload_decoders/payload_decoder_base_test_util.h" #include "net/http2/http2_constants.h" #include "net/http2/http2_structures.h" +#include "net/http2/test_tools/frame_parts.h" +#include "net/http2/test_tools/frame_parts_collector.h" #include "net/http2/tools/random_decoder_test.h" #include "testing/gtest/include/gtest/gtest.h" diff --git a/chromium/net/http2/decoder/payload_decoders/data_payload_decoder_test.cc b/chromium/net/http2/decoder/payload_decoders/data_payload_decoder_test.cc index bedb32f35b7..d8c314a7a8a 100644 --- a/chromium/net/http2/decoder/payload_decoders/data_payload_decoder_test.cc +++ b/chromium/net/http2/decoder/payload_decoders/data_payload_decoder_test.cc @@ -9,13 +9,13 @@ #include <string> #include "base/logging.h" -#include "net/http2/decoder/frame_parts.h" -#include "net/http2/decoder/frame_parts_collector.h" #include "net/http2/decoder/http2_frame_decoder_listener.h" #include "net/http2/decoder/payload_decoders/payload_decoder_base_test_util.h" #include "net/http2/http2_constants.h" #include "net/http2/http2_structures.h" #include "net/http2/http2_structures_test_util.h" +#include "net/http2/test_tools/frame_parts.h" +#include "net/http2/test_tools/frame_parts_collector.h" #include "net/http2/tools/failure.h" #include "net/http2/tools/http2_frame_builder.h" #include "net/http2/tools/http2_random.h" diff --git a/chromium/net/http2/decoder/payload_decoders/goaway_payload_decoder_test.cc b/chromium/net/http2/decoder/payload_decoders/goaway_payload_decoder_test.cc index cddda79c78e..28092bae127 100644 --- a/chromium/net/http2/decoder/payload_decoders/goaway_payload_decoder_test.cc +++ b/chromium/net/http2/decoder/payload_decoders/goaway_payload_decoder_test.cc @@ -9,12 +9,12 @@ #include <string> #include "base/logging.h" -#include "net/http2/decoder/frame_parts.h" -#include "net/http2/decoder/frame_parts_collector.h" #include "net/http2/decoder/http2_frame_decoder_listener.h" #include "net/http2/decoder/payload_decoders/payload_decoder_base_test_util.h" #include "net/http2/http2_constants.h" #include "net/http2/http2_structures_test_util.h" +#include "net/http2/test_tools/frame_parts.h" +#include "net/http2/test_tools/frame_parts_collector.h" #include "net/http2/tools/http2_frame_builder.h" #include "net/http2/tools/http2_random.h" #include "net/http2/tools/random_decoder_test.h" diff --git a/chromium/net/http2/decoder/payload_decoders/headers_payload_decoder_test.cc b/chromium/net/http2/decoder/payload_decoders/headers_payload_decoder_test.cc index 69bf56ffdc5..227047c85a4 100644 --- a/chromium/net/http2/decoder/payload_decoders/headers_payload_decoder_test.cc +++ b/chromium/net/http2/decoder/payload_decoders/headers_payload_decoder_test.cc @@ -9,12 +9,12 @@ #include <string> #include "base/logging.h" -#include "net/http2/decoder/frame_parts.h" -#include "net/http2/decoder/frame_parts_collector.h" #include "net/http2/decoder/http2_frame_decoder_listener.h" #include "net/http2/decoder/payload_decoders/payload_decoder_base_test_util.h" #include "net/http2/http2_constants.h" #include "net/http2/http2_structures_test_util.h" +#include "net/http2/test_tools/frame_parts.h" +#include "net/http2/test_tools/frame_parts_collector.h" #include "net/http2/tools/http2_frame_builder.h" #include "net/http2/tools/http2_random.h" #include "net/http2/tools/random_decoder_test.h" diff --git a/chromium/net/http2/decoder/payload_decoders/payload_decoder_base_test_util.h b/chromium/net/http2/decoder/payload_decoders/payload_decoder_base_test_util.h index ee2dc6045fb..3654278a7ef 100644 --- a/chromium/net/http2/decoder/payload_decoders/payload_decoder_base_test_util.h +++ b/chromium/net/http2/decoder/payload_decoders/payload_decoder_base_test_util.h @@ -16,12 +16,12 @@ #include "net/http2/decoder/decode_buffer.h" #include "net/http2/decoder/decode_status.h" #include "net/http2/decoder/frame_decoder_state.h" -#include "net/http2/decoder/frame_parts.h" #include "net/http2/decoder/http2_frame_decoder_listener.h" #include "net/http2/http2_constants.h" #include "net/http2/http2_constants_test_util.h" #include "net/http2/http2_structures.h" #include "net/http2/platform/api/http2_reconstruct_object.h" +#include "net/http2/test_tools/frame_parts.h" #include "net/http2/tools/http2_frame_builder.h" #include "net/http2/tools/random_decoder_test.h" #include "testing/gtest/include/gtest/gtest.h" diff --git a/chromium/net/http2/decoder/payload_decoders/ping_payload_decoder_test.cc b/chromium/net/http2/decoder/payload_decoders/ping_payload_decoder_test.cc index 573341177c9..aefc282088b 100644 --- a/chromium/net/http2/decoder/payload_decoders/ping_payload_decoder_test.cc +++ b/chromium/net/http2/decoder/payload_decoders/ping_payload_decoder_test.cc @@ -7,12 +7,12 @@ #include <stddef.h> #include "base/logging.h" -#include "net/http2/decoder/frame_parts.h" -#include "net/http2/decoder/frame_parts_collector.h" #include "net/http2/decoder/http2_frame_decoder_listener.h" #include "net/http2/decoder/payload_decoders/payload_decoder_base_test_util.h" #include "net/http2/http2_constants.h" #include "net/http2/http2_structures_test_util.h" +#include "net/http2/test_tools/frame_parts.h" +#include "net/http2/test_tools/frame_parts_collector.h" #include "net/http2/tools/http2_frame_builder.h" #include "net/http2/tools/http2_random.h" #include "net/http2/tools/random_decoder_test.h" diff --git a/chromium/net/http2/decoder/payload_decoders/priority_payload_decoder_test.cc b/chromium/net/http2/decoder/payload_decoders/priority_payload_decoder_test.cc index d40b07c8dd3..64b7f1d1a54 100644 --- a/chromium/net/http2/decoder/payload_decoders/priority_payload_decoder_test.cc +++ b/chromium/net/http2/decoder/payload_decoders/priority_payload_decoder_test.cc @@ -7,12 +7,12 @@ #include <stddef.h> #include "base/logging.h" -#include "net/http2/decoder/frame_parts.h" -#include "net/http2/decoder/frame_parts_collector.h" #include "net/http2/decoder/http2_frame_decoder_listener.h" #include "net/http2/decoder/payload_decoders/payload_decoder_base_test_util.h" #include "net/http2/http2_constants.h" #include "net/http2/http2_structures_test_util.h" +#include "net/http2/test_tools/frame_parts.h" +#include "net/http2/test_tools/frame_parts_collector.h" #include "net/http2/tools/http2_frame_builder.h" #include "net/http2/tools/http2_random.h" #include "net/http2/tools/random_decoder_test.h" diff --git a/chromium/net/http2/decoder/payload_decoders/push_promise_payload_decoder_test.cc b/chromium/net/http2/decoder/payload_decoders/push_promise_payload_decoder_test.cc index f7d8383650b..1b3f642a5dd 100644 --- a/chromium/net/http2/decoder/payload_decoders/push_promise_payload_decoder_test.cc +++ b/chromium/net/http2/decoder/payload_decoders/push_promise_payload_decoder_test.cc @@ -9,12 +9,12 @@ #include <string> #include "base/logging.h" -#include "net/http2/decoder/frame_parts.h" -#include "net/http2/decoder/frame_parts_collector.h" #include "net/http2/decoder/http2_frame_decoder_listener.h" #include "net/http2/decoder/payload_decoders/payload_decoder_base_test_util.h" #include "net/http2/http2_constants.h" #include "net/http2/http2_structures_test_util.h" +#include "net/http2/test_tools/frame_parts.h" +#include "net/http2/test_tools/frame_parts_collector.h" #include "net/http2/tools/http2_frame_builder.h" #include "net/http2/tools/http2_random.h" #include "net/http2/tools/random_decoder_test.h" diff --git a/chromium/net/http2/decoder/payload_decoders/rst_stream_payload_decoder_test.cc b/chromium/net/http2/decoder/payload_decoders/rst_stream_payload_decoder_test.cc index 88bd80366dc..df712cc5d8a 100644 --- a/chromium/net/http2/decoder/payload_decoders/rst_stream_payload_decoder_test.cc +++ b/chromium/net/http2/decoder/payload_decoders/rst_stream_payload_decoder_test.cc @@ -7,13 +7,13 @@ #include <stddef.h> #include "base/logging.h" -#include "net/http2/decoder/frame_parts.h" -#include "net/http2/decoder/frame_parts_collector.h" #include "net/http2/decoder/http2_frame_decoder_listener.h" #include "net/http2/decoder/payload_decoders/payload_decoder_base_test_util.h" #include "net/http2/http2_constants.h" #include "net/http2/http2_constants_test_util.h" #include "net/http2/http2_structures_test_util.h" +#include "net/http2/test_tools/frame_parts.h" +#include "net/http2/test_tools/frame_parts_collector.h" #include "net/http2/tools/http2_frame_builder.h" #include "net/http2/tools/http2_random.h" #include "net/http2/tools/random_decoder_test.h" diff --git a/chromium/net/http2/decoder/payload_decoders/settings_payload_decoder_test.cc b/chromium/net/http2/decoder/payload_decoders/settings_payload_decoder_test.cc index 6f065c63761..ede5182406a 100644 --- a/chromium/net/http2/decoder/payload_decoders/settings_payload_decoder_test.cc +++ b/chromium/net/http2/decoder/payload_decoders/settings_payload_decoder_test.cc @@ -9,13 +9,13 @@ #include <vector> #include "base/logging.h" -#include "net/http2/decoder/frame_parts.h" -#include "net/http2/decoder/frame_parts_collector.h" #include "net/http2/decoder/http2_frame_decoder_listener.h" #include "net/http2/decoder/payload_decoders/payload_decoder_base_test_util.h" #include "net/http2/http2_constants.h" #include "net/http2/http2_constants_test_util.h" #include "net/http2/http2_structures_test_util.h" +#include "net/http2/test_tools/frame_parts.h" +#include "net/http2/test_tools/frame_parts_collector.h" #include "net/http2/tools/http2_frame_builder.h" #include "net/http2/tools/http2_random.h" #include "net/http2/tools/random_decoder_test.h" diff --git a/chromium/net/http2/decoder/payload_decoders/unknown_payload_decoder_test.cc b/chromium/net/http2/decoder/payload_decoders/unknown_payload_decoder_test.cc index 302cec47cc9..05650c28d66 100644 --- a/chromium/net/http2/decoder/payload_decoders/unknown_payload_decoder_test.cc +++ b/chromium/net/http2/decoder/payload_decoders/unknown_payload_decoder_test.cc @@ -10,12 +10,12 @@ #include <type_traits> #include "base/logging.h" -#include "net/http2/decoder/frame_parts.h" -#include "net/http2/decoder/frame_parts_collector.h" #include "net/http2/decoder/http2_frame_decoder_listener.h" #include "net/http2/decoder/payload_decoders/payload_decoder_base_test_util.h" #include "net/http2/http2_constants.h" #include "net/http2/http2_structures.h" +#include "net/http2/test_tools/frame_parts.h" +#include "net/http2/test_tools/frame_parts_collector.h" #include "net/http2/tools/http2_random.h" #include "net/http2/tools/random_decoder_test.h" #include "testing/gtest/include/gtest/gtest.h" diff --git a/chromium/net/http2/decoder/payload_decoders/window_update_payload_decoder_test.cc b/chromium/net/http2/decoder/payload_decoders/window_update_payload_decoder_test.cc index 5914b81669c..cfc64f10c92 100644 --- a/chromium/net/http2/decoder/payload_decoders/window_update_payload_decoder_test.cc +++ b/chromium/net/http2/decoder/payload_decoders/window_update_payload_decoder_test.cc @@ -7,12 +7,12 @@ #include <stddef.h> #include "base/logging.h" -#include "net/http2/decoder/frame_parts.h" -#include "net/http2/decoder/frame_parts_collector.h" #include "net/http2/decoder/http2_frame_decoder_listener.h" #include "net/http2/decoder/payload_decoders/payload_decoder_base_test_util.h" #include "net/http2/http2_constants.h" #include "net/http2/http2_structures_test_util.h" +#include "net/http2/test_tools/frame_parts.h" +#include "net/http2/test_tools/frame_parts_collector.h" #include "net/http2/tools/http2_frame_builder.h" #include "net/http2/tools/http2_random.h" #include "net/http2/tools/random_decoder_test.h" diff --git a/chromium/net/http2/http2_structures_test.cc b/chromium/net/http2/http2_structures_test.cc index a87b3a0d6dc..cce65fe6174 100644 --- a/chromium/net/http2/http2_structures_test.cc +++ b/chromium/net/http2/http2_structures_test.cc @@ -18,7 +18,6 @@ #include <type_traits> #include <vector> -#include "base/template_util.h" #include "net/http2/http2_structures_test_util.h" #include "net/http2/tools/failure.h" #include "net/http2/tools/http2_random.h" @@ -42,7 +41,7 @@ namespace { template <typename E> E IncrementEnum(E e) { - typedef typename base::underlying_type<E>::type I; + using I = typename std::underlying_type<E>::type; return static_cast<E>(1 + static_cast<I>(e)); } diff --git a/chromium/net/http2/decoder/frame_parts.cc b/chromium/net/http2/test_tools/frame_parts.cc index 27315164b82..b7079dd00b0 100644 --- a/chromium/net/http2/decoder/frame_parts.cc +++ b/chromium/net/http2/test_tools/frame_parts.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/http2/decoder/frame_parts.h" +#include "net/http2/test_tools/frame_parts.h" #include <type_traits> diff --git a/chromium/net/http2/decoder/frame_parts.h b/chromium/net/http2/test_tools/frame_parts.h index a3af553a60d..f2d9dcef0c5 100644 --- a/chromium/net/http2/decoder/frame_parts.h +++ b/chromium/net/http2/test_tools/frame_parts.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef NET_HTTP2_DECODER_FRAME_PARTS_H_ -#define NET_HTTP2_DECODER_FRAME_PARTS_H_ +#ifndef NET_HTTP2_TEST_TOOLS_FRAME_PARTS_H_ +#define NET_HTTP2_TEST_TOOLS_FRAME_PARTS_H_ // FrameParts implements Http2FrameDecoderListener, recording the callbacks // during the decoding of a single frame. It is also used for comparing the @@ -174,4 +174,4 @@ struct FrameParts : public Http2FrameDecoderListener { } // namespace test } // namespace net -#endif // NET_HTTP2_DECODER_FRAME_PARTS_H_ +#endif // NET_HTTP2_TEST_TOOLS_FRAME_PARTS_H_ diff --git a/chromium/net/http2/decoder/frame_parts_collector.cc b/chromium/net/http2/test_tools/frame_parts_collector.cc index 05c54880105..18978d74132 100644 --- a/chromium/net/http2/decoder/frame_parts_collector.cc +++ b/chromium/net/http2/test_tools/frame_parts_collector.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/http2/decoder/frame_parts_collector.h" +#include "net/http2/test_tools/frame_parts_collector.h" #include <utility> diff --git a/chromium/net/http2/decoder/frame_parts_collector.h b/chromium/net/http2/test_tools/frame_parts_collector.h index c411e48eabd..e1288ce6aa8 100644 --- a/chromium/net/http2/decoder/frame_parts_collector.h +++ b/chromium/net/http2/test_tools/frame_parts_collector.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef NET_HTTP2_DECODER_FRAME_PARTS_COLLECTOR_H_ -#define NET_HTTP2_DECODER_FRAME_PARTS_COLLECTOR_H_ +#ifndef NET_HTTP2_TEST_TOOLS_FRAME_PARTS_COLLECTOR_H_ +#define NET_HTTP2_TEST_TOOLS_FRAME_PARTS_COLLECTOR_H_ // FramePartsCollector is a base class for Http2FrameDecoderListener // implementations that create one FrameParts instance for each decoded frame. @@ -13,10 +13,10 @@ #include <memory> #include <vector> -#include "net/http2/decoder/frame_parts.h" #include "net/http2/decoder/http2_frame_decoder_listener.h" #include "net/http2/decoder/http2_frame_decoder_listener_test_util.h" #include "net/http2/http2_structures.h" +#include "net/http2/test_tools/frame_parts.h" namespace net { namespace test { @@ -113,4 +113,4 @@ class FramePartsCollector : public FailingHttp2FrameDecoderListener { } // namespace test } // namespace net -#endif // NET_HTTP2_DECODER_FRAME_PARTS_COLLECTOR_H_ +#endif // NET_HTTP2_TEST_TOOLS_FRAME_PARTS_COLLECTOR_H_ diff --git a/chromium/net/http2/decoder/frame_parts_collector_listener.cc b/chromium/net/http2/test_tools/frame_parts_collector_listener.cc index 83a1ea34fca..609609e6948 100644 --- a/chromium/net/http2/decoder/frame_parts_collector_listener.cc +++ b/chromium/net/http2/test_tools/frame_parts_collector_listener.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/http2/decoder/frame_parts_collector_listener.h" +#include "net/http2/test_tools/frame_parts_collector_listener.h" #include "base/logging.h" #include "testing/gtest/include/gtest/gtest.h" diff --git a/chromium/net/http2/decoder/frame_parts_collector_listener.h b/chromium/net/http2/test_tools/frame_parts_collector_listener.h index 89b7fed1027..2767862a3f3 100644 --- a/chromium/net/http2/decoder/frame_parts_collector_listener.h +++ b/chromium/net/http2/test_tools/frame_parts_collector_listener.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef NET_HTTP2_DECODER_FRAME_PARTS_COLLECTOR_LISTENER_H_ -#define NET_HTTP2_DECODER_FRAME_PARTS_COLLECTOR_LISTENER_H_ +#ifndef NET_HTTP2_TEST_TOOLS_FRAME_PARTS_COLLECTOR_LISTENER_H_ +#define NET_HTTP2_TEST_TOOLS_FRAME_PARTS_COLLECTOR_LISTENER_H_ // FramePartsCollectorListener extends FramePartsCollector with an // implementation of every method of Http2FrameDecoderListener; it is @@ -14,10 +14,10 @@ #include <stddef.h> -#include "net/http2/decoder/frame_parts_collector.h" #include "net/http2/decoder/http2_frame_decoder_listener.h" #include "net/http2/http2_constants.h" #include "net/http2/http2_structures.h" +#include "net/http2/test_tools/frame_parts_collector.h" namespace net { namespace test { @@ -80,4 +80,4 @@ class FramePartsCollectorListener : public FramePartsCollector { } // namespace test } // namespace net -#endif // NET_HTTP2_DECODER_FRAME_PARTS_COLLECTOR_LISTENER_H_ +#endif // NET_HTTP2_TEST_TOOLS_FRAME_PARTS_COLLECTOR_LISTENER_H_ diff --git a/chromium/net/http2/tools/random_decoder_test.h b/chromium/net/http2/tools/random_decoder_test.h index 5cb10f647fe..ea61dc7f920 100644 --- a/chromium/net/http2/tools/random_decoder_test.h +++ b/chromium/net/http2/tools/random_decoder_test.h @@ -19,7 +19,6 @@ #include "base/logging.h" #include "base/strings/string_piece.h" -#include "base/template_util.h" #include "net/http2/decoder/decode_buffer.h" #include "net/http2/decoder/decode_status.h" #include "net/http2/tools/failure.h" @@ -49,9 +48,9 @@ void CorruptEnum(T* out, RandomBase* rng) { // resulting value is the smallest unsigned value equal to the source value // modulo 2^n, where n is the number of bits used to represent the // destination type unsigned U. - typedef typename base::underlying_type<T>::type underlying_type_T; - typedef typename std::make_unsigned<underlying_type_T>::type - unsigned_underlying_type_T; + using underlying_type_T = typename std::underlying_type<T>::type; + using unsigned_underlying_type_T = + typename std::make_unsigned<underlying_type_T>::type; auto r = static_cast<unsigned_underlying_type_T>(rng->Rand32()); *out = static_cast<T>(r); } diff --git a/chromium/net/interfaces/BUILD.gn b/chromium/net/interfaces/BUILD.gn index ba7b53ff23d..659103680f3 100644 --- a/chromium/net/interfaces/BUILD.gn +++ b/chromium/net/interfaces/BUILD.gn @@ -7,6 +7,7 @@ import("//mojo/public/tools/bindings/mojom.gni") mojom("interfaces") { sources = [ "host_resolver_service.mojom", + "ip_address.mojom", "proxy_resolver_service.mojom", ] public_deps = [ diff --git a/chromium/net/interfaces/OWNERS b/chromium/net/interfaces/OWNERS index 08850f42120..2c44a463856 100644 --- a/chromium/net/interfaces/OWNERS +++ b/chromium/net/interfaces/OWNERS @@ -1,2 +1,6 @@ per-file *.mojom=set noparent per-file *.mojom=file://ipc/SECURITY_OWNERS +per-file *_struct_traits*.*=set noparent +per-file *_struct_traits*.*=file://ipc/SECURITY_OWNERS +per-file *.typemap=set noparent +per-file *.typemap=file://ipc/SECURITY_OWNERS diff --git a/chromium/net/interfaces/ip_address.mojom b/chromium/net/interfaces/ip_address.mojom new file mode 100644 index 00000000000..012b81c4342 --- /dev/null +++ b/chromium/net/interfaces/ip_address.mojom @@ -0,0 +1,12 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +module net.interfaces; + +// Mirror of net::IPAddress. +struct IPAddress { + // IP address as a numeric value from most to least significant byte. + // Will be of length 4 for IPv4 addresses and 16 for IPv6. + array<uint8> address; +}; diff --git a/chromium/net/interfaces/ip_address.typemap b/chromium/net/interfaces/ip_address.typemap new file mode 100644 index 00000000000..64488d6b45f --- /dev/null +++ b/chromium/net/interfaces/ip_address.typemap @@ -0,0 +1,14 @@ +# Copyright 2017 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +mojom = "//net/interfaces/ip_address.mojom" +public_headers = [ "//net/base/ip_address.h" ] +traits_headers = [ "//net/interfaces/ip_address_struct_traits.h" ] +sources = [ + "//net/interfaces/ip_address_struct_traits.cc", +] +type_mappings = [ "net.interfaces.IPAddress=net::IPAddress" ] +public_deps = [ + "//net", +] diff --git a/chromium/net/interfaces/ip_address_struct_traits.cc b/chromium/net/interfaces/ip_address_struct_traits.cc new file mode 100644 index 00000000000..b23ac880cb0 --- /dev/null +++ b/chromium/net/interfaces/ip_address_struct_traits.cc @@ -0,0 +1,20 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/interfaces/ip_address_struct_traits.h" + +namespace mojo { +// static +bool StructTraits<net::interfaces::IPAddressDataView, net::IPAddress>::Read( + net::interfaces::IPAddressDataView data, + net::IPAddress* out) { + std::vector<uint8_t> bytes; + if (!data.ReadAddress(&bytes)) + return false; + + *out = net::IPAddress(bytes); + return out->IsValid(); +} + +} // namespace mojo diff --git a/chromium/net/interfaces/ip_address_struct_traits.h b/chromium/net/interfaces/ip_address_struct_traits.h new file mode 100644 index 00000000000..9c97baf8f6f --- /dev/null +++ b/chromium/net/interfaces/ip_address_struct_traits.h @@ -0,0 +1,24 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_INTERFACES_IP_ADDRESS_STRUCT_TRAITS_H_ +#define NET_INTERFACES_IP_ADDRESS_STRUCT_TRAITS_H_ + +#include "mojo/public/cpp/bindings/struct_traits.h" +#include "net/base/ip_address.h" +#include "net/interfaces/ip_address.mojom.h" + +namespace mojo { +template <> +struct StructTraits<net::interfaces::IPAddressDataView, net::IPAddress> { + static const std::vector<uint8_t>& address(const net::IPAddress& ip_address) { + return ip_address.bytes(); + } + + static bool Read(net::interfaces::IPAddressDataView obj, net::IPAddress* out); +}; + +} // namespace mojo + +#endif // NET_INTERFACES_IP_ADDRESS_STRUCT_TRAITS_H_ diff --git a/chromium/net/interfaces/typemaps.gni b/chromium/net/interfaces/typemaps.gni index 57a75bff67e..7d8ec79a948 100644 --- a/chromium/net/interfaces/typemaps.gni +++ b/chromium/net/interfaces/typemaps.gni @@ -4,5 +4,6 @@ typemaps = [ "//net/interfaces/host_resolver.typemap", + "//net/interfaces/ip_address.typemap", "//net/interfaces/proxy_resolver.typemap", ] diff --git a/chromium/net/log/file_net_log_observer_unittest.cc b/chromium/net/log/file_net_log_observer_unittest.cc index 66c61c14728..84dcc98612b 100644 --- a/chromium/net/log/file_net_log_observer_unittest.cc +++ b/chromium/net/log/file_net_log_observer_unittest.cc @@ -334,8 +334,7 @@ TEST_P(FileNetLogObserverTest, CustomConstants) { TestClosure closure; const char kConstantString[] = "awesome constant"; - std::unique_ptr<base::Value> constants( - new base::StringValue(kConstantString)); + std::unique_ptr<base::Value> constants(new base::Value(kConstantString)); CreateAndStartObserving(std::move(constants)); diff --git a/chromium/net/log/net_log_event_type_list.h b/chromium/net/log/net_log_event_type_list.h index 0a844474a7c..b3325d74de5 100644 --- a/chromium/net/log/net_log_event_type_list.h +++ b/chromium/net/log/net_log_event_type_list.h @@ -64,9 +64,17 @@ EVENT_TYPE(HOST_RESOLVER_IMPL_REQUEST) EVENT_TYPE(HOST_RESOLVER_IMPL_IPV6_REACHABILITY_CHECK) // This event is logged when a request is handled by a cache entry. +// It contains the following parameter: +// { +// "address_list": <The resolved addresses>, +// } EVENT_TYPE(HOST_RESOLVER_IMPL_CACHE_HIT) // This event is logged when a request is handled by a HOSTS entry. +// It contains the following parameter: +// { +// "address_list": <The resolved addresses>, +// } EVENT_TYPE(HOST_RESOLVER_IMPL_HOSTS_HIT) // This event is created when a new HostResolverImpl::Job is about to be created @@ -555,6 +563,15 @@ EVENT_TYPE(SSL_VERSION_FALLBACK) // } EVENT_TYPE(SSL_CIPHER_FALLBACK) +// An SSL connection needs to be retried with a lower protocol version to detect +// if the error was due to a middlebox interfering with the protocol version we +// offered. +// The following parameters are attached to the event: +// { +// "net_error": <Net integer error code which triggered the probe>, +// } +EVENT_TYPE(SSL_VERSION_INTERFERENCE_PROBE) + // We found that our prediction of the server's certificates was correct and // we merged the verification with the SSLHostInfo. (Note: now obsolete.) EVENT_TYPE(SSL_VERIFICATION_MERGED) @@ -1076,6 +1093,9 @@ EVENT_TYPE(HTTP_STREAM_REQUEST_STARTED_JOB) // } EVENT_TYPE(HTTP_STREAM_JOB_PROXY_SERVER_RESOLVED) +// Emitted when a job is asked to initialize a connection. +EVENT_TYPE(HTTP_STREAM_JOB_INIT_CONNECTION) + // Identifies the NetLogSource() for the Job that fulfilled the Request. // The event parameters are: // { @@ -1083,6 +1103,15 @@ EVENT_TYPE(HTTP_STREAM_JOB_PROXY_SERVER_RESOLVED) // } EVENT_TYPE(HTTP_STREAM_REQUEST_BOUND_TO_JOB) +// Identifies the NetLogSource() for the QuicStreamFactory::Job that the +// HttpStreamFactoryImpl::Job was attached to. +// The event parameters are: +// { +// "source_dependency": <Source identifier for the QuicStreamFactory::Job +// to which we were attached>, +// } +EVENT_TYPE(HTTP_STREAM_JOB_BOUND_TO_QUIC_STREAM_FACTORY_JOB) + // Identifies the NetLogSource() for the Request that the Job was attached to. // The event parameters are: // { @@ -1621,6 +1650,38 @@ EVENT_TYPE(HTTP2_PROXY_CLIENT_SESSION) // } // ------------------------------------------------------------------------ +// QuicStreamFactory::Job +// ------------------------------------------------------------------------ + +// Measures the time taken to execute the QuicStreamFactory::Job. +// The event parameters are: +// { +// "server_id": <The QuicServerId that the Job serves>, +// } +EVENT_TYPE(QUIC_STREAM_FACTORY_JOB) + +// Identifies the NetLogSource() for the HttpStreamFactoryImpl::Job that the +// Job was attached to. +// The event parameters are: +// { +// "source_dependency": <Source identifier for the +// HttpStreamFactoryImpl::Job to which we were +// attached>, +// } +EVENT_TYPE(QUIC_STREAM_FACTORY_JOB_BOUND_TO_HTTP_STREAM_JOB) + +// Measures the time taken to load server information. +EVENT_TYPE(QUIC_STREAM_FACTORY_JOB_LOAD_SERVER_INFO) + +// Measures the time taken to establish a QUIC connection. +// The event parameters are: +// { +// "require_confirmation": <True if we require handshake confirmation +// in the connection> +// } +EVENT_TYPE(QUIC_STREAM_FACTORY_JOB_CONNECT) + +// ------------------------------------------------------------------------ // QuicSession // ------------------------------------------------------------------------ @@ -2171,6 +2232,9 @@ EVENT_TYPE(SERVICE_WORKER_FETCH_EVENT) // } EVENT_TYPE(SERVICE_WORKER_SCRIPT_LOAD_UNHANDLED_REQUEST_ERROR) +// This event is emitted when a navigation preload request is created. +EVENT_TYPE(SERVICE_WORKER_NAVIGATION_PRELOAD_REQUEST) + // ------------------------------------------------------------------------ // Global events // ------------------------------------------------------------------------ diff --git a/chromium/net/log/net_log_source_type_list.h b/chromium/net/log/net_log_source_type_list.h index 120245dc2ca..47b5b97f212 100644 --- a/chromium/net/log/net_log_source_type_list.h +++ b/chromium/net/log/net_log_source_type_list.h @@ -40,3 +40,4 @@ SOURCE_TYPE(NETWORK_QUALITY_ESTIMATOR) SOURCE_TYPE(HTTP_STREAM_JOB_CONTROLLER) SOURCE_TYPE(CT_TREE_STATE_TRACKER) SOURCE_TYPE(SERVER_PUSH_LOOKUP_TRANSACTION) +SOURCE_TYPE(QUIC_STREAM_FACTORY_JOB) diff --git a/chromium/net/log/net_log_util.cc b/chromium/net/log/net_log_util.cc index 75c88ea4599..2d1b2dcc9f7 100644 --- a/chromium/net/log/net_log_util.cc +++ b/chromium/net/log/net_log_util.cc @@ -382,6 +382,7 @@ NET_EXPORT std::unique_ptr<base::DictionaryValue> GetNetInfo( cache_info_dict->SetInteger("capacity", static_cast<int>(cache->max_entries())); + cache_info_dict->SetInteger("network_changes", cache->network_changes()); base::ListValue* entry_list = new base::ListValue(); @@ -397,6 +398,8 @@ NET_EXPORT std::unique_ptr<base::DictionaryValue> GetNetInfo( static_cast<int>(key.address_family)); entry_dict->SetString("expiration", NetLog::TickCountToString(entry.expires())); + entry_dict->SetInteger("ttl", entry.ttl().InMilliseconds()); + entry_dict->SetInteger("network_changes", entry.network_changes()); if (entry.error() != OK) { entry_dict->SetInteger("error", entry.error()); diff --git a/chromium/net/log/net_log_with_source.cc b/chromium/net/log/net_log_with_source.cc index 8a03c8c66b8..fc954ba4f73 100644 --- a/chromium/net/log/net_log_with_source.cc +++ b/chromium/net/log/net_log_with_source.cc @@ -23,7 +23,7 @@ namespace { // Returns parameters for logging data transferred events. At a minimum includes // the number of bytes transferred. If the capture mode allows logging byte // contents and |byte_count| > 0, then will include the actual bytes. The -// bytes are hex-encoded, since base::StringValue only supports UTF-8. +// bytes are hex-encoded, since base::Value only supports UTF-8. std::unique_ptr<base::Value> BytesTransferredCallback( int byte_count, const char* bytes, diff --git a/chromium/net/log/write_to_file_net_log_observer_unittest.cc b/chromium/net/log/write_to_file_net_log_observer_unittest.cc index 06c2065e754..1f07c0ee952 100644 --- a/chromium/net/log/write_to_file_net_log_observer_unittest.cc +++ b/chromium/net/log/write_to_file_net_log_observer_unittest.cc @@ -152,8 +152,7 @@ TEST_F(WriteToFileNetLogObserverTest, GeneratesValidJSONWithMultipleEvents) { TEST_F(WriteToFileNetLogObserverTest, CustomConstants) { const char kConstantString[] = "awesome constant"; - std::unique_ptr<base::Value> constants( - new base::StringValue(kConstantString)); + std::unique_ptr<base::Value> constants(new base::Value(kConstantString)); base::ScopedFILE file(base::OpenFile(log_path_, "w")); ASSERT_TRUE(file); std::unique_ptr<WriteToFileNetLogObserver> logger( diff --git a/chromium/net/net.isolate b/chromium/net/net.isolate deleted file mode 100644 index cd2d2666a83..00000000000 --- a/chromium/net/net.isolate +++ /dev/null @@ -1,11 +0,0 @@ -# Copyright 2014 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. -{ - 'conditions': [ - ], - 'includes': [ - '../base/base.isolate', - '../gin/v8.isolate', - ], -} diff --git a/chromium/net/nqe/event_creator.cc b/chromium/net/nqe/event_creator.cc index 930e3725c88..ab5000e32d9 100644 --- a/chromium/net/nqe/event_creator.cc +++ b/chromium/net/nqe/event_creator.cc @@ -4,6 +4,7 @@ #include "net/nqe/event_creator.h" +#include <stdlib.h> #include <memory> #include <utility> @@ -21,7 +22,7 @@ namespace internal { namespace { -std::unique_ptr<base::Value> EffectiveConnectionTypeChangedNetLogCallback( +std::unique_ptr<base::Value> NetworkQualityChangedNetLogCallback( base::TimeDelta http_rtt, base::TimeDelta transport_rtt, int32_t downstream_throughput_kbps, @@ -36,6 +37,37 @@ std::unique_ptr<base::Value> EffectiveConnectionTypeChangedNetLogCallback( return std::move(dict); } +bool MetricChangedMeaningfully(int32_t past_value, int32_t current_value) { + if ((past_value == INVALID_RTT_THROUGHPUT) != + (current_value == INVALID_RTT_THROUGHPUT)) { + return true; + } + + if (past_value == INVALID_RTT_THROUGHPUT && + current_value == INVALID_RTT_THROUGHPUT) { + return false; + } + + // Create a new entry only if (i) the difference between the two values exceed + // the threshold; and, (ii) the ratio of the values also exceeds the + // threshold. + static const int kMinDifferenceInMetrics = 100; + static const float kMinRatio = 1.2f; + + if (std::abs(past_value - current_value) < kMinDifferenceInMetrics) { + // The absolute change in the value is not sufficient enough. + return false; + } + + if (past_value < (kMinRatio * current_value) && + current_value < (kMinRatio * past_value)) { + // The relative change in the value is not sufficient enough. + return false; + } + + return true; +} + } // namespace EventCreator::EventCreator(NetLogWithSource net_log) @@ -46,7 +78,7 @@ EventCreator::~EventCreator() { DCHECK(thread_checker_.CalledOnValidThread()); } -void EventCreator::MaybeAddEffectiveConnectionTypeChangedEventToNetLog( +void EventCreator::MaybeAddNetworkQualityChangedEventToNetLog( EffectiveConnectionType effective_connection_type, const NetworkQuality& network_quality) { DCHECK(thread_checker_.CalledOnValidThread()); @@ -54,15 +86,16 @@ void EventCreator::MaybeAddEffectiveConnectionTypeChangedEventToNetLog( // Check if any of the network quality metrics changed meaningfully. bool effective_connection_type_changed = past_effective_connection_type_ != effective_connection_type; - bool http_rtt_changed = (past_network_quality_.http_rtt() == InvalidRTT()) != - (network_quality.http_rtt() == InvalidRTT()); - bool transport_rtt_changed = - (past_network_quality_.transport_rtt() == InvalidRTT()) != - (network_quality.transport_rtt() == InvalidRTT()); - bool kbps_changed = - (past_network_quality_.downstream_throughput_kbps() == - INVALID_RTT_THROUGHPUT) != - (network_quality.downstream_throughput_kbps() == INVALID_RTT_THROUGHPUT); + bool http_rtt_changed = MetricChangedMeaningfully( + past_network_quality_.http_rtt().InMilliseconds(), + network_quality.http_rtt().InMilliseconds()); + + bool transport_rtt_changed = MetricChangedMeaningfully( + past_network_quality_.transport_rtt().InMilliseconds(), + network_quality.transport_rtt().InMilliseconds()); + bool kbps_changed = MetricChangedMeaningfully( + past_network_quality_.downstream_throughput_kbps(), + network_quality.downstream_throughput_kbps()); if (!effective_connection_type_changed && !http_rtt_changed && !transport_rtt_changed && !kbps_changed) { @@ -75,7 +108,7 @@ void EventCreator::MaybeAddEffectiveConnectionTypeChangedEventToNetLog( net_log_.AddEvent( NetLogEventType::NETWORK_QUALITY_CHANGED, - base::Bind(&EffectiveConnectionTypeChangedNetLogCallback, + base::Bind(&NetworkQualityChangedNetLogCallback, network_quality.http_rtt(), network_quality.transport_rtt(), network_quality.downstream_throughput_kbps(), effective_connection_type)); diff --git a/chromium/net/nqe/event_creator.h b/chromium/net/nqe/event_creator.h index 5000195a96d..4cd87e68a6c 100644 --- a/chromium/net/nqe/event_creator.h +++ b/chromium/net/nqe/event_creator.h @@ -30,11 +30,11 @@ class NET_EXPORT_PRIVATE EventCreator { ~EventCreator(); // May add network quality changed event to the net-internals log if there - // is a change in the effective connection type, or if there is a change in - // the availability of HTTP RTT, transport RTT or bandwidth. + // is a change in the effective connection type, or if there is a meaningful + // change in the values of HTTP RTT, transport RTT or bandwidth. // |effective_connection_type| is the current effective connection type. // |network_quality| is the current network quality. - void MaybeAddEffectiveConnectionTypeChangedEventToNetLog( + void MaybeAddNetworkQualityChangedEventToNetLog( EffectiveConnectionType effective_connection_type, const NetworkQuality& network_quality); diff --git a/chromium/net/nqe/event_creator_unittest.cc b/chromium/net/nqe/event_creator_unittest.cc new file mode 100644 index 00000000000..bc9acfb0623 --- /dev/null +++ b/chromium/net/nqe/event_creator_unittest.cc @@ -0,0 +1,127 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/nqe/event_creator.h" + +#include "base/memory/ptr_util.h" +#include "base/time/time.h" +#include "net/log/net_log_with_source.h" +#include "net/log/test_net_log.h" +#include "net/log/test_net_log_entry.h" +#include "net/nqe/effective_connection_type.h" +#include "net/nqe/network_quality.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { + +namespace nqe { + +namespace internal { + +namespace { + +// Returns the number of entries in |net_log| that have type set to +// |NetLogEventType::NETWORK_QUALITY_CHANGED|. +int GetNetworkQualityChangedEntriesCount(BoundTestNetLog* net_log) { + TestNetLogEntry::List entries; + net_log->GetEntries(&entries); + + int count = 0; + for (const auto& entry : entries) { + if (entry.type == NetLogEventType::NETWORK_QUALITY_CHANGED) + ++count; + } + return count; +} + +// Verify that the net log events are recorded correctly. +TEST(NetworkQualityEstimatorEventCreatorTest, Notified) { + // std::unique_ptr<BoundTestNetLog> + // net_log(base::MakeUnique<BoundTestNetLog>()); + BoundTestNetLog net_log; + + EventCreator event_creator(net_log.bound()); + + NetworkQuality network_quality_100(base::TimeDelta::FromMilliseconds(100), + base::TimeDelta::FromMilliseconds(100), + 100); + + event_creator.MaybeAddNetworkQualityChangedEventToNetLog( + EFFECTIVE_CONNECTION_TYPE_2G, network_quality_100); + EXPECT_EQ(1, GetNetworkQualityChangedEntriesCount(&net_log)); + + // No new entry should be created since the network quality has not changed. + event_creator.MaybeAddNetworkQualityChangedEventToNetLog( + EFFECTIVE_CONNECTION_TYPE_2G, network_quality_100); + EXPECT_EQ(1, GetNetworkQualityChangedEntriesCount(&net_log)); + + // A new entry should be created since effective connection type has changed. + event_creator.MaybeAddNetworkQualityChangedEventToNetLog( + EFFECTIVE_CONNECTION_TYPE_3G, network_quality_100); + EXPECT_EQ(2, GetNetworkQualityChangedEntriesCount(&net_log)); + + // A new entry should not be created since HTTP RTT has not changed + // meaningfully. + NetworkQuality network_quality_http_rtt_110( + base::TimeDelta::FromMilliseconds(110), + base::TimeDelta::FromMilliseconds(100), 100); + event_creator.MaybeAddNetworkQualityChangedEventToNetLog( + EFFECTIVE_CONNECTION_TYPE_3G, network_quality_http_rtt_110); + EXPECT_EQ(2, GetNetworkQualityChangedEntriesCount(&net_log)); + + // A new entry should be created since HTTP RTT has changed meaningfully. + NetworkQuality network_quality_http_rtt_300( + base::TimeDelta::FromMilliseconds(300), + base::TimeDelta::FromMilliseconds(100), 100); + event_creator.MaybeAddNetworkQualityChangedEventToNetLog( + EFFECTIVE_CONNECTION_TYPE_3G, network_quality_http_rtt_300); + EXPECT_EQ(3, GetNetworkQualityChangedEntriesCount(&net_log)); + + // A new entry should be created since transport RTT has changed meaningfully. + NetworkQuality network_quality_transport_rtt_300( + base::TimeDelta::FromMilliseconds(300), + base::TimeDelta::FromMilliseconds(300), 100); + event_creator.MaybeAddNetworkQualityChangedEventToNetLog( + EFFECTIVE_CONNECTION_TYPE_3G, network_quality_transport_rtt_300); + EXPECT_EQ(4, GetNetworkQualityChangedEntriesCount(&net_log)); + + // A new entry should be created since bandwidth has changed meaningfully. + NetworkQuality network_quality_kbps_300( + base::TimeDelta::FromMilliseconds(300), + base::TimeDelta::FromMilliseconds(300), 300); + event_creator.MaybeAddNetworkQualityChangedEventToNetLog( + EFFECTIVE_CONNECTION_TYPE_3G, network_quality_kbps_300); + EXPECT_EQ(5, GetNetworkQualityChangedEntriesCount(&net_log)); + + // A new entry should not be created since network quality has not changed + // meaningfully. + event_creator.MaybeAddNetworkQualityChangedEventToNetLog( + EFFECTIVE_CONNECTION_TYPE_3G, network_quality_kbps_300); + EXPECT_EQ(5, GetNetworkQualityChangedEntriesCount(&net_log)); + + // A new entry should be created since bandwidth has changed meaningfully. + NetworkQuality network_quality_kbps_2000( + base::TimeDelta::FromMilliseconds(300), + base::TimeDelta::FromMilliseconds(300), 2000); + event_creator.MaybeAddNetworkQualityChangedEventToNetLog( + EFFECTIVE_CONNECTION_TYPE_3G, network_quality_kbps_2000); + EXPECT_EQ(6, GetNetworkQualityChangedEntriesCount(&net_log)); + + // A new entry should not be created since bandwidth has not changed by more + // than 20%. + NetworkQuality network_quality_kbps_2200( + base::TimeDelta::FromMilliseconds(300), + base::TimeDelta::FromMilliseconds(300), 2200); + event_creator.MaybeAddNetworkQualityChangedEventToNetLog( + EFFECTIVE_CONNECTION_TYPE_3G, network_quality_kbps_2200); + EXPECT_EQ(6, GetNetworkQualityChangedEntriesCount(&net_log)); +} + +} // namespace + +} // namespace internal + +} // namespace nqe + +} // namespace net diff --git a/chromium/net/nqe/network_quality_estimator.cc b/chromium/net/nqe/network_quality_estimator.cc index fa0e153f4d8..d02bf395ed1 100644 --- a/chromium/net/nqe/network_quality_estimator.cc +++ b/chromium/net/nqe/network_quality_estimator.cc @@ -34,7 +34,6 @@ #include "net/http/http_response_headers.h" #include "net/http/http_response_info.h" #include "net/http/http_status_code.h" -#include "net/nqe/network_quality_estimator_params.h" #include "net/nqe/socket_watcher_factory.h" #include "net/nqe/throughput_analyzer.h" #include "net/url_request/url_request.h" @@ -60,7 +59,9 @@ base::HistogramBase* GetHistogram(const std::string& statistic_name, const size_t kBucketCount = 50; return base::Histogram::FactoryGet( - "NQE." + statistic_name + nqe::internal::GetNameForConnectionType(type), + "NQE." + statistic_name + + nqe::internal::NetworkQualityEstimatorParams:: + GetNameForConnectionType(type), kLowerLimit, max_limit, kBucketCount, base::HistogramBase::kUmaTargetedHistogramFlag); } @@ -247,22 +248,20 @@ NetworkQualityEstimator::NetworkQualityEstimator( {"TransportRTTOrDownstreamThroughput", EffectiveConnectionTypeAlgorithm:: TRANSPORT_RTT_OR_DOWNSTREAM_THROUGHOUT}}), + params_(variation_params), use_localhost_requests_(use_local_host_requests_for_tests), use_small_responses_(use_smaller_responses_for_tests), disable_offline_check_(false), add_default_platform_observations_(add_default_platform_observations), - weight_multiplier_per_second_( - nqe::internal::GetWeightMultiplierPerSecond(variation_params)), - weight_multiplier_per_dbm_( - nqe::internal::GetWeightMultiplierPerDbm(variation_params)), + weight_multiplier_per_second_(params_.GetWeightMultiplierPerSecond()), + weight_multiplier_per_dbm_(params_.GetWeightMultiplierPerDbm()), effective_connection_type_algorithm_( algorithm_name_to_enum_.find( - nqe::internal::GetEffectiveConnectionTypeAlgorithm( - variation_params)) == algorithm_name_to_enum_.end() + params_.GetEffectiveConnectionTypeAlgorithm()) == + algorithm_name_to_enum_.end() ? kDefaultEffectiveConnectionTypeAlgorithm : algorithm_name_to_enum_ - .find(nqe::internal::GetEffectiveConnectionTypeAlgorithm( - variation_params)) + .find(params_.GetEffectiveConnectionTypeAlgorithm()) ->second), tick_clock_(new base::DefaultTickClock()), last_connection_change_(tick_clock_->NowTicks()), @@ -285,14 +284,13 @@ NetworkQualityEstimator::NetworkQualityEstimator( min_signal_strength_since_connection_change_(INT32_MAX), max_signal_strength_since_connection_change_(INT32_MIN), correlation_uma_logging_probability_( - nqe::internal::correlation_uma_logging_probability(variation_params)), + params_.correlation_uma_logging_probability()), forced_effective_connection_type_set_( - nqe::internal::forced_effective_connection_type_set( - variation_params)), + params_.forced_effective_connection_type_set()), forced_effective_connection_type_( - nqe::internal::forced_effective_connection_type(variation_params)), + params_.forced_effective_connection_type()), persistent_cache_reading_enabled_( - nqe::internal::persistent_cache_reading_enabled(variation_params)), + params_.persistent_cache_reading_enabled()), event_creator_(net_log), disallowed_observation_sources_for_http_( {NETWORK_QUALITY_OBSERVATION_SOURCE_TCP, @@ -317,7 +315,7 @@ NetworkQualityEstimator::NetworkQualityEstimator( effective_connection_type_algorithm_); network_quality_store_.reset(new nqe::internal::NetworkQualityStore()); - ObtainOperatingParams(variation_params); + ObtainOperatingParams(); NetworkChangeNotifier::AddConnectionTypeObserver(this); if (external_estimate_provider_) { RecordExternalEstimateProviderMetrics( @@ -338,7 +336,7 @@ NetworkQualityEstimator::NetworkQualityEstimator( watcher_factory_.reset(new nqe::internal::SocketWatcherFactory( base::ThreadTaskRunnerHandle::Get(), - nqe::internal::GetMinSocketWatcherNotificationInterval(variation_params), + params_.GetMinSocketWatcherNotificationInterval(), base::Bind(&NetworkQualityEstimator::OnUpdatedRTTAvailable, base::Unretained(this)), tick_clock_.get())); @@ -352,14 +350,11 @@ NetworkQualityEstimator::NetworkQualityEstimator( http_rtt_at_last_main_frame_[i] = nqe::internal::InvalidRTT(); } -void NetworkQualityEstimator::ObtainOperatingParams( - const std::map<std::string, std::string>& variation_params) { +void NetworkQualityEstimator::ObtainOperatingParams() { DCHECK(thread_checker_.CalledOnValidThread()); - nqe::internal::ObtainDefaultObservations(variation_params, - default_observations_); - nqe::internal::ObtainEffectiveConnectionTypeModelParams( - variation_params, connection_thresholds_); - nqe::internal::ObtainTypicalNetworkQuality(typical_network_quality_); + params_.ObtainDefaultObservations(default_observations_); + params_.ObtainEffectiveConnectionTypeModelParams(connection_thresholds_); + params_.ObtainTypicalNetworkQuality(typical_network_quality_); } void NetworkQualityEstimator::AddDefaultEstimates() { @@ -795,7 +790,7 @@ void NetworkQualityEstimator::ReportEffectiveConnectionTypeForTesting( EffectiveConnectionType effective_connection_type) { DCHECK(thread_checker_.CalledOnValidThread()); - event_creator_.MaybeAddEffectiveConnectionTypeChangedEventToNetLog( + event_creator_.MaybeAddNetworkQualityChangedEventToNetLog( effective_connection_type_, typical_network_quality_[effective_connection_type]); @@ -808,6 +803,17 @@ void NetworkQualityEstimator::ReportEffectiveConnectionTypeForTesting( effective_connection_type)); } +void NetworkQualityEstimator::ReportRTTsAndThroughputForTesting( + base::TimeDelta http_rtt, + base::TimeDelta transport_rtt, + int32_t downstream_throughput_kbps) { + DCHECK(thread_checker_.CalledOnValidThread()); + + for (auto& observer : rtt_and_throughput_estimates_observer_list_) + observer.OnRTTOrThroughputEstimatesComputed(http_rtt, transport_rtt, + downstream_throughput_kbps); +} + bool NetworkQualityEstimator::RequestProvidesRTTObservation( const URLRequest& request) const { DCHECK(thread_checker_.CalledOnValidThread()); @@ -1042,7 +1048,8 @@ void NetworkQualityEstimator::RecordMetricsOnMainFrameRequest() const { base::HistogramBase* effective_connection_type_histogram = base::Histogram::FactoryGet( std::string("NQE.MainFrame.EffectiveConnectionType.") + - nqe::internal::GetNameForConnectionType(current_network_id_.type), + nqe::internal::NetworkQualityEstimatorParams:: + GetNameForConnectionType(current_network_id_.type), 0, EFFECTIVE_CONNECTION_TYPE_LAST, EFFECTIVE_CONNECTION_TYPE_LAST /* Number of buckets */, base::HistogramBase::kUmaTargetedHistogramFlag); @@ -1107,7 +1114,7 @@ void NetworkQualityEstimator::ComputeEffectiveConnectionType() { if (past_type != effective_connection_type_) NotifyObserversOfEffectiveConnectionTypeChanged(); - event_creator_.MaybeAddEffectiveConnectionTypeChangedEventToNetLog( + event_creator_.MaybeAddNetworkQualityChangedEventToNetLog( effective_connection_type_, network_quality_); rtt_observations_size_at_last_ect_computation_ = rtt_observations_.Size(); @@ -1472,8 +1479,10 @@ bool NetworkQualityEstimator::ReadCachedNetworkQualityEstimate() { const bool cached_estimate_available = network_quality_store_->GetById( current_network_id_, &cached_network_quality); - UMA_HISTOGRAM_BOOLEAN("NQE.CachedNetworkQualityAvailable", - cached_estimate_available); + if (network_quality_store_->EligibleForCaching(current_network_id_)) { + UMA_HISTOGRAM_BOOLEAN("NQE.CachedNetworkQualityAvailable", + cached_estimate_available); + } if (!cached_estimate_available) return false; @@ -1821,4 +1830,20 @@ const char* NetworkQualityEstimator::GetNameForStatistic(int i) const { return ""; } +base::Optional<base::TimeDelta> +NetworkQualityEstimator::NetworkQualityProvider::GetHttpRTT() const { + return base::Optional<base::TimeDelta>(); +} + +base::Optional<base::TimeDelta> +NetworkQualityEstimator::NetworkQualityProvider::GetTransportRTT() const { + return base::Optional<base::TimeDelta>(); +} + +base::Optional<int32_t> +NetworkQualityEstimator::NetworkQualityProvider::GetDownstreamThroughputKbps() + const { + return base::Optional<int32_t>(); +} + } // namespace net diff --git a/chromium/net/nqe/network_quality_estimator.h b/chromium/net/nqe/network_quality_estimator.h index 696e9b0e85d..ab5cdf8c27f 100644 --- a/chromium/net/nqe/network_quality_estimator.h +++ b/chromium/net/nqe/network_quality_estimator.h @@ -28,6 +28,7 @@ #include "net/nqe/external_estimate_provider.h" #include "net/nqe/network_id.h" #include "net/nqe/network_quality.h" +#include "net/nqe/network_quality_estimator_params.h" #include "net/nqe/network_quality_observation.h" #include "net/nqe/network_quality_observation_source.h" #include "net/nqe/network_quality_store.h" @@ -157,6 +158,8 @@ class NET_EXPORT NetworkQualityEstimator // Provides simple interface to obtain the effective connection type. class NET_EXPORT NetworkQualityProvider { public: + virtual ~NetworkQualityProvider() {} + // Returns the current effective connection type. virtual EffectiveConnectionType GetEffectiveConnectionType() const = 0; @@ -168,7 +171,29 @@ class NET_EXPORT NetworkQualityEstimator virtual void RemoveEffectiveConnectionTypeObserver( EffectiveConnectionTypeObserver* observer) = 0; - virtual ~NetworkQualityProvider() {} + // Returns the current HTTP RTT estimate. If the estimate is unavailable, + // the returned optional value is null. + virtual base::Optional<base::TimeDelta> GetHttpRTT() const; + + // Returns the current transport RTT estimate. If the estimate is + // unavailable, the returned optional value is null. + virtual base::Optional<base::TimeDelta> GetTransportRTT() const; + + // Returns the current downstream throughput estimate (in kilobits per + // second). If the estimate is unavailable, the returned optional value is + // null. + virtual base::Optional<int32_t> GetDownstreamThroughputKbps() const; + + // Adds |observer| to the list of RTT and throughput estimate observers. + // |observer| would be notified of the current RTT and throughput estimates + // in the next message pump. + virtual void AddRTTAndThroughputEstimatesObserver( + RTTAndThroughputEstimatesObserver* observer) = 0; + + // Removes |observer| from the list of RTT and throughput estimate + // observers. + virtual void RemoveRTTAndThroughputEstimatesObserver( + RTTAndThroughputEstimatesObserver* observer) = 0; protected: NetworkQualityProvider() {} @@ -296,6 +321,11 @@ class NET_EXPORT NetworkQualityEstimator void ReportEffectiveConnectionTypeForTesting( EffectiveConnectionType effective_connection_type); + // Reports the RTTs and throughput to all RTTAndThroughputEstimatesObservers. + void ReportRTTsAndThroughputForTesting(base::TimeDelta http_rtt, + base::TimeDelta transport_rtt, + int32_t downstream_throughput_kbps); + // Adds and removes |observer| from the list of cache observers. void AddNetworkQualitiesCacheObserver( nqe::internal::NetworkQualityStore::NetworkQualitiesCacheObserver* @@ -507,8 +537,7 @@ class NET_EXPORT NetworkQualityEstimator // the field trial parameters. For each effective connection type, a model // (currently composed of a RTT threshold and a downlink throughput threshold) // is provided by the field trial. - void ObtainOperatingParams( - const std::map<std::string, std::string>& variation_params); + void ObtainOperatingParams(); // Adds the default median RTT and downstream throughput estimate for the // current connection type to the observation buffer. @@ -621,6 +650,9 @@ class NET_EXPORT NetworkQualityEstimator const char* GetNameForStatistic(int i) const; + // Params to configure the network quality estimator. + const nqe::internal::NetworkQualityEstimatorParams params_; + // Determines if the requests to local host can be used in estimating the // network quality. Set to true only for tests. bool use_localhost_requests_; diff --git a/chromium/net/nqe/network_quality_estimator_params.cc b/chromium/net/nqe/network_quality_estimator_params.cc index 7fd4e11f3d8..d88bd4aa492 100644 --- a/chromium/net/nqe/network_quality_estimator_params.cc +++ b/chromium/net/nqe/network_quality_estimator_params.cc @@ -19,16 +19,15 @@ static const int kMinimumRTTVariationParameterMsec = 1; // kilobits per second) values. static const int kMinimumThroughputVariationParameterKbps = 1; -// Returns the value of |parameter_name| read from |variation_params|. If the -// value is unavailable from |variation_params|, then |default_value| is -// returned. +// Returns the value of |parameter_name| read from |params|. If the +// value is unavailable from |params|, then |default_value| is returned. int64_t GetValueForVariationParam( - const std::map<std::string, std::string>& variation_params, + const std::map<std::string, std::string>& params, const std::string& parameter_name, int64_t default_value) { - const auto it = variation_params.find(parameter_name); + const auto it = params.find(parameter_name); int64_t variations_value = default_value; - if (it != variation_params.end() && + if (it != params.end() && base::StringToInt64(it->second, &variations_value)) { return variations_value; } @@ -38,11 +37,11 @@ int64_t GetValueForVariationParam( // Returns the variation value for |parameter_name|. If the value is // unavailable, |default_value| is returned. double GetDoubleValueForVariationParamWithDefaultValue( - const std::map<std::string, std::string>& variation_params, + const std::map<std::string, std::string>& params, const std::string& parameter_name, double default_value) { - const auto it = variation_params.find(parameter_name); - if (it == variation_params.end()) + const auto it = params.find(parameter_name); + if (it == params.end()) return default_value; double variations_value = default_value; @@ -54,11 +53,11 @@ double GetDoubleValueForVariationParamWithDefaultValue( // Returns the variation value for |parameter_name|. If the value is // unavailable, |default_value| is returned. std::string GetStringValueForVariationParamWithDefaultValue( - const std::map<std::string, std::string>& variation_params, + const std::map<std::string, std::string>& params, const std::string& parameter_name, const std::string& default_value) { - const auto it = variation_params.find(parameter_name); - if (it == variation_params.end()) + const auto it = params.find(parameter_name); + if (it == params.end()) return default_value; return it->second; } @@ -71,25 +70,35 @@ namespace nqe { namespace internal { -std::string GetEffectiveConnectionTypeAlgorithm( - const std::map<std::string, std::string>& variation_params) { - const auto it = variation_params.find("effective_connection_type_algorithm"); - if (it == variation_params.end()) +NetworkQualityEstimatorParams::NetworkQualityEstimatorParams( + const std::map<std::string, std::string>& params) + : params_(params) {} + +NetworkQualityEstimatorParams::~NetworkQualityEstimatorParams() { + DCHECK(thread_checker_.CalledOnValidThread()); +} + +std::string NetworkQualityEstimatorParams::GetEffectiveConnectionTypeAlgorithm() + const { + DCHECK(thread_checker_.CalledOnValidThread()); + + const auto it = params_.find("effective_connection_type_algorithm"); + if (it == params_.end()) return std::string(); return it->second; } -double GetWeightMultiplierPerSecond( - const std::map<std::string, std::string>& variation_params) { +double NetworkQualityEstimatorParams::GetWeightMultiplierPerSecond() const { + DCHECK(thread_checker_.CalledOnValidThread()); + // Default value of the half life (in seconds) for computing time weighted // percentiles. Every half life, the weight of all observations reduces by // half. Lowering the half life would reduce the weight of older values // faster. int half_life_seconds = 60; int32_t variations_value = 0; - auto it = variation_params.find("HalfLifeSeconds"); - if (it != variation_params.end() && - base::StringToInt(it->second, &variations_value) && + auto it = params_.find("HalfLifeSeconds"); + if (it != params_.end() && base::StringToInt(it->second, &variations_value) && variations_value >= 1) { half_life_seconds = variations_value; } @@ -97,15 +106,17 @@ double GetWeightMultiplierPerSecond( return pow(0.5, 1.0 / half_life_seconds); } -double GetWeightMultiplierPerDbm( - const std::map<std::string, std::string>& variation_params) { +double NetworkQualityEstimatorParams::GetWeightMultiplierPerDbm() const { + DCHECK(thread_checker_.CalledOnValidThread()); + // The default weight is set to 1.0, so by default, RSSI has no effect on the // observation's weight. return GetDoubleValueForVariationParamWithDefaultValue( - variation_params, "rssi_weight_per_dbm", 1.0); + params_, "rssi_weight_per_dbm", 1.0); } -const char* GetNameForConnectionType( +// static +const char* NetworkQualityEstimatorParams::GetNameForConnectionType( net::NetworkChangeNotifier::ConnectionType connection_type) { switch (connection_type) { case net::NetworkChangeNotifier::CONNECTION_UNKNOWN: @@ -131,9 +142,10 @@ const char* GetNameForConnectionType( return ""; } -void ObtainDefaultObservations( - const std::map<std::string, std::string>& variation_params, - NetworkQuality default_observations[]) { +void NetworkQualityEstimatorParams::ObtainDefaultObservations( + NetworkQuality default_observations[]) const { + DCHECK(thread_checker_.CalledOnValidThread()); + for (size_t i = 0; i < NetworkChangeNotifier::CONNECTION_LAST; ++i) { DCHECK_EQ(InvalidRTT(), default_observations[i].http_rtt()); DCHECK_EQ(InvalidRTT(), default_observations[i].transport_rtt()); @@ -185,8 +197,8 @@ void ObtainDefaultObservations( int32_t variations_value = kMinimumRTTVariationParameterMsec - 1; std::string parameter_name = std::string(GetNameForConnectionType(type)) .append(".DefaultMedianRTTMsec"); - auto it = variation_params.find(parameter_name); - if (it != variation_params.end() && + auto it = params_.find(parameter_name); + if (it != params_.end() && base::StringToInt(it->second, &variations_value) && variations_value >= kMinimumRTTVariationParameterMsec) { default_observations[i] = @@ -198,8 +210,8 @@ void ObtainDefaultObservations( variations_value = kMinimumRTTVariationParameterMsec - 1; parameter_name = std::string(GetNameForConnectionType(type)) .append(".DefaultMedianTransportRTTMsec"); - it = variation_params.find(parameter_name); - if (it != variation_params.end() && + it = params_.find(parameter_name); + if (it != params_.end() && base::StringToInt(it->second, &variations_value) && variations_value >= kMinimumRTTVariationParameterMsec) { default_observations[i] = @@ -211,9 +223,9 @@ void ObtainDefaultObservations( variations_value = kMinimumThroughputVariationParameterKbps - 1; parameter_name = std::string(GetNameForConnectionType(type)) .append(".DefaultMedianKbps"); - it = variation_params.find(parameter_name); + it = params_.find(parameter_name); - if (it != variation_params.end() && + if (it != params_.end() && base::StringToInt(it->second, &variations_value) && variations_value >= kMinimumThroughputVariationParameterKbps) { default_observations[i] = NetworkQuality( @@ -223,7 +235,10 @@ void ObtainDefaultObservations( } } -void ObtainTypicalNetworkQuality(NetworkQuality typical_network_quality[]) { +void NetworkQualityEstimatorParams::ObtainTypicalNetworkQuality( + NetworkQuality typical_network_quality[]) const { + DCHECK(thread_checker_.CalledOnValidThread()); + for (size_t i = 0; i < EFFECTIVE_CONNECTION_TYPE_LAST; ++i) { DCHECK_EQ(InvalidRTT(), typical_network_quality[i].http_rtt()); DCHECK_EQ(InvalidRTT(), typical_network_quality[i].transport_rtt()); @@ -262,9 +277,10 @@ void ObtainTypicalNetworkQuality(NetworkQuality typical_network_quality[]) { "Missing effective connection type"); } -void ObtainEffectiveConnectionTypeModelParams( - const std::map<std::string, std::string>& variation_params, - NetworkQuality connection_thresholds[]) { +void NetworkQualityEstimatorParams::ObtainEffectiveConnectionTypeModelParams( + NetworkQuality connection_thresholds[]) const { + DCHECK(thread_checker_.CalledOnValidThread()); + // First set the default thresholds. NetworkQuality default_effective_connection_type_thresholds [EffectiveConnectionType::EFFECTIVE_CONNECTION_TYPE_LAST]; @@ -310,23 +326,21 @@ void ObtainEffectiveConnectionTypeModelParams( connection_thresholds[i].set_http_rtt( base::TimeDelta::FromMilliseconds(GetValueForVariationParam( - variation_params, - connection_type_name + ".ThresholdMedianHttpRTTMsec", + params_, connection_type_name + ".ThresholdMedianHttpRTTMsec", default_effective_connection_type_thresholds[i] .http_rtt() .InMilliseconds()))); connection_thresholds[i].set_transport_rtt( base::TimeDelta::FromMilliseconds(GetValueForVariationParam( - variation_params, - connection_type_name + ".ThresholdMedianTransportRTTMsec", + params_, connection_type_name + ".ThresholdMedianTransportRTTMsec", default_effective_connection_type_thresholds[i] .transport_rtt() .InMilliseconds()))); connection_thresholds[i].set_downstream_throughput_kbps( GetValueForVariationParam( - variation_params, connection_type_name + ".ThresholdMedianKbps", + params_, connection_type_name + ".ThresholdMedianKbps", default_effective_connection_type_thresholds[i] .downstream_throughput_kbps())); DCHECK(i == 0 || @@ -334,29 +348,31 @@ void ObtainEffectiveConnectionTypeModelParams( } } -double correlation_uma_logging_probability( - const std::map<std::string, std::string>& variation_params) { +double NetworkQualityEstimatorParams::correlation_uma_logging_probability() + const { + DCHECK(thread_checker_.CalledOnValidThread()); + double correlation_uma_logging_probability = GetDoubleValueForVariationParamWithDefaultValue( - variation_params, "correlation_logging_probability", 0.01); + params_, "correlation_logging_probability", 0.01); DCHECK_LE(0.0, correlation_uma_logging_probability); DCHECK_GE(1.0, correlation_uma_logging_probability); return correlation_uma_logging_probability; } -bool forced_effective_connection_type_set( - const std::map<std::string, std::string>& variation_params) { +bool NetworkQualityEstimatorParams::forced_effective_connection_type_set() + const { return !GetStringValueForVariationParamWithDefaultValue( - variation_params, "force_effective_connection_type", "") + params_, "force_effective_connection_type", "") .empty(); } -EffectiveConnectionType forced_effective_connection_type( - const std::map<std::string, std::string>& variation_params) { +EffectiveConnectionType +NetworkQualityEstimatorParams::forced_effective_connection_type() const { EffectiveConnectionType forced_effective_connection_type = EFFECTIVE_CONNECTION_TYPE_UNKNOWN; std::string forced_value = GetStringValueForVariationParamWithDefaultValue( - variation_params, "force_effective_connection_type", + params_, "force_effective_connection_type", GetNameForEffectiveConnectionType(EFFECTIVE_CONNECTION_TYPE_UNKNOWN)); DCHECK(!forced_value.empty()); bool effective_connection_type_available = GetEffectiveConnectionTypeForName( @@ -369,21 +385,23 @@ EffectiveConnectionType forced_effective_connection_type( return forced_effective_connection_type; } -bool persistent_cache_reading_enabled( - const std::map<std::string, std::string>& variation_params) { +bool NetworkQualityEstimatorParams::persistent_cache_reading_enabled() const { + DCHECK(thread_checker_.CalledOnValidThread()); + if (GetStringValueForVariationParamWithDefaultValue( - variation_params, "persistent_cache_reading_enabled", "false") != - "true") { + params_, "persistent_cache_reading_enabled", "false") != "true") { return false; } return true; } -base::TimeDelta GetMinSocketWatcherNotificationInterval( - const std::map<std::string, std::string>& variation_params) { +base::TimeDelta +NetworkQualityEstimatorParams::GetMinSocketWatcherNotificationInterval() const { + DCHECK(thread_checker_.CalledOnValidThread()); + // Use 1000 milliseconds as the default value. return base::TimeDelta::FromMilliseconds(GetValueForVariationParam( - variation_params, "min_socket_watcher_notification_interval_msec", 1000)); + params_, "min_socket_watcher_notification_interval_msec", 1000)); } } // namespace internal diff --git a/chromium/net/nqe/network_quality_estimator_params.h b/chromium/net/nqe/network_quality_estimator_params.h index 6d7310f95ea..9996735c490 100644 --- a/chromium/net/nqe/network_quality_estimator_params.h +++ b/chromium/net/nqe/network_quality_estimator_params.h @@ -8,6 +8,8 @@ #include <map> #include <string> +#include "base/macros.h" +#include "base/threading/thread_checker.h" #include "net/base/network_change_notifier.h" #include "net/nqe/effective_connection_type.h" #include "net/nqe/network_quality.h" @@ -18,70 +20,81 @@ namespace nqe { namespace internal { -// Returns the algorithm that should be used for computing effective connection -// type based on field trial params. Returns an empty string if a valid -// algorithm paramter is not present in the field trial params. -std::string GetEffectiveConnectionTypeAlgorithm( - const std::map<std::string, std::string>& variation_params); - -// Computes and returns the weight multiplier per second, which represents the -// factor by which the weight of an observation reduces every second. -// |variation_params| is the map containing all field trial parameters -// related to the NetworkQualityualityEstimator field trial. -double GetWeightMultiplierPerSecond( - const std::map<std::string, std::string>& variation_params); - -// Returns the factor by which the weight of an observation reduces for every -// dBm difference between the current signal strength (in dBm), and the signal -// strength at the time when the observation was taken. -double GetWeightMultiplierPerDbm( - const std::map<std::string, std::string>& variation_params); - -// Returns a descriptive name corresponding to |connection_type|. -const char* GetNameForConnectionType( - net::NetworkChangeNotifier::ConnectionType connection_type); - -// Sets the default observation for different connection types in -// |default_observations|. The default observations are different for different -// connection types (e.g., 2G, 3G, 4G, WiFi). The default observations may be -// used to determine the network quality in absence of any other information. -void ObtainDefaultObservations( - const std::map<std::string, std::string>& variation_params, - nqe::internal::NetworkQuality default_observations[]); - -// Sets |typical_network_quality| to typical network quality for different -// effective connection types. -void ObtainTypicalNetworkQuality(NetworkQuality typical_network_quality[]); - -// Parses the variation paramaters and sets the thresholds for different -// effective connection types in |connection_thresholds|. -void ObtainEffectiveConnectionTypeModelParams( - const std::map<std::string, std::string>& variation_params, - nqe::internal::NetworkQuality connection_thresholds[]); - -// Returns the fraction of URL requests that should record the correlation UMA. -double correlation_uma_logging_probability( - const std::map<std::string, std::string>& variation_params); - -// Returns true if the effective connection type has been determined via -// variation parameters. -bool forced_effective_connection_type_set( - const std::map<std::string, std::string>& variation_params); - -// Returns the effective connection type that was configured by variation -// parameters. -EffectiveConnectionType forced_effective_connection_type( - const std::map<std::string, std::string>& variation_params); - -// Returns true if reading from the persistent cache has been enabled via field -// trial. -bool persistent_cache_reading_enabled( - const std::map<std::string, std::string>& variation_params); - -// Returns the the minimum interval betweeen consecutive notifications to a -// single socket watcher. -base::TimeDelta GetMinSocketWatcherNotificationInterval( - const std::map<std::string, std::string>& variation_params); +// NetworkQualityEstimatorParams computes the configuration parameters for +// the network quality estimator. +class NetworkQualityEstimatorParams { + public: + // |params| is the map containing all field trial parameters related to + // NetworkQualityEstimator field trial. + explicit NetworkQualityEstimatorParams( + const std::map<std::string, std::string>& params); + + ~NetworkQualityEstimatorParams(); + + // Returns the algorithm that should be used for computing effective + // connection type. Returns an empty string if a valid algorithm paramter is + // not specified. + std::string GetEffectiveConnectionTypeAlgorithm() const; + + // Computes and returns the weight multiplier per second, which represents the + // factor by which the weight of an observation reduces every second. + double GetWeightMultiplierPerSecond() const; + + // Returns the factor by which the weight of an observation reduces for every + // dBm difference between the current signal strength (in dBm), and the signal + // strength at the time when the observation was taken. + double GetWeightMultiplierPerDbm() const; + + // Returns a descriptive name corresponding to |connection_type|. + static const char* GetNameForConnectionType( + net::NetworkChangeNotifier::ConnectionType connection_type); + + // Sets the default observation for different connection types in + // |default_observations|. The default observations are different for + // different connection types (e.g., 2G, 3G, 4G, WiFi). The default + // observations may be used to determine the network quality in absence of any + // other information. + void ObtainDefaultObservations( + nqe::internal::NetworkQuality default_observations[]) const; + + // Sets |typical_network_quality| to typical network quality for different + // effective connection types. + void ObtainTypicalNetworkQuality( + NetworkQuality typical_network_quality[]) const; + + // Sets the thresholds for different effective connection types in + // |connection_thresholds|. + void ObtainEffectiveConnectionTypeModelParams( + nqe::internal::NetworkQuality connection_thresholds[]) const; + + // Returns the fraction of URL requests that should record the correlation + // UMA. + double correlation_uma_logging_probability() const; + + // Returns true if the effective connection type has been forced via field + // trial parameters. + bool forced_effective_connection_type_set() const; + + // Returns the effective connection type if it has been forced via field trial + // parameters. + EffectiveConnectionType forced_effective_connection_type() const; + + // Returns true if reading from the persistent cache is enabled. + bool persistent_cache_reading_enabled() const; + + // Returns the the minimum interval betweeen consecutive notifications to a + // single socket watcher. + base::TimeDelta GetMinSocketWatcherNotificationInterval() const; + + private: + // Map containing all field trial parameters related to + // NetworkQualityEstimator field trial. + const std::map<std::string, std::string> params_; + + base::ThreadChecker thread_checker_; + + DISALLOW_COPY_AND_ASSIGN(NetworkQualityEstimatorParams); +}; } // namespace internal diff --git a/chromium/net/nqe/network_quality_estimator_unittest.cc b/chromium/net/nqe/network_quality_estimator_unittest.cc index 4c68ae0fcf5..183b87caf0e 100644 --- a/chromium/net/nqe/network_quality_estimator_unittest.cc +++ b/chromium/net/nqe/network_quality_estimator_unittest.cc @@ -226,7 +226,7 @@ TEST(NetworkQualityEstimatorTest, TestKbpsRTTUpdates) { estimator.GetRecentTransportRTT(base::TimeTicks(), &transport_rtt)); // Verify the contents of the net log. - EXPECT_EQ( + EXPECT_LE( 2, estimator.GetEntriesCount(NetLogEventType::NETWORK_QUALITY_CHANGED)); EXPECT_EQ(http_rtt.InMilliseconds(), estimator.GetNetLogLastIntegerValue( @@ -316,7 +316,7 @@ TEST(NetworkQualityEstimatorTest, TestKbpsRTTUpdates) { estimator.SimulateNetworkChange( NetworkChangeNotifier::ConnectionType::CONNECTION_WIFI, std::string()); histogram_tester.ExpectUniqueSample("NQE.CachedNetworkQualityAvailable", - false, 3); + false, 2); histogram_tester.ExpectTotalCount("NQE.PeakKbps.Unknown", 1); histogram_tester.ExpectTotalCount("NQE.FastestRTT.Unknown", 1); @@ -347,7 +347,7 @@ TEST(NetworkQualityEstimatorTest, TestKbpsRTTUpdates) { estimator.SimulateNetworkChange( NetworkChangeNotifier::ConnectionType::CONNECTION_UNKNOWN, "test"); histogram_tester.ExpectBucketCount("NQE.CachedNetworkQualityAvailable", false, - 3); + 2); histogram_tester.ExpectBucketCount("NQE.CachedNetworkQualityAvailable", true, 1); } @@ -411,8 +411,10 @@ TEST(NetworkQualityEstimatorTest, Caching) { // |observer| should be notified as soon as it is added. base::RunLoop().RunUntilIdle(); EXPECT_EQ(1U, observer.effective_connection_types().size()); - EXPECT_EQ( - 2, estimator.GetEntriesCount(NetLogEventType::NETWORK_QUALITY_CHANGED)); + + int num_net_log_entries = + estimator.GetEntriesCount(NetLogEventType::NETWORK_QUALITY_CHANGED); + EXPECT_LE(2, num_net_log_entries); estimator.SimulateNetworkChange( NetworkChangeNotifier::ConnectionType::CONNECTION_2G, "test"); @@ -425,7 +427,8 @@ TEST(NetworkQualityEstimatorTest, Caching) { // Verify the contents of the net log. EXPECT_LE( - 3, estimator.GetEntriesCount(NetLogEventType::NETWORK_QUALITY_CHANGED)); + 1, estimator.GetEntriesCount(NetLogEventType::NETWORK_QUALITY_CHANGED) - + num_net_log_entries); EXPECT_NE(-1, estimator.GetNetLogLastIntegerValue( NetLogEventType::NETWORK_QUALITY_CHANGED, "http_rtt_ms")); EXPECT_EQ(-1, @@ -1741,7 +1744,7 @@ TEST(NetworkQualityEstimatorTest, MAYBE_TestEffectiveConnectionTypeObserver) { request->Start(); base::RunLoop().Run(); EXPECT_EQ(1U, observer.effective_connection_types().size()); - EXPECT_EQ( + EXPECT_LE( 1, estimator.GetEntriesCount(NetLogEventType::NETWORK_QUALITY_CHANGED)); // Verify the contents of the net log. diff --git a/chromium/net/nqe/network_quality_store.cc b/chromium/net/nqe/network_quality_store.cc index 43d2bcafaf8..0686bd4549f 100644 --- a/chromium/net/nqe/network_quality_store.cc +++ b/chromium/net/nqe/network_quality_store.cc @@ -35,15 +35,8 @@ void NetworkQualityStore::Add( DCHECK_LE(cached_network_qualities_.size(), static_cast<size_t>(kMaximumNetworkQualityCacheSize)); - // If the network name is unavailable, caching should not be performed. If - // |disable_offline_check_| is set to true, cache the network quality even if - // the network is set to offline. - if (network_id.type != NetworkChangeNotifier::CONNECTION_ETHERNET && - network_id.id.empty() && - (network_id.type != NetworkChangeNotifier::CONNECTION_NONE || - !disable_offline_check_)) { + if (!EligibleForCaching(network_id)) return; - } // Remove the entry from the map, if it is already present. cached_network_qualities_.erase(network_id); @@ -104,6 +97,18 @@ void NetworkQualityStore::RemoveNetworkQualitiesCacheObserver( network_qualities_cache_observer_list_.RemoveObserver(observer); } +bool NetworkQualityStore::EligibleForCaching( + const NetworkID& network_id) const { + DCHECK(thread_checker_.CalledOnValidThread()); + + // |disable_offline_check_| forces caching of the network quality even if + // the network is set to offline. + return network_id.type == NetworkChangeNotifier::CONNECTION_ETHERNET || + !network_id.id.empty() || + (network_id.type == NetworkChangeNotifier::CONNECTION_NONE && + disable_offline_check_); +} + void NetworkQualityStore::DisableOfflineCheckForTesting( bool disable_offline_check) { DCHECK(thread_checker_.CalledOnValidThread()); diff --git a/chromium/net/nqe/network_quality_store.h b/chromium/net/nqe/network_quality_store.h index 8970c350e11..6213da79e86 100644 --- a/chromium/net/nqe/network_quality_store.h +++ b/chromium/net/nqe/network_quality_store.h @@ -67,6 +67,9 @@ class NET_EXPORT_PRIVATE NetworkQualityStore { void RemoveNetworkQualitiesCacheObserver( NetworkQualitiesCacheObserver* observer); + // Returns true if network quality for |network_id| can be cached. + bool EligibleForCaching(const NetworkID& network_id) const; + // If |disable_offline_check| is set to true, the offline check is disabled // when storing the network quality. void DisableOfflineCheckForTesting(bool disable_offline_check); diff --git a/chromium/net/proxy/proxy_config.cc b/chromium/net/proxy/proxy_config.cc index 13b0462291e..b2d34cab2bc 100644 --- a/chromium/net/proxy/proxy_config.cc +++ b/chromium/net/proxy/proxy_config.cc @@ -195,27 +195,12 @@ ProxyConfig::ProxyConfig() source_(PROXY_CONFIG_SOURCE_UNKNOWN), id_(kInvalidConfigID) { } -ProxyConfig::ProxyConfig(const ProxyConfig& config) - : auto_detect_(config.auto_detect_), - pac_url_(config.pac_url_), - pac_mandatory_(config.pac_mandatory_), - proxy_rules_(config.proxy_rules_), - source_(config.source_), - id_(config.id_) { -} +ProxyConfig::ProxyConfig(const ProxyConfig& config) = default; ProxyConfig::~ProxyConfig() { } -ProxyConfig& ProxyConfig::operator=(const ProxyConfig& config) { - auto_detect_ = config.auto_detect_; - pac_url_ = config.pac_url_; - pac_mandatory_ = config.pac_mandatory_; - proxy_rules_ = config.proxy_rules_; - source_ = config.source_; - id_ = config.id_; - return *this; -} +ProxyConfig& ProxyConfig::operator=(const ProxyConfig& config) = default; bool ProxyConfig::Equals(const ProxyConfig& other) const { // The two configs can have different IDs and sources. We are just interested diff --git a/chromium/net/proxy/proxy_resolver_perftest.cc b/chromium/net/proxy/proxy_resolver_perftest.cc deleted file mode 100644 index a910d45d4b7..00000000000 --- a/chromium/net/proxy/proxy_resolver_perftest.cc +++ /dev/null @@ -1,286 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <utility> - -#include "base/base_paths.h" -#include "base/compiler_specific.h" -#include "base/files/file_util.h" -#include "base/macros.h" -#include "base/message_loop/message_loop.h" -#include "base/path_service.h" -#include "base/strings/string_util.h" -#include "base/test/perf_time_logger.h" -#include "net/base/net_errors.h" -#include "net/dns/mock_host_resolver.h" -#include "net/log/net_log_with_source.h" -#include "net/proxy/proxy_info.h" -#include "net/proxy/proxy_resolver.h" -#include "net/proxy/proxy_resolver_factory.h" -#include "net/proxy/proxy_resolver_v8.h" -#include "net/test/embedded_test_server/embedded_test_server.h" -#include "net/test/gtest_util.h" -#include "testing/gmock/include/gmock/gmock.h" -#include "testing/gtest/include/gtest/gtest.h" - -#if defined(OS_WIN) -#include "net/proxy/proxy_resolver_winhttp.h" -#elif defined(OS_MACOSX) -#include "net/proxy/proxy_resolver_mac.h" -#endif - -using net::test::IsOk; - -namespace net { - -namespace { - -// This class holds the URL to use for resolving, and the expected result. -// We track the expected result in order to make sure the performance -// test is actually resolving URLs properly, otherwise the perf numbers -// are meaningless :-) -struct PacQuery { - const char* query_url; - const char* expected_result; -}; - -// Entry listing which PAC scripts to load, and which URLs to try resolving. -// |queries| should be terminated by {NULL, NULL}. A sentinel is used -// rather than a length, to simplify using initializer lists. -struct PacPerfTest { - const char* pac_name; - PacQuery queries[100]; - - // Returns the actual number of entries in |queries| (assumes NULL sentinel). - int NumQueries() const; -}; - -// List of performance tests. -static PacPerfTest kPerfTests[] = { - // This test uses an ad-blocker PAC script. This script is very heavily - // regular expression oriented, and has no dependencies on the current - // IP address, or DNS resolving of hosts. - { "no-ads.pac", - { // queries: - {"http://www.google.com", "DIRECT"}, - {"http://www.imdb.com/photos/cmsicons/x", "PROXY 0.0.0.0:3421"}, - {"http://www.imdb.com/x", "DIRECT"}, - {"http://www.staples.com/", "DIRECT"}, - {"http://www.staples.com/pixeltracker/x", "PROXY 0.0.0.0:3421"}, - {"http://www.staples.com/pixel/x", "DIRECT"}, - {"http://www.foobar.com", "DIRECT"}, - {"http://www.foobarbaz.com/x/y/z", "DIRECT"}, - {"http://www.testurl1.com/index.html", "DIRECT"}, - {"http://www.testurl2.com", "DIRECT"}, - {"https://www.sample/pirate/arrrrrr", "DIRECT"}, - {NULL, NULL} - }, - }, -}; - -int PacPerfTest::NumQueries() const { - for (size_t i = 0; i < arraysize(queries); ++i) { - if (queries[i].query_url == NULL) - return i; - } - NOTREACHED(); // Bad definition. - return 0; -} - -// The number of URLs to resolve when testing a PAC script. -const int kNumIterations = 500; - -// Helper class to run through all the performance tests using the specified -// proxy resolver implementation. -class PacPerfSuiteRunner { - public: - // |resolver_name| is the label used when logging the results. - PacPerfSuiteRunner(ProxyResolverFactory* factory, - const std::string& resolver_name) - : factory_(factory), resolver_name_(resolver_name) { - test_server_.ServeFilesFromSourceDirectory( - "net/data/proxy_resolver_perftest"); - } - - void RunAllTests() { - ASSERT_TRUE(test_server_.Start()); - for (size_t i = 0; i < arraysize(kPerfTests); ++i) { - const PacPerfTest& test_data = kPerfTests[i]; - RunTest(test_data.pac_name, - test_data.queries, - test_data.NumQueries()); - } - } - - private: - void RunTest(const std::string& script_name, - const PacQuery* queries, - int queries_len) { - std::unique_ptr<ProxyResolver> resolver; - if (!factory_->expects_pac_bytes()) { - GURL pac_url = test_server_.GetURL(std::string("/") + script_name); - int rv = factory_->CreateProxyResolver( - ProxyResolverScriptData::FromURL(pac_url), &resolver, - CompletionCallback(), nullptr); - EXPECT_THAT(rv, IsOk()); - } else { - resolver = LoadPacScriptAndCreateResolver(script_name); - } - ASSERT_TRUE(resolver); - - // Do a query to warm things up. In the case of internal-fetch proxy - // resolvers, the first resolve will be slow since it has to download - // the PAC script. - { - ProxyInfo proxy_info; - int result = resolver->GetProxyForURL(GURL("http://www.warmup.com"), - &proxy_info, CompletionCallback(), - NULL, NetLogWithSource()); - ASSERT_THAT(result, IsOk()); - } - - // Start the perf timer. - std::string perf_test_name = resolver_name_ + "_" + script_name; - base::PerfTimeLogger timer(perf_test_name.c_str()); - - for (int i = 0; i < kNumIterations; ++i) { - // Round-robin between URLs to resolve. - const PacQuery& query = queries[i % queries_len]; - - // Resolve. - ProxyInfo proxy_info; - int result = resolver->GetProxyForURL(GURL(query.query_url), &proxy_info, - CompletionCallback(), NULL, - NetLogWithSource()); - - // Check that the result was correct. Note that ToPacString() and - // ASSERT_EQ() are fast, so they won't skew the results. - ASSERT_THAT(result, IsOk()); - ASSERT_EQ(query.expected_result, proxy_info.ToPacString()); - } - - // Print how long the test ran for. - timer.Done(); - } - - // Read the PAC script from disk and initialize the proxy resolver with it. - std::unique_ptr<ProxyResolver> LoadPacScriptAndCreateResolver( - const std::string& script_name) { - base::FilePath path; - PathService::Get(base::DIR_SOURCE_ROOT, &path); - path = path.AppendASCII("net"); - path = path.AppendASCII("data"); - path = path.AppendASCII("proxy_resolver_perftest"); - path = path.AppendASCII(script_name); - - // Try to read the file from disk. - std::string file_contents; - bool ok = base::ReadFileToString(path, &file_contents); - - // If we can't load the file from disk, something is misconfigured. - LOG_IF(ERROR, !ok) << "Failed to read file: " << path.value(); - if (!ok) - return nullptr; - - // Load the PAC script into the ProxyResolver. - std::unique_ptr<ProxyResolver> resolver; - int rv = factory_->CreateProxyResolver( - ProxyResolverScriptData::FromUTF8(file_contents), &resolver, - CompletionCallback(), nullptr); - EXPECT_THAT(rv, IsOk()); - return resolver; - } - - ProxyResolverFactory* factory_; - std::string resolver_name_; - EmbeddedTestServer test_server_; -}; - -#if defined(OS_WIN) -TEST(ProxyResolverPerfTest, ProxyResolverWinHttp) { - ProxyResolverFactoryWinHttp factory; - PacPerfSuiteRunner runner(&factory, "ProxyResolverWinHttp"); - runner.RunAllTests(); -} -#elif defined(OS_MACOSX) -TEST(ProxyResolverPerfTest, ProxyResolverMac) { - ProxyResolverFactoryMac factory; - PacPerfSuiteRunner runner(&factory, "ProxyResolverMac"); - runner.RunAllTests(); -} -#endif - -class MockJSBindings : public ProxyResolverV8::JSBindings { - public: - MockJSBindings() {} - - void Alert(const base::string16& message) override { CHECK(false); } - - bool ResolveDns(const std::string& host, - ResolveDnsOperation op, - std::string* output, - bool* terminate) override { - CHECK(false); - return false; - } - - void OnError(int line_number, const base::string16& message) override { - CHECK(false); - } -}; - -class ProxyResolverV8Wrapper : public ProxyResolver { - public: - ProxyResolverV8Wrapper(std::unique_ptr<ProxyResolverV8> resolver, - std::unique_ptr<MockJSBindings> bindings) - : resolver_(std::move(resolver)), bindings_(std::move(bindings)) {} - - int GetProxyForURL(const GURL& url, - ProxyInfo* results, - const CompletionCallback& /*callback*/, - std::unique_ptr<Request>* /*request*/, - const NetLogWithSource& net_log) override { - return resolver_->GetProxyForURL(url, results, bindings_.get()); - } - - private: - std::unique_ptr<ProxyResolverV8> resolver_; - std::unique_ptr<MockJSBindings> bindings_; - - DISALLOW_COPY_AND_ASSIGN(ProxyResolverV8Wrapper); -}; - -class ProxyResolverV8Factory : public ProxyResolverFactory { - public: - ProxyResolverV8Factory() : ProxyResolverFactory(true) {} - int CreateProxyResolver( - const scoped_refptr<ProxyResolverScriptData>& pac_script, - std::unique_ptr<ProxyResolver>* resolver, - const net::CompletionCallback& callback, - std::unique_ptr<Request>* request) override { - std::unique_ptr<ProxyResolverV8> v8_resolver; - std::unique_ptr<MockJSBindings> js_bindings_(new MockJSBindings); - int result = - ProxyResolverV8::Create(pac_script, js_bindings_.get(), &v8_resolver); - if (result == OK) { - resolver->reset(new ProxyResolverV8Wrapper(std::move(v8_resolver), - std::move(js_bindings_))); - } - return result; - } - - private: - DISALLOW_COPY_AND_ASSIGN(ProxyResolverV8Factory); -}; - -TEST(ProxyResolverPerfTest, ProxyResolverV8) { - base::MessageLoop message_loop; - ProxyResolverV8Factory factory; - PacPerfSuiteRunner runner(&factory, "ProxyResolverV8"); - runner.RunAllTests(); -} - -} // namespace - -} // namespace net diff --git a/chromium/net/quic/chromium/bidirectional_stream_quic_impl.cc b/chromium/net/quic/chromium/bidirectional_stream_quic_impl.cc index b4aaa5335e0..f2977803713 100644 --- a/chromium/net/quic/chromium/bidirectional_stream_quic_impl.cc +++ b/chromium/net/quic/chromium/bidirectional_stream_quic_impl.cc @@ -13,6 +13,7 @@ #include "base/timer/timer.h" #include "net/http/bidirectional_stream_request_info.h" #include "net/quic/core/quic_connection.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/socket/next_proto.h" #include "net/spdy/spdy_header_block.h" #include "net/spdy/spdy_http_utils.h" @@ -154,7 +155,7 @@ void BidirectionalStreamQuicImpl::SendData(const scoped_refptr<IOBuffer>& data, SendRequestHeaders(); } - base::StringPiece string_data(data->data(), length); + QuicStringPiece string_data(data->data(), length); int rv = stream_->WriteStreamData( string_data, end_stream, base::Bind(&BidirectionalStreamQuicImpl::OnSendDataComplete, diff --git a/chromium/net/quic/chromium/bidirectional_stream_quic_impl_unittest.cc b/chromium/net/quic/chromium/bidirectional_stream_quic_impl_unittest.cc index 8c6b80085a9..779035f7de4 100644 --- a/chromium/net/quic/chromium/bidirectional_stream_quic_impl_unittest.cc +++ b/chromium/net/quic/chromium/bidirectional_stream_quic_impl_unittest.cc @@ -29,18 +29,19 @@ #include "net/quic/chromium/quic_http_utils.h" #include "net/quic/chromium/quic_server_info.h" #include "net/quic/chromium/quic_test_packet_maker.h" +#include "net/quic/chromium/test_task_runner.h" #include "net/quic/core/crypto/crypto_protocol.h" #include "net/quic/core/crypto/quic_decrypter.h" #include "net/quic/core/crypto/quic_encrypter.h" #include "net/quic/core/quic_connection.h" #include "net/quic/core/spdy_utils.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/api/quic_text_utils.h" #include "net/quic/test_tools/crypto_test_utils.h" #include "net/quic/test_tools/mock_clock.h" #include "net/quic/test_tools/mock_random.h" #include "net/quic/test_tools/quic_connection_peer.h" #include "net/quic/test_tools/quic_test_utils.h" -#include "net/quic/test_tools/test_task_runner.h" #include "net/socket/socket_test_util.h" #include "net/test/gtest_util.h" #include "testing/gmock/include/gmock/gmock.h" @@ -467,7 +468,7 @@ class BidirectionalStreamQuicImplTest bool should_include_version, bool fin, QuicStreamOffset offset, - base::StringPiece data, + QuicStringPiece data, QuicTestPacketMaker* maker) { std::unique_ptr<QuicReceivedPacket> packet(maker->MakeDataPacket( packet_number, stream_id_, should_include_version, fin, offset, data)); @@ -481,7 +482,7 @@ class BidirectionalStreamQuicImplTest bool should_include_version, bool fin, QuicStreamOffset offset, - base::StringPiece data) { + QuicStringPiece data) { return ConstructDataPacket(packet_number, should_include_version, fin, offset, data, &server_maker_); } @@ -624,7 +625,7 @@ class BidirectionalStreamQuicImplTest QuicPacketNumber least_unacked, bool fin, QuicStreamOffset offset, - base::StringPiece data, + QuicStringPiece data, QuicTestPacketMaker* maker) { std::unique_ptr<QuicReceivedPacket> packet(maker->MakeAckAndDataPacket( packet_number, should_include_version, stream_id_, largest_received, diff --git a/chromium/net/quic/chromium/crypto/channel_id_chromium.cc b/chromium/net/quic/chromium/crypto/channel_id_chromium.cc index f91f466aa8c..c451d893df0 100644 --- a/chromium/net/quic/chromium/crypto/channel_id_chromium.cc +++ b/chromium/net/quic/chromium/crypto/channel_id_chromium.cc @@ -23,7 +23,7 @@ ChannelIDKeyChromium::ChannelIDKeyChromium( ChannelIDKeyChromium::~ChannelIDKeyChromium() {} -bool ChannelIDKeyChromium::Sign(base::StringPiece signed_data, +bool ChannelIDKeyChromium::Sign(QuicStringPiece signed_data, std::string* out_signature) const { std::unique_ptr<crypto::ECSignatureCreator> sig_creator( crypto::ECSignatureCreator::Create(ec_private_key_.get())); diff --git a/chromium/net/quic/chromium/crypto/channel_id_chromium.h b/chromium/net/quic/chromium/crypto/channel_id_chromium.h index 2c9869c30b2..31ef722c404 100644 --- a/chromium/net/quic/chromium/crypto/channel_id_chromium.h +++ b/chromium/net/quic/chromium/crypto/channel_id_chromium.h @@ -12,6 +12,7 @@ #include "base/macros.h" #include "net/base/net_export.h" #include "net/quic/core/crypto/channel_id.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace crypto { class ECPrivateKey; @@ -28,7 +29,7 @@ class NET_EXPORT_PRIVATE ChannelIDKeyChromium : public ChannelIDKey { ~ChannelIDKeyChromium() override; // ChannelIDKey interface - bool Sign(base::StringPiece signed_data, + bool Sign(QuicStringPiece signed_data, std::string* out_signature) const override; std::string SerializeKey() const override; diff --git a/chromium/net/quic/chromium/crypto/proof_source_chromium.cc b/chromium/net/quic/chromium/crypto/proof_source_chromium.cc index fb14ba027bd..4f5608a0dd0 100644 --- a/chromium/net/quic/chromium/crypto/proof_source_chromium.cc +++ b/chromium/net/quic/chromium/crypto/proof_source_chromium.cc @@ -81,7 +81,7 @@ bool ProofSourceChromium::GetProofInner( const string& hostname, const string& server_config, QuicVersion quic_version, - base::StringPiece chlo_hash, + QuicStringPiece chlo_hash, const QuicTagVector& /* connection_options */, QuicReferenceCountedPointer<ProofSource::Chain>* out_chain, QuicCryptoProof* proof) { @@ -137,7 +137,7 @@ void ProofSourceChromium::GetProof(const QuicSocketAddress& server_addr, const std::string& hostname, const std::string& server_config, QuicVersion quic_version, - base::StringPiece chlo_hash, + QuicStringPiece chlo_hash, const QuicTagVector& connection_options, std::unique_ptr<Callback> callback) { // As a transitional implementation, just call the synchronous version of diff --git a/chromium/net/quic/chromium/crypto/proof_source_chromium.h b/chromium/net/quic/chromium/crypto/proof_source_chromium.h index f0a8c308f82..00f6d3b9423 100644 --- a/chromium/net/quic/chromium/crypto/proof_source_chromium.h +++ b/chromium/net/quic/chromium/crypto/proof_source_chromium.h @@ -37,7 +37,7 @@ class NET_EXPORT_PRIVATE ProofSourceChromium : public ProofSource { const std::string& hostname, const std::string& server_config, QuicVersion quic_version, - base::StringPiece chlo_hash, + QuicStringPiece chlo_hash, const QuicTagVector& connection_options, std::unique_ptr<Callback> callback) override; @@ -46,7 +46,7 @@ class NET_EXPORT_PRIVATE ProofSourceChromium : public ProofSource { const std::string& hostname, const std::string& server_config, QuicVersion quic_version, - base::StringPiece chlo_hash, + QuicStringPiece chlo_hash, const QuicTagVector& connection_options, QuicReferenceCountedPointer<ProofSource::Chain>* out_chain, QuicCryptoProof* proof); diff --git a/chromium/net/quic/chromium/crypto/proof_test_chromium.cc b/chromium/net/quic/chromium/crypto/proof_test_chromium.cc index eb4a61b298f..f6bfd15b593 100644 --- a/chromium/net/quic/chromium/crypto/proof_test_chromium.cc +++ b/chromium/net/quic/chromium/crypto/proof_test_chromium.cc @@ -56,7 +56,7 @@ void RunVerification(ProofVerifier* verifier, const uint16_t port, const string& server_config, QuicVersion quic_version, - StringPiece chlo_hash, + QuicStringPiece chlo_hash, const std::vector<string>& certs, const string& proof, bool expected_ok) { diff --git a/chromium/net/quic/chromium/crypto/proof_verifier_chromium.cc b/chromium/net/quic/chromium/crypto/proof_verifier_chromium.cc index eed307d6c8f..95b19990618 100644 --- a/chromium/net/quic/chromium/crypto/proof_verifier_chromium.cc +++ b/chromium/net/quic/chromium/crypto/proof_verifier_chromium.cc @@ -27,7 +27,6 @@ #include "net/quic/core/crypto/crypto_protocol.h" #include "net/ssl/ssl_config_service.h" -using base::StringPiece; using base::StringPrintf; using std::string; @@ -69,7 +68,7 @@ class ProofVerifierChromium::Job { const uint16_t port, const std::string& server_config, QuicVersion quic_version, - base::StringPiece chlo_hash, + QuicStringPiece chlo_hash, const std::vector<std::string>& certs, const std::string& cert_sct, const std::string& signature, @@ -114,7 +113,7 @@ class ProofVerifierChromium::Job { bool VerifySignature(const std::string& signed_data, QuicVersion quic_version, - StringPiece chlo_hash, + QuicStringPiece chlo_hash, const std::string& signature, const std::string& cert); @@ -200,7 +199,7 @@ QuicAsyncStatus ProofVerifierChromium::Job::VerifyProof( const uint16_t port, const string& server_config, QuicVersion quic_version, - StringPiece chlo_hash, + QuicStringPiece chlo_hash, const std::vector<string>& certs, const std::string& cert_sct, const string& signature, @@ -292,9 +291,9 @@ bool ProofVerifierChromium::Job::GetX509Certificate( } // Convert certs to X509Certificate. - std::vector<StringPiece> cert_pieces(certs.size()); + std::vector<QuicStringPiece> cert_pieces(certs.size()); for (unsigned i = 0; i < certs.size(); i++) { - cert_pieces[i] = base::StringPiece(certs[i]); + cert_pieces[i] = QuicStringPiece(certs[i]); } cert_ = X509Certificate::CreateFromDERCertChain(cert_pieces); if (!cert_.get()) { @@ -472,10 +471,10 @@ int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { bool ProofVerifierChromium::Job::VerifySignature(const string& signed_data, QuicVersion quic_version, - StringPiece chlo_hash, + QuicStringPiece chlo_hash, const string& signature, const string& cert) { - StringPiece spki; + QuicStringPiece spki; if (!asn1::ExtractSPKIFromDERCert(cert, &spki)) { DLOG(WARNING) << "ExtractSPKIFromDERCert failed"; return false; @@ -556,7 +555,7 @@ QuicAsyncStatus ProofVerifierChromium::VerifyProof( const uint16_t port, const std::string& server_config, QuicVersion quic_version, - base::StringPiece chlo_hash, + QuicStringPiece chlo_hash, const std::vector<std::string>& certs, const std::string& cert_sct, const std::string& signature, diff --git a/chromium/net/quic/chromium/crypto/proof_verifier_chromium.h b/chromium/net/quic/chromium/crypto/proof_verifier_chromium.h index d7c88522206..e6f46227dba 100644 --- a/chromium/net/quic/chromium/crypto/proof_verifier_chromium.h +++ b/chromium/net/quic/chromium/crypto/proof_verifier_chromium.h @@ -78,7 +78,7 @@ class NET_EXPORT_PRIVATE ProofVerifierChromium : public ProofVerifier { const uint16_t port, const std::string& server_config, QuicVersion quic_version, - base::StringPiece chlo_hash, + QuicStringPiece chlo_hash, const std::vector<std::string>& certs, const std::string& cert_sct, const std::string& signature, diff --git a/chromium/net/quic/chromium/crypto_test_utils_chromium.cc b/chromium/net/quic/chromium/crypto_test_utils_chromium.cc index 691cb18ea01..8380b736e32 100644 --- a/chromium/net/quic/chromium/crypto_test_utils_chromium.cc +++ b/chromium/net/quic/chromium/crypto_test_utils_chromium.cc @@ -34,7 +34,6 @@ #include "net/test/cert_test_util.h" #include "net/test/test_data_directory.h" -using base::StringPiece; using std::string; namespace net { diff --git a/chromium/net/quic/chromium/network_connection_unittest.cc b/chromium/net/quic/chromium/network_connection_unittest.cc index f9372a18f0a..c0bda470e77 100644 --- a/chromium/net/quic/chromium/network_connection_unittest.cc +++ b/chromium/net/quic/chromium/network_connection_unittest.cc @@ -5,7 +5,7 @@ #include "net/quic/chromium/network_connection.h" #include "base/run_loop.h" -#include "net/quic/chromium/mock_network_change_notifier.h" +#include "net/base/mock_network_change_notifier.h" #include "testing/gtest/include/gtest/gtest.h" namespace net { diff --git a/chromium/net/quic/chromium/properties_based_quic_server_info.cc b/chromium/net/quic/chromium/properties_based_quic_server_info.cc index efe6f84672f..e90331fd7c1 100644 --- a/chromium/net/quic/chromium/properties_based_quic_server_info.cc +++ b/chromium/net/quic/chromium/properties_based_quic_server_info.cc @@ -94,6 +94,10 @@ void PropertiesBasedQuicServerInfo::OnExternalCacheHit() { RecordQuicServerInfoStatus(QUIC_SERVER_INFO_EXTERNAL_CACHE_HIT); } +size_t PropertiesBasedQuicServerInfo::EstimateMemoryUsage() const { + return 0; +} + PropertiesBasedQuicServerInfoFactory::PropertiesBasedQuicServerInfoFactory( HttpServerProperties* http_server_properties) : http_server_properties_(http_server_properties) {} diff --git a/chromium/net/quic/chromium/properties_based_quic_server_info.h b/chromium/net/quic/chromium/properties_based_quic_server_info.h index c9b0075a355..35ebb9b718d 100644 --- a/chromium/net/quic/chromium/properties_based_quic_server_info.h +++ b/chromium/net/quic/chromium/properties_based_quic_server_info.h @@ -38,6 +38,7 @@ class QUIC_EXPORT_PRIVATE PropertiesBasedQuicServerInfo bool IsReadyToPersist() override; void Persist() override; void OnExternalCacheHit() override; + size_t EstimateMemoryUsage() const override; private: HttpServerProperties* http_server_properties_; diff --git a/chromium/net/quic/chromium/quic_chromium_alarm_factory_test.cc b/chromium/net/quic/chromium/quic_chromium_alarm_factory_test.cc index 1cfe17558e3..55fcf121a9d 100644 --- a/chromium/net/quic/chromium/quic_chromium_alarm_factory_test.cc +++ b/chromium/net/quic/chromium/quic_chromium_alarm_factory_test.cc @@ -4,8 +4,8 @@ #include "net/quic/chromium/quic_chromium_alarm_factory.h" +#include "net/quic/chromium/test_task_runner.h" #include "net/quic/test_tools/mock_clock.h" -#include "net/quic/test_tools/test_task_runner.h" #include "testing/gtest/include/gtest/gtest.h" namespace net { diff --git a/chromium/net/quic/chromium/quic_chromium_client_session.cc b/chromium/net/quic/chromium/quic_chromium_client_session.cc index 816094abb9f..dae92477b5c 100644 --- a/chromium/net/quic/chromium/quic_chromium_client_session.cc +++ b/chromium/net/quic/chromium/quic_chromium_client_session.cc @@ -20,7 +20,6 @@ #include "net/base/io_buffer.h" #include "net/base/net_errors.h" #include "net/base/network_activity_monitor.h" -#include "net/http/http_log_util.h" #include "net/http/transport_security_state.h" #include "net/log/net_log_event_type.h" #include "net/log/net_log_source_type.h" @@ -34,6 +33,7 @@ #include "net/quic/core/spdy_utils.h" #include "net/socket/datagram_client_socket.h" #include "net/spdy/spdy_http_utils.h" +#include "net/spdy/spdy_log_util.h" #include "net/spdy/spdy_session.h" #include "net/ssl/channel_id_service.h" #include "net/ssl/ssl_connection_status_flags.h" @@ -63,6 +63,9 @@ const size_t kTokenBindingSignatureMapSize = 10; // migrating sessions need to wait for a new network to connect. const size_t kWaitTimeForNewNetworkSecs = 10; +// The maximum size of uncompressed QUIC headers that will be allowed. +const size_t kMaxUncompressedHeaderSize = 256 * 1024; + // Histograms for tracking down the crashes from http://crbug.com/354669 // Note: these values must be kept in sync with the corresponding values in: // tools/metrics/histograms/histograms.xml @@ -298,6 +301,9 @@ QuicChromiumClientSession::QuicChromiumClientSession( } QuicChromiumClientSession::~QuicChromiumClientSession() { + DCHECK(callback_.is_null()); + + net_log_.EndEvent(NetLogEventType::QUIC_SESSION); if (!dynamic_streams().empty()) RecordUnexpectedOpenStreams(DESTRUCTOR); if (!observers_.empty()) @@ -426,7 +432,6 @@ QuicChromiumClientSession::~QuicChromiumClientSession() { UMA_HISTOGRAM_COUNTS( "Net.QuicSession.MaxReordering", static_cast<base::HistogramBase::Sample>(stats.max_sequence_reordering)); - net_log_.EndEvent(NetLogEventType::QUIC_SESSION); } void QuicChromiumClientSession::Initialize() { @@ -435,6 +440,7 @@ void QuicChromiumClientSession::Initialize() { base::MakeUnique<HpackEncoderDebugVisitor>()); SetHpackDecoderDebugVisitor( base::MakeUnique<HpackDecoderDebugVisitor>()); + set_max_uncompressed_header_bytes(kMaxUncompressedHeaderSize); } void QuicChromiumClientSession::OnHeadersHeadOfLineBlocking( @@ -668,11 +674,8 @@ int QuicChromiumClientSession::CryptoConnect( connect_timing_.connect_start = base::TimeTicks::Now(); RecordHandshakeState(STATE_STARTED); DCHECK(flow_controller()); - crypto_stream_->CryptoConnect(); - // Check if the connection is still open, issues during CryptoConnect like - // packet write error could cause the connection to be torn down. - if (!connection()->connected()) + if (!crypto_stream_->CryptoConnect()) return ERR_QUIC_HANDSHAKE_FAILED; if (IsCryptoHandshakeConfirmed()) { @@ -689,20 +692,6 @@ int QuicChromiumClientSession::CryptoConnect( return ERR_IO_PENDING; } -int QuicChromiumClientSession::ResumeCryptoConnect( - const CompletionCallback& callback) { - if (IsCryptoHandshakeConfirmed()) { - connect_timing_.connect_end = base::TimeTicks::Now(); - return OK; - } - - if (!connection()->connected()) - return ERR_QUIC_HANDSHAKE_FAILED; - - callback_ = callback; - return ERR_IO_PENDING; -} - int QuicChromiumClientSession::GetNumSentClientHellos() const { return crypto_stream_->num_sent_client_hellos(); } @@ -855,11 +844,6 @@ void QuicChromiumClientSession::OnConfigNegotiated() { void QuicChromiumClientSession::OnCryptoHandshakeEvent( CryptoHandshakeEvent event) { - if (stream_factory_ && event == HANDSHAKE_CONFIRMED && - stream_factory_->OnHandshakeConfirmed(this)) { - return; - } - if (!callback_.is_null() && (!require_confirmation_ || event == HANDSHAKE_CONFIRMED || event == ENCRYPTION_REESTABLISHED)) { @@ -921,10 +905,11 @@ void QuicChromiumClientSession::OnCryptoHandshakeMessageReceived( const CryptoHandshakeMessage& message) { logger_->OnCryptoHandshakeMessageReceived(message); if (message.tag() == kREJ || message.tag() == kSREJ) { - UMA_HISTOGRAM_CUSTOM_COUNTS("Net.QuicSession.RejectLength", - message.GetSerialized().length(), 1000, 10000, - 50); - base::StringPiece proof; + UMA_HISTOGRAM_CUSTOM_COUNTS( + "Net.QuicSession.RejectLength", + message.GetSerialized(Perspective::IS_CLIENT).length(), 1000, 10000, + 50); + QuicStringPiece proof; UMA_HISTOGRAM_BOOLEAN("Net.QuicSession.RejectHasProof", message.GetStringPiece(kPROF, &proof)); } @@ -981,10 +966,6 @@ void QuicChromiumClientSession::OnConnectionClosed( UMA_HISTOGRAM_COUNTS( "Net.QuicSession.ConnectionClose.NumOpenStreams.TimedOut", GetNumOpenOutgoingStreams()); - // Notify the factory the connection timed out with open streams. - if (GetNumOpenOutgoingStreams() > 0 && stream_factory_) { - stream_factory_->OnTimeoutWithOpenStreams(); - } if (IsCryptoHandshakeConfirmed()) { if (GetNumOpenOutgoingStreams() > 0) { UMA_HISTOGRAM_BOOLEAN( @@ -1010,7 +991,18 @@ void QuicChromiumClientSession::OnConnectionClosed( } } - if (!IsCryptoHandshakeConfirmed()) { + if (IsCryptoHandshakeConfirmed()) { + // QUIC connections should not timeout while there are open streams, + // since PING frames are sent to prevent timeouts. If, however, the + // connection timed out with open streams then QUIC traffic has become + // blackholed. Alternatively, if too many retransmission timeouts occur + // then QUIC traffic has become blackholed. + if (stream_factory_ && + (error == QUIC_TOO_MANY_RTOS || (error == QUIC_NETWORK_IDLE_TIMEOUT && + GetNumOpenOutgoingStreams() > 0))) { + stream_factory_->OnBlackholeAfterHandshakeConfirmed(this); + } + } else { if (error == QUIC_PUBLIC_RESET) { RecordHandshakeFailureReason(HANDSHAKE_FAILURE_PUBLIC_RESET); } else if (connection()->GetStats().packets_received == 0) { @@ -1183,12 +1175,16 @@ void QuicChromiumClientSession::OnNetworkConnected( // migration process. Allows tests to be more uniform. stream_factory_->OnSessionGoingAway(this); stream_factory_->MigrateSessionToNewNetwork( - this, network, /*close_session_on_error=*/true, net_log_); + this, network, /*close_session_on_error=*/true, net_log); } void QuicChromiumClientSession::OnWriteError(int error_code) { DCHECK_NE(ERR_IO_PENDING, error_code); DCHECK_GT(0, error_code); + if (IsCryptoHandshakeConfirmed()) { + UMA_HISTOGRAM_SPARSE_SLOWLY("Net.QuicSession.WriteError.HandshakeConfirmed", + -error_code); + } connection()->OnWriteError(error_code); } @@ -1349,9 +1345,8 @@ void QuicChromiumClientSession::OnReadError( } DVLOG(1) << "Closing session on read error: " << result; UMA_HISTOGRAM_SPARSE_SLOWLY("Net.QuicSession.ReadError", -result); - NotifyFactoryOfSessionGoingAway(); - CloseSessionOnErrorInner(result, QUIC_PACKET_READ_ERROR); - NotifyFactoryOfSessionClosedLater(); + connection()->CloseConnection(QUIC_PACKET_READ_ERROR, ErrorToString(result), + ConnectionCloseBehavior::SILENT_CLOSE); } bool QuicChromiumClientSession::OnPacket(const QuicReceivedPacket& packet, diff --git a/chromium/net/quic/chromium/quic_chromium_client_session.h b/chromium/net/quic/chromium/quic_chromium_client_session.h index 7d9a87bb1e7..359df910887 100644 --- a/chromium/net/quic/chromium/quic_chromium_client_session.h +++ b/chromium/net/quic/chromium/quic_chromium_client_session.h @@ -216,9 +216,6 @@ class NET_EXPORT_PRIVATE QuicChromiumClientSession // Performs a crypto handshake with the server. int CryptoConnect(const CompletionCallback& callback); - // Resumes a crypto handshake with the server after a timeout. - int ResumeCryptoConnect(const CompletionCallback& callback); - // Causes the QuicConnectionHelper to start reading from all sockets // and passing the data along to the QuicConnection. void StartReading(); diff --git a/chromium/net/quic/chromium/quic_chromium_client_session_test.cc b/chromium/net/quic/chromium/quic_chromium_client_session_test.cc index 8d75a510fbe..e076f3b7e0f 100644 --- a/chromium/net/quic/chromium/quic_chromium_client_session_test.cc +++ b/chromium/net/quic/chromium/quic_chromium_client_session_test.cc @@ -326,7 +326,7 @@ TEST_P(QuicChromiumClientSessionTest, PushStreamTimedOutWithResponse) { promise_headers)); session_->OnInitialHeadersComplete(kServerDataStreamId1, SpdyHeaderBlock()); // Read data on the pushed stream. - QuicStreamFrame data(kServerDataStreamId1, false, 0, StringPiece("SP")); + QuicStreamFrame data(kServerDataStreamId1, false, 0, QuicStringPiece("SP")); session_->OnStreamFrame(data); QuicClientPromisedInfo* promised = @@ -488,7 +488,7 @@ TEST_P(QuicChromiumClientSessionTest, CancelPushAfterReceivingResponse) { promise_headers)); session_->OnInitialHeadersComplete(kServerDataStreamId1, SpdyHeaderBlock()); // Read data on the pushed stream. - QuicStreamFrame data(kServerDataStreamId1, false, 0, StringPiece("SP")); + QuicStreamFrame data(kServerDataStreamId1, false, 0, QuicStringPiece("SP")); session_->OnStreamFrame(data); QuicClientPromisedInfo* promised = @@ -751,7 +751,7 @@ TEST_P(QuicChromiumClientSessionTest, MigrateToSocket) { server_maker_.MakePingPacket(1, /*include_version=*/false)); std::unique_ptr<QuicEncryptedPacket> ack_and_data_out( client_maker_.MakeAckAndDataPacket(3, false, 5, 1, 1, false, 0, - StringPiece(data))); + QuicStringPiece(data))); MockRead reads[] = { MockRead(SYNCHRONOUS, server_ping->data(), server_ping->length(), 0), MockRead(SYNCHRONOUS, ERR_IO_PENDING, 1)}; diff --git a/chromium/net/quic/chromium/quic_chromium_client_stream.cc b/chromium/net/quic/chromium/quic_chromium_client_stream.cc index de95b4930e5..d224e1d761f 100644 --- a/chromium/net/quic/chromium/quic_chromium_client_stream.cc +++ b/chromium/net/quic/chromium/quic_chromium_client_stream.cc @@ -145,7 +145,7 @@ SpdyPriority QuicChromiumClientStream::priority() const { } int QuicChromiumClientStream::WriteStreamData( - base::StringPiece data, + QuicStringPiece data, bool fin, const CompletionCallback& callback) { // We should not have data buffered. @@ -170,7 +170,7 @@ int QuicChromiumClientStream::WritevStreamData( // Writes the data, or buffers it. for (size_t i = 0; i < buffers.size(); ++i) { bool is_fin = fin && (i == buffers.size() - 1); - base::StringPiece string_data(buffers[i]->data(), lengths[i]); + QuicStringPiece string_data(buffers[i]->data(), lengths[i]); WriteOrBufferData(string_data, is_fin, nullptr); } if (!HasBufferedData()) { diff --git a/chromium/net/quic/chromium/quic_chromium_client_stream.h b/chromium/net/quic/chromium/quic_chromium_client_stream.h index 9facd0cd0e7..e2b8c125728 100644 --- a/chromium/net/quic/chromium/quic_chromium_client_stream.h +++ b/chromium/net/quic/chromium/quic_chromium_client_stream.h @@ -22,6 +22,7 @@ #include "net/http/http_stream.h" #include "net/log/net_log_with_source.h" #include "net/quic/core/quic_spdy_stream.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -88,7 +89,7 @@ class NET_EXPORT_PRIVATE QuicChromiumClientStream : public QuicSpdyStream { // of client-side streams should be able to set the priority. using QuicSpdyStream::SetPriority; - int WriteStreamData(base::StringPiece data, + int WriteStreamData(QuicStringPiece data, bool fin, const CompletionCallback& callback); // Same as WriteStreamData except it writes data from a vector of IOBuffers, diff --git a/chromium/net/quic/chromium/quic_chromium_client_stream_test.cc b/chromium/net/quic/chromium/quic_chromium_client_stream_test.cc index 9dc3210005d..35b384c76dc 100644 --- a/chromium/net/quic/chromium/quic_chromium_client_stream_test.cc +++ b/chromium/net/quic/chromium/quic_chromium_client_stream_test.cc @@ -90,13 +90,13 @@ class MockQuicClientSessionBase : public QuicClientSessionBase { QuicStreamOffset bytes_written)); MOCK_METHOD2(OnStreamHeaders, - void(QuicStreamId stream_id, base::StringPiece headers_data)); + void(QuicStreamId stream_id, QuicStringPiece headers_data)); MOCK_METHOD2(OnStreamHeadersPriority, void(QuicStreamId stream_id, SpdyPriority priority)); MOCK_METHOD3(OnStreamHeadersComplete, void(QuicStreamId stream_id, bool fin, size_t frame_len)); MOCK_METHOD2(OnPromiseHeaders, - void(QuicStreamId stream_id, StringPiece headers_data)); + void(QuicStreamId stream_id, QuicStringPiece headers_data)); MOCK_METHOD3(OnPromiseHeadersComplete, void(QuicStreamId stream_id, QuicStreamId promised_stream_id, @@ -210,12 +210,12 @@ class QuicChromiumClientStreamTest "JBCScs_ejbKaqBDoB7ZGxTvqlrB__2ZmnHHjCr8RgMRtKNtIeuZAo "; } - void ReadData(StringPiece expected_data) { + void ReadData(QuicStringPiece expected_data) { scoped_refptr<IOBuffer> buffer(new IOBuffer(expected_data.length() + 1)); EXPECT_EQ(static_cast<int>(expected_data.length()), stream_->Read(buffer.get(), expected_data.length() + 1)); EXPECT_EQ(expected_data, - StringPiece(buffer->data(), expected_data.length())); + QuicStringPiece(buffer->data(), expected_data.length())); } QuicHeaderList ProcessHeaders(const SpdyHeaderBlock& headers) { @@ -258,7 +258,7 @@ TEST_P(QuicChromiumClientStreamTest, OnFinRead) { InitializeHeaders(); QuicStreamOffset offset = 0; ProcessHeadersFull(headers_); - QuicStreamFrame frame2(kTestStreamId, true, offset, StringPiece()); + QuicStreamFrame frame2(kTestStreamId, true, offset, QuicStringPiece()); EXPECT_CALL(delegate_, OnClose()); stream_->OnStreamFrame(frame2); } @@ -279,10 +279,9 @@ TEST_P(QuicChromiumClientStreamTest, OnDataAvailable) { /*offset=*/0, data)); EXPECT_CALL(delegate_, OnDataAvailable()) - .WillOnce(testing::Invoke( - CreateFunctor(&QuicChromiumClientStreamTest::ReadData, - base::Unretained(this), - StringPiece(data, arraysize(data) - 1)))); + .WillOnce(testing::Invoke(CreateFunctor( + &QuicChromiumClientStreamTest::ReadData, base::Unretained(this), + QuicStringPiece(data, arraysize(data) - 1)))); base::RunLoop().RunUntilIdle(); EXPECT_CALL(delegate_, OnClose()); @@ -307,6 +306,7 @@ TEST_P(QuicChromiumClientStreamTest, OnDataAvailableWithError) { InitializeHeaders(); auto headers = AsHeaderList(headers_); ProcessHeadersFull(headers_); + EXPECT_CALL(session_, SendRstStream(kTestStreamId, QUIC_STREAM_CANCELLED, 0)); const char data[] = "hello world!"; stream_->OnStreamFrame(QuicStreamFrame(kTestStreamId, /*fin=*/false, @@ -338,7 +338,7 @@ TEST_P(QuicChromiumClientStreamTest, OnTrailers) { EXPECT_CALL(delegate_, OnDataAvailable()) .WillOnce(testing::Invoke(CreateFunctor( &QuicChromiumClientStreamTest::ReadData, base::Unretained(this), - StringPiece(data, arraysize(data) - 1)))); + QuicStringPiece(data, arraysize(data) - 1)))); SpdyHeaderBlock trailers; trailers["bar"] = "foo"; @@ -358,7 +358,8 @@ TEST_P(QuicChromiumClientStreamTest, OnTrailers) { .Times(1) .WillOnce(testing::DoAll( testing::Invoke(CreateFunctor(&QuicChromiumClientStreamTest::ReadData, - base::Unretained(this), StringPiece())), + base::Unretained(this), + QuicStringPiece())), testing::InvokeWithoutArgs([&run_loop3]() { run_loop3.Quit(); }))); run_loop3.Run(); @@ -385,7 +386,7 @@ TEST_P(QuicChromiumClientStreamTest, MarkTrailersConsumedWhenNotifyDelegate) { .WillOnce(testing::DoAll( testing::Invoke(CreateFunctor( &QuicChromiumClientStreamTest::ReadData, base::Unretained(this), - StringPiece(data, arraysize(data) - 1))), + QuicStringPiece(data, arraysize(data) - 1))), testing::Invoke([&run_loop]() { run_loop.Quit(); }))); // Wait for the read to complete. @@ -415,7 +416,8 @@ TEST_P(QuicChromiumClientStreamTest, MarkTrailersConsumedWhenNotifyDelegate) { .Times(1) .WillOnce(testing::DoAll( testing::Invoke(CreateFunctor(&QuicChromiumClientStreamTest::ReadData, - base::Unretained(this), StringPiece())), + base::Unretained(this), + QuicStringPiece())), testing::InvokeWithoutArgs([&run_loop3]() { run_loop3.Quit(); }))); run_loop3.Run(); @@ -447,7 +449,7 @@ TEST_P(QuicChromiumClientStreamTest, ReadAfterTrailersReceivedButNotDelivered) { .WillOnce(testing::DoAll( testing::Invoke(CreateFunctor( &QuicChromiumClientStreamTest::ReadData, base::Unretained(this), - StringPiece(data, arraysize(data) - 1))), + QuicStringPiece(data, arraysize(data) - 1))), testing::Invoke([&run_loop]() { run_loop.Quit(); }))); // Wait for the read to complete. @@ -480,7 +482,8 @@ TEST_P(QuicChromiumClientStreamTest, ReadAfterTrailersReceivedButNotDelivered) { EXPECT_CALL(delegate_, OnDataAvailable()) .WillOnce(testing::DoAll( testing::Invoke(CreateFunctor(&QuicChromiumClientStreamTest::ReadData, - base::Unretained(this), StringPiece())), + base::Unretained(this), + QuicStringPiece())), testing::Invoke([&run_loop3]() { run_loop3.Quit(); }))); run_loop3.Run(); @@ -506,7 +509,7 @@ TEST_P(QuicChromiumClientStreamTest, WriteStreamData) { EXPECT_CALL(session_, WritevData(stream_, stream_->id(), _, _, _, _)) .WillOnce(Return(QuicConsumedData(kDataLen, true))); TestCompletionCallback callback; - EXPECT_EQ(OK, stream_->WriteStreamData(base::StringPiece(kData1, kDataLen), + EXPECT_EQ(OK, stream_->WriteStreamData(QuicStringPiece(kData1, kDataLen), true, callback.callback())); } @@ -522,7 +525,7 @@ TEST_P(QuicChromiumClientStreamTest, WriteStreamDataAsync) { .WillOnce(Return(QuicConsumedData(0, false))); TestCompletionCallback callback; EXPECT_EQ(ERR_IO_PENDING, - stream_->WriteStreamData(base::StringPiece(kData1, kDataLen), true, + stream_->WriteStreamData(QuicStringPiece(kData1, kDataLen), true, callback.callback())); ASSERT_FALSE(callback.have_result()); diff --git a/chromium/net/quic/chromium/quic_chromium_packet_writer.cc b/chromium/net/quic/chromium/quic_chromium_packet_writer.cc index 347457dbc5e..561399a119c 100644 --- a/chromium/net/quic/chromium/quic_chromium_packet_writer.cc +++ b/chromium/net/quic/chromium/quic_chromium_packet_writer.cc @@ -61,7 +61,7 @@ WriteResult QuicChromiumPacketWriter::WritePacketToSocket( } else { status = WRITE_STATUS_BLOCKED; write_blocked_ = true; - packet_ = packet; + packet_ = std::move(packet); } } diff --git a/chromium/net/quic/chromium/quic_connection_logger.cc b/chromium/net/quic/chromium/quic_connection_logger.cc index 27128a3a0a0..2d3e8726309 100644 --- a/chromium/net/quic/chromium/quic_connection_logger.cc +++ b/chromium/net/quic/chromium/quic_connection_logger.cc @@ -29,8 +29,8 @@ #include "net/quic/core/quic_packets.h" #include "net/quic/core/quic_socket_address_coder.h" #include "net/quic/core/quic_time.h" +#include "net/quic/platform/api/quic_string_piece.h" -using base::StringPiece; using std::string; namespace net { @@ -225,7 +225,8 @@ std::unique_ptr<base::Value> NetLogQuicCryptoHandshakeMessageCallback( const CryptoHandshakeMessage* message, NetLogCaptureMode /* capture_mode */) { std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue()); - dict->SetString("quic_crypto_handshake_message", message->DebugString()); + dict->SetString("quic_crypto_handshake_message", + message->DebugString(Perspective::IS_CLIENT)); return std::move(dict); } @@ -606,7 +607,7 @@ void QuicConnectionLogger::OnCryptoHandshakeMessageReceived( base::Bind(&NetLogQuicCryptoHandshakeMessageCallback, &message)); if (message.tag() == kSHLO) { - StringPiece address; + QuicStringPiece address; QuicSocketAddressCoder decoder; if (message.GetStringPiece(kCADR, &address) && decoder.Decode(address.data(), address.size())) { diff --git a/chromium/net/quic/chromium/quic_end_to_end_unittest.cc b/chromium/net/quic/chromium/quic_end_to_end_unittest.cc index 30e89f18ee5..2be21032ab0 100644 --- a/chromium/net/quic/chromium/quic_end_to_end_unittest.cc +++ b/chromium/net/quic/chromium/quic_end_to_end_unittest.cc @@ -31,6 +31,7 @@ #include "net/http/transport_security_state.h" #include "net/log/net_log_with_source.h" #include "net/proxy/proxy_service.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/test_tools/crypto_test_utils.h" #include "net/quic/test_tools/quic_test_utils.h" #include "net/ssl/default_channel_id_store.h" @@ -44,8 +45,6 @@ #include "testing/gtest/include/gtest/gtest.h" #include "testing/platform_test.h" -using base::StringPiece; - namespace net { using test::IsOk; @@ -189,10 +188,10 @@ class QuicEndToEndTest : public ::testing::TestWithParam<TestParams> { // Adds an entry to the cache used by the QUIC server to serve // responses. - void AddToCache(StringPiece path, + void AddToCache(QuicStringPiece path, int response_code, - StringPiece response_detail, - StringPiece body) { + QuicStringPiece response_detail, + QuicStringPiece body) { response_cache_.AddSimpleResponse("test.example.com", path, response_code, body); } diff --git a/chromium/net/quic/chromium/quic_http_stream.cc b/chromium/net/quic/chromium/quic_http_stream.cc index f824b464414..b634dea8085 100644 --- a/chromium/net/quic/chromium/quic_http_stream.cc +++ b/chromium/net/quic/chromium/quic_http_stream.cc @@ -22,6 +22,7 @@ #include "net/quic/core/quic_stream_sequencer.h" #include "net/quic/core/quic_utils.h" #include "net/quic/core/spdy_utils.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/spdy/spdy_frame_builder.h" #include "net/spdy/spdy_framer.h" #include "net/spdy/spdy_http_utils.h" @@ -44,19 +45,23 @@ std::unique_ptr<base::Value> NetLogQuicPushStreamCallback( } // namespace QuicHttpStream::QuicHttpStream( - const base::WeakPtr<QuicChromiumClientSession>& session) + const base::WeakPtr<QuicChromiumClientSession>& session, + HttpServerProperties* http_server_properties) : MultiplexedHttpStream(MultiplexedSessionHandle(session)), next_state_(STATE_NONE), session_(session), + server_id_(session->server_id()), + http_server_properties_(http_server_properties), quic_version_(session->GetQuicVersion()), - session_error_(OK), + session_error_(ERR_UNEXPECTED), was_handshake_confirmed_(session->IsCryptoHandshakeConfirmed()), stream_(nullptr), request_info_(nullptr), request_body_stream_(nullptr), priority_(MINIMUM_PRIORITY), response_info_(nullptr), - response_status_(OK), + has_response_status_(false), + response_status_(ERR_UNEXPECTED), response_headers_received_(false), headers_bytes_received_(0), headers_bytes_sent_(0), @@ -65,6 +70,7 @@ QuicHttpStream::QuicHttpStream( closed_is_first_stream_(false), user_buffer_len_(0), quic_connection_error_(QUIC_NO_ERROR), + quic_stream_error_(QUIC_STREAM_NO_ERROR), port_migration_detected_(false), found_promise_(false), push_handle_(nullptr), @@ -156,9 +162,13 @@ int QuicHttpStream::InitializeStream(const HttpRequestInfo* request_info, const CompletionCallback& callback) { CHECK(callback_.is_null()); DCHECK(!stream_); + + // HttpNetworkTransaction will retry any request that fails with + // ERR_QUIC_HANDSHAKE_FAILED. It will retry any request with + // ERR_CONNECTION_CLOSED so long as the connection has been used for other + // streams first and headers have not yet been received. if (!session_) - return was_handshake_confirmed_ ? ERR_CONNECTION_CLOSED - : ERR_QUIC_HANDSHAKE_FAILED; + return GetResponseStatus(); stream_net_log.AddEvent( NetLogEventType::HTTP_STREAM_REQUEST_BOUND_TO_QUIC_SESSION, @@ -249,10 +259,11 @@ int QuicHttpStream::SendRequest(const HttpRequestHeaders& request_headers, UMA_HISTOGRAM_BOOLEAN("Net.QuicSession.CookieSentToAccountsOverChannelId", ssl_info.channel_id_sent); } - if ((!found_promise_ && !stream_) || !session_) { - return was_handshake_confirmed_ ? ERR_CONNECTION_CLOSED - : ERR_QUIC_HANDSHAKE_FAILED; - } + + // In order to rendezvous with a push stream, the session still needs to be + // available. Otherwise the stream needs to be available. + if ((!found_promise_ && !stream_) || !session_) + return GetResponseStatus(); // Store the serialized request headers. CreateSpdyHeadersFromHttpRequest(*request_info_, request_headers, @@ -264,7 +275,6 @@ int QuicHttpStream::SendRequest(const HttpRequestHeaders& request_headers, // A request with a body is ineligible for push, so reset the // promised stream and request a new stream. if (found_promise_) { - found_promise_ = false; std::string url(request_info_->url.spec()); QuicClientPromisedInfo* promised = session_->push_promise_index()->GetPromised(url); @@ -291,10 +301,13 @@ int QuicHttpStream::SendRequest(const HttpRequestHeaders& request_headers, int rv; - if (found_promise_) { + if (!found_promise_) { + next_state_ = STATE_SET_REQUEST_PRIORITY; + } else if (!request_body_stream_) { next_state_ = STATE_HANDLE_PROMISE; } else { - next_state_ = STATE_SET_REQUEST_PRIORITY; + found_promise_ = false; + next_state_ = STATE_REQUEST_STREAM; } rv = DoLoop(OK); @@ -309,8 +322,7 @@ int QuicHttpStream::ReadResponseHeaders(const CompletionCallback& callback) { CHECK(!callback.is_null()); if (stream_ == nullptr) - return response_status_; - + return GetResponseStatus(); // Check if we already have the response headers. If so, return synchronously. if (response_headers_received_) return OK; @@ -337,10 +349,9 @@ int QuicHttpStream::ReadResponseBody(IOBuffer* buf, // anymore. request_info_ = nullptr; - if (!stream_) { - // If the stream is already closed, there is no body to read. - return response_status_; - } + // If the stream is already closed, there is no body to read. + if (!stream_) + return GetResponseStatus(); int rv = ReadAvailableData(buf, buf_len); if (rv != ERR_IO_PENDING) @@ -352,13 +363,13 @@ int QuicHttpStream::ReadResponseBody(IOBuffer* buf, return ERR_IO_PENDING; } -void QuicHttpStream::Close(bool not_reusable) { - // Note: the not_reusable flag has no meaning for SPDY streams. +void QuicHttpStream::Close(bool /*not_reusable*/) { + session_error_ = ERR_ABORTED; + SaveResponseStatus(); + // Note: the not_reusable flag has no meaning for QUIC streams. if (stream_) { stream_->SetDelegate(nullptr); stream_->Reset(QUIC_STREAM_CANCELLED); - response_status_ = was_handshake_confirmed_ ? ERR_CONNECTION_CLOSED - : ERR_QUIC_HANDSHAKE_FAILED; } ResetStream(); } @@ -412,6 +423,14 @@ bool QuicHttpStream::GetLoadTimingInfo(LoadTimingInfo* load_timing_info) const { return true; } +bool QuicHttpStream::GetAlternativeService( + AlternativeService* alternative_service) const { + alternative_service->protocol = kProtoQUIC; + alternative_service->host = server_id_.host(); + alternative_service->port = server_id_.port(); + return true; +} + void QuicHttpStream::PopulateNetErrorDetails(NetErrorDetails* details) { details->connection_info = ConnectionInfoFromQuicVersion(quic_version_); if (was_handshake_confirmed_) @@ -437,6 +456,7 @@ void QuicHttpStream::OnHeadersAvailable(const SpdyHeaderBlock& headers, // Close the read side. If the write side has been closed, this will // invoke QuicHttpStream::OnClose to reset the stream. stream_->OnFinRead(); + SetResponseStatus(OK); } return; } @@ -468,35 +488,30 @@ void QuicHttpStream::OnDataAvailable() { } void QuicHttpStream::OnClose() { - if (stream_->connection_error() != QUIC_NO_ERROR || - stream_->stream_error() != QUIC_STREAM_NO_ERROR) { - response_status_ = was_handshake_confirmed_ ? ERR_QUIC_PROTOCOL_ERROR - : ERR_QUIC_HANDSHAKE_FAILED; - } else if (!response_headers_received_) { - response_status_ = ERR_ABORTED; - } - quic_connection_error_ = stream_->connection_error(); + quic_stream_error_ = stream_->stream_error(); + SaveResponseStatus(); + ResetStream(); - if (in_loop_) { - // If already in DoLoop(), |callback_| will be handled when DoLoop() exits. + // If already in DoLoop(), |callback_| will be handled when DoLoop() exits. + if (in_loop_) return; - } + if (!callback_.is_null()) { - DoCallback(response_status_); + DoCallback(GetResponseStatus()); } } void QuicHttpStream::OnError(int error) { ResetStream(); - response_status_ = - was_handshake_confirmed_ ? error : ERR_QUIC_HANDSHAKE_FAILED; + session_error_ = error; + SaveResponseStatus(); if (in_loop_) { // If already in DoLoop(), |callback_| will be handled when DoLoop() exits. return; } if (!callback_.is_null()) - DoCallback(response_status_); + DoCallback(GetResponseStatus()); } bool QuicHttpStream::HasSendHeadersComplete() { @@ -519,9 +534,11 @@ void QuicHttpStream::OnSuccessfulVersionNegotiation( } void QuicHttpStream::OnSessionClosed(int error, bool port_migration_detected) { - Close(false); session_error_ = error; port_migration_detected_ = port_migration_detected; + SaveResponseStatus(); + + Close(false); session_.reset(); } @@ -619,8 +636,10 @@ int QuicHttpStream::DoRequestStream() { int QuicHttpStream::DoRequestStreamComplete(int rv) { DCHECK(rv == OK || !stream_); - if (rv != OK) - return was_handshake_confirmed_ ? rv : ERR_QUIC_HANDSHAKE_FAILED; + if (rv != OK) { + session_error_ = rv; + return GetResponseStatus(); + } stream_->SetDelegate(this); if (request_info_->load_flags & LOAD_DISABLE_CONNECTION_MIGRATION) { @@ -667,7 +686,7 @@ int QuicHttpStream::DoWaitForConfirmationComplete(int rv) { int QuicHttpStream::DoSendHeaders() { if (!stream_) - return ERR_UNEXPECTED; + return GetResponseStatus(); // Log the actual request with the URL Request's net log. stream_net_log_.AddEvent( @@ -691,7 +710,7 @@ int QuicHttpStream::DoSendHeadersComplete(int rv) { // If the stream is already closed, don't read the request body. if (!stream_) - return response_status_; + return GetResponseStatus(); next_state_ = request_body_stream_ ? STATE_READ_REQUEST_BODY : STATE_OPEN; @@ -708,7 +727,7 @@ int QuicHttpStream::DoReadRequestBody() { int QuicHttpStream::DoReadRequestBodyComplete(int rv) { // If the stream is already closed, don't continue. if (!stream_) - return response_status_; + return GetResponseStatus(); // |rv| is the result of read from the request body from the last call to // DoSendBody(). @@ -730,7 +749,7 @@ int QuicHttpStream::DoReadRequestBodyComplete(int rv) { int QuicHttpStream::DoSendBody() { if (!stream_) - return ERR_UNEXPECTED; + return GetResponseStatus(); CHECK(request_body_stream_); CHECK(request_body_buf_.get()); @@ -738,7 +757,7 @@ int QuicHttpStream::DoSendBody() { int len = request_body_buf_->BytesRemaining(); if (len > 0 || eof) { next_state_ = STATE_SEND_BODY_COMPLETE; - base::StringPiece data(request_body_buf_->data(), len); + QuicStringPiece data(request_body_buf_->data(), len); return stream_->WriteStreamData( data, eof, base::Bind(&QuicHttpStream::OnIOComplete, weak_factory_.GetWeakPtr())); @@ -754,7 +773,7 @@ int QuicHttpStream::DoSendBodyComplete(int rv) { // If the stream is already closed, don't continue. if (!stream_) - return response_status_; + return GetResponseStatus(); request_body_buf_->DidConsume(request_body_buf_->BytesRemaining()); @@ -804,6 +823,7 @@ int QuicHttpStream::ReadAvailableData(IOBuffer* buf, int buf_len) { if (stream_->IsDoneReading()) { stream_->SetDelegate(nullptr); stream_->OnFinRead(); + SetResponseStatus(OK); ResetStream(); } return rv; @@ -830,4 +850,48 @@ void QuicHttpStream::ResetStream() { request_body_stream_->Reset(); } +int QuicHttpStream::GetResponseStatus() { + SaveResponseStatus(); + return response_status_; +} + +void QuicHttpStream::SaveResponseStatus() { + if (!has_response_status_) + SetResponseStatus(ComputeResponseStatus()); +} + +void QuicHttpStream::SetResponseStatus(int response_status) { + has_response_status_ = true; + response_status_ = response_status; +} + +int QuicHttpStream::ComputeResponseStatus() const { + DCHECK(!has_response_status_); + + // If the handshake has failed this will be handled by the QuicStreamFactory + // and HttpStreamFactory to mark QUIC as broken if TCP is actually working. + if (!was_handshake_confirmed_) + return ERR_QUIC_HANDSHAKE_FAILED; + + // If the session was aborted by a higher layer, simply use that error code. + if (session_error_ != ERR_UNEXPECTED) + return session_error_; + + // If |response_info_| is null then the request has not been sent, so + // return ERR_CONNECTION_CLOSED to permit HttpNetworkTransaction to + // retry the request. + if (!response_info_) + return ERR_CONNECTION_CLOSED; + + // Explicit stream error are always fatal. + if (quic_stream_error_ != QUIC_STREAM_NO_ERROR && + quic_stream_error_ != QUIC_STREAM_CONNECTION_ERROR) { + return ERR_QUIC_PROTOCOL_ERROR; + } + + DCHECK_NE(QUIC_HANDSHAKE_TIMEOUT, quic_connection_error_); + + return ERR_QUIC_PROTOCOL_ERROR; +} + } // namespace net diff --git a/chromium/net/quic/chromium/quic_http_stream.h b/chromium/net/quic/chromium/quic_http_stream.h index 3dd49821917..262aeed071a 100644 --- a/chromium/net/quic/chromium/quic_http_stream.h +++ b/chromium/net/quic/chromium/quic_http_stream.h @@ -18,6 +18,7 @@ #include "net/base/load_timing_info.h" #include "net/base/net_export.h" #include "net/http/http_response_info.h" +#include "net/http/http_server_properties.h" #include "net/log/net_log_with_source.h" #include "net/quic/chromium/quic_chromium_client_session.h" #include "net/quic/chromium/quic_chromium_client_stream.h" @@ -40,8 +41,8 @@ class NET_EXPORT_PRIVATE QuicHttpStream public QuicClientPushPromiseIndex::Delegate, public MultiplexedHttpStream { public: - explicit QuicHttpStream( - const base::WeakPtr<QuicChromiumClientSession>& session); + QuicHttpStream(const base::WeakPtr<QuicChromiumClientSession>& session, + HttpServerProperties* http_server_properties); ~QuicHttpStream() override; @@ -63,6 +64,8 @@ class NET_EXPORT_PRIVATE QuicHttpStream int64_t GetTotalReceivedBytes() const override; int64_t GetTotalSentBytes() const override; bool GetLoadTimingInfo(LoadTimingInfo* load_timing_info) const override; + bool GetAlternativeService( + AlternativeService* alternative_service) const override; void PopulateNetErrorDetails(NetErrorDetails* details) override; void SetPriority(RequestPriority priority) override; @@ -134,9 +137,25 @@ class NET_EXPORT_PRIVATE QuicHttpStream void ResetStream(); + // If |has_response_status_| is false, sets |response_status| to the result + // of ComputeResponseStatus(). Returns |response_status_|. + int GetResponseStatus(); + // Sets the result of |ComputeResponseStatus()| as the |response_status_|. + void SaveResponseStatus(); + // Sets |response_status_| to |response_status| and sets + // |has_response_status_| to true. + void SetResponseStatus(int response_status); + // Computes the correct response status based on the status of the handshake, + // |session_error|, |connection_error| and |stream_error|. + int ComputeResponseStatus() const; + State next_state_; base::WeakPtr<QuicChromiumClientSession> session_; + const QuicServerId server_id_; // The ID of the QUIC server for this stream. + + HttpServerProperties* http_server_properties_; // Unowned. + QuicVersion quic_version_; int session_error_; // Error code from the connection shutdown. bool was_handshake_confirmed_; // True if the crypto handshake succeeded. @@ -159,6 +178,7 @@ class NET_EXPORT_PRIVATE QuicHttpStream // |response_info_| is the HTTP response data object which is filled in // when a the response headers are read. It is not owned by this stream. HttpResponseInfo* response_info_; + bool has_response_status_; // true if response_status_ as been set. // Because response data is buffered, also buffer the response status if the // stream is explicitly closed via OnError or OnClose with an error. // Once all buffered data has been returned, this will be used as the final @@ -198,7 +218,8 @@ class NET_EXPORT_PRIVATE QuicHttpStream NetLogWithSource stream_net_log_; - QuicErrorCode quic_connection_error_; + QuicErrorCode quic_connection_error_; // Cached connection error code. + QuicRstStreamErrorCode quic_stream_error_; // Cached stream error code. // True when this stream receives a go away from server due to port migration. bool port_migration_detected_; diff --git a/chromium/net/quic/chromium/quic_http_stream_test.cc b/chromium/net/quic/chromium/quic_http_stream_test.cc index ee849314890..28d88c9ae9a 100644 --- a/chromium/net/quic/chromium/quic_http_stream_test.cc +++ b/chromium/net/quic/chromium/quic_http_stream_test.cc @@ -22,6 +22,7 @@ #include "net/base/test_completion_callback.h" #include "net/base/upload_bytes_element_reader.h" #include "net/http/http_response_headers.h" +#include "net/http/http_server_properties_impl.h" #include "net/http/transport_security_state.h" #include "net/log/net_log_event_type.h" #include "net/log/test_net_log.h" @@ -35,6 +36,7 @@ #include "net/quic/chromium/quic_http_utils.h" #include "net/quic/chromium/quic_server_info.h" #include "net/quic/chromium/quic_test_packet_maker.h" +#include "net/quic/chromium/test_task_runner.h" #include "net/quic/core/congestion_control/send_algorithm_interface.h" #include "net/quic/core/crypto/crypto_protocol.h" #include "net/quic/core/crypto/quic_decrypter.h" @@ -42,12 +44,12 @@ #include "net/quic/core/quic_connection.h" #include "net/quic/core/quic_write_blocked_list.h" #include "net/quic/core/spdy_utils.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/test_tools/crypto_test_utils.h" #include "net/quic/test_tools/mock_clock.h" #include "net/quic/test_tools/mock_random.h" #include "net/quic/test_tools/quic_connection_peer.h" #include "net/quic/test_tools/quic_test_utils.h" -#include "net/quic/test_tools/test_task_runner.h" #include "net/socket/socket_performance_watcher.h" #include "net/socket/socket_test_util.h" #include "net/spdy/spdy_frame_builder.h" @@ -71,7 +73,7 @@ namespace { const char kUploadData[] = "Really nifty data!"; const char kDefaultServerHostName[] = "www.example.org"; -const uint16_t kDefaultServerPort = 80; +const uint16_t kDefaultServerPort = 443; class TestQuicConnection : public QuicConnection { public: @@ -100,8 +102,9 @@ class TestQuicConnection : public QuicConnection { class AutoClosingStream : public QuicHttpStream { public: explicit AutoClosingStream( - const base::WeakPtr<QuicChromiumClientSession>& session) - : QuicHttpStream(session) {} + const base::WeakPtr<QuicChromiumClientSession>& session, + HttpServerProperties* http_server_properties) + : QuicHttpStream(session, http_server_properties) {} void OnHeadersAvailable(const SpdyHeaderBlock& headers, size_t frame_len) override { @@ -288,6 +291,7 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> { EXPECT_CALL(*send_algorithm_, BandwidthEstimate()) .WillRepeatedly(Return(QuicBandwidth::Zero())); EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)).Times(AnyNumber()); + EXPECT_CALL(*send_algorithm_, OnApplicationLimited(_)).Times(AnyNumber()); helper_.reset( new QuicChromiumConnectionHelper(&clock_, &random_generator_)); alarm_factory_.reset(new QuicChromiumAlarmFactory(runner_.get(), &clock_)); @@ -328,12 +332,16 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> { session_->CryptoConnect(callback.callback()); EXPECT_TRUE(session_->IsCryptoHandshakeConfirmed()); stream_.reset(use_closing_stream_ - ? new AutoClosingStream(session_->GetWeakPtr()) - : new QuicHttpStream(session_->GetWeakPtr())); + ? new AutoClosingStream(session_->GetWeakPtr(), + &http_server_properties_) + : new QuicHttpStream(session_->GetWeakPtr(), + &http_server_properties_)); promised_stream_.reset(use_closing_stream_ - ? new AutoClosingStream(session_->GetWeakPtr()) - : new QuicHttpStream(session_->GetWeakPtr())); + ? new AutoClosingStream(session_->GetWeakPtr(), + &http_server_properties_) + : new QuicHttpStream(session_->GetWeakPtr(), + &http_server_properties_)); push_promise_[":path"] = "/bar"; push_promise_[":authority"] = "www.example.org"; @@ -354,7 +362,7 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> { void SetRequest(const string& method, const string& path, RequestPriority priority) { - request_headers_ = client_maker_.GetRequestHeaders(method, "http", path); + request_headers_ = client_maker_.GetRequestHeaders(method, "https", path); } void SetResponse(const string& status, const string& body) { @@ -368,7 +376,7 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> { bool should_include_version, bool fin, QuicStreamOffset offset, - base::StringPiece data, + QuicStringPiece data, QuicTestPacketMaker* maker) { return maker->MakeDataPacket(packet_number, stream_id, should_include_version, fin, offset, data); @@ -379,7 +387,7 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> { bool should_include_version, bool fin, QuicStreamOffset offset, - base::StringPiece data) { + QuicStringPiece data) { return InnerConstructDataPacket(packet_number, stream_id_, should_include_version, fin, offset, data, &client_maker_); @@ -390,7 +398,7 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> { bool should_include_version, bool fin, QuicStreamOffset offset, - base::StringPiece data) { + QuicStringPiece data) { return InnerConstructDataPacket(packet_number, stream_id_, should_include_version, fin, offset, data, &server_maker_); @@ -557,6 +565,7 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> { scoped_refptr<TestTaskRunner> runner_; std::unique_ptr<MockWrite[]> mock_writes_; MockClock clock_; + HttpServerPropertiesImpl http_server_properties_; TestQuicConnection* connection_; std::unique_ptr<QuicChromiumConnectionHelper> helper_; std::unique_ptr<QuicChromiumAlarmFactory> alarm_factory_; @@ -637,7 +646,7 @@ TEST_P(QuicHttpStreamTest, GetRequest) { Initialize(); request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); // Make sure getting load timing from the stream early does not crash. LoadTimingInfo load_timing_info; @@ -707,7 +716,7 @@ TEST_P(QuicHttpStreamTest, LoadTimingTwoRequests) { Initialize(); request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); // Start first request. EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, @@ -716,7 +725,7 @@ TEST_P(QuicHttpStreamTest, LoadTimingTwoRequests) { stream_->SendRequest(headers_, &response_, callback_.callback())); // Start a second request. - QuicHttpStream stream2(session_->GetWeakPtr()); + QuicHttpStream stream2(session_->GetWeakPtr(), &http_server_properties_); TestCompletionCallback callback2; EXPECT_EQ(OK, stream2.InitializeStream(&request_, DEFAULT_PRIORITY, @@ -786,7 +795,7 @@ TEST_P(QuicHttpStreamTest, GetRequestWithTrailers) { Initialize(); request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, @@ -880,7 +889,7 @@ TEST_P(QuicHttpStreamTest, GetRequestLargeResponse) { Initialize(); request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, @@ -930,7 +939,7 @@ TEST_P(QuicHttpStreamTest, SessionClosedBeforeSendRequest) { Initialize(); request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, @@ -952,7 +961,7 @@ TEST_P(QuicHttpStreamTest, GetSSLInfoAfterSessionClosed) { Initialize(); request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, @@ -971,6 +980,31 @@ TEST_P(QuicHttpStreamTest, GetSSLInfoAfterSessionClosed) { EXPECT_TRUE(ssl_info2.is_valid()); } +TEST_P(QuicHttpStreamTest, GetAlternativeService) { + SetRequest("GET", "/", DEFAULT_PRIORITY); + Initialize(); + + request_.method = "GET"; + request_.url = GURL("https://www.example.org/"); + + EXPECT_EQ(OK, + stream_->InitializeStream(&request_, DEFAULT_PRIORITY, + net_log_.bound(), callback_.callback())); + + AlternativeService alternative_service; + EXPECT_TRUE(stream_->GetAlternativeService(&alternative_service)); + EXPECT_EQ(AlternativeService(kProtoQUIC, "www.example.org", 443), + alternative_service); + + session_->connection()->CloseConnection( + QUIC_NO_ERROR, "test", ConnectionCloseBehavior::SILENT_CLOSE); + + AlternativeService alternative_service2; + EXPECT_TRUE(stream_->GetAlternativeService(&alternative_service2)); + EXPECT_EQ(AlternativeService(kProtoQUIC, "www.example.org", 443), + alternative_service2); +} + TEST_P(QuicHttpStreamTest, LogGranularQuicConnectionError) { SetRequest("GET", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; @@ -986,7 +1020,7 @@ TEST_P(QuicHttpStreamTest, LogGranularQuicConnectionError) { Initialize(); request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, @@ -1026,7 +1060,7 @@ TEST_P(QuicHttpStreamTest, DoNotLogGranularQuicErrorIfHandshakeNotConfirmed) { Initialize(); request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, @@ -1069,7 +1103,7 @@ TEST_P(QuicHttpStreamTest, SessionClosedBeforeReadResponseHeaders) { Initialize(); request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, @@ -1110,7 +1144,7 @@ TEST_P(QuicHttpStreamTest, SendPostRequest) { kUploadData, strlen(kUploadData))); ElementsUploadDataStream upload_data_stream(std::move(element_readers), 0); request_.method = "POST"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); request_.upload_data_stream = &upload_data_stream; ASSERT_THAT(request_.upload_data_stream->Init(CompletionCallback(), NetLogWithSource()), @@ -1182,7 +1216,7 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequest) { upload_data_stream.AppendData(kUploadData, chunk_size, false); request_.method = "POST"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); request_.upload_data_stream = &upload_data_stream; ASSERT_EQ(OK, request_.upload_data_stream->Init( TestCompletionCallback().callback(), NetLogWithSource())); @@ -1257,7 +1291,7 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequestWithFinalEmptyDataPacket) { upload_data_stream.AppendData(kUploadData, chunk_size, false); request_.method = "POST"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); request_.upload_data_stream = &upload_data_stream; ASSERT_EQ(OK, request_.upload_data_stream->Init( TestCompletionCallback().callback(), NetLogWithSource())); @@ -1326,7 +1360,7 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequestWithOneEmptyDataPacket) { ChunkedUploadDataStream upload_data_stream(0); request_.method = "POST"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); request_.upload_data_stream = &upload_data_stream; ASSERT_EQ(OK, request_.upload_data_stream->Init( TestCompletionCallback().callback(), NetLogWithSource())); @@ -1393,7 +1427,7 @@ TEST_P(QuicHttpStreamTest, DestroyedEarly) { Initialize(); request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, @@ -1438,7 +1472,7 @@ TEST_P(QuicHttpStreamTest, Priority) { Initialize(); request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); EXPECT_EQ(OK, stream_->InitializeStream(&request_, MEDIUM, net_log_.bound(), callback_.callback())); @@ -1491,7 +1525,7 @@ TEST_P(QuicHttpStreamTest, CheckPriorityWithNoDelegate) { Initialize(); request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); EXPECT_EQ(OK, stream_->InitializeStream(&request_, MEDIUM, net_log_.bound(), callback_.callback())); @@ -1534,7 +1568,7 @@ TEST_P(QuicHttpStreamTest, SessionClosedDuringDoLoop) { ChunkedUploadDataStream upload_data_stream(0); request_.method = "POST"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); request_.upload_data_stream = &upload_data_stream; ASSERT_EQ(OK, request_.upload_data_stream->Init( TestCompletionCallback().callback(), NetLogWithSource())); @@ -1566,7 +1600,7 @@ TEST_P(QuicHttpStreamTest, SessionClosedBeforeSendHeadersComplete) { ChunkedUploadDataStream upload_data_stream(0); request_.method = "POST"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); request_.upload_data_stream = &upload_data_stream; ASSERT_EQ(OK, request_.upload_data_stream->Init( TestCompletionCallback().callback(), NetLogWithSource())); @@ -1596,7 +1630,7 @@ TEST_P(QuicHttpStreamTest, SessionClosedBeforeSendBodyComplete) { upload_data_stream.AppendData(kUploadData, chunk_size, false); request_.method = "POST"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); request_.upload_data_stream = &upload_data_stream; ASSERT_EQ(OK, request_.upload_data_stream->Init( TestCompletionCallback().callback(), NetLogWithSource())); @@ -1614,7 +1648,7 @@ TEST_P(QuicHttpStreamTest, ServerPushGetRequest) { // Initialize the first stream, for receiving the promise on. request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, @@ -1680,7 +1714,7 @@ TEST_P(QuicHttpStreamTest, ServerPushGetRequestSlowResponse) { // Initialize the first stream, for receiving the promise on. request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, @@ -1754,7 +1788,7 @@ TEST_P(QuicHttpStreamTest, ServerPushCancelHttpStreamBeforeResponse) { // Initialize the first stream, for receiving the promise on. request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, @@ -1796,7 +1830,7 @@ TEST_P(QuicHttpStreamTest, ServerPushCrossOriginOK) { // Initialize the first stream, for receiving the promise on. request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, @@ -1868,7 +1902,7 @@ TEST_P(QuicHttpStreamTest, ServerPushCrossOriginFail) { // Initialize the first stream, for receiving the promise on. request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, @@ -1893,7 +1927,7 @@ TEST_P(QuicHttpStreamTest, ServerPushVaryCheckOK) { // Initialize the first stream, for receiving the promise on. request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, @@ -1988,7 +2022,7 @@ TEST_P(QuicHttpStreamTest, ServerPushVaryCheckFail) { // Initialize the first stream, for receiving the promise on. request_.method = "GET"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); EXPECT_EQ(OK, stream_->InitializeStream(&request_, DEFAULT_PRIORITY, @@ -2103,7 +2137,7 @@ TEST_P(QuicHttpStreamTest, DataReadErrorSynchronous) { ReadErrorUploadDataStream upload_data_stream( ReadErrorUploadDataStream::FailureMode::SYNC); request_.method = "POST"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); request_.upload_data_stream = &upload_data_stream; ASSERT_EQ(OK, request_.upload_data_stream->Init( TestCompletionCallback().callback(), NetLogWithSource())); @@ -2140,7 +2174,7 @@ TEST_P(QuicHttpStreamTest, DataReadErrorAsynchronous) { ReadErrorUploadDataStream upload_data_stream( ReadErrorUploadDataStream::FailureMode::ASYNC); request_.method = "POST"; - request_.url = GURL("http://www.example.org/"); + request_.url = GURL("https://www.example.org/"); request_.upload_data_stream = &upload_data_stream; ASSERT_EQ(OK, request_.upload_data_stream->Init( TestCompletionCallback().callback(), NetLogWithSource())); diff --git a/chromium/net/quic/chromium/quic_network_transaction_unittest.cc b/chromium/net/quic/chromium/quic_network_transaction_unittest.cc index 3dae6738334..25f83c47770 100644 --- a/chromium/net/quic/chromium/quic_network_transaction_unittest.cc +++ b/chromium/net/quic/chromium/quic_network_transaction_unittest.cc @@ -16,6 +16,7 @@ #include "base/strings/stringprintf.h" #include "base/test/histogram_tester.h" #include "net/base/chunked_upload_data_stream.h" +#include "net/base/mock_network_change_notifier.h" #include "net/base/test_completion_callback.h" #include "net/base/test_proxy_delegate.h" #include "net/cert/ct_policy_enforcer.h" @@ -39,13 +40,16 @@ #include "net/proxy/proxy_service.h" #include "net/quic/chromium/crypto/proof_verifier_chromium.h" #include "net/quic/chromium/mock_crypto_client_stream_factory.h" -#include "net/quic/chromium/mock_network_change_notifier.h" #include "net/quic/chromium/mock_quic_data.h" +#include "net/quic/chromium/quic_chromium_alarm_factory.h" #include "net/quic/chromium/quic_http_utils.h" +#include "net/quic/chromium/quic_stream_factory_peer.h" #include "net/quic/chromium/quic_test_packet_maker.h" +#include "net/quic/chromium/test_task_runner.h" #include "net/quic/core/crypto/quic_decrypter.h" #include "net/quic/core/crypto/quic_encrypter.h" #include "net/quic/core/quic_framer.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/test_tools/crypto_test_utils.h" #include "net/quic/test_tools/mock_clock.h" #include "net/quic/test_tools/mock_random.h" @@ -292,6 +296,16 @@ class QuicNetworkTransactionTest } std::unique_ptr<QuicEncryptedPacket> ConstructClientAckPacket( + QuicPacketNumber packet_number, + QuicPacketNumber largest_received, + QuicPacketNumber least_unacked, + QuicTime::Delta ack_delay_time) { + return client_maker_.MakeAckPacket(packet_number, largest_received, + least_unacked, least_unacked, true, + ack_delay_time); + } + + std::unique_ptr<QuicEncryptedPacket> ConstructClientAckPacket( QuicPacketNumber largest_received, QuicPacketNumber least_unacked) { return client_maker_.MakeAckPacket(2, largest_received, least_unacked, @@ -401,7 +415,7 @@ class QuicNetworkTransactionTest bool should_include_version, bool fin, QuicStreamOffset offset, - base::StringPiece data) { + QuicStringPiece data) { return server_maker_.MakeDataPacket( packet_number, stream_id, should_include_version, fin, offset, data); } @@ -412,7 +426,7 @@ class QuicNetworkTransactionTest bool should_include_version, bool fin, QuicStreamOffset offset, - base::StringPiece data) { + QuicStringPiece data) { return client_maker_.MakeDataPacket( packet_number, stream_id, should_include_version, fin, offset, data); } @@ -423,7 +437,7 @@ class QuicNetworkTransactionTest bool should_include_version, bool fin, QuicStreamOffset* offset, - base::StringPiece data) { + QuicStringPiece data) { return client_maker_.MakeForceHolDataPacket( packet_number, stream_id, should_include_version, fin, offset, data); } @@ -453,6 +467,17 @@ class QuicNetworkTransactionTest std::move(headers), nullptr); } + std::unique_ptr<QuicEncryptedPacket> ConstructClientMultipleDataFramesPacket( + QuicPacketNumber packet_number, + QuicStreamId stream_id, + bool should_include_version, + bool fin, + const std::vector<std::string>& data, + QuicStreamOffset offset) { + return client_maker_.MakeMultipleDataFramesPacket( + packet_number, stream_id, should_include_version, fin, offset, data); + } + std::unique_ptr<QuicEncryptedPacket> ConstructServerPushPromisePacket( QuicPacketNumber packet_number, QuicStreamId stream_id, @@ -637,6 +662,8 @@ class QuicNetworkTransactionTest http_server_properties_.GetAlternativeServices(server); EXPECT_EQ(1u, alternative_service_vector.size()); EXPECT_EQ(kProtoQUIC, alternative_service_vector[0].protocol); + EXPECT_FALSE(http_server_properties_.IsAlternativeServiceBroken( + alternative_service_vector[0])); } void AddHangingNonAlternateProtocolSocketData() { @@ -716,7 +743,7 @@ class QuicNetworkTransactionTest const QuicVersion version_; QuicFlagSaver flags_; // Save/restore all QUIC flag values. - MockClock* clock_; // Owned by QuicStreamFactory after CreateSession. + MockClock* clock_; // Owned by QuicStreamFactory after CreateSession. QuicTestPacketMaker client_maker_; QuicTestPacketMaker server_maker_; std::unique_ptr<HttpNetworkSession> session_; @@ -1018,8 +1045,7 @@ TEST_P(QuicNetworkTransactionTest, AlternativeServicesDifferentHost) { // TODO(rch): the connection should be "to" the origin, so if the cert is // valid for the origin but not the alternative, that should work too. EXPECT_TRUE(cert->VerifyNameMatch(origin.host(), false)); - EXPECT_TRUE( - cert->VerifyNameMatch(alternative.host(), false)); + EXPECT_TRUE(cert->VerifyNameMatch(alternative.host(), false)); ProofVerifyDetailsChromium verify_details; verify_details.cert_verify_result.verified_cert = cert; crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); @@ -1051,6 +1077,69 @@ TEST_P(QuicNetworkTransactionTest, AlternativeServicesDifferentHost) { SendRequestAndExpectQuicResponse("hello!"); } +// Regression test for https://crbug.com/546991. +// The server might not be able to serve a request on an alternative connection, +// and might send a 421 Misdirected Request response status to indicate this. +// HttpNetworkTransaction should reset the request and retry without using +// alternative services. +TEST_P(QuicNetworkTransactionTest, RetryMisdirectedRequest) { + // Set up alternative service to use QUIC. + // Note that |origins_to_force_quic_on| cannot be used in this test, because + // that overrides |enable_alternative_services|. + url::SchemeHostPort server(request_.url); + AlternativeService alternative_service(kProtoQUIC, kDefaultServerHostName, + 443); + base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1); + http_server_properties_.SetAlternativeService(server, alternative_service, + expiration); + + // First try: alternative job uses QUIC, gets 421 Misdirected Request error. + MockQuicData mock_quic_data; + QuicStreamOffset request_header_offset = 0; + mock_quic_data.AddWrite(ConstructSettingsPacket( + 1, SETTINGS_MAX_HEADER_LIST_SIZE, kDefaultMaxUncompressedHeaderSize, + &request_header_offset)); + mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket( + 2, kClientDataStreamId1, true, true, + GetRequestHeaders("GET", "https", "/"), &request_header_offset)); + mock_quic_data.AddRead( + ConstructServerResponseHeadersPacket(1, kClientDataStreamId1, false, true, + GetResponseHeaders("421"), nullptr)); + mock_quic_data.AddWrite(ConstructClientAckAndRstPacket( + 3, kClientDataStreamId1, QUIC_STREAM_CANCELLED, 1, 1, 1)); + mock_quic_data.AddRead(ASYNC, OK); + mock_quic_data.AddSocketDataToFactory(&socket_factory_); + + // First try: main job uses TCP, connection fails. + // (A hanging connection would not work here, because the main Job on the + // second try would pool to that socket and hang.) + StaticSocketDataProvider failing_data; + MockConnect failing_connect(SYNCHRONOUS, ERR_CONNECTION_CLOSED); + failing_data.set_connect_data(failing_connect); + socket_factory_.AddSocketDataProvider(&failing_data); + socket_factory_.AddSSLSocketDataProvider(&ssl_data_); + + // Second try: there is only one job, which succeeds over HTTP/1.1. + // There is no open TCP socket (the previous TCP connection got closed), so a + // new one is opened. + // Note that if there was an alternative QUIC Job created for the second try, + // that would read these data, and would fail with ERR_QUIC_PROTOCOL_ERROR. + // Therefore this test ensures that no alternative Job is created on retry. + MockRead reads[] = {MockRead("HTTP/1.1 200 OK\r\n\r\n"), MockRead("hello!"), + MockRead(ASYNC, OK)}; + StaticSocketDataProvider http_data(reads, arraysize(reads), nullptr, 0); + socket_factory_.AddSocketDataProvider(&http_data); + socket_factory_.AddSSLSocketDataProvider(&ssl_data_); + + // Retry logic hides ERR_MISDIRECTED_REQUEST: transaction succeeds. + CreateSession(); + HttpNetworkTransaction trans(DEFAULT_PRIORITY, session_.get()); + RunTransaction(&trans); + CheckWasHttpResponse(&trans); + CheckResponsePort(&trans, 443); + CheckResponseData(&trans, "hello!"); +} + TEST_P(QuicNetworkTransactionTest, ForceQuicWithErrorConnecting) { params_.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); @@ -1353,6 +1442,1042 @@ TEST_P(QuicNetworkTransactionTest, GoAwayWithConnectionMigrationOnPortsOnly) { EXPECT_TRUE(details.quic_port_migration_detected); } +// Verify that if a QUIC connection times out, the QuicHttpStream will +// return QUIC_PROTOCOL_ERROR. +TEST_P(QuicNetworkTransactionTest, TimeoutAfterHandshakeConfirmed) { + params_.quic_idle_connection_timeout_seconds = 5; + + // The request will initially go out over QUIC. + MockQuicData quic_data; + QuicStreamOffset header_stream_offset = 0; + SpdyPriority priority = + ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); + + std::string request_data; + quic_data.AddWrite(client_maker_.MakeRequestHeadersPacketAndSaveData( + 1, kClientDataStreamId1, true, true, priority, + GetRequestHeaders("GET", "https", "/"), nullptr, &header_stream_offset, + &request_data)); + + std::string settings_data; + QuicStreamOffset settings_offset = header_stream_offset; + quic_data.AddWrite(client_maker_.MakeSettingsPacketAndSaveData( + 2, SETTINGS_MAX_HEADER_LIST_SIZE, kDefaultMaxUncompressedHeaderSize, true, + &header_stream_offset, &settings_data)); + // TLP 1 + quic_data.AddWrite(client_maker_.MakeDataPacket(3, kHeadersStreamId, true, + false, 0, request_data)); + // TLP 2 + quic_data.AddWrite(client_maker_.MakeDataPacket( + 4, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 1 + quic_data.AddWrite(client_maker_.MakeDataPacket(5, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 6, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 2 + quic_data.AddWrite(client_maker_.MakeDataPacket(7, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 8, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 3 + quic_data.AddWrite(client_maker_.MakeDataPacket(9, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 10, kHeadersStreamId, true, false, settings_offset, settings_data)); + + quic_data.AddRead(ASYNC, ERR_IO_PENDING); + quic_data.AddRead(ASYNC, OK); + quic_data.AddSocketDataToFactory(&socket_factory_); + + // In order for a new QUIC session to be established via alternate-protocol + // without racing an HTTP connection, we need the host resolution to happen + // synchronously. Of course, even though QUIC *could* perform a 0-RTT + // connection to the the server, in this test we require confirmation + // before encrypting so the HTTP job will still start. + host_resolver_.set_synchronous_mode(true); + host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1", + ""); + HostResolver::RequestInfo info(HostPortPair("mail.example.org", 443)); + AddressList address; + std::unique_ptr<HostResolver::Request> request; + host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(), + &request, net_log_.bound()); + + CreateSession(); + // Use a TestTaskRunner to avoid waiting in real time for timeouts. + scoped_refptr<TestTaskRunner> quic_task_runner_(new TestTaskRunner(clock_)); + QuicStreamFactoryPeer::SetAlarmFactory( + session_->quic_stream_factory(), + base::MakeUnique<QuicChromiumAlarmFactory>(quic_task_runner_.get(), + clock_)); + + AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT); + + HttpNetworkTransaction trans(DEFAULT_PRIORITY, session_.get()); + TestCompletionCallback callback; + int rv = trans.Start(&request_, callback.callback(), net_log_.bound()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + + // Pump the message loop to get the request started. + base::RunLoop().RunUntilIdle(); + // Explicitly confirm the handshake. + crypto_client_stream_factory_.last_stream()->SendOnCryptoHandshakeEvent( + QuicSession::HANDSHAKE_CONFIRMED); + + // Run the QUIC session to completion. + quic_task_runner_->RunUntilIdle(); + + ExpectQuicAlternateProtocolMapping(); + ASSERT_TRUE(quic_data.AllWriteDataConsumed()); + EXPECT_THAT(callback.WaitForResult(), IsError(ERR_QUIC_PROTOCOL_ERROR)); +} + +// Verify that if a QUIC connection RTOs, the QuicHttpStream will +// return QUIC_PROTOCOL_ERROR. +TEST_P(QuicNetworkTransactionTest, TooManyRtosAfterHandshakeConfirmed) { + params_.quic_connection_options.push_back(k5RTO); + + // The request will initially go out over QUIC. + MockQuicData quic_data; + QuicStreamOffset header_stream_offset = 0; + SpdyPriority priority = + ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); + + std::string request_data; + quic_data.AddWrite(client_maker_.MakeRequestHeadersPacketAndSaveData( + 1, kClientDataStreamId1, true, true, priority, + GetRequestHeaders("GET", "https", "/"), nullptr, &header_stream_offset, + &request_data)); + + std::string settings_data; + QuicStreamOffset settings_offset = header_stream_offset; + quic_data.AddWrite(client_maker_.MakeSettingsPacketAndSaveData( + 2, SETTINGS_MAX_HEADER_LIST_SIZE, kDefaultMaxUncompressedHeaderSize, true, + &header_stream_offset, &settings_data)); + // TLP 1 + quic_data.AddWrite(client_maker_.MakeDataPacket(3, kHeadersStreamId, true, + false, 0, request_data)); + // TLP 2 + quic_data.AddWrite(client_maker_.MakeDataPacket( + 4, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 1 + quic_data.AddWrite(client_maker_.MakeDataPacket(5, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 6, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 2 + quic_data.AddWrite(client_maker_.MakeDataPacket(7, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 8, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 3 + quic_data.AddWrite(client_maker_.MakeDataPacket(9, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 10, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 4 + quic_data.AddWrite(client_maker_.MakeDataPacket(11, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 12, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 5 + quic_data.AddWrite(client_maker_.MakeAckAndConnectionClosePacket( + 13, true, QuicTime::Delta::Infinite(), 0, 1, QUIC_TOO_MANY_RTOS, + "5 consecutive retransmission timeouts")); + + quic_data.AddRead(ASYNC, OK); + quic_data.AddSocketDataToFactory(&socket_factory_); + + // In order for a new QUIC session to be established via alternate-protocol + // without racing an HTTP connection, we need the host resolution to happen + // synchronously. Of course, even though QUIC *could* perform a 0-RTT + // connection to the the server, in this test we require confirmation + // before encrypting so the HTTP job will still start. + host_resolver_.set_synchronous_mode(true); + host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1", + ""); + HostResolver::RequestInfo info(HostPortPair("mail.example.org", 443)); + AddressList address; + std::unique_ptr<HostResolver::Request> request; + host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(), + &request, net_log_.bound()); + + CreateSession(); + // Use a TestTaskRunner to avoid waiting in real time for timeouts. + scoped_refptr<TestTaskRunner> quic_task_runner_(new TestTaskRunner(clock_)); + QuicStreamFactoryPeer::SetAlarmFactory( + session_->quic_stream_factory(), + base::MakeUnique<QuicChromiumAlarmFactory>(quic_task_runner_.get(), + clock_)); + + AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT); + + HttpNetworkTransaction trans(DEFAULT_PRIORITY, session_.get()); + TestCompletionCallback callback; + int rv = trans.Start(&request_, callback.callback(), net_log_.bound()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + + // Pump the message loop to get the request started. + base::RunLoop().RunUntilIdle(); + // Explicitly confirm the handshake. + crypto_client_stream_factory_.last_stream()->SendOnCryptoHandshakeEvent( + QuicSession::HANDSHAKE_CONFIRMED); + + // Run the QUIC session to completion. + quic_task_runner_->RunUntilIdle(); + + ExpectQuicAlternateProtocolMapping(); + ASSERT_TRUE(quic_data.AllWriteDataConsumed()); + EXPECT_THAT(callback.WaitForResult(), IsError(ERR_QUIC_PROTOCOL_ERROR)); +} + +// Verify that if a QUIC connection RTOs, while there are no active streams +// QUIC will not be marked as broken. +TEST_P(QuicNetworkTransactionTest, + TooManyRtosAfterHandshakeConfirmedAndStreamReset) { + params_.quic_connection_options.push_back(k5RTO); + + // The request will initially go out over QUIC. + MockQuicData quic_data; + QuicStreamOffset header_stream_offset = 0; + SpdyPriority priority = + ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); + + std::string request_data; + quic_data.AddWrite(client_maker_.MakeRequestHeadersPacketAndSaveData( + 1, kClientDataStreamId1, true, true, priority, + GetRequestHeaders("GET", "https", "/"), nullptr, &header_stream_offset, + &request_data)); + + std::string settings_data; + QuicStreamOffset settings_offset = header_stream_offset; + quic_data.AddWrite(client_maker_.MakeSettingsPacketAndSaveData( + 2, SETTINGS_MAX_HEADER_LIST_SIZE, kDefaultMaxUncompressedHeaderSize, true, + &header_stream_offset, &settings_data)); + + quic_data.AddWrite(client_maker_.MakeRstPacket(3, true, kClientDataStreamId1, + QUIC_STREAM_CANCELLED)); + // TLP 1 + quic_data.AddWrite(client_maker_.MakeDataPacket(4, kHeadersStreamId, true, + false, 0, request_data)); + // TLP 2 + quic_data.AddWrite(client_maker_.MakeDataPacket( + 5, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 1 + quic_data.AddWrite(client_maker_.MakeRstPacket(6, true, kClientDataStreamId1, + QUIC_STREAM_CANCELLED)); + quic_data.AddWrite(client_maker_.MakeDataPacket(7, kHeadersStreamId, true, + false, 0, request_data)); + // RTO 2 + quic_data.AddWrite(client_maker_.MakeDataPacket( + 8, kHeadersStreamId, true, false, settings_offset, settings_data)); + quic_data.AddWrite(client_maker_.MakeRstPacket(9, true, kClientDataStreamId1, + QUIC_STREAM_CANCELLED)); + // RTO 3 + quic_data.AddWrite(client_maker_.MakeDataPacket(10, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 11, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 4 + quic_data.AddWrite(client_maker_.MakeRstPacket(12, true, kClientDataStreamId1, + QUIC_STREAM_CANCELLED)); + quic_data.AddWrite(client_maker_.MakeDataPacket(13, kHeadersStreamId, true, + false, 0, request_data)); + // RTO 5 + quic_data.AddWrite(client_maker_.MakeAckAndConnectionClosePacket( + 14, true, QuicTime::Delta::Infinite(), 0, 1, QUIC_TOO_MANY_RTOS, + "5 consecutive retransmission timeouts")); + + quic_data.AddRead(ASYNC, OK); + quic_data.AddSocketDataToFactory(&socket_factory_); + + // In order for a new QUIC session to be established via alternate-protocol + // without racing an HTTP connection, we need the host resolution to happen + // synchronously. Of course, even though QUIC *could* perform a 0-RTT + // connection to the the server, in this test we require confirmation + // before encrypting so the HTTP job will still start. + host_resolver_.set_synchronous_mode(true); + host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1", + ""); + HostResolver::RequestInfo info(HostPortPair("mail.example.org", 443)); + AddressList address; + std::unique_ptr<HostResolver::Request> request; + host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(), + &request, net_log_.bound()); + + CreateSession(); + // Use a TestTaskRunner to avoid waiting in real time for timeouts. + scoped_refptr<TestTaskRunner> quic_task_runner_(new TestTaskRunner(clock_)); + QuicStreamFactoryPeer::SetAlarmFactory( + session_->quic_stream_factory(), + base::MakeUnique<QuicChromiumAlarmFactory>(quic_task_runner_.get(), + clock_)); + + AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT); + + auto trans = base::MakeUnique<HttpNetworkTransaction>(DEFAULT_PRIORITY, + session_.get()); + TestCompletionCallback callback; + int rv = trans->Start(&request_, callback.callback(), net_log_.bound()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + + // Pump the message loop to get the request started. + base::RunLoop().RunUntilIdle(); + // Explicitly confirm the handshake. + crypto_client_stream_factory_.last_stream()->SendOnCryptoHandshakeEvent( + QuicSession::HANDSHAKE_CONFIRMED); + + // Now cancel the request. + trans.reset(); + + // Run the QUIC session to completion. + quic_task_runner_->RunUntilIdle(); + + ExpectQuicAlternateProtocolMapping(); + + ASSERT_TRUE(quic_data.AllWriteDataConsumed()); +} + +// Verify that if a QUIC protocol error occurs after the handshake is confirmed +// the request fails with QUIC_PROTOCOL_ERROR. +TEST_P(QuicNetworkTransactionTest, ProtocolErrorAfterHandshakeConfirmed) { + // The request will initially go out over QUIC. + MockQuicData quic_data; + QuicStreamOffset header_stream_offset = 0; + quic_data.AddWrite(ConstructClientRequestHeadersPacket( + 1, kClientDataStreamId1, true, true, + GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + quic_data.AddWrite(ConstructSettingsPacket(2, SETTINGS_MAX_HEADER_LIST_SIZE, + kDefaultMaxUncompressedHeaderSize, + &header_stream_offset)); + // Peer sending data from an non-existing stream causes this end to raise + // error and close connection. + quic_data.AddRead( + ConstructServerRstPacket(1, false, 99, QUIC_STREAM_LAST_ERROR)); + std::string quic_error_details = "Data for nonexistent stream"; + quic_data.AddWrite(ConstructClientAckAndConnectionClosePacket( + 3, QuicTime::Delta::Zero(), 1, 1, QUIC_INVALID_STREAM_ID, + quic_error_details)); + quic_data.AddSocketDataToFactory(&socket_factory_); + + // In order for a new QUIC session to be established via alternate-protocol + // without racing an HTTP connection, we need the host resolution to happen + // synchronously. Of course, even though QUIC *could* perform a 0-RTT + // connection to the the server, in this test we require confirmation + // before encrypting so the HTTP job will still start. + host_resolver_.set_synchronous_mode(true); + host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1", + ""); + HostResolver::RequestInfo info(HostPortPair("mail.example.org", 443)); + AddressList address; + std::unique_ptr<HostResolver::Request> request; + host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(), + &request, net_log_.bound()); + + CreateSession(); + + AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT); + + HttpNetworkTransaction trans(DEFAULT_PRIORITY, session_.get()); + TestCompletionCallback callback; + int rv = trans.Start(&request_, callback.callback(), net_log_.bound()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + + // Pump the message loop to get the request started. + base::RunLoop().RunUntilIdle(); + // Explicitly confirm the handshake. + crypto_client_stream_factory_.last_stream()->SendOnCryptoHandshakeEvent( + QuicSession::HANDSHAKE_CONFIRMED); + + ASSERT_FALSE(quic_data.AllReadDataConsumed()); + + // Run the QUIC session to completion. + base::RunLoop().RunUntilIdle(); + ASSERT_TRUE(quic_data.AllWriteDataConsumed()); + ASSERT_TRUE(quic_data.AllReadDataConsumed()); + + EXPECT_THAT(callback.WaitForResult(), IsError(ERR_QUIC_PROTOCOL_ERROR)); + ExpectQuicAlternateProtocolMapping(); + ASSERT_TRUE(quic_data.AllWriteDataConsumed()); +} + +// Verify that with mark_quic_broken_when_network_blackholes enabled, if a QUIC +// connection times out, then QUIC will be marked as broken and the request +// retried over TCP. +TEST_P(QuicNetworkTransactionTest, TimeoutAfterHandshakeConfirmedThenBroken) { + params_.mark_quic_broken_when_network_blackholes = true; + params_.quic_idle_connection_timeout_seconds = 5; + + // The request will initially go out over QUIC. + MockQuicData quic_data; + QuicStreamOffset header_stream_offset = 0; + SpdyPriority priority = + ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); + + std::string request_data; + quic_data.AddWrite(client_maker_.MakeRequestHeadersPacketAndSaveData( + 1, kClientDataStreamId1, true, true, priority, + GetRequestHeaders("GET", "https", "/"), nullptr, &header_stream_offset, + &request_data)); + + std::string settings_data; + QuicStreamOffset settings_offset = header_stream_offset; + quic_data.AddWrite(client_maker_.MakeSettingsPacketAndSaveData( + 2, SETTINGS_MAX_HEADER_LIST_SIZE, kDefaultMaxUncompressedHeaderSize, true, + &header_stream_offset, &settings_data)); + // TLP 1 + quic_data.AddWrite(client_maker_.MakeDataPacket(3, kHeadersStreamId, true, + false, 0, request_data)); + // TLP 2 + quic_data.AddWrite(client_maker_.MakeDataPacket( + 4, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 1 + quic_data.AddWrite(client_maker_.MakeDataPacket(5, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 6, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 2 + quic_data.AddWrite(client_maker_.MakeDataPacket(7, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 8, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 3 + quic_data.AddWrite(client_maker_.MakeDataPacket(9, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 10, kHeadersStreamId, true, false, settings_offset, settings_data)); + + quic_data.AddRead(ASYNC, ERR_IO_PENDING); + quic_data.AddRead(ASYNC, OK); + quic_data.AddSocketDataToFactory(&socket_factory_); + + // After that fails, it will be resent via TCP. + MockWrite http_writes[] = { + MockWrite(SYNCHRONOUS, 0, "GET / HTTP/1.1\r\n"), + MockWrite(SYNCHRONOUS, 1, "Host: mail.example.org\r\n"), + MockWrite(SYNCHRONOUS, 2, "Connection: keep-alive\r\n\r\n")}; + + MockRead http_reads[] = { + MockRead(SYNCHRONOUS, 3, "HTTP/1.1 200 OK\r\n"), + MockRead(SYNCHRONOUS, 4, kQuicAlternativeServiceHeader), + MockRead(SYNCHRONOUS, 5, "hello world"), MockRead(SYNCHRONOUS, OK, 6)}; + SequencedSocketData http_data(http_reads, arraysize(http_reads), http_writes, + arraysize(http_writes)); + socket_factory_.AddSocketDataProvider(&http_data); + socket_factory_.AddSSLSocketDataProvider(&ssl_data_); + + // In order for a new QUIC session to be established via alternate-protocol + // without racing an HTTP connection, we need the host resolution to happen + // synchronously. Of course, even though QUIC *could* perform a 0-RTT + // connection to the the server, in this test we require confirmation + // before encrypting so the HTTP job will still start. + host_resolver_.set_synchronous_mode(true); + host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1", + ""); + HostResolver::RequestInfo info(HostPortPair("mail.example.org", 443)); + AddressList address; + std::unique_ptr<HostResolver::Request> request; + host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(), + &request, net_log_.bound()); + + CreateSession(); + // Use a TestTaskRunner to avoid waiting in real time for timeouts. + scoped_refptr<TestTaskRunner> quic_task_runner_(new TestTaskRunner(clock_)); + QuicStreamFactoryPeer::SetAlarmFactory( + session_->quic_stream_factory(), + base::MakeUnique<QuicChromiumAlarmFactory>(quic_task_runner_.get(), + clock_)); + + AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT); + + HttpNetworkTransaction trans(DEFAULT_PRIORITY, session_.get()); + TestCompletionCallback callback; + int rv = trans.Start(&request_, callback.callback(), net_log_.bound()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + + // Pump the message loop to get the request started. + base::RunLoop().RunUntilIdle(); + // Explicitly confirm the handshake. + crypto_client_stream_factory_.last_stream()->SendOnCryptoHandshakeEvent( + QuicSession::HANDSHAKE_CONFIRMED); + + // Run the QUIC session to completion. + quic_task_runner_->RunUntilIdle(); + ASSERT_TRUE(quic_data.AllWriteDataConsumed()); + + // Let the transaction proceed which will result in QUIC being marked + // as broken and the request falling back to TCP. + EXPECT_THAT(callback.WaitForResult(), IsOk()); + + ExpectBrokenAlternateProtocolMapping(); + ASSERT_TRUE(quic_data.AllWriteDataConsumed()); + ASSERT_FALSE(http_data.AllReadDataConsumed()); + + // Read the response body over TCP. + CheckResponseData(&trans, "hello world"); + ASSERT_TRUE(http_data.AllWriteDataConsumed()); + ASSERT_TRUE(http_data.AllReadDataConsumed()); +} + +// Verify that with retry_without_alt_svc_on_quic_errors enabled, if a QUIC +// connection times out, then QUIC will be marked as broken and the request +// retried over TCP. +TEST_P(QuicNetworkTransactionTest, TimeoutAfterHandshakeConfirmedThenBroken2) { + params_.retry_without_alt_svc_on_quic_errors = true; + params_.quic_idle_connection_timeout_seconds = 5; + + // The request will initially go out over QUIC. + MockQuicData quic_data; + QuicStreamOffset header_stream_offset = 0; + SpdyPriority priority = + ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); + + std::string request_data; + quic_data.AddWrite(client_maker_.MakeRequestHeadersPacketAndSaveData( + 1, kClientDataStreamId1, true, true, priority, + GetRequestHeaders("GET", "https", "/"), nullptr, &header_stream_offset, + &request_data)); + + std::string settings_data; + QuicStreamOffset settings_offset = header_stream_offset; + quic_data.AddWrite(client_maker_.MakeSettingsPacketAndSaveData( + 2, SETTINGS_MAX_HEADER_LIST_SIZE, kDefaultMaxUncompressedHeaderSize, true, + &header_stream_offset, &settings_data)); + // TLP 1 + quic_data.AddWrite(client_maker_.MakeDataPacket(3, kHeadersStreamId, true, + false, 0, request_data)); + // TLP 2 + quic_data.AddWrite(client_maker_.MakeDataPacket( + 4, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 1 + quic_data.AddWrite(client_maker_.MakeDataPacket(5, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 6, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 2 + quic_data.AddWrite(client_maker_.MakeDataPacket(7, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 8, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 3 + quic_data.AddWrite(client_maker_.MakeDataPacket(9, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 10, kHeadersStreamId, true, false, settings_offset, settings_data)); + + quic_data.AddRead(ASYNC, ERR_IO_PENDING); + quic_data.AddRead(ASYNC, OK); + quic_data.AddSocketDataToFactory(&socket_factory_); + + // After that fails, it will be resent via TCP. + MockWrite http_writes[] = { + MockWrite(SYNCHRONOUS, 0, "GET / HTTP/1.1\r\n"), + MockWrite(SYNCHRONOUS, 1, "Host: mail.example.org\r\n"), + MockWrite(SYNCHRONOUS, 2, "Connection: keep-alive\r\n\r\n")}; + + MockRead http_reads[] = { + MockRead(SYNCHRONOUS, 3, "HTTP/1.1 200 OK\r\n"), + MockRead(SYNCHRONOUS, 4, kQuicAlternativeServiceHeader), + MockRead(SYNCHRONOUS, 5, "hello world"), MockRead(SYNCHRONOUS, OK, 6)}; + SequencedSocketData http_data(http_reads, arraysize(http_reads), http_writes, + arraysize(http_writes)); + socket_factory_.AddSocketDataProvider(&http_data); + socket_factory_.AddSSLSocketDataProvider(&ssl_data_); + + // In order for a new QUIC session to be established via alternate-protocol + // without racing an HTTP connection, we need the host resolution to happen + // synchronously. Of course, even though QUIC *could* perform a 0-RTT + // connection to the the server, in this test we require confirmation + // before encrypting so the HTTP job will still start. + host_resolver_.set_synchronous_mode(true); + host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1", + ""); + HostResolver::RequestInfo info(HostPortPair("mail.example.org", 443)); + AddressList address; + std::unique_ptr<HostResolver::Request> request; + host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(), + &request, net_log_.bound()); + + CreateSession(); + // Use a TestTaskRunner to avoid waiting in real time for timeouts. + scoped_refptr<TestTaskRunner> quic_task_runner_(new TestTaskRunner(clock_)); + QuicStreamFactoryPeer::SetAlarmFactory( + session_->quic_stream_factory(), + base::MakeUnique<QuicChromiumAlarmFactory>(quic_task_runner_.get(), + clock_)); + + AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT); + + HttpNetworkTransaction trans(DEFAULT_PRIORITY, session_.get()); + TestCompletionCallback callback; + int rv = trans.Start(&request_, callback.callback(), net_log_.bound()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + + // Pump the message loop to get the request started. + base::RunLoop().RunUntilIdle(); + // Explicitly confirm the handshake. + crypto_client_stream_factory_.last_stream()->SendOnCryptoHandshakeEvent( + QuicSession::HANDSHAKE_CONFIRMED); + + // Run the QUIC session to completion. + quic_task_runner_->RunUntilIdle(); + ASSERT_TRUE(quic_data.AllWriteDataConsumed()); + + ExpectQuicAlternateProtocolMapping(); + + // Let the transaction proceed which will result in QUIC being marked + // as broken and the request falling back to TCP. + EXPECT_THAT(callback.WaitForResult(), IsOk()); + + ASSERT_TRUE(quic_data.AllWriteDataConsumed()); + ASSERT_FALSE(http_data.AllReadDataConsumed()); + + // Read the response body over TCP. + CheckResponseData(&trans, "hello world"); + ExpectBrokenAlternateProtocolMapping(); + ASSERT_TRUE(http_data.AllWriteDataConsumed()); + ASSERT_TRUE(http_data.AllReadDataConsumed()); +} + +// Verify that with mark_quic_broken_when_network_blackholes enabled, if a QUIC +// connection times out, then QUIC will be marked as broken but the request +// will not be retried over TCP. +TEST_P(QuicNetworkTransactionTest, + TimeoutAfterHandshakeConfirmedAndHeadersThenBrokenNotRetried) { + params_.mark_quic_broken_when_network_blackholes = true; + params_.quic_idle_connection_timeout_seconds = 5; + + // The request will initially go out over QUIC. + MockQuicData quic_data; + QuicStreamOffset header_stream_offset = 0; + SpdyPriority priority = + ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); + + std::string request_data; + quic_data.AddWrite(client_maker_.MakeRequestHeadersPacketAndSaveData( + 1, kClientDataStreamId1, true, true, priority, + GetRequestHeaders("GET", "https", "/"), nullptr, &header_stream_offset, + &request_data)); + + std::string settings_data; + QuicStreamOffset settings_offset = header_stream_offset; + quic_data.AddWrite(client_maker_.MakeSettingsPacketAndSaveData( + 2, SETTINGS_MAX_HEADER_LIST_SIZE, kDefaultMaxUncompressedHeaderSize, true, + &header_stream_offset, &settings_data)); + + quic_data.AddRead(ConstructServerResponseHeadersPacket( + 1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK"))); + // quic_data.AddWrite(ConstructClientAckPacket(3, 1, 1)); + quic_data.AddWrite( + ConstructClientAckPacket(3, 1, 1, QuicTime::Delta::FromMilliseconds(25))); + + // TLP 1 + quic_data.AddWrite(client_maker_.MakeDataPacket(4, kHeadersStreamId, false, + false, 0, request_data)); + // TLP 2 + quic_data.AddWrite(client_maker_.MakeDataPacket( + 5, kHeadersStreamId, false, false, settings_offset, settings_data)); + // RTO 1 + quic_data.AddWrite(client_maker_.MakeDataPacket(6, kHeadersStreamId, false, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 7, kHeadersStreamId, false, false, settings_offset, settings_data)); + // RTO 2 + quic_data.AddWrite(client_maker_.MakeDataPacket(8, kHeadersStreamId, false, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 9, kHeadersStreamId, false, false, settings_offset, settings_data)); + // RTO 3 + quic_data.AddWrite(client_maker_.MakeDataPacket(10, kHeadersStreamId, false, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 11, kHeadersStreamId, false, false, settings_offset, settings_data)); + + quic_data.AddRead(ASYNC, ERR_IO_PENDING); + quic_data.AddRead(ASYNC, OK); + quic_data.AddSocketDataToFactory(&socket_factory_); + + // In order for a new QUIC session to be established via alternate-protocol + // without racing an HTTP connection, we need the host resolution to happen + // synchronously. Of course, even though QUIC *could* perform a 0-RTT + // connection to the the server, in this test we require confirmation + // before encrypting so the HTTP job will still start. + host_resolver_.set_synchronous_mode(true); + host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1", + ""); + HostResolver::RequestInfo info(HostPortPair("mail.example.org", 443)); + AddressList address; + std::unique_ptr<HostResolver::Request> request; + host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(), + &request, net_log_.bound()); + + CreateSession(); + // Use a TestTaskRunner to avoid waiting in real time for timeouts. + scoped_refptr<TestTaskRunner> quic_task_runner_(new TestTaskRunner(clock_)); + QuicStreamFactoryPeer::SetAlarmFactory( + session_->quic_stream_factory(), + base::MakeUnique<QuicChromiumAlarmFactory>(quic_task_runner_.get(), + clock_)); + + AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT); + + HttpNetworkTransaction trans(DEFAULT_PRIORITY, session_.get()); + TestCompletionCallback callback; + int rv = trans.Start(&request_, callback.callback(), net_log_.bound()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + + // Pump the message loop to get the request started. + base::RunLoop().RunUntilIdle(); + // Explicitly confirm the handshake. + crypto_client_stream_factory_.last_stream()->SendOnCryptoHandshakeEvent( + QuicSession::HANDSHAKE_CONFIRMED); + + // Pump the message loop to get the request started. + base::RunLoop().RunUntilIdle(); + + // Run the QUIC session to completion. + quic_task_runner_->RunUntilIdle(); + ASSERT_TRUE(quic_data.AllWriteDataConsumed()); + + // Let the transaction proceed which will result in QUIC being marked + // as broken and the request falling back to TCP. + EXPECT_THAT(callback.WaitForResult(), IsOk()); + + ExpectBrokenAlternateProtocolMapping(); + ASSERT_TRUE(quic_data.AllWriteDataConsumed()); + + std::string response_data; + ASSERT_THAT(ReadTransaction(&trans, &response_data), + IsError(ERR_QUIC_PROTOCOL_ERROR)); +} + +// Verify that with mark_quic_broken_when_network_blackholes enabled, if a QUIC +// connection RTOs, then QUIC will be marked as broken and the request retried +// over TCP. +TEST_P(QuicNetworkTransactionTest, + TooManyRtosAfterHandshakeConfirmedThenBroken) { + params_.mark_quic_broken_when_network_blackholes = true; + params_.quic_connection_options.push_back(k5RTO); + + // The request will initially go out over QUIC. + MockQuicData quic_data; + QuicStreamOffset header_stream_offset = 0; + SpdyPriority priority = + ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); + + std::string request_data; + quic_data.AddWrite(client_maker_.MakeRequestHeadersPacketAndSaveData( + 1, kClientDataStreamId1, true, true, priority, + GetRequestHeaders("GET", "https", "/"), nullptr, &header_stream_offset, + &request_data)); + + std::string settings_data; + QuicStreamOffset settings_offset = header_stream_offset; + quic_data.AddWrite(client_maker_.MakeSettingsPacketAndSaveData( + 2, SETTINGS_MAX_HEADER_LIST_SIZE, kDefaultMaxUncompressedHeaderSize, true, + &header_stream_offset, &settings_data)); + // TLP 1 + quic_data.AddWrite(client_maker_.MakeDataPacket(3, kHeadersStreamId, true, + false, 0, request_data)); + // TLP 2 + quic_data.AddWrite(client_maker_.MakeDataPacket( + 4, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 1 + quic_data.AddWrite(client_maker_.MakeDataPacket(5, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 6, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 2 + quic_data.AddWrite(client_maker_.MakeDataPacket(7, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 8, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 3 + quic_data.AddWrite(client_maker_.MakeDataPacket(9, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 10, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 4 + quic_data.AddWrite(client_maker_.MakeDataPacket(11, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 12, kHeadersStreamId, true, false, settings_offset, settings_data)); + + quic_data.AddWrite(client_maker_.MakeAckAndConnectionClosePacket( + 13, true, QuicTime::Delta::Infinite(), 0, 1, QUIC_TOO_MANY_RTOS, + "5 consecutive retransmission timeouts")); + + quic_data.AddRead(ASYNC, OK); + quic_data.AddSocketDataToFactory(&socket_factory_); + + // After that fails, it will be resent via TCP. + MockWrite http_writes[] = { + MockWrite(SYNCHRONOUS, 0, "GET / HTTP/1.1\r\n"), + MockWrite(SYNCHRONOUS, 1, "Host: mail.example.org\r\n"), + MockWrite(SYNCHRONOUS, 2, "Connection: keep-alive\r\n\r\n")}; + + MockRead http_reads[] = { + MockRead(SYNCHRONOUS, 3, "HTTP/1.1 200 OK\r\n"), + MockRead(SYNCHRONOUS, 4, kQuicAlternativeServiceHeader), + MockRead(SYNCHRONOUS, 5, "hello world"), MockRead(SYNCHRONOUS, OK, 6)}; + SequencedSocketData http_data(http_reads, arraysize(http_reads), http_writes, + arraysize(http_writes)); + socket_factory_.AddSocketDataProvider(&http_data); + socket_factory_.AddSSLSocketDataProvider(&ssl_data_); + + // In order for a new QUIC session to be established via alternate-protocol + // without racing an HTTP connection, we need the host resolution to happen + // synchronously. Of course, even though QUIC *could* perform a 0-RTT + // connection to the the server, in this test we require confirmation + // before encrypting so the HTTP job will still start. + host_resolver_.set_synchronous_mode(true); + host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1", + ""); + HostResolver::RequestInfo info(HostPortPair("mail.example.org", 443)); + AddressList address; + std::unique_ptr<HostResolver::Request> request; + host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(), + &request, net_log_.bound()); + + CreateSession(); + // Use a TestTaskRunner to avoid waiting in real time for timeouts. + scoped_refptr<TestTaskRunner> quic_task_runner_(new TestTaskRunner(clock_)); + QuicStreamFactoryPeer::SetAlarmFactory( + session_->quic_stream_factory(), + base::MakeUnique<QuicChromiumAlarmFactory>(quic_task_runner_.get(), + clock_)); + + AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT); + + HttpNetworkTransaction trans(DEFAULT_PRIORITY, session_.get()); + TestCompletionCallback callback; + int rv = trans.Start(&request_, callback.callback(), net_log_.bound()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + + // Pump the message loop to get the request started. + base::RunLoop().RunUntilIdle(); + // Explicitly confirm the handshake. + crypto_client_stream_factory_.last_stream()->SendOnCryptoHandshakeEvent( + QuicSession::HANDSHAKE_CONFIRMED); + + // Run the QUIC session to completion. + quic_task_runner_->RunUntilIdle(); + ASSERT_TRUE(quic_data.AllWriteDataConsumed()); + + // Let the transaction proceed which will result in QUIC being marked + // as broken and the request falling back to TCP. + EXPECT_THAT(callback.WaitForResult(), IsOk()); + + ExpectBrokenAlternateProtocolMapping(); + ASSERT_TRUE(quic_data.AllWriteDataConsumed()); + ASSERT_FALSE(http_data.AllReadDataConsumed()); + + // Read the response body over TCP. + CheckResponseData(&trans, "hello world"); + ASSERT_TRUE(http_data.AllWriteDataConsumed()); + ASSERT_TRUE(http_data.AllReadDataConsumed()); +} + +// Verify that if a QUIC connection RTOs, while there are no active streams +// QUIC will be marked as broken. +TEST_P(QuicNetworkTransactionTest, + TooManyRtosAfterHandshakeConfirmedAndStreamResetThenBroken) { + params_.mark_quic_broken_when_network_blackholes = true; + params_.quic_connection_options.push_back(k5RTO); + + // The request will initially go out over QUIC. + MockQuicData quic_data; + QuicStreamOffset header_stream_offset = 0; + SpdyPriority priority = + ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); + + std::string request_data; + quic_data.AddWrite(client_maker_.MakeRequestHeadersPacketAndSaveData( + 1, kClientDataStreamId1, true, true, priority, + GetRequestHeaders("GET", "https", "/"), nullptr, &header_stream_offset, + &request_data)); + + std::string settings_data; + QuicStreamOffset settings_offset = header_stream_offset; + quic_data.AddWrite(client_maker_.MakeSettingsPacketAndSaveData( + 2, SETTINGS_MAX_HEADER_LIST_SIZE, kDefaultMaxUncompressedHeaderSize, true, + &header_stream_offset, &settings_data)); + + quic_data.AddWrite(client_maker_.MakeRstPacket(3, true, kClientDataStreamId1, + QUIC_STREAM_CANCELLED)); + // TLP 1 + quic_data.AddWrite(client_maker_.MakeDataPacket(4, kHeadersStreamId, true, + false, 0, request_data)); + // TLP 2 + quic_data.AddWrite(client_maker_.MakeDataPacket( + 5, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 1 + quic_data.AddWrite(client_maker_.MakeRstPacket(6, true, kClientDataStreamId1, + QUIC_STREAM_CANCELLED)); + quic_data.AddWrite(client_maker_.MakeDataPacket(7, kHeadersStreamId, true, + false, 0, request_data)); + // RTO 2 + quic_data.AddWrite(client_maker_.MakeDataPacket( + 8, kHeadersStreamId, true, false, settings_offset, settings_data)); + quic_data.AddWrite(client_maker_.MakeRstPacket(9, true, kClientDataStreamId1, + QUIC_STREAM_CANCELLED)); + // RTO 3 + quic_data.AddWrite(client_maker_.MakeDataPacket(10, kHeadersStreamId, true, + false, 0, request_data)); + quic_data.AddWrite(client_maker_.MakeDataPacket( + 11, kHeadersStreamId, true, false, settings_offset, settings_data)); + // RTO 4 + quic_data.AddWrite(client_maker_.MakeRstPacket(12, true, kClientDataStreamId1, + QUIC_STREAM_CANCELLED)); + quic_data.AddWrite(client_maker_.MakeDataPacket(13, kHeadersStreamId, true, + false, 0, request_data)); + // RTO 5 + quic_data.AddWrite(client_maker_.MakeAckAndConnectionClosePacket( + 14, true, QuicTime::Delta::Infinite(), 0, 1, QUIC_TOO_MANY_RTOS, + "5 consecutive retransmission timeouts")); + + quic_data.AddRead(ASYNC, OK); + quic_data.AddSocketDataToFactory(&socket_factory_); + + // In order for a new QUIC session to be established via alternate-protocol + // without racing an HTTP connection, we need the host resolution to happen + // synchronously. Of course, even though QUIC *could* perform a 0-RTT + // connection to the the server, in this test we require confirmation + // before encrypting so the HTTP job will still start. + host_resolver_.set_synchronous_mode(true); + host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1", + ""); + HostResolver::RequestInfo info(HostPortPair("mail.example.org", 443)); + AddressList address; + std::unique_ptr<HostResolver::Request> request; + host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(), + &request, net_log_.bound()); + + CreateSession(); + // Use a TestTaskRunner to avoid waiting in real time for timeouts. + scoped_refptr<TestTaskRunner> quic_task_runner_(new TestTaskRunner(clock_)); + QuicStreamFactoryPeer::SetAlarmFactory( + session_->quic_stream_factory(), + base::MakeUnique<QuicChromiumAlarmFactory>(quic_task_runner_.get(), + clock_)); + + AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT); + + auto trans = base::MakeUnique<HttpNetworkTransaction>(DEFAULT_PRIORITY, + session_.get()); + TestCompletionCallback callback; + int rv = trans->Start(&request_, callback.callback(), net_log_.bound()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + + // Pump the message loop to get the request started. + base::RunLoop().RunUntilIdle(); + // Explicitly confirm the handshake. + crypto_client_stream_factory_.last_stream()->SendOnCryptoHandshakeEvent( + QuicSession::HANDSHAKE_CONFIRMED); + + // Now cancel the request. + trans.reset(); + + // Run the QUIC session to completion. + quic_task_runner_->RunUntilIdle(); + + ExpectBrokenAlternateProtocolMapping(); + + ASSERT_TRUE(quic_data.AllWriteDataConsumed()); +} + +// Verify that with retry_without_alt_svc_on_quic_errors enabled, if a QUIC +// protocol error occurs after the handshake is confirmed, the request +// retried over TCP and the QUIC will be marked as broken. +TEST_P(QuicNetworkTransactionTest, + ProtocolErrorAfterHandshakeConfirmedThenBroken) { + params_.retry_without_alt_svc_on_quic_errors = true; + params_.quic_idle_connection_timeout_seconds = 5; + + // The request will initially go out over QUIC. + MockQuicData quic_data; + QuicStreamOffset header_stream_offset = 0; + quic_data.AddWrite(ConstructClientRequestHeadersPacket( + 1, kClientDataStreamId1, true, true, + GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + quic_data.AddWrite(ConstructSettingsPacket(2, SETTINGS_MAX_HEADER_LIST_SIZE, + kDefaultMaxUncompressedHeaderSize, + &header_stream_offset)); + // Peer sending data from an non-existing stream causes this end to raise + // error and close connection. + quic_data.AddRead( + ConstructServerRstPacket(1, false, 99, QUIC_STREAM_LAST_ERROR)); + std::string quic_error_details = "Data for nonexistent stream"; + quic_data.AddWrite(ConstructClientAckAndConnectionClosePacket( + 3, QuicTime::Delta::Zero(), 1, 1, QUIC_INVALID_STREAM_ID, + quic_error_details)); + quic_data.AddSocketDataToFactory(&socket_factory_); + + // After that fails, it will be resent via TCP. + MockWrite http_writes[] = { + MockWrite(SYNCHRONOUS, 0, "GET / HTTP/1.1\r\n"), + MockWrite(SYNCHRONOUS, 1, "Host: mail.example.org\r\n"), + MockWrite(SYNCHRONOUS, 2, "Connection: keep-alive\r\n\r\n")}; + + MockRead http_reads[] = { + MockRead(SYNCHRONOUS, 3, "HTTP/1.1 200 OK\r\n"), + MockRead(SYNCHRONOUS, 4, kQuicAlternativeServiceHeader), + MockRead(SYNCHRONOUS, 5, "hello world"), MockRead(SYNCHRONOUS, OK, 6)}; + SequencedSocketData http_data(http_reads, arraysize(http_reads), http_writes, + arraysize(http_writes)); + socket_factory_.AddSocketDataProvider(&http_data); + socket_factory_.AddSSLSocketDataProvider(&ssl_data_); + + // In order for a new QUIC session to be established via alternate-protocol + // without racing an HTTP connection, we need the host resolution to happen + // synchronously. Of course, even though QUIC *could* perform a 0-RTT + // connection to the the server, in this test we require confirmation + // before encrypting so the HTTP job will still start. + host_resolver_.set_synchronous_mode(true); + host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1", + ""); + HostResolver::RequestInfo info(HostPortPair("mail.example.org", 443)); + AddressList address; + std::unique_ptr<HostResolver::Request> request; + host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address, CompletionCallback(), + &request, net_log_.bound()); + + CreateSession(); + + AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT); + + HttpNetworkTransaction trans(DEFAULT_PRIORITY, session_.get()); + TestCompletionCallback callback; + int rv = trans.Start(&request_, callback.callback(), net_log_.bound()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + + // Pump the message loop to get the request started. + base::RunLoop().RunUntilIdle(); + // Explicitly confirm the handshake. + crypto_client_stream_factory_.last_stream()->SendOnCryptoHandshakeEvent( + QuicSession::HANDSHAKE_CONFIRMED); + + // Run the QUIC session to completion. + base::RunLoop().RunUntilIdle(); + ASSERT_TRUE(quic_data.AllWriteDataConsumed()); + + ExpectQuicAlternateProtocolMapping(); + + // Let the transaction proceed which will result in QUIC being marked + // as broken and the request falling back to TCP. + EXPECT_THAT(callback.WaitForResult(), IsOk()); + + ASSERT_TRUE(quic_data.AllWriteDataConsumed()); + ASSERT_FALSE(http_data.AllReadDataConsumed()); + + // Read the response body over TCP. + CheckResponseData(&trans, "hello world"); + ExpectBrokenAlternateProtocolMapping(); + ASSERT_TRUE(http_data.AllWriteDataConsumed()); + ASSERT_TRUE(http_data.AllReadDataConsumed()); +} + TEST_P(QuicNetworkTransactionTest, DoNotUseAlternativeServiceQuicUnsupportedVersion) { std::string altsvc_header = base::StringPrintf( @@ -1830,6 +2955,9 @@ TEST_P(QuicNetworkTransactionTest, ConfirmAlternativeService) { EXPECT_FALSE(http_server_properties_.WasAlternativeServiceRecentlyBroken( alternative_service)); + EXPECT_NE(nullptr, + http_server_properties_.GetServerNetworkStats( + url::SchemeHostPort("https", request_.url.host(), 443))); } TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceForQuicForHttps) { @@ -1997,6 +3125,10 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithHttpRace) { CreateSession(); AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT); SendRequestAndExpectQuicResponse("hello!"); + + EXPECT_EQ(nullptr, + http_server_properties_.GetServerNetworkStats( + url::SchemeHostPort("https", request_.url.host(), 443))); } TEST_P(QuicNetworkTransactionTest, ZeroRTTWithNoHttpRace) { @@ -3510,5 +4642,78 @@ TEST_P(QuicNetworkTransactionWithDestinationTest, EXPECT_TRUE(AllDataConsumed()); } +// crbug.com/705109 - this confirms that matching request with a body +// triggers a crash (pre-fix). +TEST_P(QuicNetworkTransactionTest, QuicServerPushMatchesRequestWithBody) { + params_.origins_to_force_quic_on.insert( + HostPortPair::FromString("mail.example.org:443")); + + MockQuicData mock_quic_data; + QuicStreamOffset header_stream_offset = 0; + mock_quic_data.AddWrite(ConstructSettingsPacket( + 1, SETTINGS_MAX_HEADER_LIST_SIZE, kDefaultMaxUncompressedHeaderSize, + &header_stream_offset)); + mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket( + 2, kClientDataStreamId1, true, true, + GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + QuicStreamOffset server_header_offset = 0; + mock_quic_data.AddRead(ConstructServerPushPromisePacket( + 1, kClientDataStreamId1, kServerDataStreamId1, false, + GetRequestHeaders("GET", "https", "/pushed.jpg"), &server_header_offset, + &server_maker_)); + mock_quic_data.AddRead(ConstructServerResponseHeadersPacket( + 2, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK"), + &server_header_offset)); + mock_quic_data.AddWrite(ConstructClientAckPacket(3, 2, 1, 1)); + mock_quic_data.AddRead(ConstructServerResponseHeadersPacket( + 3, kServerDataStreamId1, false, false, GetResponseHeaders("200 OK"), + &server_header_offset)); + mock_quic_data.AddRead(ConstructServerDataPacket(4, kClientDataStreamId1, + false, true, 0, "hello!")); + mock_quic_data.AddWrite(ConstructClientAckPacket(4, 4, 3, 1)); + mock_quic_data.AddRead(ConstructServerDataPacket( + 5, kServerDataStreamId1, false, true, 0, "and hello!")); + + // Because the matching request has a body, we will see the push + // stream get cancelled, and the matching request go out on the + // wire. + mock_quic_data.AddWrite(ConstructClientAckAndRstPacket( + 5, kServerDataStreamId1, QUIC_STREAM_CANCELLED, 5, 5, 1)); + const char kBody[] = "1"; + mock_quic_data.AddWrite(ConstructClientRequestHeadersPacket( + 6, kClientDataStreamId2, false, false, + GetRequestHeaders("GET", "https", "/pushed.jpg"), &header_stream_offset)); + mock_quic_data.AddWrite(ConstructClientMultipleDataFramesPacket( + 7, kClientDataStreamId2, false, true, {kBody}, 0)); + + // We see the same response as for the earlier pushed and cancelled + // stream. + mock_quic_data.AddRead(ConstructServerResponseHeadersPacket( + 6, kClientDataStreamId2, false, false, GetResponseHeaders("200 OK"), + &server_header_offset)); + mock_quic_data.AddRead(ConstructServerDataPacket( + 7, kClientDataStreamId2, false, true, 0, "and hello!")); + + mock_quic_data.AddWrite(ConstructClientAckPacket(8, 7, 6, 1)); + mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read + mock_quic_data.AddRead(ASYNC, 0); // EOF + mock_quic_data.AddSocketDataToFactory(&socket_factory_); + + // The non-alternate protocol job needs to hang in order to guarantee that + // the alternate-protocol job will "win". + AddHangingNonAlternateProtocolSocketData(); + + CreateSession(); + + // PUSH_PROMISE handling in the http layer gets exercised here. + SendRequestAndExpectQuicResponse("hello!"); + + request_.url = GURL("https://mail.example.org/pushed.jpg"); + ChunkedUploadDataStream upload_data(0); + upload_data.AppendData("1", 1, true); + request_.upload_data_stream = &upload_data; + SendRequestAndExpectQuicResponse("and hello!"); +} + } // namespace test } // namespace net diff --git a/chromium/net/quic/chromium/quic_server_info.h b/chromium/net/quic/chromium/quic_server_info.h index 77fb0fc1d75..eab5366d929 100644 --- a/chromium/net/quic/chromium/quic_server_info.h +++ b/chromium/net/quic/chromium/quic_server_info.h @@ -102,6 +102,9 @@ class QUIC_EXPORT_PRIVATE QuicServerInfo { // Called whenever an external cache reuses quic server config. virtual void OnExternalCacheHit() = 0; + // Returns the size of dynamically allocated memory in bytes. + virtual size_t EstimateMemoryUsage() const = 0; + struct State { State(); ~State(); diff --git a/chromium/net/quic/chromium/quic_stream_factory.cc b/chromium/net/quic/chromium/quic_stream_factory.cc index 24ff534754f..80388c5d82c 100644 --- a/chromium/net/quic/chromium/quic_stream_factory.cc +++ b/chromium/net/quic/chromium/quic_stream_factory.cc @@ -8,6 +8,7 @@ #include <tuple> #include <utility> +#include "base/callback_helpers.h" #include "base/location.h" #include "base/memory/ptr_util.h" #include "base/metrics/field_trial.h" @@ -66,6 +67,12 @@ using NetworkHandle = net::NetworkChangeNotifier::NetworkHandle; namespace net { +// Returns the estimate of dynamically allocated memory of an IPEndPoint in +// bytes. Used in tracking IPAliasMap. +size_t EstimateMemoryUsage(const IPEndPoint& end_point) { + return 0; +} + namespace { enum CreateSessionFailure { @@ -91,8 +98,13 @@ const int32_t kQuicStreamMaxRecvWindowSize = 6 * 1024 * 1024; // 6 MB // Set the maximum number of undecryptable packets the connection will store. const int32_t kMaxUndecryptablePackets = 100; -// How long QUIC will be disabled for because of timeouts with open streams. -const int kDisableQuicTimeoutSecs = 5 * 60; +std::unique_ptr<base::Value> NetLogQuicStreamFactoryJobCallback( + const QuicServerId* server_id, + NetLogCaptureMode capture_mode) { + std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue()); + dict->SetString("server_id", server_id->ToString()); + return std::move(dict); +} std::unique_ptr<base::Value> NetLogQuicConnectionMigrationTriggerCallback( std::string trigger, @@ -279,18 +291,24 @@ class QuicStreamFactory::CertVerifierJob { UMA_HISTOGRAM_TIMES("Net.QuicSession.CertVerifierJob.CompleteTime", base::TimeTicks::Now() - start_time_); if (!callback_.is_null()) - callback_.Run(OK); + base::ResetAndReturn(&callback_).Run(OK); } const QuicServerId& server_id() const { return server_id_; } + size_t EstimateMemoryUsage() const { + // TODO(xunjieli): crbug.com/669108. Track |verify_context_| and + // |verify_details_|. + return base::trace_event::EstimateMemoryUsage(verify_error_details_); + } + private: - QuicServerId server_id_; + const QuicServerId server_id_; ProofVerifierCallbackImpl* verify_callback_; std::unique_ptr<ProofVerifyContext> verify_context_; std::unique_ptr<ProofVerifyDetails> verify_details_; std::string verify_error_details_; - base::TimeTicks start_time_; + const base::TimeTicks start_time_; const NetLogWithSource net_log_; CompletionCallback callback_; base::WeakPtrFactory<CertVerifierJob> weak_factory_; @@ -327,7 +345,6 @@ class QuicStreamFactory::Job { int DoLoadServerInfo(); int DoLoadServerInfoComplete(int rv); int DoConnect(); - int DoResumeConnect(); int DoConnectComplete(int rv); void OnIOComplete(int rv); @@ -340,8 +357,13 @@ class QuicStreamFactory::Job { const QuicSessionKey& key() const { return key_; } + const NetLogWithSource& net_log() const { return net_log_; } + base::WeakPtr<Job> GetWeakPtr() { return weak_factory_.GetWeakPtr(); } + // Returns the estimate of dynamically allocated memory in bytes. + size_t EstimateMemoryUsage() const; + private: enum IoState { STATE_NONE, @@ -350,7 +372,6 @@ class QuicStreamFactory::Job { STATE_LOAD_SERVER_INFO, STATE_LOAD_SERVER_INFO_COMPLETE, STATE_CONNECT, - STATE_RESUME_CONNECT, STATE_CONNECT_COMPLETE, }; IoState io_state_; @@ -358,9 +379,9 @@ class QuicStreamFactory::Job { QuicStreamFactory* factory_; HostResolver* host_resolver_; std::unique_ptr<HostResolver::Request> request_; - QuicSessionKey key_; - int cert_verify_flags_; - bool was_alternative_service_recently_broken_; + const QuicSessionKey key_; + const int cert_verify_flags_; + const bool was_alternative_service_recently_broken_; std::unique_ptr<QuicServerInfo> server_info_; bool started_another_job_; const NetLogWithSource net_log_; @@ -390,28 +411,28 @@ QuicStreamFactory::Job::Job(QuicStreamFactory* factory, was_alternative_service_recently_broken), server_info_(std::move(server_info)), started_another_job_(false), - net_log_(net_log), + net_log_( + NetLogWithSource::Make(net_log.net_log(), + NetLogSourceType::QUIC_STREAM_FACTORY_JOB)), num_sent_client_hellos_(0), session_(nullptr), - weak_factory_(this) {} - -QuicStreamFactory::Job::Job(QuicStreamFactory* factory, - HostResolver* host_resolver, - QuicChromiumClientSession* session, - const QuicSessionKey& key) - : io_state_(STATE_RESUME_CONNECT), - factory_(factory), - host_resolver_(host_resolver), // unused - key_(key), - cert_verify_flags_(0), // unused - was_alternative_service_recently_broken_(false), // unused - started_another_job_(false), // unused - net_log_(session->net_log()), // unused - num_sent_client_hellos_(0), - session_(session), - weak_factory_(this) {} + weak_factory_(this) { + net_log_.BeginEvent( + NetLogEventType::QUIC_STREAM_FACTORY_JOB, + base::Bind(&NetLogQuicStreamFactoryJobCallback, &key_.server_id())); + // Associate |net_log_| with |net_log|. + net_log_.AddEvent( + NetLogEventType::QUIC_STREAM_FACTORY_JOB_BOUND_TO_HTTP_STREAM_JOB, + net_log.source().ToEventParametersCallback()); + net_log.AddEvent( + NetLogEventType::HTTP_STREAM_JOB_BOUND_TO_QUIC_STREAM_FACTORY_JOB, + net_log_.source().ToEventParametersCallback()); +} QuicStreamFactory::Job::~Job() { + net_log_.EndEvent(NetLogEventType::QUIC_STREAM_FACTORY_JOB); + DCHECK(callback_.is_null()); + // If disk cache has a pending WaitForDataReadyCallback, cancel that callback. if (server_info_) server_info_->ResetWaitForDataReadyCallback(); @@ -449,10 +470,6 @@ int QuicStreamFactory::Job::DoLoop(int rv) { CHECK_EQ(OK, rv); rv = DoConnect(); break; - case STATE_RESUME_CONNECT: - CHECK_EQ(OK, rv); - rv = DoResumeConnect(); - break; case STATE_CONNECT_COMPLETE: rv = DoConnectComplete(rv); break; @@ -466,9 +483,8 @@ int QuicStreamFactory::Job::DoLoop(int rv) { void QuicStreamFactory::Job::OnIOComplete(int rv) { rv = DoLoop(rv); - if (rv != ERR_IO_PENDING && !callback_.is_null()) { - callback_.Run(rv); - } + if (rv != ERR_IO_PENDING && !callback_.is_null()) + base::ResetAndReturn(&callback_).Run(rv); } void QuicStreamFactory::Job::RunAuxilaryJob() { @@ -494,6 +510,11 @@ void QuicStreamFactory::Job::CancelWaitForDataReadyCallback() { OnIOComplete(OK); } +size_t QuicStreamFactory::Job::EstimateMemoryUsage() const { + return base::trace_event::EstimateMemoryUsage(key_) + + base::trace_event::EstimateMemoryUsage(server_info_); +} + int QuicStreamFactory::Job::DoResolveHost() { dns_resolution_start_time_ = base::TimeTicks::Now(); // Start loading the data now, and wait for it after we resolve the host. @@ -528,6 +549,9 @@ int QuicStreamFactory::Job::DoResolveHostComplete(int rv) { } int QuicStreamFactory::Job::DoLoadServerInfo() { + net_log_.BeginEvent( + NetLogEventType::QUIC_STREAM_FACTORY_JOB_LOAD_SERVER_INFO); + io_state_ = STATE_LOAD_SERVER_INFO_COMPLETE; DCHECK(server_info_); @@ -565,6 +589,7 @@ int QuicStreamFactory::Job::DoLoadServerInfo() { } int QuicStreamFactory::Job::DoLoadServerInfoComplete(int rv) { + net_log_.EndEvent(NetLogEventType::QUIC_STREAM_FACTORY_JOB_LOAD_SERVER_INFO); UMA_HISTOGRAM_TIMES("Net.QuicServerInfo.DiskCacheWaitForDataReadyTime", base::TimeTicks::Now() - dns_resolution_end_time_); @@ -590,6 +615,9 @@ int QuicStreamFactory::Job::DoConnect() { bool require_confirmation = factory_->require_confirmation() || was_alternative_service_recently_broken_; + net_log_.BeginEvent( + NetLogEventType::QUIC_STREAM_FACTORY_JOB_CONNECT, + NetLog::BoolCallback("require_confirmation", require_confirmation)); int rv = factory_->CreateSession( key_, cert_verify_flags_, std::move(server_info_), require_confirmation, @@ -619,16 +647,8 @@ int QuicStreamFactory::Job::DoConnect() { return rv; } -int QuicStreamFactory::Job::DoResumeConnect() { - io_state_ = STATE_CONNECT_COMPLETE; - - int rv = session_->ResumeCryptoConnect( - base::Bind(&QuicStreamFactory::Job::OnIOComplete, GetWeakPtr())); - - return rv; -} - int QuicStreamFactory::Job::DoConnectComplete(int rv) { + net_log_.EndEvent(NetLogEventType::QUIC_STREAM_FACTORY_JOB_CONNECT); if (session_ && session_->error() == QUIC_CRYPTO_HANDSHAKE_STATELESS_REJECT) { num_sent_client_hellos_ += session_->GetNumSentClientHellos(); if (num_sent_client_hellos_ >= QuicCryptoClientStream::kMaxClientHellos) @@ -663,8 +683,10 @@ int QuicStreamFactory::Job::DoConnectComplete(int rv) { return OK; } -QuicStreamRequest::QuicStreamRequest(QuicStreamFactory* factory) - : factory_(factory) {} +QuicStreamRequest::QuicStreamRequest( + QuicStreamFactory* factory, + HttpServerProperties* http_server_properties) + : factory_(factory), http_server_properties_(http_server_properties) {} QuicStreamRequest::~QuicStreamRequest() { if (factory_ && !callback_.is_null()) @@ -675,7 +697,7 @@ int QuicStreamRequest::Request(const HostPortPair& destination, PrivacyMode privacy_mode, int cert_verify_flags, const GURL& url, - base::StringPiece method, + QuicStringPiece method, const NetLogWithSource& net_log, const CompletionCallback& callback) { DCHECK(callback_.is_null()); @@ -702,7 +724,7 @@ void QuicStreamRequest::SetSession(QuicChromiumClientSession* session) { void QuicStreamRequest::OnRequestComplete(int rv) { factory_ = nullptr; - callback_.Run(rv); + base::ResetAndReturn(&callback_).Run(rv); } base::TimeDelta QuicStreamRequest::GetTimeDelayForWaitingJob() const { @@ -714,7 +736,7 @@ base::TimeDelta QuicStreamRequest::GetTimeDelayForWaitingJob() const { std::unique_ptr<QuicHttpStream> QuicStreamRequest::CreateStream() { if (!session_) return nullptr; - return base::MakeUnique<QuicHttpStream>(session_); + return base::MakeUnique<QuicHttpStream>(session_, http_server_properties_); } std::unique_ptr<BidirectionalStreamImpl> @@ -754,7 +776,7 @@ QuicStreamFactory::QuicStreamFactory( bool delay_tcp_race, int max_server_configs_stored_in_properties, bool close_sessions_on_ip_change, - bool disable_quic_on_timeout_with_open_streams, + bool mark_quic_broken_when_network_blackholes, int idle_connection_timeout_seconds, int reduced_ping_timeout_seconds, int packet_reader_yield_after_duration_milliseconds, @@ -799,10 +821,8 @@ QuicStreamFactory::QuicStreamFactory( enable_non_blocking_io_(enable_non_blocking_io), disable_disk_cache_(disable_disk_cache), prefer_aes_(prefer_aes), - disable_quic_on_timeout_with_open_streams_( - disable_quic_on_timeout_with_open_streams), - consecutive_disabled_count_(0), - need_to_evaluate_consecutive_disabled_count_(false), + mark_quic_broken_when_network_blackholes_( + mark_quic_broken_when_network_blackholes), socket_receive_buffer_size_(socket_receive_buffer_size), delay_tcp_race_(delay_tcp_race), ping_timeout_(QuicTime::Delta::FromSeconds(kPingTimeoutSecs)), @@ -825,7 +845,6 @@ QuicStreamFactory::QuicStreamFactory( check_persisted_supports_quic_(true), has_initialized_data_(false), num_push_streams_created_(0), - status_(OPEN), task_runner_(nullptr), ssl_config_service_(ssl_config_service), weak_factory_(this) { @@ -927,19 +946,32 @@ void QuicStreamFactory::set_quic_server_info_factory( void QuicStreamFactory::DumpMemoryStats( base::trace_event::ProcessMemoryDump* pmd, const std::string& parent_absolute_name) const { - if (all_sessions_.empty()) + if (all_sessions_.empty() && active_jobs_.empty()) return; base::trace_event::MemoryAllocatorDump* factory_dump = pmd->CreateAllocatorDump(parent_absolute_name + "/quic_stream_factory"); size_t memory_estimate = - base::trace_event::EstimateMemoryUsage(all_sessions_); + base::trace_event::EstimateMemoryUsage(all_sessions_) + + base::trace_event::EstimateMemoryUsage(active_sessions_) + + base::trace_event::EstimateMemoryUsage(session_aliases_) + + base::trace_event::EstimateMemoryUsage(ip_aliases_) + + base::trace_event::EstimateMemoryUsage(session_peer_ip_) + + base::trace_event::EstimateMemoryUsage(gone_away_aliases_) + + base::trace_event::EstimateMemoryUsage(active_jobs_) + + base::trace_event::EstimateMemoryUsage(job_requests_map_) + + base::trace_event::EstimateMemoryUsage(active_cert_verifier_jobs_); factory_dump->AddScalar(base::trace_event::MemoryAllocatorDump::kNameSize, base::trace_event::MemoryAllocatorDump::kUnitsBytes, memory_estimate); - factory_dump->AddScalar( - base::trace_event::MemoryAllocatorDump::kNameObjectCount, - base::trace_event::MemoryAllocatorDump::kUnitsObjects, - all_sessions_.size()); + factory_dump->AddScalar("all_sessions", + base::trace_event::MemoryAllocatorDump::kUnitsObjects, + all_sessions_.size()); + factory_dump->AddScalar("active_jobs", + base::trace_event::MemoryAllocatorDump::kUnitsObjects, + active_jobs_.size()); + factory_dump->AddScalar("active_cert_jobs", + base::trace_event::MemoryAllocatorDump::kUnitsObjects, + active_cert_verifier_jobs_.size()); } bool QuicStreamFactory::CanUseExistingSession(const QuicServerId& server_id, @@ -967,7 +999,7 @@ int QuicStreamFactory::Create(const QuicServerId& server_id, const HostPortPair& destination, int cert_verify_flags, const GURL& url, - base::StringPiece method, + QuicStringPiece method, const NetLogWithSource& net_log, QuicStreamRequest* request) { if (clock_skew_detector_.ClockSkewDetected(base::TimeTicks::Now(), @@ -1009,8 +1041,21 @@ int QuicStreamFactory::Create(const QuicServerId& server_id, } // Associate with active job to |server_id| if such exists. - if (HasActiveJob(server_id)) { - active_requests_[request] = server_id; + auto it = active_jobs_.find(server_id); + if (it != active_jobs_.end()) { + const JobSet& job_set = it->second; + // TODO(zhongyi): figure out how to link the NetLogs if there are more than + // one job serving the same server id, i.e., auxiliary job is also + // created. + if (job_set.size() == 1) { + const NetLogWithSource& job_net_log = job_set.begin()->first->net_log(); + job_net_log.AddEvent( + NetLogEventType::QUIC_STREAM_FACTORY_JOB_BOUND_TO_HTTP_STREAM_JOB, + net_log.source().ToEventParametersCallback()); + net_log.AddEvent( + NetLogEventType::HTTP_STREAM_JOB_BOUND_TO_QUIC_STREAM_FACTORY_JOB, + job_net_log.source().ToEventParametersCallback()); + } job_requests_map_[server_id].insert(request); return ERR_IO_PENDING; } @@ -1054,7 +1099,6 @@ int QuicStreamFactory::Create(const QuicServerId& server_id, int rv = job->Run(base::Bind(&QuicStreamFactory::OnJobComplete, base::Unretained(this), job.get())); if (rv == ERR_IO_PENDING) { - active_requests_[request] = server_id; job_requests_map_[server_id].insert(request); Job* job_ptr = job.get(); active_jobs_[server_id][job_ptr] = std::move(job); @@ -1146,15 +1190,18 @@ void QuicStreamFactory::OnJobComplete(Job* job, int rv) { } } + ServerIDRequestsMap::iterator requests_iter = + job_requests_map_.find(server_id); + DCHECK(requests_iter != job_requests_map_.end()); if (rv == OK) { if (!always_require_handshake_confirmation_) set_require_confirmation(false); - if (!job_requests_map_[server_id].empty()) { + if (!requests_iter->second.empty()) { SessionMap::iterator session_it = active_sessions_.find(server_id); DCHECK(session_it != active_sessions_.end()); QuicChromiumClientSession* session = session_it->second; - for (QuicStreamRequest* request : job_requests_map_[server_id]) { + for (QuicStreamRequest* request : requests_iter->second) { DCHECK(request->server_id() == server_id); // Do not notify |request| yet. request->SetSession(session); @@ -1162,11 +1209,9 @@ void QuicStreamFactory::OnJobComplete(Job* job, int rv) { } } - while (!job_requests_map_[server_id].empty()) { - RequestSet::iterator it = job_requests_map_[server_id].begin(); - QuicStreamRequest* request = *it; - job_requests_map_[server_id].erase(it); - active_requests_.erase(request); + // It's okay not to erase |request| from |requests_iter->second| because the + // entire RequestSet will be erased from |job_requests_map_|. + for (auto* request : requests_iter->second) { // Even though we're invoking callbacks here, we don't need to worry // about |this| being deleted, because the factory is owned by the // profile which can not be deleted via callbacks. @@ -1180,7 +1225,7 @@ void QuicStreamFactory::OnJobComplete(Job* job, int rv) { active_jobs_[server_id].clear(); active_jobs_.erase(server_id); - job_requests_map_.erase(server_id); + job_requests_map_.erase(requests_iter); } void QuicStreamFactory::OnCertVerifyJobComplete(CertVerifierJob* job, int rv) { @@ -1189,38 +1234,8 @@ void QuicStreamFactory::OnCertVerifyJobComplete(CertVerifierJob* job, int rv) { std::unique_ptr<QuicHttpStream> QuicStreamFactory::CreateFromSession( QuicChromiumClientSession* session) { - return std::unique_ptr<QuicHttpStream>( - new QuicHttpStream(session->GetWeakPtr())); -} - -bool QuicStreamFactory::IsQuicDisabled() const { - return status_ != OPEN; -} - -bool QuicStreamFactory::OnHandshakeConfirmed( - QuicChromiumClientSession* session) { - if (!IsQuicDisabled()) - return false; - - session->CloseSessionOnErrorAndNotifyFactoryLater( - ERR_ABORTED, QUIC_TIMEOUTS_WITH_OPEN_STREAMS); - - return true; -} - -void QuicStreamFactory::OnTcpJobCompleted(bool succeeded) { - if (status_ != CLOSED) - return; - - // If QUIC connections are failing while TCP connections are working, - // then stop using QUIC. On the other hand if both QUIC and TCP are - // failing, then attempt to use QUIC again. - if (succeeded) { - status_ = DISABLED; - return; - } - - status_ = OPEN; + return base::MakeUnique<QuicHttpStream>(session->GetWeakPtr(), + http_server_properties_); } void QuicStreamFactory::OnIdleSession(QuicChromiumClientSession* session) {} @@ -1259,31 +1274,23 @@ void QuicStreamFactory::OnSessionClosed(QuicChromiumClientSession* session) { all_sessions_.erase(session); } -void QuicStreamFactory::OnTimeoutWithOpenStreams() { - // Reduce PING timeout when connection times out with open stream. - if (ping_timeout_ > reduced_ping_timeout_) { +void QuicStreamFactory::OnBlackholeAfterHandshakeConfirmed( + QuicChromiumClientSession* session) { + // Reduce PING timeout when connection blackholes after the handshake. + if (ping_timeout_ > reduced_ping_timeout_) ping_timeout_ = reduced_ping_timeout_; - } - if (disable_quic_on_timeout_with_open_streams_) { - if (status_ == OPEN) { - task_runner_->PostDelayedTask( - FROM_HERE, base::Bind(&QuicStreamFactory::OpenFactory, - weak_factory_.GetWeakPtr()), - base::TimeDelta::FromSeconds(kDisableQuicTimeoutSecs * - (1 << consecutive_disabled_count_))); - consecutive_disabled_count_++; - need_to_evaluate_consecutive_disabled_count_ = true; - } - status_ = CLOSED; + + if (mark_quic_broken_when_network_blackholes_) { + http_server_properties_->MarkAlternativeServiceBroken( + AlternativeService(kProtoQUIC, session->server_id().host_port_pair())); } } void QuicStreamFactory::CancelRequest(QuicStreamRequest* request) { - RequestMap::iterator request_it = active_requests_.find(request); - DCHECK(request_it != active_requests_.end()); - const QuicServerId& server_id = request_it->second; - job_requests_map_[server_id].erase(request); - active_requests_.erase(request_it); + ServerIDRequestsMap::iterator requests_it = + job_requests_map_.find(request->server_id()); + DCHECK(requests_it != job_requests_map_.end()); + requests_it->second.erase(request); } void QuicStreamFactory::CloseAllSessions(int error, QuicErrorCode quic_error) { @@ -1330,13 +1337,11 @@ void QuicStreamFactory::ClearCachedStatesInCryptoConfig( } void QuicStreamFactory::OnIPAddressChanged() { - status_ = OPEN; CloseAllSessions(ERR_NETWORK_CHANGED, QUIC_IP_ADDRESS_CHANGED); set_require_confirmation(true); } void QuicStreamFactory::OnNetworkConnected(NetworkHandle network) { - status_ = OPEN; ScopedConnectionMigrationEventLog scoped_event_log(net_log_, "OnNetworkConnected"); QuicStreamFactory::SessionIdMap::iterator it = all_sessions_.begin(); @@ -1656,15 +1661,6 @@ int QuicStreamFactory::CreateSession( base::TimeTicks dns_resolution_end_time, const NetLogWithSource& net_log, QuicChromiumClientSession** session) { - if (need_to_evaluate_consecutive_disabled_count_) { - task_runner_->PostDelayedTask( - FROM_HERE, - base::Bind(&QuicStreamFactory::MaybeClearConsecutiveDisabledCount, - weak_factory_.GetWeakPtr()), - base::TimeDelta::FromSeconds(kDisableQuicTimeoutSecs)); - - need_to_evaluate_consecutive_disabled_count_ = false; - } TRACE_EVENT0(kNetTracingCategory, "QuicStreamFactory::CreateSession"); IPEndPoint addr = *address_list.begin(); const QuicServerId& server_id = key.server_id(); @@ -1947,17 +1943,23 @@ void QuicStreamFactory::ProcessGoingAwaySession( const QuicConnectionStats& stats = session->connection()->GetStats(); const AlternativeService alternative_service(kProtoQUIC, server_id.host_port_pair()); + url::SchemeHostPort server("https", server_id.host_port_pair().host(), + server_id.host_port_pair().port()); + // Do nothing if QUIC is currently marked as broken. + if (http_server_properties_->IsAlternativeServiceBroken(alternative_service)) + return; + if (session->IsCryptoHandshakeConfirmed()) { http_server_properties_->ConfirmAlternativeService(alternative_service); ServerNetworkStats network_stats; network_stats.srtt = base::TimeDelta::FromMicroseconds(stats.srtt_us); network_stats.bandwidth_estimate = stats.estimated_bandwidth; - url::SchemeHostPort server("https", server_id.host_port_pair().host(), - server_id.host_port_pair().port()); http_server_properties_->SetServerNetworkStats(server, network_stats); return; } + http_server_properties_->ClearServerNetworkStats(server); + UMA_HISTOGRAM_COUNTS("Net.QuicHandshakeNotConfirmedNumPacketsReceived", stats.packets_received); @@ -1980,13 +1982,4 @@ void QuicStreamFactory::ProcessGoingAwaySession( alternative_service); } -void QuicStreamFactory::OpenFactory() { - status_ = OPEN; -} - -void QuicStreamFactory::MaybeClearConsecutiveDisabledCount() { - if (status_ == OPEN) - consecutive_disabled_count_ = 0; -} - } // namespace net diff --git a/chromium/net/quic/chromium/quic_stream_factory.h b/chromium/net/quic/chromium/quic_stream_factory.h index 966f3b278e3..fdd29437589 100644 --- a/chromium/net/quic/chromium/quic_stream_factory.h +++ b/chromium/net/quic/chromium/quic_stream_factory.h @@ -39,6 +39,7 @@ #include "net/quic/core/quic_crypto_stream.h" #include "net/quic/core/quic_packets.h" #include "net/quic/core/quic_server_id.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/ssl/ssl_config_service.h" namespace base { @@ -60,7 +61,7 @@ class HttpServerProperties; class NetLog; class ProxyDelegate; class QuicClock; -class QuicChromiumAlarmFactory; +class QuicAlarmFactory; class QuicChromiumConnectionHelper; class QuicCryptoClientStreamFactory; class QuicRandom; @@ -108,7 +109,8 @@ enum QuicConnectionMigrationStatus { // cancel the request with the factory. class NET_EXPORT_PRIVATE QuicStreamRequest { public: - explicit QuicStreamRequest(QuicStreamFactory* factory); + explicit QuicStreamRequest(QuicStreamFactory* factory, + HttpServerProperties* http_server_properties); ~QuicStreamRequest(); // |cert_verify_flags| is bitwise OR'd of CertVerifier::VerifyFlags and it is @@ -119,7 +121,7 @@ class NET_EXPORT_PRIVATE QuicStreamRequest { PrivacyMode privacy_mode, int cert_verify_flags, const GURL& url, - base::StringPiece method, + QuicStringPiece method, const NetLogWithSource& net_log, const CompletionCallback& callback); @@ -142,6 +144,7 @@ class NET_EXPORT_PRIVATE QuicStreamRequest { private: QuicStreamFactory* factory_; + HttpServerProperties* http_server_properties_; QuicServerId server_id_; NetLogWithSource net_log_; CompletionCallback callback_; @@ -216,7 +219,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory bool delay_tcp_race, int max_server_configs_stored_in_properties, bool close_sessions_on_ip_change, - bool disable_quic_on_timeout_with_open_streams, + bool mark_quic_broken_when_network_blackholes, int idle_connection_timeout_seconds, int reduced_ping_timeout_seconds, int packet_reader_yield_after_duration_milliseconds, @@ -246,7 +249,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory const HostPortPair& destination, int cert_verify_flags, const GURL& url, - base::StringPiece method, + QuicStringPiece method, const NetLogWithSource& net_log, QuicStreamRequest* request); @@ -258,9 +261,6 @@ class NET_EXPORT_PRIVATE QuicStreamFactory // could be used for. void OnTcpJobCompleted(bool succeeded); - // Returns true if QUIC is disabled. - bool IsQuicDisabled() const; - // Called by a session when it becomes idle. void OnIdleSession(QuicChromiumClientSession* session); @@ -271,8 +271,8 @@ class NET_EXPORT_PRIVATE QuicStreamFactory // Called by a session after it shuts down. void OnSessionClosed(QuicChromiumClientSession* session); - // Called by a session when it times out with open streams. - void OnTimeoutWithOpenStreams(); + // Called by a session when it blackholes after the handshake is confirmed. + void OnBlackholeAfterHandshakeConfirmed(QuicChromiumClientSession* session); // Cancels a pending request. void CancelRequest(QuicStreamRequest* request); @@ -373,7 +373,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory QuicChromiumConnectionHelper* helper() { return helper_.get(); } - QuicChromiumAlarmFactory* alarm_factory() { return alarm_factory_.get(); } + QuicAlarmFactory* alarm_factory() { return alarm_factory_.get(); } bool has_quic_server_info_factory() const { return quic_server_info_factory_.get() != nullptr; @@ -403,6 +403,10 @@ class NET_EXPORT_PRIVATE QuicStreamFactory return migrate_sessions_on_network_change_; } + bool mark_quic_broken_when_network_blackholes() const { + return mark_quic_broken_when_network_blackholes_; + } + // Dumps memory allocation stats. |parent_dump_absolute_name| is the name // used by the parent MemoryAllocatorDump in the memory dump hierarchy. void DumpMemoryStats(base::trace_event::ProcessMemoryDump* pmd, @@ -422,18 +426,11 @@ class NET_EXPORT_PRIVATE QuicStreamFactory typedef std::map<QuicChromiumClientSession*, IPEndPoint> SessionPeerIPMap; typedef std::map<Job*, std::unique_ptr<Job>> JobSet; typedef std::map<QuicServerId, JobSet> JobMap; - typedef std::map<QuicStreamRequest*, QuicServerId> RequestMap; typedef std::set<QuicStreamRequest*> RequestSet; typedef std::map<QuicServerId, RequestSet> ServerIDRequestsMap; typedef std::map<QuicServerId, std::unique_ptr<CertVerifierJob>> CertVerifierJobMap; - enum FactoryStatus { - OPEN, // New streams may be created. - CLOSED, // No new streams may be created temporarily. - DISABLED // No more streams may be created until the network changes. - }; - // Creates a job which doesn't wait for server config to be loaded from the // disk cache. This job is started via a PostTask. void CreateAuxilaryJob(const QuicSessionKey& key, @@ -518,12 +515,6 @@ class NET_EXPORT_PRIVATE QuicStreamFactory bool close_session_on_error, const NetLogWithSource& net_log); - // Called to re-enable QUIC when QUIC has been disabled. - void OpenFactory(); - // If QUIC has been working well after having been recently - // disabled, clear the |consecutive_disabled_count_|. - void MaybeClearConsecutiveDisabledCount(); - bool require_confirmation_; NetLog* net_log_; HostResolver* host_resolver_; @@ -549,7 +540,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory std::unique_ptr<QuicChromiumConnectionHelper> helper_; // The alarm factory used for all connections. - std::unique_ptr<QuicChromiumAlarmFactory> alarm_factory_; + std::unique_ptr<QuicAlarmFactory> alarm_factory_; // Contains owning pointers to all sessions that currently exist. SessionIdMap all_sessions_; @@ -570,12 +561,13 @@ class NET_EXPORT_PRIVATE QuicStreamFactory QuicCryptoClientConfig crypto_config_; JobMap active_jobs_; + // Map from QuicServerId to a set of non-owning QuicStreamRequest pointers. ServerIDRequestsMap job_requests_map_; - RequestMap active_requests_; + // Map of QuicServerId to owning CertVerifierJob. CertVerifierJobMap active_cert_verifier_jobs_; - QuicVersionVector supported_versions_; + const QuicVersionVector supported_versions_; // Set if we always require handshake confirmation. If true, this will // introduce at least one RTT for the handshake before the client sends data. @@ -604,13 +596,9 @@ class NET_EXPORT_PRIVATE QuicStreamFactory // Set if AES-GCM should be preferred, even if there is no hardware support. bool prefer_aes_; - // True if QUIC should be disabled when there are timeouts with open - // streams. - bool disable_quic_on_timeout_with_open_streams_; - - // Number of times in a row that QUIC has been disabled. - int consecutive_disabled_count_; - bool need_to_evaluate_consecutive_disabled_count_; + // True if QUIC should be marked as broken when a connection blackholes after + // the handshake is confirmed. + bool mark_quic_broken_when_network_blackholes_; // Size of the UDP receive buffer. int socket_receive_buffer_size_; @@ -667,9 +655,6 @@ class NET_EXPORT_PRIVATE QuicStreamFactory QuicClientPushPromiseIndex push_promise_index_; - // Current status of the factory's ability to create streams. - FactoryStatus status_; - base::TaskRunner* task_runner_; const scoped_refptr<SSLConfigService> ssl_config_service_; diff --git a/chromium/net/quic/test_tools/quic_stream_factory_peer.cc b/chromium/net/quic/chromium/quic_stream_factory_peer.cc index efd35980db4..6352df98b5b 100644 --- a/chromium/net/quic/test_tools/quic_stream_factory_peer.cc +++ b/chromium/net/quic/chromium/quic_stream_factory_peer.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/quic/test_tools/quic_stream_factory_peer.h" +#include "net/quic/chromium/quic_stream_factory_peer.h" #include <string> #include <vector> @@ -80,10 +80,6 @@ QuicTime::Delta QuicStreamFactoryPeer::GetPingTimeout( return factory->ping_timeout_; } -bool QuicStreamFactoryPeer::IsQuicDisabled(QuicStreamFactory* factory) { - return factory->IsQuicDisabled(); -} - bool QuicStreamFactoryPeer::GetDelayTcpRace(QuicStreamFactory* factory) { return factory->delay_tcp_race_; } @@ -203,5 +199,11 @@ int QuicStreamFactoryPeer::GetNumPushStreamsCreated( return factory->num_push_streams_created_; } +void QuicStreamFactoryPeer::SetAlarmFactory( + QuicStreamFactory* factory, + std::unique_ptr<QuicAlarmFactory> alarm_factory) { + factory->alarm_factory_ = std::move(alarm_factory); +} + } // namespace test } // namespace net diff --git a/chromium/net/quic/test_tools/quic_stream_factory_peer.h b/chromium/net/quic/chromium/quic_stream_factory_peer.h index 3387e1fe691..822b78f699f 100644 --- a/chromium/net/quic/test_tools/quic_stream_factory_peer.h +++ b/chromium/net/quic/chromium/quic_stream_factory_peer.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef NET_QUIC_TEST_TOOLS_QUIC_STREAM_FACTORY_PEER_H_ -#define NET_QUIC_TEST_TOOLS_QUIC_STREAM_FACTORY_PEER_H_ +#ifndef NET_QUIC_CHROMIUM_QUIC_STREAM_FACTORY_PEER_H_ +#define NET_QUIC_CHROMIUM_QUIC_STREAM_FACTORY_PEER_H_ #include <stddef.h> #include <stdint.h> @@ -19,12 +19,13 @@ namespace net { class NetLogWithSource; +class QuicAlarmFactory; +class QuicChromiumClientSession; +class QuicClientPushPromiseIndex; class QuicConfig; class QuicCryptoClientConfig; class QuicHttpStream; class QuicStreamFactory; -class QuicChromiumClientSession; -class QuicClientPushPromiseIndex; namespace test { @@ -59,8 +60,6 @@ class QuicStreamFactoryPeer { static QuicTime::Delta GetPingTimeout(QuicStreamFactory* factory); - static bool IsQuicDisabled(QuicStreamFactory* factory); - static bool GetDelayTcpRace(QuicStreamFactory* factory); static void SetDelayTcpRace(QuicStreamFactory* factory, bool delay_tcp_race); @@ -103,6 +102,9 @@ class QuicStreamFactoryPeer { static int GetNumPushStreamsCreated(QuicStreamFactory* factory); + static void SetAlarmFactory(QuicStreamFactory* factory, + std::unique_ptr<QuicAlarmFactory> alarm_factory); + private: DISALLOW_COPY_AND_ASSIGN(QuicStreamFactoryPeer); }; @@ -110,4 +112,4 @@ class QuicStreamFactoryPeer { } // namespace test } // namespace net -#endif // NET_QUIC_TEST_TOOLS_QUIC_STREAM_FACTORY_PEER_H_ +#endif // NET_QUIC_CHROMIUM_QUIC_STREAM_FACTORY_PEER_H_ diff --git a/chromium/net/quic/chromium/quic_stream_factory_test.cc b/chromium/net/quic/chromium/quic_stream_factory_test.cc index 92f93ee28d2..aeea54b9c0d 100644 --- a/chromium/net/quic/chromium/quic_stream_factory_test.cc +++ b/chromium/net/quic/chromium/quic_stream_factory_test.cc @@ -10,9 +10,11 @@ #include "base/bind.h" #include "base/callback.h" +#include "base/macros.h" #include "base/memory/ptr_util.h" #include "base/run_loop.h" #include "base/strings/string_util.h" +#include "net/base/mock_network_change_notifier.h" #include "net/base/test_proxy_delegate.h" #include "net/cert/cert_verifier.h" #include "net/cert/ct_policy_enforcer.h" @@ -25,12 +27,13 @@ #include "net/http/transport_security_state.h" #include "net/quic/chromium/crypto/proof_verifier_chromium.h" #include "net/quic/chromium/mock_crypto_client_stream_factory.h" -#include "net/quic/chromium/mock_network_change_notifier.h" #include "net/quic/chromium/mock_quic_data.h" #include "net/quic/chromium/properties_based_quic_server_info.h" #include "net/quic/chromium/quic_http_utils.h" #include "net/quic/chromium/quic_server_info.h" +#include "net/quic/chromium/quic_stream_factory_peer.h" #include "net/quic/chromium/quic_test_packet_maker.h" +#include "net/quic/chromium/test_task_runner.h" #include "net/quic/core/crypto/crypto_handshake.h" #include "net/quic/core/crypto/quic_crypto_client_config.h" #include "net/quic/core/crypto/quic_decrypter.h" @@ -39,9 +42,7 @@ #include "net/quic/test_tools/mock_clock.h" #include "net/quic/test_tools/mock_random.h" #include "net/quic/test_tools/quic_config_peer.h" -#include "net/quic/test_tools/quic_stream_factory_peer.h" #include "net/quic/test_tools/quic_test_utils.h" -#include "net/quic/test_tools/test_task_runner.h" #include "net/socket/next_proto.h" #include "net/socket/socket_test_util.h" #include "net/spdy/spdy_session_test_util.h" @@ -195,6 +196,11 @@ class MockQuicServerInfo : public QuicServerInfo { void Persist() override {} void OnExternalCacheHit() override {} + + size_t EstimateMemoryUsage() const override { + NOTREACHED(); + return 0; + } }; class MockQuicServerInfoFactory : public QuicServerInfoFactory { @@ -248,7 +254,6 @@ class QuicStreamFactoryTestBase { receive_buffer_size_(0), delay_tcp_race_(true), close_sessions_on_ip_change_(false), - disable_quic_on_timeout_with_open_streams_(false), idle_connection_timeout_seconds_(kIdleConnectionTimeoutSeconds), reduced_ping_timeout_seconds_(kPingTimeoutSecs), packet_reader_yield_after_duration_milliseconds_( @@ -285,7 +290,7 @@ class QuicStreamFactoryTestBase { receive_buffer_size_, delay_tcp_race_, /*max_server_configs_stored_in_properties*/ 0, close_sessions_on_ip_change_, - disable_quic_on_timeout_with_open_streams_, + /*mark_quic_broken_when_network_blackholes*/ false, idle_connection_timeout_seconds_, reduced_ping_timeout_seconds_, packet_reader_yield_after_duration_milliseconds_, migrate_sessions_on_network_change_, migrate_sessions_early_, @@ -360,7 +365,7 @@ class QuicStreamFactoryTestBase { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); GURL url("https://" + destination.host() + "/"); EXPECT_EQ(ERR_IO_PENDING, request.Request(destination, privacy_mode_, @@ -506,7 +511,7 @@ class QuicStreamFactoryTestBase { socket_data2.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -789,7 +794,6 @@ class QuicStreamFactoryTestBase { int receive_buffer_size_; bool delay_tcp_race_; bool close_sessions_on_ip_change_; - bool disable_quic_on_timeout_with_open_streams_; int idle_connection_timeout_seconds_; int reduced_ping_timeout_seconds_; int packet_reader_yield_after_duration_milliseconds_; @@ -825,7 +829,7 @@ TEST_P(QuicStreamFactoryTest, Create) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -841,7 +845,7 @@ TEST_P(QuicStreamFactoryTest, Create) { // TODO(rtenneti): We should probably have a tests that HTTP and HTTPS result // in streams on different sessions. - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request2.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, callback_.callback())); @@ -867,7 +871,7 @@ TEST_P(QuicStreamFactoryTest, CreateZeroRtt) { host_resolver_.rules()->AddIPLiteralRule(host_port_pair_.host(), "192.168.0.1", ""); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, callback_.callback())); @@ -893,7 +897,7 @@ TEST_P(QuicStreamFactoryTest, CreateZeroRttPost) { host_resolver_.rules()->AddIPLiteralRule(host_port_pair_.host(), "192.168.0.1", ""); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "POST", net_log_, callback_.callback())); @@ -916,7 +920,7 @@ TEST_P(QuicStreamFactoryTest, DefaultInitialRtt) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -949,7 +953,7 @@ TEST_P(QuicStreamFactoryTest, CachedInitialRtt) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -982,7 +986,7 @@ TEST_P(QuicStreamFactoryTest, 2gInitialRtt) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -1015,7 +1019,7 @@ TEST_P(QuicStreamFactoryTest, 3gInitialRtt) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -1043,7 +1047,7 @@ TEST_P(QuicStreamFactoryTest, GoAway) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -1075,7 +1079,7 @@ TEST_P(QuicStreamFactoryTest, GoAwayForConnectionMigrationWithPortOnly) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -1122,7 +1126,7 @@ TEST_P(QuicStreamFactoryTest, Pooling) { "192.168.0.1", ""); host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, callback_.callback())); @@ -1130,7 +1134,7 @@ TEST_P(QuicStreamFactoryTest, Pooling) { EXPECT_TRUE(stream.get()); TestCompletionCallback callback; - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request2.Request(server2, privacy_mode_, /*cert_verify_flags=*/0, url2_, "GET", net_log_, callback.callback())); @@ -1181,7 +1185,7 @@ TEST_P(QuicStreamFactoryTest, PoolingWithServerMigration) { // Create new request to cause new session creation. TestCompletionCallback callback; - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request2.Request(server2, privacy_mode_, /*cert_verify_flags=*/0, url2_, "GET", net_log_, @@ -1221,7 +1225,7 @@ TEST_P(QuicStreamFactoryTest, NoPoolingIfDisabled) { "192.168.0.1", ""); host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, callback_.callback())); @@ -1229,7 +1233,7 @@ TEST_P(QuicStreamFactoryTest, NoPoolingIfDisabled) { EXPECT_TRUE(stream.get()); TestCompletionCallback callback; - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request2.Request(server2, privacy_mode_, /*cert_verify_flags=*/0, url2_, "GET", net_log_, callback.callback())); @@ -1269,7 +1273,7 @@ TEST_P(QuicStreamFactoryTest, NoPoolingAfterGoAway) { "192.168.0.1", ""); host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, callback_.callback())); @@ -1277,7 +1281,7 @@ TEST_P(QuicStreamFactoryTest, NoPoolingAfterGoAway) { EXPECT_TRUE(stream.get()); TestCompletionCallback callback; - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request2.Request(server2, privacy_mode_, /*cert_verify_flags=*/0, url2_, "GET", net_log_, callback.callback())); @@ -1289,7 +1293,7 @@ TEST_P(QuicStreamFactoryTest, NoPoolingAfterGoAway) { EXPECT_FALSE(HasActiveSession(server2)); TestCompletionCallback callback3; - QuicStreamRequest request3(factory_.get()); + QuicStreamRequest request3(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request3.Request(server2, privacy_mode_, /*cert_verify_flags=*/0, url2_, "GET", net_log_, callback3.callback())); @@ -1324,7 +1328,7 @@ TEST_P(QuicStreamFactoryTest, HttpsPooling) { host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request.Request(server1, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, callback_.callback())); @@ -1332,7 +1336,7 @@ TEST_P(QuicStreamFactoryTest, HttpsPooling) { EXPECT_TRUE(stream.get()); TestCompletionCallback callback; - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request2.Request(server2, privacy_mode_, /*cert_verify_flags=*/0, url2_, "GET", net_log_, callback_.callback())); @@ -1373,7 +1377,7 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingIfDisabled) { host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request.Request(server1, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, callback_.callback())); @@ -1381,7 +1385,7 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingIfDisabled) { EXPECT_TRUE(stream.get()); TestCompletionCallback callback; - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request2.Request(server2, privacy_mode_, /*cert_verify_flags=*/0, url2_, "GET", net_log_, callback_.callback())); @@ -1421,7 +1425,7 @@ TEST_P(QuicStreamFactoryTest, HttpsPoolingWithMatchingPins) { host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request.Request(server1, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, callback_.callback())); @@ -1429,7 +1433,7 @@ TEST_P(QuicStreamFactoryTest, HttpsPoolingWithMatchingPins) { EXPECT_TRUE(stream.get()); TestCompletionCallback callback; - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request2.Request(server2, privacy_mode_, /*cert_verify_flags=*/0, url2_, "GET", net_log_, callback_.callback())); @@ -1476,7 +1480,7 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithMatchingPinsIfDisabled) { host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request.Request(server1, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, callback_.callback())); @@ -1484,7 +1488,7 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithMatchingPinsIfDisabled) { EXPECT_TRUE(stream.get()); TestCompletionCallback callback; - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request2.Request(server2, privacy_mode_, /*cert_verify_flags=*/0, url2_, "GET", net_log_, callback_.callback())); @@ -1537,7 +1541,7 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithDifferentPins) { host_resolver_.rules()->AddIPLiteralRule(server1.host(), "192.168.0.1", ""); host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request.Request(server1, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, callback_.callback())); @@ -1545,7 +1549,7 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithDifferentPins) { EXPECT_TRUE(stream.get()); TestCompletionCallback callback; - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request2.Request(server2, privacy_mode_, /*cert_verify_flags=*/0, url2_, "GET", net_log_, callback_.callback())); @@ -1579,7 +1583,7 @@ TEST_P(QuicStreamFactoryTest, Goaway) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data2.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -1599,7 +1603,7 @@ TEST_P(QuicStreamFactoryTest, Goaway) { // Create a new request for the same destination and verify that a // new session is created. - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request2.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -1644,7 +1648,7 @@ TEST_P(QuicStreamFactoryTest, MaxOpenStream) { // The MockCryptoClientStream sets max_open_streams to be // kDefaultMaxStreamsPerConnection / 2. for (size_t i = 0; i < kDefaultMaxStreamsPerConnection / 2; i++) { - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); int rv = request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, callback_.callback()); @@ -1661,7 +1665,7 @@ TEST_P(QuicStreamFactoryTest, MaxOpenStream) { streams.push_back(std::move(stream)); } - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, CompletionCallback())); @@ -1695,7 +1699,7 @@ TEST_P(QuicStreamFactoryTest, ResolutionErrorInCreate) { host_resolver_.rules()->AddSimulatedFailure(kDefaultServerHostName); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -1714,7 +1718,7 @@ TEST_P(QuicStreamFactoryTest, ConnectErrorInCreate) { socket_data.AddConnect(SYNCHRONOUS, ERR_ADDRESS_IN_USE); socket_data.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -1735,7 +1739,7 @@ TEST_P(QuicStreamFactoryTest, CancelCreate) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data.AddSocketDataToFactory(&socket_factory_); { - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -1773,7 +1777,7 @@ TEST_P(QuicStreamFactoryTest, CloseAllSessions) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data2.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -1793,7 +1797,7 @@ TEST_P(QuicStreamFactoryTest, CloseAllSessions) { // Now attempting to request a stream to the same origin should create // a new session. - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request2.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -1827,7 +1831,7 @@ TEST_P(QuicStreamFactoryTest, socket_data.AddSocketDataToFactory(&socket_factory_); // Create request, should fail after the write of the CHLO fails. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -1848,7 +1852,7 @@ TEST_P(QuicStreamFactoryTest, kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data2.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request2.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -1891,7 +1895,7 @@ TEST_P(QuicStreamFactoryTest, WriteErrorInCryptoConnectWithSyncHostResolution) { socket_data.AddSocketDataToFactory(&socket_factory_); // Create request, should fail immediately. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_QUIC_HANDSHAKE_FAILED, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -1912,7 +1916,7 @@ TEST_P(QuicStreamFactoryTest, WriteErrorInCryptoConnectWithSyncHostResolution) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data2.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request2.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -1959,7 +1963,7 @@ TEST_P(QuicStreamFactoryTest, OnIPAddressChanged) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data2.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -1980,7 +1984,7 @@ TEST_P(QuicStreamFactoryTest, OnIPAddressChanged) { // Now attempting to request a stream to the same origin should create // a new session. - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request2.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -2028,7 +2032,7 @@ void QuicStreamFactoryTestBase::OnNetworkMadeDefault(bool async_write_before) { socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -2097,7 +2101,7 @@ void QuicStreamFactoryTestBase::OnNetworkMadeDefault(bool async_write_before) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data2.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request2.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -2161,7 +2165,7 @@ void QuicStreamFactoryTestBase::OnNetworkDisconnected(bool async_write_before) { socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -2225,7 +2229,7 @@ void QuicStreamFactoryTestBase::OnNetworkDisconnected(bool async_write_before) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data2.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request2.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -2275,7 +2279,7 @@ void QuicStreamFactoryTestBase::OnNetworkDisconnectedWithNetworkList( socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -2335,7 +2339,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkMadeDefaultNonMigratableStream) { socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -2386,7 +2390,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkMadeDefaultConnectionMigrationDisabled) { socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -2440,7 +2444,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkDisconnectedNonMigratableStream) { socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -2490,7 +2494,7 @@ TEST_P(QuicStreamFactoryTest, socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -2540,7 +2544,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkMadeDefaultNoOpenStreams) { socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -2580,7 +2584,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkDisconnectedNoOpenStreams) { socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -2623,7 +2627,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeDisconnectedPauseBeforeConnected) { socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -2700,7 +2704,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkChangeDisconnectedPauseBeforeConnected) { ConstructSettingsPacket(1, SETTINGS_MAX_HEADER_LIST_SIZE, kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data2.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request2.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -2753,7 +2757,7 @@ TEST_P(QuicStreamFactoryTest, host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.2", ""); // Create request and QuicHttpStream to create session1. - QuicStreamRequest request1(factory_.get()); + QuicStreamRequest request1(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request1.Request(server1, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, callback_.callback())); @@ -2761,7 +2765,7 @@ TEST_P(QuicStreamFactoryTest, EXPECT_TRUE(stream1.get()); // Create request and QuicHttpStream to create session2. - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request2.Request(server2, privacy_mode_, /*cert_verify_flags=*/0, url2_, "GET", net_log_, callback_.callback())); @@ -2846,7 +2850,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarly) { socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -2911,7 +2915,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarly) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data2.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request2.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -2973,7 +2977,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarlyWithAsyncWrites) { socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -3040,7 +3044,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarlyWithAsyncWrites) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data2.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request2.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -3095,7 +3099,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarlyNoNewNetwork) { socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -3149,7 +3153,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarlyNonMigratableStream) { socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -3203,7 +3207,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarlyConnectionMigrationDisabled) { socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -3262,7 +3266,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteError( socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -3352,7 +3356,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorNoNewNetwork( socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -3443,7 +3447,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorNonMigratableStream( socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -3509,7 +3513,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorMigrationDisabled( socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -3590,7 +3594,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnMultipleWriteErrors( } // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -3671,7 +3675,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorWithNotificationQueued( socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -3769,7 +3773,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnNotificationWithWriteErrorQueued( socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -3868,7 +3872,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorPauseBeforeConnected( socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -3950,7 +3954,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorPauseBeforeConnected( kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data2.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request2.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -4003,7 +4007,7 @@ void QuicStreamFactoryTestBase:: socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -4093,7 +4097,7 @@ void QuicStreamFactoryTestBase:: kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data2.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request2.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -4159,7 +4163,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarlyToBadSocket) { socket_data.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -4223,7 +4227,7 @@ TEST_P(QuicStreamFactoryTest, ServerMigration) { socket_data1.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -4366,7 +4370,7 @@ TEST_P(QuicStreamFactoryTest, ServerMigrationIPv4ToIPv6Fails) { socket_data1.AddSocketDataToFactory(&socket_factory_); // Create request and QuicHttpStream. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -4424,7 +4428,7 @@ TEST_P(QuicStreamFactoryTest, OnSSLConfigChanged) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data2.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -4444,7 +4448,7 @@ TEST_P(QuicStreamFactoryTest, OnSSLConfigChanged) { // Now attempting to request a stream to the same origin should create // a new session. - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request2.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -4481,7 +4485,7 @@ TEST_P(QuicStreamFactoryTest, OnCertDBChanged) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data2.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -4502,7 +4506,7 @@ TEST_P(QuicStreamFactoryTest, OnCertDBChanged) { // Now attempting to request a stream to the same origin should create // a new session. - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request2.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -4625,7 +4629,7 @@ TEST_P(QuicStreamFactoryTest, RacingConnections) { host_resolver_.rules()->AddIPLiteralRule(host_port_pair_.host(), "192.168.0.1", ""); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); QuicServerId server_id(host_port_pair_, privacy_mode_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, @@ -4662,7 +4666,7 @@ TEST_P(QuicStreamFactoryTest, EnableNotLoadFromDiskCache) { host_resolver_.rules()->AddIPLiteralRule(host_port_pair_.host(), "192.168.0.1", ""); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, callback_.callback())); @@ -4686,7 +4690,6 @@ TEST_P(QuicStreamFactoryTest, ReducePingTimeoutOnConnectionTimeOutOpenStreams) { crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); QuicStreamFactoryPeer::SetTaskRunner(factory_.get(), runner_.get()); - EXPECT_FALSE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get())); MockQuicData socket_data; socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); @@ -4715,7 +4718,7 @@ TEST_P(QuicStreamFactoryTest, ReducePingTimeoutOnConnectionTimeOutOpenStreams) { // with open stream. EXPECT_EQ(QuicTime::Delta::FromSeconds(kPingTimeoutSecs), QuicStreamFactoryPeer::GetPingTimeout(factory_.get())); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, callback_.callback())); @@ -4739,8 +4742,6 @@ TEST_P(QuicStreamFactoryTest, ReducePingTimeoutOnConnectionTimeOutOpenStreams) { base::RunLoop run_loop; run_loop.RunUntilIdle(); - EXPECT_FALSE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get())); - // The first connection times out with open stream, QUIC should reduce initial // PING time for subsequent connections. EXPECT_EQ(QuicTime::Delta::FromSeconds(10), @@ -4749,7 +4750,7 @@ TEST_P(QuicStreamFactoryTest, ReducePingTimeoutOnConnectionTimeOutOpenStreams) { // Test two-in-a-row timeouts with open streams. DVLOG(1) << "Create 2nd session and timeout with open stream"; TestCompletionCallback callback2; - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request2.Request(server2, privacy_mode_, /*cert_verify_flags=*/0, url2_, "GET", net_log_, callback2.callback())); @@ -4767,7 +4768,6 @@ TEST_P(QuicStreamFactoryTest, ReducePingTimeoutOnConnectionTimeOutOpenStreams) { // QuicStreamFactory::OnSessionClosed() runs. base::RunLoop run_loop2; run_loop2.RunUntilIdle(); - EXPECT_FALSE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get())); EXPECT_TRUE(socket_data.AllReadDataConsumed()); EXPECT_TRUE(socket_data.AllWriteDataConsumed()); @@ -4775,269 +4775,6 @@ TEST_P(QuicStreamFactoryTest, ReducePingTimeoutOnConnectionTimeOutOpenStreams) { EXPECT_TRUE(socket_data2.AllWriteDataConsumed()); } -TEST_P(QuicStreamFactoryTest, DisableQuicWhenTimeoutsWithOpenStreams) { - disable_disk_cache_ = true; - disable_quic_on_timeout_with_open_streams_ = true; - Initialize(); - ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); - crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - QuicStreamFactoryPeer::SetTaskRunner(factory_.get(), runner_.get()); - - EXPECT_FALSE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get())); - - MockQuicData socket_data; - socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data.AddWrite( - ConstructSettingsPacket(1, SETTINGS_MAX_HEADER_LIST_SIZE, - kDefaultMaxUncompressedHeaderSize, nullptr)); - socket_data.AddSocketDataToFactory(&socket_factory_); - - crypto_client_stream_factory_.set_handshake_mode( - MockCryptoClientStream::CONFIRM_HANDSHAKE); - host_resolver_.set_synchronous_mode(true); - host_resolver_.rules()->AddIPLiteralRule(host_port_pair_.host(), - "192.168.0.1", ""); - - // Test first timeouts with open streams will disable QUIC. - QuicStreamRequest request(factory_.get()); - EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_, - /*cert_verify_flags=*/0, url_, "GET", net_log_, - callback_.callback())); - - QuicChromiumClientSession* session = GetActiveSession(host_port_pair_); - - std::unique_ptr<QuicHttpStream> stream = request.CreateStream(); - EXPECT_TRUE(stream.get()); - HttpRequestInfo request_info; - EXPECT_EQ(OK, stream->InitializeStream(&request_info, DEFAULT_PRIORITY, - net_log_, CompletionCallback())); - - DVLOG(1) - << "Created 1st session and initialized a stream. Now trigger timeout." - << "Will disable QUIC."; - session->connection()->CloseConnection(QUIC_NETWORK_IDLE_TIMEOUT, "test", - ConnectionCloseBehavior::SILENT_CLOSE); - // Need to spin the loop now to ensure that - // QuicStreamFactory::OnSessionClosed() runs. - base::RunLoop run_loop; - run_loop.RunUntilIdle(); - - EXPECT_TRUE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get())); - - // Verify that QUIC is fully disabled after a TCP job succeeds. - factory_->OnTcpJobCompleted(/*succeeded=*/true); - EXPECT_TRUE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get())); - - // Verify that QUIC stays disabled after a TCP job succeeds. - factory_->OnTcpJobCompleted(/*succeeded=*/false); - EXPECT_TRUE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get())); - - EXPECT_TRUE(socket_data.AllReadDataConsumed()); - EXPECT_TRUE(socket_data.AllWriteDataConsumed()); -} - -TEST_P(QuicStreamFactoryTest, - DisableQuicWhenTimeoutsWithOpenStreamsExponentialBackoff) { - disable_disk_cache_ = true; - disable_quic_on_timeout_with_open_streams_ = true; - Initialize(); - ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); - crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - QuicStreamFactoryPeer::SetTaskRunner(factory_.get(), runner_.get()); - - EXPECT_FALSE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get())); - - MockQuicData socket_data; - socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data.AddWrite( - ConstructSettingsPacket(1, SETTINGS_MAX_HEADER_LIST_SIZE, - kDefaultMaxUncompressedHeaderSize, nullptr)); - socket_data.AddSocketDataToFactory(&socket_factory_); - - MockQuicData socket_data2; - socket_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data2.AddWrite( - ConstructSettingsPacket(1, SETTINGS_MAX_HEADER_LIST_SIZE, - kDefaultMaxUncompressedHeaderSize, nullptr)); - socket_data2.AddSocketDataToFactory(&socket_factory_); - - crypto_client_stream_factory_.set_handshake_mode( - MockCryptoClientStream::CONFIRM_HANDSHAKE); - host_resolver_.set_synchronous_mode(true); - host_resolver_.rules()->AddIPLiteralRule(host_port_pair_.host(), - "192.168.0.1", ""); - - // Test first timeouts with open streams will disable QUIC. - QuicStreamRequest request(factory_.get()); - EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_, - /*cert_verify_flags=*/0, url_, "GET", net_log_, - callback_.callback())); - - QuicChromiumClientSession* session = GetActiveSession(host_port_pair_); - - std::unique_ptr<QuicHttpStream> stream = request.CreateStream(); - EXPECT_TRUE(stream.get()); - HttpRequestInfo request_info; - EXPECT_EQ(OK, stream->InitializeStream(&request_info, DEFAULT_PRIORITY, - net_log_, CompletionCallback())); - - DVLOG(1) - << "Created 1st session and initialized a stream. Now trigger timeout." - << "Will disable QUIC."; - session->connection()->CloseConnection(QUIC_NETWORK_IDLE_TIMEOUT, "test", - ConnectionCloseBehavior::SILENT_CLOSE); - EXPECT_TRUE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get())); - - ASSERT_EQ(1u, runner_->GetPostedTasks().size()); - ASSERT_EQ(clock_->NowInTicks() + base::TimeDelta::FromMinutes(5), - runner_->GetPostedTasks()[0].GetTimeToRun()); - runner_->RunNextTask(); - - // Need to spin the loop now to ensure that - // QuicStreamFactory::OnSessionClosed() runs. - base::RunLoop run_loop; - run_loop.RunUntilIdle(); - - EXPECT_FALSE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get())); - - ASSERT_TRUE(runner_->GetPostedTasks().empty()); - - // Create a new session which will cause a task to be posted to - // clear the exponential backoff. - QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(host_port_pair_, privacy_mode_, - /*cert_verify_flags=*/0, url_, "GET", net_log_, - callback_.callback())); - QuicChromiumClientSession* session2 = GetActiveSession(host_port_pair_); - std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream(); - EXPECT_TRUE(stream2.get()); - HttpRequestInfo request_info2; - EXPECT_EQ(OK, stream2->InitializeStream(&request_info2, DEFAULT_PRIORITY, - net_log_, CompletionCallback())); - - // Check that the clear task has been posted. - ASSERT_EQ(1u, runner_->GetPostedTasks().size()); - ASSERT_EQ(clock_->NowInTicks() + base::TimeDelta::FromMinutes(5), - runner_->GetPostedTasks()[0].GetTimeToRun()); - - session2->connection()->CloseConnection( - QUIC_NETWORK_IDLE_TIMEOUT, "test", ConnectionCloseBehavior::SILENT_CLOSE); - EXPECT_TRUE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get())); - - ASSERT_EQ(2u, runner_->GetPostedTasks().size()); - ASSERT_EQ(clock_->NowInTicks() + base::TimeDelta::FromMinutes(10), - runner_->GetPostedTasks()[1].GetTimeToRun()); - runner_->RunNextTask(); - - EXPECT_TRUE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get())); - - EXPECT_TRUE(socket_data.AllReadDataConsumed()); - EXPECT_TRUE(socket_data.AllWriteDataConsumed()); -} - -TEST_P(QuicStreamFactoryTest, - DisableQuicWhenTimeoutsWithOpenStreamsExponentialBackoffReset) { - disable_disk_cache_ = true; - disable_quic_on_timeout_with_open_streams_ = true; - Initialize(); - ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); - crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - QuicStreamFactoryPeer::SetTaskRunner(factory_.get(), runner_.get()); - - EXPECT_FALSE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get())); - - MockQuicData socket_data; - socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data.AddWrite( - ConstructSettingsPacket(1, SETTINGS_MAX_HEADER_LIST_SIZE, - kDefaultMaxUncompressedHeaderSize, nullptr)); - socket_data.AddSocketDataToFactory(&socket_factory_); - - MockQuicData socket_data2; - socket_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data2.AddWrite( - ConstructSettingsPacket(1, SETTINGS_MAX_HEADER_LIST_SIZE, - kDefaultMaxUncompressedHeaderSize, nullptr)); - socket_data2.AddSocketDataToFactory(&socket_factory_); - - crypto_client_stream_factory_.set_handshake_mode( - MockCryptoClientStream::CONFIRM_HANDSHAKE); - host_resolver_.set_synchronous_mode(true); - host_resolver_.rules()->AddIPLiteralRule(host_port_pair_.host(), - "192.168.0.1", ""); - - // Test first timeouts with open streams will disable QUIC. - QuicStreamRequest request(factory_.get()); - EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_, - /*cert_verify_flags=*/0, url_, "GET", net_log_, - callback_.callback())); - - QuicChromiumClientSession* session = GetActiveSession(host_port_pair_); - - std::unique_ptr<QuicHttpStream> stream = request.CreateStream(); - EXPECT_TRUE(stream.get()); - HttpRequestInfo request_info; - EXPECT_EQ(OK, stream->InitializeStream(&request_info, DEFAULT_PRIORITY, - net_log_, CompletionCallback())); - - DVLOG(1) - << "Created 1st session and initialized a stream. Now trigger timeout." - << "Will disable QUIC."; - session->connection()->CloseConnection(QUIC_NETWORK_IDLE_TIMEOUT, "test", - ConnectionCloseBehavior::SILENT_CLOSE); - EXPECT_TRUE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get())); - - ASSERT_EQ(1u, runner_->GetPostedTasks().size()); - ASSERT_EQ(clock_->NowInTicks() + base::TimeDelta::FromMinutes(5), - runner_->GetPostedTasks()[0].GetTimeToRun()); - runner_->RunNextTask(); - - // Need to spin the loop now to ensure that - // QuicStreamFactory::OnSessionClosed() runs. - base::RunLoop run_loop; - run_loop.RunUntilIdle(); - - EXPECT_FALSE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get())); - - ASSERT_TRUE(runner_->GetPostedTasks().empty()); - - // Create a new session which will cause a task to be posted to - // clear the exponential backoff. - QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(host_port_pair_, privacy_mode_, - /*cert_verify_flags=*/0, url_, "GET", net_log_, - callback_.callback())); - QuicChromiumClientSession* session2 = GetActiveSession(host_port_pair_); - std::unique_ptr<QuicHttpStream> stream2 = request2.CreateStream(); - EXPECT_TRUE(stream2.get()); - HttpRequestInfo request_info2; - EXPECT_EQ(OK, stream2->InitializeStream(&request_info2, DEFAULT_PRIORITY, - net_log_, CompletionCallback())); - - // Run the clear task and verify that the next disabling is - // back to the default timeout. - runner_->RunNextTask(); - - // QUIC should still be enabled. - EXPECT_FALSE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get())); - - session2->connection()->CloseConnection( - QUIC_NETWORK_IDLE_TIMEOUT, "test", ConnectionCloseBehavior::SILENT_CLOSE); - EXPECT_TRUE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get())); - - ASSERT_EQ(1u, runner_->GetPostedTasks().size()); - ASSERT_EQ(clock_->NowInTicks() + base::TimeDelta::FromMinutes(5), - runner_->GetPostedTasks()[0].GetTimeToRun()); - runner_->RunNextTask(); - - EXPECT_FALSE(QuicStreamFactoryPeer::IsQuicDisabled(factory_.get())); - - EXPECT_TRUE(socket_data.AllReadDataConsumed()); - EXPECT_TRUE(socket_data.AllWriteDataConsumed()); -} - TEST_P(QuicStreamFactoryTest, EnableDelayTcpRace) { Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -5062,7 +4799,7 @@ TEST_P(QuicStreamFactoryTest, EnableDelayTcpRace) { host_resolver_.rules()->AddIPLiteralRule(host_port_pair_.host(), "192.168.0.1", ""); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "POST", net_log_, @@ -5141,7 +4878,7 @@ TEST_P(QuicStreamFactoryTest, StartCertVerifyJob) { EXPECT_FALSE(HasActiveCertVerifierJob(quic_server_id)); // Start a QUIC request. - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -5202,7 +4939,7 @@ TEST_P(QuicStreamFactoryTest, YieldAfterPackets) { SpdySessionTestTaskObserver observer("quic_chromium_packet_reader.cc", "StartReading"); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, callback_.callback())); @@ -5247,7 +4984,7 @@ TEST_P(QuicStreamFactoryTest, YieldAfterDuration) { SpdySessionTestTaskObserver observer("quic_chromium_packet_reader.cc", "StartReading"); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, callback_.callback())); @@ -5280,7 +5017,7 @@ TEST_P(QuicStreamFactoryTest, ServerPushSessionAffinity) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -5300,7 +5037,7 @@ TEST_P(QuicStreamFactoryTest, ServerPushSessionAffinity) { (*QuicStreamFactoryPeer::GetPushPromiseIndex(factory_.get()) ->promised_by_url())[kDefaultUrl] = &promised; - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request2.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, callback_.callback())); @@ -5330,7 +5067,7 @@ TEST_P(QuicStreamFactoryTest, ServerPushPrivacyModeMismatch) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data2.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -5355,7 +5092,7 @@ TEST_P(QuicStreamFactoryTest, ServerPushPrivacyModeMismatch) { // Doing the request should not use the push stream, but rather // cancel it because the privacy modes do not match. - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request2.Request(host_port_pair_, PRIVACY_MODE_ENABLED, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -5392,7 +5129,7 @@ TEST_P(QuicStreamFactoryTest, PoolByOrigin) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request1(factory_.get()); + QuicStreamRequest request1(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request1.Request(destination1, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -5404,7 +5141,7 @@ TEST_P(QuicStreamFactoryTest, PoolByOrigin) { // Second request returns synchronously because it pools to existing session. TestCompletionCallback callback2; - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request2.Request(destination2, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, callback2.callback())); @@ -5437,7 +5174,7 @@ TEST_P(QuicStreamFactoryTest, ForceHolBlockingEnabled) { kDefaultMaxUncompressedHeaderSize, nullptr)); socket_data.AddSocketDataToFactory(&socket_factory_); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0, url_, "GET", net_log_, @@ -5535,7 +5272,7 @@ TEST_P(QuicStreamFactoryWithDestinationTest, InvalidCertificate) { AddHangingSocketData(); - QuicStreamRequest request(factory_.get()); + QuicStreamRequest request(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request.Request(destination, privacy_mode_, /*cert_verify_flags=*/0, url, "GET", net_log_, callback_.callback())); @@ -5579,7 +5316,7 @@ TEST_P(QuicStreamFactoryWithDestinationTest, SharedCertificate) { socket_factory_.AddSocketDataProvider(sequenced_socket_data.get()); sequenced_socket_data_vector_.push_back(std::move(sequenced_socket_data)); - QuicStreamRequest request1(factory_.get()); + QuicStreamRequest request1(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request1.Request(destination, privacy_mode_, /*cert_verify_flags=*/0, url1, "GET", net_log_, @@ -5592,7 +5329,7 @@ TEST_P(QuicStreamFactoryWithDestinationTest, SharedCertificate) { // Second request returns synchronously because it pools to existing session. TestCompletionCallback callback2; - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(OK, request2.Request(destination, privacy_mode_, /*cert_verify_flags=*/0, url2, "GET", net_log_, callback2.callback())); @@ -5653,7 +5390,7 @@ TEST_P(QuicStreamFactoryWithDestinationTest, DifferentPrivacyMode) { socket_factory_.AddSocketDataProvider(sequenced_socket_data1.get()); sequenced_socket_data_vector_.push_back(std::move(sequenced_socket_data1)); - QuicStreamRequest request1(factory_.get()); + QuicStreamRequest request1(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request1.Request(destination, PRIVACY_MODE_DISABLED, /*cert_verify_flags=*/0, url1, "GET", net_log_, @@ -5664,7 +5401,7 @@ TEST_P(QuicStreamFactoryWithDestinationTest, DifferentPrivacyMode) { EXPECT_TRUE(HasActiveSession(origin1_)); TestCompletionCallback callback2; - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request2.Request(destination, PRIVACY_MODE_ENABLED, /*cert_verify_flags=*/0, url2, "GET", net_log_, @@ -5738,7 +5475,7 @@ TEST_P(QuicStreamFactoryWithDestinationTest, DisjointCertificate) { socket_factory_.AddSocketDataProvider(sequenced_socket_data1.get()); sequenced_socket_data_vector_.push_back(std::move(sequenced_socket_data1)); - QuicStreamRequest request1(factory_.get()); + QuicStreamRequest request1(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request1.Request(destination, privacy_mode_, /*cert_verify_flags=*/0, url1, "GET", net_log_, @@ -5749,7 +5486,7 @@ TEST_P(QuicStreamFactoryWithDestinationTest, DisjointCertificate) { EXPECT_TRUE(HasActiveSession(origin1_)); TestCompletionCallback callback2; - QuicStreamRequest request2(factory_.get()); + QuicStreamRequest request2(factory_.get(), &http_server_properties_); EXPECT_EQ(ERR_IO_PENDING, request2.Request(destination, privacy_mode_, /*cert_verify_flags=*/0, url2, "GET", net_log_, diff --git a/chromium/net/quic/chromium/quic_test_packet_maker.cc b/chromium/net/quic/chromium/quic_test_packet_maker.cc index d80ecda11e2..9980a408c25 100644 --- a/chromium/net/quic/chromium/quic_test_packet_maker.cc +++ b/chromium/net/quic/chromium/quic_test_packet_maker.cc @@ -228,6 +228,18 @@ std::unique_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckPacket( QuicPacketNumber ack_least_unacked, QuicPacketNumber stop_least_unacked, bool send_feedback) { + return MakeAckPacket(packet_number, largest_received, ack_least_unacked, + stop_least_unacked, send_feedback, + QuicTime::Delta::Zero()); +} + +std::unique_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckPacket( + QuicPacketNumber packet_number, + QuicPacketNumber largest_received, + QuicPacketNumber ack_least_unacked, + QuicPacketNumber stop_least_unacked, + bool send_feedback, + QuicTime::Delta ack_delay_time) { QuicPacketHeader header; header.public_header.connection_id = connection_id_; header.public_header.reset_flag = false; @@ -236,7 +248,7 @@ std::unique_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckPacket( header.packet_number = packet_number; QuicAckFrame ack(MakeAckFrame(largest_received)); - ack.ack_delay_time = QuicTime::Delta::Zero(); + ack.ack_delay_time = ack_delay_time; for (QuicPacketNumber i = ack_least_unacked; i <= largest_received; ++i) { ack.received_packet_times.push_back(std::make_pair(i, clock_->Now())); } @@ -271,7 +283,7 @@ std::unique_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeDataPacket( bool should_include_version, bool fin, QuicStreamOffset offset, - base::StringPiece data) { + QuicStringPiece data) { InitializeHeader(packet_number, should_include_version); QuicStreamFrame frame(stream_id, fin, offset, data); DVLOG(1) << "Adding frame: " << frame; @@ -294,7 +306,7 @@ QuicTestPacketMaker::MakeMultipleDataFramesPacket( for (size_t i = 0; i < data_writes.size(); ++i) { bool is_fin = fin && (i == data_writes.size() - 1); stream_frames.push_back(base::MakeUnique<QuicStreamFrame>( - stream_id, is_fin, offset, base::StringPiece(data_writes[i]))); + stream_id, is_fin, offset, QuicStringPiece(data_writes[i]))); offset += data_writes[i].length(); } for (const auto& stream_frame : stream_frames) { @@ -313,7 +325,7 @@ std::unique_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeAckAndDataPacket( QuicPacketNumber least_unacked, bool fin, QuicStreamOffset offset, - base::StringPiece data) { + QuicStringPiece data) { InitializeHeader(packet_number, include_version); QuicAckFrame ack(MakeAckFrame(largest_received)); @@ -362,9 +374,8 @@ QuicTestPacketMaker::MakeRequestHeadersAndMultipleDataFramesPacket( QuicFrames frames; QuicStreamOffset header_offset = header_stream_offset == nullptr ? 0 : *header_stream_offset; - QuicStreamFrame frame( - kHeadersStreamId, false, header_offset, - base::StringPiece(spdy_frame.data(), spdy_frame.size())); + QuicStreamFrame frame(kHeadersStreamId, false, header_offset, + QuicStringPiece(spdy_frame.data(), spdy_frame.size())); frames.push_back(QuicFrame(&frame)); if (header_stream_offset != nullptr) { *header_stream_offset += spdy_frame.size(); @@ -377,7 +388,7 @@ QuicTestPacketMaker::MakeRequestHeadersAndMultipleDataFramesPacket( for (size_t i = 0; i < data_writes.size(); ++i) { bool is_fin = fin && (i == data_writes.size() - 1); stream_frames.push_back(base::MakeUnique<QuicStreamFrame>( - stream_id, is_fin, offset, base::StringPiece(data_writes[i]))); + stream_id, is_fin, offset, QuicStringPiece(data_writes[i]))); offset += data_writes[i].length(); } for (const auto& stream_frame : stream_frames) { @@ -413,6 +424,24 @@ QuicTestPacketMaker::MakeRequestHeadersPacket(QuicPacketNumber packet_number, SpdyHeaderBlock headers, size_t* spdy_headers_frame_length, QuicStreamOffset* offset) { + std::string unused_stream_data; + return MakeRequestHeadersPacketAndSaveData( + packet_number, stream_id, should_include_version, fin, priority, + std::move(headers), spdy_headers_frame_length, offset, + &unused_stream_data); +} + +std::unique_ptr<QuicReceivedPacket> +QuicTestPacketMaker::MakeRequestHeadersPacketAndSaveData( + QuicPacketNumber packet_number, + QuicStreamId stream_id, + bool should_include_version, + bool fin, + SpdyPriority priority, + SpdyHeaderBlock headers, + size_t* spdy_headers_frame_length, + QuicStreamOffset* offset, + std::string* stream_data) { InitializeHeader(packet_number, should_include_version); SpdySerializedFrame spdy_frame; SpdyHeadersIR headers_frame(stream_id, std::move(headers)); @@ -420,20 +449,21 @@ QuicTestPacketMaker::MakeRequestHeadersPacket(QuicPacketNumber packet_number, headers_frame.set_weight(Spdy3PriorityToHttp2Weight(priority)); headers_frame.set_has_priority(true); spdy_frame = spdy_request_framer_.SerializeFrame(headers_frame); + *stream_data = std::string(spdy_frame.data(), spdy_frame.size()); - if (spdy_headers_frame_length) { + if (spdy_headers_frame_length) *spdy_headers_frame_length = spdy_frame.size(); - } + if (offset != nullptr) { QuicStreamFrame frame( kHeadersStreamId, false, *offset, - base::StringPiece(spdy_frame.data(), spdy_frame.size())); + QuicStringPiece(spdy_frame.data(), spdy_frame.size())); *offset += spdy_frame.size(); return MakePacket(header_, QuicFrame(&frame)); } else { QuicStreamFrame frame( kHeadersStreamId, false, 0, - base::StringPiece(spdy_frame.data(), spdy_frame.size())); + QuicStringPiece(spdy_frame.data(), spdy_frame.size())); return MakePacket(header_, QuicFrame(&frame)); } @@ -478,13 +508,13 @@ std::unique_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakePushPromisePacket( if (offset != nullptr) { QuicStreamFrame frame( kHeadersStreamId, false, *offset, - base::StringPiece(spdy_frame.data(), spdy_frame.size())); + QuicStringPiece(spdy_frame.data(), spdy_frame.size())); *offset += spdy_frame.size(); return MakePacket(header_, QuicFrame(&frame)); } else { QuicStreamFrame frame( kHeadersStreamId, false, 0, - base::StringPiece(spdy_frame.data(), spdy_frame.size())); + QuicStringPiece(spdy_frame.data(), spdy_frame.size())); return MakePacket(header_, QuicFrame(&frame)); } } @@ -495,14 +525,15 @@ std::unique_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeForceHolDataPacket( bool should_include_version, bool fin, QuicStreamOffset* offset, - base::StringPiece data) { + QuicStringPiece data) { SpdyDataIR spdy_data(stream_id, data); spdy_data.set_fin(fin); SpdySerializedFrame spdy_frame( spdy_request_framer_.SerializeFrame(spdy_data)); InitializeHeader(packet_number, should_include_version); - QuicStreamFrame quic_frame(kHeadersStreamId, false, *offset, - StringPiece(spdy_frame.data(), spdy_frame.size())); + QuicStreamFrame quic_frame( + kHeadersStreamId, false, *offset, + QuicStringPiece(spdy_frame.data(), spdy_frame.size())); *offset += spdy_frame.size(); return MakePacket(header_, QuicFrame(&quic_frame)); } @@ -530,13 +561,13 @@ QuicTestPacketMaker::MakeResponseHeadersPacket( if (offset != nullptr) { QuicStreamFrame frame( kHeadersStreamId, false, *offset, - base::StringPiece(spdy_frame.data(), spdy_frame.size())); + QuicStringPiece(spdy_frame.data(), spdy_frame.size())); *offset += spdy_frame.size(); return MakePacket(header_, QuicFrame(&frame)); } else { QuicStreamFrame frame( kHeadersStreamId, false, 0, - base::StringPiece(spdy_frame.data(), spdy_frame.size())); + QuicStringPiece(spdy_frame.data(), spdy_frame.size())); return MakePacket(header_, QuicFrame(&frame)); } } @@ -636,20 +667,35 @@ std::unique_ptr<QuicReceivedPacket> QuicTestPacketMaker::MakeSettingsPacket( size_t value, bool should_include_version, QuicStreamOffset* offset) { + std::string unused_data; + return MakeSettingsPacketAndSaveData( + packet_number, id, value, should_include_version, offset, &unused_data); +} + +std::unique_ptr<QuicReceivedPacket> +QuicTestPacketMaker::MakeSettingsPacketAndSaveData( + QuicPacketNumber packet_number, + SpdySettingsIds id, + size_t value, + bool should_include_version, + QuicStreamOffset* offset, + std::string* stream_data) { SpdySettingsIR settings_frame; settings_frame.AddSetting(id, value); SpdySerializedFrame spdy_frame( spdy_request_framer_.SerializeFrame(settings_frame)); InitializeHeader(packet_number, should_include_version); + *stream_data = std::string(spdy_frame.data(), spdy_frame.size()); if (offset != nullptr) { QuicStreamFrame quic_frame( kHeadersStreamId, false, *offset, - StringPiece(spdy_frame.data(), spdy_frame.size())); + QuicStringPiece(spdy_frame.data(), spdy_frame.size())); *offset += spdy_frame.size(); return MakePacket(header_, QuicFrame(&quic_frame)); } - QuicStreamFrame quic_frame(kHeadersStreamId, false, 0, - StringPiece(spdy_frame.data(), spdy_frame.size())); + QuicStreamFrame quic_frame( + kHeadersStreamId, false, 0, + QuicStringPiece(spdy_frame.data(), spdy_frame.size())); return MakePacket(header_, QuicFrame(&quic_frame)); } diff --git a/chromium/net/quic/chromium/quic_test_packet_maker.h b/chromium/net/quic/chromium/quic_test_packet_maker.h index 2ee66b3eb4e..e23e725e915 100644 --- a/chromium/net/quic/chromium/quic_test_packet_maker.h +++ b/chromium/net/quic/chromium/quic_test_packet_maker.h @@ -16,6 +16,7 @@ #include "base/macros.h" #include "net/base/request_priority.h" #include "net/quic/core/quic_packets.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/test_tools/mock_clock.h" #include "net/quic/test_tools/mock_random.h" #include "net/spdy/spdy_framer.h" @@ -83,20 +84,27 @@ class QuicTestPacketMaker { QuicPacketNumber ack_least_unacked, QuicPacketNumber stop_least_unacked, bool send_feedback); + std::unique_ptr<QuicReceivedPacket> MakeAckPacket( + QuicPacketNumber packet_number, + QuicPacketNumber largest_received, + QuicPacketNumber ack_least_unacked, + QuicPacketNumber stop_least_unacked, + bool send_feedback, + QuicTime::Delta ack_delay_time); std::unique_ptr<QuicReceivedPacket> MakeDataPacket( QuicPacketNumber packet_number, QuicStreamId stream_id, bool should_include_version, bool fin, QuicStreamOffset offset, - base::StringPiece data); + QuicStringPiece data); std::unique_ptr<QuicReceivedPacket> MakeForceHolDataPacket( QuicPacketNumber packet_number, QuicStreamId stream_id, bool should_include_version, bool fin, QuicStreamOffset* offset, - base::StringPiece data); + QuicStringPiece data); std::unique_ptr<QuicReceivedPacket> MakeMultipleDataFramesPacket( QuicPacketNumber packet_number, QuicStreamId stream_id, @@ -112,7 +120,7 @@ class QuicTestPacketMaker { QuicPacketNumber least_unacked, bool fin, QuicStreamOffset offset, - base::StringPiece data); + QuicStringPiece data); std::unique_ptr<QuicReceivedPacket> MakeRequestHeadersAndMultipleDataFramesPacket( @@ -147,6 +155,18 @@ class QuicTestPacketMaker { size_t* spdy_headers_frame_length, QuicStreamOffset* offset); + // Saves the serialized QUIC stream data in |stream_data|. + std::unique_ptr<QuicReceivedPacket> MakeRequestHeadersPacketAndSaveData( + QuicPacketNumber packet_number, + QuicStreamId stream_id, + bool should_include_version, + bool fin, + SpdyPriority priority, + SpdyHeaderBlock headers, + size_t* spdy_headers_frame_length, + QuicStreamOffset* offset, + std::string* stream_data); + // Convenience method for calling MakeRequestHeadersPacket with nullptr for // |spdy_headers_frame_length|. std::unique_ptr<QuicReceivedPacket> @@ -206,6 +226,16 @@ class QuicTestPacketMaker { bool should_include_version, QuicStreamOffset* offset); + // Same as above, but also saves the serialized QUIC stream data in + // |stream_data|. + std::unique_ptr<QuicReceivedPacket> MakeSettingsPacketAndSaveData( + QuicPacketNumber packet_number, + SpdySettingsIds id, + size_t value, + bool should_include_version, + QuicStreamOffset* offset, + std::string* stream_data); + SpdyHeaderBlock GetRequestHeaders(const std::string& method, const std::string& scheme, const std::string& path); diff --git a/chromium/net/quic/chromium/quic_utils_chromium.cc b/chromium/net/quic/chromium/quic_utils_chromium.cc index 7d3ba451f91..ef15dc33e37 100644 --- a/chromium/net/quic/chromium/quic_utils_chromium.cc +++ b/chromium/net/quic/chromium/quic_utils_chromium.cc @@ -5,8 +5,8 @@ #include "net/quic/chromium/quic_utils_chromium.h" #include "base/containers/adapters.h" -#include "base/strings/string_piece.h" #include "base/strings/string_split.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -15,7 +15,7 @@ QuicTagVector ParseQuicConnectionOptions( QuicTagVector options; // Tokens are expected to be no more than 4 characters long, but // handle overflow gracefully. - for (const base::StringPiece& token : + for (const QuicStringPiece& token : base::SplitStringPiece(connection_options, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL)) { uint32_t option = 0; diff --git a/chromium/net/quic/test_tools/test_task_runner.cc b/chromium/net/quic/chromium/test_task_runner.cc index aed7b8fc9f0..6907ac01bf0 100644 --- a/chromium/net/quic/test_tools/test_task_runner.cc +++ b/chromium/net/quic/chromium/test_task_runner.cc @@ -2,9 +2,10 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/quic/test_tools/test_task_runner.h" +#include "net/quic/chromium/test_task_runner.h" #include <algorithm> +#include <utility> #include "net/quic/test_tools/mock_clock.h" #include "testing/gtest/include/gtest/gtest.h" @@ -17,11 +18,11 @@ TestTaskRunner::TestTaskRunner(MockClock* clock) : clock_(clock) {} TestTaskRunner::~TestTaskRunner() {} bool TestTaskRunner::PostDelayedTask(const tracked_objects::Location& from_here, - const base::Closure& task, + base::OnceClosure task, base::TimeDelta delay) { EXPECT_GE(delay, base::TimeDelta()); - tasks_.push_back(PostedTask(from_here, task, clock_->NowInTicks(), delay, - base::TestPendingTask::NESTABLE)); + tasks_.push_back(PostedTask(from_here, std::move(task), clock_->NowInTicks(), + delay, base::TestPendingTask::NESTABLE)); return false; } @@ -34,8 +35,6 @@ const std::vector<PostedTask>& TestTaskRunner::GetPostedTasks() const { } void TestTaskRunner::RunNextTask() { - // Find the next task to run, advance the time to the correct time - // and then run the task. std::vector<PostedTask>::iterator next = FindNextTask(); DCHECK(next != tasks_.end()); clock_->AdvanceTime(QuicTime::Delta::FromMicroseconds( @@ -45,6 +44,10 @@ void TestTaskRunner::RunNextTask() { std::move(task.task).Run(); } +void TestTaskRunner::RunUntilIdle() { + while (!tasks_.empty()) + RunNextTask(); +} namespace { struct ShouldRunBeforeLessThan { diff --git a/chromium/net/quic/test_tools/test_task_runner.h b/chromium/net/quic/chromium/test_task_runner.h index 258cf736712..aafec64093c 100644 --- a/chromium/net/quic/test_tools/test_task_runner.h +++ b/chromium/net/quic/chromium/test_task_runner.h @@ -9,6 +9,7 @@ #include <vector> +#include "base/callback.h" #include "base/macros.h" #include "base/task_runner.h" #include "base/test/test_pending_task.h" @@ -27,14 +28,20 @@ class TestTaskRunner : public base::TaskRunner { // base::TaskRunner implementation. bool PostDelayedTask(const tracked_objects::Location& from_here, - const base::Closure& task, + base::OnceClosure task, base::TimeDelta delay) override; bool RunsTasksOnCurrentThread() const override; const std::vector<PostedTask>& GetPostedTasks() const; + // Finds the next task to run, advances the time to the correct time + // and then runs the task. void RunNextTask(); + // While there are posted tasks, finds the next task to run, advances the + // time to the correct time and then runs the task. + void RunUntilIdle(); + protected: ~TestTaskRunner() override; diff --git a/chromium/net/quic/core/congestion_control/bbr_sender.cc b/chromium/net/quic/core/congestion_control/bbr_sender.cc index 438a553af67..ead7e0de80f 100644 --- a/chromium/net/quic/core/congestion_control/bbr_sender.cc +++ b/chromium/net/quic/core/congestion_control/bbr_sender.cc @@ -8,8 +8,11 @@ #include <sstream> #include "net/quic/core/congestion_control/rtt_stats.h" +#include "net/quic/core/crypto/crypto_protocol.h" +#include "net/quic/core/proto/cached_network_parameters.pb.h" #include "net/quic/core/quic_flags.h" #include "net/quic/platform/api/quic_bug_tracker.h" +#include "net/quic/platform/api/quic_flag_utils.h" #include "net/quic/platform/api/quic_logging.h" namespace net { @@ -77,6 +80,12 @@ BbrSender::BbrSender(const RttStats* rtt_stats, last_sent_packet_(0), current_round_trip_end_(0), max_bandwidth_(kBandwidthWindowSize, QuicBandwidth::Zero(), 0), + max_ack_spacing_(kBandwidthWindowSize, QuicTime::Delta::Zero(), 0), + largest_acked_time_(QuicTime::Zero()), + largest_acked_sent_time_(QuicTime::Zero()), + max_ack_height_(kBandwidthWindowSize, 0, 0), + aggregation_epoch_start_time_(QuicTime::Zero()), + aggregation_epoch_bytes_(0), min_rtt_(QuicTime::Delta::Zero()), min_rtt_timestamp_(QuicTime::Zero()), congestion_window_(initial_tcp_congestion_window * kDefaultTCPMSS), @@ -90,6 +99,7 @@ BbrSender::BbrSender(const RttStats* rtt_stats, static_cast<float>(base::GetFlag(FLAGS_quic_bbr_cwnd_gain))), rtt_variance_weight_(static_cast<float>( base::GetFlag(FLAGS_quic_bbr_rtt_variation_weight))), + num_startup_rtts_(kRoundTripsWithoutGrowthBeforeExitingStartup), cycle_current_offset_(0), last_cycle_start_(QuicTime::Zero()), is_at_full_bandwidth_(false), @@ -167,6 +177,39 @@ bool BbrSender::InRecovery() const { return recovery_state_ != NOT_IN_RECOVERY; } +void BbrSender::SetFromConfig(const QuicConfig& config, + Perspective perspective) { + if (FLAGS_quic_reloadable_flag_quic_allow_2_rtt_bbr_startup) { + QUIC_FLAG_COUNT(quic_reloadable_flag_quic_allow_2_rtt_bbr_startup); + if (config.HasClientRequestedIndependentOption(k1RTT, perspective)) { + num_startup_rtts_ = 1; + } + if (config.HasClientRequestedIndependentOption(k2RTT, perspective)) { + num_startup_rtts_ = 2; + } + } +} + +void BbrSender::ResumeConnectionState( + const CachedNetworkParameters& cached_network_params, + bool max_bandwidth_resumption) { + if (!FLAGS_quic_reloadable_flag_quic_bbr_bandwidth_resumption) { + return; + } + + QuicBandwidth bandwidth = QuicBandwidth::FromBytesPerSecond( + max_bandwidth_resumption + ? cached_network_params.max_bandwidth_estimate_bytes_per_second() + : cached_network_params.bandwidth_estimate_bytes_per_second()); + QuicTime::Delta rtt = + QuicTime::Delta::FromMilliseconds(cached_network_params.min_rtt_ms()); + + max_bandwidth_.Update(bandwidth, round_trip_count_); + if (!rtt.IsZero() && (min_rtt_ > rtt || min_rtt_.IsZero())) { + min_rtt_ = rtt; + } +} + void BbrSender::OnCongestionEvent(bool /*rtt_updated*/, QuicByteCount prior_in_flight, QuicTime event_time, @@ -186,6 +229,16 @@ void BbrSender::OnCongestionEvent(bool /*rtt_updated*/, min_rtt_expired = UpdateBandwidthAndMinRtt(event_time, acked_packets); UpdateRecoveryState(last_acked_packet, !lost_packets.empty(), is_round_start); + if (FLAGS_quic_reloadable_flag_quic_bbr_ack_spacing2) { + QUIC_FLAG_COUNT_N(quic_reloadable_flag_quic_bbr_ack_spacing2, 1, 2); + UpdateAckSpacing(event_time, last_acked_packet, acked_packets); + } + if (FLAGS_quic_reloadable_flag_quic_bbr_ack_aggregation_bytes) { + QUIC_FLAG_COUNT_N(quic_reloadable_flag_quic_bbr_ack_aggregation_bytes, 1, + 2); + UpdateAckAggregationBytes( + event_time, sampler_.total_bytes_acked() - total_bytes_acked_before); + } } // Handle logic specific to PROBE_BW mode. @@ -358,8 +411,7 @@ void BbrSender::CheckIfFullBandwidthReached() { } rounds_without_bandwidth_gain_++; - if (rounds_without_bandwidth_gain_ >= - kRoundTripsWithoutGrowthBeforeExitingStartup) { + if (rounds_without_bandwidth_gain_ >= num_startup_rtts_) { is_at_full_bandwidth_ = true; } } @@ -451,6 +503,64 @@ void BbrSender::UpdateRecoveryState(QuicPacketNumber last_acked_packet, } } +// TODO(ianswett): Move this logic into BandwidthSampler. +void BbrSender::UpdateAckSpacing(QuicTime ack_time, + QuicPacketNumber largest_newly_acked, + const CongestionVector& acked_packets) { + // Ignore acks of reordered packets. + if (largest_newly_acked < unacked_packets_->largest_observed()) { + return; + } + // Ignore acks of only one packet to filter out delayed acks. + if (acked_packets.size() == 1) { + return; + } + QuicTime largest_newly_acked_sent_time = + unacked_packets_->GetTransmissionInfo(largest_newly_acked).sent_time; + // Initialize on the first ack. + if (!largest_acked_time_.IsInitialized()) { + largest_acked_time_ = ack_time; + largest_acked_sent_time_ = largest_newly_acked_sent_time; + return; + } + QuicTime::Delta ack_delta = ack_time - largest_acked_time_; + QuicTime::Delta send_delta = + largest_newly_acked_sent_time - largest_acked_sent_time_; + largest_acked_time_ = ack_time; + largest_acked_sent_time_ = largest_newly_acked_sent_time; + if (ack_delta <= send_delta) { + return; + } + + // Limit the ack spacing to SRTT to filter outliers. + QuicTime::Delta ack_spacing = + std::min(ack_delta - send_delta, rtt_stats_->smoothed_rtt()); + max_ack_spacing_.Update(ack_spacing, round_trip_count_); +} + +// TODO(ianswett): Move this logic into BandwidthSampler. +void BbrSender::UpdateAckAggregationBytes(QuicTime ack_time, + QuicByteCount newly_acked_bytes) { + // Compute how many bytes are expected to be delivered, assuming max bandwidth + // is correct. + QuicByteCount expected_bytes_acked = + max_bandwidth_.GetBest() * (ack_time - aggregation_epoch_start_time_); + // Reset the current aggregation epoch as soon as the ack arrival rate is less + // than or equal to the max bandwidth. + if (aggregation_epoch_bytes_ <= expected_bytes_acked) { + // Reset to start measuring a new aggregation epoch. + aggregation_epoch_bytes_ = newly_acked_bytes; + aggregation_epoch_start_time_ = ack_time; + return; + } + + // Compute how many extra bytes were delivered vs max bandwidth. + // Include the bytes most recently acknowledged to account for stretch acks. + aggregation_epoch_bytes_ += newly_acked_bytes; + max_ack_height_.Update(aggregation_epoch_bytes_ - expected_bytes_acked, + round_trip_count_); +} + void BbrSender::CalculatePacingRate() { if (BandwidthEstimate().IsZero()) { return; @@ -485,18 +595,43 @@ void BbrSender::CalculateCongestionWindow(QuicByteCount bytes_acked) { if (rtt_variance_weight_ > 0.f && !BandwidthEstimate().IsZero()) { target_window += rtt_variance_weight_ * rtt_stats_->mean_deviation() * BandwidthEstimate(); + } else if (FLAGS_quic_reloadable_flag_quic_bbr_ack_spacing2 && + is_at_full_bandwidth_) { + QUIC_FLAG_COUNT_N(quic_reloadable_flag_quic_bbr_ack_spacing2, 2, 2); + // Add CWND for inter-ack spacing once STARTUP has been exited. + target_window += max_ack_spacing_.GetBest() * BandwidthEstimate(); + } else if (FLAGS_quic_reloadable_flag_quic_bbr_ack_aggregation_bytes && + is_at_full_bandwidth_) { + QUIC_FLAG_COUNT_N(quic_reloadable_flag_quic_bbr_ack_aggregation_bytes, 2, + 2); + target_window += max_ack_height_.GetBest(); + } + if (FLAGS_quic_reloadable_flag_quic_bbr_add_tso_cwnd) { + // QUIC doesn't have TSO, but it does have similarly quantized pacing, so + // allow extra CWND to make QUIC's BBR CWND identical to TCP's. + QuicByteCount tso_segs_goal = 0; + if (pacing_rate_ < QuicBandwidth::FromKBitsPerSecond(1200)) { + tso_segs_goal = kDefaultTCPMSS; + } else if (pacing_rate_ < QuicBandwidth::FromKBitsPerSecond(24000)) { + tso_segs_goal = 2 * kDefaultTCPMSS; + } else { + tso_segs_goal = + std::min(pacing_rate_ * QuicTime::Delta::FromMilliseconds(1), + /* 64k */ static_cast<QuicByteCount>(1 << 16)); + } + target_window += 3 * tso_segs_goal; } // Instead of immediately setting the target CWND as the new one, BBR grows // the CWND towards |target_window| by only increasing it |bytes_acked| at a // time. if (is_at_full_bandwidth_) { - // If the connection is not yet out of startup phase, do not decrease the - // window. congestion_window_ = std::min(target_window, congestion_window_ + bytes_acked); } else if (congestion_window_ < target_window || sampler_.total_bytes_acked() < initial_congestion_window_) { + // If the connection is not yet out of startup phase, do not decrease the + // window. congestion_window_ = congestion_window_ + bytes_acked; } diff --git a/chromium/net/quic/core/congestion_control/bbr_sender.h b/chromium/net/quic/core/congestion_control/bbr_sender.h index 21d71150e0d..421f625f6f6 100644 --- a/chromium/net/quic/core/congestion_control/bbr_sender.h +++ b/chromium/net/quic/core/congestion_control/bbr_sender.h @@ -36,8 +36,6 @@ typedef uint64_t QuicRoundTripCount; // pacing is disabled. // // TODO(vasilvv): implement traffic policer (long-term sampling) mode. -// -// TODO(vasilvv): implement packet conservation. class QUIC_EXPORT_PRIVATE BbrSender : public SendAlgorithmInterface { public: enum Mode { @@ -102,10 +100,11 @@ class QUIC_EXPORT_PRIVATE BbrSender : public SendAlgorithmInterface { bool InRecovery() const override; void SetFromConfig(const QuicConfig& config, - Perspective perspective) override {} + Perspective perspective) override; + void ResumeConnectionState( const CachedNetworkParameters& cached_network_params, - bool max_bandwidth_resumption) override {} + bool max_bandwidth_resumption) override; void SetNumEmulatedConnections(int num_connections) override {} void OnCongestionEvent(bool rtt_updated, QuicByteCount prior_in_flight, @@ -130,6 +129,9 @@ class QUIC_EXPORT_PRIVATE BbrSender : public SendAlgorithmInterface { void OnApplicationLimited(QuicByteCount bytes_in_flight) override; // End implementation of SendAlgorithmInterface. + // Gets the number of RTTs BBR remains in STARTUP phase. + QuicRoundTripCount num_startup_rtts() const { return num_startup_rtts_; } + DebugState ExportDebugState() const; private: @@ -139,6 +141,18 @@ class QUIC_EXPORT_PRIVATE BbrSender : public SendAlgorithmInterface { QuicRoundTripCount> MaxBandwidthFilter; + typedef WindowedFilter<QuicTime::Delta, + MaxFilter<QuicTime::Delta>, + QuicRoundTripCount, + QuicRoundTripCount> + MaxAckDelayFilter; + + typedef WindowedFilter<QuicByteCount, + MaxFilter<QuicByteCount>, + QuicRoundTripCount, + QuicRoundTripCount> + MaxAckHeightFilter; + // Returns the current estimate of the RTT of the connection. Outside of the // edge cases, this is minimum RTT. QuicTime::Delta GetMinRtt() const; @@ -182,6 +196,15 @@ class QUIC_EXPORT_PRIVATE BbrSender : public SendAlgorithmInterface { bool has_losses, bool is_round_start); + // Updates the ack spacing max filter if a larger value is observed. + void UpdateAckSpacing(QuicTime ack_time, + QuicPacketNumber largest_newly_acked, + const CongestionVector& acked_packets); + + // Updates the ack aggregation max filter in bytes. + void UpdateAckAggregationBytes(QuicTime ack_time, + QuicByteCount newly_acked_bytes); + // Determines the appropriate pacing rate for the connection. void CalculatePacingRate(); // Determines the appropriate congestion window for the connection. @@ -213,6 +236,20 @@ class QUIC_EXPORT_PRIVATE BbrSender : public SendAlgorithmInterface { // round-trips. MaxBandwidthFilter max_bandwidth_; + // Tracks the maximum spacing between two acks acknowledging in order packets. + MaxAckDelayFilter max_ack_spacing_; + + // The time the largest acked packet was acked and when it was sent. + QuicTime largest_acked_time_; + QuicTime largest_acked_sent_time_; + + // Tracks the maximum number of bytes acked faster than the sending rate. + MaxAckHeightFilter max_ack_height_; + + // The time this aggregation started and the number of bytes acked during it. + QuicTime aggregation_epoch_start_time_; + QuicByteCount aggregation_epoch_bytes_; + // Minimum RTT estimate. Automatically expires within 10 seconds (and // triggers PROBE_RTT mode) if no new value is sampled during that period. QuicTime::Delta min_rtt_; @@ -242,6 +279,8 @@ class QUIC_EXPORT_PRIVATE BbrSender : public SendAlgorithmInterface { // The coefficient by which mean RTT variance is added to the congestion // window. Latched from quic_bbr_rtt_variation_weight flag. const float rtt_variance_weight_; + // The number of RTTs to stay in STARTUP mode. Defaults to 3. + QuicRoundTripCount num_startup_rtts_; // Number of round-trips in PROBE_BW mode, used for determining the current // pacing gain cycle. diff --git a/chromium/net/quic/core/congestion_control/bbr_sender_test.cc b/chromium/net/quic/core/congestion_control/bbr_sender_test.cc index 1497689bbfd..4480504211c 100644 --- a/chromium/net/quic/core/congestion_control/bbr_sender_test.cc +++ b/chromium/net/quic/core/congestion_control/bbr_sender_test.cc @@ -72,20 +72,26 @@ class BbrSenderTest : public ::testing::Test { "BBR sender", "Receiver", Perspective::IS_CLIENT, - 42), + /*connection_id=*/42), + competing_sender_(&simulator_, + "Competing sender", + "Competing receiver", + Perspective::IS_CLIENT, + /*connection_id=*/43), receiver_(&simulator_, "Receiver", "BBR sender", Perspective::IS_SERVER, - 42) { + /*connection_id=*/42), + competing_receiver_(&simulator_, + "Competing receiver", + "Competing sender", + Perspective::IS_SERVER, + /*connection_id=*/43), + receiver_multiplexer_("Receiver multiplexer", + {&receiver_, &competing_receiver_}) { rtt_stats_ = bbr_sender_.connection()->sent_packet_manager().GetRttStats(); - sender_ = new BbrSender( - rtt_stats_, - QuicSentPacketManagerPeer::GetUnackedPacketMap( - QuicConnectionPeer::GetSentPacketManager(bbr_sender_.connection())), - kInitialCongestionWindowPackets, kDefaultMaxCongestionWindowPackets, - &random_); - QuicConnectionPeer::SetSendAlgorithm(bbr_sender_.connection(), sender_); + sender_ = SetupBbrSender(&bbr_sender_); clock_ = simulator_.GetClock(); simulator_.set_random_generator(&random_); @@ -97,9 +103,13 @@ class BbrSenderTest : public ::testing::Test { simulator::Simulator simulator_; simulator::QuicEndpoint bbr_sender_; + simulator::QuicEndpoint competing_sender_; simulator::QuicEndpoint receiver_; + simulator::QuicEndpoint competing_receiver_; + simulator::QuicEndpointMultiplexer receiver_multiplexer_; std::unique_ptr<simulator::Switch> switch_; std::unique_ptr<simulator::SymmetricLink> bbr_sender_link_; + std::unique_ptr<simulator::SymmetricLink> competing_sender_link_; std::unique_ptr<simulator::SymmetricLink> receiver_link_; SimpleRandom random_; @@ -110,6 +120,22 @@ class BbrSenderTest : public ::testing::Test { BbrSender* sender_; QuicFlagSaver flags_; + // Enables BBR on |endpoint| and returns the associated BBR congestion + // controller. + BbrSender* SetupBbrSender(simulator::QuicEndpoint* endpoint) { + const RttStats* rtt_stats = + endpoint->connection()->sent_packet_manager().GetRttStats(); + // Ownership of the sender will be overtaken by the endpoint. + BbrSender* sender = new BbrSender( + rtt_stats, + QuicSentPacketManagerPeer::GetUnackedPacketMap( + QuicConnectionPeer::GetSentPacketManager(endpoint->connection())), + kInitialCongestionWindowPackets, kDefaultMaxCongestionWindowPackets, + &random_); + QuicConnectionPeer::SetSendAlgorithm(endpoint->connection(), sender); + return sender; + } + // Creates a default setup, which is a network with a bottleneck between the // receiver and the switch. The switch has the buffers four times larger than // the bottleneck BDP, which should guarantee a lack of losses. @@ -136,8 +162,44 @@ class BbrSenderTest : public ::testing::Test { kTestPropagationDelay)); } + // Creates the variation of the default setup in which there is another sender + // that competes for the same bottleneck link. + void CreateCompetitionSetup() { + switch_.reset( + new simulator::Switch(&simulator_, "Switch", 8, 2 * kTestBdp)); + + // Add a small offset to the competing link in order to avoid + // synchronization effects. + const QuicTime::Delta small_offset = QuicTime::Delta::FromMicroseconds(3); + + bbr_sender_link_.reset(new simulator::SymmetricLink( + &bbr_sender_, switch_->port(1), kLocalLinkBandwidth, + kLocalPropagationDelay)); + competing_sender_link_.reset(new simulator::SymmetricLink( + &competing_sender_, switch_->port(3), kLocalLinkBandwidth, + kLocalPropagationDelay + small_offset)); + receiver_link_.reset(new simulator::SymmetricLink( + &receiver_multiplexer_, switch_->port(2), kTestLinkBandwidth, + kTestPropagationDelay)); + } + + // Creates a BBR vs BBR competition setup. + void CreateBbrVsBbrSetup() { + SetupBbrSender(&competing_sender_); + CreateCompetitionSetup(); + } + + void EnableAggregation(QuicByteCount aggregation_bytes, + QuicTime::Delta aggregation_timeout) { + // Enable aggregation on the path from the receiver to the sender. + switch_->port_queue(1)->EnableAggregation(aggregation_bytes, + aggregation_timeout); + } + void DoSimpleTransfer(QuicByteCount transfer_size, QuicTime::Delta deadline) { bbr_sender_.AddBytesToTransfer(transfer_size); + // TODO(vasilvv): consider rewriting this to run until the receiver actually + // receives the intended amount of bytes. bool simulator_result = simulator_.RunUntilOrTimeout( [this]() { return bbr_sender_.bytes_to_transfer() == 0; }, deadline); EXPECT_TRUE(simulator_result) @@ -179,6 +241,8 @@ class BbrSenderTest : public ::testing::Test { // Test a simple long data transfer in the default setup. TEST_F(BbrSenderTest, SimpleTransfer) { + // Adding TSO CWND causes packet loss before exiting startup. + FLAGS_quic_reloadable_flag_quic_bbr_add_tso_cwnd = false; CreateDefaultSetup(); // At startup make sure we are at the default. @@ -224,6 +288,98 @@ TEST_F(BbrSenderTest, SimpleTransferSmallBuffer) { EXPECT_FALSE(sender_->ExportDebugState().last_sample_is_app_limited); } +// Test a simple long data transfer with 2 rtts of aggregation. +TEST_F(BbrSenderTest, SimpleTransfer2RTTAggregation) { + QuicFlagSaver flags; + FLAGS_quic_reloadable_flag_quic_bbr_ack_spacing2 = true; + FLAGS_quic_reloadable_flag_quic_bbr_add_tso_cwnd = false; + CreateDefaultSetup(); + // 2 RTTs of aggregation, with a max of 10kb. + EnableAggregation(10 * 1024, 2 * kTestRtt); + + // Transfer 12MB. + DoSimpleTransfer(12 * 1024 * 1024, QuicTime::Delta::FromSeconds(35)); + EXPECT_EQ(BbrSender::PROBE_BW, sender_->ExportDebugState().mode); + // It's possible to read a bandwidth as much as 50% too high with aggregation. + EXPECT_LE(kTestLinkBandwidth * 0.99f, + sender_->ExportDebugState().max_bandwidth); + // TODO(ianswett): Tighten this bound once we understand why BBR is + // overestimating bandwidth with aggregation. b/36022633 + EXPECT_GE(kTestLinkBandwidth * 1.5f, + sender_->ExportDebugState().max_bandwidth); + // TODO(ianswett): Expect 0 packets are lost once BBR no longer measures + // bandwidth higher than the link rate. + // The margin here is high, because the aggregation greatly increases + // smoothed rtt. + EXPECT_GE(kTestRtt * 4, rtt_stats_->smoothed_rtt()); + ExpectApproxEq(kTestRtt, rtt_stats_->min_rtt(), 0.1f); +} + +// Test a simple long data transfer with 2 rtts of aggregation. +TEST_F(BbrSenderTest, SimpleTransfer2RTTAggregationBytes) { + FLAGS_quic_reloadable_flag_quic_bbr_ack_spacing2 = false; + FLAGS_quic_reloadable_flag_quic_bbr_ack_aggregation_bytes = true; + FLAGS_quic_reloadable_flag_quic_bbr_add_tso_cwnd = false; + CreateDefaultSetup(); + // 2 RTTs of aggregation, with a max of 10kb. + EnableAggregation(10 * 1024, 2 * kTestRtt); + + // Transfer 12MB. + DoSimpleTransfer(12 * 1024 * 1024, QuicTime::Delta::FromSeconds(35)); + EXPECT_EQ(BbrSender::PROBE_BW, sender_->ExportDebugState().mode); + // It's possible to read a bandwidth as much as 50% too high with aggregation. + EXPECT_LE(kTestLinkBandwidth * 0.99f, + sender_->ExportDebugState().max_bandwidth); + // TODO(ianswett): Tighten this bound once we understand why BBR is + // overestimating bandwidth with aggregation. b/36022633 + EXPECT_GE(kTestLinkBandwidth * 1.5f, + sender_->ExportDebugState().max_bandwidth); + // TODO(ianswett): Expect 0 packets are lost once BBR no longer measures + // bandwidth higher than the link rate. + EXPECT_FALSE(sender_->ExportDebugState().last_sample_is_app_limited); + // The margin here is high, because the aggregation greatly increases + // smoothed rtt. + EXPECT_GE(kTestRtt * 4, rtt_stats_->smoothed_rtt()); + ExpectApproxEq(kTestRtt, rtt_stats_->min_rtt(), 0.1f); +} + +// Test a simple long data transfer with 2 rtts of aggregation. +TEST_F(BbrSenderTest, SimpleTransferAckDecimation) { + FLAGS_quic_reloadable_flag_quic_bbr_ack_spacing2 = false; + FLAGS_quic_reloadable_flag_quic_bbr_ack_aggregation_bytes = true; + // Decrease the CWND gain so extra CWND is required with stretch acks. + base::SetFlag(&FLAGS_quic_bbr_cwnd_gain, 1.0); + sender_ = new BbrSender( + rtt_stats_, + QuicSentPacketManagerPeer::GetUnackedPacketMap( + QuicConnectionPeer::GetSentPacketManager(bbr_sender_.connection())), + kInitialCongestionWindowPackets, kDefaultMaxCongestionWindowPackets, + &random_); + QuicConnectionPeer::SetSendAlgorithm(bbr_sender_.connection(), sender_); + // Enable Ack Decimation on the receiver. + QuicConnectionPeer::SetAckMode(receiver_.connection(), + QuicConnection::AckMode::ACK_DECIMATION); + CreateDefaultSetup(); + + // Transfer 12MB. + DoSimpleTransfer(12 * 1024 * 1024, QuicTime::Delta::FromSeconds(35)); + EXPECT_EQ(BbrSender::PROBE_BW, sender_->ExportDebugState().mode); + // It's possible to read a bandwidth as much as 50% too high with aggregation. + EXPECT_LE(kTestLinkBandwidth * 0.99f, + sender_->ExportDebugState().max_bandwidth); + // TODO(ianswett): Tighten this bound once we understand why BBR is + // overestimating bandwidth with aggregation. b/36022633 + EXPECT_GE(kTestLinkBandwidth * 1.5f, + sender_->ExportDebugState().max_bandwidth); + // TODO(ianswett): Expect 0 packets are lost once BBR no longer measures + // bandwidth higher than the link rate. + EXPECT_FALSE(sender_->ExportDebugState().last_sample_is_app_limited); + // The margin here is high, because the aggregation greatly increases + // smoothed rtt. + EXPECT_GE(kTestRtt * 2, rtt_stats_->smoothed_rtt()); + ExpectApproxEq(kTestRtt, rtt_stats_->min_rtt(), 0.1f); +} + // Test the number of losses incurred by the startup phase in a situation when // the buffer is less than BDP. TEST_F(BbrSenderTest, PacketLossOnSmallBufferStartup) { @@ -461,5 +617,117 @@ TEST_F(BbrSenderTest, NoBandwidthDropOnStartup) { EXPECT_GE(sender_->PacingRate(0), initial_rate); } +// Test exiting STARTUP earlier due to the 1RTT connection option. +TEST_F(BbrSenderTest, SimpleTransfer1RTTStartup) { + FLAGS_quic_reloadable_flag_quic_allow_2_rtt_bbr_startup = true; + CreateDefaultSetup(); + + QuicConfig config; + QuicTagVector options; + options.push_back(k1RTT); + QuicConfigPeer::SetReceivedConnectionOptions(&config, options); + sender_->SetFromConfig(config, Perspective::IS_SERVER); + EXPECT_EQ(1u, sender_->num_startup_rtts()); + + // Run until the full bandwidth is reached and check how many rounds it was. + bbr_sender_.AddBytesToTransfer(12 * 1024 * 1024); + QuicRoundTripCount max_bw_round = 0; + QuicBandwidth max_bw(QuicBandwidth::Zero()); + bool simulator_result = simulator_.RunUntilOrTimeout( + [this, &max_bw, &max_bw_round]() { + if (max_bw < sender_->ExportDebugState().max_bandwidth) { + max_bw = sender_->ExportDebugState().max_bandwidth; + max_bw_round = sender_->ExportDebugState().round_trip_count; + } + return sender_->ExportDebugState().is_at_full_bandwidth; + }, + QuicTime::Delta::FromSeconds(5)); + ASSERT_TRUE(simulator_result); + EXPECT_EQ(BbrSender::DRAIN, sender_->ExportDebugState().mode); + EXPECT_EQ(1u, sender_->ExportDebugState().round_trip_count - max_bw_round); + EXPECT_EQ(1u, sender_->ExportDebugState().rounds_without_bandwidth_gain); + EXPECT_EQ(0u, bbr_sender_.connection()->GetStats().packets_lost); + EXPECT_FALSE(sender_->ExportDebugState().last_sample_is_app_limited); +} + +// Test exiting STARTUP earlier due to the 2RTT connection option. +TEST_F(BbrSenderTest, SimpleTransfer2RTTStartup) { + FLAGS_quic_reloadable_flag_quic_allow_2_rtt_bbr_startup = true; + // Adding TSO CWND causes packet loss before exiting startup. + FLAGS_quic_reloadable_flag_quic_bbr_add_tso_cwnd = false; + CreateDefaultSetup(); + + QuicConfig config; + QuicTagVector options; + options.push_back(k2RTT); + QuicConfigPeer::SetReceivedConnectionOptions(&config, options); + sender_->SetFromConfig(config, Perspective::IS_SERVER); + EXPECT_EQ(2u, sender_->num_startup_rtts()); + + // Run until the full bandwidth is reached and check how many rounds it was. + bbr_sender_.AddBytesToTransfer(12 * 1024 * 1024); + QuicRoundTripCount max_bw_round = 0; + QuicBandwidth max_bw(QuicBandwidth::Zero()); + bool simulator_result = simulator_.RunUntilOrTimeout( + [this, &max_bw, &max_bw_round]() { + if (max_bw < sender_->ExportDebugState().max_bandwidth) { + max_bw = sender_->ExportDebugState().max_bandwidth; + max_bw_round = sender_->ExportDebugState().round_trip_count; + } + return sender_->ExportDebugState().is_at_full_bandwidth; + }, + QuicTime::Delta::FromSeconds(5)); + ASSERT_TRUE(simulator_result); + EXPECT_EQ(BbrSender::DRAIN, sender_->ExportDebugState().mode); + EXPECT_EQ(2u, sender_->ExportDebugState().round_trip_count - max_bw_round); + EXPECT_EQ(2u, sender_->ExportDebugState().rounds_without_bandwidth_gain); + EXPECT_EQ(0u, bbr_sender_.connection()->GetStats().packets_lost); + EXPECT_FALSE(sender_->ExportDebugState().last_sample_is_app_limited); +} + +// Test that two BBR flows started slightly apart from each other terminate. +TEST_F(BbrSenderTest, SimpleCompetition) { + const QuicByteCount transfer_size = 10 * 1024 * 1024; + const QuicTime::Delta transfer_time = + kTestLinkBandwidth.TransferTime(transfer_size); + CreateBbrVsBbrSetup(); + + // Transfer 10% of data in first transfer. + bbr_sender_.AddBytesToTransfer(transfer_size); + bool simulator_result = simulator_.RunUntilOrTimeout( + [this, transfer_size]() { + return receiver_.bytes_received() >= 0.1 * transfer_size; + }, + transfer_time); + ASSERT_TRUE(simulator_result); + + // Start the second transfer and wait until both finish. + competing_sender_.AddBytesToTransfer(transfer_size); + simulator_result = simulator_.RunUntilOrTimeout( + [this, transfer_size]() { + return receiver_.bytes_received() == transfer_size && + competing_receiver_.bytes_received() == transfer_size; + }, + 3 * transfer_time); + ASSERT_TRUE(simulator_result); +} + +// Test that BBR can resume bandwidth from cached network parameters. +TEST_F(BbrSenderTest, ResumeConnectionState) { + FLAGS_quic_reloadable_flag_quic_bbr_bandwidth_resumption = true; + CreateDefaultSetup(); + + CachedNetworkParameters params; + params.set_bandwidth_estimate_bytes_per_second( + kTestLinkBandwidth.ToBytesPerSecond()); + params.set_min_rtt_ms(kTestRtt.ToMilliseconds()); + sender_->ResumeConnectionState(params, false); + EXPECT_EQ(kTestLinkBandwidth, sender_->ExportDebugState().max_bandwidth); + EXPECT_EQ(kTestLinkBandwidth, sender_->BandwidthEstimate()); + ExpectApproxEq(kTestRtt, sender_->ExportDebugState().min_rtt, 0.01f); + + DriveOutOfStartup(); +} + } // namespace test } // namespace net diff --git a/chromium/net/quic/core/congestion_control/cubic.cc b/chromium/net/quic/core/congestion_control/cubic.cc index d3e04aa53e4..0fef6f8cccf 100644 --- a/chromium/net/quic/core/congestion_control/cubic.cc +++ b/chromium/net/quic/core/congestion_control/cubic.cc @@ -42,8 +42,9 @@ Cubic::Cubic(const QuicClock* clock) app_limited_start_time_(QuicTime::Zero()), last_update_time_(QuicTime::Zero()), fix_convex_mode_(false), - fix_beta_last_max_(false) { - Reset(); + fix_beta_last_max_(false), + allow_per_ack_updates_(false) { + ResetCubicState(); } void Cubic::SetNumConnections(int num_connections) { @@ -76,7 +77,7 @@ float Cubic::BetaLastMax() const { : kBetaLastMax; } -void Cubic::Reset() { +void Cubic::ResetCubicState() { epoch_ = QuicTime::Zero(); // Reset time. app_limited_start_time_ = QuicTime::Zero(); last_update_time_ = QuicTime::Zero(); // Reset time. @@ -104,6 +105,10 @@ void Cubic::SetFixBetaLastMax(bool fix_beta_last_max) { fix_beta_last_max_ = fix_beta_last_max; } +void Cubic::SetAllowPerAckUpdates(bool allow_per_ack_updates) { + allow_per_ack_updates_ = allow_per_ack_updates; +} + QuicPacketCount Cubic::CongestionWindowAfterPacketLoss( QuicPacketCount current_congestion_window) { if (current_congestion_window < last_max_congestion_window_) { @@ -124,22 +129,19 @@ QuicPacketCount Cubic::CongestionWindowAfterAck( QuicTime event_time) { acked_packets_count_ += 1; // Packets acked. epoch_packets_count_ += 1; - QuicTime current_time = FLAGS_quic_reloadable_flag_quic_use_event_time - ? event_time - : clock_->ApproximateNow(); - // Cubic is "independent" of RTT, the update is limited by the time elapsed. - if (last_congestion_window_ == current_congestion_window && - (current_time - last_update_time_ <= MaxCubicTimeInterval())) { + if (!allow_per_ack_updates_ && + last_congestion_window_ == current_congestion_window && + (event_time - last_update_time_ <= MaxCubicTimeInterval())) { return std::max(last_target_congestion_window_, estimated_tcp_congestion_window_); } last_congestion_window_ = current_congestion_window; - last_update_time_ = current_time; + last_update_time_ = event_time; if (!epoch_.IsInitialized()) { // First ACK after a loss event. - epoch_ = current_time; // Start of epoch. + epoch_ = event_time; // Start of epoch. acked_packets_count_ = 1; // Reset count. epoch_packets_count_ = 1; // Reset estimated_tcp_congestion_window_ to be in sync with cubic. @@ -159,7 +161,7 @@ QuicPacketCount Cubic::CongestionWindowAfterAck( // the round trip time in account. This is done to allow us to use shift as a // divide operator. const int64_t elapsed_time = - ((current_time + delay_min - epoch_).ToMicroseconds() << 10) / + ((event_time + delay_min - epoch_).ToMicroseconds() << 10) / kNumMicrosPerSecond; DCHECK_GE(elapsed_time, 0); diff --git a/chromium/net/quic/core/congestion_control/cubic.h b/chromium/net/quic/core/congestion_control/cubic.h index 8c1afb3d5a3..a2f99463032 100644 --- a/chromium/net/quic/core/congestion_control/cubic.h +++ b/chromium/net/quic/core/congestion_control/cubic.h @@ -30,7 +30,7 @@ class QUIC_EXPORT_PRIVATE Cubic { void SetNumConnections(int num_connections); // Call after a timeout to reset the cubic state. - void Reset(); + void ResetCubicState(); // Compute a new congestion window to use after a loss event. // Returns the new congestion window in packets. The new congestion window is @@ -49,10 +49,15 @@ class QUIC_EXPORT_PRIVATE Cubic { // window. Resets Cubic state during quiescence. void OnApplicationLimited(); + // Methods for enabling experimental modes. // If true, enable the fix for the convex-mode signing bug. See // b/32170105 for more information about the bug. // TODO(jokulik): Remove once the fix is enabled by default. void SetFixConvexMode(bool fix_convex_mode); + // If true, enable per-ack updates. See b/32170105 for more + // information about the bug. TODO(jokulik): Remove once this + // change is enabled by default. + void SetAllowPerAckUpdates(bool allow_per_ack_updates); // If true, enable the fix for scaling BetaLastMax for n-nonnection // emulation. See b/33272010 for more information about the bug. @@ -127,6 +132,10 @@ class QUIC_EXPORT_PRIVATE Cubic { // TODO(jokulik): Remove once the corresponding experiment is done. bool fix_beta_last_max_; + // Allow cubic per ack updates. + // TODO(jokulik): Remove once the per ack update experiment is done. + bool allow_per_ack_updates_; + DISALLOW_COPY_AND_ASSIGN(Cubic); }; diff --git a/chromium/net/quic/core/congestion_control/cubic_bytes.cc b/chromium/net/quic/core/congestion_control/cubic_bytes.cc index ea19622e8de..e490e06a972 100644 --- a/chromium/net/quic/core/congestion_control/cubic_bytes.cc +++ b/chromium/net/quic/core/congestion_control/cubic_bytes.cc @@ -43,8 +43,9 @@ CubicBytes::CubicBytes(const QuicClock* clock) last_update_time_(QuicTime::Zero()), fix_convex_mode_(false), fix_cubic_quantization_(false), - fix_beta_last_max_(false) { - Reset(); + fix_beta_last_max_(false), + allow_per_ack_updates_(false) { + ResetCubicState(); } void CubicBytes::SetNumConnections(int num_connections) { @@ -77,7 +78,7 @@ float CubicBytes::BetaLastMax() const { : kBetaLastMax; } -void CubicBytes::Reset() { +void CubicBytes::ResetCubicState() { epoch_ = QuicTime::Zero(); // Reset time. last_update_time_ = QuicTime::Zero(); // Reset time. last_congestion_window_ = 0; @@ -87,7 +88,6 @@ void CubicBytes::Reset() { origin_point_congestion_window_ = 0; time_to_origin_point_ = 0; last_target_congestion_window_ = 0; - fix_convex_mode_ = false; } void CubicBytes::SetFixConvexMode(bool fix_convex_mode) { @@ -102,6 +102,10 @@ void CubicBytes::SetFixBetaLastMax(bool fix_beta_last_max) { fix_beta_last_max_ = fix_beta_last_max; } +void CubicBytes::SetAllowPerAckUpdates(bool allow_per_ack_updates) { + allow_per_ack_updates_ = allow_per_ack_updates; +} + void CubicBytes::OnApplicationLimited() { // When sender is not using the available congestion window, the window does // not grow. But to be RTT-independent, Cubic assumes that the sender has been @@ -141,23 +145,20 @@ QuicByteCount CubicBytes::CongestionWindowAfterAck( QuicTime::Delta delay_min, QuicTime event_time) { acked_bytes_count_ += acked_bytes; - QuicTime current_time = FLAGS_quic_reloadable_flag_quic_use_event_time - ? event_time - : clock_->ApproximateNow(); - // Cubic is "independent" of RTT, the update is limited by the time elapsed. - if (last_congestion_window_ == current_congestion_window && - (current_time - last_update_time_ <= MaxCubicTimeInterval())) { + if (!allow_per_ack_updates_ && + (last_congestion_window_ == current_congestion_window && + (event_time - last_update_time_ <= MaxCubicTimeInterval()))) { return std::max(last_target_congestion_window_, estimated_tcp_congestion_window_); } last_congestion_window_ = current_congestion_window; - last_update_time_ = current_time; + last_update_time_ = event_time; if (!epoch_.IsInitialized()) { // First ACK after a loss event. QUIC_DVLOG(1) << "Start of epoch"; - epoch_ = current_time; // Start of epoch. + epoch_ = event_time; // Start of epoch. acked_bytes_count_ = acked_bytes; // Reset count. // Reset estimated_tcp_congestion_window_ to be in sync with cubic. estimated_tcp_congestion_window_ = current_congestion_window; @@ -175,7 +176,7 @@ QuicByteCount CubicBytes::CongestionWindowAfterAck( // the round trip time in account. This is done to allow us to use shift as a // divide operator. int64_t elapsed_time = - ((current_time + delay_min - epoch_).ToMicroseconds() << 10) / + ((event_time + delay_min - epoch_).ToMicroseconds() << 10) / kNumMicrosPerSecond; int64_t offset = time_to_origin_point_ - elapsed_time; diff --git a/chromium/net/quic/core/congestion_control/cubic_bytes.h b/chromium/net/quic/core/congestion_control/cubic_bytes.h index c205cef05e5..55f55591369 100644 --- a/chromium/net/quic/core/congestion_control/cubic_bytes.h +++ b/chromium/net/quic/core/congestion_control/cubic_bytes.h @@ -30,7 +30,7 @@ class QUIC_EXPORT_PRIVATE CubicBytes { void SetNumConnections(int num_connections); // Call after a timeout to reset the cubic state. - void Reset(); + void ResetCubicState(); // Compute a new congestion window to use after a loss event. // Returns the new congestion window in packets. The new congestion window is @@ -54,16 +54,18 @@ class QUIC_EXPORT_PRIVATE CubicBytes { // b/32170105 for more information about the bug. // TODO(jokulik): Remove once the fix is enabled by default. void SetFixConvexMode(bool fix_convex_mode); - // If true, fix CubicBytes quantization bug. See b/33273459 for // more information about the bug. // TODO(jokulik): Remove once the fix is enabled by default. void SetFixCubicQuantization(bool fix_cubic_quantization); - // If true, enable the fix for scaling BetaLastMax for n-nonnection // emulation. See b/33272010 for more information about the bug. // TODO(jokulik): Remove once the fix is enabled by default. void SetFixBetaLastMax(bool fix_beta_last_max); + // If true, unconditionally enable each ack to update the congestion + // window. See b/33410956 for further information about this bug. + // TODO(jokulik): Remove once the fix is enabled by default. + void SetAllowPerAckUpdates(bool allow_per_ack_updates); private: friend class test::CubicBytesTest; @@ -128,6 +130,11 @@ class QUIC_EXPORT_PRIVATE CubicBytes { // TODO(jokulik): Remove once the corresponding experiment is done. bool fix_beta_last_max_; + // Allow per ack updates, rather than limiting the frequency of + // updates when in cubic-mode. + // TODO(jokulik): Remove once the experiment is done. + bool allow_per_ack_updates_; + DISALLOW_COPY_AND_ASSIGN(CubicBytes); }; diff --git a/chromium/net/quic/core/congestion_control/cubic_bytes_test.cc b/chromium/net/quic/core/congestion_control/cubic_bytes_test.cc index cd703bcf19d..6cbe7ecf657 100644 --- a/chromium/net/quic/core/congestion_control/cubic_bytes_test.cc +++ b/chromium/net/quic/core/congestion_control/cubic_bytes_test.cc @@ -29,28 +29,33 @@ const float kNConnectionAlpha = 3 * kNumConnections * kNumConnections * struct TestParams { TestParams(bool fix_convex_mode, bool fix_cubic_quantization, - bool fix_beta_last_max) + bool fix_beta_last_max, + bool allow_per_ack_updates) : fix_convex_mode(fix_convex_mode), fix_cubic_quantization(fix_cubic_quantization), - fix_beta_last_max(fix_beta_last_max) {} + fix_beta_last_max(fix_beta_last_max), + allow_per_ack_updates(allow_per_ack_updates) {} friend std::ostream& operator<<(std::ostream& os, const TestParams& p) { os << "{ fix_convex_mode: " << p.fix_convex_mode << " fix_cubic_quantization: " << p.fix_cubic_quantization - << " fix_beta_last_max: " << p.fix_beta_last_max; - os << " }"; + << " fix_beta_last_max: " << p.fix_beta_last_max + << " allow_per_ack_updates: " << p.allow_per_ack_updates << " }"; return os; } bool fix_convex_mode; bool fix_cubic_quantization; bool fix_beta_last_max; + bool allow_per_ack_updates; }; string TestParamToString(const testing::TestParamInfo<TestParams>& params) { return QuicStrCat("convex_mode_", params.param.fix_convex_mode, "_", "cubic_quantization_", params.param.fix_cubic_quantization, - "_", "beta_last_max_", params.param.fix_beta_last_max); + "_", "beta_last_max_", params.param.fix_beta_last_max, "_", + "allow_per_ack_updates_", + params.param.allow_per_ack_updates); } std::vector<TestParams> GetTestParams() { @@ -58,21 +63,27 @@ std::vector<TestParams> GetTestParams() { for (bool fix_convex_mode : {true, false}) { for (bool fix_cubic_quantization : {true, false}) { for (bool fix_beta_last_max : {true, false}) { - if (!FLAGS_quic_reloadable_flag_quic_fix_cubic_convex_mode && - fix_convex_mode) { - continue; + for (bool allow_per_ack_updates : {true, false}) { + if (!FLAGS_quic_reloadable_flag_quic_fix_cubic_convex_mode && + fix_convex_mode) { + continue; + } + if (!FLAGS_quic_reloadable_flag_quic_fix_cubic_bytes_quantization && + fix_cubic_quantization) { + continue; + } + if (!FLAGS_quic_reloadable_flag_quic_fix_beta_last_max && + fix_beta_last_max) { + continue; + } + if (!FLAGS_quic_reloadable_flag_quic_enable_cubic_per_ack_updates && + allow_per_ack_updates) { + continue; + } + TestParams param(fix_convex_mode, fix_cubic_quantization, + fix_beta_last_max, allow_per_ack_updates); + params.push_back(param); } - if (!FLAGS_quic_reloadable_flag_quic_fix_cubic_bytes_quantization && - fix_cubic_quantization) { - continue; - } - if (!FLAGS_quic_reloadable_flag_quic_fix_beta_last_max && - fix_beta_last_max) { - continue; - } - TestParams param(fix_convex_mode, fix_cubic_quantization, - fix_beta_last_max); - params.push_back(param); } } } @@ -90,6 +101,7 @@ class CubicBytesTest : public ::testing::TestWithParam<TestParams> { cubic_.SetFixConvexMode(GetParam().fix_convex_mode); cubic_.SetFixCubicQuantization(GetParam().fix_cubic_quantization); cubic_.SetFixBetaLastMax(GetParam().fix_beta_last_max); + cubic_.SetAllowPerAckUpdates(GetParam().allow_per_ack_updates); } QuicByteCount RenoCwndInBytes(QuicByteCount current_cwnd) { @@ -121,6 +133,10 @@ class CubicBytesTest : public ::testing::TestWithParam<TestParams> { return cubic_.last_max_congestion_window(); } + QuicTime::Delta MaxCubicTimeInterval() { + return cubic_.MaxCubicTimeInterval(); + } + const QuicTime::Delta one_ms_; const QuicTime::Delta hundred_ms_; MockClock clock_; @@ -142,6 +158,12 @@ TEST_P(CubicBytesTest, AboveOriginWithTighterBounds) { // far from expected, there's no point in doing a tighter test. return; } + if (!GetParam().fix_cubic_quantization && GetParam().allow_per_ack_updates) { + // Without quantization mode fixed, the behavior of per ack + // updates is so far from expected, there is no point of a tighter + // test. + return; + } // Convex growth. const QuicTime::Delta rtt_min = hundred_ms_; int64_t rtt_min_ms = rtt_min.ToMilliseconds(); @@ -207,19 +229,27 @@ TEST_P(CubicBytesTest, AboveOriginWithTighterBounds) { for (int i = 0; i < 54; ++i) { const uint64_t max_acks_this_epoch = current_cwnd / kDefaultTCPMSS; - const QuicByteCount expected_cwnd = CubicConvexCwndInBytes( - initial_cwnd, rtt_min, (clock_.ApproximateNow() - initial_time)); - current_cwnd = cubic_.CongestionWindowAfterAck( - kDefaultTCPMSS, current_cwnd, rtt_min, clock_.ApproximateNow()); - ASSERT_EQ(expected_cwnd, current_cwnd); - - for (QuicPacketCount n = 1; n < max_acks_this_epoch; ++n) { - // Call once per ACK. - ASSERT_EQ(current_cwnd, cubic_.CongestionWindowAfterAck( - kDefaultTCPMSS, current_cwnd, rtt_min, - clock_.ApproximateNow())); + const QuicTime::Delta interval = QuicTime::Delta::FromMicroseconds( + hundred_ms_.ToMicroseconds() / max_acks_this_epoch); + for (QuicPacketCount n = 0; n < max_acks_this_epoch; ++n) { + clock_.AdvanceTime(interval); + current_cwnd = cubic_.CongestionWindowAfterAck( + kDefaultTCPMSS, current_cwnd, rtt_min, clock_.ApproximateNow()); + const QuicByteCount expected_cwnd = CubicConvexCwndInBytes( + initial_cwnd, rtt_min, (clock_.ApproximateNow() - initial_time)); + if (GetParam().allow_per_ack_updates) { + // If we allow per-ack updates, every update is a small cubic update. + ASSERT_EQ(expected_cwnd, current_cwnd); + } else { + // If we do not allow per-ack updates, we get sporadic cubic updates. + ASSERT_GE(expected_cwnd, current_cwnd); + } } - clock_.AdvanceTime(hundred_ms_); + } + if (!GetParam().allow_per_ack_updates) { + // If we don't allow per-ack updates, we need to artificially + // advance the clock to make the cwnd increase. + clock_.AdvanceTime(MaxCubicTimeInterval()); } const QuicByteCount expected_cwnd = CubicConvexCwndInBytes( initial_cwnd, rtt_min, (clock_.ApproximateNow() - initial_time)); @@ -229,7 +259,8 @@ TEST_P(CubicBytesTest, AboveOriginWithTighterBounds) { } TEST_P(CubicBytesTest, AboveOrigin) { - if (!GetParam().fix_convex_mode && GetParam().fix_cubic_quantization) { + if ((!GetParam().fix_convex_mode && GetParam().fix_cubic_quantization) || + GetParam().allow_per_ack_updates) { // Without convex mode fixed, the behavior of the algorithm does // not fit the exact pattern of this test. // TODO(jokulik): Once the convex mode fix becomes default, this @@ -352,6 +383,70 @@ TEST_P(CubicBytesTest, AboveOriginFineGrainedCubing) { } } +// Constructs an artificial scenario to show what happens when we +// allow per-ack updates, rather than limititing update freqency. In +// this scenario, the first two acks of the epoch produce the same +// cwnd. When we limit per-ack updates, this would cause the +// cessation of cubic updates for 30ms. When we allow per-ack +// updates, the window continues to grow on every ack. +TEST_P(CubicBytesTest, PerAckUpdates) { + if (!GetParam().fix_convex_mode || !GetParam().fix_cubic_quantization || + !GetParam().allow_per_ack_updates) { + // Without these fixes, this test will fail. + return; + } + + // Start the test with a large cwnd and RTT, to force the first + // increase to be a cubic increase. + QuicPacketCount initial_cwnd_packets = 150; + QuicByteCount current_cwnd = initial_cwnd_packets * kDefaultTCPMSS; + const QuicTime::Delta rtt_min = 350 * one_ms_; + + // Initialize the epoch + clock_.AdvanceTime(one_ms_); + // Keep track of the growth of the reno-equivalent cwnd. + QuicByteCount reno_cwnd = RenoCwndInBytes(current_cwnd); + current_cwnd = cubic_.CongestionWindowAfterAck( + kDefaultTCPMSS, current_cwnd, rtt_min, clock_.ApproximateNow()); + const QuicByteCount initial_cwnd = current_cwnd; + + // Simulate the return of cwnd packets in less than + // MaxCubicInterval() time. + const QuicPacketCount max_acks = initial_cwnd_packets / kNConnectionAlpha; + const QuicTime::Delta interval = QuicTime::Delta::FromMicroseconds( + MaxCubicTimeInterval().ToMicroseconds() / (max_acks + 1)); + + // In this scenario, the first increase is dictated by the cubic + // equation, but it is less than one byte, so the cwnd doesn't + // change. Normally, without per-ack increases, any cwnd plateau + // will cause the cwnd to be pinned for MaxCubicTimeInterval(). If + // we enable per-ack updates, the cwnd will continue to grow, + // regardless of the temporary plateau. + clock_.AdvanceTime(interval); + reno_cwnd = RenoCwndInBytes(reno_cwnd); + ASSERT_EQ(current_cwnd, + cubic_.CongestionWindowAfterAck(kDefaultTCPMSS, current_cwnd, + rtt_min, clock_.ApproximateNow())); + for (QuicPacketCount i = 1; i < max_acks; ++i) { + clock_.AdvanceTime(interval); + const QuicByteCount next_cwnd = cubic_.CongestionWindowAfterAck( + kDefaultTCPMSS, current_cwnd, rtt_min, clock_.ApproximateNow()); + reno_cwnd = RenoCwndInBytes(reno_cwnd); + // The window shoud increase on every ack. + ASSERT_LT(current_cwnd, next_cwnd); + ASSERT_EQ(reno_cwnd, next_cwnd); + current_cwnd = next_cwnd; + } + + // After all the acks are returned from the epoch, we expect the + // cwnd to have increased by nearly one packet. (Not exactly one + // packet, because our byte-wise Reno algorithm is always a slight + // under-estimation). Without per-ack updates, the current_cwnd + // would otherwise be unchanged. + const QuicByteCount minimum_expected_increase = kDefaultTCPMSS * .9; + EXPECT_LT(minimum_expected_increase + initial_cwnd, current_cwnd); +} + TEST_P(CubicBytesTest, LossEvents) { const QuicTime::Delta rtt_min = hundred_ms_; QuicByteCount current_cwnd = 422 * kDefaultTCPMSS; diff --git a/chromium/net/quic/core/congestion_control/cubic_test.cc b/chromium/net/quic/core/congestion_control/cubic_test.cc index 4aeb3227141..7233566cd80 100644 --- a/chromium/net/quic/core/congestion_control/cubic_test.cc +++ b/chromium/net/quic/core/congestion_control/cubic_test.cc @@ -27,40 +27,53 @@ const float kNConnectionAlpha = 3 * kNumConnections * kNumConnections * (1 - kNConnectionBeta) / (1 + kNConnectionBeta); struct TestParams { - TestParams(bool fix_convex_mode, bool fix_beta_last_max) + TestParams(bool fix_convex_mode, + bool fix_beta_last_max, + bool allow_per_ack_updates) : fix_convex_mode(fix_convex_mode), - fix_beta_last_max(fix_beta_last_max) {} + fix_beta_last_max(fix_beta_last_max), + allow_per_ack_updates(allow_per_ack_updates) {} friend std::ostream& operator<<(std::ostream& os, const TestParams& p) { os << "{ fix_convex_mode: " << p.fix_convex_mode - << " fix_beta_last_max: " << p.fix_beta_last_max; - os << " }"; + << " fix_beta_last_max: " << p.fix_beta_last_max + << " allow_per_ack_updates: " << p.allow_per_ack_updates << " }"; return os; } bool fix_convex_mode; bool fix_beta_last_max; + bool allow_per_ack_updates; }; string TestParamToString(const testing::TestParamInfo<TestParams>& params) { return QuicStrCat("convex_mode_", params.param.fix_convex_mode, "_", - "beta_last_max_", params.param.fix_beta_last_max); + "beta_last_max_", params.param.fix_beta_last_max, "_", + "allow_per_ack_updates_", + params.param.allow_per_ack_updates); } std::vector<TestParams> GetTestParams() { std::vector<TestParams> params; for (bool fix_convex_mode : {true, false}) { for (bool fix_beta_last_max : {true, false}) { - if (!FLAGS_quic_reloadable_flag_quic_fix_cubic_convex_mode && - fix_convex_mode) { - continue; + for (bool allow_per_ack_updates : {true, false}) { + if (!FLAGS_quic_reloadable_flag_quic_fix_cubic_convex_mode && + fix_convex_mode) { + continue; + } + if (!FLAGS_quic_reloadable_flag_quic_fix_beta_last_max && + fix_beta_last_max) { + continue; + } + if (!FLAGS_quic_reloadable_flag_quic_enable_cubic_per_ack_updates && + allow_per_ack_updates) { + continue; + } + TestParams param(fix_convex_mode, fix_beta_last_max, + allow_per_ack_updates); + params.push_back(param); } - if (!FLAGS_quic_reloadable_flag_quic_fix_beta_last_max && - fix_beta_last_max) { - continue; - } - TestParams param(fix_convex_mode, fix_beta_last_max); - params.push_back(param); } } return params; @@ -78,12 +91,28 @@ class CubicTest : public ::testing::TestWithParam<TestParams> { cubic_(&clock_) { cubic_.SetFixConvexMode(GetParam().fix_convex_mode); cubic_.SetFixBetaLastMax(GetParam().fix_beta_last_max); + cubic_.SetAllowPerAckUpdates(GetParam().allow_per_ack_updates); } QuicByteCount LastMaxCongestionWindow() { return cubic_.last_max_congestion_window(); } + QuicPacketCount CubicConvexCwnd(QuicByteCount initial_cwnd, + QuicTime::Delta rtt, + QuicTime::Delta elapsed_time) { + const int64_t offset = + ((elapsed_time + rtt).ToMicroseconds() << 10) / 1000000; + const QuicPacketCount delta_congestion_window = + (410 * offset * offset * offset) >> 40; + const QuicPacketCount cubic_cwnd = initial_cwnd + delta_congestion_window; + return cubic_cwnd; + } + + QuicTime::Delta MaxCubicTimeInterval() { + return cubic_.MaxCubicTimeInterval(); + } + const QuicTime::Delta one_ms_; const QuicTime::Delta hundred_ms_; MockClock clock_; @@ -96,6 +125,12 @@ INSTANTIATE_TEST_CASE_P(CubicTests, TestParamToString); TEST_P(CubicTest, AboveOrigin) { + if (GetParam().allow_per_ack_updates) { + // Don't even test a scenario where we fix per ack updates without + // the signing bug fix. + return; + } + // Convex growth. const QuicTime::Delta rtt_min = hundred_ms_; const float rtt_min_s = rtt_min.ToMilliseconds() / 1000.0; @@ -114,53 +149,135 @@ TEST_P(CubicTest, AboveOrigin) { // Normal TCP phase. // The maximum number of expected reno RTTs can be calculated by // finding the point where the cubic curve and the reno curve meet. - const int max_reno_rtts = + int max_reno_rtts = std::sqrt(kNConnectionAlpha / (.4 * rtt_min_s * rtt_min_s * rtt_min_s)) - 1; + QuicPacketCount reno_acked_packet_count = 1; for (int i = 0; i < max_reno_rtts; ++i) { - const QuicByteCount max_per_ack_cwnd = current_cwnd; - for (QuicPacketCount n = 1; n < max_per_ack_cwnd / kNConnectionAlpha; ++n) { + const QuicPacketCount max_acks_before_increase = + current_cwnd / kNConnectionAlpha; + while (reno_acked_packet_count < max_acks_before_increase - 1) { // Call once per ACK. const QuicByteCount next_cwnd = cubic_.CongestionWindowAfterAck( current_cwnd, rtt_min, clock_.ApproximateNow()); ASSERT_EQ(current_cwnd, next_cwnd); + ++reno_acked_packet_count; } - clock_.AdvanceTime(hundred_ms_); + if (!GetParam().allow_per_ack_updates) { + // If we do not allow per-ack updates, the clock must be + // advanced in order for the window updates to take affect. + clock_.AdvanceTime(hundred_ms_); + } + // If we allow per-ack updates, the window can increase even + // before the clock has. current_cwnd = cubic_.CongestionWindowAfterAck(current_cwnd, rtt_min, clock_.ApproximateNow()); if (GetParam().fix_convex_mode) { + if (GetParam().allow_per_ack_updates) { + // If we allow per-ack updates, the cwnd can increase even after + // the ack. + clock_.AdvanceTime(hundred_ms_); + } // When we fix convex mode and the uint64 arithmetic, we - // increase the expected_cwnd only after after the first 100ms, - // rather than after the initial 1ms. + // increase the expected_cwnd only after the first 100ms, rather + // than after the initial 1ms. expected_cwnd++; ASSERT_EQ(expected_cwnd, current_cwnd); } else { ASSERT_EQ(expected_cwnd, current_cwnd); expected_cwnd++; } + reno_acked_packet_count = 0; } // Cubic phase. for (int i = 0; i < 52; ++i) { for (QuicPacketCount n = 1; n < current_cwnd; ++n) { // Call once per ACK. - ASSERT_EQ(current_cwnd, - cubic_.CongestionWindowAfterAck(current_cwnd, rtt_min, - clock_.ApproximateNow())); + const QuicPacketCount next_cwnd = cubic_.CongestionWindowAfterAck( + current_cwnd, rtt_min, clock_.ApproximateNow()); + ; + if (GetParam().allow_per_ack_updates) { + // If we allow per-ack increases, the cwnd may gently increase + // up to the cubic value, rather than jumping up after a 30ms + // delay. + ASSERT_LE(current_cwnd, next_cwnd); + current_cwnd = next_cwnd; + } else { + ASSERT_EQ(current_cwnd, next_cwnd); + } } - clock_.AdvanceTime(hundred_ms_); + if (!GetParam().allow_per_ack_updates) { + // If we do not allow per-ack increases, we have to artificially + // move the clock past the MaxCubicTimeInterval() in order for + // the increases to take effect. + clock_.AdvanceTime(hundred_ms_); + } + const QuicTime::Delta elapsed_time = clock_.ApproximateNow() - initial_time; + const QuicPacketCount expected_cwnd = + CubicConvexCwnd(initial_cwnd, rtt_min, elapsed_time); current_cwnd = cubic_.CongestionWindowAfterAck(current_cwnd, rtt_min, clock_.ApproximateNow()); + if (GetParam().allow_per_ack_updates) { + ASSERT_EQ(expected_cwnd, current_cwnd); + clock_.AdvanceTime(hundred_ms_); + } + } + if (!GetParam().allow_per_ack_updates) { + QuicTime::Delta elapsed_time = clock_.ApproximateNow() - initial_time; + const QuicPacketCount final_cwnd = + CubicConvexCwnd(initial_cwnd, rtt_min, elapsed_time); + ASSERT_EQ(final_cwnd, current_cwnd); + } +} + +// Constructs an artificial scenario to show what happens when we +// allow per-ack updates, rather than limiting update freqency. In +// this scenario, the first two acks of the epoch produce the same +// cwnd. When we limit per-ack updates, this would cause the +// cessation of cubic updates for 30ms, which is longer than an RTT. +// When we allow per-ack updates, the window continues to grow on +// every ack. +TEST_P(CubicTest, PerAckUpdates) { + if (!GetParam().fix_convex_mode) { + // Without this fix, this test cannot pass. + return; + } + + // Pick an RTT smaller than the MaxCubicTimeInterval() + QuicPacketCount current_cwnd = 5; + const QuicTime::Delta rtt_min = 20 * one_ms_; + ASSERT_LT(rtt_min, MaxCubicTimeInterval()); + + // Initialize the epoch + clock_.AdvanceTime(one_ms_); + current_cwnd = cubic_.CongestionWindowAfterAck(current_cwnd, rtt_min, + clock_.ApproximateNow()); + const QuicPacketCount initial_cwnd = current_cwnd; + + // Simulate the return of cwnd packets over the course of an RTT, + // which is less than the MaxCubicTimeInterval() + const QuicPacketCount max_acks = current_cwnd / kNConnectionAlpha - 1; + const QuicTime::Delta interval = QuicTime::Delta::FromMicroseconds( + rtt_min.ToMicroseconds() / (max_acks + 2)); + for (QuicPacketCount n = 1; n < max_acks; ++n) { + clock_.AdvanceTime(interval); + ASSERT_EQ(current_cwnd, + cubic_.CongestionWindowAfterAck(current_cwnd, rtt_min, + clock_.ApproximateNow())); + } + clock_.AdvanceTime(interval); + current_cwnd = cubic_.CongestionWindowAfterAck(current_cwnd, rtt_min, + clock_.ApproximateNow()); + + if (GetParam().allow_per_ack_updates) { + // After all the acks are returned from the epoch, we expect the + // cwnd to have increased by one. + EXPECT_EQ(initial_cwnd + 1, current_cwnd); + } else { + // If we do not allow per-ack updates, no increases occur at all + // because we have not moved pass the MaxCubicTimeInterval() + EXPECT_EQ(initial_cwnd, current_cwnd); } - // Total time elapsed so far; add min_rtt (0.1s) here as well. - const float elapsed_time_ms = - (clock_.ApproximateNow() - initial_time).ToMilliseconds() + - rtt_min.ToMilliseconds(); - const float elapsed_time_s = elapsed_time_ms / 1000.0; - // |expected_cwnd| is initial value of cwnd + K * t^3, where K = 0.4. - expected_cwnd = - initial_cwnd + - (elapsed_time_s * elapsed_time_s * elapsed_time_s * 410) / 1024; - EXPECT_EQ(expected_cwnd, current_cwnd); } TEST_P(CubicTest, LossEvents) { diff --git a/chromium/net/quic/core/congestion_control/general_loss_algorithm_test.cc b/chromium/net/quic/core/congestion_control/general_loss_algorithm_test.cc index da9d11c6aad..6fa96d7b827 100644 --- a/chromium/net/quic/core/congestion_control/general_loss_algorithm_test.cc +++ b/chromium/net/quic/core/congestion_control/general_loss_algorithm_test.cc @@ -35,18 +35,16 @@ class GeneralLossAlgorithmTest : public ::testing::Test { void SendDataPacket(QuicPacketNumber packet_number) { QuicStreamFrame* frame = new QuicStreamFrame(); frame->stream_id = kHeadersStreamId; - SerializedPacket packet(kDefaultPathId, packet_number, - PACKET_1BYTE_PACKET_NUMBER, nullptr, kDefaultLength, - false, false); + SerializedPacket packet(packet_number, PACKET_1BYTE_PACKET_NUMBER, nullptr, + kDefaultLength, false, false); packet.retransmittable_frames.push_back(QuicFrame(frame)); unacked_packets_.AddSentPacket(&packet, 0, NOT_RETRANSMISSION, clock_.Now(), true); } void SendAckPacket(QuicPacketNumber packet_number) { - SerializedPacket packet(kDefaultPathId, packet_number, - PACKET_1BYTE_PACKET_NUMBER, nullptr, kDefaultLength, - true, false); + SerializedPacket packet(packet_number, PACKET_1BYTE_PACKET_NUMBER, nullptr, + kDefaultLength, true, false); unacked_packets_.AddSentPacket(&packet, 0, NOT_RETRANSMISSION, clock_.Now(), false); } diff --git a/chromium/net/quic/core/congestion_control/send_algorithm_test.cc b/chromium/net/quic/core/congestion_control/send_algorithm_test.cc index 8ee348b582a..4078944d4d3 100644 --- a/chromium/net/quic/core/congestion_control/send_algorithm_test.cc +++ b/chromium/net/quic/core/congestion_control/send_algorithm_test.cc @@ -98,6 +98,10 @@ const QuicByteCount kCellularQueue = 3 * 1024 * 1024; const QuicTime::Delta kTestCellularPropagationDelay = QuicTime::Delta::FromMilliseconds(40); +// Small RTT scenario, below the per-ack-update threshold of 30ms. +const QuicTime::Delta kTestLinkSmallRTTDelay = + QuicTime::Delta::FromMilliseconds(10); + const char* CongestionControlTypeToString(CongestionControlType cc_type) { switch (cc_type) { case kCubic: @@ -120,11 +124,13 @@ struct TestParams { explicit TestParams(CongestionControlType congestion_control_type, bool fix_convex_mode, bool fix_cubic_quantization, - bool fix_beta_last_max) + bool fix_beta_last_max, + bool allow_per_ack_updates) : congestion_control_type(congestion_control_type), fix_convex_mode(fix_convex_mode), fix_cubic_quantization(fix_cubic_quantization), - fix_beta_last_max(fix_beta_last_max) {} + fix_beta_last_max(fix_beta_last_max), + allow_per_ack_updates(allow_per_ack_updates) {} friend std::ostream& operator<<(std::ostream& os, const TestParams& p) { os << "{ congestion_control_type: " @@ -132,6 +138,7 @@ struct TestParams { os << " fix_convex_mode: " << p.fix_convex_mode << " fix_cubic_quantization: " << p.fix_cubic_quantization << " fix_beta_last_max: " << p.fix_beta_last_max; + os << " allow_per_ack_updates: " << p.allow_per_ack_updates; os << " }"; return os; } @@ -140,6 +147,7 @@ struct TestParams { bool fix_convex_mode; bool fix_cubic_quantization; bool fix_beta_last_max; + bool allow_per_ack_updates; }; string TestParamToString(const testing::TestParamInfo<TestParams>& params) { @@ -147,7 +155,8 @@ string TestParamToString(const testing::TestParamInfo<TestParams>& params) { CongestionControlTypeToString(params.param.congestion_control_type), "_", "convex_mode_", params.param.fix_convex_mode, "_", "cubic_quantization_", params.param.fix_cubic_quantization, "_", "beta_last_max_", - params.param.fix_beta_last_max); + params.param.fix_beta_last_max, "_", "allow_per_ack_updates_", + params.param.allow_per_ack_updates); } // Constructs various test permutations. @@ -158,27 +167,34 @@ std::vector<TestParams> GetTestParams() { if (congestion_control_type != kCubic && congestion_control_type != kCubicBytes) { params.push_back( - TestParams(congestion_control_type, false, false, false)); + TestParams(congestion_control_type, false, false, false, false)); continue; } for (bool fix_convex_mode : {true, false}) { for (bool fix_cubic_quantization : {true, false}) { for (bool fix_beta_last_max : {true, false}) { - if (!FLAGS_quic_reloadable_flag_quic_fix_cubic_convex_mode && - fix_convex_mode) { - continue; - } - if (!FLAGS_quic_reloadable_flag_quic_fix_cubic_bytes_quantization && - fix_cubic_quantization) { - continue; + for (bool allow_per_ack_updates : {true, false}) { + if (!FLAGS_quic_reloadable_flag_quic_fix_cubic_convex_mode && + fix_convex_mode) { + continue; + } + if (!FLAGS_quic_reloadable_flag_quic_fix_cubic_bytes_quantization && + fix_cubic_quantization) { + continue; + } + if (!FLAGS_quic_reloadable_flag_quic_fix_beta_last_max && + fix_beta_last_max) { + continue; + } + if (!FLAGS_quic_reloadable_flag_quic_enable_cubic_per_ack_updates && + allow_per_ack_updates) { + continue; + } + TestParams param(congestion_control_type, fix_convex_mode, + fix_cubic_quantization, fix_beta_last_max, + allow_per_ack_updates); + params.push_back(param); } - if (!FLAGS_quic_reloadable_flag_quic_fix_beta_last_max && - fix_beta_last_max) { - continue; - } - TestParams param(congestion_control_type, fix_convex_mode, - fix_cubic_quantization, fix_beta_last_max); - params.push_back(param); } } } @@ -234,10 +250,12 @@ class SendAlgorithmTest : public ::testing::TestWithParam<TestParams> { if (GetParam().fix_cubic_quantization) { options.push_back(kCBQT); } - if (GetParam().fix_beta_last_max) { options.push_back(kBLMX); } + if (GetParam().allow_per_ack_updates) { + options.push_back(kCPAU); + } if (!options.empty()) { client_config.SetInitialReceivedConnectionOptions(options); @@ -417,5 +435,17 @@ TEST_P(SendAlgorithmTest, 3GNetworkTransfer) { PrintTransferStats(); } +TEST_P(SendAlgorithmTest, LowRTTTransfer) { + CreateSetup(kTestLinkWiredBandwidth, kTestLinkSmallRTTDelay, kCellularQueue); + + const QuicByteCount kTransferSizeBytes = 12 * 1024 * 1024; + const QuicTime::Delta maximum_elapsed_time = + EstimatedElapsedTime(kTransferSizeBytes, kTestLinkWiredBandwidth, + kTestLinkSmallRTTDelay) * + 1.2; + DoSimpleTransfer(kTransferSizeBytes, maximum_elapsed_time); + PrintTransferStats(); +} + } // namespace test } // namespace net diff --git a/chromium/net/quic/core/congestion_control/tcp_cubic_sender_bytes.cc b/chromium/net/quic/core/congestion_control/tcp_cubic_sender_bytes.cc index 94d3de2e249..0dbbb8dd76e 100644 --- a/chromium/net/quic/core/congestion_control/tcp_cubic_sender_bytes.cc +++ b/chromium/net/quic/core/congestion_control/tcp_cubic_sender_bytes.cc @@ -63,6 +63,11 @@ void TcpCubicSenderBytes::SetFromConfig(const QuicConfig& config, ContainsQuicTag(config.ReceivedConnectionOptions(), kBLMX)) { cubic_.SetFixBetaLastMax(true); } + if (FLAGS_quic_reloadable_flag_quic_enable_cubic_per_ack_updates && + config.HasReceivedConnectionOptions() && + ContainsQuicTag(config.ReceivedConnectionOptions(), kCPAU)) { + cubic_.SetAllowPerAckUpdates(true); + } } void TcpCubicSenderBytes::SetCongestionWindowFromBandwidthAndRtt( @@ -208,14 +213,14 @@ void TcpCubicSenderBytes::MaybeIncreaseCwnd( } void TcpCubicSenderBytes::HandleRetransmissionTimeout() { - cubic_.Reset(); + cubic_.ResetCubicState(); slowstart_threshold_ = congestion_window_ / 2; congestion_window_ = min_congestion_window_; } void TcpCubicSenderBytes::OnConnectionMigration() { TcpCubicSenderBase::OnConnectionMigration(); - cubic_.Reset(); + cubic_.ResetCubicState(); num_acked_packets_ = 0; congestion_window_ = initial_tcp_congestion_window_; max_congestion_window_ = initial_max_tcp_congestion_window_; diff --git a/chromium/net/quic/core/congestion_control/tcp_cubic_sender_packets.cc b/chromium/net/quic/core/congestion_control/tcp_cubic_sender_packets.cc index efee6d875cb..94154d864a8 100644 --- a/chromium/net/quic/core/congestion_control/tcp_cubic_sender_packets.cc +++ b/chromium/net/quic/core/congestion_control/tcp_cubic_sender_packets.cc @@ -55,6 +55,11 @@ void TcpCubicSenderPackets::SetFromConfig(const QuicConfig& config, ContainsQuicTag(config.ReceivedConnectionOptions(), kBLMX)) { cubic_.SetFixBetaLastMax(true); } + if (FLAGS_quic_reloadable_flag_quic_enable_cubic_per_ack_updates && + config.HasReceivedConnectionOptions() && + ContainsQuicTag(config.ReceivedConnectionOptions(), kCPAU)) { + cubic_.SetAllowPerAckUpdates(true); + } } void TcpCubicSenderPackets::SetCongestionWindowFromBandwidthAndRtt( @@ -204,14 +209,14 @@ void TcpCubicSenderPackets::MaybeIncreaseCwnd( } void TcpCubicSenderPackets::HandleRetransmissionTimeout() { - cubic_.Reset(); + cubic_.ResetCubicState(); slowstart_threshold_ = congestion_window_ / 2; congestion_window_ = min_congestion_window_; } void TcpCubicSenderPackets::OnConnectionMigration() { TcpCubicSenderBase::OnConnectionMigration(); - cubic_.Reset(); + cubic_.ResetCubicState(); congestion_window_count_ = 0; congestion_window_ = initial_tcp_congestion_window_; slowstart_threshold_ = initial_max_tcp_congestion_window_; diff --git a/chromium/net/quic/core/crypto/aead_base_decrypter.cc b/chromium/net/quic/core/crypto/aead_base_decrypter.cc index 08345dfda2a..b72c245408b 100644 --- a/chromium/net/quic/core/crypto/aead_base_decrypter.cc +++ b/chromium/net/quic/core/crypto/aead_base_decrypter.cc @@ -12,7 +12,6 @@ #include "third_party/boringssl/src/include/openssl/err.h" #include "third_party/boringssl/src/include/openssl/evp.h" -using base::StringPiece; using std::string; namespace net { @@ -59,7 +58,7 @@ AeadBaseDecrypter::AeadBaseDecrypter(const EVP_AEAD* aead_alg, AeadBaseDecrypter::~AeadBaseDecrypter() {} -bool AeadBaseDecrypter::SetKey(StringPiece key) { +bool AeadBaseDecrypter::SetKey(QuicStringPiece key) { DCHECK_EQ(key.size(), key_size_); if (key.size() != key_size_) { return false; @@ -76,7 +75,7 @@ bool AeadBaseDecrypter::SetKey(StringPiece key) { return true; } -bool AeadBaseDecrypter::SetNoncePrefix(StringPiece nonce_prefix) { +bool AeadBaseDecrypter::SetNoncePrefix(QuicStringPiece nonce_prefix) { DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_); if (nonce_prefix.size() != nonce_prefix_size_) { return false; @@ -85,7 +84,7 @@ bool AeadBaseDecrypter::SetNoncePrefix(StringPiece nonce_prefix) { return true; } -bool AeadBaseDecrypter::SetPreliminaryKey(StringPiece key) { +bool AeadBaseDecrypter::SetPreliminaryKey(QuicStringPiece key) { DCHECK(!have_preliminary_key_); SetKey(key); have_preliminary_key_ = true; @@ -101,9 +100,9 @@ bool AeadBaseDecrypter::SetDiversificationNonce( string key, nonce_prefix; DiversifyPreliminaryKey( - StringPiece(reinterpret_cast<const char*>(key_), key_size_), - StringPiece(reinterpret_cast<const char*>(nonce_prefix_), - nonce_prefix_size_), + QuicStringPiece(reinterpret_cast<const char*>(key_), key_size_), + QuicStringPiece(reinterpret_cast<const char*>(nonce_prefix_), + nonce_prefix_size_), nonce, key_size_, nonce_prefix_size_, &key, &nonce_prefix); if (!SetKey(key) || !SetNoncePrefix(nonce_prefix)) { @@ -117,8 +116,8 @@ bool AeadBaseDecrypter::SetDiversificationNonce( bool AeadBaseDecrypter::DecryptPacket(QuicVersion /*version*/, QuicPacketNumber packet_number, - StringPiece associated_data, - StringPiece ciphertext, + QuicStringPiece associated_data, + QuicStringPiece ciphertext, char* output, size_t* output_length, size_t max_output_length) { @@ -150,16 +149,16 @@ bool AeadBaseDecrypter::DecryptPacket(QuicVersion /*version*/, return true; } -StringPiece AeadBaseDecrypter::GetKey() const { - return StringPiece(reinterpret_cast<const char*>(key_), key_size_); +QuicStringPiece AeadBaseDecrypter::GetKey() const { + return QuicStringPiece(reinterpret_cast<const char*>(key_), key_size_); } -StringPiece AeadBaseDecrypter::GetNoncePrefix() const { +QuicStringPiece AeadBaseDecrypter::GetNoncePrefix() const { if (nonce_prefix_size_ == 0) { - return StringPiece(); + return QuicStringPiece(); } - return StringPiece(reinterpret_cast<const char*>(nonce_prefix_), - nonce_prefix_size_); + return QuicStringPiece(reinterpret_cast<const char*>(nonce_prefix_), + nonce_prefix_size_); } } // namespace net diff --git a/chromium/net/quic/core/crypto/aead_base_decrypter.h b/chromium/net/quic/core/crypto/aead_base_decrypter.h index 23fbdd6fee4..02edd67a1ad 100644 --- a/chromium/net/quic/core/crypto/aead_base_decrypter.h +++ b/chromium/net/quic/core/crypto/aead_base_decrypter.h @@ -12,6 +12,7 @@ #include "net/quic/core/crypto/quic_decrypter.h" #include "net/quic/core/crypto/scoped_evp_aead_ctx.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -25,19 +26,19 @@ class QUIC_EXPORT_PRIVATE AeadBaseDecrypter : public QuicDecrypter { ~AeadBaseDecrypter() override; // QuicDecrypter implementation - bool SetKey(base::StringPiece key) override; - bool SetNoncePrefix(base::StringPiece nonce_prefix) override; - bool SetPreliminaryKey(base::StringPiece key) override; + bool SetKey(QuicStringPiece key) override; + bool SetNoncePrefix(QuicStringPiece nonce_prefix) override; + bool SetPreliminaryKey(QuicStringPiece key) override; bool SetDiversificationNonce(const DiversificationNonce& nonce) override; bool DecryptPacket(QuicVersion version, QuicPacketNumber packet_number, - base::StringPiece associated_data, - base::StringPiece ciphertext, + QuicStringPiece associated_data, + QuicStringPiece ciphertext, char* output, size_t* output_length, size_t max_output_length) override; - base::StringPiece GetKey() const override; - base::StringPiece GetNoncePrefix() const override; + QuicStringPiece GetKey() const override; + QuicStringPiece GetNoncePrefix() const override; protected: // Make these constants available to the subclasses so that the subclasses diff --git a/chromium/net/quic/core/crypto/aead_base_encrypter.cc b/chromium/net/quic/core/crypto/aead_base_encrypter.cc index 33183898928..5620db920a2 100644 --- a/chromium/net/quic/core/crypto/aead_base_encrypter.cc +++ b/chromium/net/quic/core/crypto/aead_base_encrypter.cc @@ -12,8 +12,6 @@ #include "third_party/boringssl/src/include/openssl/err.h" #include "third_party/boringssl/src/include/openssl/evp.h" -using base::StringPiece; - namespace net { namespace { @@ -54,7 +52,7 @@ AeadBaseEncrypter::AeadBaseEncrypter(const EVP_AEAD* aead_alg, AeadBaseEncrypter::~AeadBaseEncrypter() {} -bool AeadBaseEncrypter::SetKey(StringPiece key) { +bool AeadBaseEncrypter::SetKey(QuicStringPiece key) { DCHECK_EQ(key.size(), key_size_); if (key.size() != key_size_) { return false; @@ -72,7 +70,7 @@ bool AeadBaseEncrypter::SetKey(StringPiece key) { return true; } -bool AeadBaseEncrypter::SetNoncePrefix(StringPiece nonce_prefix) { +bool AeadBaseEncrypter::SetNoncePrefix(QuicStringPiece nonce_prefix) { DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_); if (nonce_prefix.size() != nonce_prefix_size_) { return false; @@ -81,9 +79,9 @@ bool AeadBaseEncrypter::SetNoncePrefix(StringPiece nonce_prefix) { return true; } -bool AeadBaseEncrypter::Encrypt(StringPiece nonce, - StringPiece associated_data, - StringPiece plaintext, +bool AeadBaseEncrypter::Encrypt(QuicStringPiece nonce, + QuicStringPiece associated_data, + QuicStringPiece plaintext, unsigned char* output) { DCHECK_EQ(nonce.size(), nonce_prefix_size_ + sizeof(QuicPacketNumber)); @@ -104,8 +102,8 @@ bool AeadBaseEncrypter::Encrypt(StringPiece nonce, bool AeadBaseEncrypter::EncryptPacket(QuicVersion /*version*/, QuicPacketNumber packet_number, - StringPiece associated_data, - StringPiece plaintext, + QuicStringPiece associated_data, + QuicStringPiece plaintext, char* output, size_t* output_length, size_t max_output_length) { @@ -121,7 +119,7 @@ bool AeadBaseEncrypter::EncryptPacket(QuicVersion /*version*/, memcpy(nonce_buffer + nonce_prefix_size_, &packet_number, sizeof(packet_number)); - if (!Encrypt(StringPiece(nonce_buffer, nonce_size), associated_data, + if (!Encrypt(QuicStringPiece(nonce_buffer, nonce_size), associated_data, plaintext, reinterpret_cast<unsigned char*>(output))) { return false; } @@ -145,16 +143,16 @@ size_t AeadBaseEncrypter::GetCiphertextSize(size_t plaintext_size) const { return plaintext_size + auth_tag_size_; } -StringPiece AeadBaseEncrypter::GetKey() const { - return StringPiece(reinterpret_cast<const char*>(key_), key_size_); +QuicStringPiece AeadBaseEncrypter::GetKey() const { + return QuicStringPiece(reinterpret_cast<const char*>(key_), key_size_); } -StringPiece AeadBaseEncrypter::GetNoncePrefix() const { +QuicStringPiece AeadBaseEncrypter::GetNoncePrefix() const { if (nonce_prefix_size_ == 0) { - return StringPiece(); + return QuicStringPiece(); } - return StringPiece(reinterpret_cast<const char*>(nonce_prefix_), - nonce_prefix_size_); + return QuicStringPiece(reinterpret_cast<const char*>(nonce_prefix_), + nonce_prefix_size_); } } // namespace net diff --git a/chromium/net/quic/core/crypto/aead_base_encrypter.h b/chromium/net/quic/core/crypto/aead_base_encrypter.h index fcbe03926fc..707cbb46116 100644 --- a/chromium/net/quic/core/crypto/aead_base_encrypter.h +++ b/chromium/net/quic/core/crypto/aead_base_encrypter.h @@ -12,6 +12,7 @@ #include "net/quic/core/crypto/quic_encrypter.h" #include "net/quic/core/crypto/scoped_evp_aead_ctx.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -25,12 +26,12 @@ class QUIC_EXPORT_PRIVATE AeadBaseEncrypter : public QuicEncrypter { ~AeadBaseEncrypter() override; // QuicEncrypter implementation - bool SetKey(base::StringPiece key) override; - bool SetNoncePrefix(base::StringPiece nonce_prefix) override; + bool SetKey(QuicStringPiece key) override; + bool SetNoncePrefix(QuicStringPiece nonce_prefix) override; bool EncryptPacket(QuicVersion version, QuicPacketNumber packet_number, - base::StringPiece associated_data, - base::StringPiece plaintext, + QuicStringPiece associated_data, + QuicStringPiece plaintext, char* output, size_t* output_length, size_t max_output_length) override; @@ -38,14 +39,14 @@ class QUIC_EXPORT_PRIVATE AeadBaseEncrypter : public QuicEncrypter { size_t GetNoncePrefixSize() const override; size_t GetMaxPlaintextSize(size_t ciphertext_size) const override; size_t GetCiphertextSize(size_t plaintext_size) const override; - base::StringPiece GetKey() const override; - base::StringPiece GetNoncePrefix() const override; + QuicStringPiece GetKey() const override; + QuicStringPiece GetNoncePrefix() const override; // Necessary so unit tests can explicitly specify a nonce, instead of a // nonce prefix and packet number. - bool Encrypt(base::StringPiece nonce, - base::StringPiece associated_data, - base::StringPiece plaintext, + bool Encrypt(QuicStringPiece nonce, + QuicStringPiece associated_data, + QuicStringPiece plaintext, unsigned char* output); protected: diff --git a/chromium/net/quic/core/crypto/aes_128_gcm_12_decrypter_test.cc b/chromium/net/quic/core/crypto/aes_128_gcm_12_decrypter_test.cc index c57d6707bfa..2a14d177f02 100644 --- a/chromium/net/quic/core/crypto/aes_128_gcm_12_decrypter_test.cc +++ b/chromium/net/quic/core/crypto/aes_128_gcm_12_decrypter_test.cc @@ -10,7 +10,6 @@ #include "net/quic/platform/api/quic_text_utils.h" #include "net/quic/test_tools/quic_test_utils.h" -using base::StringPiece; using std::string; namespace { @@ -200,11 +199,12 @@ namespace test { // DecryptWithNonce wraps the |Decrypt| method of |decrypter| to allow passing // in an nonce and also to allocate the buffer needed for the plaintext. QuicData* DecryptWithNonce(Aes128Gcm12Decrypter* decrypter, - StringPiece nonce, - StringPiece associated_data, - StringPiece ciphertext) { + QuicStringPiece nonce, + QuicStringPiece associated_data, + QuicStringPiece ciphertext) { QuicPacketNumber packet_number; - StringPiece nonce_prefix(nonce.data(), nonce.size() - sizeof(packet_number)); + QuicStringPiece nonce_prefix(nonce.data(), + nonce.size() - sizeof(packet_number)); decrypter->SetNoncePrefix(nonce_prefix); memcpy(&packet_number, nonce.data() + nonce_prefix.size(), sizeof(packet_number)); @@ -265,7 +265,7 @@ TEST(Aes128Gcm12DecrypterTest, Decrypt) { // This deliberately tests that the decrypter can handle an AAD that // is set to nullptr, as opposed to a zero-length, non-nullptr // pointer. - aad.length() ? aad : StringPiece(), ciphertext)); + aad.length() ? aad : QuicStringPiece(), ciphertext)); if (!decrypted.get()) { EXPECT_FALSE(has_pt); continue; diff --git a/chromium/net/quic/core/crypto/aes_128_gcm_12_encrypter_test.cc b/chromium/net/quic/core/crypto/aes_128_gcm_12_encrypter_test.cc index 9236329b8a8..352c18c3cf6 100644 --- a/chromium/net/quic/core/crypto/aes_128_gcm_12_encrypter_test.cc +++ b/chromium/net/quic/core/crypto/aes_128_gcm_12_encrypter_test.cc @@ -10,7 +10,6 @@ #include "net/quic/platform/api/quic_text_utils.h" #include "net/quic/test_tools/quic_test_utils.h" -using base::StringPiece; using std::string; namespace { @@ -158,9 +157,9 @@ namespace test { // EncryptWithNonce wraps the |Encrypt| method of |encrypter| to allow passing // in an nonce and also to allocate the buffer needed for the ciphertext. QuicData* EncryptWithNonce(Aes128Gcm12Encrypter* encrypter, - StringPiece nonce, - StringPiece associated_data, - StringPiece plaintext) { + QuicStringPiece nonce, + QuicStringPiece associated_data, + QuicStringPiece plaintext) { size_t ciphertext_size = encrypter->GetCiphertextSize(plaintext.length()); std::unique_ptr<char[]> ciphertext(new char[ciphertext_size]); @@ -202,7 +201,7 @@ TEST(Aes128Gcm12EncrypterTest, Encrypt) { // This deliberately tests that the encrypter can handle an AAD that // is set to nullptr, as opposed to a zero-length, non-nullptr // pointer. - aad.length() ? aad : StringPiece(), pt)); + aad.length() ? aad : QuicStringPiece(), pt)); ASSERT_TRUE(encrypted.get()); // The test vectors have 16 byte authenticators but this code only uses diff --git a/chromium/net/quic/core/crypto/cert_compressor.cc b/chromium/net/quic/core/crypto/cert_compressor.cc index 522ce311af3..30dc207d9f7 100644 --- a/chromium/net/quic/core/crypto/cert_compressor.cc +++ b/chromium/net/quic/core/crypto/cert_compressor.cc @@ -10,7 +10,6 @@ #include "net/quic/core/quic_utils.h" #include "third_party/zlib/zlib.h" -using base::StringPiece; using std::string; namespace net { @@ -176,8 +175,8 @@ struct CertEntry { // by |client_common_set_hashes| and who has cached the certificates with the // 64-bit, FNV-1a hashes in |client_cached_cert_hashes|. std::vector<CertEntry> MatchCerts(const std::vector<string>& certs, - StringPiece client_common_set_hashes, - StringPiece client_cached_cert_hashes, + QuicStringPiece client_common_set_hashes, + QuicStringPiece client_cached_cert_hashes, const CommonCertSets* common_sets) { std::vector<CertEntry> entries; entries.reserve(certs.size()); @@ -334,12 +333,12 @@ std::vector<uint64_t> HashCerts(const std::vector<string>& certs) { // |in_out| and writes them to |out_entries|. CACHED and COMMON entries are // resolved using |cached_certs| and |common_sets| and written to |out_certs|. // |in_out| is updated to contain the trailing data. -bool ParseEntries(StringPiece* in_out, +bool ParseEntries(QuicStringPiece* in_out, const std::vector<string>& cached_certs, const CommonCertSets* common_sets, std::vector<CertEntry>* out_entries, std::vector<string>* out_certs) { - StringPiece in = *in_out; + QuicStringPiece in = *in_out; std::vector<uint64_t> cached_hashes; out_entries->clear(); @@ -398,7 +397,8 @@ bool ParseEntries(StringPiece* in_out, memcpy(&entry.index, in.data(), sizeof(uint32_t)); in.remove_prefix(sizeof(uint32_t)); - StringPiece cert = common_sets->GetCert(entry.set_hash, entry.index); + QuicStringPiece cert = + common_sets->GetCert(entry.set_hash, entry.index); if (cert.empty()) { return false; } @@ -454,8 +454,8 @@ class ScopedZLib { // static string CertCompressor::CompressChain(const std::vector<string>& certs, - StringPiece client_common_set_hashes, - StringPiece client_cached_cert_hashes, + QuicStringPiece client_common_set_hashes, + QuicStringPiece client_cached_cert_hashes, const CommonCertSets* common_sets) { const std::vector<CertEntry> entries = MatchCerts( certs, client_common_set_hashes, client_cached_cert_hashes, common_sets); @@ -554,7 +554,7 @@ string CertCompressor::CompressChain(const std::vector<string>& certs, } // static -bool CertCompressor::DecompressChain(StringPiece in, +bool CertCompressor::DecompressChain(QuicStringPiece in, const std::vector<string>& cached_certs, const CommonCertSets* common_sets, std::vector<string>* out_certs) { @@ -565,7 +565,7 @@ bool CertCompressor::DecompressChain(StringPiece in, DCHECK_EQ(entries.size(), out_certs->size()); std::unique_ptr<uint8_t[]> uncompressed_data; - StringPiece uncompressed; + QuicStringPiece uncompressed; if (!in.empty()) { if (in.size() < sizeof(uint32_t)) { @@ -610,8 +610,8 @@ bool CertCompressor::DecompressChain(StringPiece in, return false; } - uncompressed = StringPiece(reinterpret_cast<char*>(uncompressed_data.get()), - uncompressed_size); + uncompressed = QuicStringPiece( + reinterpret_cast<char*>(uncompressed_data.get()), uncompressed_size); } for (size_t i = 0; i < entries.size(); i++) { diff --git a/chromium/net/quic/core/crypto/cert_compressor.h b/chromium/net/quic/core/crypto/cert_compressor.h index 7e0031ca253..c903e8498e5 100644 --- a/chromium/net/quic/core/crypto/cert_compressor.h +++ b/chromium/net/quic/core/crypto/cert_compressor.h @@ -9,10 +9,10 @@ #include <vector> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/crypto/common_cert_set.h" #include "net/quic/core/crypto/crypto_protocol.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -36,15 +36,15 @@ class QUIC_EXPORT_PRIVATE CertCompressor { // the common sets known to the peer. |client_cached_cert_hashes| contains // 64-bit, FNV-1a hashes of certificates that the peer already possesses. static std::string CompressChain(const std::vector<std::string>& certs, - base::StringPiece client_common_set_hashes, - base::StringPiece client_cached_cert_hashes, + QuicStringPiece client_common_set_hashes, + QuicStringPiece client_cached_cert_hashes, const CommonCertSets* common_sets); // DecompressChain decompresses the result of |CompressChain|, given in |in|, // into a series of certificates that are written to |out_certs|. // |cached_certs| contains certificates that the peer may have omitted and // |common_sets| contains the common certificate sets known locally. - static bool DecompressChain(base::StringPiece in, + static bool DecompressChain(QuicStringPiece in, const std::vector<std::string>& cached_certs, const CommonCertSets* common_sets, std::vector<std::string>* out_certs); diff --git a/chromium/net/quic/core/crypto/cert_compressor_test.cc b/chromium/net/quic/core/crypto/cert_compressor_test.cc index 2ab9094c8d5..af6f6174c60 100644 --- a/chromium/net/quic/core/crypto/cert_compressor_test.cc +++ b/chromium/net/quic/core/crypto/cert_compressor_test.cc @@ -11,7 +11,6 @@ #include "net/quic/test_tools/crypto_test_utils.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; namespace net { @@ -20,7 +19,7 @@ namespace test { TEST(CertCompressor, EmptyChain) { std::vector<string> chain; const string compressed = CertCompressor::CompressChain( - chain, StringPiece(), StringPiece(), nullptr); + chain, QuicStringPiece(), QuicStringPiece(), nullptr); EXPECT_EQ("00", QuicTextUtils::HexEncode(compressed)); std::vector<string> chain2, cached_certs; @@ -33,7 +32,7 @@ TEST(CertCompressor, Compressed) { std::vector<string> chain; chain.push_back("testcert"); const string compressed = CertCompressor::CompressChain( - chain, StringPiece(), StringPiece(), nullptr); + chain, QuicStringPiece(), QuicStringPiece(), nullptr); ASSERT_GE(compressed.size(), 2u); EXPECT_EQ("0100", QuicTextUtils::HexEncode(compressed.substr(0, 2))); @@ -52,8 +51,9 @@ TEST(CertCompressor, Common) { crypto_test_utils::MockCommonCertSets(chain[0], set_hash, 1)); const string compressed = CertCompressor::CompressChain( chain, - StringPiece(reinterpret_cast<const char*>(&set_hash), sizeof(set_hash)), - StringPiece(), common_sets.get()); + QuicStringPiece(reinterpret_cast<const char*>(&set_hash), + sizeof(set_hash)), + QuicStringPiece(), common_sets.get()); EXPECT_EQ( "03" /* common */ "2a00000000000000" /* set hash 42 */ @@ -72,9 +72,9 @@ TEST(CertCompressor, Cached) { std::vector<string> chain; chain.push_back("testcert"); uint64_t hash = QuicUtils::FNV1a_64_Hash(chain[0]); - StringPiece hash_bytes(reinterpret_cast<char*>(&hash), sizeof(hash)); - const string compressed = - CertCompressor::CompressChain(chain, StringPiece(), hash_bytes, nullptr); + QuicStringPiece hash_bytes(reinterpret_cast<char*>(&hash), sizeof(hash)); + const string compressed = CertCompressor::CompressChain( + chain, QuicStringPiece(), hash_bytes, nullptr); EXPECT_EQ("02" /* cached */ + QuicTextUtils::HexEncode(hash_bytes) + "00" /* end of list */, diff --git a/chromium/net/quic/core/crypto/chacha20_poly1305_decrypter_test.cc b/chromium/net/quic/core/crypto/chacha20_poly1305_decrypter_test.cc index aa766dbb214..a24d5315187 100644 --- a/chromium/net/quic/core/crypto/chacha20_poly1305_decrypter_test.cc +++ b/chromium/net/quic/core/crypto/chacha20_poly1305_decrypter_test.cc @@ -10,7 +10,6 @@ #include "net/quic/platform/api/quic_text_utils.h" #include "net/quic/test_tools/quic_test_utils.h" -using base::StringPiece; using std::string; namespace { @@ -114,11 +113,12 @@ namespace test { // DecryptWithNonce wraps the |Decrypt| method of |decrypter| to allow passing // in an nonce and also to allocate the buffer needed for the plaintext. QuicData* DecryptWithNonce(ChaCha20Poly1305Decrypter* decrypter, - StringPiece nonce, - StringPiece associated_data, - StringPiece ciphertext) { + QuicStringPiece nonce, + QuicStringPiece associated_data, + QuicStringPiece ciphertext) { QuicPacketNumber packet_number; - StringPiece nonce_prefix(nonce.data(), nonce.size() - sizeof(packet_number)); + QuicStringPiece nonce_prefix(nonce.data(), + nonce.size() - sizeof(packet_number)); decrypter->SetNoncePrefix(nonce_prefix); memcpy(&packet_number, nonce.data() + nonce_prefix.size(), sizeof(packet_number)); @@ -155,7 +155,8 @@ TEST(ChaCha20Poly1305DecrypterTest, Decrypt) { &decrypter, fixed + iv, // This deliberately tests that the decrypter can handle an AAD that // is set to nullptr, as opposed to a zero-length, non-nullptr pointer. - StringPiece(aad.length() ? aad.data() : nullptr, aad.length()), ct)); + QuicStringPiece(aad.length() ? aad.data() : nullptr, aad.length()), + ct)); if (!decrypted.get()) { EXPECT_FALSE(has_pt); continue; diff --git a/chromium/net/quic/core/crypto/chacha20_poly1305_encrypter_test.cc b/chromium/net/quic/core/crypto/chacha20_poly1305_encrypter_test.cc index 97528430ee3..f7c847a3bba 100644 --- a/chromium/net/quic/core/crypto/chacha20_poly1305_encrypter_test.cc +++ b/chromium/net/quic/core/crypto/chacha20_poly1305_encrypter_test.cc @@ -11,7 +11,6 @@ #include "net/quic/platform/api/quic_text_utils.h" #include "net/quic/test_tools/quic_test_utils.h" -using base::StringPiece; using std::string; namespace { @@ -70,9 +69,9 @@ namespace test { // EncryptWithNonce wraps the |Encrypt| method of |encrypter| to allow passing // in an nonce and also to allocate the buffer needed for the ciphertext. QuicData* EncryptWithNonce(ChaCha20Poly1305Encrypter* encrypter, - StringPiece nonce, - StringPiece associated_data, - StringPiece plaintext) { + QuicStringPiece nonce, + QuicStringPiece associated_data, + QuicStringPiece plaintext) { size_t ciphertext_size = encrypter->GetCiphertextSize(plaintext.length()); std::unique_ptr<char[]> ciphertext(new char[ciphertext_size]); @@ -102,7 +101,7 @@ TEST(ChaCha20Poly1305EncrypterTest, EncryptThenDecrypt) { ASSERT_TRUE(encrypter.EncryptPacket(QuicVersionMax(), packet_number, associated_data, plaintext, encrypted, &len, arraysize(encrypted))); - StringPiece ciphertext(encrypted, len); + QuicStringPiece ciphertext(encrypted, len); char decrypted[1024]; ASSERT_TRUE(decrypter.DecryptPacket(QuicVersionMax(), packet_number, associated_data, ciphertext, decrypted, @@ -125,7 +124,8 @@ TEST(ChaCha20Poly1305EncrypterTest, Encrypt) { &encrypter, fixed + iv, // This deliberately tests that the encrypter can handle an AAD that // is set to nullptr, as opposed to a zero-length, non-nullptr pointer. - StringPiece(aad.length() ? aad.data() : nullptr, aad.length()), pt)); + QuicStringPiece(aad.length() ? aad.data() : nullptr, aad.length()), + pt)); ASSERT_TRUE(encrypted.get()); EXPECT_EQ(12u, ct.size() - pt.size()); EXPECT_EQ(12u, encrypted->length() - pt.size()); diff --git a/chromium/net/quic/core/crypto/channel_id.cc b/chromium/net/quic/core/crypto/channel_id.cc index 63701805adb..df4441f692c 100644 --- a/chromium/net/quic/core/crypto/channel_id.cc +++ b/chromium/net/quic/core/crypto/channel_id.cc @@ -12,8 +12,6 @@ #include "third_party/boringssl/src/include/openssl/nid.h" #include "third_party/boringssl/src/include/openssl/sha.h" -using base::StringPiece; - namespace net { // static @@ -22,16 +20,16 @@ const char ChannelIDVerifier::kContextStr[] = "QUIC ChannelID"; const char ChannelIDVerifier::kClientToServerStr[] = "client -> server"; // static -bool ChannelIDVerifier::Verify(StringPiece key, - StringPiece signed_data, - StringPiece signature) { +bool ChannelIDVerifier::Verify(QuicStringPiece key, + QuicStringPiece signed_data, + QuicStringPiece signature) { return VerifyRaw(key, signed_data, signature, true); } // static -bool ChannelIDVerifier::VerifyRaw(StringPiece key, - StringPiece signed_data, - StringPiece signature, +bool ChannelIDVerifier::VerifyRaw(QuicStringPiece key, + QuicStringPiece signed_data, + QuicStringPiece signature, bool is_channel_id_signature) { if (key.size() != 32 * 2 || signature.size() != 32 * 2) { return false; diff --git a/chromium/net/quic/core/crypto/channel_id.h b/chromium/net/quic/core/crypto/channel_id.h index 3d41e538cc2..eda503ef7f9 100644 --- a/chromium/net/quic/core/crypto/channel_id.h +++ b/chromium/net/quic/core/crypto/channel_id.h @@ -9,9 +9,9 @@ #include <string> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/quic_types.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -23,7 +23,7 @@ class QUIC_EXPORT_PRIVATE ChannelIDKey { // Sign signs |signed_data| using the ChannelID private key and puts the // signature into |out_signature|. It returns true on success. - virtual bool Sign(base::StringPiece signed_data, + virtual bool Sign(QuicStringPiece signed_data, std::string* out_signature) const = 0; // SerializeKey returns the serialized ChannelID public key. @@ -77,17 +77,17 @@ class QUIC_EXPORT_PRIVATE ChannelIDVerifier { // Verify returns true iff |signature| is a valid signature of |signed_data| // by |key|. - static bool Verify(base::StringPiece key, - base::StringPiece signed_data, - base::StringPiece signature); + static bool Verify(QuicStringPiece key, + QuicStringPiece signed_data, + QuicStringPiece signature); // FOR TESTING ONLY: VerifyRaw returns true iff |signature| is a valid // signature of |signed_data| by |key|. |is_channel_id_signature| indicates // whether |signature| is a ChannelID signature (with kContextStr prepended // to the data to be signed). - static bool VerifyRaw(base::StringPiece key, - base::StringPiece signed_data, - base::StringPiece signature, + static bool VerifyRaw(QuicStringPiece key, + QuicStringPiece signed_data, + QuicStringPiece signature, bool is_channel_id_signature); private: diff --git a/chromium/net/quic/core/crypto/channel_id_test.cc b/chromium/net/quic/core/crypto/channel_id_test.cc index 38931fd61f1..6fac40f0490 100644 --- a/chromium/net/quic/core/crypto/channel_id_test.cc +++ b/chromium/net/quic/core/crypto/channel_id_test.cc @@ -9,7 +9,6 @@ #include "net/quic/test_tools/crypto_test_utils.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; namespace net { @@ -274,10 +273,11 @@ TEST(ChannelIDTest, VerifyKnownAnswerTest) { EXPECT_EQ(sizeof(signature) / 2, r_len); EXPECT_EQ(sizeof(signature) / 2, s_len); - EXPECT_EQ(test_vector[i].result, - ChannelIDVerifier::VerifyRaw( - StringPiece(key, sizeof(key)), StringPiece(msg, msg_len), - StringPiece(signature, sizeof(signature)), false)); + EXPECT_EQ( + test_vector[i].result, + ChannelIDVerifier::VerifyRaw( + QuicStringPiece(key, sizeof(key)), QuicStringPiece(msg, msg_len), + QuicStringPiece(signature, sizeof(signature)), false)); } } diff --git a/chromium/net/quic/core/crypto/common_cert_set.cc b/chromium/net/quic/core/crypto/common_cert_set.cc index 25bde99fc20..9ef68d8cc00 100644 --- a/chromium/net/quic/core/crypto/common_cert_set.cc +++ b/chromium/net/quic/core/crypto/common_cert_set.cc @@ -10,7 +10,6 @@ #include "base/memory/singleton.h" #include "net/quic/core/quic_utils.h" -using base::StringPiece; namespace net { @@ -53,7 +52,7 @@ const uint64_t kSetHashes[] = { // Compare returns a value less than, equal to or greater than zero if |a| is // lexicographically less than, equal to or greater than |b|, respectively. -int Compare(StringPiece a, const unsigned char* b, size_t b_len) { +int Compare(QuicStringPiece a, const unsigned char* b, size_t b_len) { size_t len = a.size(); if (len > b_len) { len = b_len; @@ -76,16 +75,16 @@ int Compare(StringPiece a, const unsigned char* b, size_t b_len) { class CommonCertSetsQUIC : public CommonCertSets { public: // CommonCertSets interface. - StringPiece GetCommonHashes() const override { - return StringPiece(reinterpret_cast<const char*>(kSetHashes), - sizeof(uint64_t) * arraysize(kSetHashes)); + QuicStringPiece GetCommonHashes() const override { + return QuicStringPiece(reinterpret_cast<const char*>(kSetHashes), + sizeof(uint64_t) * arraysize(kSetHashes)); } - StringPiece GetCert(uint64_t hash, uint32_t index) const override { + QuicStringPiece GetCert(uint64_t hash, uint32_t index) const override { for (size_t i = 0; i < arraysize(kSets); i++) { if (kSets[i].hash == hash) { if (index < kSets[i].num_certs) { - return StringPiece( + return QuicStringPiece( reinterpret_cast<const char*>(kSets[i].certs[index]), kSets[i].lens[index]); } @@ -93,11 +92,11 @@ class CommonCertSetsQUIC : public CommonCertSets { } } - return StringPiece(); + return QuicStringPiece(); } - bool MatchCert(StringPiece cert, - StringPiece common_set_hashes, + bool MatchCert(QuicStringPiece cert, + QuicStringPiece common_set_hashes, uint64_t* out_hash, uint32_t* out_index) const override { if (common_set_hashes.size() % sizeof(uint64_t) != 0) { diff --git a/chromium/net/quic/core/crypto/common_cert_set.h b/chromium/net/quic/core/crypto/common_cert_set.h index 08264c7acb6..8030380ada9 100644 --- a/chromium/net/quic/core/crypto/common_cert_set.h +++ b/chromium/net/quic/core/crypto/common_cert_set.h @@ -8,9 +8,9 @@ #include <cstdint> #include "base/compiler_specific.h" -#include "base/strings/string_piece.h" #include "net/quic/core/crypto/crypto_protocol.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -23,22 +23,22 @@ class QUIC_EXPORT_PRIVATE CommonCertSets { // GetInstanceQUIC returns the standard QUIC common certificate sets. static const CommonCertSets* GetInstanceQUIC(); - // GetCommonHashes returns a StringPiece containing the hashes of common sets - // supported by this object. The 64-bit hashes are concatenated in the - // StringPiece. - virtual base::StringPiece GetCommonHashes() const = 0; + // GetCommonHashes returns a QuicStringPiece containing the hashes of common + // sets supported by this object. The 64-bit hashes are concatenated in the + // QuicStringPiece. + virtual QuicStringPiece GetCommonHashes() const = 0; // GetCert returns a specific certificate (at index |index|) in the common // set identified by |hash|. If no such certificate is known, an empty - // StringPiece is returned. - virtual base::StringPiece GetCert(uint64_t hash, uint32_t index) const = 0; + // QuicStringPiece is returned. + virtual QuicStringPiece GetCert(uint64_t hash, uint32_t index) const = 0; // MatchCert tries to find |cert| in one of the common certificate sets // identified by |common_set_hashes|. On success it puts the hash of the // set in |out_hash|, the index of |cert| in the set in |out_index| and // returns true. Otherwise it returns false. - virtual bool MatchCert(base::StringPiece cert, - base::StringPiece common_set_hashes, + virtual bool MatchCert(QuicStringPiece cert, + QuicStringPiece common_set_hashes, uint64_t* out_hash, uint32_t* out_index) const = 0; }; diff --git a/chromium/net/quic/core/crypto/common_cert_set_test.cc b/chromium/net/quic/core/crypto/common_cert_set_test.cc index b355da218d4..85bc74b2341 100644 --- a/chromium/net/quic/core/crypto/common_cert_set_test.cc +++ b/chromium/net/quic/core/crypto/common_cert_set_test.cc @@ -8,8 +8,6 @@ #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; - namespace net { namespace test { @@ -192,8 +190,8 @@ static const unsigned char kGIACertificate3[] = { }; TEST(CommonCertSets, FindGIA_2) { - StringPiece gia(reinterpret_cast<const char*>(kGIACertificate2), - sizeof(kGIACertificate2)); + QuicStringPiece gia(reinterpret_cast<const char*>(kGIACertificate2), + sizeof(kGIACertificate2)); const CommonCertSets* sets(CommonCertSets::GetInstanceQUIC()); // Common Cert Set 2's hash. @@ -202,19 +200,19 @@ TEST(CommonCertSets, FindGIA_2) { uint32_t index; ASSERT_TRUE(sets->MatchCert( gia, - StringPiece(reinterpret_cast<const char*>(&in_hash), sizeof(in_hash)), + QuicStringPiece(reinterpret_cast<const char*>(&in_hash), sizeof(in_hash)), &hash, &index)); EXPECT_EQ(in_hash, hash); - StringPiece gia_copy = sets->GetCert(hash, index); + QuicStringPiece gia_copy = sets->GetCert(hash, index); EXPECT_FALSE(gia_copy.empty()); ASSERT_EQ(gia.size(), gia_copy.size()); EXPECT_EQ(0, memcmp(gia.data(), gia_copy.data(), gia.size())); } TEST(CommonCertSets, FindGIA_3) { - StringPiece gia(reinterpret_cast<const char*>(kGIACertificate3), - sizeof(kGIACertificate3)); + QuicStringPiece gia(reinterpret_cast<const char*>(kGIACertificate3), + sizeof(kGIACertificate3)); const CommonCertSets* sets(CommonCertSets::GetInstanceQUIC()); // Common Cert Set 3's hash. @@ -223,11 +221,11 @@ TEST(CommonCertSets, FindGIA_3) { uint32_t index; ASSERT_TRUE(sets->MatchCert( gia, - StringPiece(reinterpret_cast<const char*>(&in_hash), sizeof(in_hash)), + QuicStringPiece(reinterpret_cast<const char*>(&in_hash), sizeof(in_hash)), &hash, &index)); EXPECT_EQ(in_hash, hash); - StringPiece gia_copy = sets->GetCert(hash, index); + QuicStringPiece gia_copy = sets->GetCert(hash, index); EXPECT_FALSE(gia_copy.empty()); ASSERT_EQ(gia.size(), gia_copy.size()); EXPECT_EQ(0, memcmp(gia.data(), gia_copy.data(), gia.size())); @@ -235,13 +233,13 @@ TEST(CommonCertSets, FindGIA_3) { TEST(CommonCertSets, NonMatch) { const CommonCertSets* sets(CommonCertSets::GetInstanceQUIC()); - StringPiece not_a_cert("hello"); + QuicStringPiece not_a_cert("hello"); const uint64_t in_hash = UINT64_C(0xc9fef74053f99f39); uint64_t hash; uint32_t index; EXPECT_FALSE(sets->MatchCert( not_a_cert, - StringPiece(reinterpret_cast<const char*>(&in_hash), sizeof(in_hash)), + QuicStringPiece(reinterpret_cast<const char*>(&in_hash), sizeof(in_hash)), &hash, &index)); } diff --git a/chromium/net/quic/core/crypto/crypto_framer.cc b/chromium/net/quic/core/crypto/crypto_framer.cc index 56d9bf8dba2..b978bf0b931 100644 --- a/chromium/net/quic/core/crypto/crypto_framer.cc +++ b/chromium/net/quic/core/crypto/crypto_framer.cc @@ -9,8 +9,7 @@ #include "net/quic/core/quic_data_writer.h" #include "net/quic/core/quic_packets.h" #include "net/quic/platform/api/quic_str_cat.h" - -using base::StringPiece; +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -51,12 +50,13 @@ CryptoFramer::~CryptoFramer() {} // static std::unique_ptr<CryptoHandshakeMessage> CryptoFramer::ParseMessage( - StringPiece in) { + QuicStringPiece in, + Perspective perspective) { OneShotVisitor visitor; CryptoFramer framer; framer.set_visitor(&visitor); - if (!framer.ProcessInput(in) || visitor.error() || + if (!framer.ProcessInput(in, perspective) || visitor.error() || framer.InputBytesRemaining()) { return nullptr; } @@ -64,12 +64,13 @@ std::unique_ptr<CryptoHandshakeMessage> CryptoFramer::ParseMessage( return visitor.release(); } -bool CryptoFramer::ProcessInput(StringPiece input) { +bool CryptoFramer::ProcessInput(QuicStringPiece input, + Perspective perspective) { DCHECK_EQ(QUIC_NO_ERROR, error_); if (error_ != QUIC_NO_ERROR) { return false; } - error_ = Process(input); + error_ = Process(input, perspective); if (error_ != QUIC_NO_ERROR) { DCHECK(!error_detail_.empty()); visitor_->OnError(this); @@ -81,7 +82,8 @@ bool CryptoFramer::ProcessInput(StringPiece input) { // static QuicData* CryptoFramer::ConstructHandshakeMessage( - const CryptoHandshakeMessage& message) { + const CryptoHandshakeMessage& message, + Perspective perspective) { size_t num_entries = message.tag_value_map().size(); size_t pad_length = 0; bool need_pad_tag = false; @@ -106,8 +108,8 @@ QuicData* CryptoFramer::ConstructHandshakeMessage( } std::unique_ptr<char[]> buffer(new char[len]); - QuicDataWriter writer(len, buffer.get()); - if (!writer.WriteUInt32(message.tag())) { + QuicDataWriter writer(len, buffer.get(), perspective); + if (!writer.WriteTag(message.tag())) { DCHECK(false) << "Failed to write message tag."; return nullptr; } @@ -139,7 +141,7 @@ QuicData* CryptoFramer::ConstructHandshakeMessage( } } - if (!writer.WriteUInt32(it->first)) { + if (!writer.WriteTag(it->first)) { DCHECK(false) << "Failed to write tag."; return nullptr; } @@ -191,10 +193,11 @@ void CryptoFramer::Clear() { state_ = STATE_READING_TAG; } -QuicErrorCode CryptoFramer::Process(StringPiece input) { +QuicErrorCode CryptoFramer::Process(QuicStringPiece input, + Perspective perspective) { // Add this data to the buffer. buffer_.append(input.data(), input.length()); - QuicDataReader reader(buffer_.data(), buffer_.length()); + QuicDataReader reader(buffer_.data(), buffer_.length(), perspective); switch (state_) { case STATE_READING_TAG: @@ -202,7 +205,7 @@ QuicErrorCode CryptoFramer::Process(StringPiece input) { break; } QuicTag message_tag; - reader.ReadUInt32(&message_tag); + reader.ReadTag(&message_tag); message_.set_tag(message_tag); state_ = STATE_READING_NUM_ENTRIES; case STATE_READING_NUM_ENTRIES: @@ -229,7 +232,7 @@ QuicErrorCode CryptoFramer::Process(StringPiece input) { uint32_t last_end_offset = 0; for (unsigned i = 0; i < num_entries_; ++i) { QuicTag tag; - reader.ReadUInt32(&tag); + reader.ReadTag(&tag); if (i > 0 && tag <= tags_and_lengths_[i - 1].first) { if (tag == tags_and_lengths_[i - 1].first) { error_detail_ = QuicStrCat("Duplicate tag:", tag); @@ -259,7 +262,7 @@ QuicErrorCode CryptoFramer::Process(StringPiece input) { break; } for (const std::pair<QuicTag, size_t>& item : tags_and_lengths_) { - StringPiece value; + QuicStringPiece value; reader.ReadStringPiece(&value, item.second); message_.SetStringPiece(item.first, value); } @@ -277,7 +280,7 @@ QuicErrorCode CryptoFramer::Process(StringPiece input) { bool CryptoFramer::WritePadTag(QuicDataWriter* writer, size_t pad_length, uint32_t* end_offset) { - if (!writer->WriteUInt32(kPAD)) { + if (!writer->WriteTag(kPAD)) { DCHECK(false) << "Failed to write tag."; return false; } diff --git a/chromium/net/quic/core/crypto/crypto_framer.h b/chromium/net/quic/core/crypto/crypto_framer.h index a070119186c..0cf0d6427f0 100644 --- a/chromium/net/quic/core/crypto/crypto_framer.h +++ b/chromium/net/quic/core/crypto/crypto_framer.h @@ -11,7 +11,6 @@ #include <utility> #include <vector> -#include "base/strings/string_piece.h" #include "net/quic/core/crypto/crypto_handshake_message.h" #include "net/quic/core/quic_packets.h" #include "net/quic/platform/api/quic_export.h" @@ -41,11 +40,12 @@ class QUIC_EXPORT_PRIVATE CryptoFramer { virtual ~CryptoFramer(); - // ParseMessage parses exactly one message from the given StringPiece. If + // ParseMessage parses exactly one message from the given QuicStringPiece. If // there is an error, the message is truncated, or the message has trailing // garbage then nullptr will be returned. static std::unique_ptr<CryptoHandshakeMessage> ParseMessage( - base::StringPiece in); + QuicStringPiece in, + Perspective perspective); // Set callbacks to be called from the framer. A visitor must be set, or // else the framer will crash. It is acceptable for the visitor to do @@ -60,7 +60,7 @@ class QUIC_EXPORT_PRIVATE CryptoFramer { // Processes input data, which must be delivered in order. Returns // false if there was an error, and true otherwise. - bool ProcessInput(base::StringPiece input); + bool ProcessInput(QuicStringPiece input, Perspective perspective); // Returns the number of bytes of buffered input data remaining to be // parsed. @@ -69,7 +69,8 @@ class QUIC_EXPORT_PRIVATE CryptoFramer { // Returns a new QuicData owned by the caller that contains a serialized // |message|, or nullptr if there was an error. static QuicData* ConstructHandshakeMessage( - const CryptoHandshakeMessage& message); + const CryptoHandshakeMessage& message, + Perspective perspective); private: // Clears per-message state. Does not clear the visitor. @@ -77,7 +78,7 @@ class QUIC_EXPORT_PRIVATE CryptoFramer { // Process does does the work of |ProcessInput|, but returns an error code, // doesn't set error_ and doesn't call |visitor_->OnError()|. - QuicErrorCode Process(base::StringPiece input); + QuicErrorCode Process(QuicStringPiece input, Perspective perspective); static bool WritePadTag(QuicDataWriter* writer, size_t pad_length, diff --git a/chromium/net/quic/core/crypto/crypto_framer_test.cc b/chromium/net/quic/core/crypto/crypto_framer_test.cc index 4210b5f6166..e8f37e946a1 100644 --- a/chromium/net/quic/core/crypto/crypto_framer_test.cc +++ b/chromium/net/quic/core/crypto/crypto_framer_test.cc @@ -15,20 +15,17 @@ #include "net/quic/test_tools/crypto_test_utils.h" #include "net/quic/test_tools/quic_test_utils.h" -using base::StringPiece; using std::string; namespace net { - +namespace test { namespace { char* AsChars(unsigned char* data) { return reinterpret_cast<char*>(data); } -} // namespace - -namespace test { +class CryptoFramerTest : public ::testing::TestWithParam<Perspective> {}; class TestCryptoVisitor : public CryptoFramerVisitorInterface { public: @@ -49,7 +46,7 @@ class TestCryptoVisitor : public CryptoFramerVisitorInterface { std::vector<CryptoHandshakeMessage> messages_; }; -TEST(CryptoFramerTest, ConstructHandshakeMessage) { +TEST_P(CryptoFramerTest, ConstructHandshakeMessage) { CryptoHandshakeMessage message; message.set_tag(0xFFAA7733); message.SetStringPiece(0x12345678, "abcdef"); @@ -84,14 +81,15 @@ TEST(CryptoFramerTest, ConstructHandshakeMessage) { }; CryptoFramer framer; - std::unique_ptr<QuicData> data(framer.ConstructHandshakeMessage(message)); + std::unique_ptr<QuicData> data( + framer.ConstructHandshakeMessage(message, GetParam())); ASSERT_TRUE(data.get() != nullptr); test::CompareCharArraysWithHexError("constructed packet", data->data(), data->length(), AsChars(packet), arraysize(packet)); } -TEST(CryptoFramerTest, ConstructHandshakeMessageWithTwoKeys) { +TEST_P(CryptoFramerTest, ConstructHandshakeMessageWithTwoKeys) { CryptoHandshakeMessage message; message.set_tag(0xFFAA7733); message.SetStringPiece(0x12345678, "abcdef"); @@ -119,7 +117,8 @@ TEST(CryptoFramerTest, ConstructHandshakeMessageWithTwoKeys) { }; CryptoFramer framer; - std::unique_ptr<QuicData> data(framer.ConstructHandshakeMessage(message)); + std::unique_ptr<QuicData> data( + framer.ConstructHandshakeMessage(message, GetParam())); ASSERT_TRUE(data.get() != nullptr); test::CompareCharArraysWithHexError("constructed packet", data->data(), @@ -127,7 +126,7 @@ TEST(CryptoFramerTest, ConstructHandshakeMessageWithTwoKeys) { arraysize(packet)); } -TEST(CryptoFramerTest, ConstructHandshakeMessageZeroLength) { +TEST_P(CryptoFramerTest, ConstructHandshakeMessageZeroLength) { CryptoHandshakeMessage message; message.set_tag(0xFFAA7733); message.SetStringPiece(0x12345678, ""); @@ -146,7 +145,8 @@ TEST(CryptoFramerTest, ConstructHandshakeMessageZeroLength) { }; CryptoFramer framer; - std::unique_ptr<QuicData> data(framer.ConstructHandshakeMessage(message)); + std::unique_ptr<QuicData> data( + framer.ConstructHandshakeMessage(message, GetParam())); ASSERT_TRUE(data.get() != nullptr); test::CompareCharArraysWithHexError("constructed packet", data->data(), @@ -154,7 +154,7 @@ TEST(CryptoFramerTest, ConstructHandshakeMessageZeroLength) { arraysize(packet)); } -TEST(CryptoFramerTest, ConstructHandshakeMessageTooManyEntries) { +TEST_P(CryptoFramerTest, ConstructHandshakeMessageTooManyEntries) { CryptoHandshakeMessage message; message.set_tag(0xFFAA7733); for (uint32_t key = 1; key <= kMaxEntries + 1; ++key) { @@ -162,11 +162,12 @@ TEST(CryptoFramerTest, ConstructHandshakeMessageTooManyEntries) { } CryptoFramer framer; - std::unique_ptr<QuicData> data(framer.ConstructHandshakeMessage(message)); + std::unique_ptr<QuicData> data( + framer.ConstructHandshakeMessage(message, GetParam())); EXPECT_TRUE(data.get() == nullptr); } -TEST(CryptoFramerTest, ConstructHandshakeMessageMinimumSize) { +TEST_P(CryptoFramerTest, ConstructHandshakeMessageMinimumSize) { CryptoHandshakeMessage message; message.set_tag(0xFFAA7733); message.SetStringPiece(0x01020304, "test"); @@ -196,7 +197,8 @@ TEST(CryptoFramerTest, ConstructHandshakeMessageMinimumSize) { }; CryptoFramer framer; - std::unique_ptr<QuicData> data(framer.ConstructHandshakeMessage(message)); + std::unique_ptr<QuicData> data( + framer.ConstructHandshakeMessage(message, GetParam())); ASSERT_TRUE(data.get() != nullptr); test::CompareCharArraysWithHexError("constructed packet", data->data(), @@ -204,7 +206,7 @@ TEST(CryptoFramerTest, ConstructHandshakeMessageMinimumSize) { arraysize(packet)); } -TEST(CryptoFramerTest, ConstructHandshakeMessageMinimumSizePadLast) { +TEST_P(CryptoFramerTest, ConstructHandshakeMessageMinimumSizePadLast) { CryptoHandshakeMessage message; message.set_tag(0xFFAA7733); message.SetStringPiece(1, ""); @@ -232,7 +234,8 @@ TEST(CryptoFramerTest, ConstructHandshakeMessageMinimumSizePadLast) { }; CryptoFramer framer; - std::unique_ptr<QuicData> data(framer.ConstructHandshakeMessage(message)); + std::unique_ptr<QuicData> data( + framer.ConstructHandshakeMessage(message, GetParam())); ASSERT_TRUE(data.get() != nullptr); test::CompareCharArraysWithHexError("constructed packet", data->data(), @@ -240,7 +243,7 @@ TEST(CryptoFramerTest, ConstructHandshakeMessageMinimumSizePadLast) { arraysize(packet)); } -TEST(CryptoFramerTest, ProcessInput) { +TEST_P(CryptoFramerTest, ProcessInput) { test::TestCryptoVisitor visitor; CryptoFramer framer; framer.set_visitor(&visitor); @@ -266,8 +269,8 @@ TEST(CryptoFramerTest, ProcessInput) { 'g', 'h', 'i', 'j', 'k', }; - EXPECT_TRUE( - framer.ProcessInput(StringPiece(AsChars(input), arraysize(input)))); + EXPECT_TRUE(framer.ProcessInput( + QuicStringPiece(AsChars(input), arraysize(input)), GetParam())); EXPECT_EQ(0u, framer.InputBytesRemaining()); EXPECT_EQ(0, visitor.error_count_); ASSERT_EQ(1u, visitor.messages_.size()); @@ -278,7 +281,7 @@ TEST(CryptoFramerTest, ProcessInput) { EXPECT_EQ("ghijk", crypto_test_utils::GetValueForTag(message, 0x12345679)); } -TEST(CryptoFramerTest, ProcessInputWithThreeKeys) { +TEST_P(CryptoFramerTest, ProcessInputWithThreeKeys) { test::TestCryptoVisitor visitor; CryptoFramer framer; framer.set_visitor(&visitor); @@ -310,8 +313,8 @@ TEST(CryptoFramerTest, ProcessInputWithThreeKeys) { 'l', 'm', 'n', 'o', 'p', 'q', 'r', }; - EXPECT_TRUE( - framer.ProcessInput(StringPiece(AsChars(input), arraysize(input)))); + EXPECT_TRUE(framer.ProcessInput( + QuicStringPiece(AsChars(input), arraysize(input)), GetParam())); EXPECT_EQ(0u, framer.InputBytesRemaining()); EXPECT_EQ(0, visitor.error_count_); ASSERT_EQ(1u, visitor.messages_.size()); @@ -323,7 +326,7 @@ TEST(CryptoFramerTest, ProcessInputWithThreeKeys) { EXPECT_EQ("lmnopqr", crypto_test_utils::GetValueForTag(message, 0x1234567A)); } -TEST(CryptoFramerTest, ProcessInputIncrementally) { +TEST_P(CryptoFramerTest, ProcessInputIncrementally) { test::TestCryptoVisitor visitor; CryptoFramer framer; framer.set_visitor(&visitor); @@ -350,7 +353,8 @@ TEST(CryptoFramerTest, ProcessInputIncrementally) { }; for (size_t i = 0; i < arraysize(input); i++) { - EXPECT_TRUE(framer.ProcessInput(StringPiece(AsChars(input) + i, 1))); + EXPECT_TRUE(framer.ProcessInput(QuicStringPiece(AsChars(input) + i, 1), + GetParam())); } EXPECT_EQ(0u, framer.InputBytesRemaining()); ASSERT_EQ(1u, visitor.messages_.size()); @@ -361,7 +365,7 @@ TEST(CryptoFramerTest, ProcessInputIncrementally) { EXPECT_EQ("ghijk", crypto_test_utils::GetValueForTag(message, 0x12345679)); } -TEST(CryptoFramerTest, ProcessInputTagsOutOfOrder) { +TEST_P(CryptoFramerTest, ProcessInputTagsOutOfOrder) { test::TestCryptoVisitor visitor; CryptoFramer framer; framer.set_visitor(&visitor); @@ -383,13 +387,13 @@ TEST(CryptoFramerTest, ProcessInputTagsOutOfOrder) { 0x02, 0x00, 0x00, 0x00, }; - EXPECT_FALSE( - framer.ProcessInput(StringPiece(AsChars(input), arraysize(input)))); + EXPECT_FALSE(framer.ProcessInput( + QuicStringPiece(AsChars(input), arraysize(input)), GetParam())); EXPECT_EQ(QUIC_CRYPTO_TAGS_OUT_OF_ORDER, framer.error()); EXPECT_EQ(1, visitor.error_count_); } -TEST(CryptoFramerTest, ProcessEndOffsetsOutOfOrder) { +TEST_P(CryptoFramerTest, ProcessEndOffsetsOutOfOrder) { test::TestCryptoVisitor visitor; CryptoFramer framer; framer.set_visitor(&visitor); @@ -411,13 +415,13 @@ TEST(CryptoFramerTest, ProcessEndOffsetsOutOfOrder) { 0x00, 0x00, 0x00, 0x00, }; - EXPECT_FALSE( - framer.ProcessInput(StringPiece(AsChars(input), arraysize(input)))); + EXPECT_FALSE(framer.ProcessInput( + QuicStringPiece(AsChars(input), arraysize(input)), GetParam())); EXPECT_EQ(QUIC_CRYPTO_TAGS_OUT_OF_ORDER, framer.error()); EXPECT_EQ(1, visitor.error_count_); } -TEST(CryptoFramerTest, ProcessInputTooManyEntries) { +TEST_P(CryptoFramerTest, ProcessInputTooManyEntries) { test::TestCryptoVisitor visitor; CryptoFramer framer; framer.set_visitor(&visitor); @@ -431,13 +435,13 @@ TEST(CryptoFramerTest, ProcessInputTooManyEntries) { 0x00, 0x00, }; - EXPECT_FALSE( - framer.ProcessInput(StringPiece(AsChars(input), arraysize(input)))); + EXPECT_FALSE(framer.ProcessInput( + QuicStringPiece(AsChars(input), arraysize(input)), GetParam())); EXPECT_EQ(QUIC_CRYPTO_TOO_MANY_ENTRIES, framer.error()); EXPECT_EQ(1, visitor.error_count_); } -TEST(CryptoFramerTest, ProcessInputZeroLength) { +TEST_P(CryptoFramerTest, ProcessInputZeroLength) { test::TestCryptoVisitor visitor; CryptoFramer framer; framer.set_visitor(&visitor); @@ -459,11 +463,11 @@ TEST(CryptoFramerTest, ProcessInputZeroLength) { 0x05, 0x00, 0x00, 0x00, }; - EXPECT_TRUE( - framer.ProcessInput(StringPiece(AsChars(input), arraysize(input)))); + EXPECT_TRUE(framer.ProcessInput( + QuicStringPiece(AsChars(input), arraysize(input)), GetParam())); EXPECT_EQ(0, visitor.error_count_); } +} // namespace } // namespace test - } // namespace net diff --git a/chromium/net/quic/core/crypto/crypto_handshake_message.cc b/chromium/net/quic/core/crypto/crypto_handshake_message.cc index 968f75564a4..4e03d4ef7f1 100644 --- a/chromium/net/quic/core/crypto/crypto_handshake_message.cc +++ b/chromium/net/quic/core/crypto/crypto_handshake_message.cc @@ -15,7 +15,6 @@ #include "net/quic/platform/api/quic_str_cat.h" #include "net/quic/platform/api/quic_text_utils.h" -using base::StringPiece; using std::string; namespace net { @@ -57,9 +56,11 @@ void CryptoHandshakeMessage::Clear() { serialized_.reset(); } -const QuicData& CryptoHandshakeMessage::GetSerialized() const { +const QuicData& CryptoHandshakeMessage::GetSerialized( + Perspective perspective) const { if (!serialized_.get()) { - serialized_.reset(CryptoFramer::ConstructHandshakeMessage(*this)); + serialized_.reset( + CryptoFramer::ConstructHandshakeMessage(*this, perspective)); } return *serialized_; } @@ -68,7 +69,8 @@ void CryptoHandshakeMessage::MarkDirty() { serialized_.reset(); } -void CryptoHandshakeMessage::SetStringPiece(QuicTag tag, StringPiece value) { +void CryptoHandshakeMessage::SetStringPiece(QuicTag tag, + QuicStringPiece value) { tag_value_map_[tag] = value.as_string(); } @@ -100,7 +102,7 @@ QuicErrorCode CryptoHandshakeMessage::GetTaglist(QuicTag tag, } bool CryptoHandshakeMessage::GetStringPiece(QuicTag tag, - StringPiece* out) const { + QuicStringPiece* out) const { QuicTagValueMap::const_iterator it = tag_value_map_.find(tag); if (it == tag_value_map_.end()) { return false; @@ -113,10 +115,11 @@ bool CryptoHandshakeMessage::HasStringPiece(QuicTag tag) const { return QuicContainsKey(tag_value_map_, tag); } -QuicErrorCode CryptoHandshakeMessage::GetNthValue24(QuicTag tag, - unsigned index, - StringPiece* out) const { - StringPiece value; +QuicErrorCode CryptoHandshakeMessage::GetNthValue24( + QuicTag tag, + unsigned index, + QuicStringPiece* out) const { + QuicStringPiece value; if (!GetStringPiece(tag, &value)) { return QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND; } @@ -141,7 +144,7 @@ QuicErrorCode CryptoHandshakeMessage::GetNthValue24(QuicTag tag, } if (i == index) { - *out = StringPiece(value.data(), size); + *out = QuicStringPiece(value.data(), size); return QUIC_NO_ERROR; } @@ -184,8 +187,8 @@ size_t CryptoHandshakeMessage::minimum_size() const { return minimum_size_; } -string CryptoHandshakeMessage::DebugString() const { - return DebugStringInternal(0); +string CryptoHandshakeMessage::DebugString(Perspective perspective) const { + return DebugStringInternal(0, perspective); } QuicErrorCode CryptoHandshakeMessage::GetPOD(QuicTag tag, @@ -209,7 +212,9 @@ QuicErrorCode CryptoHandshakeMessage::GetPOD(QuicTag tag, return ret; } -string CryptoHandshakeMessage::DebugStringInternal(size_t indent) const { +string CryptoHandshakeMessage::DebugStringInternal( + size_t indent, + Perspective perspective) const { string ret = string(2 * indent, ' ') + QuicTagToString(tag_) + "<\n"; ++indent; for (QuicTagValueMap::const_iterator it = tag_value_map_.begin(); @@ -293,10 +298,10 @@ string CryptoHandshakeMessage::DebugStringInternal(size_t indent) const { // nested messages. if (!it->second.empty()) { std::unique_ptr<CryptoHandshakeMessage> msg( - CryptoFramer::ParseMessage(it->second)); + CryptoFramer::ParseMessage(it->second, perspective)); if (msg.get()) { ret += "\n"; - ret += msg->DebugStringInternal(indent + 1); + ret += msg->DebugStringInternal(indent + 1, perspective); done = true; } diff --git a/chromium/net/quic/core/crypto/crypto_handshake_message.h b/chromium/net/quic/core/crypto/crypto_handshake_message.h index f1e7b995e69..6275faad4c8 100644 --- a/chromium/net/quic/core/crypto/crypto_handshake_message.h +++ b/chromium/net/quic/core/crypto/crypto_handshake_message.h @@ -11,9 +11,9 @@ #include <string> #include <vector> -#include "base/strings/string_piece.h" #include "net/quic/core/quic_packets.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -34,7 +34,7 @@ class QUIC_EXPORT_PRIVATE CryptoHandshakeMessage { // GetSerialized returns the serialized form of this message and caches the // result. Subsequently altering the message does not invalidate the cache. - const QuicData& GetSerialized() const; + const QuicData& GetSerialized(Perspective perspective) const; // MarkDirty invalidates the cache created by |GetSerialized|. void MarkDirty(); @@ -66,7 +66,7 @@ class QUIC_EXPORT_PRIVATE CryptoHandshakeMessage { const QuicTagValueMap& tag_value_map() const { return tag_value_map_; } - void SetStringPiece(QuicTag tag, base::StringPiece value); + void SetStringPiece(QuicTag tag, QuicStringPiece value); // Erase removes a tag/value, if present, from the message. void Erase(QuicTag tag); @@ -81,7 +81,7 @@ class QUIC_EXPORT_PRIVATE CryptoHandshakeMessage { const QuicTag** out_tags, size_t* out_len) const; - bool GetStringPiece(QuicTag tag, base::StringPiece* out) const; + bool GetStringPiece(QuicTag tag, QuicStringPiece* out) const; bool HasStringPiece(QuicTag tag) const; // GetNthValue24 interprets the value with the given tag to be a series of @@ -89,7 +89,7 @@ class QUIC_EXPORT_PRIVATE CryptoHandshakeMessage { // index. QuicErrorCode GetNthValue24(QuicTag tag, unsigned index, - base::StringPiece* out) const; + QuicStringPiece* out) const; QuicErrorCode GetUint32(QuicTag tag, uint32_t* out) const; QuicErrorCode GetUint64(QuicTag tag, uint64_t* out) const; @@ -110,7 +110,7 @@ class QUIC_EXPORT_PRIVATE CryptoHandshakeMessage { // DebugString returns a multi-line, string representation of the message // suitable for including in debug output. - std::string DebugString() const; + std::string DebugString(Perspective perspective) const; private: // GetPOD is a utility function for extracting a plain-old-data value. If @@ -122,7 +122,7 @@ class QUIC_EXPORT_PRIVATE CryptoHandshakeMessage { // little-endian. QuicErrorCode GetPOD(QuicTag tag, void* out, size_t len) const; - std::string DebugStringInternal(size_t indent) const; + std::string DebugStringInternal(size_t indent, Perspective perspective) const; QuicTag tag_; QuicTagValueMap tag_value_map_; diff --git a/chromium/net/quic/core/crypto/crypto_handshake_message_test.cc b/chromium/net/quic/core/crypto/crypto_handshake_message_test.cc index 088cd37e6a0..c12f4cd12f6 100644 --- a/chromium/net/quic/core/crypto/crypto_handshake_message_test.cc +++ b/chromium/net/quic/core/crypto/crypto_handshake_message_test.cc @@ -12,31 +12,34 @@ namespace net { namespace test { namespace { -TEST(CryptoHandshakeMessageTest, DebugString) { +class CryptoHandshakeMessageTest + : public ::testing::TestWithParam<Perspective> {}; + +TEST_P(CryptoHandshakeMessageTest, DebugString) { const char* str = "SHLO<\n>"; CryptoHandshakeMessage message; message.set_tag(kSHLO); - EXPECT_EQ(str, message.DebugString()); + EXPECT_EQ(str, message.DebugString(GetParam())); // Test copy CryptoHandshakeMessage message2(message); - EXPECT_EQ(str, message2.DebugString()); + EXPECT_EQ(str, message2.DebugString(GetParam())); // Test move CryptoHandshakeMessage message3(std::move(message)); - EXPECT_EQ(str, message3.DebugString()); + EXPECT_EQ(str, message3.DebugString(GetParam())); // Test assign CryptoHandshakeMessage message4 = message3; - EXPECT_EQ(str, message4.DebugString()); + EXPECT_EQ(str, message4.DebugString(GetParam())); // Test move-assign CryptoHandshakeMessage message5 = std::move(message3); - EXPECT_EQ(str, message5.DebugString()); + EXPECT_EQ(str, message5.DebugString(GetParam())); } -TEST(CryptoHandshakeMessageTest, DebugStringWithUintVector) { +TEST_P(CryptoHandshakeMessageTest, DebugStringWithUintVector) { const char* str = "REJ <\n RREJ: " "SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE," @@ -48,76 +51,76 @@ TEST(CryptoHandshakeMessageTest, DebugStringWithUintVector) { SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE, CLIENT_NONCE_NOT_UNIQUE_FAILURE}; message.SetVector(kRREJ, reasons); - EXPECT_EQ(str, message.DebugString()); + EXPECT_EQ(str, message.DebugString(GetParam())); // Test copy CryptoHandshakeMessage message2(message); - EXPECT_EQ(str, message2.DebugString()); + EXPECT_EQ(str, message2.DebugString(GetParam())); // Test move CryptoHandshakeMessage message3(std::move(message)); - EXPECT_EQ(str, message3.DebugString()); + EXPECT_EQ(str, message3.DebugString(GetParam())); // Test assign CryptoHandshakeMessage message4 = message3; - EXPECT_EQ(str, message4.DebugString()); + EXPECT_EQ(str, message4.DebugString(GetParam())); // Test move-assign CryptoHandshakeMessage message5 = std::move(message3); - EXPECT_EQ(str, message5.DebugString()); + EXPECT_EQ(str, message5.DebugString(GetParam())); } -TEST(CryptoHandshakeMessageTest, DebugStringWithTagVector) { +TEST_P(CryptoHandshakeMessageTest, DebugStringWithTagVector) { const char* str = "CHLO<\n COPT: 'TBBR','PAD ','BYTE'\n>"; CryptoHandshakeMessage message; message.set_tag(kCHLO); message.SetVector(kCOPT, QuicTagVector{kTBBR, kPAD, kBYTE}); - EXPECT_EQ(str, message.DebugString()); + EXPECT_EQ(str, message.DebugString(GetParam())); // Test copy CryptoHandshakeMessage message2(message); - EXPECT_EQ(str, message2.DebugString()); + EXPECT_EQ(str, message2.DebugString(GetParam())); // Test move CryptoHandshakeMessage message3(std::move(message)); - EXPECT_EQ(str, message3.DebugString()); + EXPECT_EQ(str, message3.DebugString(GetParam())); // Test assign CryptoHandshakeMessage message4 = message3; - EXPECT_EQ(str, message4.DebugString()); + EXPECT_EQ(str, message4.DebugString(GetParam())); // Test move-assign CryptoHandshakeMessage message5 = std::move(message3); - EXPECT_EQ(str, message5.DebugString()); + EXPECT_EQ(str, message5.DebugString(GetParam())); } -TEST(CryptoHandshakeMessageTest, ServerDesignatedConnectionId) { +TEST_P(CryptoHandshakeMessageTest, ServerDesignatedConnectionId) { const char* str = "SREJ<\n RCID: 18364758544493064720\n>"; CryptoHandshakeMessage message; message.set_tag(kSREJ); message.SetValue(kRCID, UINT64_C(18364758544493064720)); - EXPECT_EQ(str, message.DebugString()); + EXPECT_EQ(str, message.DebugString(GetParam())); // Test copy CryptoHandshakeMessage message2(message); - EXPECT_EQ(str, message2.DebugString()); + EXPECT_EQ(str, message2.DebugString(GetParam())); // Test move CryptoHandshakeMessage message3(std::move(message)); - EXPECT_EQ(str, message3.DebugString()); + EXPECT_EQ(str, message3.DebugString(GetParam())); // Test assign CryptoHandshakeMessage message4 = message3; - EXPECT_EQ(str, message4.DebugString()); + EXPECT_EQ(str, message4.DebugString(GetParam())); // Test move-assign CryptoHandshakeMessage message5 = std::move(message3); - EXPECT_EQ(str, message5.DebugString()); + EXPECT_EQ(str, message5.DebugString(GetParam())); } -TEST(CryptoHandshakeMessageTest, HasStringPiece) { +TEST_P(CryptoHandshakeMessageTest, HasStringPiece) { CryptoHandshakeMessage message; EXPECT_FALSE(message.HasStringPiece(kRCID)); message.SetStringPiece(kRCID, "foo"); diff --git a/chromium/net/quic/core/crypto/crypto_protocol.h b/chromium/net/quic/core/crypto/crypto_protocol.h index e426832d543..6e9a355f697 100644 --- a/chromium/net/quic/core/crypto/crypto_protocol.h +++ b/chromium/net/quic/core/crypto/crypto_protocol.h @@ -79,6 +79,8 @@ const QuicTag kIFWA = TAG('I', 'F', 'W', 'a'); // Set initial size // receive window to // 1MB. (2^0xa KB). const QuicTag kTBBR = TAG('T', 'B', 'B', 'R'); // Reduced Buffer Bloat TCP +const QuicTag k1RTT = TAG('1', 'R', 'T', 'T'); // STARTUP in BBR for 1 RTT +const QuicTag k2RTT = TAG('2', 'R', 'T', 'T'); // STARTUP in BBR for 2 RTTs const QuicTag kRENO = TAG('R', 'E', 'N', 'O'); // Reno Congestion Control const QuicTag kBYTE = TAG('B', 'Y', 'T', 'E'); // TCP cubic or reno in bytes const QuicTag kRATE = TAG('R', 'A', 'T', 'E'); // TCP cubic rate based sending @@ -123,6 +125,8 @@ const QuicTag kSMHL = TAG('S', 'M', 'H', 'L'); // Support MAX_HEADER_LIST_SIZE const QuicTag kCCVX = TAG('C', 'C', 'V', 'X'); // Fix Cubic convex bug. const QuicTag kCBQT = TAG('C', 'B', 'Q', 'T'); // Fix CubicBytes quantization. const QuicTag kBLMX = TAG('B', 'L', 'M', 'X'); // Fix Cubic BetaLastMax bug. +const QuicTag kCPAU = TAG('C', 'P', 'A', 'U'); // Allow Cubic per-ack-updates. +const QuicTag kNSTP = TAG('N', 'S', 'T', 'P'); // No stop waiting frames. // Optional support of truncated Connection IDs. If sent by a peer, the value // is the minimum number of bytes allowed for the connection ID sent to the diff --git a/chromium/net/quic/core/crypto/crypto_secret_boxer.cc b/chromium/net/quic/core/crypto/crypto_secret_boxer.cc index a1091524925..0ce5872d4e4 100644 --- a/chromium/net/quic/core/crypto/crypto_secret_boxer.cc +++ b/chromium/net/quic/core/crypto/crypto_secret_boxer.cc @@ -14,7 +14,6 @@ #include "net/quic/core/crypto/quic_encrypter.h" #include "net/quic/core/crypto/quic_random.h" -using base::StringPiece; using std::string; namespace net { @@ -54,7 +53,8 @@ void CryptoSecretBoxer::SetKeys(const std::vector<string>& keys) { keys_.swap(copy); } -string CryptoSecretBoxer::Box(QuicRandom* rand, StringPiece plaintext) const { +string CryptoSecretBoxer::Box(QuicRandom* rand, + QuicStringPiece plaintext) const { std::unique_ptr<Aes128Gcm12Encrypter> encrypter(new Aes128Gcm12Encrypter()); { QuicReaderMutexLock l(&lock_); @@ -76,7 +76,7 @@ string CryptoSecretBoxer::Box(QuicRandom* rand, StringPiece plaintext) const { memcpy(data + kBoxNonceSize, plaintext.data(), plaintext.size()); if (!encrypter->Encrypt( - StringPiece(data, kBoxNonceSize), StringPiece(), plaintext, + QuicStringPiece(data, kBoxNonceSize), QuicStringPiece(), plaintext, reinterpret_cast<unsigned char*>(data + kBoxNonceSize))) { DLOG(DFATAL) << "CryptoSecretBoxer's Encrypt failed."; return string(); @@ -85,17 +85,18 @@ string CryptoSecretBoxer::Box(QuicRandom* rand, StringPiece plaintext) const { return ret; } -bool CryptoSecretBoxer::Unbox(StringPiece ciphertext, +bool CryptoSecretBoxer::Unbox(QuicStringPiece ciphertext, string* out_storage, - StringPiece* out) const { + QuicStringPiece* out) const { if (ciphertext.size() < kBoxNonceSize) { return false; } - StringPiece nonce(ciphertext.data(), kBoxNonceSize); + QuicStringPiece nonce(ciphertext.data(), kBoxNonceSize); ciphertext.remove_prefix(kBoxNonceSize); QuicPacketNumber packet_number; - StringPiece nonce_prefix(nonce.data(), nonce.size() - sizeof(packet_number)); + QuicStringPiece nonce_prefix(nonce.data(), + nonce.size() - sizeof(packet_number)); memcpy(&packet_number, nonce.data() + nonce_prefix.size(), sizeof(packet_number)); @@ -109,7 +110,7 @@ bool CryptoSecretBoxer::Unbox(StringPiece ciphertext, if (decrypter->SetKey(key)) { decrypter->SetNoncePrefix(nonce_prefix); if (decrypter->DecryptPacket(QUIC_VERSION_36, packet_number, - /*associated data=*/StringPiece(), + /*associated data=*/QuicStringPiece(), ciphertext, plaintext, &plaintext_length, kMaxPacketSize)) { ok = true; diff --git a/chromium/net/quic/core/crypto/crypto_secret_boxer.h b/chromium/net/quic/core/crypto/crypto_secret_boxer.h index 93e6f90fc12..d9558140e83 100644 --- a/chromium/net/quic/core/crypto/crypto_secret_boxer.h +++ b/chromium/net/quic/core/crypto/crypto_secret_boxer.h @@ -10,9 +10,9 @@ #include <vector> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/platform/api/quic_export.h" #include "net/quic/platform/api/quic_mutex.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -39,16 +39,16 @@ class QUIC_EXPORT_PRIVATE CryptoSecretBoxer { // returns the resulting ciphertext. Since an authenticator and nonce are // included, the result will be slightly larger than |plaintext|. The first // key in the vector supplied to |SetKeys| will be used. - std::string Box(QuicRandom* rand, base::StringPiece plaintext) const; + std::string Box(QuicRandom* rand, QuicStringPiece plaintext) const; // Unbox takes the result of a previous call to |Box| in |ciphertext| and // authenticates+decrypts it. If |ciphertext| cannot be decrypted with any of // the supplied keys, the function returns false. Otherwise, |out_storage| is // used to store the result and |out| is set to point into |out_storage| and // contains the original plaintext. - bool Unbox(base::StringPiece ciphertext, + bool Unbox(QuicStringPiece ciphertext, std::string* out_storage, - base::StringPiece* out) const; + QuicStringPiece* out) const; private: mutable QuicMutex lock_; diff --git a/chromium/net/quic/core/crypto/crypto_secret_boxer_test.cc b/chromium/net/quic/core/crypto/crypto_secret_boxer_test.cc index 1e8c1d156cd..12820179c16 100644 --- a/chromium/net/quic/core/crypto/crypto_secret_boxer_test.cc +++ b/chromium/net/quic/core/crypto/crypto_secret_boxer_test.cc @@ -7,14 +7,13 @@ #include "net/quic/core/crypto/quic_random.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; namespace net { namespace test { TEST(CryptoSecretBoxerTest, BoxAndUnbox) { - StringPiece message("hello world"); + QuicStringPiece message("hello world"); CryptoSecretBoxer boxer; boxer.SetKeys({string(CryptoSecretBoxer::GetKeySize(), 0x11)}); @@ -22,7 +21,7 @@ TEST(CryptoSecretBoxerTest, BoxAndUnbox) { const string box = boxer.Box(QuicRandom::GetInstance(), message); string storage; - StringPiece result; + QuicStringPiece result; EXPECT_TRUE(boxer.Unbox(box, &storage, &result)); EXPECT_EQ(result, message); @@ -37,10 +36,10 @@ TEST(CryptoSecretBoxerTest, BoxAndUnbox) { // Helper function to test whether one boxer can decode the output of another. static bool CanDecode(const CryptoSecretBoxer& decoder, const CryptoSecretBoxer& encoder) { - StringPiece message("hello world"); + QuicStringPiece message("hello world"); const string boxed = encoder.Box(QuicRandom::GetInstance(), message); string storage; - StringPiece result; + QuicStringPiece result; bool ok = decoder.Unbox(boxed, &storage, &result); if (ok) { EXPECT_EQ(result, message); diff --git a/chromium/net/quic/core/crypto/crypto_server_config_protobuf.h b/chromium/net/quic/core/crypto/crypto_server_config_protobuf.h index 82dafd84e43..fe0cc4eaa4f 100644 --- a/chromium/net/quic/core/crypto/crypto_server_config_protobuf.h +++ b/chromium/net/quic/core/crypto/crypto_server_config_protobuf.h @@ -15,9 +15,9 @@ #include "base/logging.h" #include "base/macros.h" #include "base/memory/ptr_util.h" -#include "base/strings/string_piece.h" #include "net/quic/core/crypto/crypto_protocol.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -53,7 +53,7 @@ class QUIC_EXPORT_PRIVATE QuicServerConfigProtobuf { std::string config() const { return config_; } - void set_config(base::StringPiece config) { config.CopyToString(&config_); } + void set_config(QuicStringPiece config) { config.CopyToString(&config_); } QuicServerConfigProtobuf::PrivateKey* add_key() { keys_.push_back(base::MakeUnique<PrivateKey>()); @@ -83,7 +83,7 @@ class QUIC_EXPORT_PRIVATE QuicServerConfigProtobuf { } void set_source_address_token_secret_override( - base::StringPiece source_address_token_secret_override) { + QuicStringPiece source_address_token_secret_override) { source_address_token_secret_override.CopyToString( &source_address_token_secret_override_); } diff --git a/chromium/net/quic/core/crypto/crypto_server_test.cc b/chromium/net/quic/core/crypto/crypto_server_test.cc index 67cd077a919..85f07520f51 100644 --- a/chromium/net/quic/core/crypto/crypto_server_test.cc +++ b/chromium/net/quic/core/crypto/crypto_server_test.cc @@ -19,6 +19,7 @@ #include "net/quic/core/quic_flags.h" #include "net/quic/core/quic_socket_address_coder.h" #include "net/quic/core/quic_utils.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/api/quic_text_utils.h" #include "net/quic/test_tools/crypto_test_utils.h" #include "net/quic/test_tools/delayed_verify_strike_register_client.h" @@ -30,7 +31,6 @@ #include "testing/gtest/include/gtest/gtest.h" #include "third_party/boringssl/src/include/openssl/sha.h" -using base::StringPiece; using std::string; namespace net { @@ -137,7 +137,7 @@ class CryptoServerTest : public ::testing::TestWithParam<TestParams> { std::unique_ptr<CryptoHandshakeMessage> msg( config_.AddConfig(std::move(primary_config), clock_.WallNow())); - StringPiece orbit; + QuicStringPiece orbit; CHECK(msg->GetStringPiece(kORBT, &orbit)); CHECK_EQ(sizeof(orbit_), orbit.size()); memcpy(orbit_, orbit.data(), orbit.size()); @@ -167,15 +167,15 @@ class CryptoServerTest : public ::testing::TestWithParam<TestParams> { CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); CheckForServerDesignatedConnectionId(); - StringPiece srct; + QuicStringPiece srct; ASSERT_TRUE(out_.GetStringPiece(kSourceAddressTokenTag, &srct)); srct_hex_ = "#" + QuicTextUtils::HexEncode(srct); - StringPiece scfg; + QuicStringPiece scfg; ASSERT_TRUE(out_.GetStringPiece(kSCFG, &scfg)); - server_config_ = CryptoFramer::ParseMessage(scfg); + server_config_ = CryptoFramer::ParseMessage(scfg, Perspective::IS_CLIENT); - StringPiece scid; + QuicStringPiece scid; ASSERT_TRUE(server_config_->GetStringPiece(kSCID, &scid)); scid_hex_ = "#" + QuicTextUtils::HexEncode(scid); @@ -223,7 +223,7 @@ class CryptoServerTest : public ::testing::TestWithParam<TestParams> { EXPECT_EQ(QuicVersionToQuicTag(supported_versions_[i]), versions[i]); } - StringPiece address; + QuicStringPiece address; ASSERT_TRUE(server_hello.GetStringPiece(kCADR, &address)); QuicSocketAddressCoder decoder; ASSERT_TRUE(decoder.Decode(address.data(), address.size())); @@ -285,10 +285,11 @@ class CryptoServerTest : public ::testing::TestWithParam<TestParams> { if (should_succeed_) { ASSERT_EQ(error, QUIC_NO_ERROR) << "Message failed with error " << error_details << ": " - << result_->client_hello.DebugString(); + << result_->client_hello.DebugString(Perspective::IS_SERVER); } else { ASSERT_NE(error, QUIC_NO_ERROR) - << "Message didn't fail: " << result_->client_hello.DebugString(); + << "Message didn't fail: " + << result_->client_hello.DebugString(Perspective::IS_SERVER); EXPECT_TRUE(error_details.find(error_substr_) != string::npos) << error_substr_ << " not in " << error_details; @@ -330,7 +331,7 @@ class CryptoServerTest : public ::testing::TestWithParam<TestParams> { string nonce; CryptoUtils::GenerateNonce( clock_.WallNow(), rand_, - StringPiece(reinterpret_cast<const char*>(orbit_), sizeof(orbit_)), + QuicStringPiece(reinterpret_cast<const char*>(orbit_), sizeof(orbit_)), &nonce); return nonce; } @@ -456,7 +457,7 @@ TEST_P(CryptoServerTest, DefaultCert) { kClientHelloMinimumSize); ShouldSucceed(msg); - StringPiece cert, proof, cert_sct; + QuicStringPiece cert, proof, cert_sct; EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); @@ -485,7 +486,7 @@ TEST_P(CryptoServerTest, RejectTooLarge) { config_.set_chlo_multiplier(1); ShouldSucceed(msg); - StringPiece cert, proof, cert_sct; + QuicStringPiece cert, proof, cert_sct; EXPECT_FALSE(out_.GetStringPiece(kCertificateTag, &cert)); EXPECT_FALSE(out_.GetStringPiece(kPROF, &proof)); EXPECT_FALSE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); @@ -512,7 +513,7 @@ TEST_P(CryptoServerTest, RejectNotTooLarge) { config_.set_chlo_multiplier(1); ShouldSucceed(msg); - StringPiece cert, proof, cert_sct; + QuicStringPiece cert, proof, cert_sct; EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); @@ -539,7 +540,7 @@ TEST_P(CryptoServerTest, RejectTooLargeButValidSTK) { config_.set_chlo_multiplier(1); ShouldSucceed(msg); - StringPiece cert, proof, cert_sct; + QuicStringPiece cert, proof, cert_sct; EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); @@ -814,13 +815,13 @@ TEST_P(CryptoServerTest, ProofForSuppliedServerConfig) { SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE}; CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); - StringPiece cert, proof, scfg_str; + QuicStringPiece cert, proof, scfg_str; EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); EXPECT_TRUE(out_.GetStringPiece(kSCFG, &scfg_str)); std::unique_ptr<CryptoHandshakeMessage> scfg( - CryptoFramer::ParseMessage(scfg_str)); - StringPiece scid; + CryptoFramer::ParseMessage(scfg_str, Perspective::IS_CLIENT)); + QuicStringPiece scid; EXPECT_TRUE(scfg->GetStringPiece(kSCID, &scid)); EXPECT_NE(scid, kOldConfigId); @@ -842,7 +843,7 @@ TEST_P(CryptoServerTest, ProofForSuppliedServerConfig) { std::unique_ptr<ProofVerifierCallback> callback( new DummyProofVerifierCallback()); string chlo_hash; - CryptoUtils::HashHandshakeMessage(msg, &chlo_hash); + CryptoUtils::HashHandshakeMessage(msg, &chlo_hash, Perspective::IS_SERVER); EXPECT_EQ(QUIC_SUCCESS, proof_verifier->VerifyProof( "test.example.com", 443, scfg_str.as_string(), client_version_, @@ -919,7 +920,7 @@ TEST_P(CryptoServerTest, NonceInSHLO) { ShouldSucceed(msg); EXPECT_EQ(kSHLO, out_.tag()); - StringPiece nonce; + QuicStringPiece nonce; EXPECT_TRUE(out_.GetStringPiece(kServerNonceTag, &nonce)); } @@ -958,7 +959,8 @@ TEST(CryptoServerConfigGenerationTest, Determinism) { std::unique_ptr<CryptoHandshakeMessage> scfg_b( b.AddDefaultConfig(&rand_b, &clock, options)); - ASSERT_EQ(scfg_a->DebugString(), scfg_b->DebugString()); + ASSERT_EQ(scfg_a->DebugString(Perspective::IS_SERVER), + scfg_b->DebugString(Perspective::IS_SERVER)); } TEST(CryptoServerConfigGenerationTest, SCIDVaries) { @@ -979,7 +981,7 @@ TEST(CryptoServerConfigGenerationTest, SCIDVaries) { std::unique_ptr<CryptoHandshakeMessage> scfg_b( b.AddDefaultConfig(&rand_b, &clock, options)); - StringPiece scid_a, scid_b; + QuicStringPiece scid_a, scid_b; EXPECT_TRUE(scfg_a->GetStringPiece(kSCID, &scid_a)); EXPECT_TRUE(scfg_b->GetStringPiece(kSCID, &scid_b)); @@ -996,14 +998,14 @@ TEST(CryptoServerConfigGenerationTest, SCIDIsHashOfServerConfig) { std::unique_ptr<CryptoHandshakeMessage> scfg( a.AddDefaultConfig(&rand_a, &clock, options)); - StringPiece scid; + QuicStringPiece scid; EXPECT_TRUE(scfg->GetStringPiece(kSCID, &scid)); // Need to take a copy of |scid| has we're about to call |Erase|. const string scid_str(scid.as_string()); scfg->Erase(kSCID); scfg->MarkDirty(); - const QuicData& serialized(scfg->GetSerialized()); + const QuicData& serialized(scfg->GetSerialized(Perspective::IS_SERVER)); uint8_t digest[SHA256_DIGEST_LENGTH]; SHA256(reinterpret_cast<const uint8_t*>(serialized.data()), diff --git a/chromium/net/quic/core/crypto/crypto_utils.cc b/chromium/net/quic/core/crypto/crypto_utils.cc index a60a4f28621..b8a6120d5e4 100644 --- a/chromium/net/quic/core/crypto/crypto_utils.cc +++ b/chromium/net/quic/core/crypto/crypto_utils.cc @@ -18,7 +18,6 @@ #include "net/quic/platform/api/quic_logging.h" #include "third_party/boringssl/src/include/openssl/sha.h" -using base::StringPiece; using std::string; namespace net { @@ -26,7 +25,7 @@ namespace net { // static void CryptoUtils::GenerateNonce(QuicWallTime now, QuicRandom* random_generator, - StringPiece orbit, + QuicStringPiece orbit, string* nonce) { // a 4-byte timestamp + 28 random bytes. nonce->reserve(kNonceSize); @@ -51,10 +50,10 @@ void CryptoUtils::GenerateNonce(QuicWallTime now, } // static -bool CryptoUtils::DeriveKeys(StringPiece premaster_secret, +bool CryptoUtils::DeriveKeys(QuicStringPiece premaster_secret, QuicTag aead, - StringPiece client_nonce, - StringPiece server_nonce, + QuicStringPiece client_nonce, + QuicStringPiece server_nonce, const string& hkdf_input, Perspective perspective, Diversification diversification, @@ -67,7 +66,7 @@ bool CryptoUtils::DeriveKeys(StringPiece premaster_secret, size_t subkey_secret_bytes = subkey_secret == nullptr ? 0 : premaster_secret.length(); - StringPiece nonce = client_nonce; + QuicStringPiece nonce = client_nonce; string nonce_storage; if (!server_nonce.empty()) { nonce_storage = client_nonce.as_string() + server_nonce.as_string(); @@ -145,9 +144,9 @@ bool CryptoUtils::DeriveKeys(StringPiece premaster_secret, } // static -bool CryptoUtils::ExportKeyingMaterial(StringPiece subkey_secret, - StringPiece label, - StringPiece context, +bool CryptoUtils::ExportKeyingMaterial(QuicStringPiece subkey_secret, + QuicStringPiece label, + QuicStringPiece context, size_t result_len, string* result) { for (size_t i = 0; i < label.length(); i++) { @@ -167,14 +166,14 @@ bool CryptoUtils::ExportKeyingMaterial(StringPiece subkey_secret, info.append(reinterpret_cast<char*>(&context_length), sizeof(context_length)); info.append(context.data(), context.length()); - crypto::HKDF hkdf(subkey_secret, StringPiece() /* no salt */, info, + crypto::HKDF hkdf(subkey_secret, QuicStringPiece() /* no salt */, info, result_len, 0 /* no fixed IV */, 0 /* no subkey secret */); hkdf.client_write_key().CopyToString(result); return true; } // static -uint64_t CryptoUtils::ComputeLeafCertHash(StringPiece cert) { +uint64_t CryptoUtils::ComputeLeafCertHash(QuicStringPiece cert) { return QuicUtils::FNV1a_64_Hash(cert); } @@ -293,8 +292,9 @@ const char* CryptoUtils::HandshakeFailureReasonToString( // static void CryptoUtils::HashHandshakeMessage(const CryptoHandshakeMessage& message, - string* output) { - const QuicData& serialized = message.GetSerialized(); + string* output, + Perspective perspective) { + const QuicData& serialized = message.GetSerialized(perspective); uint8_t digest[SHA256_DIGEST_LENGTH]; SHA256(reinterpret_cast<const uint8_t*>(serialized.data()), serialized.length(), digest); diff --git a/chromium/net/quic/core/crypto/crypto_utils.h b/chromium/net/quic/core/crypto/crypto_utils.h index e956e885dac..54f2c73c4ed 100644 --- a/chromium/net/quic/core/crypto/crypto_utils.h +++ b/chromium/net/quic/core/crypto/crypto_utils.h @@ -12,13 +12,13 @@ #include <string> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/crypto/crypto_handshake.h" #include "net/quic/core/crypto/crypto_handshake_message.h" #include "net/quic/core/crypto/crypto_protocol.h" #include "net/quic/core/quic_packets.h" #include "net/quic/core/quic_time.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -74,7 +74,7 @@ class QUIC_EXPORT_PRIVATE CryptoUtils { // <20 bytes> random static void GenerateNonce(QuicWallTime now, QuicRandom* random_generator, - base::StringPiece orbit, + QuicStringPiece orbit, std::string* nonce); // DeriveKeys populates |crypters->encrypter|, |crypters->decrypter|, and @@ -93,10 +93,10 @@ class QUIC_EXPORT_PRIVATE CryptoUtils { // decrypter will only be keyed to a preliminary state: a call to // |SetDiversificationNonce| with a diversification nonce will be needed to // complete keying. - static bool DeriveKeys(base::StringPiece premaster_secret, + static bool DeriveKeys(QuicStringPiece premaster_secret, QuicTag aead, - base::StringPiece client_nonce, - base::StringPiece server_nonce, + QuicStringPiece client_nonce, + QuicStringPiece server_nonce, const std::string& hkdf_input, Perspective perspective, Diversification diversification, @@ -107,15 +107,15 @@ class QUIC_EXPORT_PRIVATE CryptoUtils { // dependent on |subkey_secret|, |label|, and |context|. Returns false if the // parameters are invalid (e.g. |label| contains null bytes); returns true on // success. - static bool ExportKeyingMaterial(base::StringPiece subkey_secret, - base::StringPiece label, - base::StringPiece context, + static bool ExportKeyingMaterial(QuicStringPiece subkey_secret, + QuicStringPiece label, + QuicStringPiece context, size_t result_len, std::string* result); // Computes the FNV-1a hash of the provided DER-encoded cert for use in the // XLCT tag. - static uint64_t ComputeLeafCertHash(base::StringPiece cert); + static uint64_t ComputeLeafCertHash(QuicStringPiece cert); // Validates that |server_hello| is actually an SHLO message and that it is // not part of a downgrade attack. @@ -145,7 +145,8 @@ class QUIC_EXPORT_PRIVATE CryptoUtils { // Writes a hash of the serialized |message| into |output|. static void HashHandshakeMessage(const CryptoHandshakeMessage& message, - std::string* output); + std::string* output, + Perspective perspective); private: DISALLOW_COPY_AND_ASSIGN(CryptoUtils); diff --git a/chromium/net/quic/core/crypto/curve25519_key_exchange.cc b/chromium/net/quic/core/crypto/curve25519_key_exchange.cc index 99e62cbfe19..7a8dbcec583 100644 --- a/chromium/net/quic/core/crypto/curve25519_key_exchange.cc +++ b/chromium/net/quic/core/crypto/curve25519_key_exchange.cc @@ -9,7 +9,6 @@ #include "net/quic/core/crypto/quic_random.h" #include "third_party/boringssl/src/include/openssl/curve25519.h" -using base::StringPiece; using std::string; namespace net { @@ -19,7 +18,7 @@ Curve25519KeyExchange::Curve25519KeyExchange() {} Curve25519KeyExchange::~Curve25519KeyExchange() {} // static -Curve25519KeyExchange* Curve25519KeyExchange::New(StringPiece private_key) { +Curve25519KeyExchange* Curve25519KeyExchange::New(QuicStringPiece private_key) { Curve25519KeyExchange* ka; // We don't want to #include the BoringSSL headers in the public header file, // so we use literals for the sizes of private_key_ and public_key_. Here we @@ -52,8 +51,9 @@ KeyExchange* Curve25519KeyExchange::NewKeyPair(QuicRandom* rand) const { return Curve25519KeyExchange::New(private_value); } -bool Curve25519KeyExchange::CalculateSharedKey(StringPiece peer_public_value, - string* out_result) const { +bool Curve25519KeyExchange::CalculateSharedKey( + QuicStringPiece peer_public_value, + string* out_result) const { if (peer_public_value.size() != X25519_PUBLIC_VALUE_LEN) { return false; } @@ -68,9 +68,9 @@ bool Curve25519KeyExchange::CalculateSharedKey(StringPiece peer_public_value, return true; } -StringPiece Curve25519KeyExchange::public_value() const { - return StringPiece(reinterpret_cast<const char*>(public_key_), - sizeof(public_key_)); +QuicStringPiece Curve25519KeyExchange::public_value() const { + return QuicStringPiece(reinterpret_cast<const char*>(public_key_), + sizeof(public_key_)); } QuicTag Curve25519KeyExchange::tag() const { diff --git a/chromium/net/quic/core/crypto/curve25519_key_exchange.h b/chromium/net/quic/core/crypto/curve25519_key_exchange.h index 0515e8d7d4e..1e23e0bc8e4 100644 --- a/chromium/net/quic/core/crypto/curve25519_key_exchange.h +++ b/chromium/net/quic/core/crypto/curve25519_key_exchange.h @@ -9,9 +9,9 @@ #include <string> #include "base/compiler_specific.h" -#include "base/strings/string_piece.h" #include "net/quic/core/crypto/key_exchange.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -25,7 +25,7 @@ class QUIC_EXPORT_PRIVATE Curve25519KeyExchange : public KeyExchange { // New creates a new object from a private key. If the private key is // invalid, nullptr is returned. - static Curve25519KeyExchange* New(base::StringPiece private_key); + static Curve25519KeyExchange* New(QuicStringPiece private_key); // NewPrivateKey returns a private key, generated from |rand|, suitable for // passing to |New|. @@ -33,9 +33,9 @@ class QUIC_EXPORT_PRIVATE Curve25519KeyExchange : public KeyExchange { // KeyExchange interface. KeyExchange* NewKeyPair(QuicRandom* rand) const override; - bool CalculateSharedKey(base::StringPiece peer_public_value, + bool CalculateSharedKey(QuicStringPiece peer_public_value, std::string* shared_key) const override; - base::StringPiece public_value() const override; + QuicStringPiece public_value() const override; QuicTag tag() const override; private: diff --git a/chromium/net/quic/core/crypto/curve25519_key_exchange_test.cc b/chromium/net/quic/core/crypto/curve25519_key_exchange_test.cc index 8dad0886a13..6ded8a76b8c 100644 --- a/chromium/net/quic/core/crypto/curve25519_key_exchange_test.cc +++ b/chromium/net/quic/core/crypto/curve25519_key_exchange_test.cc @@ -9,7 +9,6 @@ #include "net/quic/core/crypto/quic_random.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; namespace net { @@ -29,8 +28,8 @@ TEST(Curve25519KeyExchange, SharedKey) { std::unique_ptr<Curve25519KeyExchange> bob( Curve25519KeyExchange::New(bob_key)); - const StringPiece alice_public(alice->public_value()); - const StringPiece bob_public(bob->public_value()); + const QuicStringPiece alice_public(alice->public_value()); + const QuicStringPiece bob_public(bob->public_value()); string alice_shared, bob_shared; ASSERT_TRUE(alice->CalculateSharedKey(bob_public, &alice_shared)); diff --git a/chromium/net/quic/core/crypto/ephemeral_key_source.h b/chromium/net/quic/core/crypto/ephemeral_key_source.h index f05fa28e9c6..ecc061d1f4a 100644 --- a/chromium/net/quic/core/crypto/ephemeral_key_source.h +++ b/chromium/net/quic/core/crypto/ephemeral_key_source.h @@ -7,9 +7,9 @@ #include <string> -#include "base/strings/string_piece.h" #include "net/quic/core/quic_time.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -33,7 +33,7 @@ class QUIC_EXPORT_PRIVATE EphemeralKeySource { const KeyExchange* key_exchange, QuicRandom* rand, QuicTime now, - base::StringPiece peer_public_value, + QuicStringPiece peer_public_value, std::string* public_value) = 0; }; diff --git a/chromium/net/quic/core/crypto/key_exchange.h b/chromium/net/quic/core/crypto/key_exchange.h index 69da86e92fd..0e0a96ba973 100644 --- a/chromium/net/quic/core/crypto/key_exchange.h +++ b/chromium/net/quic/core/crypto/key_exchange.h @@ -7,9 +7,9 @@ #include <string> -#include "base/strings/string_piece.h" #include "net/quic/core/crypto/crypto_protocol.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -29,14 +29,14 @@ class QUIC_EXPORT_PRIVATE KeyExchange { // CalculateSharedKey computes the shared key between the local private key // (which is implicitly known by a KeyExchange object) and a public value // from the peer. - virtual bool CalculateSharedKey(base::StringPiece peer_public_value, + virtual bool CalculateSharedKey(QuicStringPiece peer_public_value, std::string* shared_key) const = 0; // public_value returns the local public key which can be sent to a peer in - // order to complete a key exchange. The returned StringPiece is a reference - // to a member of the KeyExchange and is only valid for as long as the - // KeyExchange exists. - virtual base::StringPiece public_value() const = 0; + // order to complete a key exchange. The returned QuicStringPiece is a + // reference to a member of the KeyExchange and is only valid for as long as + // the KeyExchange exists. + virtual QuicStringPiece public_value() const = 0; // tag returns the tag value that identifies this key exchange function. virtual QuicTag tag() const = 0; diff --git a/chromium/net/quic/core/crypto/local_strike_register_client.cc b/chromium/net/quic/core/crypto/local_strike_register_client.cc index 1327818aaaf..d0467f9c7b6 100644 --- a/chromium/net/quic/core/crypto/local_strike_register_client.cc +++ b/chromium/net/quic/core/crypto/local_strike_register_client.cc @@ -6,7 +6,6 @@ #include "net/quic/core/crypto/crypto_protocol.h" -using base::StringPiece; using std::string; namespace net { @@ -23,7 +22,7 @@ LocalStrikeRegisterClient::LocalStrikeRegisterClient( orbit, startup) {} -bool LocalStrikeRegisterClient::IsKnownOrbit(StringPiece orbit) const { +bool LocalStrikeRegisterClient::IsKnownOrbit(QuicStringPiece orbit) const { QuicWriterMutexLock lock(&m_); if (orbit.length() != kOrbitSize) { return false; @@ -32,7 +31,7 @@ bool LocalStrikeRegisterClient::IsKnownOrbit(StringPiece orbit) const { } void LocalStrikeRegisterClient::VerifyNonceIsValidAndUnique( - StringPiece nonce, + QuicStringPiece nonce, QuicWallTime now, ResultCallback* cb) { InsertStatus nonce_error; diff --git a/chromium/net/quic/core/crypto/local_strike_register_client.h b/chromium/net/quic/core/crypto/local_strike_register_client.h index 2679bc2f66d..315c415d44d 100644 --- a/chromium/net/quic/core/crypto/local_strike_register_client.h +++ b/chromium/net/quic/core/crypto/local_strike_register_client.h @@ -8,12 +8,12 @@ #include <cstdint> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/crypto/strike_register.h" #include "net/quic/core/crypto/strike_register_client.h" #include "net/quic/core/quic_time.h" #include "net/quic/platform/api/quic_export.h" #include "net/quic/platform/api/quic_mutex.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -28,8 +28,8 @@ class QUIC_EXPORT_PRIVATE LocalStrikeRegisterClient const uint8_t orbit[8], StrikeRegister::StartupType startup); - bool IsKnownOrbit(base::StringPiece orbit) const override; - void VerifyNonceIsValidAndUnique(base::StringPiece nonce, + bool IsKnownOrbit(QuicStringPiece orbit) const override; + void VerifyNonceIsValidAndUnique(QuicStringPiece nonce, QuicWallTime now, ResultCallback* cb) override; diff --git a/chromium/net/quic/core/crypto/local_strike_register_client_test.cc b/chromium/net/quic/core/crypto/local_strike_register_client_test.cc index 684f9bd106e..4af0afc560b 100644 --- a/chromium/net/quic/core/crypto/local_strike_register_client_test.cc +++ b/chromium/net/quic/core/crypto/local_strike_register_client_test.cc @@ -7,14 +7,12 @@ #include <memory> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "base/sys_byteorder.h" #include "net/quic/core/crypto/crypto_protocol.h" #include "net/quic/core/quic_time.h" #include "net/quic/platform/api/quic_str_cat.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; namespace net { @@ -71,13 +69,13 @@ class LocalStrikeRegisterClientTest : public ::testing::Test { TEST_F(LocalStrikeRegisterClientTest, CheckOrbit) { EXPECT_TRUE(strike_register_->IsKnownOrbit( - StringPiece(reinterpret_cast<const char*>(kOrbit), kOrbitSize))); + QuicStringPiece(reinterpret_cast<const char*>(kOrbit), kOrbitSize))); EXPECT_FALSE(strike_register_->IsKnownOrbit( - StringPiece(reinterpret_cast<const char*>(kOrbit), kOrbitSize - 1))); + QuicStringPiece(reinterpret_cast<const char*>(kOrbit), kOrbitSize - 1))); EXPECT_FALSE(strike_register_->IsKnownOrbit( - StringPiece(reinterpret_cast<const char*>(kOrbit), kOrbitSize + 1))); + QuicStringPiece(reinterpret_cast<const char*>(kOrbit), kOrbitSize + 1))); EXPECT_FALSE(strike_register_->IsKnownOrbit( - StringPiece(reinterpret_cast<const char*>(kOrbit) + 1, kOrbitSize))); + QuicStringPiece(reinterpret_cast<const char*>(kOrbit) + 1, kOrbitSize))); } TEST_F(LocalStrikeRegisterClientTest, IncorrectNonceLength) { diff --git a/chromium/net/quic/core/crypto/null_decrypter.cc b/chromium/net/quic/core/crypto/null_decrypter.cc index 6f05b4f3c1a..5e0ea06f69c 100644 --- a/chromium/net/quic/core/crypto/null_decrypter.cc +++ b/chromium/net/quic/core/crypto/null_decrypter.cc @@ -11,7 +11,6 @@ #include "net/quic/core/quic_utils.h" #include "net/quic/platform/api/quic_bug_tracker.h" -using base::StringPiece; using std::string; namespace net { @@ -19,15 +18,15 @@ namespace net { NullDecrypter::NullDecrypter(Perspective perspective) : perspective_(perspective) {} -bool NullDecrypter::SetKey(StringPiece key) { +bool NullDecrypter::SetKey(QuicStringPiece key) { return key.empty(); } -bool NullDecrypter::SetNoncePrefix(StringPiece nonce_prefix) { +bool NullDecrypter::SetNoncePrefix(QuicStringPiece nonce_prefix) { return nonce_prefix.empty(); } -bool NullDecrypter::SetPreliminaryKey(StringPiece key) { +bool NullDecrypter::SetPreliminaryKey(QuicStringPiece key) { QUIC_BUG << "Should not be called"; return false; } @@ -39,19 +38,19 @@ bool NullDecrypter::SetDiversificationNonce(const DiversificationNonce& nonce) { bool NullDecrypter::DecryptPacket(QuicVersion version, QuicPacketNumber /*packet_number*/, - StringPiece associated_data, - StringPiece ciphertext, + QuicStringPiece associated_data, + QuicStringPiece ciphertext, char* output, size_t* output_length, size_t max_output_length) { - QuicDataReader reader(ciphertext.data(), ciphertext.length()); + QuicDataReader reader(ciphertext.data(), ciphertext.length(), perspective_); uint128 hash; if (!ReadHash(&reader, &hash)) { return false; } - StringPiece plaintext = reader.ReadRemainingPayload(); + QuicStringPiece plaintext = reader.ReadRemainingPayload(); if (plaintext.length() > max_output_length) { QUIC_BUG << "Output buffer must be larger than the plaintext."; return false; @@ -65,12 +64,12 @@ bool NullDecrypter::DecryptPacket(QuicVersion version, return true; } -StringPiece NullDecrypter::GetKey() const { - return StringPiece(); +QuicStringPiece NullDecrypter::GetKey() const { + return QuicStringPiece(); } -StringPiece NullDecrypter::GetNoncePrefix() const { - return StringPiece(); +QuicStringPiece NullDecrypter::GetNoncePrefix() const { + return QuicStringPiece(); } const char* NullDecrypter::cipher_name() const { @@ -92,8 +91,8 @@ bool NullDecrypter::ReadHash(QuicDataReader* reader, uint128* hash) { } uint128 NullDecrypter::ComputeHash(QuicVersion version, - const StringPiece data1, - const StringPiece data2) const { + const QuicStringPiece data1, + const QuicStringPiece data2) const { uint128 correct_hash; if (version > QUIC_VERSION_36) { if (perspective_ == Perspective::IS_CLIENT) { diff --git a/chromium/net/quic/core/crypto/null_decrypter.h b/chromium/net/quic/core/crypto/null_decrypter.h index db93c445f51..4191e0e1108 100644 --- a/chromium/net/quic/core/crypto/null_decrypter.h +++ b/chromium/net/quic/core/crypto/null_decrypter.h @@ -14,6 +14,7 @@ #include "net/quic/core/crypto/quic_decrypter.h" #include "net/quic/core/quic_types.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -28,19 +29,19 @@ class QUIC_EXPORT_PRIVATE NullDecrypter : public QuicDecrypter { ~NullDecrypter() override {} // QuicDecrypter implementation - bool SetKey(base::StringPiece key) override; - bool SetNoncePrefix(base::StringPiece nonce_prefix) override; - bool SetPreliminaryKey(base::StringPiece key) override; + bool SetKey(QuicStringPiece key) override; + bool SetNoncePrefix(QuicStringPiece nonce_prefix) override; + bool SetPreliminaryKey(QuicStringPiece key) override; bool SetDiversificationNonce(const DiversificationNonce& nonce) override; bool DecryptPacket(QuicVersion version, QuicPacketNumber packet_number, - base::StringPiece associated_data, - base::StringPiece ciphertext, + QuicStringPiece associated_data, + QuicStringPiece ciphertext, char* output, size_t* output_length, size_t max_output_length) override; - base::StringPiece GetKey() const override; - base::StringPiece GetNoncePrefix() const override; + QuicStringPiece GetKey() const override; + QuicStringPiece GetNoncePrefix() const override; const char* cipher_name() const override; uint32_t cipher_id() const override; @@ -48,8 +49,8 @@ class QUIC_EXPORT_PRIVATE NullDecrypter : public QuicDecrypter { private: bool ReadHash(QuicDataReader* reader, uint128* hash); uint128 ComputeHash(QuicVersion version, - base::StringPiece data1, - base::StringPiece data2) const; + QuicStringPiece data1, + QuicStringPiece data2) const; Perspective perspective_; diff --git a/chromium/net/quic/core/crypto/null_decrypter_test.cc b/chromium/net/quic/core/crypto/null_decrypter_test.cc index c70964ca003..10f4c31b208 100644 --- a/chromium/net/quic/core/crypto/null_decrypter_test.cc +++ b/chromium/net/quic/core/crypto/null_decrypter_test.cc @@ -5,8 +5,6 @@ #include "net/quic/core/crypto/null_decrypter.h" #include "net/quic/test_tools/quic_test_utils.h" -using base::StringPiece; - namespace net { namespace test { @@ -25,10 +23,10 @@ TEST_F(NullDecrypterTest, DecryptClient) { char buffer[256]; size_t length = 0; ASSERT_TRUE(decrypter.DecryptPacket(QUIC_VERSION_37, 0, "hello world!", - StringPiece(data, len), buffer, &length, - 256)); + QuicStringPiece(data, len), buffer, + &length, 256)); EXPECT_LT(0u, length); - EXPECT_EQ("goodbye!", StringPiece(buffer, length)); + EXPECT_EQ("goodbye!", QuicStringPiece(buffer, length)); } TEST_F(NullDecrypterTest, DecryptServer) { @@ -44,10 +42,10 @@ TEST_F(NullDecrypterTest, DecryptServer) { char buffer[256]; size_t length = 0; ASSERT_TRUE(decrypter.DecryptPacket(QUIC_VERSION_37, 0, "hello world!", - StringPiece(data, len), buffer, &length, - 256)); + QuicStringPiece(data, len), buffer, + &length, 256)); EXPECT_LT(0u, length); - EXPECT_EQ("goodbye!", StringPiece(buffer, length)); + EXPECT_EQ("goodbye!", QuicStringPiece(buffer, length)); } TEST_F(NullDecrypterTest, DecryptClientPre37) { @@ -63,10 +61,10 @@ TEST_F(NullDecrypterTest, DecryptClientPre37) { char buffer[256]; size_t length = 0; ASSERT_TRUE(decrypter.DecryptPacket(QUIC_VERSION_36, 0, "hello world!", - StringPiece(data, len), buffer, &length, - 256)); + QuicStringPiece(data, len), buffer, + &length, 256)); EXPECT_LT(0u, length); - EXPECT_EQ("goodbye!", StringPiece(buffer, length)); + EXPECT_EQ("goodbye!", QuicStringPiece(buffer, length)); } TEST_F(NullDecrypterTest, DecryptServerPre37) { @@ -82,10 +80,10 @@ TEST_F(NullDecrypterTest, DecryptServerPre37) { char buffer[256]; size_t length = 0; ASSERT_TRUE(decrypter.DecryptPacket(QUIC_VERSION_36, 0, "hello world!", - StringPiece(data, len), buffer, &length, - 256)); + QuicStringPiece(data, len), buffer, + &length, 256)); EXPECT_LT(0u, length); - EXPECT_EQ("goodbye!", StringPiece(buffer, length)); + EXPECT_EQ("goodbye!", QuicStringPiece(buffer, length)); } TEST_F(NullDecrypterTest, BadHash) { @@ -101,8 +99,8 @@ TEST_F(NullDecrypterTest, BadHash) { char buffer[256]; size_t length = 0; ASSERT_FALSE(decrypter.DecryptPacket(QUIC_VERSION_35, 0, "hello world!", - StringPiece(data, len), buffer, &length, - 256)); + QuicStringPiece(data, len), buffer, + &length, 256)); } TEST_F(NullDecrypterTest, ShortInput) { @@ -116,8 +114,8 @@ TEST_F(NullDecrypterTest, ShortInput) { char buffer[256]; size_t length = 0; ASSERT_FALSE(decrypter.DecryptPacket(QUIC_VERSION_35, 0, "hello world!", - StringPiece(data, len), buffer, &length, - 256)); + QuicStringPiece(data, len), buffer, + &length, 256)); } } // namespace test diff --git a/chromium/net/quic/core/crypto/null_encrypter.cc b/chromium/net/quic/core/crypto/null_encrypter.cc index a7cb5d1794d..1aaf1522b68 100644 --- a/chromium/net/quic/core/crypto/null_encrypter.cc +++ b/chromium/net/quic/core/crypto/null_encrypter.cc @@ -7,7 +7,6 @@ #include "net/quic/core/quic_data_writer.h" #include "net/quic/core/quic_utils.h" -using base::StringPiece; using std::string; namespace net { @@ -17,18 +16,18 @@ const size_t kHashSizeShort = 12; // size of uint128 serialized short NullEncrypter::NullEncrypter(Perspective perspective) : perspective_(perspective) {} -bool NullEncrypter::SetKey(StringPiece key) { +bool NullEncrypter::SetKey(QuicStringPiece key) { return key.empty(); } -bool NullEncrypter::SetNoncePrefix(StringPiece nonce_prefix) { +bool NullEncrypter::SetNoncePrefix(QuicStringPiece nonce_prefix) { return nonce_prefix.empty(); } bool NullEncrypter::EncryptPacket(QuicVersion version, QuicPacketNumber /*packet_number*/, - StringPiece associated_data, - StringPiece plaintext, + QuicStringPiece associated_data, + QuicStringPiece plaintext, char* output, size_t* output_length, size_t max_output_length) { @@ -73,12 +72,12 @@ size_t NullEncrypter::GetCiphertextSize(size_t plaintext_size) const { return plaintext_size + GetHashLength(); } -StringPiece NullEncrypter::GetKey() const { - return StringPiece(); +QuicStringPiece NullEncrypter::GetKey() const { + return QuicStringPiece(); } -StringPiece NullEncrypter::GetNoncePrefix() const { - return StringPiece(); +QuicStringPiece NullEncrypter::GetNoncePrefix() const { + return QuicStringPiece(); } size_t NullEncrypter::GetHashLength() const { diff --git a/chromium/net/quic/core/crypto/null_encrypter.h b/chromium/net/quic/core/crypto/null_encrypter.h index d605d8e0667..c768c646716 100644 --- a/chromium/net/quic/core/crypto/null_encrypter.h +++ b/chromium/net/quic/core/crypto/null_encrypter.h @@ -12,6 +12,7 @@ #include "net/quic/core/crypto/quic_encrypter.h" #include "net/quic/core/quic_types.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -24,12 +25,12 @@ class QUIC_EXPORT_PRIVATE NullEncrypter : public QuicEncrypter { ~NullEncrypter() override {} // QuicEncrypter implementation - bool SetKey(base::StringPiece key) override; - bool SetNoncePrefix(base::StringPiece nonce_prefix) override; + bool SetKey(QuicStringPiece key) override; + bool SetNoncePrefix(QuicStringPiece nonce_prefix) override; bool EncryptPacket(QuicVersion version, QuicPacketNumber packet_number, - base::StringPiece associated_data, - base::StringPiece plaintext, + QuicStringPiece associated_data, + QuicStringPiece plaintext, char* output, size_t* output_length, size_t max_output_length) override; @@ -37,8 +38,8 @@ class QUIC_EXPORT_PRIVATE NullEncrypter : public QuicEncrypter { size_t GetNoncePrefixSize() const override; size_t GetMaxPlaintextSize(size_t ciphertext_size) const override; size_t GetCiphertextSize(size_t plaintext_size) const override; - base::StringPiece GetKey() const override; - base::StringPiece GetNoncePrefix() const override; + QuicStringPiece GetKey() const override; + QuicStringPiece GetNoncePrefix() const override; private: size_t GetHashLength() const; diff --git a/chromium/net/quic/core/crypto/null_encrypter_test.cc b/chromium/net/quic/core/crypto/null_encrypter_test.cc index d875e0e7dc9..a40b35e8e3d 100644 --- a/chromium/net/quic/core/crypto/null_encrypter_test.cc +++ b/chromium/net/quic/core/crypto/null_encrypter_test.cc @@ -5,8 +5,6 @@ #include "net/quic/core/crypto/null_encrypter.h" #include "net/quic/test_tools/quic_test_utils.h" -using base::StringPiece; - namespace net { namespace test { diff --git a/chromium/net/quic/core/crypto/p256_key_exchange.cc b/chromium/net/quic/core/crypto/p256_key_exchange.cc index 1e4d956ed99..09cff164ffa 100644 --- a/chromium/net/quic/core/crypto/p256_key_exchange.cc +++ b/chromium/net/quic/core/crypto/p256_key_exchange.cc @@ -15,7 +15,6 @@ #include "third_party/boringssl/src/include/openssl/err.h" #include "third_party/boringssl/src/include/openssl/evp.h" -using base::StringPiece; using std::string; namespace net { @@ -29,7 +28,7 @@ P256KeyExchange::P256KeyExchange(bssl::UniquePtr<EC_KEY> private_key, P256KeyExchange::~P256KeyExchange() {} // static -P256KeyExchange* P256KeyExchange::New(StringPiece key) { +P256KeyExchange* P256KeyExchange::New(QuicStringPiece key) { if (key.empty()) { QUIC_DLOG(INFO) << "Private key is empty"; return nullptr; @@ -83,7 +82,7 @@ KeyExchange* P256KeyExchange::NewKeyPair(QuicRandom* /*rand*/) const { return P256KeyExchange::New(private_value); } -bool P256KeyExchange::CalculateSharedKey(StringPiece peer_public_value, +bool P256KeyExchange::CalculateSharedKey(QuicStringPiece peer_public_value, string* out_result) const { if (peer_public_value.size() != kUncompressedP256PointBytes) { QUIC_DLOG(INFO) << "Peer public value is invalid"; @@ -113,9 +112,9 @@ bool P256KeyExchange::CalculateSharedKey(StringPiece peer_public_value, return true; } -StringPiece P256KeyExchange::public_value() const { - return StringPiece(reinterpret_cast<const char*>(public_key_), - sizeof(public_key_)); +QuicStringPiece P256KeyExchange::public_value() const { + return QuicStringPiece(reinterpret_cast<const char*>(public_key_), + sizeof(public_key_)); } QuicTag P256KeyExchange::tag() const { diff --git a/chromium/net/quic/core/crypto/p256_key_exchange.h b/chromium/net/quic/core/crypto/p256_key_exchange.h index 60c64fa9e6a..c742a825b94 100644 --- a/chromium/net/quic/core/crypto/p256_key_exchange.h +++ b/chromium/net/quic/core/crypto/p256_key_exchange.h @@ -9,9 +9,9 @@ #include <string> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/crypto/key_exchange.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "third_party/boringssl/src/include/openssl/base.h" namespace net { @@ -24,7 +24,7 @@ class QUIC_EXPORT_PRIVATE P256KeyExchange : public KeyExchange { // New creates a new key exchange object from a private key. If // |private_key| is invalid, nullptr is returned. - static P256KeyExchange* New(base::StringPiece private_key); + static P256KeyExchange* New(QuicStringPiece private_key); // |NewPrivateKey| returns a private key, suitable for passing to |New|. // If |NewPrivateKey| can't generate a private key, it returns an empty @@ -33,9 +33,9 @@ class QUIC_EXPORT_PRIVATE P256KeyExchange : public KeyExchange { // KeyExchange interface. KeyExchange* NewKeyPair(QuicRandom* rand) const override; - bool CalculateSharedKey(base::StringPiece peer_public_value, + bool CalculateSharedKey(QuicStringPiece peer_public_value, std::string* shared_key) const override; - base::StringPiece public_value() const override; + QuicStringPiece public_value() const override; QuicTag tag() const override; private: diff --git a/chromium/net/quic/core/crypto/p256_key_exchange_test.cc b/chromium/net/quic/core/crypto/p256_key_exchange_test.cc index 564382cbd50..7ff40220b97 100644 --- a/chromium/net/quic/core/crypto/p256_key_exchange_test.cc +++ b/chromium/net/quic/core/crypto/p256_key_exchange_test.cc @@ -30,8 +30,8 @@ TEST(P256KeyExchange, SharedKey) { ASSERT_TRUE(alice.get() != nullptr); ASSERT_TRUE(bob.get() != nullptr); - const base::StringPiece alice_public(alice->public_value()); - const base::StringPiece bob_public(bob->public_value()); + const QuicStringPiece alice_public(alice->public_value()); + const QuicStringPiece bob_public(bob->public_value()); std::string alice_shared, bob_shared; ASSERT_TRUE(alice->CalculateSharedKey(bob_public, &alice_shared)); diff --git a/chromium/net/quic/core/crypto/proof_source.h b/chromium/net/quic/core/crypto/proof_source.h index a8d7f0a7826..eb5d70bb920 100644 --- a/chromium/net/quic/core/crypto/proof_source.h +++ b/chromium/net/quic/core/crypto/proof_source.h @@ -14,6 +14,7 @@ #include "net/quic/platform/api/quic_export.h" #include "net/quic/platform/api/quic_reference_counted.h" #include "net/quic/platform/api/quic_socket_address.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -97,7 +98,7 @@ class QUIC_EXPORT_PRIVATE ProofSource { const std::string& hostname, const std::string& server_config, QuicVersion quic_version, - base::StringPiece chlo_hash, + QuicStringPiece chlo_hash, const QuicTagVector& connection_options, std::unique_ptr<Callback> callback) = 0; }; diff --git a/chromium/net/quic/core/crypto/proof_verifier.h b/chromium/net/quic/core/crypto/proof_verifier.h index fdde1598e3a..f0bb821dfff 100644 --- a/chromium/net/quic/core/crypto/proof_verifier.h +++ b/chromium/net/quic/core/crypto/proof_verifier.h @@ -12,6 +12,7 @@ #include "net/quic/core/quic_packets.h" #include "net/quic/core/quic_types.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -78,7 +79,7 @@ class QUIC_EXPORT_PRIVATE ProofVerifier { const uint16_t port, const std::string& server_config, QuicVersion quic_version, - base::StringPiece chlo_hash, + QuicStringPiece chlo_hash, const std::vector<std::string>& certs, const std::string& cert_sct, const std::string& signature, diff --git a/chromium/net/quic/core/crypto/quic_crypto_client_config.cc b/chromium/net/quic/core/crypto/quic_crypto_client_config.cc index e4366a962a7..35b44e97ffe 100644 --- a/chromium/net/quic/core/crypto/quic_crypto_client_config.cc +++ b/chromium/net/quic/core/crypto/quic_crypto_client_config.cc @@ -28,7 +28,6 @@ #include "net/quic/platform/api/quic_ptr_util.h" #include "net/quic/platform/api/quic_text_utils.h" -using base::StringPiece; using std::string; namespace net { @@ -113,7 +112,7 @@ QuicCryptoClientConfig::CachedState::GetServerConfig() const { } if (!scfg_.get()) { - scfg_ = CryptoFramer::ParseMessage(server_config_); + scfg_ = CryptoFramer::ParseMessage(server_config_, Perspective::IS_CLIENT); DCHECK(scfg_.get()); } return scfg_.get(); @@ -139,10 +138,11 @@ bool QuicCryptoClientConfig::CachedState::has_server_nonce() const { } QuicCryptoClientConfig::CachedState::ServerConfigState -QuicCryptoClientConfig::CachedState::SetServerConfig(StringPiece server_config, - QuicWallTime now, - QuicWallTime expiry_time, - string* error_details) { +QuicCryptoClientConfig::CachedState::SetServerConfig( + QuicStringPiece server_config, + QuicWallTime now, + QuicWallTime expiry_time, + string* error_details) { const bool matches_existing = server_config == server_config_; // Even if the new server config matches the existing one, we still wish to @@ -151,7 +151,8 @@ QuicCryptoClientConfig::CachedState::SetServerConfig(StringPiece server_config, const CryptoHandshakeMessage* new_scfg; if (!matches_existing) { - new_scfg_storage = CryptoFramer::ParseMessage(server_config); + new_scfg_storage = + CryptoFramer::ParseMessage(server_config, Perspective::IS_CLIENT); new_scfg = new_scfg_storage.get(); } else { new_scfg = GetServerConfig(); @@ -196,9 +197,9 @@ void QuicCryptoClientConfig::CachedState::InvalidateServerConfig() { void QuicCryptoClientConfig::CachedState::SetProof( const std::vector<string>& certs, - StringPiece cert_sct, - StringPiece chlo_hash, - StringPiece signature) { + QuicStringPiece cert_sct, + QuicStringPiece chlo_hash, + QuicStringPiece signature) { bool has_changed = signature != server_config_sig_ || chlo_hash != chlo_hash_ || certs_.size() != certs.size(); @@ -256,12 +257,12 @@ void QuicCryptoClientConfig::CachedState::SetProofInvalid() { } bool QuicCryptoClientConfig::CachedState::Initialize( - StringPiece server_config, - StringPiece source_address_token, + QuicStringPiece server_config, + QuicStringPiece source_address_token, const std::vector<string>& certs, const string& cert_sct, - StringPiece chlo_hash, - StringPiece signature, + QuicStringPiece chlo_hash, + QuicStringPiece signature, QuicWallTime now, QuicWallTime expiration_time) { DCHECK(server_config_.empty()); @@ -327,11 +328,12 @@ QuicCryptoClientConfig::CachedState::proof_verify_details() const { } void QuicCryptoClientConfig::CachedState::set_source_address_token( - StringPiece token) { + QuicStringPiece token) { source_address_token_ = token.as_string(); } -void QuicCryptoClientConfig::CachedState::set_cert_sct(StringPiece cert_sct) { +void QuicCryptoClientConfig::CachedState::set_cert_sct( + QuicStringPiece cert_sct) { cert_sct_ = cert_sct.as_string(); } @@ -441,7 +443,7 @@ void QuicCryptoClientConfig::FillInchoateClientHello( // the STK can be validated by the server. const CryptoHandshakeMessage* scfg = cached->GetServerConfig(); if (scfg != nullptr) { - StringPiece scid; + QuicStringPiece scid; if (scfg->GetStringPiece(kSCID, &scid)) { out->SetStringPiece(kSCID, scid); } @@ -457,7 +459,8 @@ void QuicCryptoClientConfig::FillInchoateClientHello( char proof_nonce[32]; rand->RandBytes(proof_nonce, arraysize(proof_nonce)); - out->SetStringPiece(kNONP, StringPiece(proof_nonce, arraysize(proof_nonce))); + out->SetStringPiece(kNONP, + QuicStringPiece(proof_nonce, arraysize(proof_nonce))); out->SetVector(kPDMD, QuicTagVector{kX509}); @@ -508,7 +511,7 @@ QuicErrorCode QuicCryptoClientConfig::FillClientHello( return QUIC_CRYPTO_INTERNAL_ERROR; } - StringPiece scid; + QuicStringPiece scid; if (!scfg->GetStringPiece(kSCID, &scid)) { *error_details = "SCFG missing SCID"; return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; @@ -564,14 +567,14 @@ QuicErrorCode QuicCryptoClientConfig::FillClientHello( } } - StringPiece public_value; + QuicStringPiece public_value; if (scfg->GetNthValue24(kPUBS, key_exchange_index, &public_value) != QUIC_NO_ERROR) { *error_details = "Missing public value"; return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; } - StringPiece orbit; + QuicStringPiece orbit; if (!scfg->GetStringPiece(kORBT, &orbit) || orbit.size() != kOrbitSize) { *error_details = "SCFG missing OBIT"; return QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND; @@ -623,7 +626,8 @@ QuicErrorCode QuicCryptoClientConfig::FillClientHello( cetv.set_tag(kCETV); string hkdf_input; - const QuicData& client_hello_serialized = out->GetSerialized(); + const QuicData& client_hello_serialized = + out->GetSerialized(Perspective::IS_CLIENT); hkdf_input.append(QuicCryptoConfig::kCETVLabel, strlen(QuicCryptoConfig::kCETVLabel) + 1); hkdf_input.append(reinterpret_cast<char*>(&connection_id), @@ -652,20 +656,21 @@ QuicErrorCode QuicCryptoClientConfig::FillClientHello( return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; } - const QuicData& cetv_plaintext = cetv.GetSerialized(); + const QuicData& cetv_plaintext = cetv.GetSerialized(Perspective::IS_CLIENT); const size_t encrypted_len = crypters.encrypter->GetCiphertextSize(cetv_plaintext.length()); std::unique_ptr<char[]> output(new char[encrypted_len]); size_t output_size = 0; if (!crypters.encrypter->EncryptPacket( preferred_version, 0 /* packet number */, - StringPiece() /* associated data */, cetv_plaintext.AsStringPiece(), - output.get(), &output_size, encrypted_len)) { + QuicStringPiece() /* associated data */, + cetv_plaintext.AsStringPiece(), output.get(), &output_size, + encrypted_len)) { *error_details = "Packet encryption failed"; return QUIC_ENCRYPTION_FAILURE; } - out->SetStringPiece(kCETV, StringPiece(output.get(), output_size)); + out->SetStringPiece(kCETV, QuicStringPiece(output.get(), output_size)); out->MarkDirty(); out->set_minimum_size(orig_min_size); @@ -678,7 +683,8 @@ QuicErrorCode QuicCryptoClientConfig::FillClientHello( out_params->hkdf_input_suffix.clear(); out_params->hkdf_input_suffix.append(reinterpret_cast<char*>(&connection_id), sizeof(connection_id)); - const QuicData& client_hello_serialized = out->GetSerialized(); + const QuicData& client_hello_serialized = + out->GetSerialized(Perspective::IS_CLIENT); out_params->hkdf_input_suffix.append(client_hello_serialized.data(), client_hello_serialized.length()); out_params->hkdf_input_suffix.append(cached->server_config()); @@ -712,13 +718,13 @@ QuicErrorCode QuicCryptoClientConfig::CacheNewServerConfig( const CryptoHandshakeMessage& message, QuicWallTime now, QuicVersion version, - StringPiece chlo_hash, + QuicStringPiece chlo_hash, const std::vector<string>& cached_certs, CachedState* cached, string* error_details) { DCHECK(error_details != nullptr); - StringPiece scfg; + QuicStringPiece scfg; if (!message.GetStringPiece(kSCFG, &scfg)) { *error_details = "Missing SCFG"; return QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND; @@ -743,12 +749,12 @@ QuicErrorCode QuicCryptoClientConfig::CacheNewServerConfig( return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; } - StringPiece token; + QuicStringPiece token; if (message.GetStringPiece(kSourceAddressTokenTag, &token)) { cached->set_source_address_token(token); } - StringPiece proof, cert_bytes, cert_sct; + QuicStringPiece proof, cert_bytes, cert_sct; bool has_proof = message.GetStringPiece(kPROF, &proof); bool has_cert = message.GetStringPiece(kCertificateTag, &cert_bytes); if (has_proof && has_cert) { @@ -784,7 +790,7 @@ QuicErrorCode QuicCryptoClientConfig::ProcessRejection( const CryptoHandshakeMessage& rej, QuicWallTime now, const QuicVersion version, - StringPiece chlo_hash, + QuicStringPiece chlo_hash, CachedState* cached, QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> out_params, string* error_details) { @@ -802,7 +808,7 @@ QuicErrorCode QuicCryptoClientConfig::ProcessRejection( return error; } - StringPiece nonce; + QuicStringPiece nonce; if (rej.GetStringPiece(kServerNonceTag, &nonce)) { out_params->server_nonce = nonce.as_string(); } @@ -840,12 +846,12 @@ QuicErrorCode QuicCryptoClientConfig::ProcessServerHello( } // Learn about updated source address tokens. - StringPiece token; + QuicStringPiece token; if (server_hello.GetStringPiece(kSourceAddressTokenTag, &token)) { cached->set_source_address_token(token); } - StringPiece shlo_nonce; + QuicStringPiece shlo_nonce; if (!server_hello.GetStringPiece(kServerNonceTag, &shlo_nonce)) { *error_details = "server hello missing server nonce"; return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; @@ -854,7 +860,7 @@ QuicErrorCode QuicCryptoClientConfig::ProcessServerHello( // TODO(agl): // learn about updated SCFGs. - StringPiece public_value; + QuicStringPiece public_value; if (!server_hello.GetStringPiece(kPUBS, &public_value)) { *error_details = "server hello missing forward secure public value"; return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; @@ -890,7 +896,7 @@ QuicErrorCode QuicCryptoClientConfig::ProcessServerConfigUpdate( const CryptoHandshakeMessage& server_config_update, QuicWallTime now, const QuicVersion version, - StringPiece chlo_hash, + QuicStringPiece chlo_hash, CachedState* cached, QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> out_params, string* error_details) { diff --git a/chromium/net/quic/core/crypto/quic_crypto_client_config.h b/chromium/net/quic/core/crypto/quic_crypto_client_config.h index 551307b96cd..682259dc75e 100644 --- a/chromium/net/quic/core/crypto/quic_crypto_client_config.h +++ b/chromium/net/quic/core/crypto/quic_crypto_client_config.h @@ -13,12 +13,12 @@ #include <vector> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/crypto/crypto_handshake.h" #include "net/quic/core/quic_packets.h" #include "net/quic/core/quic_server_id.h" #include "net/quic/platform/api/quic_export.h" #include "net/quic/platform/api/quic_reference_counted.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -76,7 +76,7 @@ class QUIC_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig { // SetServerConfig checks that |server_config| parses correctly and stores // it in |server_config_|. |now| is used to judge whether |server_config| // has expired. - ServerConfigState SetServerConfig(base::StringPiece server_config, + ServerConfigState SetServerConfig(QuicStringPiece server_config, QuicWallTime now, QuicWallTime expiry_time, std::string* error_details); @@ -86,9 +86,9 @@ class QUIC_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig { // SetProof stores a cert chain, cert signed timestamp and signature. void SetProof(const std::vector<std::string>& certs, - base::StringPiece cert_sct, - base::StringPiece chlo_hash, - base::StringPiece signature); + QuicStringPiece cert_sct, + QuicStringPiece chlo_hash, + QuicStringPiece signature); // Clears all the data. void Clear(); @@ -116,9 +116,9 @@ class QUIC_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig { uint64_t generation_counter() const; const ProofVerifyDetails* proof_verify_details() const; - void set_source_address_token(base::StringPiece token); + void set_source_address_token(QuicStringPiece token); - void set_cert_sct(base::StringPiece cert_sct); + void set_cert_sct(QuicStringPiece cert_sct); // Adds the connection ID to the queue of server-designated connection-ids. void add_server_designated_connection_id(QuicConnectionId connection_id); @@ -157,12 +157,12 @@ class QUIC_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig { // Initializes this cached state based on the arguments provided. // Returns false if there is a problem parsing the server config. - bool Initialize(base::StringPiece server_config, - base::StringPiece source_address_token, + bool Initialize(QuicStringPiece server_config, + QuicStringPiece source_address_token, const std::vector<std::string>& certs, const std::string& cert_sct, - base::StringPiece chlo_hash, - base::StringPiece signature, + QuicStringPiece chlo_hash, + QuicStringPiece signature, QuicWallTime now, QuicWallTime expiration_time); @@ -273,7 +273,7 @@ class QUIC_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig { const CryptoHandshakeMessage& rej, QuicWallTime now, QuicVersion version, - base::StringPiece chlo_hash, + QuicStringPiece chlo_hash, CachedState* cached, QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> out_params, std::string* error_details); @@ -305,7 +305,7 @@ class QUIC_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig { const CryptoHandshakeMessage& server_update, QuicWallTime now, const QuicVersion version, - base::StringPiece chlo_hash, + QuicStringPiece chlo_hash, CachedState* cached, QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> out_params, std::string* error_details); @@ -355,7 +355,7 @@ class QUIC_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig { const CryptoHandshakeMessage& message, QuicWallTime now, const QuicVersion version, - base::StringPiece chlo_hash, + QuicStringPiece chlo_hash, const std::vector<std::string>& cached_certs, CachedState* cached, std::string* error_details); diff --git a/chromium/net/quic/core/crypto/quic_crypto_client_config_test.cc b/chromium/net/quic/core/crypto/quic_crypto_client_config_test.cc index 68bae7d1845..694767f177a 100644 --- a/chromium/net/quic/core/crypto/quic_crypto_client_config_test.cc +++ b/chromium/net/quic/core/crypto/quic_crypto_client_config_test.cc @@ -180,7 +180,7 @@ TEST(QuicCryptoClientConfigTest, InchoateChlo) { QuicTag cver; EXPECT_EQ(QUIC_NO_ERROR, msg.GetUint32(kVER, &cver)); EXPECT_EQ(QuicVersionToQuicTag(QuicVersionMax()), cver); - StringPiece proof_nonce; + QuicStringPiece proof_nonce; EXPECT_TRUE(msg.GetStringPiece(kNONP, &proof_nonce)); EXPECT_EQ(string(32, 'r'), proof_nonce); } @@ -207,7 +207,7 @@ TEST(QuicCryptoClientConfigTest, InchoateChloSecure) { QuicTag pdmd; EXPECT_EQ(QUIC_NO_ERROR, msg.GetUint32(kPDMD, &pdmd)); EXPECT_EQ(kX509, pdmd); - StringPiece scid; + QuicStringPiece scid; EXPECT_FALSE(msg.GetStringPiece(kSCID, &scid)); } @@ -221,8 +221,9 @@ TEST(QuicCryptoClientConfigTest, InchoateChloSecureWithSCIDNoEXPY) { string details; QuicWallTime now = QuicWallTime::FromUNIXSeconds(1); QuicWallTime expiry = QuicWallTime::FromUNIXSeconds(2); - state.SetServerConfig(scfg.GetSerialized().AsStringPiece(), now, expiry, - &details); + state.SetServerConfig( + scfg.GetSerialized(Perspective::IS_CLIENT).AsStringPiece(), now, expiry, + &details); QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting()); QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> params( @@ -233,7 +234,7 @@ TEST(QuicCryptoClientConfigTest, InchoateChloSecureWithSCIDNoEXPY) { config.FillInchoateClientHello(server_id, QuicVersionMax(), &state, &rand, /* demand_x509_proof= */ true, params, &msg); - StringPiece scid; + QuicStringPiece scid; EXPECT_TRUE(msg.GetStringPiece(kSCID, &scid)); EXPECT_EQ("12345678", scid); } @@ -246,9 +247,10 @@ TEST(QuicCryptoClientConfigTest, InchoateChloSecureWithSCID) { scfg.SetValue(kEXPY, future); scfg.SetStringPiece(kSCID, "12345678"); string details; - state.SetServerConfig(scfg.GetSerialized().AsStringPiece(), - QuicWallTime::FromUNIXSeconds(1), - QuicWallTime::FromUNIXSeconds(0), &details); + state.SetServerConfig( + scfg.GetSerialized(Perspective::IS_CLIENT).AsStringPiece(), + QuicWallTime::FromUNIXSeconds(1), QuicWallTime::FromUNIXSeconds(0), + &details); QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting()); QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> params( @@ -259,7 +261,7 @@ TEST(QuicCryptoClientConfigTest, InchoateChloSecureWithSCID) { config.FillInchoateClientHello(server_id, QuicVersionMax(), &state, &rand, /* demand_x509_proof= */ true, params, &msg); - StringPiece scid; + QuicStringPiece scid; EXPECT_TRUE(msg.GetStringPiece(kSCID, &scid)); EXPECT_EQ("12345678", scid); } @@ -387,9 +389,10 @@ TEST(QuicCryptoClientConfigTest, ClearCachedStates) { scfg.SetValue(kEXPY, future); scfg.SetStringPiece(kSCID, "12345678"); string details; - state->SetServerConfig(scfg.GetSerialized().AsStringPiece(), - QuicWallTime::FromUNIXSeconds(0), - QuicWallTime::FromUNIXSeconds(future), &details); + state->SetServerConfig( + scfg.GetSerialized(Perspective::IS_CLIENT).AsStringPiece(), + QuicWallTime::FromUNIXSeconds(0), + QuicWallTime::FromUNIXSeconds(future), &details); std::vector<string> certs(1); certs[0] = "Hello Cert for " + host; diff --git a/chromium/net/quic/core/crypto/quic_crypto_server_config.cc b/chromium/net/quic/core/crypto/quic_crypto_server_config.cc index c5582fd124d..b7a44bdeac7 100644 --- a/chromium/net/quic/core/crypto/quic_crypto_server_config.cc +++ b/chromium/net/quic/core/crypto/quic_crypto_server_config.cc @@ -41,7 +41,6 @@ #include "net/quic/platform/api/quic_text_utils.h" #include "third_party/boringssl/src/include/openssl/sha.h" -using base::StringPiece; using std::string; namespace net { @@ -56,11 +55,12 @@ const size_t kMultiplier = 3; const int kMaxTokenAddresses = 4; -string DeriveSourceAddressTokenKey(StringPiece source_address_token_secret) { - crypto::HKDF hkdf(source_address_token_secret, StringPiece() /* no salt */, - "QUIC source address token key", - CryptoSecretBoxer::GetKeySize(), 0 /* no fixed IV needed */, - 0 /* no subkey secret */); +string DeriveSourceAddressTokenKey( + QuicStringPiece source_address_token_secret) { + crypto::HKDF hkdf( + source_address_token_secret, QuicStringPiece() /* no salt */, + "QUIC source address token key", CryptoSecretBoxer::GetKeySize(), + 0 /* no fixed IV needed */, 0 /* no subkey secret */); return hkdf.server_write_key().as_string(); } @@ -148,7 +148,7 @@ QuicCryptoServerConfig::ConfigOptions::ConfigOptions( QuicCryptoServerConfig::ConfigOptions::~ConfigOptions() {} QuicCryptoServerConfig::QuicCryptoServerConfig( - StringPiece source_address_token_secret, + QuicStringPiece source_address_token_secret, QuicRandom* server_nonce_entropy, std::unique_ptr<ProofSource> proof_source) : replay_protection_(true), @@ -189,7 +189,7 @@ QuicCryptoServerConfig::GenerateConfig(QuicRandom* rand, Curve25519KeyExchange::NewPrivateKey(rand); std::unique_ptr<Curve25519KeyExchange> curve25519( Curve25519KeyExchange::New(curve25519_private_key)); - StringPiece curve25519_public_value = curve25519->public_value(); + QuicStringPiece curve25519_public_value = curve25519->public_value(); string encoded_public_values; // First three bytes encode the length of the public value. @@ -208,7 +208,7 @@ QuicCryptoServerConfig::GenerateConfig(QuicRandom* rand, p256_private_key = P256KeyExchange::NewPrivateKey(); std::unique_ptr<P256KeyExchange> p256( P256KeyExchange::New(p256_private_key)); - StringPiece p256_public_value = p256->public_value(); + QuicStringPiece p256_public_value = p256->public_value(); DCHECK_LT(p256_public_value.size(), (1U << 24)); encoded_public_values.push_back( @@ -247,7 +247,7 @@ QuicCryptoServerConfig::GenerateConfig(QuicRandom* rand, DCHECK(options.orbit.empty()); rand->RandBytes(orbit_bytes, sizeof(orbit_bytes)); } - msg.SetStringPiece(kORBT, StringPiece(orbit_bytes, sizeof(orbit_bytes))); + msg.SetStringPiece(kORBT, QuicStringPiece(orbit_bytes, sizeof(orbit_bytes))); if (options.channel_id_enabled) { msg.SetVector(kPDMD, QuicTagVector{kCHID}); @@ -261,7 +261,7 @@ QuicCryptoServerConfig::GenerateConfig(QuicRandom* rand, // We need to ensure that the SCID changes whenever the server config does // thus we make it a hash of the rest of the server config. std::unique_ptr<QuicData> serialized( - CryptoFramer::ConstructHandshakeMessage(msg)); + CryptoFramer::ConstructHandshakeMessage(msg, Perspective::IS_SERVER)); uint8_t scid_bytes[SHA256_DIGEST_LENGTH]; SHA256(reinterpret_cast<const uint8_t*>(serialized->data()), @@ -269,7 +269,7 @@ QuicCryptoServerConfig::GenerateConfig(QuicRandom* rand, // The SCID is a truncated SHA-256 digest. static_assert(16 <= SHA256_DIGEST_LENGTH, "SCID length too high."); msg.SetStringPiece( - kSCID, StringPiece(reinterpret_cast<const char*>(scid_bytes), 16)); + kSCID, QuicStringPiece(reinterpret_cast<const char*>(scid_bytes), 16)); } else { msg.SetStringPiece(kSCID, options.id); } @@ -278,7 +278,7 @@ QuicCryptoServerConfig::GenerateConfig(QuicRandom* rand, // preceding if block. std::unique_ptr<QuicData> serialized( - CryptoFramer::ConstructHandshakeMessage(msg)); + CryptoFramer::ConstructHandshakeMessage(msg, Perspective::IS_SERVER)); std::unique_ptr<QuicServerConfigProtobuf> config( new QuicServerConfigProtobuf); @@ -300,7 +300,7 @@ CryptoHandshakeMessage* QuicCryptoServerConfig::AddConfig( std::unique_ptr<QuicServerConfigProtobuf> protobuf, const QuicWallTime now) { std::unique_ptr<CryptoHandshakeMessage> msg( - CryptoFramer::ParseMessage(protobuf->config())); + CryptoFramer::ParseMessage(protobuf->config(), Perspective::IS_SERVER)); if (!msg.get()) { QUIC_LOG(WARNING) << "Failed to parse server config message"; @@ -440,7 +440,7 @@ void QuicCryptoServerConfig::ValidateClientHello( new ValidateClientHelloResultCallback::Result(client_hello, client_ip, now)); - StringPiece requested_scid; + QuicStringPiece requested_scid; client_hello.GetStringPiece(kSCID, &requested_scid); QuicReferenceCountedPointer<Config> requested_config; @@ -640,7 +640,7 @@ void QuicCryptoServerConfig::ProcessClientHello( return; } - StringPiece requested_scid; + QuicStringPiece requested_scid; client_hello.GetStringPiece(kSCID, &requested_scid); const QuicWallTime now(clock->WallNow()); @@ -688,7 +688,8 @@ void QuicCryptoServerConfig::ProcessClientHello( } DCHECK(proof_source_.get()); string chlo_hash; - CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); + CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash, + Perspective::IS_SERVER); // No need to get a new proof if one was already generated. if (!signed_config->chain) { @@ -757,7 +758,7 @@ void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof( std::unique_ptr<DiversificationNonce> out_diversification_nonce( new DiversificationNonce); - StringPiece cert_sct; + QuicStringPiece cert_sct; if (client_hello.GetStringPiece(kCertificateSCTTag, &cert_sct) && cert_sct.empty()) { params->sct_supported_by_client = true; @@ -826,7 +827,7 @@ void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof( } } - StringPiece public_value; + QuicStringPiece public_value; if (!client_hello.GetStringPiece(kPUBS, &public_value)) { helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER, "Missing public value"); return; @@ -848,7 +849,8 @@ void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof( } string hkdf_suffix; - const QuicData& client_hello_serialized = client_hello.GetSerialized(); + const QuicData& client_hello_serialized = + client_hello.GetSerialized(Perspective::IS_SERVER); hkdf_suffix.reserve(sizeof(connection_id) + client_hello_serialized.length() + requested_config->serialized.size()); hkdf_suffix.append(reinterpret_cast<char*>(&connection_id), @@ -863,7 +865,7 @@ void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof( } hkdf_suffix.append(signed_config->chain->certs.at(0)); - StringPiece cetv_ciphertext; + QuicStringPiece cetv_ciphertext; if (requested_config->channel_id_enabled && client_hello.GetStringPiece(kCETV, &cetv_ciphertext)) { CryptoHandshakeMessage client_hello_copy(client_hello); @@ -871,7 +873,7 @@ void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof( client_hello_copy.Erase(kPAD); const QuicData& client_hello_copy_serialized = - client_hello_copy.GetSerialized(); + client_hello_copy.GetSerialized(Perspective::IS_SERVER); string hkdf_input; hkdf_input.append(QuicCryptoConfig::kCETVLabel, strlen(QuicCryptoConfig::kCETVLabel) + 1); @@ -896,21 +898,21 @@ void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof( size_t plaintext_length = 0; const bool success = crypters.decrypter->DecryptPacket( QUIC_VERSION_35, 0 /* packet number */, - StringPiece() /* associated data */, cetv_ciphertext, plaintext, + QuicStringPiece() /* associated data */, cetv_ciphertext, plaintext, &plaintext_length, kMaxPacketSize); if (!success) { helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER, "CETV decryption failure"); return; } - std::unique_ptr<CryptoHandshakeMessage> cetv( - CryptoFramer::ParseMessage(StringPiece(plaintext, plaintext_length))); + std::unique_ptr<CryptoHandshakeMessage> cetv(CryptoFramer::ParseMessage( + QuicStringPiece(plaintext, plaintext_length), Perspective::IS_SERVER)); if (!cetv.get()) { helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER, "CETV parse error"); return; } - StringPiece key, signature; + QuicStringPiece key, signature; if (cetv->GetStringPiece(kCIDK, &key) && cetv->GetStringPiece(kCIDS, &signature)) { if (!ChannelIDVerifier::Verify(key, hkdf_input, signature)) { @@ -1005,7 +1007,8 @@ void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof( } QuicReferenceCountedPointer<QuicCryptoServerConfig::Config> -QuicCryptoServerConfig::GetConfigWithScid(StringPiece requested_scid) const { +QuicCryptoServerConfig::GetConfigWithScid( + QuicStringPiece requested_scid) const { configs_lock_.AssertReaderHeld(); if (!requested_scid.empty()) { @@ -1207,7 +1210,7 @@ void QuicCryptoServerConfig::EvaluateClientHello( client_hello.GetStringPiece(kUAID, &info->user_agent_id); HandshakeFailureReason source_address_token_error = MAX_FAILURE_REASON; - StringPiece srct; + QuicStringPiece srct; if (client_hello.GetStringPiece(kSourceAddressTokenTag, &srct)) { Config& config = requested_config != nullptr ? *requested_config : *primary_config; @@ -1226,7 +1229,7 @@ void QuicCryptoServerConfig::EvaluateClientHello( } if (!requested_config.get()) { - StringPiece requested_scid; + QuicStringPiece requested_scid; if (client_hello.GetStringPiece(kSCID, &requested_scid)) { info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); } else { @@ -1254,7 +1257,8 @@ void QuicCryptoServerConfig::EvaluateClientHello( bool get_proof_failed = false; string serialized_config = primary_config->serialized; string chlo_hash; - CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); + CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash, + Perspective::IS_SERVER); bool need_proof = true; need_proof = !signed_config->chain; const QuicTag* tag_ptr; @@ -1317,8 +1321,9 @@ void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof( if (info->client_nonce.size() != kNonceSize) { info->reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE); // Invalid client nonce. - QUIC_LOG_FIRST_N(ERROR, 2) << "Invalid client nonce: " - << client_hello.DebugString(); + QUIC_LOG_FIRST_N(ERROR, 2) + << "Invalid client nonce: " + << client_hello.DebugString(Perspective::IS_SERVER); QUIC_DLOG(INFO) << "Invalid client nonce."; } @@ -1337,7 +1342,7 @@ void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof( void QuicCryptoServerConfig::BuildServerConfigUpdateMessage( QuicVersion version, - StringPiece chlo_hash, + QuicStringPiece chlo_hash, const SourceAddressTokens& previous_source_address_tokens, const QuicSocketAddress& server_address, const QuicIpAddress& client_ip, @@ -1498,12 +1503,12 @@ void QuicCryptoServerConfig::BuildRejection( return; } - StringPiece client_common_set_hashes; + QuicStringPiece client_common_set_hashes; if (client_hello.GetStringPiece(kCCS, &client_common_set_hashes)) { params->client_common_set_hashes = client_common_set_hashes.as_string(); } - StringPiece client_cached_cert_hashes; + QuicStringPiece client_cached_cert_hashes; if (client_hello.GetStringPiece(kCCRT, &client_cached_cert_hashes)) { params->client_cached_cert_hashes = client_cached_cert_hashes.as_string(); } @@ -1583,7 +1588,7 @@ QuicReferenceCountedPointer<QuicCryptoServerConfig::Config> QuicCryptoServerConfig::ParseConfigProtobuf( const std::unique_ptr<QuicServerConfigProtobuf>& protobuf) { std::unique_ptr<CryptoHandshakeMessage> msg( - CryptoFramer::ParseMessage(protobuf->config())); + CryptoFramer::ParseMessage(protobuf->config(), Perspective::IS_SERVER)); if (msg->tag() != kSCFG) { QUIC_LOG(WARNING) << "Server config message has tag " << msg->tag() @@ -1602,7 +1607,7 @@ QuicCryptoServerConfig::ParseConfigProtobuf( config->priority = protobuf->priority(); - StringPiece scid; + QuicStringPiece scid; if (!msg->GetStringPiece(kSCID, &scid)) { QUIC_LOG(WARNING) << "Server config message is missing SCID"; return nullptr; @@ -1635,7 +1640,7 @@ QuicCryptoServerConfig::ParseConfigProtobuf( } config->tb_key_params = std::vector<QuicTag>(tbkp_tags, tbkp_tags + tbkp_len); - StringPiece orbit; + QuicStringPiece orbit; if (!msg->GetStringPiece(kORBT, &orbit)) { QUIC_LOG(WARNING) << "Server config message is missing ORBT"; return nullptr; @@ -1814,10 +1819,10 @@ int QuicCryptoServerConfig::NumberOfConfigs() const { HandshakeFailureReason QuicCryptoServerConfig::ParseSourceAddressToken( const Config& config, - StringPiece token, + QuicStringPiece token, SourceAddressTokens* tokens) const { string storage; - StringPiece plaintext; + QuicStringPiece plaintext; if (!config.source_address_token_boxer->Unbox(token, &storage, &plaintext)) { return SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE; } @@ -1907,8 +1912,8 @@ string QuicCryptoServerConfig::NewServerNonce(QuicRandom* rand, sizeof(server_nonce) - sizeof(timestamp)); return server_nonce_boxer_.Box( - rand, - StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce))); + rand, QuicStringPiece(reinterpret_cast<char*>(server_nonce), + sizeof(server_nonce))); } bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate( diff --git a/chromium/net/quic/core/crypto/quic_crypto_server_config.h b/chromium/net/quic/core/crypto/quic_crypto_server_config.h index 358f6afabb6..9c30c01bd06 100644 --- a/chromium/net/quic/core/crypto/quic_crypto_server_config.h +++ b/chromium/net/quic/core/crypto/quic_crypto_server_config.h @@ -13,7 +13,6 @@ #include <vector> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/crypto/crypto_handshake.h" #include "net/quic/core/crypto/crypto_handshake_message.h" #include "net/quic/core/crypto/crypto_protocol.h" @@ -28,6 +27,7 @@ #include "net/quic/platform/api/quic_mutex.h" #include "net/quic/platform/api/quic_reference_counted.h" #include "net/quic/platform/api/quic_socket_address.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -53,10 +53,10 @@ struct ClientHelloInfo { // Outputs from EvaluateClientHello. bool valid_source_address_token; - base::StringPiece sni; - base::StringPiece client_nonce; - base::StringPiece server_nonce; - base::StringPiece user_agent_id; + QuicStringPiece sni; + QuicStringPiece client_nonce; + QuicStringPiece server_nonce; + QuicStringPiece user_agent_id; SourceAddressTokens source_address_tokens; // Errors from EvaluateClientHello. @@ -194,7 +194,7 @@ class QUIC_EXPORT_PRIVATE QuicCryptoServerConfig { // server. Not owned. // |proof_source|: provides certificate chains and signatures. This class // takes ownership of |proof_source|. - QuicCryptoServerConfig(base::StringPiece source_address_token_secret, + QuicCryptoServerConfig(QuicStringPiece source_address_token_secret, QuicRandom* server_nonce_entropy, std::unique_ptr<ProofSource> proof_source); ~QuicCryptoServerConfig(); @@ -336,7 +336,7 @@ class QUIC_EXPORT_PRIVATE QuicCryptoServerConfig { // |cached_network_params| is optional, and can be nullptr. void BuildServerConfigUpdateMessage( QuicVersion version, - base::StringPiece chlo_hash, + QuicStringPiece chlo_hash, const SourceAddressTokens& previous_source_address_tokens, const QuicSocketAddress& server_address, const QuicIpAddress& client_ip, @@ -466,7 +466,7 @@ class QUIC_EXPORT_PRIVATE QuicCryptoServerConfig { // Get a ref to the config with a given server config id. QuicReferenceCountedPointer<Config> GetConfigWithScid( - base::StringPiece requested_scid) const + QuicStringPiece requested_scid) const SHARED_LOCKS_REQUIRED(configs_lock_); // ConfigPrimaryTimeLessThan returns true if a->primary_time < @@ -595,7 +595,7 @@ class QUIC_EXPORT_PRIVATE QuicCryptoServerConfig { // failure. HandshakeFailureReason ParseSourceAddressToken( const Config& config, - base::StringPiece token, + QuicStringPiece token, SourceAddressTokens* tokens) const; // ValidateSourceAddressTokens returns HANDSHAKE_OK if the source address diff --git a/chromium/net/quic/core/crypto/quic_crypto_server_config_test.cc b/chromium/net/quic/core/crypto/quic_crypto_server_config_test.cc index c002e57f928..d67030e4246 100644 --- a/chromium/net/quic/core/crypto/quic_crypto_server_config_test.cc +++ b/chromium/net/quic/core/crypto/quic_crypto_server_config_test.cc @@ -21,7 +21,6 @@ #include "net/quic/test_tools/quic_crypto_server_config_peer.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; namespace net { @@ -125,8 +124,8 @@ TEST(QuicCryptoServerConfigTest, CompressDifferentCerts) { static const uint64_t set_hash = 42; std::unique_ptr<CommonCertSets> common_sets( crypto_test_utils::MockCommonCertSets(certs[0], set_hash, 1)); - StringPiece different_common_certs(reinterpret_cast<const char*>(&set_hash), - sizeof(set_hash)); + QuicStringPiece different_common_certs( + reinterpret_cast<const char*>(&set_hash), sizeof(set_hash)); string compressed3 = QuicCryptoServerConfigPeer::CompressChain( &compressed_certs_cache, chain, different_common_certs.as_string(), cached_certs, common_sets.get()); @@ -173,14 +172,14 @@ class SourceAddressTokenTest : public ::testing::Test { } HandshakeFailureReason ValidateSourceAddressTokens(string config_id, - StringPiece srct, + QuicStringPiece srct, const QuicIpAddress& ip) { return ValidateSourceAddressTokens(config_id, srct, ip, nullptr); } HandshakeFailureReason ValidateSourceAddressTokens( string config_id, - StringPiece srct, + QuicStringPiece srct, const QuicIpAddress& ip, CachedNetworkParameters* cached_network_params) { return peer_.ValidateSourceAddressTokens( diff --git a/chromium/net/quic/core/crypto/quic_decrypter.cc b/chromium/net/quic/core/crypto/quic_decrypter.cc index f7719144bcf..99c2a814d8b 100644 --- a/chromium/net/quic/core/crypto/quic_decrypter.cc +++ b/chromium/net/quic/core/crypto/quic_decrypter.cc @@ -11,7 +11,6 @@ #include "net/quic/core/crypto/null_decrypter.h" #include "net/quic/platform/api/quic_logging.h" -using base::StringPiece; using std::string; namespace net { @@ -30,15 +29,15 @@ QuicDecrypter* QuicDecrypter::Create(QuicTag algorithm) { } // static -void QuicDecrypter::DiversifyPreliminaryKey(StringPiece preliminary_key, - StringPiece nonce_prefix, +void QuicDecrypter::DiversifyPreliminaryKey(QuicStringPiece preliminary_key, + QuicStringPiece nonce_prefix, const DiversificationNonce& nonce, size_t key_size, size_t nonce_prefix_size, string* out_key, string* out_nonce_prefix) { crypto::HKDF hkdf(preliminary_key.as_string() + nonce_prefix.as_string(), - StringPiece(nonce.data(), nonce.size()), + QuicStringPiece(nonce.data(), nonce.size()), "QUIC key diversification", 0, key_size, 0, nonce_prefix_size, 0); *out_key = hkdf.server_write_key().as_string(); diff --git a/chromium/net/quic/core/crypto/quic_decrypter.h b/chromium/net/quic/core/crypto/quic_decrypter.h index a47643ea8b7..0b9a700a0af 100644 --- a/chromium/net/quic/core/crypto/quic_decrypter.h +++ b/chromium/net/quic/core/crypto/quic_decrypter.h @@ -10,6 +10,7 @@ #include "net/quic/core/quic_packets.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -23,7 +24,7 @@ class QUIC_EXPORT_PRIVATE QuicDecrypter { // // NOTE: The key is the client_write_key or server_write_key derived from // the master secret. - virtual bool SetKey(base::StringPiece key) = 0; + virtual bool SetKey(QuicStringPiece key) = 0; // Sets the fixed initial bytes of the nonce. Returns true on success, // false on failure. @@ -40,7 +41,7 @@ class QUIC_EXPORT_PRIVATE QuicDecrypter { // // The security of the nonce format requires that QUIC never reuse a // packet number, even when retransmitting a lost packet. - virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) = 0; + virtual bool SetNoncePrefix(QuicStringPiece nonce_prefix) = 0; // Sets the encryption key. Returns true on success, false on failure. // |DecryptPacket| may not be called until |SetDiversificationNonce| is @@ -49,7 +50,7 @@ class QUIC_EXPORT_PRIVATE QuicDecrypter { // // If this function is called, neither |SetKey| nor |SetNoncePrefix| may be // called. - virtual bool SetPreliminaryKey(base::StringPiece key) = 0; + virtual bool SetPreliminaryKey(QuicStringPiece key) = 0; // SetDiversificationNonce uses |nonce| to derive final keys based on the // input keying material given by calling |SetPreliminaryKey|. @@ -68,8 +69,8 @@ class QUIC_EXPORT_PRIVATE QuicDecrypter { // to non-authentic inputs, as opposed to other reasons for failure. virtual bool DecryptPacket(QuicVersion version, QuicPacketNumber packet_number, - base::StringPiece associated_data, - base::StringPiece ciphertext, + QuicStringPiece associated_data, + QuicStringPiece ciphertext, char* output, size_t* output_length, size_t max_output_length) = 0; @@ -81,11 +82,11 @@ class QUIC_EXPORT_PRIVATE QuicDecrypter { virtual uint32_t cipher_id() const = 0; // For use by unit tests only. - virtual base::StringPiece GetKey() const = 0; - virtual base::StringPiece GetNoncePrefix() const = 0; + virtual QuicStringPiece GetKey() const = 0; + virtual QuicStringPiece GetNoncePrefix() const = 0; - static void DiversifyPreliminaryKey(base::StringPiece preliminary_key, - base::StringPiece nonce_prefix, + static void DiversifyPreliminaryKey(QuicStringPiece preliminary_key, + QuicStringPiece nonce_prefix, const DiversificationNonce& nonce, size_t key_size, size_t nonce_prefix_size, diff --git a/chromium/net/quic/core/crypto/quic_encrypter.h b/chromium/net/quic/core/crypto/quic_encrypter.h index 40d079ce4a1..03aa6df0766 100644 --- a/chromium/net/quic/core/crypto/quic_encrypter.h +++ b/chromium/net/quic/core/crypto/quic_encrypter.h @@ -9,6 +9,7 @@ #include "net/quic/core/quic_packets.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -22,7 +23,7 @@ class QUIC_EXPORT_PRIVATE QuicEncrypter { // // NOTE: The key is the client_write_key or server_write_key derived from // the master secret. - virtual bool SetKey(base::StringPiece key) = 0; + virtual bool SetKey(QuicStringPiece key) = 0; // Sets the fixed initial bytes of the nonce. Returns true on success, // false on failure. @@ -39,7 +40,7 @@ class QUIC_EXPORT_PRIVATE QuicEncrypter { // // The security of the nonce format requires that QUIC never reuse a // packet number, even when retransmitting a lost packet. - virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) = 0; + virtual bool SetNoncePrefix(QuicStringPiece nonce_prefix) = 0; // Writes encrypted |plaintext| and a MAC over |plaintext| and // |associated_data| into output. Sets |output_length| to the number of @@ -50,8 +51,8 @@ class QUIC_EXPORT_PRIVATE QuicEncrypter { // |plaintext| must be <= |output|. virtual bool EncryptPacket(QuicVersion version, QuicPacketNumber packet_number, - base::StringPiece associated_data, - base::StringPiece plaintext, + QuicStringPiece associated_data, + QuicStringPiece plaintext, char* output, size_t* output_length, size_t max_output_length) = 0; @@ -76,8 +77,8 @@ class QUIC_EXPORT_PRIVATE QuicEncrypter { virtual size_t GetCiphertextSize(size_t plaintext_size) const = 0; // For use by unit tests only. - virtual base::StringPiece GetKey() const = 0; - virtual base::StringPiece GetNoncePrefix() const = 0; + virtual QuicStringPiece GetKey() const = 0; + virtual QuicStringPiece GetNoncePrefix() const = 0; }; } // namespace net diff --git a/chromium/net/quic/core/crypto/strike_register_client.h b/chromium/net/quic/core/crypto/strike_register_client.h index c8cc409b53f..06291ae4baa 100644 --- a/chromium/net/quic/core/crypto/strike_register_client.h +++ b/chromium/net/quic/core/crypto/strike_register_client.h @@ -8,10 +8,10 @@ #include <string> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/crypto/strike_register.h" #include "net/quic/core/quic_time.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -42,12 +42,12 @@ class QUIC_EXPORT_PRIVATE StrikeRegisterClient { virtual ~StrikeRegisterClient() {} // Returns true iff the strike register knows about the given orbit. - virtual bool IsKnownOrbit(base::StringPiece orbit) const = 0; + virtual bool IsKnownOrbit(QuicStringPiece orbit) const = 0; // Validate a nonce for freshness and uniqueness. // Will invoke cb->Run(ValidateResponse::nonce_is_valid_and_unique(), // ValidateResponse::nonce_error()) // once the asynchronous operation is complete. - virtual void VerifyNonceIsValidAndUnique(base::StringPiece nonce, + virtual void VerifyNonceIsValidAndUnique(QuicStringPiece nonce, QuicWallTime now, ResultCallback* cb) = 0; diff --git a/chromium/net/quic/core/frames/quic_ack_frame.cc b/chromium/net/quic/core/frames/quic_ack_frame.cc index 0f7464a9e26..8dcb1373c64 100644 --- a/chromium/net/quic/core/frames/quic_ack_frame.cc +++ b/chromium/net/quic/core/frames/quic_ack_frame.cc @@ -5,6 +5,7 @@ #include "net/quic/core/frames/quic_ack_frame.h" #include "net/quic/core/quic_constants.h" +#include "net/quic/platform/api/quic_bug_tracker.h" namespace net { @@ -16,9 +17,7 @@ bool IsAwaitingPacket(const QuicAckFrame& ack_frame, } QuicAckFrame::QuicAckFrame() - : largest_observed(0), - ack_delay_time(QuicTime::Delta::Infinite()), - path_id(kDefaultPathId) {} + : largest_observed(0), ack_delay_time(QuicTime::Delta::Infinite()) {} QuicAckFrame::QuicAckFrame(const QuicAckFrame& other) = default; @@ -73,6 +72,14 @@ bool PacketNumberQueue::RemoveUpTo(QuicPacketNumber higher) { return Empty() || old_min != Min(); } +void PacketNumberQueue::RemoveSmallestInterval() { + QUIC_BUG_IF(packet_number_intervals_.Size() < 2) + << (Empty() ? "No intervals to remove." + : "Can't remove the last interval."); + + packet_number_intervals_.Difference(*packet_number_intervals_.begin()); +} + void PacketNumberQueue::Complement() { if (Empty()) { return; diff --git a/chromium/net/quic/core/frames/quic_ack_frame.h b/chromium/net/quic/core/frames/quic_ack_frame.h index 816a4ace874..0a8991ac2a4 100644 --- a/chromium/net/quic/core/frames/quic_ack_frame.h +++ b/chromium/net/quic/core/frames/quic_ack_frame.h @@ -8,7 +8,6 @@ #include <ostream> #include <string> -#include "base/strings/string_piece.h" #include "net/quic/core/quic_types.h" #include "net/quic/platform/api/quic_containers.h" #include "net/quic/platform/api/quic_export.h" @@ -50,6 +49,9 @@ class QUIC_EXPORT_PRIVATE PacketNumberQueue { // the queue. Returns true if packets were removed. bool RemoveUpTo(QuicPacketNumber higher); + // Removes the smallest interval in the queue. + void RemoveSmallestInterval(); + // Mutates packet number set so that it contains only those packet numbers // from minimum to maximum packet number not currently in the set. Do nothing // if packet number set is empty. @@ -115,9 +117,6 @@ struct QUIC_EXPORT_PRIVATE QuicAckFrame { // Set of packets. PacketNumberQueue packets; - - // Path which this ack belongs to. - QuicPathId path_id; }; // True if the packet number is greater than largest_observed or is listed diff --git a/chromium/net/quic/core/frames/quic_frame.cc b/chromium/net/quic/core/frames/quic_frame.cc index 840bb6ecb4a..e209b762fc7 100644 --- a/chromium/net/quic/core/frames/quic_frame.cc +++ b/chromium/net/quic/core/frames/quic_frame.cc @@ -5,7 +5,6 @@ #include "net/quic/core/frames/quic_frame.h" #include "net/quic/platform/api/quic_logging.h" -using base::StringPiece; using std::string; namespace net { @@ -44,9 +43,6 @@ QuicFrame::QuicFrame(QuicWindowUpdateFrame* frame) QuicFrame::QuicFrame(QuicBlockedFrame* frame) : type(BLOCKED_FRAME), blocked_frame(frame) {} -QuicFrame::QuicFrame(QuicPathCloseFrame* frame) - : type(PATH_CLOSE_FRAME), path_close_frame(frame) {} - void DeleteFrames(QuicFrames* frames) { for (QuicFrame& frame : *frames) { switch (frame.type) { @@ -79,9 +75,6 @@ void DeleteFrames(QuicFrames* frames) { case WINDOW_UPDATE_FRAME: delete frame.window_update_frame; break; - case PATH_CLOSE_FRAME: - delete frame.path_close_frame; - break; case NUM_FRAME_TYPES: DCHECK(false) << "Cannot delete type: " << frame.type; } @@ -148,10 +141,6 @@ std::ostream& operator<<(std::ostream& os, const QuicFrame& frame) { os << "type { MTU_DISCOVERY_FRAME } "; break; } - case PATH_CLOSE_FRAME: { - os << "type { PATH_CLOSE_FRAME } " << *(frame.path_close_frame); - break; - } default: { QUIC_LOG(ERROR) << "Unknown frame type: " << frame.type; break; diff --git a/chromium/net/quic/core/frames/quic_frame.h b/chromium/net/quic/core/frames/quic_frame.h index 3ebe1cfc3de..fce45b5fda3 100644 --- a/chromium/net/quic/core/frames/quic_frame.h +++ b/chromium/net/quic/core/frames/quic_frame.h @@ -15,7 +15,6 @@ #include "net/quic/core/frames/quic_goaway_frame.h" #include "net/quic/core/frames/quic_mtu_discovery_frame.h" #include "net/quic/core/frames/quic_padding_frame.h" -#include "net/quic/core/frames/quic_path_close_frame.h" #include "net/quic/core/frames/quic_ping_frame.h" #include "net/quic/core/frames/quic_rst_stream_frame.h" #include "net/quic/core/frames/quic_stop_waiting_frame.h" @@ -40,7 +39,6 @@ struct QUIC_EXPORT_PRIVATE QuicFrame { explicit QuicFrame(QuicGoAwayFrame* frame); explicit QuicFrame(QuicWindowUpdateFrame* frame); explicit QuicFrame(QuicBlockedFrame* frame); - explicit QuicFrame(QuicPathCloseFrame* frame); QUIC_EXPORT_PRIVATE friend std::ostream& operator<<(std::ostream& os, const QuicFrame& frame); @@ -61,7 +59,6 @@ struct QUIC_EXPORT_PRIVATE QuicFrame { QuicGoAwayFrame* goaway_frame; QuicWindowUpdateFrame* window_update_frame; QuicBlockedFrame* blocked_frame; - QuicPathCloseFrame* path_close_frame; }; }; // QuicFrameType consumes 8 bytes with padding. diff --git a/chromium/net/quic/core/frames/quic_frames_test.cc b/chromium/net/quic/core/frames/quic_frames_test.cc index 11f083ec16d..dbc0d0cc8de 100644 --- a/chromium/net/quic/core/frames/quic_frames_test.cc +++ b/chromium/net/quic/core/frames/quic_frames_test.cc @@ -9,7 +9,6 @@ #include "net/quic/core/frames/quic_goaway_frame.h" #include "net/quic/core/frames/quic_mtu_discovery_frame.h" #include "net/quic/core/frames/quic_padding_frame.h" -#include "net/quic/core/frames/quic_path_close_frame.h" #include "net/quic/core/frames/quic_ping_frame.h" #include "net/quic/core/frames/quic_rst_stream_frame.h" #include "net/quic/core/frames/quic_stop_waiting_frame.h" @@ -116,14 +115,6 @@ TEST(QuicFramesTest, StopWaitingFrameToString) { EXPECT_EQ("{ least_unacked: 2 }\n", stream.str()); } -TEST(QuicFramesTest, PathCloseFrameToString) { - QuicPathCloseFrame frame; - frame.path_id = 1; - std::ostringstream stream; - stream << frame; - EXPECT_EQ("{ path_id: 1 }\n", stream.str()); -} - TEST(QuicFramesTest, IsAwaitingPacket) { QuicAckFrame ack_frame1; ack_frame1.largest_observed = 10u; @@ -145,6 +136,23 @@ TEST(QuicFramesTest, IsAwaitingPacket) { EXPECT_TRUE(IsAwaitingPacket(ack_frame2, 50u, 20u)); } +TEST(QuicFramesTest, RemoveSmallestInterval) { + QuicAckFrame ack_frame1; + ack_frame1.largest_observed = 100u; + ack_frame1.packets.Add(51, 60); + ack_frame1.packets.Add(71, 80); + ack_frame1.packets.Add(91, 100); + ack_frame1.packets.RemoveSmallestInterval(); + EXPECT_EQ(2u, ack_frame1.packets.NumIntervals()); + EXPECT_EQ(71u, ack_frame1.packets.Min()); + EXPECT_EQ(99u, ack_frame1.packets.Max()); + + ack_frame1.packets.RemoveSmallestInterval(); + EXPECT_EQ(1u, ack_frame1.packets.NumIntervals()); + EXPECT_EQ(91u, ack_frame1.packets.Min()); + EXPECT_EQ(99u, ack_frame1.packets.Max()); +} + // Tests that a queue contains the expected data after calls to Add(). TEST(PacketNumberQueueTest, AddRange) { PacketNumberQueue queue; diff --git a/chromium/net/quic/core/frames/quic_path_close_frame.cc b/chromium/net/quic/core/frames/quic_path_close_frame.cc deleted file mode 100644 index f2b751aca02..00000000000 --- a/chromium/net/quic/core/frames/quic_path_close_frame.cc +++ /dev/null @@ -1,17 +0,0 @@ -// Copyright (c) 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/quic/core/frames/quic_path_close_frame.h" - -namespace net { - -QuicPathCloseFrame::QuicPathCloseFrame(QuicPathId path_id) : path_id(path_id) {} - -std::ostream& operator<<(std::ostream& os, - const QuicPathCloseFrame& path_close_frame) { - os << "{ path_id: " << static_cast<int>(path_close_frame.path_id) << " }\n"; - return os; -} - -} // namespace net diff --git a/chromium/net/quic/core/frames/quic_path_close_frame.h b/chromium/net/quic/core/frames/quic_path_close_frame.h deleted file mode 100644 index 55982a9c746..00000000000 --- a/chromium/net/quic/core/frames/quic_path_close_frame.h +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright (c) 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_QUIC_CORE_FRAMES_QUIC_PATH_CLOSE_FRAME_H_ -#define NET_QUIC_CORE_FRAMES_QUIC_PATH_CLOSE_FRAME_H_ - -#include <ostream> - -#include "net/quic/core/quic_types.h" -#include "net/quic/platform/api/quic_export.h" - -namespace net { - -// The PATH_CLOSE frame is used to explicitly close a path. Both endpoints can -// send a PATH_CLOSE frame to initiate a path termination. A path is considered -// to be closed either a PATH_CLOSE frame is sent or received. An endpoint drops -// receive side of a closed path, and packets with retransmittable frames on a -// closed path are marked as retransmissions which will be transmitted on other -// paths. -struct QUIC_EXPORT_PRIVATE QuicPathCloseFrame { - QuicPathCloseFrame() {} - explicit QuicPathCloseFrame(QuicPathId path_id); - - friend QUIC_EXPORT_PRIVATE std::ostream& operator<<( - std::ostream& os, - const QuicPathCloseFrame& p); - - QuicPathId path_id; -}; - -} // namespace net - -#endif // NET_QUIC_CORE_FRAMES_QUIC_PATH_CLOSE_FRAME_H_ diff --git a/chromium/net/quic/core/frames/quic_stop_waiting_frame.cc b/chromium/net/quic/core/frames/quic_stop_waiting_frame.cc index b051beb0d6a..b61b32ac861 100644 --- a/chromium/net/quic/core/frames/quic_stop_waiting_frame.cc +++ b/chromium/net/quic/core/frames/quic_stop_waiting_frame.cc @@ -8,8 +8,7 @@ namespace net { -QuicStopWaitingFrame::QuicStopWaitingFrame() - : path_id(kDefaultPathId), least_unacked(0) {} +QuicStopWaitingFrame::QuicStopWaitingFrame() : least_unacked(0) {} QuicStopWaitingFrame::~QuicStopWaitingFrame() {} diff --git a/chromium/net/quic/core/frames/quic_stop_waiting_frame.h b/chromium/net/quic/core/frames/quic_stop_waiting_frame.h index 1c02a7768c3..7632d087650 100644 --- a/chromium/net/quic/core/frames/quic_stop_waiting_frame.h +++ b/chromium/net/quic/core/frames/quic_stop_waiting_frame.h @@ -20,8 +20,6 @@ struct QUIC_EXPORT_PRIVATE QuicStopWaitingFrame { std::ostream& os, const QuicStopWaitingFrame& s); - // Path which this stop waiting frame belongs to. - QuicPathId path_id; // The lowest packet we've sent which is unacked, and we expect an ack for. QuicPacketNumber least_unacked; }; diff --git a/chromium/net/quic/core/frames/quic_stream_frame.cc b/chromium/net/quic/core/frames/quic_stream_frame.cc index 58ec40e5153..ba3463965a1 100644 --- a/chromium/net/quic/core/frames/quic_stream_frame.cc +++ b/chromium/net/quic/core/frames/quic_stream_frame.cc @@ -6,8 +6,6 @@ #include "net/quic/platform/api/quic_logging.h" -using base::StringPiece; - namespace net { void StreamBufferDeleter::operator()(char* buffer) const { @@ -28,7 +26,7 @@ QuicStreamFrame::QuicStreamFrame() QuicStreamFrame::QuicStreamFrame(QuicStreamId stream_id, bool fin, QuicStreamOffset offset, - StringPiece data) + QuicStringPiece data) : QuicStreamFrame(stream_id, fin, offset, diff --git a/chromium/net/quic/core/frames/quic_stream_frame.h b/chromium/net/quic/core/frames/quic_stream_frame.h index 99f285630a7..138cc483172 100644 --- a/chromium/net/quic/core/frames/quic_stream_frame.h +++ b/chromium/net/quic/core/frames/quic_stream_frame.h @@ -8,10 +8,10 @@ #include <memory> #include <ostream> -#include "base/strings/string_piece.h" #include "net/quic/core/quic_buffer_allocator.h" #include "net/quic/core/quic_types.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -44,7 +44,7 @@ struct QUIC_EXPORT_PRIVATE QuicStreamFrame { QuicStreamFrame(QuicStreamId stream_id, bool fin, QuicStreamOffset offset, - base::StringPiece data); + QuicStringPiece data); QuicStreamFrame(QuicStreamId stream_id, bool fin, QuicStreamOffset offset, diff --git a/chromium/net/quic/core/quic_client_session_base.cc b/chromium/net/quic/core/quic_client_session_base.cc index 12f9ff75c9f..1c7e1016579 100644 --- a/chromium/net/quic/core/quic_client_session_base.cc +++ b/chromium/net/quic/core/quic_client_session_base.cc @@ -9,7 +9,6 @@ #include "net/quic/core/spdy_utils.h" #include "net/quic/platform/api/quic_logging.h" -using base::StringPiece; using std::string; namespace net { diff --git a/chromium/net/quic/core/quic_config.cc b/chromium/net/quic/core/quic_config.cc index b654a93831a..9a29d94b1df 100644 --- a/chromium/net/quic/core/quic_config.cc +++ b/chromium/net/quic/core/quic_config.cc @@ -12,7 +12,9 @@ #include "net/quic/core/quic_socket_address_coder.h" #include "net/quic/core/quic_utils.h" #include "net/quic/platform/api/quic_bug_tracker.h" +#include "net/quic/platform/api/quic_flag_utils.h" #include "net/quic/platform/api/quic_logging.h" +#include "net/quic/platform/api/quic_string_piece.h" using std::string; @@ -305,7 +307,7 @@ QuicErrorCode QuicFixedSocketAddress::ProcessPeerHello( const CryptoHandshakeMessage& peer_hello, HelloType hello_type, string* error_details) { - base::StringPiece address; + QuicStringPiece address; if (!peer_hello.GetStringPiece(tag_, &address)) { if (presence_ == PRESENCE_REQUIRED) { *error_details = "Missing " + QuicTagToString(tag_); @@ -336,11 +338,12 @@ QuicConfig::QuicConfig() initial_stream_flow_control_window_bytes_(kSFCW, PRESENCE_OPTIONAL), initial_session_flow_control_window_bytes_(kCFCW, PRESENCE_OPTIONAL), socket_receive_buffer_(kSRBF, PRESENCE_OPTIONAL), - multipath_enabled_(kMPTH, PRESENCE_OPTIONAL), connection_migration_disabled_(kNCMR, PRESENCE_OPTIONAL), alternate_server_address_(kASAD, PRESENCE_OPTIONAL), force_hol_blocking_(kFHL2, PRESENCE_OPTIONAL), - support_max_header_list_size_(kSMHL, PRESENCE_OPTIONAL) { + support_max_header_list_size_(kSMHL, PRESENCE_OPTIONAL), + latched_no_socket_receive_buffer_( + FLAGS_quic_reloadable_flag_quic_no_socket_receive_buffer) { SetDefaults(); } @@ -542,7 +545,11 @@ uint32_t QuicConfig::ReceivedInitialSessionFlowControlWindowBytes() const { } void QuicConfig::SetSocketReceiveBufferToSend(uint32_t tcp_receive_window) { - socket_receive_buffer_.SetSendValue(tcp_receive_window); + if (latched_no_socket_receive_buffer_) { + QUIC_FLAG_COUNT_N(quic_reloadable_flag_quic_no_socket_receive_buffer, 1, 3); + } else { + socket_receive_buffer_.SetSendValue(tcp_receive_window); + } } bool QuicConfig::HasReceivedSocketReceiveBuffer() const { @@ -553,15 +560,6 @@ uint32_t QuicConfig::ReceivedSocketReceiveBuffer() const { return socket_receive_buffer_.GetReceivedValue(); } -void QuicConfig::SetMultipathEnabled(bool multipath_enabled) { - uint32_t value = multipath_enabled ? 1 : 0; - multipath_enabled_.set(value, value); -} - -bool QuicConfig::MultipathEnabled() const { - return multipath_enabled_.GetUint32() > 0; -} - void QuicConfig::SetDisableConnectionMigration() { connection_migration_disabled_.SetSendValue(1); } @@ -640,7 +638,11 @@ void QuicConfig::ToHandshakeMessage(CryptoHandshakeMessage* out) const { initial_round_trip_time_us_.ToHandshakeMessage(out); initial_stream_flow_control_window_bytes_.ToHandshakeMessage(out); initial_session_flow_control_window_bytes_.ToHandshakeMessage(out); - socket_receive_buffer_.ToHandshakeMessage(out); + if (latched_no_socket_receive_buffer_) { + QUIC_FLAG_COUNT_N(quic_reloadable_flag_quic_no_socket_receive_buffer, 2, 3); + } else { + socket_receive_buffer_.ToHandshakeMessage(out); + } connection_migration_disabled_.ToHandshakeMessage(out); connection_options_.ToHandshakeMessage(out); alternate_server_address_.ToHandshakeMessage(out); @@ -687,7 +689,9 @@ QuicErrorCode QuicConfig::ProcessPeerHello( error = initial_session_flow_control_window_bytes_.ProcessPeerHello( peer_hello, hello_type, error_details); } - if (error == QUIC_NO_ERROR) { + if (latched_no_socket_receive_buffer_) { + QUIC_FLAG_COUNT_N(quic_reloadable_flag_quic_no_socket_receive_buffer, 3, 3); + } else if (error == QUIC_NO_ERROR) { error = socket_receive_buffer_.ProcessPeerHello(peer_hello, hello_type, error_details); } diff --git a/chromium/net/quic/core/quic_config.h b/chromium/net/quic/core/quic_config.h index 286ba1c2af6..c1d7a89c4a5 100644 --- a/chromium/net/quic/core/quic_config.h +++ b/chromium/net/quic/core/quic_config.h @@ -351,10 +351,6 @@ class QUIC_EXPORT_PRIVATE QuicConfig { uint32_t ReceivedSocketReceiveBuffer() const; - void SetMultipathEnabled(bool multipath_enabled); - - bool MultipathEnabled() const; - void SetDisableConnectionMigration(); bool DisableConnectionMigration() const; @@ -428,9 +424,6 @@ class QUIC_EXPORT_PRIVATE QuicConfig { // TODO(ianswett): Deprecate once QUIC_VERSION_34 is deprecated. QuicFixedUint32 socket_receive_buffer_; - // Whether to support multipath for this connection. - QuicNegotiableUint32 multipath_enabled_; - // Whether tell peer not to attempt connection migration. QuicFixedUint32 connection_migration_disabled_; @@ -442,6 +435,9 @@ class QUIC_EXPORT_PRIVATE QuicConfig { // Whether support HTTP/2 SETTINGS_MAX_HEADER_LIST_SIZE SETTINGS frame. QuicFixedUint32 support_max_header_list_size_; + + // Latched copy of FLAGS_quic_reloadable_flag_quic_no_socket_receive_buffer + bool latched_no_socket_receive_buffer_; }; } // namespace net diff --git a/chromium/net/quic/core/quic_config_test.cc b/chromium/net/quic/core/quic_config_test.cc index 4445e00a9e3..06e789d67e3 100644 --- a/chromium/net/quic/core/quic_config_test.cc +++ b/chromium/net/quic/core/quic_config_test.cc @@ -33,7 +33,9 @@ TEST_F(QuicConfigTest, ToHandshakeMessage) { config_.SetIdleNetworkTimeout(QuicTime::Delta::FromSeconds(5), QuicTime::Delta::FromSeconds(2)); config_.SetMaxStreamsPerConnection(4, 2); - config_.SetSocketReceiveBufferToSend(kDefaultSocketReceiveBuffer); + if (!FLAGS_quic_reloadable_flag_quic_no_socket_receive_buffer) { + config_.SetSocketReceiveBufferToSend(kDefaultSocketReceiveBuffer); + } CryptoHandshakeMessage msg; config_.ToHandshakeMessage(&msg); @@ -54,9 +56,11 @@ TEST_F(QuicConfigTest, ToHandshakeMessage) { EXPECT_EQ(QUIC_NO_ERROR, error); EXPECT_EQ(kInitialSessionFlowControlWindowForTest, value); - error = msg.GetUint32(kSRBF, &value); - EXPECT_EQ(QUIC_NO_ERROR, error); - EXPECT_EQ(kDefaultSocketReceiveBuffer, value); + if (!FLAGS_quic_reloadable_flag_quic_no_socket_receive_buffer) { + error = msg.GetUint32(kSRBF, &value); + EXPECT_EQ(QUIC_NO_ERROR, error); + EXPECT_EQ(kDefaultSocketReceiveBuffer, value); + } } TEST_F(QuicConfigTest, ProcessClientHello) { @@ -73,7 +77,9 @@ TEST_F(QuicConfigTest, ProcessClientHello) { 2 * kInitialStreamFlowControlWindowForTest); client_config.SetInitialSessionFlowControlWindowToSend( 2 * kInitialSessionFlowControlWindowForTest); - client_config.SetSocketReceiveBufferToSend(kDefaultSocketReceiveBuffer); + if (!FLAGS_quic_reloadable_flag_quic_no_socket_receive_buffer) { + client_config.SetSocketReceiveBufferToSend(kDefaultSocketReceiveBuffer); + } client_config.SetForceHolBlocking(); QuicTagVector copt; copt.push_back(kTBBR); @@ -109,7 +115,10 @@ TEST_F(QuicConfigTest, ProcessClientHello) { 2 * kInitialStreamFlowControlWindowForTest); EXPECT_EQ(config_.ReceivedInitialSessionFlowControlWindowBytes(), 2 * kInitialSessionFlowControlWindowForTest); - EXPECT_EQ(config_.ReceivedSocketReceiveBuffer(), kDefaultSocketReceiveBuffer); + if (!FLAGS_quic_reloadable_flag_quic_no_socket_receive_buffer) { + EXPECT_EQ(config_.ReceivedSocketReceiveBuffer(), + kDefaultSocketReceiveBuffer); + } } TEST_F(QuicConfigTest, ProcessServerHello) { @@ -129,7 +138,9 @@ TEST_F(QuicConfigTest, ProcessServerHello) { 2 * kInitialStreamFlowControlWindowForTest); server_config.SetInitialSessionFlowControlWindowToSend( 2 * kInitialSessionFlowControlWindowForTest); - server_config.SetSocketReceiveBufferToSend(kDefaultSocketReceiveBuffer); + if (!FLAGS_quic_reloadable_flag_quic_no_socket_receive_buffer) { + server_config.SetSocketReceiveBufferToSend(kDefaultSocketReceiveBuffer); + } server_config.SetAlternateServerAddressToSend(kTestServerAddress); CryptoHandshakeMessage msg; server_config.ToHandshakeMessage(&msg); @@ -147,7 +158,10 @@ TEST_F(QuicConfigTest, ProcessServerHello) { 2 * kInitialStreamFlowControlWindowForTest); EXPECT_EQ(config_.ReceivedInitialSessionFlowControlWindowBytes(), 2 * kInitialSessionFlowControlWindowForTest); - EXPECT_EQ(config_.ReceivedSocketReceiveBuffer(), kDefaultSocketReceiveBuffer); + if (!FLAGS_quic_reloadable_flag_quic_no_socket_receive_buffer) { + EXPECT_EQ(config_.ReceivedSocketReceiveBuffer(), + kDefaultSocketReceiveBuffer); + } EXPECT_TRUE(config_.HasReceivedAlternateServerAddress()); EXPECT_EQ(kTestServerAddress, config_.ReceivedAlternateServerAddress()); } diff --git a/chromium/net/quic/core/quic_connection.cc b/chromium/net/quic/core/quic_connection.cc index ae9e1cde4cc..99daacf033e 100644 --- a/chromium/net/quic/core/quic_connection.cc +++ b/chromium/net/quic/core/quic_connection.cc @@ -29,12 +29,12 @@ #include "net/quic/core/quic_pending_retransmission.h" #include "net/quic/core/quic_utils.h" #include "net/quic/platform/api/quic_bug_tracker.h" +#include "net/quic/platform/api/quic_flag_utils.h" #include "net/quic/platform/api/quic_logging.h" #include "net/quic/platform/api/quic_map_util.h" #include "net/quic/platform/api/quic_str_cat.h" #include "net/quic/platform/api/quic_text_utils.h" -using base::StringPiece; using std::string; namespace net { @@ -259,8 +259,8 @@ QuicConnection::QuicConnection(QuicConnectionId connection_id, largest_received_packet_size_(0), goaway_sent_(false), goaway_received_(false), - multipath_enabled_(false), - write_error_occured_(false) { + write_error_occured_(false), + no_stop_waiting_frames_(false) { QUIC_DLOG(INFO) << ENDPOINT << "Created connection with connection_id: " << connection_id; framer_.set_visitor(this); @@ -273,6 +273,10 @@ QuicConnection::QuicConnection(QuicConnectionId connection_id, SetMaxPacketLength(perspective_ == Perspective::IS_SERVER ? kDefaultServerMaxPacketSize : kDefaultMaxPacketSize); + if (packet_generator_.latched_flag_no_stop_waiting_frames()) { + QUIC_FLAG_COUNT_N(quic_reloadable_flag_quic_no_stop_waiting_frames, 1, 2); + received_packet_manager_.set_max_ack_ranges(255); + } } QuicConnection::~QuicConnection() { @@ -302,10 +306,6 @@ void QuicConnection::SetFromConfig(const QuicConfig& config) { idle_timeout_connection_close_behavior_ = ConnectionCloseBehavior::SILENT_CLOSE; } - if (FLAGS_quic_reloadable_flag_quic_enable_multipath && - config.MultipathEnabled()) { - multipath_enabled_ = true; - } } else { SetNetworkTimeouts(config.max_time_before_crypto_handshake(), config.max_idle_time_before_crypto_handshake()); @@ -345,6 +345,11 @@ void QuicConnection::SetFromConfig(const QuicConfig& config) { if (config.HasClientSentConnectionOption(k5RTO, perspective_)) { close_connection_after_five_rtos_ = true; } + if (packet_generator_.latched_flag_no_stop_waiting_frames() && + config.HasClientSentConnectionOption(kNSTP, perspective_)) { + QUIC_FLAG_COUNT_N(quic_reloadable_flag_quic_no_stop_waiting_frames, 2, 2); + no_stop_waiting_frames_ = true; + } } void QuicConnection::OnSendConnectionState( @@ -694,6 +699,10 @@ bool QuicConnection::OnAckFrame(const QuicAckFrame& incoming_ack) { largest_seen_packet_with_ack_ = last_header_.packet_number; sent_packet_manager_.OnIncomingAck(incoming_ack, time_of_last_received_packet_); + if (no_stop_waiting_frames_) { + received_packet_manager_.DontWaitForPacketsBefore( + sent_packet_manager_.largest_packet_peer_knows_is_acked()); + } // Always reset the retransmission alarm when an ack comes in, since we now // have a better estimate of the current rtt than when it was set. SetRetransmissionAlarm(); @@ -716,7 +725,9 @@ bool QuicConnection::OnAckFrame(const QuicAckFrame& incoming_ack) { bool QuicConnection::OnStopWaitingFrame(const QuicStopWaitingFrame& frame) { DCHECK(connected_); - + if (no_stop_waiting_frames_) { + return true; + } if (last_header_.packet_number <= largest_seen_packet_with_stop_waiting_) { QUIC_DLOG(INFO) << ENDPOINT << "Received an old stop waiting frame: ignoring"; @@ -893,16 +904,6 @@ bool QuicConnection::OnBlockedFrame(const QuicBlockedFrame& frame) { return connected_; } -bool QuicConnection::OnPathCloseFrame(const QuicPathCloseFrame& frame) { - DCHECK(connected_); - if (debug_visitor_ != nullptr) { - debug_visitor_->OnPathCloseFrame(frame); - } - QUIC_DLOG(INFO) << ENDPOINT - << "PATH_CLOSE_FRAME received for path: " << frame.path_id; - return connected_; -} - void QuicConnection::OnPacketComplete() { // Don't do anything if this packet closed the connection. if (!connected_) { @@ -1131,12 +1132,6 @@ void QuicConnection::SendBlocked(QuicStreamId id) { stats_.blocked_frames_sent++; } -void QuicConnection::SendPathClose(QuicPathId path_id) { - // Opportunistically bundle an ack with this outgoing packet. - ScopedPacketBundler ack_bundler(this, SEND_ACK_IF_PENDING); - packet_generator_.AddControlFrame(QuicFrame(new QuicPathCloseFrame(path_id))); -} - const QuicConnectionStats& QuicConnection::GetStats() { const RttStats* rtt_stats = sent_packet_manager_.GetRttStats(); @@ -1186,9 +1181,8 @@ void QuicConnection::ProcessUdpPacket(const QuicSocketAddress& self_address, ++stats_.packets_received; // Ensure the time coming from the packet reader is within a minute of now. - if (FLAGS_quic_reloadable_flag_quic_allow_large_send_deltas && - std::abs((packet.receipt_time() - clock_->ApproximateNow()).ToSeconds()) > - 60) { + if (std::abs((packet.receipt_time() - clock_->ApproximateNow()).ToSeconds()) > + 60) { QUIC_BUG << "Packet receipt time:" << packet.receipt_time().ToDebuggingValue() << " too far from current time:" @@ -1281,10 +1275,16 @@ bool QuicConnection::ProcessValidatedPacket(const QuicPacketHeader& header) { if (self_address_.port() != last_packet_destination_address_.port() || self_address_.host().Normalized() != last_packet_destination_address_.host().Normalized()) { - CloseConnection(QUIC_ERROR_MIGRATING_ADDRESS, - "Self address migration is not supported at the server.", - ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); - return false; + if (FLAGS_quic_reloadable_flag_quic_allow_one_address_change && + AllowSelfAddressChange()) { + OnSelfAddressChange(); + } else { + CloseConnection( + QUIC_ERROR_MIGRATING_ADDRESS, + "Self address migration is not supported at the server.", + ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); + return false; + } } self_address_ = last_packet_destination_address_; } @@ -1299,7 +1299,7 @@ bool QuicConnection::ProcessValidatedPacket(const QuicPacketHeader& header) { // Multipath is not enabled, but a packet with multipath flag on is // received. - if (!multipath_enabled_ && header.public_header.multipath_flag) { + if (header.public_header.multipath_flag) { const string error_details = "Received a packet with multipath flag but multipath is not enabled."; QUIC_BUG << error_details; @@ -1505,8 +1505,8 @@ bool QuicConnection::WritePacket(SerializedPacket* packet) { << QuicUtils::EncryptionLevelToString(packet->encryption_level) << ", encrypted length:" << encrypted_length; QUIC_DVLOG(2) << ENDPOINT << "packet(" << packet_number << "): " << std::endl - << QuicTextUtils::HexDump( - StringPiece(packet->encrypted_buffer, encrypted_length)); + << QuicTextUtils::HexDump(QuicStringPiece( + packet->encrypted_buffer, encrypted_length)); // Measure the RTT from before the write begins to avoid underestimating the // min_rtt_, especially in cases where the thread blocks or gets swapped out @@ -1618,6 +1618,10 @@ bool QuicConnection::ShouldDiscardPacket(const SerializedPacket& packet) { return false; } +bool QuicConnection::AllowSelfAddressChange() const { + return false; +} + void QuicConnection::OnWriteError(int error_code) { if (write_error_occured_) { // A write error already occurred. The connection is being closed. @@ -1642,7 +1646,6 @@ void QuicConnection::OnWriteError(int error_code) { } void QuicConnection::OnSerializedPacket(SerializedPacket* serialized_packet) { - DCHECK_NE(kInvalidPathId, serialized_packet->path_id); if (serialized_packet->encrypted_buffer == nullptr) { // We failed to serialize the packet, so close the connection. // TearDownLocalConnectionState does not send close packet, so no infinite @@ -1743,7 +1746,7 @@ void QuicConnection::SendAck() { last_ack_had_missing_packets_ = received_packet_manager_.HasMissingPackets(); num_packets_received_since_last_ack_sent_ = 0; - packet_generator_.SetShouldSendAck(true); + packet_generator_.SetShouldSendAck(!no_stop_waiting_frames_); } void QuicConnection::OnRetransmissionTimeout() { @@ -2331,11 +2334,11 @@ bool QuicConnection::ack_frame_updated() const { return received_packet_manager_.ack_frame_updated(); } -StringPiece QuicConnection::GetCurrentPacket() { +QuicStringPiece QuicConnection::GetCurrentPacket() { if (current_packet_data_ == nullptr) { - return StringPiece(); + return QuicStringPiece(); } - return StringPiece(current_packet_data_, last_size_); + return QuicStringPiece(current_packet_data_, last_size_); } bool QuicConnection::MaybeConsiderAsMemoryCorruption( diff --git a/chromium/net/quic/core/quic_connection.h b/chromium/net/quic/core/quic_connection.h index ba3faf2f242..e5bf4ca9168 100644 --- a/chromium/net/quic/core/quic_connection.h +++ b/chromium/net/quic/core/quic_connection.h @@ -27,7 +27,6 @@ #include <vector> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/crypto/quic_decrypter.h" #include "net/quic/core/quic_alarm.h" #include "net/quic/core/quic_alarm_factory.h" @@ -45,6 +44,7 @@ #include "net/quic/core/quic_types.h" #include "net/quic/platform/api/quic_export.h" #include "net/quic/platform/api/quic_socket_address.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -229,9 +229,6 @@ class QUIC_EXPORT_PRIVATE QuicConnectionDebugVisitor // Called when a BlockedFrame has been parsed. virtual void OnBlockedFrame(const QuicBlockedFrame& frame) {} - // Called when a PathCloseFrame has been parsed. - virtual void OnPathCloseFrame(const QuicPathCloseFrame& frame) {} - // Called when a public reset packet has been received. virtual void OnPublicResetPacket(const QuicPublicResetPacket& packet) {} @@ -362,9 +359,6 @@ class QUIC_EXPORT_PRIVATE QuicConnection // Send a WINDOW_UPDATE frame to the peer. virtual void SendWindowUpdate(QuicStreamId id, QuicStreamOffset byte_offset); - // Send a PATH_CLOSE frame to the peer. - virtual void SendPathClose(QuicPathId path_id); - // Closes the connection. // |connection_close_behavior| determines whether or not a connection close // packet is sent to the peer. @@ -448,7 +442,6 @@ class QUIC_EXPORT_PRIVATE QuicConnection bool OnGoAwayFrame(const QuicGoAwayFrame& frame) override; bool OnWindowUpdateFrame(const QuicWindowUpdateFrame& frame) override; bool OnBlockedFrame(const QuicBlockedFrame& frame) override; - bool OnPathCloseFrame(const QuicPathCloseFrame& frame) override; void OnPacketComplete() override; // QuicConnectionCloseDelegateInterface @@ -676,7 +669,7 @@ class QUIC_EXPORT_PRIVATE QuicConnection QuicConnectionHelperInterface* helper() { return helper_; } QuicAlarmFactory* alarm_factory() { return alarm_factory_; } - base::StringPiece GetCurrentPacket(); + QuicStringPiece GetCurrentPacket(); const QuicPacketGenerator& packet_generator() const { return packet_generator_; @@ -741,6 +734,12 @@ class QUIC_EXPORT_PRIVATE QuicConnection // Returns true if the packet should be discarded and not sent. virtual bool ShouldDiscardPacket(const SerializedPacket& packet); + // Returns true if this connection allows self address change. + virtual bool AllowSelfAddressChange() const; + + // Called when a self address change is observed. + virtual void OnSelfAddressChange() {} + private: friend class test::QuicConnectionPeer; friend class test::PacketSavingConnection; @@ -1076,13 +1075,13 @@ class QUIC_EXPORT_PRIVATE QuicConnection // Whether a GoAway has been received. bool goaway_received_; - // If true, multipath is enabled for this connection. - bool multipath_enabled_; - // Indicates whether a write error is encountered currently. This is used to // avoid infinite write errors. bool write_error_occured_; + // Indicates not to send or process stop waiting frames. + bool no_stop_waiting_frames_; + DISALLOW_COPY_AND_ASSIGN(QuicConnection); }; diff --git a/chromium/net/quic/core/quic_connection_test.cc b/chromium/net/quic/core/quic_connection_test.cc index c607cc26736..92b57be616c 100644 --- a/chromium/net/quic/core/quic_connection_test.cc +++ b/chromium/net/quic/core/quic_connection_test.cc @@ -38,7 +38,6 @@ #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; using testing::AnyNumber; using testing::AtLeast; @@ -85,14 +84,14 @@ class TaggingEncrypter : public QuicEncrypter { ~TaggingEncrypter() override {} // QuicEncrypter interface. - bool SetKey(StringPiece key) override { return true; } + bool SetKey(QuicStringPiece key) override { return true; } - bool SetNoncePrefix(StringPiece nonce_prefix) override { return true; } + bool SetNoncePrefix(QuicStringPiece nonce_prefix) override { return true; } bool EncryptPacket(QuicVersion /*version*/, QuicPacketNumber packet_number, - StringPiece associated_data, - StringPiece plaintext, + QuicStringPiece associated_data, + QuicStringPiece plaintext, char* output, size_t* output_length, size_t max_output_length) override { @@ -119,9 +118,9 @@ class TaggingEncrypter : public QuicEncrypter { return plaintext_size + kTagSize; } - StringPiece GetKey() const override { return StringPiece(); } + QuicStringPiece GetKey() const override { return QuicStringPiece(); } - StringPiece GetNoncePrefix() const override { return StringPiece(); } + QuicStringPiece GetNoncePrefix() const override { return QuicStringPiece(); } private: enum { @@ -140,11 +139,11 @@ class TaggingDecrypter : public QuicDecrypter { ~TaggingDecrypter() override {} // QuicDecrypter interface - bool SetKey(StringPiece key) override { return true; } + bool SetKey(QuicStringPiece key) override { return true; } - bool SetNoncePrefix(StringPiece nonce_prefix) override { return true; } + bool SetNoncePrefix(QuicStringPiece nonce_prefix) override { return true; } - bool SetPreliminaryKey(StringPiece key) override { + bool SetPreliminaryKey(QuicStringPiece key) override { QUIC_BUG << "should not be called"; return false; } @@ -155,8 +154,8 @@ class TaggingDecrypter : public QuicDecrypter { bool DecryptPacket(QuicVersion /*version*/, QuicPacketNumber packet_number, - StringPiece associated_data, - StringPiece ciphertext, + QuicStringPiece associated_data, + QuicStringPiece ciphertext, char* output, size_t* output_length, size_t max_output_length) override { @@ -171,14 +170,14 @@ class TaggingDecrypter : public QuicDecrypter { return true; } - StringPiece GetKey() const override { return StringPiece(); } - StringPiece GetNoncePrefix() const override { return StringPiece(); } + QuicStringPiece GetKey() const override { return QuicStringPiece(); } + QuicStringPiece GetNoncePrefix() const override { return QuicStringPiece(); } const char* cipher_name() const override { return "Tagging"; } // Use a distinct value starting with 0xFFFFFF, which is never used by TLS. uint32_t cipher_id() const override { return 0xFFFFFFF0; } protected: - virtual uint8_t GetTag(StringPiece ciphertext) { + virtual uint8_t GetTag(QuicStringPiece ciphertext) { return ciphertext.data()[ciphertext.size() - 1]; } @@ -187,7 +186,7 @@ class TaggingDecrypter : public QuicDecrypter { kTagSize = 12, }; - bool CheckTag(StringPiece ciphertext, uint8_t tag) { + bool CheckTag(QuicStringPiece ciphertext, uint8_t tag) { for (size_t i = ciphertext.size() - kTagSize; i < ciphertext.size(); i++) { if (ciphertext.data()[i] != tag) { return false; @@ -206,7 +205,7 @@ class StrictTaggingDecrypter : public TaggingDecrypter { ~StrictTaggingDecrypter() override {} // TaggingQuicDecrypter - uint8_t GetTag(StringPiece ciphertext) override { return tag_; } + uint8_t GetTag(QuicStringPiece ciphertext) override { return tag_; } const char* cipher_name() const override { return "StrictTagging"; } // Use a distinct value starting with 0xFFFFFF, which is never used by TLS. @@ -488,7 +487,6 @@ class TestConnection : public QuicConnection { } void SendPacket(EncryptionLevel level, - QuicPathId path_id, QuicPacketNumber packet_number, QuicPacket* packet, HasRetransmittableData retransmittable, @@ -500,8 +498,8 @@ class TestConnection : public QuicConnection { ENCRYPTION_NONE, packet_number, *packet, buffer, kMaxPacketSize); delete packet; SerializedPacket serialized_packet( - kDefaultPathId, packet_number, PACKET_6BYTE_PACKET_NUMBER, buffer, - encrypted_length, has_ack, has_pending_frames); + packet_number, PACKET_6BYTE_PACKET_NUMBER, buffer, encrypted_length, + has_ack, has_pending_frames); if (retransmittable == HAS_RETRANSMITTABLE_DATA) { serialized_packet.retransmittable_frames.push_back( QuicFrame(new QuicStreamFrame())); @@ -511,7 +509,7 @@ class TestConnection : public QuicConnection { QuicConsumedData SendStreamDataWithString( QuicStreamId id, - StringPiece data, + QuicStringPiece data, QuicStreamOffset offset, bool fin, QuicReferenceCountedPointer<QuicAckListenerInterface> ack_listener) { @@ -642,19 +640,24 @@ enum class AckResponse { kDefer, kImmediate }; // Run tests with combinations of {QuicVersion, AckResponse}. struct TestParams { - TestParams(QuicVersion version, AckResponse ack_response) - : version(version), ack_response(ack_response) {} + TestParams(QuicVersion version, + AckResponse ack_response, + bool no_stop_waiting) + : version(version), + ack_response(ack_response), + no_stop_waiting(no_stop_waiting) {} friend std::ostream& operator<<(std::ostream& os, const TestParams& p) { os << "{ client_version: " << QuicVersionToString(p.version) << " ack_response: " << (p.ack_response == AckResponse::kDefer ? "defer" : "immediate") - << " }"; + << " no_stop_waiting: " << p.no_stop_waiting << " }"; return os; } QuicVersion version; AckResponse ack_response; + bool no_stop_waiting; }; // Constructs various test permutations. @@ -664,7 +667,10 @@ std::vector<TestParams> GetTestParams() { for (size_t i = 0; i < all_supported_versions.size(); ++i) { for (AckResponse ack_response : {AckResponse::kDefer, AckResponse::kImmediate}) { - params.push_back(TestParams(all_supported_versions[i], ack_response)); + for (bool stop_waiting : {true, false}) { + params.push_back( + TestParams(all_supported_versions[i], ack_response, stop_waiting)); + } } } return params; @@ -699,12 +705,14 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> { creator_(QuicConnectionPeer::GetPacketCreator(&connection_)), generator_(QuicConnectionPeer::GetPacketGenerator(&connection_)), manager_(QuicConnectionPeer::GetSentPacketManager(&connection_)), - frame1_(1, false, 0, StringPiece(data1)), - frame2_(1, false, 3, StringPiece(data2)), + frame1_(1, false, 0, QuicStringPiece(data1)), + frame2_(1, false, 3, QuicStringPiece(data2)), packet_number_length_(PACKET_6BYTE_PACKET_NUMBER), connection_id_length_(PACKET_8BYTE_CONNECTION_ID) { connection_.set_defer_send_in_response_to_packets(GetParam().ack_response == AckResponse::kDefer); + QuicConnectionPeer::SetNoStopWaitingFrames(&connection_, + GetParam().no_stop_waiting); connection_.set_visitor(&visitor_); connection_.SetSendAlgorithm(send_algorithm_); connection_.SetLossAlgorithm(loss_algorithm_.get()); @@ -762,9 +770,9 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> { void use_tagging_decrypter() { writer_->use_tagging_decrypter(); } - void ProcessPacket(QuicPathId path_id, QuicPacketNumber number) { + void ProcessPacket(QuicPacketNumber number) { EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacket(path_id, number); + ProcessDataPacket(number); if (connection_.GetSendAlarm()->IsSet()) { connection_.GetSendAlarm()->Fire(); } @@ -810,7 +818,7 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> { DCHECK_GT(length, 0u); const size_t encrypted_length = peer_framer_.EncryptInPlace( - ENCRYPTION_NONE, kDefaultPathId, header.packet_number, + ENCRYPTION_NONE, header.packet_number, GetStartOfEncryptedData(peer_framer_.version(), header), length, kMaxPacketSize, encrypted_buffer); DCHECK_GT(encrypted_length, 0u); @@ -820,16 +828,14 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> { QuicReceivedPacket(encrypted_buffer, encrypted_length, clock_.Now())); } - size_t ProcessFramePacketAtLevel(QuicPathId path_id, - QuicPacketNumber number, + size_t ProcessFramePacketAtLevel(QuicPacketNumber number, QuicFrame frame, EncryptionLevel level) { QuicPacketHeader header; header.public_header.connection_id = connection_id_; header.public_header.packet_number_length = packet_number_length_; header.public_header.connection_id_length = connection_id_length_; - header.public_header.multipath_flag = path_id != kDefaultPathId; - header.path_id = path_id; + header.public_header.multipath_flag = false; header.packet_number = number; QuicFrames frames; frames.push_back(frame); @@ -844,16 +850,15 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> { return encrypted_length; } - size_t ProcessDataPacket(QuicPathId path_id, QuicPacketNumber number) { - return ProcessDataPacketAtLevel(path_id, number, false, ENCRYPTION_NONE); + size_t ProcessDataPacket(QuicPacketNumber number) { + return ProcessDataPacketAtLevel(number, false, ENCRYPTION_NONE); } - size_t ProcessDataPacketAtLevel(QuicPathId path_id, - QuicPacketNumber number, + size_t ProcessDataPacketAtLevel(QuicPacketNumber number, bool has_stop_waiting, EncryptionLevel level) { std::unique_ptr<QuicPacket> packet( - ConstructDataPacket(path_id, number, has_stop_waiting)); + ConstructDataPacket(number, has_stop_waiting)); char buffer[kMaxPacketSize]; size_t encrypted_length = peer_framer_.EncryptPayload( level, number, *packet, buffer, kMaxPacketSize); @@ -866,7 +871,7 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> { return encrypted_length; } - void ProcessClosePacket(QuicPathId path_id, QuicPacketNumber number) { + void ProcessClosePacket(QuicPacketNumber number) { std::unique_ptr<QuicPacket> packet(ConstructClosePacket(number)); char buffer[kMaxPacketSize]; size_t encrypted_length = peer_framer_.EncryptPayload( @@ -877,7 +882,7 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> { } QuicByteCount SendStreamDataToPeer(QuicStreamId id, - StringPiece data, + QuicStringPiece data, QuicStreamOffset offset, bool fin, QuicPacketNumber* last_packet) { @@ -913,11 +918,10 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> { ProcessFramePacket(QuicFrame(frame)); } - size_t ProcessStopWaitingPacketAtLevel(QuicPathId path_id, - QuicPacketNumber number, + size_t ProcessStopWaitingPacketAtLevel(QuicPacketNumber number, QuicStopWaitingFrame* frame, EncryptionLevel level) { - return ProcessFramePacketAtLevel(path_id, number, QuicFrame(frame), + return ProcessFramePacketAtLevel(number, QuicFrame(frame), ENCRYPTION_INITIAL); } @@ -925,10 +929,6 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> { ProcessFramePacket(QuicFrame(frame)); } - void ProcessPathClosePacket(QuicPathCloseFrame* frame) { - ProcessFramePacket(QuicFrame(frame)); - } - bool IsMissing(QuicPacketNumber number) { return IsAwaitingPacket(*outgoing_ack(), number, 0); } @@ -939,15 +939,13 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> { return packet; } - QuicPacket* ConstructDataPacket(QuicPathId path_id, - QuicPacketNumber number, + QuicPacket* ConstructDataPacket(QuicPacketNumber number, bool has_stop_waiting) { QuicPacketHeader header; header.public_header.connection_id = connection_id_; header.public_header.packet_number_length = packet_number_length_; header.public_header.connection_id_length = connection_id_length_; - header.public_header.multipath_flag = path_id != kDefaultPathId; - header.path_id = path_id; + header.public_header.multipath_flag = false; header.packet_number = number; QuicFrames frames; @@ -1012,7 +1010,7 @@ class QuicConnectionTest : public ::testing::TestWithParam<TestParams> { ConnectionCloseSource::FROM_SELF)); // Call ProcessDataPacket rather than ProcessPacket, as we should not get a // packet call to the visitor. - ProcessDataPacket(kDefaultPathId, 6000); + ProcessDataPacket(6000); EXPECT_FALSE(QuicConnectionPeer::GetConnectionClosePacket(&connection_) == nullptr); } @@ -1089,7 +1087,7 @@ TEST_P(QuicConnectionTest, SelfAddressChangeAtClient) { EXPECT_EQ(Perspective::IS_CLIENT, connection_.perspective()); EXPECT_TRUE(connection_.connected()); - QuicStreamFrame stream_frame(1u, false, 0u, StringPiece()); + QuicStreamFrame stream_frame(1u, false, 0u, QuicStringPiece()); EXPECT_CALL(visitor_, OnStreamFrame(_)); ProcessFramePacketWithAddresses(QuicFrame(&stream_frame), kSelfAddress, kPeerAddress); @@ -1112,7 +1110,7 @@ TEST_P(QuicConnectionTest, SelfAddressChangeAtServer) { EXPECT_EQ(Perspective::IS_SERVER, connection_.perspective()); EXPECT_TRUE(connection_.connected()); - QuicStreamFrame stream_frame(1u, false, 0u, StringPiece()); + QuicStreamFrame stream_frame(1u, false, 0u, QuicStringPiece()); EXPECT_CALL(visitor_, OnStreamFrame(_)); ProcessFramePacketWithAddresses(QuicFrame(&stream_frame), kSelfAddress, kPeerAddress); @@ -1135,7 +1133,7 @@ TEST_P(QuicConnectionTest, AllowSelfAddressChangeToMappedIpv4AddressAtServer) { EXPECT_EQ(Perspective::IS_SERVER, connection_.perspective()); EXPECT_TRUE(connection_.connected()); - QuicStreamFrame stream_frame(1u, false, 0u, StringPiece()); + QuicStreamFrame stream_frame(1u, false, 0u, QuicStringPiece()); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(3); QuicIpAddress host; host.FromString("1.1.1.1"); @@ -1164,7 +1162,7 @@ TEST_P(QuicConnectionTest, ClientAddressChangeAndPacketReordered) { QuicConnectionPeer::SetPeerAddress(&connection_, QuicSocketAddress()); QuicPacketCreatorPeer::SetPacketNumber(&peer_creator_, 5); - QuicStreamFrame stream_frame(1u, false, 0u, StringPiece()); + QuicStreamFrame stream_frame(1u, false, 0u, QuicStringPiece()); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(AnyNumber()); const QuicSocketAddress kNewPeerAddress = QuicSocketAddress(QuicIpAddress::Loopback6(), @@ -1203,7 +1201,6 @@ TEST_P(QuicConnectionTest, IncreaseServerMaxPacketSize) { QuicPacketHeader header; header.public_header.connection_id = connection_id_; header.public_header.version_flag = true; - header.path_id = kDefaultPathId; header.packet_number = 1; QuicFrames frames; @@ -1237,7 +1234,6 @@ TEST_P(QuicConnectionTest, IncreaseServerMaxPacketSizeWhileWriterLimited) { QuicPacketHeader header; header.public_header.connection_id = connection_id_; header.public_header.version_flag = true; - header.path_id = kDefaultPathId; header.packet_number = 1; QuicFrames frames; @@ -1286,15 +1282,15 @@ TEST_P(QuicConnectionTest, LimitMaxPacketSizeByWriterForNewConnection) { TEST_P(QuicConnectionTest, PacketsInOrder) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); - ProcessPacket(kDefaultPathId, 1); + ProcessPacket(1); EXPECT_EQ(1u, outgoing_ack()->largest_observed); EXPECT_EQ(1u, outgoing_ack()->packets.NumIntervals()); - ProcessPacket(kDefaultPathId, 2); + ProcessPacket(2); EXPECT_EQ(2u, outgoing_ack()->largest_observed); EXPECT_EQ(1u, outgoing_ack()->packets.NumIntervals()); - ProcessPacket(kDefaultPathId, 3); + ProcessPacket(3); EXPECT_EQ(3u, outgoing_ack()->largest_observed); EXPECT_EQ(1u, outgoing_ack()->packets.NumIntervals()); } @@ -1302,17 +1298,17 @@ TEST_P(QuicConnectionTest, PacketsInOrder) { TEST_P(QuicConnectionTest, PacketsOutOfOrder) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); - ProcessPacket(kDefaultPathId, 3); + ProcessPacket(3); EXPECT_EQ(3u, outgoing_ack()->largest_observed); EXPECT_TRUE(IsMissing(2)); EXPECT_TRUE(IsMissing(1)); - ProcessPacket(kDefaultPathId, 2); + ProcessPacket(2); EXPECT_EQ(3u, outgoing_ack()->largest_observed); EXPECT_FALSE(IsMissing(2)); EXPECT_TRUE(IsMissing(1)); - ProcessPacket(kDefaultPathId, 1); + ProcessPacket(1); EXPECT_EQ(3u, outgoing_ack()->largest_observed); EXPECT_FALSE(IsMissing(2)); EXPECT_FALSE(IsMissing(1)); @@ -1321,14 +1317,14 @@ TEST_P(QuicConnectionTest, PacketsOutOfOrder) { TEST_P(QuicConnectionTest, DuplicatePacket) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); - ProcessPacket(kDefaultPathId, 3); + ProcessPacket(3); EXPECT_EQ(3u, outgoing_ack()->largest_observed); EXPECT_TRUE(IsMissing(2)); EXPECT_TRUE(IsMissing(1)); // Send packet 3 again, but do not set the expectation that // the visitor OnStreamFrame() will be called. - ProcessDataPacket(kDefaultPathId, 3); + ProcessDataPacket(3); EXPECT_EQ(3u, outgoing_ack()->largest_observed); EXPECT_TRUE(IsMissing(2)); EXPECT_TRUE(IsMissing(1)); @@ -1337,16 +1333,16 @@ TEST_P(QuicConnectionTest, DuplicatePacket) { TEST_P(QuicConnectionTest, PacketsOutOfOrderWithAdditionsAndLeastAwaiting) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); - ProcessPacket(kDefaultPathId, 3); + ProcessPacket(3); EXPECT_EQ(3u, outgoing_ack()->largest_observed); EXPECT_TRUE(IsMissing(2)); EXPECT_TRUE(IsMissing(1)); - ProcessPacket(kDefaultPathId, 2); + ProcessPacket(2); EXPECT_EQ(3u, outgoing_ack()->largest_observed); EXPECT_TRUE(IsMissing(1)); - ProcessPacket(kDefaultPathId, 5); + ProcessPacket(5); EXPECT_EQ(5u, outgoing_ack()->largest_observed); EXPECT_TRUE(IsMissing(1)); EXPECT_TRUE(IsMissing(4)); @@ -1369,7 +1365,7 @@ TEST_P(QuicConnectionTest, RejectPacketTooFarOut) { ConnectionCloseSource::FROM_SELF)); // Call ProcessDataPacket rather than ProcessPacket, as we should not get a // packet call to the visitor. - ProcessDataPacket(kDefaultPathId, 6000); + ProcessDataPacket(6000); EXPECT_FALSE(QuicConnectionPeer::GetConnectionClosePacket(&connection_) == nullptr); } @@ -1380,7 +1376,7 @@ TEST_P(QuicConnectionTest, RejectUnencryptedStreamData) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); EXPECT_CALL(visitor_, OnConnectionClosed(QUIC_UNENCRYPTED_STREAM_DATA, _, ConnectionCloseSource::FROM_SELF)); - EXPECT_QUIC_BUG(ProcessDataPacket(kDefaultPathId, 1), ""); + EXPECT_QUIC_BUG(ProcessDataPacket(1), ""); EXPECT_FALSE(QuicConnectionPeer::GetConnectionClosePacket(&connection_) == nullptr); const std::vector<QuicConnectionCloseFrame>& connection_close_frames = @@ -1393,19 +1389,19 @@ TEST_P(QuicConnectionTest, RejectUnencryptedStreamData) { TEST_P(QuicConnectionTest, OutOfOrderReceiptCausesAckSend) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); - ProcessPacket(kDefaultPathId, 3); + ProcessPacket(3); // Should ack immediately since we have missing packets. EXPECT_EQ(1u, writer_->packets_write_attempts()); - ProcessPacket(kDefaultPathId, 2); + ProcessPacket(2); // Should ack immediately since we have missing packets. EXPECT_EQ(2u, writer_->packets_write_attempts()); - ProcessPacket(kDefaultPathId, 1); + ProcessPacket(1); // Should ack immediately, since this fills the last hole. EXPECT_EQ(3u, writer_->packets_write_attempts()); - ProcessPacket(kDefaultPathId, 4); + ProcessPacket(4); // Should not cause an ack. EXPECT_EQ(3u, writer_->packets_write_attempts()); } @@ -1475,7 +1471,11 @@ TEST_P(QuicConnectionTest, AckReceiptCausesAckSend) { OnPacketSent(_, _, _, _, HAS_RETRANSMITTABLE_DATA)); connection_.SendStreamDataWithString(3, "foo", 3, !kFin, nullptr); // Ack bundled. - EXPECT_EQ(3u, writer_->frame_count()); + if (GetParam().no_stop_waiting) { + EXPECT_EQ(2u, writer_->frame_count()); + } else { + EXPECT_EQ(3u, writer_->frame_count()); + } EXPECT_EQ(1u, writer_->stream_frames().size()); EXPECT_FALSE(writer_->ack_frames().empty()); @@ -1521,16 +1521,20 @@ TEST_P(QuicConnectionTest, LeastUnackedLower) { QuicPacketCreatorPeer::SetPacketNumber(&peer_creator_, 1); // The scheduler will not process out of order acks, but all packet processing // causes the connection to try to write. - EXPECT_CALL(visitor_, OnCanWrite()); + if (!GetParam().no_stop_waiting) { + EXPECT_CALL(visitor_, OnCanWrite()); + } QuicStopWaitingFrame frame2 = InitStopWaitingFrame(1); ProcessStopWaitingPacket(&frame2); // Now claim it's one, but set the ordering so it was sent "after" the first // one. This should cause a connection error. - EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)); QuicPacketCreatorPeer::SetPacketNumber(&peer_creator_, 7); - EXPECT_CALL(visitor_, OnConnectionClosed(QUIC_INVALID_STOP_WAITING_DATA, _, - ConnectionCloseSource::FROM_SELF)); + if (!GetParam().no_stop_waiting) { + EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)); + EXPECT_CALL(visitor_, OnConnectionClosed(QUIC_INVALID_STOP_WAITING_DATA, _, + ConnectionCloseSource::FROM_SELF)); + } QuicStopWaitingFrame frame3 = InitStopWaitingFrame(1); ProcessStopWaitingPacket(&frame3); } @@ -1556,7 +1560,7 @@ TEST_P(QuicConnectionTest, TooManyReceivedPackets) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); // Miss 99 of every 100 packets for 5500 packets. for (QuicPacketNumber i = 1; i < kMaxTrackedPackets + 500; i += 100) { - ProcessPacket(kDefaultPathId, i); + ProcessPacket(i); if (!connection_.connected()) { break; } @@ -1596,7 +1600,7 @@ TEST_P(QuicConnectionTest, AckUnsentData) { TEST_P(QuicConnectionTest, AckAll) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); - ProcessPacket(kDefaultPathId, 1); + ProcessPacket(1); QuicPacketCreatorPeer::SetPacketNumber(&peer_creator_, 1); QuicAckFrame frame1 = InitAckFrame(0); @@ -1610,15 +1614,30 @@ TEST_P(QuicConnectionTest, BasicSending) { EXPECT_EQ(1u, last_packet); SendAckPacketToPeer(); // Packet 2 - EXPECT_EQ(1u, least_unacked()); + if (GetParam().no_stop_waiting) { + // Expect no stop waiting frame is sent. + EXPECT_EQ(0u, least_unacked()); + } else { + EXPECT_EQ(1u, least_unacked()); + } SendAckPacketToPeer(); // Packet 3 - EXPECT_EQ(1u, least_unacked()); + if (GetParam().no_stop_waiting) { + // Expect no stop waiting frame is sent. + EXPECT_EQ(0u, least_unacked()); + } else { + EXPECT_EQ(1u, least_unacked()); + } SendStreamDataToPeer(1, "bar", 3, !kFin, &last_packet); // Packet 4 EXPECT_EQ(4u, last_packet); SendAckPacketToPeer(); // Packet 5 - EXPECT_EQ(1u, least_unacked()); + if (GetParam().no_stop_waiting) { + // Expect no stop waiting frame is sent. + EXPECT_EQ(0u, least_unacked()); + } else { + EXPECT_EQ(1u, least_unacked()); + } EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _, _)); @@ -1629,7 +1648,12 @@ TEST_P(QuicConnectionTest, BasicSending) { // As soon as we've acked one, we skip ack packets 2 and 3 and note lack of // ack for 4. - EXPECT_EQ(4u, least_unacked()); + if (GetParam().no_stop_waiting) { + // Expect no stop waiting frame is sent. + EXPECT_EQ(0u, least_unacked()); + } else { + EXPECT_EQ(4u, least_unacked()); + } EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _, _)); @@ -1641,17 +1665,32 @@ TEST_P(QuicConnectionTest, BasicSending) { EXPECT_EQ(6u, writer_->header().packet_number); // So the last ack has not changed. - EXPECT_EQ(4u, least_unacked()); + if (GetParam().no_stop_waiting) { + // Expect no stop waiting frame is sent. + EXPECT_EQ(0u, least_unacked()); + } else { + EXPECT_EQ(4u, least_unacked()); + } // If we force an ack, we shouldn't change our retransmit state. SendAckPacketToPeer(); // Packet 7 - EXPECT_EQ(7u, least_unacked()); + if (GetParam().no_stop_waiting) { + // Expect no stop waiting frame is sent. + EXPECT_EQ(0u, least_unacked()); + } else { + EXPECT_EQ(7u, least_unacked()); + } // But if we send more data it should. SendStreamDataToPeer(1, "eep", 6, !kFin, &last_packet); // Packet 8 EXPECT_EQ(8u, last_packet); SendAckPacketToPeer(); // Packet 9 - EXPECT_EQ(7u, least_unacked()); + if (GetParam().no_stop_waiting) { + // Expect no stop waiting frame is sent. + EXPECT_EQ(0u, least_unacked()); + } else { + EXPECT_EQ(7u, least_unacked()); + } } // QuicConnection should record the the packet sent-time prior to sending the @@ -1701,8 +1740,13 @@ TEST_P(QuicConnectionTest, FramePacking) { // Parse the last packet and ensure it's an ack and two stream frames from // two different streams. - EXPECT_EQ(4u, writer_->frame_count()); - EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + if (GetParam().no_stop_waiting) { + EXPECT_EQ(3u, writer_->frame_count()); + EXPECT_TRUE(writer_->stop_waiting_frames().empty()); + } else { + EXPECT_EQ(4u, writer_->frame_count()); + EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + } EXPECT_FALSE(writer_->ack_frames().empty()); ASSERT_EQ(2u, writer_->stream_frames().size()); EXPECT_EQ(kClientDataStreamId1, writer_->stream_frames()[0]->stream_id); @@ -1751,7 +1795,7 @@ TEST_P(QuicConnectionTest, FramePackingAckResponse) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); // Process a data packet to queue up a pending ack. EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacket(kDefaultPathId, 1); + ProcessDataPacket(1); EXPECT_CALL(visitor_, OnCanWrite()) .WillOnce(DoAll(IgnoreResult(InvokeWithoutArgs( @@ -1770,8 +1814,13 @@ TEST_P(QuicConnectionTest, FramePackingAckResponse) { // Parse the last packet and ensure it's an ack and two stream frames from // two different streams. - EXPECT_EQ(4u, writer_->frame_count()); - EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + if (GetParam().no_stop_waiting) { + EXPECT_EQ(3u, writer_->frame_count()); + EXPECT_TRUE(writer_->stop_waiting_frames().empty()); + } else { + EXPECT_EQ(4u, writer_->frame_count()); + EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + } EXPECT_FALSE(writer_->ack_frames().empty()); ASSERT_EQ(2u, writer_->stream_frames().size()); EXPECT_EQ(kClientDataStreamId1, writer_->stream_frames()[0]->stream_id); @@ -1800,7 +1849,7 @@ TEST_P(QuicConnectionTest, FramePackingSendv) { EXPECT_EQ(1u, writer_->stream_frames().size()); QuicStreamFrame* frame = writer_->stream_frames()[0].get(); EXPECT_EQ(1u, frame->stream_id); - EXPECT_EQ("ABCD", StringPiece(frame->data_buffer, frame->data_length)); + EXPECT_EQ("ABCD", QuicStringPiece(frame->data_buffer, frame->data_length)); } TEST_P(QuicConnectionTest, FramePackingSendvQueued) { @@ -2180,8 +2229,7 @@ TEST_P(QuicConnectionTest, RetransmitAckedPacket) { EXPECT_EQ(0u, connection_.NumQueuedPackets()); // We do not store retransmittable frames of this retransmission. - EXPECT_FALSE(QuicConnectionPeer::HasRetransmittableFrames(&connection_, - kDefaultPathId, 4)); + EXPECT_FALSE(QuicConnectionPeer::HasRetransmittableFrames(&connection_, 4)); } TEST_P(QuicConnectionTest, RetransmitNackedLargestObserved) { @@ -2284,8 +2332,7 @@ TEST_P(QuicConnectionTest, RetransmitWriteBlockedAckedOriginalThenSent) { connection_.OnCanWrite(); // There is now a pending packet, but with no retransmittable frames. EXPECT_FALSE(connection_.GetRetransmissionAlarm()->IsSet()); - EXPECT_FALSE(QuicConnectionPeer::HasRetransmittableFrames(&connection_, - ack.path_id, 2)); + EXPECT_FALSE(QuicConnectionPeer::HasRetransmittableFrames(&connection_, 2)); } TEST_P(QuicConnectionTest, AlarmsWhenWriteBlocked) { @@ -2389,8 +2436,13 @@ TEST_P(QuicConnectionTest, DontLatchUnackedPacket) { SendAckPacketToPeer(); // Packet 3 // Least_unacked remains at 3 until another ack is received. EXPECT_EQ(3u, stop_waiting()->least_unacked); - // Check that the outgoing ack had its packet number as least_unacked. - EXPECT_EQ(3u, least_unacked()); + if (GetParam().no_stop_waiting) { + // Expect no stop waiting frame is sent. + EXPECT_EQ(0u, least_unacked()); + } else { + // Check that the outgoing ack had its packet number as least_unacked. + EXPECT_EQ(3u, least_unacked()); + } // Ack the ack, which updates the rtt and raises the least unacked. EXPECT_CALL(*send_algorithm_, OnCongestionEvent(true, _, _, _, _)); @@ -2404,7 +2456,12 @@ TEST_P(QuicConnectionTest, DontLatchUnackedPacket) { ON_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)) .WillByDefault(Return(false)); SendAckPacketToPeer(); // Packet 5 - EXPECT_EQ(4u, least_unacked()); + if (GetParam().no_stop_waiting) { + // Expect no stop waiting frame is sent. + EXPECT_EQ(0u, least_unacked()); + } else { + EXPECT_EQ(4u, least_unacked()); + } // Send two data packets at the end, and ensure if the last one is acked, // the least unacked is raised above the ack packets. @@ -2574,8 +2631,7 @@ TEST_P(QuicConnectionTest, BufferNonDecryptablePackets) { // Process an encrypted packet which can not yet be decrypted which should // result in the packet being buffered. - ProcessDataPacketAtLevel(kDefaultPathId, 1, !kHasStopWaiting, - ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(1, !kHasStopWaiting, ENCRYPTION_INITIAL); // Transition to the new encryption state and process another encrypted packet // which should result in the original packet being processed. @@ -2583,14 +2639,12 @@ TEST_P(QuicConnectionTest, BufferNonDecryptablePackets) { connection_.SetDefaultEncryptionLevel(ENCRYPTION_INITIAL); connection_.SetEncrypter(ENCRYPTION_INITIAL, new TaggingEncrypter(tag)); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(2); - ProcessDataPacketAtLevel(kDefaultPathId, 2, !kHasStopWaiting, - ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(2, !kHasStopWaiting, ENCRYPTION_INITIAL); // Finally, process a third packet and note that we do not reprocess the // buffered packet. EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, 3, !kHasStopWaiting, - ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(3, !kHasStopWaiting, ENCRYPTION_INITIAL); } TEST_P(QuicConnectionTest, Buffer100NonDecryptablePackets) { @@ -2608,8 +2662,7 @@ TEST_P(QuicConnectionTest, Buffer100NonDecryptablePackets) { // Process an encrypted packet which can not yet be decrypted which should // result in the packet being buffered. for (QuicPacketNumber i = 1; i <= 100; ++i) { - ProcessDataPacketAtLevel(kDefaultPathId, i, !kHasStopWaiting, - ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(i, !kHasStopWaiting, ENCRYPTION_INITIAL); } // Transition to the new encryption state and process another encrypted packet @@ -2618,14 +2671,12 @@ TEST_P(QuicConnectionTest, Buffer100NonDecryptablePackets) { connection_.SetDefaultEncryptionLevel(ENCRYPTION_INITIAL); connection_.SetEncrypter(ENCRYPTION_INITIAL, new TaggingEncrypter(tag)); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(101); - ProcessDataPacketAtLevel(kDefaultPathId, 101, !kHasStopWaiting, - ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(101, !kHasStopWaiting, ENCRYPTION_INITIAL); // Finally, process a third packet and note that we do not reprocess the // buffered packet. EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, 102, !kHasStopWaiting, - ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(102, !kHasStopWaiting, ENCRYPTION_INITIAL); } TEST_P(QuicConnectionTest, TestRetransmitOrder) { @@ -3252,7 +3303,7 @@ TEST_P(QuicConnectionTest, TimeoutAfterRetransmission) { const QuicTime receive_time = send_time + five_ms; clock_.AdvanceTime(receive_time - clock_.Now()); ASSERT_EQ(receive_time, clock_.Now()); - ProcessPacket(kDefaultPathId, 1); + ProcessPacket(1); // Now move forward to the retransmission time and retransmit the // packet, which should move the timeout forward again (but will not @@ -3497,10 +3548,10 @@ TEST_P(QuicConnectionTest, TimeoutAfter5ClientRTOs) { TEST_P(QuicConnectionTest, SendScheduler) { // Test that if we send a packet without delay, it is not queued. - QuicPacket* packet = ConstructDataPacket(kDefaultPathId, 1, !kHasStopWaiting); + QuicPacket* packet = ConstructDataPacket(1, !kHasStopWaiting); EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)); - connection_.SendPacket(ENCRYPTION_NONE, kDefaultPathId, 1, packet, - HAS_RETRANSMITTABLE_DATA, false, false); + connection_.SendPacket(ENCRYPTION_NONE, 1, packet, HAS_RETRANSMITTABLE_DATA, + false, false); EXPECT_EQ(0u, connection_.NumQueuedPackets()); } @@ -3508,18 +3559,18 @@ TEST_P(QuicConnectionTest, FailToSendFirstPacket) { // Test that the connection does not crash when it fails to send the first // packet at which point self_address_ might be uninitialized. EXPECT_CALL(visitor_, OnConnectionClosed(_, _, _)).Times(1); - QuicPacket* packet = ConstructDataPacket(kDefaultPathId, 1, !kHasStopWaiting); + QuicPacket* packet = ConstructDataPacket(1, !kHasStopWaiting); writer_->SetShouldWriteFail(); - connection_.SendPacket(ENCRYPTION_NONE, kDefaultPathId, 1, packet, - HAS_RETRANSMITTABLE_DATA, false, false); + connection_.SendPacket(ENCRYPTION_NONE, 1, packet, HAS_RETRANSMITTABLE_DATA, + false, false); } TEST_P(QuicConnectionTest, SendSchedulerEAGAIN) { - QuicPacket* packet = ConstructDataPacket(kDefaultPathId, 1, !kHasStopWaiting); + QuicPacket* packet = ConstructDataPacket(1, !kHasStopWaiting); BlockOnNextWrite(); EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, 1, _, _)).Times(0); - connection_.SendPacket(ENCRYPTION_NONE, kDefaultPathId, 1, packet, - HAS_RETRANSMITTABLE_DATA, false, false); + connection_.SendPacket(ENCRYPTION_NONE, 1, packet, HAS_RETRANSMITTABLE_DATA, + false, false); EXPECT_EQ(1u, connection_.NumQueuedPackets()); } @@ -3604,8 +3655,7 @@ TEST_P(QuicConnectionTest, SendDelayedAck) { // The same as ProcessPacket(1) except that ENCRYPTION_INITIAL is used // instead of ENCRYPTION_NONE. EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, 1, !kHasStopWaiting, - ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(1, !kHasStopWaiting, ENCRYPTION_INITIAL); // Check if delayed ack timer is running for the expected interval. EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); @@ -3613,8 +3663,13 @@ TEST_P(QuicConnectionTest, SendDelayedAck) { // Simulate delayed ack alarm firing. connection_.GetAckAlarm()->Fire(); // Check that ack is sent and that delayed ack alarm is reset. - EXPECT_EQ(2u, writer_->frame_count()); - EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + if (GetParam().no_stop_waiting) { + EXPECT_EQ(1u, writer_->frame_count()); + EXPECT_TRUE(writer_->stop_waiting_frames().empty()); + } else { + EXPECT_EQ(2u, writer_->frame_count()); + EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + } EXPECT_FALSE(writer_->ack_frames().empty()); EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); } @@ -3642,15 +3697,14 @@ TEST_P(QuicConnectionTest, SendDelayedAckDecimation) { QuicPacketNumber kFirstDecimatedPacket = 101; for (unsigned int i = 0; i < kFirstDecimatedPacket - 1; ++i) { EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, 1 + i, !kHasStopWaiting, - ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(1 + i, !kHasStopWaiting, ENCRYPTION_INITIAL); } EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); // The same as ProcessPacket(1) except that ENCRYPTION_INITIAL is used // instead of ENCRYPTION_NONE. EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket, - !kHasStopWaiting, ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(kFirstDecimatedPacket, !kHasStopWaiting, + ENCRYPTION_INITIAL); // Check if delayed ack timer is running for the expected interval. EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); @@ -3660,12 +3714,17 @@ TEST_P(QuicConnectionTest, SendDelayedAckDecimation) { for (int i = 0; i < 9; ++i) { EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket + 1 + i, - !kHasStopWaiting, ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(kFirstDecimatedPacket + 1 + i, !kHasStopWaiting, + ENCRYPTION_INITIAL); } // Check that ack is sent and that delayed ack alarm is reset. - EXPECT_EQ(2u, writer_->frame_count()); - EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + if (GetParam().no_stop_waiting) { + EXPECT_EQ(1u, writer_->frame_count()); + EXPECT_TRUE(writer_->stop_waiting_frames().empty()); + } else { + EXPECT_EQ(2u, writer_->frame_count()); + EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + } EXPECT_FALSE(writer_->ack_frames().empty()); EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); } @@ -3694,15 +3753,14 @@ TEST_P(QuicConnectionTest, SendDelayedAckDecimationEighthRtt) { QuicPacketNumber kFirstDecimatedPacket = 101; for (unsigned int i = 0; i < kFirstDecimatedPacket - 1; ++i) { EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, 1 + i, !kHasStopWaiting, - ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(1 + i, !kHasStopWaiting, ENCRYPTION_INITIAL); } EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); // The same as ProcessPacket(1) except that ENCRYPTION_INITIAL is used // instead of ENCRYPTION_NONE. EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket, - !kHasStopWaiting, ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(kFirstDecimatedPacket, !kHasStopWaiting, + ENCRYPTION_INITIAL); // Check if delayed ack timer is running for the expected interval. EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); @@ -3712,12 +3770,17 @@ TEST_P(QuicConnectionTest, SendDelayedAckDecimationEighthRtt) { for (int i = 0; i < 9; ++i) { EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket + 1 + i, - !kHasStopWaiting, ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(kFirstDecimatedPacket + 1 + i, !kHasStopWaiting, + ENCRYPTION_INITIAL); } // Check that ack is sent and that delayed ack alarm is reset. - EXPECT_EQ(2u, writer_->frame_count()); - EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + if (GetParam().no_stop_waiting) { + EXPECT_EQ(1u, writer_->frame_count()); + EXPECT_TRUE(writer_->stop_waiting_frames().empty()); + } else { + EXPECT_EQ(2u, writer_->frame_count()); + EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + } EXPECT_FALSE(writer_->ack_frames().empty()); EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); } @@ -3746,15 +3809,14 @@ TEST_P(QuicConnectionTest, SendDelayedAckDecimationWithReordering) { QuicPacketNumber kFirstDecimatedPacket = 101; for (unsigned int i = 0; i < kFirstDecimatedPacket - 1; ++i) { EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, 1 + i, !kHasStopWaiting, - ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(1 + i, !kHasStopWaiting, ENCRYPTION_INITIAL); } EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); // The same as ProcessPacket(1) except that ENCRYPTION_INITIAL is used // instead of ENCRYPTION_NONE. EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket, - !kHasStopWaiting, ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(kFirstDecimatedPacket, !kHasStopWaiting, + ENCRYPTION_INITIAL); // Check if delayed ack timer is running for the expected interval. EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); @@ -3762,8 +3824,8 @@ TEST_P(QuicConnectionTest, SendDelayedAckDecimationWithReordering) { // Process packet 10 first and ensure the alarm is one eighth min_rtt. EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket + 9, - !kHasStopWaiting, ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(kFirstDecimatedPacket + 9, !kHasStopWaiting, + ENCRYPTION_INITIAL); ack_time = clock_.ApproximateNow() + QuicTime::Delta::FromMilliseconds(5); EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); EXPECT_EQ(ack_time, connection_.GetAckAlarm()->deadline()); @@ -3772,12 +3834,17 @@ TEST_P(QuicConnectionTest, SendDelayedAckDecimationWithReordering) { for (int i = 0; i < 8; ++i) { EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket + 1 + i, - !kHasStopWaiting, ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(kFirstDecimatedPacket + 1 + i, !kHasStopWaiting, + ENCRYPTION_INITIAL); } // Check that ack is sent and that delayed ack alarm is reset. - EXPECT_EQ(2u, writer_->frame_count()); - EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + if (GetParam().no_stop_waiting) { + EXPECT_EQ(1u, writer_->frame_count()); + EXPECT_TRUE(writer_->stop_waiting_frames().empty()); + } else { + EXPECT_EQ(2u, writer_->frame_count()); + EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + } EXPECT_FALSE(writer_->ack_frames().empty()); EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); } @@ -3806,15 +3873,14 @@ TEST_P(QuicConnectionTest, SendDelayedAckDecimationWithLargeReordering) { QuicPacketNumber kFirstDecimatedPacket = 101; for (unsigned int i = 0; i < kFirstDecimatedPacket - 1; ++i) { EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, 1 + i, !kHasStopWaiting, - ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(1 + i, !kHasStopWaiting, ENCRYPTION_INITIAL); } EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); // The same as ProcessPacket(1) except that ENCRYPTION_INITIAL is used // instead of ENCRYPTION_NONE. EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket, - !kHasStopWaiting, ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(kFirstDecimatedPacket, !kHasStopWaiting, + ENCRYPTION_INITIAL); // Check if delayed ack timer is running for the expected interval. EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); @@ -3822,8 +3888,8 @@ TEST_P(QuicConnectionTest, SendDelayedAckDecimationWithLargeReordering) { // Process packet 10 first and ensure the alarm is one eighth min_rtt. EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket + 19, - !kHasStopWaiting, ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(kFirstDecimatedPacket + 19, !kHasStopWaiting, + ENCRYPTION_INITIAL); ack_time = clock_.ApproximateNow() + QuicTime::Delta::FromMilliseconds(5); EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); EXPECT_EQ(ack_time, connection_.GetAckAlarm()->deadline()); @@ -3832,12 +3898,17 @@ TEST_P(QuicConnectionTest, SendDelayedAckDecimationWithLargeReordering) { for (int i = 0; i < 8; ++i) { EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket + 1 + i, - !kHasStopWaiting, ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(kFirstDecimatedPacket + 1 + i, !kHasStopWaiting, + ENCRYPTION_INITIAL); } // Check that ack is sent and that delayed ack alarm is reset. - EXPECT_EQ(2u, writer_->frame_count()); - EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + if (GetParam().no_stop_waiting) { + EXPECT_EQ(1u, writer_->frame_count()); + EXPECT_TRUE(writer_->stop_waiting_frames().empty()); + } else { + EXPECT_EQ(2u, writer_->frame_count()); + EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + } EXPECT_FALSE(writer_->ack_frames().empty()); EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); @@ -3845,11 +3916,16 @@ TEST_P(QuicConnectionTest, SendDelayedAckDecimationWithLargeReordering) { // because it fills a hole. EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket + 10, - !kHasStopWaiting, ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(kFirstDecimatedPacket + 10, !kHasStopWaiting, + ENCRYPTION_INITIAL); // Check that ack is sent and that delayed ack alarm is reset. - EXPECT_EQ(2u, writer_->frame_count()); - EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + if (GetParam().no_stop_waiting) { + EXPECT_EQ(1u, writer_->frame_count()); + EXPECT_TRUE(writer_->stop_waiting_frames().empty()); + } else { + EXPECT_EQ(2u, writer_->frame_count()); + EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + } EXPECT_FALSE(writer_->ack_frames().empty()); EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); } @@ -3879,15 +3955,14 @@ TEST_P(QuicConnectionTest, SendDelayedAckDecimationWithReorderingEighthRtt) { QuicPacketNumber kFirstDecimatedPacket = 101; for (unsigned int i = 0; i < kFirstDecimatedPacket - 1; ++i) { EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, 1 + i, !kHasStopWaiting, - ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(1 + i, !kHasStopWaiting, ENCRYPTION_INITIAL); } EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); // The same as ProcessPacket(1) except that ENCRYPTION_INITIAL is used // instead of ENCRYPTION_NONE. EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket, - !kHasStopWaiting, ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(kFirstDecimatedPacket, !kHasStopWaiting, + ENCRYPTION_INITIAL); // Check if delayed ack timer is running for the expected interval. EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); @@ -3895,8 +3970,8 @@ TEST_P(QuicConnectionTest, SendDelayedAckDecimationWithReorderingEighthRtt) { // Process packet 10 first and ensure the alarm is one eighth min_rtt. EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket + 9, - !kHasStopWaiting, ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(kFirstDecimatedPacket + 9, !kHasStopWaiting, + ENCRYPTION_INITIAL); ack_time = clock_.ApproximateNow() + QuicTime::Delta::FromMilliseconds(5); EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); EXPECT_EQ(ack_time, connection_.GetAckAlarm()->deadline()); @@ -3905,12 +3980,17 @@ TEST_P(QuicConnectionTest, SendDelayedAckDecimationWithReorderingEighthRtt) { for (int i = 0; i < 8; ++i) { EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket + 1 + i, - !kHasStopWaiting, ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(kFirstDecimatedPacket + 1 + i, !kHasStopWaiting, + ENCRYPTION_INITIAL); } // Check that ack is sent and that delayed ack alarm is reset. - EXPECT_EQ(2u, writer_->frame_count()); - EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + if (GetParam().no_stop_waiting) { + EXPECT_EQ(1u, writer_->frame_count()); + EXPECT_TRUE(writer_->stop_waiting_frames().empty()); + } else { + EXPECT_EQ(2u, writer_->frame_count()); + EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + } EXPECT_FALSE(writer_->ack_frames().empty()); EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); } @@ -3941,15 +4021,14 @@ TEST_P(QuicConnectionTest, QuicPacketNumber kFirstDecimatedPacket = 101; for (unsigned int i = 0; i < kFirstDecimatedPacket - 1; ++i) { EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, 1 + i, !kHasStopWaiting, - ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(1 + i, !kHasStopWaiting, ENCRYPTION_INITIAL); } EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); // The same as ProcessPacket(1) except that ENCRYPTION_INITIAL is used // instead of ENCRYPTION_NONE. EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket, - !kHasStopWaiting, ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(kFirstDecimatedPacket, !kHasStopWaiting, + ENCRYPTION_INITIAL); // Check if delayed ack timer is running for the expected interval. EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); @@ -3957,8 +4036,8 @@ TEST_P(QuicConnectionTest, // Process packet 10 first and ensure the alarm is one eighth min_rtt. EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket + 19, - !kHasStopWaiting, ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(kFirstDecimatedPacket + 19, !kHasStopWaiting, + ENCRYPTION_INITIAL); ack_time = clock_.ApproximateNow() + QuicTime::Delta::FromMilliseconds(5); EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); EXPECT_EQ(ack_time, connection_.GetAckAlarm()->deadline()); @@ -3967,12 +4046,17 @@ TEST_P(QuicConnectionTest, for (int i = 0; i < 8; ++i) { EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket + 1 + i, - !kHasStopWaiting, ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(kFirstDecimatedPacket + 1 + i, !kHasStopWaiting, + ENCRYPTION_INITIAL); } // Check that ack is sent and that delayed ack alarm is reset. - EXPECT_EQ(2u, writer_->frame_count()); - EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + if (GetParam().no_stop_waiting) { + EXPECT_EQ(1u, writer_->frame_count()); + EXPECT_TRUE(writer_->stop_waiting_frames().empty()); + } else { + EXPECT_EQ(2u, writer_->frame_count()); + EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + } EXPECT_FALSE(writer_->ack_frames().empty()); EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); @@ -3980,18 +4064,23 @@ TEST_P(QuicConnectionTest, // because it fills a hole. EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); EXPECT_CALL(visitor_, OnStreamFrame(_)).Times(1); - ProcessDataPacketAtLevel(kDefaultPathId, kFirstDecimatedPacket + 10, - !kHasStopWaiting, ENCRYPTION_INITIAL); + ProcessDataPacketAtLevel(kFirstDecimatedPacket + 10, !kHasStopWaiting, + ENCRYPTION_INITIAL); // Check that ack is sent and that delayed ack alarm is reset. - EXPECT_EQ(2u, writer_->frame_count()); - EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + if (GetParam().no_stop_waiting) { + EXPECT_EQ(1u, writer_->frame_count()); + EXPECT_TRUE(writer_->stop_waiting_frames().empty()); + } else { + EXPECT_EQ(2u, writer_->frame_count()); + EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + } EXPECT_FALSE(writer_->ack_frames().empty()); EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); } TEST_P(QuicConnectionTest, SendDelayedAckOnHandshakeConfirmed) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); - ProcessPacket(kDefaultPathId, 1); + ProcessPacket(1); // Check that ack is sent and that delayed ack alarm is set. EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); QuicTime ack_time = clock_.ApproximateNow() + DefaultDelayedAckTime(); @@ -4012,11 +4101,16 @@ TEST_P(QuicConnectionTest, SendDelayedAckOnHandshakeConfirmed) { TEST_P(QuicConnectionTest, SendDelayedAckOnSecondPacket) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); - ProcessPacket(kDefaultPathId, 1); - ProcessPacket(kDefaultPathId, 2); + ProcessPacket(1); + ProcessPacket(2); // Check that ack is sent and that delayed ack alarm is reset. - EXPECT_EQ(2u, writer_->frame_count()); - EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + if (GetParam().no_stop_waiting) { + EXPECT_EQ(1u, writer_->frame_count()); + EXPECT_TRUE(writer_->stop_waiting_frames().empty()); + } else { + EXPECT_EQ(2u, writer_->frame_count()); + EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + } EXPECT_FALSE(writer_->ack_frames().empty()); EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); } @@ -4024,56 +4118,66 @@ TEST_P(QuicConnectionTest, SendDelayedAckOnSecondPacket) { TEST_P(QuicConnectionTest, NoAckOnOldNacks) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); // Drop one packet, triggering a sequence of acks. - ProcessPacket(kDefaultPathId, 2); - size_t frames_per_ack = 2; + ProcessPacket(2); + size_t frames_per_ack = GetParam().no_stop_waiting ? 1 : 2; EXPECT_EQ(frames_per_ack, writer_->frame_count()); EXPECT_FALSE(writer_->ack_frames().empty()); writer_->Reset(); - ProcessPacket(kDefaultPathId, 3); + ProcessPacket(3); EXPECT_EQ(frames_per_ack, writer_->frame_count()); EXPECT_FALSE(writer_->ack_frames().empty()); writer_->Reset(); - ProcessPacket(kDefaultPathId, 4); + ProcessPacket(4); EXPECT_EQ(frames_per_ack, writer_->frame_count()); EXPECT_FALSE(writer_->ack_frames().empty()); writer_->Reset(); - ProcessPacket(kDefaultPathId, 5); + ProcessPacket(5); EXPECT_EQ(frames_per_ack, writer_->frame_count()); EXPECT_FALSE(writer_->ack_frames().empty()); writer_->Reset(); // Now only set the timer on the 6th packet, instead of sending another ack. - ProcessPacket(kDefaultPathId, 6); + ProcessPacket(6); EXPECT_EQ(0u, writer_->frame_count()); EXPECT_TRUE(connection_.GetAckAlarm()->IsSet()); } TEST_P(QuicConnectionTest, SendDelayedAckOnOutgoingPacket) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); - ProcessPacket(kDefaultPathId, 1); + ProcessPacket(1); connection_.SendStreamDataWithString(kClientDataStreamId1, "foo", 0, !kFin, nullptr); // Check that ack is bundled with outgoing data and that delayed ack // alarm is reset. - EXPECT_EQ(3u, writer_->frame_count()); - EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + if (GetParam().no_stop_waiting) { + EXPECT_EQ(2u, writer_->frame_count()); + EXPECT_TRUE(writer_->stop_waiting_frames().empty()); + } else { + EXPECT_EQ(3u, writer_->frame_count()); + EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + } EXPECT_FALSE(writer_->ack_frames().empty()); EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); } TEST_P(QuicConnectionTest, SendDelayedAckOnOutgoingCryptoPacket) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); - ProcessPacket(kDefaultPathId, 1); + ProcessPacket(1); connection_.SendStreamDataWithString(kCryptoStreamId, "foo", 0, !kFin, nullptr); // Check that ack is bundled with outgoing crypto data. - EXPECT_EQ(3u, writer_->frame_count()); - EXPECT_FALSE(writer_->ack_frames().empty()); + if (GetParam().no_stop_waiting) { + EXPECT_EQ(2u, writer_->frame_count()); + EXPECT_TRUE(writer_->stop_waiting_frames().empty()); + } else { + EXPECT_EQ(3u, writer_->frame_count()); + EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + } EXPECT_FALSE(connection_.GetAckAlarm()->IsSet()); } TEST_P(QuicConnectionTest, BlockAndBufferOnFirstCHLOPacketOfTwo) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); - ProcessPacket(kDefaultPathId, 1); + ProcessPacket(1); BlockOnNextWrite(); writer_->set_is_write_blocked_data_buffered(true); connection_.SendStreamDataWithString(kCryptoStreamId, "foo", 0, !kFin, @@ -4095,10 +4199,15 @@ TEST_P(QuicConnectionTest, BundleAckForSecondCHLO) { // Process a packet from the crypto stream, which is frame1_'s default. // Receiving the CHLO as packet 2 first will cause the connection to // immediately send an ack, due to the packet gap. - ProcessPacket(kDefaultPathId, 2); + ProcessPacket(2); // Check that ack is sent and that delayed ack alarm is reset. - EXPECT_EQ(3u, writer_->frame_count()); - EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + if (GetParam().no_stop_waiting) { + EXPECT_EQ(2u, writer_->frame_count()); + EXPECT_TRUE(writer_->stop_waiting_frames().empty()); + } else { + EXPECT_EQ(3u, writer_->frame_count()); + EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + } EXPECT_EQ(1u, writer_->stream_frames().size()); EXPECT_FALSE(writer_->ack_frames().empty()); EXPECT_EQ(2u, writer_->ack_frames().front().largest_observed); @@ -4112,16 +4221,21 @@ TEST_P(QuicConnectionTest, BundleAckForSecondCHLOTwoPacketReject) { // Process two packets from the crypto stream, which is frame1_'s default, // simulating a 2 packet reject. { - ProcessPacket(kDefaultPathId, 1); + ProcessPacket(1); // Send the new CHLO when the REJ is processed. EXPECT_CALL(visitor_, OnStreamFrame(_)) .WillOnce(IgnoreResult(InvokeWithoutArgs( &connection_, &TestConnection::SendCryptoStreamData))); - ProcessDataPacket(kDefaultPathId, 2); + ProcessDataPacket(2); } // Check that ack is sent and that delayed ack alarm is reset. - EXPECT_EQ(3u, writer_->frame_count()); - EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + if (GetParam().no_stop_waiting) { + EXPECT_EQ(2u, writer_->frame_count()); + EXPECT_TRUE(writer_->stop_waiting_frames().empty()); + } else { + EXPECT_EQ(3u, writer_->frame_count()); + EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + } EXPECT_EQ(1u, writer_->stream_frames().size()); EXPECT_FALSE(writer_->ack_frames().empty()); EXPECT_EQ(2u, writer_->ack_frames().front().largest_observed); @@ -4171,8 +4285,13 @@ TEST_P(QuicConnectionTest, BundleAckWithDataOnIncomingAck) { // Check that ack is bundled with outgoing data and the delayed ack // alarm is reset. - EXPECT_EQ(3u, writer_->frame_count()); - EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + if (GetParam().no_stop_waiting) { + EXPECT_EQ(2u, writer_->frame_count()); + EXPECT_TRUE(writer_->stop_waiting_frames().empty()); + } else { + EXPECT_EQ(3u, writer_->frame_count()); + EXPECT_FALSE(writer_->stop_waiting_frames().empty()); + } EXPECT_FALSE(writer_->ack_frames().empty()); EXPECT_EQ(3u, writer_->ack_frames().front().largest_observed); EXPECT_EQ(1u, writer_->stream_frames().size()); @@ -4181,11 +4300,11 @@ TEST_P(QuicConnectionTest, BundleAckWithDataOnIncomingAck) { TEST_P(QuicConnectionTest, NoAckSentForClose) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); - ProcessPacket(kDefaultPathId, 1); + ProcessPacket(1); EXPECT_CALL(visitor_, OnConnectionClosed(QUIC_PEER_GOING_AWAY, _, ConnectionCloseSource::FROM_PEER)); EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)).Times(0); - ProcessClosePacket(kDefaultPathId, 2); + ProcessClosePacket(2); } TEST_P(QuicConnectionTest, SendWhenDisconnected) { @@ -4196,10 +4315,10 @@ TEST_P(QuicConnectionTest, SendWhenDisconnected) { ConnectionCloseBehavior::SILENT_CLOSE); EXPECT_FALSE(connection_.connected()); EXPECT_FALSE(connection_.CanWriteStreamData()); - QuicPacket* packet = ConstructDataPacket(kDefaultPathId, 1, !kHasStopWaiting); + QuicPacket* packet = ConstructDataPacket(1, !kHasStopWaiting); EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, 1, _, _)).Times(0); - connection_.SendPacket(ENCRYPTION_NONE, kDefaultPathId, 1, packet, - HAS_RETRANSMITTABLE_DATA, false, false); + connection_.SendPacket(ENCRYPTION_NONE, 1, packet, HAS_RETRANSMITTABLE_DATA, + false, false); } TEST_P(QuicConnectionTest, PublicReset) { @@ -4273,7 +4392,6 @@ TEST_P(QuicConnectionTest, ServerSendsVersionNegotiationPacket) { QuicPacketHeader header; header.public_header.connection_id = connection_id_; header.public_header.version_flag = true; - header.path_id = kDefaultPathId; header.packet_number = 12; QuicFrames frames; @@ -4388,7 +4506,6 @@ TEST_P(QuicConnectionTest, ClientHandlesVersionNegotiation) { // NEGOTIATED_VERSION state and tell the packet creator to StopSendingVersion. QuicPacketHeader header; header.public_header.connection_id = connection_id_; - header.path_id = kDefaultPathId; header.packet_number = 12; header.public_header.version_flag = false; QuicFrames frames; @@ -4726,8 +4843,6 @@ TEST_P(QuicConnectionTest, OnPacketHeaderDebugVisitor) { } TEST_P(QuicConnectionTest, Pacing) { - // static_cast here does not work if using multipath_sent_packet_manager. - FLAGS_quic_reloadable_flag_quic_enable_multipath = false; TestConnection server(connection_id_, kSelfAddress, helper_.get(), alarm_factory_.get(), writer_.get(), Perspective::IS_SERVER, version()); @@ -4858,32 +4973,6 @@ TEST_P(QuicConnectionTest, SendingUnencryptedStreamDataFails) { EXPECT_FALSE(connection_.connected()); } -TEST_P(QuicConnectionTest, EnableMultipathNegotiation) { - // Test multipath negotiation during crypto handshake. Multipath is enabled - // when both endpoints enable multipath. - FLAGS_quic_reloadable_flag_quic_enable_multipath = true; - EXPECT_TRUE(connection_.connected()); - EXPECT_FALSE(QuicConnectionPeer::IsMultipathEnabled(&connection_)); - EXPECT_CALL(*send_algorithm_, SetFromConfig(_, _)); - QuicConfig config; - // Enable multipath on server side. - config.SetMultipathEnabled(true); - - // Create a handshake message enables multipath. - CryptoHandshakeMessage msg; - string error_details; - QuicConfig client_config; - // Enable multipath on client side. - client_config.SetMultipathEnabled(true); - client_config.ToHandshakeMessage(&msg); - const QuicErrorCode error = - config.ProcessPeerHello(msg, CLIENT, &error_details); - EXPECT_EQ(QUIC_NO_ERROR, error); - - connection_.SetFromConfig(config); - EXPECT_TRUE(QuicConnectionPeer::IsMultipathEnabled(&connection_)); -} - TEST_P(QuicConnectionTest, OnPathDegrading) { QuicByteCount packet_size; const size_t kMinTimeoutsBeforePathDegrading = 2; @@ -4932,7 +5021,8 @@ TEST_P(QuicConnectionTest, ServerReceivesChloOnNonCryptoStream) { CryptoHandshakeMessage message; CryptoFramer framer; message.set_tag(kCHLO); - std::unique_ptr<QuicData> data(framer.ConstructHandshakeMessage(message)); + std::unique_ptr<QuicData> data( + framer.ConstructHandshakeMessage(message, Perspective::IS_CLIENT)); frame1_.stream_id = 10; frame1_.data_buffer = data->data(); frame1_.data_length = data->length(); @@ -4948,7 +5038,8 @@ TEST_P(QuicConnectionTest, ClientReceivesRejOnNonCryptoStream) { CryptoHandshakeMessage message; CryptoFramer framer; message.set_tag(kREJ); - std::unique_ptr<QuicData> data(framer.ConstructHandshakeMessage(message)); + std::unique_ptr<QuicData> data( + framer.ConstructHandshakeMessage(message, Perspective::IS_SERVER)); frame1_.stream_id = 10; frame1_.data_buffer = data->data(); frame1_.data_length = data->length(); @@ -5020,7 +5111,7 @@ TEST_P(QuicConnectionTest, NotBecomeApplicationLimitedDueToWriteBlock) { TEST_P(QuicConnectionTest, DonotForceSendingAckOnPacketTooLarge) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); // Send an ack by simulating delayed ack alarm firing. - ProcessPacket(kDefaultPathId, 1); + ProcessPacket(1); QuicAlarm* ack_alarm = QuicConnectionPeer::GetAckAlarm(&connection_); EXPECT_TRUE(ack_alarm->IsSet()); connection_.GetAckAlarm()->Fire(); diff --git a/chromium/net/quic/core/quic_constants.h b/chromium/net/quic/core/quic_constants.h index 8560e9014bb..9cf0e6c7a34 100644 --- a/chromium/net/quic/core/quic_constants.h +++ b/chromium/net/quic/core/quic_constants.h @@ -171,11 +171,6 @@ const uint64_t kUFloat16MaxValue = // 0x3FFC0000000 ((UINT64_C(1) << kUFloat16MantissaEffectiveBits) - 1) << kUFloat16MaxExponent; -// Default path ID. -const QuicPathId kDefaultPathId = 0; -// Invalid path ID. -const QuicPathId kInvalidPathId = 0xff; - // kDiversificationNonceSize is the size, in bytes, of the nonce that a server // may set in the packet header to ensure that its INITIAL keys are not // duplicated. diff --git a/chromium/net/quic/core/quic_crypto_client_stream.cc b/chromium/net/quic/core/quic_crypto_client_stream.cc index f7fba7600bd..ee8d6432dd3 100644 --- a/chromium/net/quic/core/quic_crypto_client_stream.cc +++ b/chromium/net/quic/core/quic_crypto_client_stream.cc @@ -143,9 +143,10 @@ void QuicCryptoClientStream::OnHandshakeMessage( DoHandshakeLoop(&message); } -void QuicCryptoClientStream::CryptoConnect() { +bool QuicCryptoClientStream::CryptoConnect() { next_state_ = STATE_INITIALIZE; DoHandshakeLoop(nullptr); + return session()->connection()->connected(); } int QuicCryptoClientStream::num_sent_client_hellos() const { @@ -322,7 +323,7 @@ void QuicCryptoClientStream::DoSendCHLO( out.set_minimum_size( static_cast<size_t>(max_packet_size - kFramingOverhead)); next_state_ = STATE_RECV_REJ; - CryptoUtils::HashHandshakeMessage(out, &chlo_hash_); + CryptoUtils::HashHandshakeMessage(out, &chlo_hash_, Perspective::IS_CLIENT); SendHandshakeMessage(out); return; } @@ -350,7 +351,7 @@ void QuicCryptoClientStream::DoSendCHLO( CloseConnectionWithDetails(error, error_details); return; } - CryptoUtils::HashHandshakeMessage(out, &chlo_hash_); + CryptoUtils::HashHandshakeMessage(out, &chlo_hash_, Perspective::IS_CLIENT); channel_id_sent_ = (channel_id_key_.get() != nullptr); if (cached->proof_verify_details()) { proof_handler_->OnProofVerifyDetailsAvailable( diff --git a/chromium/net/quic/core/quic_crypto_client_stream.h b/chromium/net/quic/core/quic_crypto_client_stream.h index 7327f311b72..2b7bd4a6246 100644 --- a/chromium/net/quic/core/quic_crypto_client_stream.h +++ b/chromium/net/quic/core/quic_crypto_client_stream.h @@ -30,8 +30,9 @@ class QUIC_EXPORT_PRIVATE QuicCryptoClientStreamBase : public QuicCryptoStream { ~QuicCryptoClientStreamBase() override{}; - // Performs a crypto handshake with the server. - virtual void CryptoConnect() = 0; + // Performs a crypto handshake with the server. Returns true if the connection + // is still connected. + virtual bool CryptoConnect() = 0; // num_sent_client_hellos returns the number of client hello messages that // have been sent. If the handshake has completed then this is one greater @@ -83,7 +84,7 @@ class QUIC_EXPORT_PRIVATE QuicCryptoClientStream ~QuicCryptoClientStream() override; // From QuicCryptoClientStreamBase - void CryptoConnect() override; + bool CryptoConnect() override; int num_sent_client_hellos() const override; int num_scup_messages_received() const override; diff --git a/chromium/net/quic/core/quic_crypto_client_stream_test.cc b/chromium/net/quic/core/quic_crypto_client_stream_test.cc index 571ca249c74..e0b99839fde 100644 --- a/chromium/net/quic/core/quic_crypto_client_stream_test.cc +++ b/chromium/net/quic/core/quic_crypto_client_stream_test.cc @@ -58,9 +58,10 @@ class QuicCryptoClientStreamTest : public ::testing::Test { stream(), server_options_); } - void ConstructHandshakeMessage() { + void ConstructHandshakeMessage(Perspective perspective) { CryptoFramer framer; - message_data_.reset(framer.ConstructHandshakeMessage(message_)); + message_data_.reset( + framer.ConstructHandshakeMessage(message_, perspective)); } QuicCryptoClientStream* stream() { return session_->GetCryptoStream(); } @@ -95,7 +96,7 @@ TEST_F(QuicCryptoClientStreamTest, MessageAfterHandshake) { *connection_, CloseConnection(QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE, _, _)); message_.set_tag(kCHLO); - ConstructHandshakeMessage(); + ConstructHandshakeMessage(Perspective::IS_CLIENT); stream()->OnStreamFrame(QuicStreamFrame(kCryptoStreamId, /*fin=*/false, /*offset=*/0, message_data_->AsStringPiece())); @@ -105,7 +106,7 @@ TEST_F(QuicCryptoClientStreamTest, BadMessageType) { stream()->CryptoConnect(); message_.set_tag(kCHLO); - ConstructHandshakeMessage(); + ConstructHandshakeMessage(Perspective::IS_CLIENT); EXPECT_CALL(*connection_, CloseConnection(QUIC_INVALID_CRYPTO_MESSAGE_TYPE, "Expected REJ", _)); @@ -216,8 +217,8 @@ TEST_F(QuicCryptoClientStreamTest, ServerConfigUpdate) { const uint64_t expiry_seconds = 60 * 60 * 24 * 2; server_config_update.SetValue(kSTTL, expiry_seconds); - std::unique_ptr<QuicData> data( - CryptoFramer::ConstructHandshakeMessage(server_config_update)); + std::unique_ptr<QuicData> data(CryptoFramer::ConstructHandshakeMessage( + server_config_update, Perspective::IS_SERVER)); stream()->OnStreamFrame(QuicStreamFrame(kCryptoStreamId, /*fin=*/false, /*offset=*/0, data->AsStringPiece())); @@ -230,10 +231,8 @@ TEST_F(QuicCryptoClientStreamTest, ServerConfigUpdate) { reinterpret_cast<char*>(scfg), arraysize(scfg)); QuicStreamSequencer* sequencer = QuicStreamPeer::sequencer(stream()); - EXPECT_NE( - FLAGS_quic_reloadable_flag_quic_release_crypto_stream_buffer && - FLAGS_quic_reloadable_flag_quic_reduce_sequencer_buffer_memory_life_time, // NOLINT - QuicStreamSequencerPeer::IsUnderlyingBufferAllocated(sequencer)); + EXPECT_NE(FLAGS_quic_reloadable_flag_quic_release_crypto_stream_buffer, + QuicStreamSequencerPeer::IsUnderlyingBufferAllocated(sequencer)); } TEST_F(QuicCryptoClientStreamTest, ServerConfigUpdateWithCert) { @@ -279,8 +278,8 @@ TEST_F(QuicCryptoClientStreamTest, ServerConfigUpdateWithCert) { new Callback(&ok, &server_config_update))); EXPECT_TRUE(ok); - std::unique_ptr<QuicData> data( - CryptoFramer::ConstructHandshakeMessage(server_config_update)); + std::unique_ptr<QuicData> data(CryptoFramer::ConstructHandshakeMessage( + server_config_update, Perspective::IS_SERVER)); stream()->OnStreamFrame(QuicStreamFrame(kCryptoStreamId, /*fin=*/false, /*offset=*/0, data->AsStringPiece())); @@ -297,8 +296,8 @@ TEST_F(QuicCryptoClientStreamTest, ServerConfigUpdateBeforeHandshake) { CloseConnection(QUIC_CRYPTO_UPDATE_BEFORE_HANDSHAKE_COMPLETE, _, _)); CryptoHandshakeMessage server_config_update; server_config_update.set_tag(kSCUP); - std::unique_ptr<QuicData> data( - CryptoFramer::ConstructHandshakeMessage(server_config_update)); + std::unique_ptr<QuicData> data(CryptoFramer::ConstructHandshakeMessage( + server_config_update, Perspective::IS_SERVER)); stream()->OnStreamFrame(QuicStreamFrame(kCryptoStreamId, /*fin=*/false, /*offset=*/0, data->AsStringPiece())); } diff --git a/chromium/net/quic/core/quic_crypto_framer_parse_message_fuzzer.cc b/chromium/net/quic/core/quic_crypto_framer_parse_message_fuzzer.cc index 811c0598cc4..3c435f4a82a 100644 --- a/chromium/net/quic/core/quic_crypto_framer_parse_message_fuzzer.cc +++ b/chromium/net/quic/core/quic_crypto_framer_parse_message_fuzzer.cc @@ -5,14 +5,15 @@ #include <stddef.h> #include <stdint.h> -#include "base/strings/string_piece.h" #include "net/quic/core/crypto/crypto_framer.h" +#include "net/quic/platform/api/quic_string_piece.h" // Entry point for LibFuzzer. extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - base::StringPiece crypto_input(reinterpret_cast<const char*>(data), size); + net::QuicStringPiece crypto_input(reinterpret_cast<const char*>(data), size); std::unique_ptr<net::CryptoHandshakeMessage> handshake_message( - net::CryptoFramer::ParseMessage(crypto_input)); + net::CryptoFramer::ParseMessage(crypto_input, + net::Perspective::IS_CLIENT)); return 0; } diff --git a/chromium/net/quic/core/quic_crypto_server_stream.cc b/chromium/net/quic/core/quic_crypto_server_stream.cc index 613692a7650..49594d6781d 100644 --- a/chromium/net/quic/core/quic_crypto_server_stream.cc +++ b/chromium/net/quic/core/quic_crypto_server_stream.cc @@ -16,10 +16,10 @@ #include "net/quic/core/quic_packets.h" #include "net/quic/core/quic_session.h" #include "net/quic/platform/api/quic_logging.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/api/quic_text_utils.h" #include "third_party/boringssl/src/include/openssl/sha.h" -using base::StringPiece; using std::string; namespace net { @@ -43,13 +43,6 @@ class QuicCryptoServerStream::ProcessClientHelloCallback return; } - // Note: set the parent's callback to nullptr here because - // FinishProcessingHandshakeMessageAfterProcessClientHello can be invoked - // from either synchronous or asynchronous codepaths. When the synchronous - // codepaths are removed, this assignment should move to - // FinishProcessingHandshakeMessageAfterProcessClientHello. - stream_->process_client_hello_cb_ = nullptr; - stream_->FinishProcessingHandshakeMessageAfterProcessClientHello( *result_, error, error_details, std::move(message), std::move(diversification_nonce), std::move(proof_source_details)); @@ -96,7 +89,6 @@ QuicCryptoServerStream::QuicCryptoServerStream( crypto_config_(crypto_config), compressed_certs_cache_(compressed_certs_cache), signed_config_(new QuicSignedServerConfig), - validate_client_hello_cb_(nullptr), helper_(helper), num_handshake_messages_(0), num_handshake_messages_with_server_nonces_(0), @@ -106,6 +98,7 @@ QuicCryptoServerStream::QuicCryptoServerStream( use_stateless_rejects_if_peer_supported), peer_supports_stateless_rejects_(false), chlo_packet_size_(0), + validate_client_hello_cb_(nullptr), process_client_hello_cb_(nullptr) { DCHECK_EQ(Perspective::IS_SERVER, session->connection()->perspective()); } @@ -149,7 +142,9 @@ void QuicCryptoServerStream::OnHandshakeMessage( return; } - if (validate_client_hello_cb_ != nullptr) { + if (validate_client_hello_cb_ != nullptr || + (base::GetFlag(FLAGS_quic_reloadable_flag_fix_quic_callback_crash) && + process_client_hello_cb_ != nullptr)) { // Already processing some other handshake message. The protocol // does not allow for clients to send multiple handshake messages // before the server has a chance to respond. @@ -159,9 +154,12 @@ void QuicCryptoServerStream::OnHandshakeMessage( return; } - CryptoUtils::HashHandshakeMessage(message, &chlo_hash_); + CryptoUtils::HashHandshakeMessage(message, &chlo_hash_, + Perspective::IS_SERVER); std::unique_ptr<ValidateCallback> cb(new ValidateCallback(this)); + DCHECK(validate_client_hello_cb_ == nullptr); + DCHECK(process_client_hello_cb_ == nullptr); validate_client_hello_cb_ = cb.get(); crypto_config_->ValidateClientHello( message, session()->connection()->peer_address().host(), @@ -177,6 +175,7 @@ void QuicCryptoServerStream::FinishProcessingHandshakeMessage( // Clear the callback that got us here. DCHECK(validate_client_hello_cb_ != nullptr); + DCHECK(process_client_hello_cb_ == nullptr); validate_client_hello_cb_ = nullptr; if (use_stateless_rejects_if_peer_supported_) { @@ -197,6 +196,11 @@ void QuicCryptoServerStream:: std::unique_ptr<CryptoHandshakeMessage> reply, std::unique_ptr<DiversificationNonce> diversification_nonce, std::unique_ptr<ProofSource::Details> proof_source_details) { + // Clear the callback that got us here. + DCHECK(process_client_hello_cb_ != nullptr); + DCHECK(validate_client_hello_cb_ == nullptr); + process_client_hello_cb_ = nullptr; + const CryptoHandshakeMessage& message = result.client_hello; if (error != QUIC_NO_ERROR) { CloseConnectionWithDetails(error, error_details); @@ -338,9 +342,10 @@ void QuicCryptoServerStream::FinishSendServerConfigUpdate( } QUIC_DVLOG(1) << "Server: Sending server config update: " - << message.DebugString(); - const QuicData& data = message.GetSerialized(); - WriteOrBufferData(StringPiece(data.data(), data.length()), false, nullptr); + << message.DebugString(Perspective::IS_SERVER); + const QuicData& data = message.GetSerialized(Perspective::IS_SERVER); + WriteOrBufferData(QuicStringPiece(data.data(), data.length()), false, + nullptr); ++num_server_config_update_messages_sent_; } diff --git a/chromium/net/quic/core/quic_crypto_server_stream.h b/chromium/net/quic/core/quic_crypto_server_stream.h index 893fbe976f9..4701be7a25a 100644 --- a/chromium/net/quic/core/quic_crypto_server_stream.h +++ b/chromium/net/quic/core/quic_crypto_server_stream.h @@ -221,12 +221,6 @@ class QUIC_EXPORT_PRIVATE QuicCryptoServerStream // server config update messages. std::string chlo_hash_; - // Pointer to the active callback that will receive the result of - // the client hello validation request and forward it to - // FinishProcessingHandshakeMessage for processing. nullptr if no - // handshake message is being validated. - ValidateCallback* validate_client_hello_cb_; - // Pointer to the helper for this crypto stream. Must outlive this stream. Helper* helper_; @@ -269,9 +263,16 @@ class QUIC_EXPORT_PRIVATE QuicCryptoServerStream // Size of the packet containing the most recently received CHLO. QuicByteCount chlo_packet_size_; + // Pointer to the active callback that will receive the result of the client + // hello validation request and forward it to FinishProcessingHandshakeMessage + // for processing. nullptr if no handshake message is being validated. Note + // that this field is mutually exclusive with process_client_hello_cb_. + ValidateCallback* validate_client_hello_cb_; + // Pointer to the active callback which will receive the results of // ProcessClientHello and forward it to - // FinishProcessingHandshakeMessageAfterProcessClientHello. + // FinishProcessingHandshakeMessageAfterProcessClientHello. Note that this + // field is mutually exclusive with validate_client_hello_cb_. ProcessClientHelloCallback* process_client_hello_cb_; DISALLOW_COPY_AND_ASSIGN(QuicCryptoServerStream); diff --git a/chromium/net/quic/core/quic_crypto_server_stream_test.cc b/chromium/net/quic/core/quic_crypto_server_stream_test.cc index d7330b0806c..ad3c54e530f 100644 --- a/chromium/net/quic/core/quic_crypto_server_stream_test.cc +++ b/chromium/net/quic/core/quic_crypto_server_stream_test.cc @@ -26,6 +26,7 @@ #include "net/quic/platform/api/quic_socket_address.h" #include "net/quic/test_tools/crypto_test_utils.h" #include "net/quic/test_tools/failing_proof_source.h" +#include "net/quic/test_tools/fake_proof_source.h" #include "net/quic/test_tools/quic_crypto_server_config_peer.h" #include "net/quic/test_tools/quic_test_utils.h" #include "testing/gmock/include/gmock/gmock.h" @@ -127,9 +128,10 @@ class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> { client_session_.reset(client_session); } - void ConstructHandshakeMessage() { + void ConstructHandshakeMessage(Perspective perspective) { CryptoFramer framer; - message_data_.reset(framer.ConstructHandshakeMessage(message_)); + message_data_.reset( + framer.ConstructHandshakeMessage(message_, perspective)); } int CompleteCryptoHandshake() { @@ -365,7 +367,7 @@ TEST_P(QuicCryptoServerStreamTest, MessageAfterHandshake) { *server_connection_, CloseConnection(QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE, _, _)); message_.set_tag(kCHLO); - ConstructHandshakeMessage(); + ConstructHandshakeMessage(Perspective::IS_CLIENT); server_stream()->OnStreamFrame( QuicStreamFrame(kCryptoStreamId, /*fin=*/false, /*offset=*/0, message_data_->AsStringPiece())); @@ -375,7 +377,7 @@ TEST_P(QuicCryptoServerStreamTest, BadMessageType) { Initialize(); message_.set_tag(kSHLO); - ConstructHandshakeMessage(); + ConstructHandshakeMessage(Perspective::IS_SERVER); EXPECT_CALL(*server_connection_, CloseConnection(QUIC_INVALID_CRYPTO_MESSAGE_TYPE, _, _)); server_stream()->OnStreamFrame( @@ -448,7 +450,7 @@ TEST_P(QuicCryptoServerStreamTest, SendSCUPAfterHandshakeComplete) { TEST_P(QuicCryptoServerStreamTest, DoesPeerSupportStatelessRejects) { Initialize(); - ConstructHandshakeMessage(); + ConstructHandshakeMessage(Perspective::IS_CLIENT); QuicConfig stateless_reject_config = DefaultQuicConfigStatelessRejects(); stateless_reject_config.ToHandshakeMessage(&message_); EXPECT_TRUE( @@ -505,6 +507,58 @@ TEST_P(QuicCryptoServerStreamTestWithFailingProofSource, Test) { EXPECT_FALSE(server_stream()->handshake_confirmed()); } +class QuicCryptoServerStreamTestWithFakeProofSource + : public QuicCryptoServerStreamTest { + public: + QuicCryptoServerStreamTestWithFakeProofSource() + : QuicCryptoServerStreamTest( + std::unique_ptr<FakeProofSource>(new FakeProofSource)), + crypto_config_peer_(&server_crypto_config_) {} + + FakeProofSource* GetFakeProofSource() const { + return static_cast<FakeProofSource*>(crypto_config_peer_.GetProofSource()); + } + + protected: + QuicCryptoServerConfigPeer crypto_config_peer_; +}; + +INSTANTIATE_TEST_CASE_P(YetMoreTests, + QuicCryptoServerStreamTestWithFakeProofSource, + testing::Bool()); + +// Regression test for b/35422225, in which multiple CHLOs arriving on the same +// connection in close succession could cause a crash, especially when the use +// of Mentat signing meant that it took a while for each CHLO to be processed. +TEST_P(QuicCryptoServerStreamTestWithFakeProofSource, MultipleChlo) { + Initialize(); + GetFakeProofSource()->Activate(); + base::SetFlag(&FLAGS_quic_reloadable_flag_fix_quic_callback_crash, true); + EXPECT_CALL(*server_session_->helper(), CanAcceptClientHello(_, _, _)) + .WillOnce(testing::Return(true)); + + // Create a minimal CHLO + MockClock clock; + QuicVersion version = AllSupportedVersions().front(); + CryptoHandshakeMessage chlo = crypto_test_utils::GenerateDefaultInchoateCHLO( + &clock, version, &server_crypto_config_); + + // Send in the CHLO, and check that a callback is now pending in the + // ProofSource. + server_stream()->OnHandshakeMessage(chlo); + EXPECT_EQ(GetFakeProofSource()->NumPendingCallbacks(), 1); + + // Send in a second CHLO while processing of the first is still pending. + // Verify that the server closes the connection rather than crashing. Note + // that the crash is a use-after-free, so it may only show up consistently in + // ASAN tests. + EXPECT_CALL( + *server_connection_, + CloseConnection(QUIC_CRYPTO_MESSAGE_WHILE_VALIDATING_CLIENT_HELLO, + "Unexpected handshake message while processing CHLO", _)); + server_stream()->OnHandshakeMessage(chlo); +} + } // namespace } // namespace test } // namespace net diff --git a/chromium/net/quic/core/quic_crypto_stream.cc b/chromium/net/quic/core/quic_crypto_stream.cc index 645d389e9f9..ee8660a8ce8 100644 --- a/chromium/net/quic/core/quic_crypto_stream.cc +++ b/chromium/net/quic/core/quic_crypto_stream.cc @@ -6,17 +6,16 @@ #include <string> -#include "base/strings/string_piece.h" #include "net/quic/core/crypto/crypto_handshake.h" #include "net/quic/core/crypto/crypto_utils.h" #include "net/quic/core/quic_connection.h" #include "net/quic/core/quic_flags.h" #include "net/quic/core/quic_session.h" #include "net/quic/core/quic_utils.h" +#include "net/quic/platform/api/quic_flag_utils.h" #include "net/quic/platform/api/quic_logging.h" using std::string; -using base::StringPiece; namespace net { @@ -53,7 +52,8 @@ void QuicCryptoStream::OnError(CryptoFramer* framer) { void QuicCryptoStream::OnHandshakeMessage( const CryptoHandshakeMessage& message) { - QUIC_DVLOG(1) << ENDPOINT << "Received " << message.DebugString(); + QUIC_DVLOG(1) << ENDPOINT << "Received " + << message.DebugString(session()->perspective()); session()->OnCryptoHandshakeMessageReceived(message); } @@ -64,8 +64,8 @@ void QuicCryptoStream::OnDataAvailable() { // No more data to read. break; } - StringPiece data(static_cast<char*>(iov.iov_base), iov.iov_len); - if (!crypto_framer_.ProcessInput(data)) { + QuicStringPiece data(static_cast<char*>(iov.iov_base), iov.iov_len); + if (!crypto_framer_.ProcessInput(data, session()->perspective())) { CloseConnectionWithDetails(crypto_framer_.error(), crypto_framer_.error_detail()); return; @@ -73,6 +73,7 @@ void QuicCryptoStream::OnDataAvailable() { sequencer()->MarkConsumed(iov.iov_len); if (handshake_confirmed_ && crypto_framer_.InputBytesRemaining() == 0 && FLAGS_quic_reloadable_flag_quic_release_crypto_stream_buffer) { + QUIC_FLAG_COUNT(quic_reloadable_flag_quic_release_crypto_stream_buffer); // If the handshake is complete and the current message has been fully // processed then no more handshake messages are likely to arrive soon // so release the memory in the stream sequencer. @@ -83,15 +84,17 @@ void QuicCryptoStream::OnDataAvailable() { void QuicCryptoStream::SendHandshakeMessage( const CryptoHandshakeMessage& message) { - QUIC_DVLOG(1) << ENDPOINT << "Sending " << message.DebugString(); + QUIC_DVLOG(1) << ENDPOINT << "Sending " + << message.DebugString(session()->perspective()); session()->connection()->NeuterUnencryptedPackets(); session()->OnCryptoHandshakeMessageSent(message); - const QuicData& data = message.GetSerialized(); - WriteOrBufferData(StringPiece(data.data(), data.length()), false, nullptr); + const QuicData& data = message.GetSerialized(session()->perspective()); + WriteOrBufferData(QuicStringPiece(data.data(), data.length()), false, + nullptr); } -bool QuicCryptoStream::ExportKeyingMaterial(StringPiece label, - StringPiece context, +bool QuicCryptoStream::ExportKeyingMaterial(QuicStringPiece label, + QuicStringPiece context, size_t result_len, string* result) const { if (!handshake_confirmed()) { diff --git a/chromium/net/quic/core/quic_crypto_stream.h b/chromium/net/quic/core/quic_crypto_stream.h index 32ed81a9326..a977242c162 100644 --- a/chromium/net/quic/core/quic_crypto_stream.h +++ b/chromium/net/quic/core/quic_crypto_stream.h @@ -14,6 +14,7 @@ #include "net/quic/core/quic_packets.h" #include "net/quic/core/quic_stream.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -57,8 +58,8 @@ class QUIC_EXPORT_PRIVATE QuicCryptoStream // dependent on |label|, |context|, and the stream's negotiated subkey secret. // Returns false if the handshake has not been confirmed or the parameters are // invalid (e.g. |label| contains null bytes); returns true on success. - bool ExportKeyingMaterial(base::StringPiece label, - base::StringPiece context, + bool ExportKeyingMaterial(QuicStringPiece label, + QuicStringPiece context, size_t result_len, std::string* result) const; diff --git a/chromium/net/quic/core/quic_crypto_stream_test.cc b/chromium/net/quic/core/quic_crypto_stream_test.cc index 16c6d84e08e..7457c0eec31 100644 --- a/chromium/net/quic/core/quic_crypto_stream_test.cc +++ b/chromium/net/quic/core/quic_crypto_stream_test.cc @@ -53,12 +53,13 @@ class QuicCryptoStreamTest : public ::testing::Test { message_.set_tag(kSHLO); message_.SetStringPiece(1, "abc"); message_.SetStringPiece(2, "def"); - ConstructHandshakeMessage(); + ConstructHandshakeMessage(Perspective::IS_SERVER); } - void ConstructHandshakeMessage() { + void ConstructHandshakeMessage(Perspective perspective) { CryptoFramer framer; - message_data_.reset(framer.ConstructHandshakeMessage(message_)); + message_data_.reset( + framer.ConstructHandshakeMessage(message_, perspective)); } protected: diff --git a/chromium/net/quic/core/quic_data_reader.cc b/chromium/net/quic/core/quic_data_reader.cc index 855c71ab73b..5f2c483338b 100644 --- a/chromium/net/quic/core/quic_data_reader.cc +++ b/chromium/net/quic/core/quic_data_reader.cc @@ -5,14 +5,22 @@ #include "net/quic/core/quic_data_reader.h" #include "net/base/int128.h" +#include "net/quic/core/quic_flags.h" #include "net/quic/core/quic_packets.h" - -using base::StringPiece; +#include "net/quic/platform/api/quic_endian.h" +#include "net/quic/platform/api/quic_logging.h" namespace net { -QuicDataReader::QuicDataReader(const char* data, const size_t len) - : data_(data), len_(len), pos_(0) {} +#define ENDPOINT \ + (perspective_ == Perspective::IS_SERVER ? "Server: " : "Client: ") + +QuicDataReader::QuicDataReader(const char* data, + const size_t len, + Perspective perspective) + : data_(data), len_(len), pos_(0), perspective_(perspective) { + QUIC_DVLOG(1) << ENDPOINT << "QuicDataReader"; +} bool QuicDataReader::ReadUInt16(uint16_t* result) { return ReadBytes(result, sizeof(*result)); @@ -59,7 +67,7 @@ bool QuicDataReader::ReadUFloat16(uint64_t* result) { return true; } -bool QuicDataReader::ReadStringPiece16(StringPiece* result) { +bool QuicDataReader::ReadStringPiece16(QuicStringPiece* result) { // Read resultant length. uint16_t result_len; if (!ReadUInt16(&result_len)) { @@ -70,7 +78,7 @@ bool QuicDataReader::ReadStringPiece16(StringPiece* result) { return ReadStringPiece(result, result_len); } -bool QuicDataReader::ReadStringPiece(StringPiece* result, size_t size) { +bool QuicDataReader::ReadStringPiece(QuicStringPiece* result, size_t size) { // Make sure that we have enough data to read. if (!CanRead(size)) { OnFailure(); @@ -78,7 +86,7 @@ bool QuicDataReader::ReadStringPiece(StringPiece* result, size_t size) { } // Set result. - *result = StringPiece(data_ + pos_, size); + *result = QuicStringPiece(data_ + pos_, size); // Iterate. pos_ += size; @@ -86,14 +94,30 @@ bool QuicDataReader::ReadStringPiece(StringPiece* result, size_t size) { return true; } -StringPiece QuicDataReader::ReadRemainingPayload() { - StringPiece payload = PeekRemainingPayload(); +bool QuicDataReader::ReadConnectionId(uint64_t* connection_id) { + if (!ReadUInt64(connection_id)) { + return false; + } + + if (FLAGS_quic_restart_flag_quic_big_endian_connection_id) { + *connection_id = QuicEndian::NetToHost64(*connection_id); + } + + return true; +} + +bool QuicDataReader::ReadTag(uint32_t* tag) { + return ReadBytes(tag, sizeof(*tag)); +} + +QuicStringPiece QuicDataReader::ReadRemainingPayload() { + QuicStringPiece payload = PeekRemainingPayload(); pos_ = len_; return payload; } -StringPiece QuicDataReader::PeekRemainingPayload() { - return StringPiece(data_ + pos_, len_ - pos_); +QuicStringPiece QuicDataReader::PeekRemainingPayload() { + return QuicStringPiece(data_ + pos_, len_ - pos_); } bool QuicDataReader::ReadBytes(void* result, size_t size) { diff --git a/chromium/net/quic/core/quic_data_reader.h b/chromium/net/quic/core/quic_data_reader.h index b1d8444e6f0..9507ec19bf4 100644 --- a/chromium/net/quic/core/quic_data_reader.h +++ b/chromium/net/quic/core/quic_data_reader.h @@ -9,9 +9,10 @@ #include <cstdint> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/base/int128.h" +#include "net/quic/core/quic_types.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -32,7 +33,7 @@ namespace net { class QUIC_EXPORT_PRIVATE QuicDataReader { public: // Caller must provide an underlying buffer to work on. - QuicDataReader(const char* data, const size_t len); + QuicDataReader(const char* data, const size_t len, Perspective perspective); // Empty destructor. ~QuicDataReader() {} @@ -64,29 +65,45 @@ class QUIC_EXPORT_PRIVATE QuicDataReader { // // Forwards the internal iterator on success. // Returns true on success, false otherwise. - bool ReadStringPiece16(base::StringPiece* result); + bool ReadStringPiece16(QuicStringPiece* result); // Reads a given number of bytes into the given buffer. The buffer // must be of adequate size. // Forwards the internal iterator on success. // Returns true on success, false otherwise. - bool ReadStringPiece(base::StringPiece* result, size_t len); + bool ReadStringPiece(QuicStringPiece* result, size_t len); - // Returns the remaining payload as a StringPiece. + // Reads connection ID represented as 64-bit unsigned integer into the given + // output parameter. + // Forwards the internal iterator on success. + // Returns true on success, false otherwise. + // TODO(fayang): Remove this method and use ReadUInt64() once deprecating + // quic_restart_flag_quic_rw_cid_in_big_endian and QuicDataReader has a mode + // indicating reading in little/big endian. + bool ReadConnectionId(uint64_t* connection_id); + + // Returns the remaining payload as a QuicStringPiece. + // Reads tag represented as 32-bit unsigned integer into given output + // parameter. Tags are in big endian on the wire (e.g., CHLO is + // 'C','H','L','O') and are read in byte order, so tags in memory are in big + // endian. + bool ReadTag(uint32_t* tag); + + // Returns the remaining payload as a QuicStringPiece. // // NOTE: Does not copy but rather references strings in the underlying buffer. // This should be kept in mind when handling memory management! // // Forwards the internal iterator. - base::StringPiece ReadRemainingPayload(); + QuicStringPiece ReadRemainingPayload(); - // Returns the remaining payload as a StringPiece. + // Returns the remaining payload as a QuicStringPiece. // // NOTE: Does not copy but rather references strings in the underlying buffer. // This should be kept in mind when handling memory management! // // DOES NOT forward the internal iterator. - base::StringPiece PeekRemainingPayload(); + QuicStringPiece PeekRemainingPayload(); // Reads a given number of bytes into the given buffer. The buffer // must be of adequate size. @@ -118,6 +135,11 @@ class QUIC_EXPORT_PRIVATE QuicDataReader { // The location of the next read from our data buffer. size_t pos_; + // Perspective of this data reader. Please note, although client and server + // may have different in-memory representation of the same field, the on wire + // representation must be consistent. + Perspective perspective_; + DISALLOW_COPY_AND_ASSIGN(QuicDataReader); }; diff --git a/chromium/net/quic/core/quic_data_writer.cc b/chromium/net/quic/core/quic_data_writer.cc index f890eb2393c..3ac6450ba00 100644 --- a/chromium/net/quic/core/quic_data_writer.cc +++ b/chromium/net/quic/core/quic_data_writer.cc @@ -7,12 +7,21 @@ #include <algorithm> #include <limits> -using base::StringPiece; +#include "net/quic/core/quic_flags.h" +#include "net/quic/platform/api/quic_endian.h" +#include "net/quic/platform/api/quic_logging.h" namespace net { -QuicDataWriter::QuicDataWriter(size_t size, char* buffer) - : buffer_(buffer), capacity_(size), length_(0) {} +#define ENDPOINT \ + (perspective_ == Perspective::IS_SERVER ? "Server: " : "Client: ") + +QuicDataWriter::QuicDataWriter(size_t size, + char* buffer, + Perspective perspective) + : buffer_(buffer), capacity_(size), length_(0), perspective_(perspective) { + QUIC_DVLOG(1) << ENDPOINT << "QuicDataReader"; +} QuicDataWriter::~QuicDataWriter() {} @@ -81,7 +90,7 @@ bool QuicDataWriter::WriteUFloat16(uint64_t value) { return WriteBytes(&result, sizeof(result)); } -bool QuicDataWriter::WriteStringPiece16(StringPiece val) { +bool QuicDataWriter::WriteStringPiece16(QuicStringPiece val) { if (val.size() > std::numeric_limits<uint16_t>::max()) { return false; } @@ -140,4 +149,16 @@ void QuicDataWriter::WritePadding() { length_ = capacity_; } +bool QuicDataWriter::WriteConnectionId(uint64_t connection_id) { + if (FLAGS_quic_restart_flag_quic_big_endian_connection_id) { + connection_id = QuicEndian::HostToNet64(connection_id); + } + + return WriteUInt64(connection_id); +} + +bool QuicDataWriter::WriteTag(uint32_t tag) { + return WriteBytes(&tag, sizeof(tag)); +} + } // namespace net diff --git a/chromium/net/quic/core/quic_data_writer.h b/chromium/net/quic/core/quic_data_writer.h index d1d511a3379..a7faca2ad45 100644 --- a/chromium/net/quic/core/quic_data_writer.h +++ b/chromium/net/quic/core/quic_data_writer.h @@ -10,10 +10,10 @@ #include <string> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/base/int128.h" #include "net/quic/core/quic_packets.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -25,7 +25,7 @@ namespace net { class QUIC_EXPORT_PRIVATE QuicDataWriter { public: // Creates a QuicDataWriter where |buffer| is not owned. - QuicDataWriter(size_t size, char* buffer); + QuicDataWriter(size_t size, char* buffer, Perspective perspective); ~QuicDataWriter(); @@ -47,12 +47,24 @@ class QUIC_EXPORT_PRIVATE QuicDataWriter { // clamped to the maximum representable (kUFloat16MaxValue). Values that can // not be represented directly are rounded down. bool WriteUFloat16(uint64_t value); - bool WriteStringPiece16(base::StringPiece val); + bool WriteStringPiece16(QuicStringPiece val); bool WriteBytes(const void* data, size_t data_len); bool WriteRepeatedByte(uint8_t byte, size_t count); // Fills the remaining buffer with null characters. void WritePadding(); + // Write connection ID as a 64-bit unsigned integer to the payload. + // TODO(fayang): Remove this method and use WriteUInt64() once deprecating + // quic_restart_flag_quic_rw_cid_in_big_endian and QuicDataWriter has a mode + // indicating writing in little/big endian. + bool WriteConnectionId(uint64_t connection_id); + + // Write tag as a 32-bit unsigned integer to the payload. As tags are already + // converted to big endian (e.g., CHLO is 'C','H','L','O') in memory by TAG or + // MakeQuicTag and tags are written in byte order, so tags on the wire are + // in big endian. + bool WriteTag(uint32_t tag); + size_t capacity() const { return capacity_; } private: @@ -65,6 +77,11 @@ class QUIC_EXPORT_PRIVATE QuicDataWriter { size_t capacity_; // Allocation size of payload (or -1 if buffer is const). size_t length_; // Current length of the buffer. + // Perspective of this data writer. Please note, although client and server + // may have different in-memory representation of the same field, the on wire + // representation must be consistent. + Perspective perspective_; + DISALLOW_COPY_AND_ASSIGN(QuicDataWriter); }; diff --git a/chromium/net/quic/core/quic_data_writer_test.cc b/chromium/net/quic/core/quic_data_writer_test.cc index fcd1a577e6e..bc1d0ad262c 100644 --- a/chromium/net/quic/core/quic_data_writer_test.cc +++ b/chromium/net/quic/core/quic_data_writer_test.cc @@ -7,13 +7,17 @@ #include <cstdint> #include "net/quic/core/quic_data_reader.h" +#include "net/quic/core/quic_flags.h" +#include "net/quic/test_tools/quic_test_utils.h" #include "testing/gtest/include/gtest/gtest.h" namespace net { namespace test { namespace { -TEST(QuicDataWriterTest, SanityCheckUFloat16Consts) { +class QuicDataWriterTest : public ::testing::TestWithParam<Perspective> {}; + +TEST_P(QuicDataWriterTest, SanityCheckUFloat16Consts) { // Check the arithmetic on the constants - otherwise the values below make // no sense. EXPECT_EQ(30, kUFloat16MaxExponent); @@ -22,7 +26,7 @@ TEST(QuicDataWriterTest, SanityCheckUFloat16Consts) { EXPECT_EQ(UINT64_C(0x3FFC0000000), kUFloat16MaxValue); } -TEST(QuicDataWriterTest, WriteUFloat16) { +TEST_P(QuicDataWriterTest, WriteUFloat16) { struct TestCase { uint64_t decoded; uint16_t encoded; @@ -94,14 +98,14 @@ TEST(QuicDataWriterTest, WriteUFloat16) { for (int i = 0; i < num_test_cases; ++i) { char buffer[2]; - QuicDataWriter writer(2, buffer); + QuicDataWriter writer(2, buffer, GetParam()); EXPECT_TRUE(writer.WriteUFloat16(test_cases[i].decoded)); EXPECT_EQ(test_cases[i].encoded, *reinterpret_cast<uint16_t*>(writer.data())); } } -TEST(QuicDataWriterTest, ReadUFloat16) { +TEST_P(QuicDataWriterTest, ReadUFloat16) { struct TestCase { uint64_t decoded; uint16_t encoded; @@ -154,19 +158,20 @@ TEST(QuicDataWriterTest, ReadUFloat16) { int num_test_cases = sizeof(test_cases) / sizeof(test_cases[0]); for (int i = 0; i < num_test_cases; ++i) { - QuicDataReader reader(reinterpret_cast<char*>(&test_cases[i].encoded), 2); + QuicDataReader reader(reinterpret_cast<char*>(&test_cases[i].encoded), 2, + GetParam()); uint64_t value; EXPECT_TRUE(reader.ReadUFloat16(&value)); EXPECT_EQ(test_cases[i].decoded, value); } } -TEST(QuicDataWriterTest, RoundTripUFloat16) { +TEST_P(QuicDataWriterTest, RoundTripUFloat16) { // Just test all 16-bit encoded values. 0 and max already tested above. uint64_t previous_value = 0; for (uint16_t i = 1; i < 0xFFFF; ++i) { // Read the two bytes. - QuicDataReader reader(reinterpret_cast<char*>(&i), 2); + QuicDataReader reader(reinterpret_cast<char*>(&i), 2, GetParam()); uint64_t value; // All values must be decodable. EXPECT_TRUE(reader.ReadUFloat16(&value)); @@ -182,7 +187,7 @@ TEST(QuicDataWriterTest, RoundTripUFloat16) { EXPECT_LT(value, UINT64_C(0x3FFC0000000)); previous_value = value; char buffer[6]; - QuicDataWriter writer(6, buffer); + QuicDataWriter writer(6, buffer, GetParam()); EXPECT_TRUE(writer.WriteUFloat16(value - 1)); EXPECT_TRUE(writer.WriteUFloat16(value)); EXPECT_TRUE(writer.WriteUFloat16(value + 1)); @@ -196,6 +201,47 @@ TEST(QuicDataWriterTest, RoundTripUFloat16) { } } +TEST_P(QuicDataWriterTest, WriteConnectionId) { + uint64_t connection_id = 0x0011223344556677; + char little_endian[] = { + 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00, + }; + char big_endian[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + }; + const int kBufferLength = sizeof(connection_id); + char buffer[kBufferLength]; + QuicDataWriter writer(kBufferLength, buffer, GetParam()); + writer.WriteConnectionId(connection_id); + test::CompareCharArraysWithHexError( + "connection_id", buffer, kBufferLength, + FLAGS_quic_restart_flag_quic_big_endian_connection_id ? big_endian + : little_endian, + kBufferLength); + + uint64_t read_connection_id; + QuicDataReader reader(buffer, kBufferLength, GetParam()); + reader.ReadConnectionId(&read_connection_id); + EXPECT_EQ(connection_id, read_connection_id); +} + +TEST_P(QuicDataWriterTest, WriteTag) { + char CHLO[] = { + 'C', 'H', 'L', 'O', + }; + const int kBufferLength = sizeof(QuicTag); + char buffer[kBufferLength]; + QuicDataWriter writer(kBufferLength, buffer, GetParam()); + writer.WriteTag(kCHLO); + test::CompareCharArraysWithHexError("CHLO", buffer, kBufferLength, CHLO, + kBufferLength); + + QuicTag read_chlo; + QuicDataReader reader(buffer, kBufferLength, GetParam()); + reader.ReadTag(&read_chlo); + EXPECT_EQ(kCHLO, read_chlo); +} + } // namespace } // namespace test } // namespace net diff --git a/chromium/net/quic/core/quic_error_codes.cc b/chromium/net/quic/core/quic_error_codes.cc index fa360963b69..ca87175ad91 100644 --- a/chromium/net/quic/core/quic_error_codes.cc +++ b/chromium/net/quic/core/quic_error_codes.cc @@ -94,6 +94,7 @@ const char* QuicErrorCodeToString(QuicErrorCode error) { RETURN_STRING_LITERAL(QUIC_PACKET_READ_ERROR); RETURN_STRING_LITERAL(QUIC_EMPTY_STREAM_FRAME_NO_FIN); RETURN_STRING_LITERAL(QUIC_INVALID_HEADERS_STREAM_DATA); + RETURN_STRING_LITERAL(QUIC_HEADERS_STREAM_DATA_DECOMPRESS_FAILURE); RETURN_STRING_LITERAL(QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA); RETURN_STRING_LITERAL(QUIC_FLOW_CONTROL_SENT_TOO_MUCH_DATA); RETURN_STRING_LITERAL(QUIC_FLOW_CONTROL_INVALID_WINDOW); diff --git a/chromium/net/quic/core/quic_error_codes.h b/chromium/net/quic/core/quic_error_codes.h index 05124be0064..38750a587bc 100644 --- a/chromium/net/quic/core/quic_error_codes.h +++ b/chromium/net/quic/core/quic_error_codes.h @@ -153,6 +153,9 @@ enum QuicErrorCode { QUIC_EMPTY_STREAM_FRAME_NO_FIN = 50, // We received invalid data on the headers stream. QUIC_INVALID_HEADERS_STREAM_DATA = 56, + // Invalid data on the headers stream received because of decompression + // failure. + QUIC_HEADERS_STREAM_DATA_DECOMPRESS_FAILURE = 97, // The peer received too much data, violating flow control. QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA = 59, // The peer sent too much data, violating flow control. @@ -273,7 +276,7 @@ enum QuicErrorCode { QUIC_TOO_MANY_SESSIONS_ON_SERVER = 96, // No error. Used as bound while iterating. - QUIC_LAST_ERROR = 97, + QUIC_LAST_ERROR = 98, }; // QuicErrorCodes is encoded as a single octet on-the-wire. static_assert(static_cast<int>(QUIC_LAST_ERROR) <= diff --git a/chromium/net/quic/core/quic_flags_list.h b/chromium/net/quic/core/quic_flags_list.h index 8d28400385c..3924bc839a1 100644 --- a/chromium/net/quic/core/quic_flags_list.h +++ b/chromium/net/quic/core/quic_flags_list.h @@ -76,30 +76,12 @@ QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_enable_server_push_by_default, true) -// Allow large send deltas to be used as RTT samples. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_allow_large_send_deltas, true) - // If true, release QuicCryptoStream\'s read buffer when stream are less // frequently used. QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_release_crypto_stream_buffer, true) -// Use a more conservative backoff of 2x instead of 1.5x for handshake -// retransmissions, as well as a larger minimum. -QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_conservative_handshake_retransmits, - false) - -// If true, buffer packets while parsing public headers instead of parsing down -// if CHLO is already buffered. -QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_buffer_packets_after_chlo, - false) - -// If true, enable the Lazy FACK style loss detection in QUIC. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_enable_lazy_fack, true) - // If true, do not override a connection in global map if exists. Only create // QUIC session if it is successfully inserted to the global map. Toss the // packet if insertion fails. @@ -117,18 +99,6 @@ QUIC_FLAG( // public flag. QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_remove_v33_hacks2, false) -// If true, limits QUIC uncompressed headers to 16K. -QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_limit_uncompressed_headers, - false) - -// If true, release headers stream\'s sequencer buffer when there is no active -// stream. -QUIC_FLAG( - bool, - FLAGS_quic_reloadable_flag_quic_headers_stream_release_sequencer_buffer, - true) - // Enable QUIC force HOL blocking experiment. QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_enable_force_hol_blocking, true) @@ -136,10 +106,6 @@ QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_enable_force_hol_blocking, true) // allow CHLO packets to be buffered until next iteration of the event loop. QUIC_FLAG(bool, FLAGS_quic_allow_chlo_buffering, true) -// Add a new client connection options field to QuicOptions which is only used -// to configure client side features, such as congestion control. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_client_connection_options, true) - // If true, fix some casts that were causing off-by-one errors in QUIC's cubic // "convex" increases. QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_fix_cubic_convex_mode, false) @@ -153,17 +119,6 @@ QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_fix_cubic_bytes_quantization, false) -// If true, QUIC cubic code will use the event time when adjusting CWND after an -// ACK instead of the clock\'s current approximate time. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_use_event_time, true) - -// If true, lazy allocate and early release memeory used in -// QuicStreamSequencerBuffer to buffer incoming data. -QUIC_FLAG( - bool, - FLAGS_quic_reloadable_flag_quic_reduce_sequencer_buffer_memory_life_time, - true) - // If true, Makes GFE respect the connection options for initial flow control // window larger than 32 KB. QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_large_ifw_options, true) @@ -177,15 +132,12 @@ QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_enable_version_37, true) // If true, disables QUIC v34. QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_disable_version_34, true) -// Allow quic to properly support proxying 100 Continue responses. -QUIC_FLAG(bool, FLAGS_quic_restart_flag_quic_supports_100_continue, false) - // If true, enable quic version 38 QUIC_FLAG(bool, FLAGS_quic_enable_version_38, false) // When true, ensures the session's flow control window is always at least 1.5x // larger than the largest stream flow control window. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_flow_control_invariant, false) +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_flow_control_invariant, true) // If greater than zero, mean RTT variation is multiplied by the specified // factor and added to the congestion window limit. @@ -198,3 +150,56 @@ QUIC_FLAG(double, FLAGS_quic_bbr_cwnd_gain, 2.0f) QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_always_enable_bidi_streaming, false) + +// If true, allows the 1RTT and 2RTT connection options to reduce the time +// in BBR STARTUP to 1 or 2 RTTs with no bandwidth increase from 3. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_allow_2_rtt_bbr_startup, false) + +// If true, do not send or process stop waiting frames in QUIC if the NSTP +// connection option is provided. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_no_stop_waiting_frames, false) + +// Allows one self address change. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_allow_one_address_change, false) + +// If true, no longer send or process the SRBF value in QuicConfig. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_no_socket_receive_buffer, false) + +// If true, multipath bit is not used in public flag. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_remove_multipath_bit, false) + +// Allow QUIC's flow control autotuning to increase the window as +// quickly for the first adjustment as in subsequent ones. +QUIC_FLAG(bool, + FLAGS_quic_reloadable_flag_quic_flow_control_faster_autotune, + false) + +// Only consider using the ack spacing in QUIC BBR if 2 packets are acked at +// once. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_bbr_ack_spacing2, false) + +// If true, 8-byte connection ID in public header is read and written in big +// endian. +QUIC_FLAG(bool, FLAGS_quic_restart_flag_quic_big_endian_connection_id, false) + +// If true, QUIC BBR stores a max filtered number of bytes delivered at a rate +// faster than the sending rate. +QUIC_FLAG(bool, + FLAGS_quic_reloadable_flag_quic_bbr_ack_aggregation_bytes, + false) + +// If true, allow cubic updates on every ack, rather than occasionally limiting +// the frequency to once every 30ms. +QUIC_FLAG(bool, + FLAGS_quic_reloadable_flag_quic_enable_cubic_per_ack_updates, + false) + +// Support bandwidth resumption in QUIC BBR. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_bbr_bandwidth_resumption, false) + +// Add the equivalent number of bytes as 3 TCP TSO segments to QUIC's BBR CWND. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_bbr_add_tso_cwnd, false) + +// Fix a crash that occurs when a client sends multiple CHLOs close together on +// the same connection. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_fix_quic_callback_crash, true) diff --git a/chromium/net/quic/core/quic_flow_controller.cc b/chromium/net/quic/core/quic_flow_controller.cc index d519032aa22..1c27276a1cd 100644 --- a/chromium/net/quic/core/quic_flow_controller.cc +++ b/chromium/net/quic/core/quic_flow_controller.cc @@ -7,8 +7,10 @@ #include <cstdint> #include "net/quic/core/quic_connection.h" +#include "net/quic/core/quic_flags.h" #include "net/quic/core/quic_packets.h" #include "net/quic/platform/api/quic_bug_tracker.h" +#include "net/quic/platform/api/quic_flag_utils.h" #include "net/quic/platform/api/quic_logging.h" #include "net/quic/platform/api/quic_str_cat.h" @@ -184,6 +186,14 @@ void QuicFlowController::MaybeSendWindowUpdate() { QuicStreamOffset available_window = receive_window_offset_ - bytes_consumed_; QuicByteCount threshold = WindowUpdateThreshold(); + if (FLAGS_quic_reloadable_flag_quic_flow_control_faster_autotune && + !prev_window_update_time_.IsInitialized()) { + QUIC_FLAG_COUNT(quic_reloadable_flag_quic_flow_control_faster_autotune); + // Treat the initial window as if it is a window update, so if 1/2 the + // window is used in less than 2 RTTs, the window is increased. + prev_window_update_time_ = connection_->clock()->ApproximateNow(); + } + if (available_window >= threshold) { QUIC_DVLOG(1) << ENDPOINT << "Not sending WindowUpdate for stream " << id_ << ", available window: " << available_window diff --git a/chromium/net/quic/core/quic_flow_controller_test.cc b/chromium/net/quic/core/quic_flow_controller_test.cc index 9e8eb45b36f..ee80f755f6e 100644 --- a/chromium/net/quic/core/quic_flow_controller_test.cc +++ b/chromium/net/quic/core/quic_flow_controller_test.cc @@ -38,7 +38,9 @@ class QuicFlowControllerTest : public ::testing::Test { : stream_id_(1234), send_window_(kInitialSessionFlowControlWindowForTest), receive_window_(kInitialSessionFlowControlWindowForTest), - connection_(&helper_, &alarm_factory_, Perspective::IS_CLIENT) {} + connection_(&helper_, &alarm_factory_, Perspective::IS_CLIENT) { + FLAGS_quic_reloadable_flag_quic_flow_control_faster_autotune = true; + } void Initialize() { flow_controller_.reset(new QuicFlowController( @@ -55,6 +57,7 @@ class QuicFlowControllerTest : public ::testing::Test { MockAlarmFactory alarm_factory_; MockQuicConnection connection_; MockFlowController session_flow_controller_; + QuicFlagSaver flag_saver_; }; TEST_F(QuicFlowControllerTest, SendingBytes) { @@ -165,7 +168,13 @@ TEST_F(QuicFlowControllerTest, OnlySendBlockedFrameOncePerOffset) { TEST_F(QuicFlowControllerTest, ReceivingBytesFastIncreasesFlowWindow) { // This test will generate two WINDOW_UPDATE frames. - EXPECT_CALL(connection_, SendWindowUpdate(stream_id_, ::testing::_)).Times(2); + if (FLAGS_quic_reloadable_flag_quic_flow_control_faster_autotune) { + EXPECT_CALL(connection_, SendWindowUpdate(stream_id_, ::testing::_)) + .Times(1); + } else { + EXPECT_CALL(connection_, SendWindowUpdate(stream_id_, ::testing::_)) + .Times(2); + } Initialize(); flow_controller_->set_auto_tune_receive_window(true); @@ -195,20 +204,32 @@ TEST_F(QuicFlowControllerTest, ReceivingBytesFastIncreasesFlowWindow) { EXPECT_FALSE(flow_controller_->FlowControlViolation()); EXPECT_EQ(kInitialSessionFlowControlWindowForTest - receive_offset, QuicFlowControllerPeer::ReceiveWindowSize(flow_controller_.get())); + if (FLAGS_quic_reloadable_flag_quic_flow_control_faster_autotune) { + EXPECT_CALL( + session_flow_controller_, + EnsureWindowAtLeast(kInitialSessionFlowControlWindowForTest * 2 * 1.5)); + } // Consume enough bytes to send a WINDOW_UPDATE frame. flow_controller_->AddBytesConsumed(threshold + 1); // Result is that once again we have a fully open receive window. EXPECT_FALSE(flow_controller_->FlowControlViolation()); - EXPECT_EQ(kInitialSessionFlowControlWindowForTest, - QuicFlowControllerPeer::ReceiveWindowSize(flow_controller_.get())); - - // Move time forward, but by less than two RTTs. Then receive and consume - // some more, forcing a second WINDOW_UPDATE with an increased max window - // size. - EXPECT_CALL( - session_flow_controller_, - EnsureWindowAtLeast(kInitialSessionFlowControlWindowForTest * 2 * 1.5)); + if (FLAGS_quic_reloadable_flag_quic_flow_control_faster_autotune) { + EXPECT_EQ( + 2 * kInitialSessionFlowControlWindowForTest, + QuicFlowControllerPeer::ReceiveWindowSize(flow_controller_.get())); + } else { + EXPECT_EQ( + kInitialSessionFlowControlWindowForTest, + QuicFlowControllerPeer::ReceiveWindowSize(flow_controller_.get())); + + // Move time forward, but by less than two RTTs. Then receive and consume + // some more, forcing a second WINDOW_UPDATE with an increased max window + // size. + EXPECT_CALL( + session_flow_controller_, + EnsureWindowAtLeast(kInitialSessionFlowControlWindowForTest * 2 * 1.5)); + } connection_.AdvanceTime(QuicTime::Delta::FromMilliseconds(2 * kRtt - 1)); receive_offset += threshold + 1; @@ -275,7 +296,13 @@ TEST_F(QuicFlowControllerTest, ReceivingBytesFastNoAutoTune) { TEST_F(QuicFlowControllerTest, ReceivingBytesNormalStableFlowWindow) { // This test will generate two WINDOW_UPDATE frames. - EXPECT_CALL(connection_, SendWindowUpdate(stream_id_, ::testing::_)).Times(2); + if (FLAGS_quic_reloadable_flag_quic_flow_control_faster_autotune) { + EXPECT_CALL(connection_, SendWindowUpdate(stream_id_, ::testing::_)) + .Times(1); + } else { + EXPECT_CALL(connection_, SendWindowUpdate(stream_id_, ::testing::_)) + .Times(2); + } Initialize(); flow_controller_->set_auto_tune_receive_window(true); @@ -304,13 +331,24 @@ TEST_F(QuicFlowControllerTest, ReceivingBytesNormalStableFlowWindow) { EXPECT_FALSE(flow_controller_->FlowControlViolation()); EXPECT_EQ(kInitialSessionFlowControlWindowForTest - receive_offset, QuicFlowControllerPeer::ReceiveWindowSize(flow_controller_.get())); - + if (FLAGS_quic_reloadable_flag_quic_flow_control_faster_autotune) { + EXPECT_CALL( + session_flow_controller_, + EnsureWindowAtLeast(kInitialSessionFlowControlWindowForTest * 2 * 1.5)); + } flow_controller_->AddBytesConsumed(threshold + 1); // Result is that once again we have a fully open receive window. EXPECT_FALSE(flow_controller_->FlowControlViolation()); - EXPECT_EQ(kInitialSessionFlowControlWindowForTest, - QuicFlowControllerPeer::ReceiveWindowSize(flow_controller_.get())); + if (FLAGS_quic_reloadable_flag_quic_flow_control_faster_autotune) { + EXPECT_EQ( + 2 * kInitialSessionFlowControlWindowForTest, + QuicFlowControllerPeer::ReceiveWindowSize(flow_controller_.get())); + } else { + EXPECT_EQ( + kInitialSessionFlowControlWindowForTest, + QuicFlowControllerPeer::ReceiveWindowSize(flow_controller_.get())); + } // Move time forward, but by more than two RTTs. Then receive and consume // some more, forcing a second WINDOW_UPDATE with unchanged max window size. @@ -324,8 +362,11 @@ TEST_F(QuicFlowControllerTest, ReceivingBytesNormalStableFlowWindow) { QuicByteCount new_threshold = QuicFlowControllerPeer::WindowUpdateThreshold(flow_controller_.get()); - - EXPECT_EQ(new_threshold, threshold); + if (FLAGS_quic_reloadable_flag_quic_flow_control_faster_autotune) { + EXPECT_EQ(new_threshold, 2 * threshold); + } else { + EXPECT_EQ(new_threshold, threshold); + } } TEST_F(QuicFlowControllerTest, ReceivingBytesNormalNoAutoTune) { diff --git a/chromium/net/quic/core/quic_framer.cc b/chromium/net/quic/core/quic_framer.cc index e32db271348..fc8e239c1d4 100644 --- a/chromium/net/quic/core/quic_framer.cc +++ b/chromium/net/quic/core/quic_framer.cc @@ -22,11 +22,11 @@ #include "net/quic/core/quic_utils.h" #include "net/quic/platform/api/quic_aligned.h" #include "net/quic/platform/api/quic_bug_tracker.h" +#include "net/quic/platform/api/quic_flag_utils.h" #include "net/quic/platform/api/quic_logging.h" #include "net/quic/platform/api/quic_map_util.h" #include "net/quic/platform/api/quic_ptr_util.h" -using base::StringPiece; using std::string; namespace net { @@ -208,11 +208,6 @@ size_t QuicFramer::GetBlockedFrameSize() { } // static -size_t QuicFramer::GetPathCloseFrameSize() { - return kQuicFrameTypeSize + kQuicPathIdSize; -} - -// static size_t QuicFramer::GetStreamIdSize(QuicStreamId stream_id) { // Sizes are 1 through 4 bytes. for (int i = 1; i <= 4; ++i) { @@ -324,7 +319,7 @@ size_t QuicFramer::BuildDataPacket(const QuicPacketHeader& header, const QuicFrames& frames, char* buffer, size_t packet_length) { - QuicDataWriter writer(packet_length, buffer); + QuicDataWriter writer(packet_length, buffer, perspective_); if (!AppendPacketHeader(header, &writer)) { QUIC_BUG << "AppendPacketHeader failed"; return 0; @@ -399,12 +394,6 @@ size_t QuicFramer::BuildDataPacket(const QuicPacketHeader& header, return 0; } break; - case PATH_CLOSE_FRAME: - if (!AppendPathCloseFrame(*frame.path_close_frame, &writer)) { - QUIC_BUG << "AppendPathCloseFrame failed"; - return 0; - } - break; default: RaiseError(QUIC_INVALID_FRAME_DATA); QUIC_BUG << "QUIC_INVALID_FRAME_DATA"; @@ -437,12 +426,13 @@ std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildPublicResetPacket( } reset.SetStringPiece(kCADR, serialized_address); } - const QuicData& reset_serialized = reset.GetSerialized(); + const QuicData& reset_serialized = + reset.GetSerialized(Perspective::IS_SERVER); size_t len = kPublicFlagsSize + PACKET_8BYTE_CONNECTION_ID + reset_serialized.length(); std::unique_ptr<char[]> buffer(new char[len]); - QuicDataWriter writer(len, buffer.get()); + QuicDataWriter writer(len, buffer.get(), Perspective::IS_SERVER); uint8_t flags = static_cast<uint8_t>(PACKET_PUBLIC_FLAGS_RST | PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID); @@ -454,7 +444,7 @@ std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildPublicResetPacket( return nullptr; } - if (!writer.WriteUInt64(packet.public_header.connection_id)) { + if (!writer.WriteConnectionId(packet.public_header.connection_id)) { return nullptr; } @@ -472,7 +462,7 @@ std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildVersionNegotiationPacket( DCHECK(!versions.empty()); size_t len = GetVersionNegotiationPacketSize(versions.size()); std::unique_ptr<char[]> buffer(new char[len]); - QuicDataWriter writer(len, buffer.get()); + QuicDataWriter writer(len, buffer.get(), Perspective::IS_SERVER); uint8_t flags = static_cast<uint8_t>( PACKET_PUBLIC_FLAGS_VERSION | PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID | @@ -482,12 +472,12 @@ std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildVersionNegotiationPacket( return nullptr; } - if (!writer.WriteUInt64(connection_id)) { + if (!writer.WriteConnectionId(connection_id)) { return nullptr; } for (QuicVersion version : versions) { - if (!writer.WriteUInt32(QuicVersionToQuicTag(version))) { + if (!writer.WriteTag(QuicVersionToQuicTag(version))) { return nullptr; } } @@ -496,7 +486,7 @@ std::unique_ptr<QuicEncryptedPacket> QuicFramer::BuildVersionNegotiationPacket( } bool QuicFramer::ProcessPacket(const QuicEncryptedPacket& packet) { - QuicDataReader reader(packet.data(), packet.length()); + QuicDataReader reader(packet.data(), packet.length(), perspective_); visitor_->OnPacket(); @@ -551,7 +541,7 @@ bool QuicFramer::ProcessVersionNegotiationPacket( // Try reading at least once to raise error if the packet is invalid. do { QuicTag version; - if (!reader->ReadBytes(&version, kQuicVersionSize)) { + if (!reader->ReadTag(&version)) { set_detailed_error("Unable to read supported version in negotiation."); return RaiseError(QUIC_INVALID_VERSION_NEGOTIATION_PACKET); } @@ -584,7 +574,7 @@ bool QuicFramer::ProcessDataPacket(QuicDataReader* encrypted_reader, return RaiseError(QUIC_DECRYPTION_FAILURE); } - QuicDataReader reader(decrypted_buffer, decrypted_length); + QuicDataReader reader(decrypted_buffer, decrypted_length, perspective_); // Set the last packet number after we have decrypted the packet // so we are confident is not attacker controlled. @@ -620,7 +610,7 @@ bool QuicFramer::ProcessPublicResetPacket( QuicPublicResetPacket packet(public_header); std::unique_ptr<CryptoHandshakeMessage> reset( - CryptoFramer::ParseMessage(reader->ReadRemainingPayload())); + CryptoFramer::ParseMessage(reader->ReadRemainingPayload(), perspective_)); if (!reset.get()) { set_detailed_error("Unable to read reset message."); return RaiseError(QUIC_INVALID_PUBLIC_RST_PACKET); @@ -636,7 +626,7 @@ bool QuicFramer::ProcessPublicResetPacket( } // TODO(satyamshekhar): validate nonce to protect against DoS. - StringPiece address; + QuicStringPiece address; if (reset->GetStringPiece(kCADR, &address)) { QuicSocketAddressCoder address_coder; if (address_coder.Decode(address.data(), address.length())) { @@ -686,7 +676,7 @@ bool QuicFramer::AppendPacketHeader(const QuicPacketHeader& header, public_flags |= PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID_OLD; } if (!writer->WriteUInt8(public_flags) || - !writer->WriteUInt64(header.public_header.connection_id)) { + !writer->WriteConnectionId(header.public_header.connection_id)) { return false; } break; @@ -696,18 +686,13 @@ bool QuicFramer::AppendPacketHeader(const QuicPacketHeader& header, if (header.public_header.version_flag) { DCHECK_EQ(Perspective::IS_CLIENT, perspective_); QuicTag tag = QuicVersionToQuicTag(quic_version_); - if (!writer->WriteUInt32(tag)) { + if (!writer->WriteTag(tag)) { return false; } QUIC_DVLOG(1) << ENDPOINT << "version = " << quic_version_ << ", tag = '" << QuicTagToString(tag) << "'"; } - if (header.public_header.multipath_flag && - !writer->WriteUInt8(header.path_id)) { - return false; - } - if (header.public_header.nonce != nullptr && !writer->WriteBytes(header.public_header.nonce, kDiversificationNonceSize)) { @@ -790,7 +775,12 @@ bool QuicFramer::ProcessPublicHeader(QuicDataReader* reader, (public_flags & PACKET_PUBLIC_FLAGS_VERSION) != 0; if (validate_flags_ && !public_header->version_flag && - public_flags > PACKET_PUBLIC_FLAGS_MAX) { + public_flags > (FLAGS_quic_reloadable_flag_quic_remove_multipath_bit + ? PACKET_PUBLIC_FLAGS_MAX_WITHOUT_MULTIPATH_FLAG + : PACKET_PUBLIC_FLAGS_MAX)) { + if (FLAGS_quic_reloadable_flag_quic_remove_multipath_bit) { + QUIC_FLAG_COUNT_N(quic_reloadable_flag_quic_remove_multipath_bit, 1, 2); + } set_detailed_error("Illegal public flags value."); return false; } @@ -802,7 +792,7 @@ bool QuicFramer::ProcessPublicHeader(QuicDataReader* reader, switch (public_flags & PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID) { case PACKET_PUBLIC_FLAGS_8BYTE_CONNECTION_ID: - if (!reader->ReadUInt64(&public_header->connection_id)) { + if (!reader->ReadConnectionId(&public_header->connection_id)) { set_detailed_error("Unable to read ConnectionId."); return false; } @@ -821,7 +811,7 @@ bool QuicFramer::ProcessPublicHeader(QuicDataReader* reader, // version flag from the server means version negotiation packet. if (public_header->version_flag && perspective_ == Perspective::IS_SERVER) { QuicTag version_tag; - if (!reader->ReadUInt32(&version_tag)) { + if (!reader->ReadTag(&version_tag)) { set_detailed_error("Unable to read protocol version."); return false; } @@ -831,7 +821,13 @@ bool QuicFramer::ProcessPublicHeader(QuicDataReader* reader, // If not, this raises an error. last_version_tag_ = version_tag; QuicVersion version = QuicTagToQuicVersion(version_tag); - if (version == quic_version_ && public_flags > PACKET_PUBLIC_FLAGS_MAX) { + if (version == quic_version_ && + public_flags > (FLAGS_quic_reloadable_flag_quic_remove_multipath_bit + ? PACKET_PUBLIC_FLAGS_MAX_WITHOUT_MULTIPATH_FLAG + : PACKET_PUBLIC_FLAGS_MAX)) { + if (FLAGS_quic_reloadable_flag_quic_remove_multipath_bit) { + QUIC_FLAG_COUNT_N(quic_reloadable_flag_quic_remove_multipath_bit, 1, 2); + } set_detailed_error("Illegal public flags value."); return false; } @@ -924,13 +920,6 @@ QuicFramer::AckFrameInfo QuicFramer::GetAckFrameInfo( bool QuicFramer::ProcessUnauthenticatedHeader(QuicDataReader* encrypted_reader, QuicPacketHeader* header) { - header->path_id = kDefaultPathId; - if (header->public_header.multipath_flag && - !ProcessPathId(encrypted_reader, &header->path_id)) { - set_detailed_error("Unable to read path id."); - return RaiseError(QUIC_INVALID_PACKET_HEADER); - } - QuicPacketNumber base_packet_number = largest_packet_number_; if (!ProcessPacketSequenceNumber( @@ -953,14 +942,6 @@ bool QuicFramer::ProcessUnauthenticatedHeader(QuicDataReader* encrypted_reader, return true; } -bool QuicFramer::ProcessPathId(QuicDataReader* reader, QuicPathId* path_id) { - if (!reader->ReadBytes(path_id, 1)) { - return false; - } - - return true; -} - bool QuicFramer::ProcessPacketSequenceNumber( QuicDataReader* reader, QuicPacketNumberLength packet_number_length, @@ -1134,19 +1115,6 @@ bool QuicFramer::ProcessFrameData(QuicDataReader* reader, } continue; } - case PATH_CLOSE_FRAME: { - QuicPathCloseFrame path_close_frame; - if (!ProcessPathCloseFrame(reader, &path_close_frame)) { - return RaiseError(QUIC_INVALID_PATH_CLOSE_DATA); - } - if (!visitor_->OnPathCloseFrame(path_close_frame)) { - QUIC_DVLOG(1) << ENDPOINT - << "Visitor asked to stop further processing."; - // Returning true since there was no parsing error. - return true; - } - continue; - } default: set_detailed_error("Illegal frame type."); @@ -1195,8 +1163,8 @@ bool QuicFramer::ProcessStreamFrame(QuicDataReader* reader, return false; } - // TODO(ianswett): Don't use StringPiece as an intermediary. - StringPiece data; + // TODO(ianswett): Don't use QuicStringPiece as an intermediary. + QuicStringPiece data; if (has_data_length) { if (!reader->ReadStringPiece16(&data)) { set_detailed_error("Unable to read frame data."); @@ -1404,7 +1372,7 @@ bool QuicFramer::ProcessConnectionCloseFrame(QuicDataReader* reader, frame->error_code = static_cast<QuicErrorCode>(error_code); - StringPiece error_details; + QuicStringPiece error_details; if (!reader->ReadStringPiece16(&error_details)) { set_detailed_error("Unable to read connection close error details."); return false; @@ -1435,7 +1403,7 @@ bool QuicFramer::ProcessGoAwayFrame(QuicDataReader* reader, } frame->last_good_stream_id = static_cast<QuicStreamId>(stream_id); - StringPiece reason_phrase; + QuicStringPiece reason_phrase; if (!reader->ReadStringPiece16(&reason_phrase)) { set_detailed_error("Unable to read goaway reason."); return false; @@ -1470,18 +1438,8 @@ bool QuicFramer::ProcessBlockedFrame(QuicDataReader* reader, return true; } -bool QuicFramer::ProcessPathCloseFrame(QuicDataReader* reader, - QuicPathCloseFrame* frame) { - if (!reader->ReadBytes(&frame->path_id, 1)) { - set_detailed_error("Unable to read path_id."); - return false; - } - - return true; -} - // static -StringPiece QuicFramer::GetAssociatedDataFromEncryptedPacket( +QuicStringPiece QuicFramer::GetAssociatedDataFromEncryptedPacket( QuicVersion version, const QuicEncryptedPacket& encrypted, QuicConnectionIdLength connection_id_length, @@ -1489,10 +1447,11 @@ StringPiece QuicFramer::GetAssociatedDataFromEncryptedPacket( bool includes_diversification_nonce, QuicPacketNumberLength packet_number_length) { // TODO(ianswett): This is identical to QuicData::AssociatedData. - return StringPiece(encrypted.data(), - GetStartOfEncryptedData( - version, connection_id_length, includes_version, - includes_diversification_nonce, packet_number_length)); + return QuicStringPiece( + encrypted.data(), + GetStartOfEncryptedData(version, connection_id_length, includes_version, + includes_diversification_nonce, + packet_number_length)); } void QuicFramer::SetDecrypter(EncryptionLevel level, QuicDecrypter* decrypter) { @@ -1525,7 +1484,6 @@ void QuicFramer::SetEncrypter(EncryptionLevel level, QuicEncrypter* encrypter) { } size_t QuicFramer::EncryptInPlace(EncryptionLevel level, - QuicPathId path_id, QuicPacketNumber packet_number, size_t ad_len, size_t total_len, @@ -1534,8 +1492,8 @@ size_t QuicFramer::EncryptInPlace(EncryptionLevel level, size_t output_length = 0; if (!encrypter_[level]->EncryptPacket( quic_version_, packet_number, - StringPiece(buffer, ad_len), // Associated data - StringPiece(buffer + ad_len, total_len - ad_len), // Plaintext + QuicStringPiece(buffer, ad_len), // Associated data + QuicStringPiece(buffer + ad_len, total_len - ad_len), // Plaintext buffer + ad_len, // Destination buffer &output_length, buffer_len - ad_len)) { RaiseError(QUIC_ENCRYPTION_FAILURE); @@ -1552,7 +1510,7 @@ size_t QuicFramer::EncryptPayload(EncryptionLevel level, size_t buffer_len) { DCHECK(encrypter_[level].get() != nullptr); - StringPiece associated_data = packet.AssociatedData(quic_version_); + QuicStringPiece associated_data = packet.AssociatedData(quic_version_); // Copy in the header, because the encrypter only populates the encrypted // plaintext content. const size_t ad_len = associated_data.length(); @@ -1593,9 +1551,9 @@ bool QuicFramer::DecryptPayload(QuicDataReader* encrypted_reader, char* decrypted_buffer, size_t buffer_length, size_t* decrypted_length) { - StringPiece encrypted = encrypted_reader->ReadRemainingPayload(); + QuicStringPiece encrypted = encrypted_reader->ReadRemainingPayload(); DCHECK(decrypter_.get() != nullptr); - StringPiece associated_data = GetAssociatedDataFromEncryptedPacket( + QuicStringPiece associated_data = GetAssociatedDataFromEncryptedPacket( quic_version_, packet, header.public_header.connection_id_length, header.public_header.version_flag, header.public_header.nonce != nullptr, header.public_header.packet_number_length); @@ -1720,8 +1678,6 @@ size_t QuicFramer::ComputeFrameLength( return GetWindowUpdateFrameSize(); case BLOCKED_FRAME: return GetBlockedFrameSize(); - case PATH_CLOSE_FRAME: - return GetPathCloseFrameSize(); case PADDING_FRAME: DCHECK(false); return 0; @@ -2155,15 +2111,6 @@ bool QuicFramer::AppendBlockedFrame(const QuicBlockedFrame& frame, return true; } -bool QuicFramer::AppendPathCloseFrame(const QuicPathCloseFrame& frame, - QuicDataWriter* writer) { - uint8_t path_id = static_cast<uint8_t>(frame.path_id); - if (!writer->WriteUInt8(path_id)) { - return false; - } - return true; -} - bool QuicFramer::RaiseError(QuicErrorCode error) { QUIC_DLOG(INFO) << ENDPOINT << "Error: " << QuicErrorCodeToString(error) << " detail: " << detailed_error_; diff --git a/chromium/net/quic/core/quic_framer.h b/chromium/net/quic/core/quic_framer.h index 23d3c3ce6ba..2ca8ea15e17 100644 --- a/chromium/net/quic/core/quic_framer.h +++ b/chromium/net/quic/core/quic_framer.h @@ -11,9 +11,9 @@ #include <string> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/quic_packets.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -134,9 +134,6 @@ class QUIC_EXPORT_PRIVATE QuicFramerVisitorInterface { // Called when a BlockedFrame has been parsed. virtual bool OnBlockedFrame(const QuicBlockedFrame& frame) = 0; - // Called when a PathCloseFrame has been parsed. - virtual bool OnPathCloseFrame(const QuicPathCloseFrame& frame) = 0; - // Called when a packet has been completely processed. virtual void OnPacketComplete() = 0; }; @@ -211,8 +208,6 @@ class QUIC_EXPORT_PRIVATE QuicFramer { static size_t GetWindowUpdateFrameSize(); // Size in bytes of all Blocked frame fields. static size_t GetBlockedFrameSize(); - // Size in bytes of all PathClose frame fields. - static size_t GetPathCloseFrameSize(); // Size in bytes required to serialize the stream id. static size_t GetStreamIdSize(QuicStreamId stream_id); // Size in bytes required to serialize the stream offset. @@ -231,7 +226,7 @@ class QUIC_EXPORT_PRIVATE QuicFramer { // Returns the associated data from the encrypted packet |encrypted| as a // stringpiece. - static base::StringPiece GetAssociatedDataFromEncryptedPacket( + static QuicStringPiece GetAssociatedDataFromEncryptedPacket( QuicVersion version, const QuicEncryptedPacket& encrypted, QuicConnectionIdLength connection_id_length, @@ -296,7 +291,6 @@ class QUIC_EXPORT_PRIVATE QuicFramer { // data. |total_len| is the length of the associated data plus plaintext. // |buffer_len| is the full length of the allocated buffer. size_t EncryptInPlace(EncryptionLevel level, - QuicPathId path_id, QuicPacketNumber packet_number, size_t ad_len, size_t total_len, @@ -370,7 +364,6 @@ class QUIC_EXPORT_PRIVATE QuicFramer { bool ProcessUnauthenticatedHeader(QuicDataReader* encrypted_reader, QuicPacketHeader* header); - bool ProcessPathId(QuicDataReader* reader, QuicPathId* path_id); bool ProcessPacketSequenceNumber(QuicDataReader* reader, QuicPacketNumberLength packet_number_length, QuicPacketNumber base_packet_number, @@ -393,7 +386,6 @@ class QUIC_EXPORT_PRIVATE QuicFramer { bool ProcessWindowUpdateFrame(QuicDataReader* reader, QuicWindowUpdateFrame* frame); bool ProcessBlockedFrame(QuicDataReader* reader, QuicBlockedFrame* frame); - bool ProcessPathCloseFrame(QuicDataReader* reader, QuicPathCloseFrame* frame); bool DecryptPayload(QuicDataReader* encrypted_reader, const QuicPacketHeader& header, @@ -468,8 +460,6 @@ class QUIC_EXPORT_PRIVATE QuicFramer { QuicDataWriter* writer); bool AppendBlockedFrame(const QuicBlockedFrame& frame, QuicDataWriter* writer); - bool AppendPathCloseFrame(const QuicPathCloseFrame& frame, - QuicDataWriter* writer); bool RaiseError(QuicErrorCode error); diff --git a/chromium/net/quic/core/quic_framer_test.cc b/chromium/net/quic/core/quic_framer_test.cc index 01a201df711..cf757fa6d2a 100644 --- a/chromium/net/quic/core/quic_framer_test.cc +++ b/chromium/net/quic/core/quic_framer_test.cc @@ -24,7 +24,6 @@ #include "net/quic/test_tools/quic_test_utils.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; using testing::Return; using testing::Truly; @@ -58,47 +57,15 @@ size_t GetMinStreamFrameSize() { return kQuicFrameTypeSize + kQuicMaxStreamIdSize + kQuicMaxStreamOffsetSize; } -// Index into the path id offset in the header (if present). -size_t GetPathIdOffset(QuicConnectionIdLength connection_id_length, - bool include_version) { - return kConnectionIdOffset + connection_id_length + - (include_version ? kQuicVersionSize : 0); -} - // Index into the packet number offset in the header. size_t GetPacketNumberOffset(QuicConnectionIdLength connection_id_length, - bool include_version, - bool include_path_id) { + bool include_version) { return kConnectionIdOffset + connection_id_length + - (include_version ? kQuicVersionSize : 0) + - (include_path_id ? kQuicPathIdSize : 0); -} - -size_t GetPacketNumberOffset(bool include_version, bool include_path_id) { - return GetPacketNumberOffset(PACKET_8BYTE_CONNECTION_ID, include_version, - include_path_id); -} - -// Index into the private flags offset in the data packet header. -size_t GetPrivateFlagsOffset(QuicConnectionIdLength connection_id_length, - bool include_version, - bool include_path_id) { - return GetPacketNumberOffset(connection_id_length, include_version, - include_path_id) + - PACKET_6BYTE_PACKET_NUMBER; -} - -size_t GetPrivateFlagsOffset(bool include_version, bool include_path_id) { - return GetPrivateFlagsOffset(PACKET_8BYTE_CONNECTION_ID, include_version, - include_path_id); + (include_version ? kQuicVersionSize : 0); } -size_t GetPrivateFlagsOffset(bool include_version, - bool include_path_id, - QuicPacketNumberLength packet_number_length) { - return GetPacketNumberOffset(PACKET_8BYTE_CONNECTION_ID, include_version, - include_path_id) + - packet_number_length; +size_t GetPacketNumberOffset(bool include_version) { + return GetPacketNumberOffset(PACKET_8BYTE_CONNECTION_ID, include_version); } // Index into the message tag of the public reset packet. @@ -109,12 +76,12 @@ const size_t kPublicResetPacketMessageTagOffset = class TestEncrypter : public QuicEncrypter { public: ~TestEncrypter() override {} - bool SetKey(StringPiece key) override { return true; } - bool SetNoncePrefix(StringPiece nonce_prefix) override { return true; } + bool SetKey(QuicStringPiece key) override { return true; } + bool SetNoncePrefix(QuicStringPiece nonce_prefix) override { return true; } bool EncryptPacket(QuicVersion version, QuicPacketNumber packet_number, - StringPiece associated_data, - StringPiece plaintext, + QuicStringPiece associated_data, + QuicStringPiece plaintext, char* output, size_t* output_length, size_t max_output_length) override { @@ -134,11 +101,10 @@ class TestEncrypter : public QuicEncrypter { size_t GetCiphertextSize(size_t plaintext_size) const override { return plaintext_size; } - StringPiece GetKey() const override { return StringPiece(); } - StringPiece GetNoncePrefix() const override { return StringPiece(); } + QuicStringPiece GetKey() const override { return QuicStringPiece(); } + QuicStringPiece GetNoncePrefix() const override { return QuicStringPiece(); } QuicVersion version_; - Perspective perspective_; QuicPacketNumber packet_number_; string associated_data_; string plaintext_; @@ -147,9 +113,9 @@ class TestEncrypter : public QuicEncrypter { class TestDecrypter : public QuicDecrypter { public: ~TestDecrypter() override {} - bool SetKey(StringPiece key) override { return true; } - bool SetNoncePrefix(StringPiece nonce_prefix) override { return true; } - bool SetPreliminaryKey(StringPiece key) override { + bool SetKey(QuicStringPiece key) override { return true; } + bool SetNoncePrefix(QuicStringPiece nonce_prefix) override { return true; } + bool SetPreliminaryKey(QuicStringPiece key) override { QUIC_BUG << "should not be called"; return false; } @@ -158,8 +124,8 @@ class TestDecrypter : public QuicDecrypter { } bool DecryptPacket(QuicVersion version, QuicPacketNumber packet_number, - StringPiece associated_data, - StringPiece ciphertext, + QuicStringPiece associated_data, + QuicStringPiece ciphertext, char* output, size_t* output_length, size_t max_output_length) override { @@ -171,13 +137,12 @@ class TestDecrypter : public QuicDecrypter { *output_length = ciphertext.length(); return true; } - StringPiece GetKey() const override { return StringPiece(); } - StringPiece GetNoncePrefix() const override { return StringPiece(); } + QuicStringPiece GetKey() const override { return QuicStringPiece(); } + QuicStringPiece GetNoncePrefix() const override { return QuicStringPiece(); } const char* cipher_name() const override { return "Test"; } // Use a distinct value starting with 0xFFFFFF, which is never used by TLS. uint32_t cipher_id() const override { return 0xFFFFFFF2; } QuicVersion version_; - Perspective perspective_; QuicPacketNumber packet_number_; string associated_data_; string ciphertext_; @@ -297,11 +262,6 @@ class TestQuicVisitor : public QuicFramerVisitorInterface { return true; } - bool OnPathCloseFrame(const QuicPathCloseFrame& frame) override { - path_close_frame_ = frame; - return true; - } - // Counters from the visitor_ callbacks. int error_count_; int version_mismatch_; @@ -325,7 +285,6 @@ class TestQuicVisitor : public QuicFramerVisitorInterface { QuicGoAwayFrame goaway_frame_; QuicWindowUpdateFrame window_update_frame_; QuicBlockedFrame blocked_frame_; - QuicPathCloseFrame path_close_frame_; std::vector<std::unique_ptr<string>> stream_data_; }; @@ -355,9 +314,7 @@ class QuicFramerTest : public ::testing::TestWithParam<QuicVersion> { return static_cast<unsigned char>('0' + (version_ / 10) % 10); } - bool CheckEncryption(QuicPathId path_id, - QuicPacketNumber packet_number, - QuicPacket* packet) { + bool CheckEncryption(QuicPacketNumber packet_number, QuicPacket* packet) { EXPECT_EQ(version_, encrypter_->version_); if (packet_number != encrypter_->packet_number_) { QUIC_LOG(ERROR) << "Encrypted incorrect packet number. expected " @@ -404,7 +361,7 @@ class QuicFramerTest : public ::testing::TestWithParam<QuicVersion> { << " actual: " << decrypter_->associated_data_; return false; } - StringPiece ciphertext( + QuicStringPiece ciphertext( encrypted.AsStringPiece().substr(GetStartOfEncryptedData( framer_.version(), PACKET_8BYTE_CONNECTION_ID, includes_version, includes_diversification_nonce, PACKET_6BYTE_PACKET_NUMBER))); @@ -614,6 +571,17 @@ TEST_P(QuicFramerTest, LargePacket) { // private flags 0x00, }; + + unsigned char packet_cid_be[kMaxPacketSize + 1] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12, + // private flags + 0x00, + }; // clang-format on const size_t header_size = GetPacketHeaderSize( @@ -622,7 +590,14 @@ TEST_P(QuicFramerTest, LargePacket) { memset(packet + header_size, 0, kMaxPacketSize - header_size); - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_QUIC_BUG(framer_.ProcessPacket(encrypted), "Packet too large:1"); ASSERT_TRUE(visitor_.header_.get()); @@ -642,9 +617,25 @@ TEST_P(QuicFramerTest, PacketHeader) { // packet number 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12, + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_FALSE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_MISSING_PAYLOAD, framer_.error()); ASSERT_TRUE(visitor_.header_.get()); @@ -663,12 +654,15 @@ TEST_P(QuicFramerTest, PacketHeader) { string expected_error; if (i < kConnectionIdOffset) { expected_error = "Unable to read public flags."; - } else if (i < GetPacketNumberOffset(!kIncludeVersion, !kIncludePathId)) { + } else if (i < GetPacketNumberOffset(!kIncludeVersion)) { expected_error = "Unable to read ConnectionId."; } else { expected_error = "Unable to read packet number."; } - CheckProcessingFails(packet, i, expected_error, QUIC_INVALID_PACKET_HEADER); + CheckProcessingFails(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet, + i, expected_error, QUIC_INVALID_PACKET_HEADER); } } @@ -706,7 +700,7 @@ TEST_P(QuicFramerTest, PacketHeaderWith0ByteConnectionId) { if (i < kConnectionIdOffset) { expected_error = "Unable to read public flags."; } else if (i < GetPacketNumberOffset(PACKET_0BYTE_CONNECTION_ID, - !kIncludeVersion, !kIncludePathId)) { + !kIncludeVersion)) { expected_error = "Unable to read ConnectionId."; } else { expected_error = "Unable to read packet number."; @@ -727,9 +721,27 @@ TEST_P(QuicFramerTest, PacketHeaderWithVersionFlag) { // packet number 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12, }; + + unsigned char packet_cid_be[] = { + // public flags (version) + 0x39, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // version tag + 'Q', '0', GetQuicVersionDigitTens(), GetQuicVersionDigitOnes(), + // packet number + 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12, + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_FALSE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_MISSING_PAYLOAD, framer_.error()); ASSERT_TRUE(visitor_.header_.get()); @@ -751,12 +763,15 @@ TEST_P(QuicFramerTest, PacketHeaderWithVersionFlag) { expected_error = "Unable to read public flags."; } else if (i < kVersionOffset) { expected_error = "Unable to read ConnectionId."; - } else if (i < GetPacketNumberOffset(kIncludeVersion, !kIncludePathId)) { + } else if (i < GetPacketNumberOffset(kIncludeVersion)) { expected_error = "Unable to read protocol version."; } else { expected_error = "Unable to read packet number."; } - CheckProcessingFails(packet, i, expected_error, QUIC_INVALID_PACKET_HEADER); + CheckProcessingFails(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet, + i, expected_error, QUIC_INVALID_PACKET_HEADER); } } @@ -772,9 +787,25 @@ TEST_P(QuicFramerTest, PacketHeaderWith4BytePacketNumber) { // packet number 0xBC, 0x9A, 0x78, 0x56, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id and 4 byte packet number) + 0x28, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_FALSE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_MISSING_PAYLOAD, framer_.error()); ASSERT_TRUE(visitor_.header_.get()); @@ -793,12 +824,15 @@ TEST_P(QuicFramerTest, PacketHeaderWith4BytePacketNumber) { string expected_error; if (i < kConnectionIdOffset) { expected_error = "Unable to read public flags."; - } else if (i < GetPacketNumberOffset(!kIncludeVersion, !kIncludePathId)) { + } else if (i < GetPacketNumberOffset(!kIncludeVersion)) { expected_error = "Unable to read ConnectionId."; } else { expected_error = "Unable to read packet number."; } - CheckProcessingFails(packet, i, expected_error, QUIC_INVALID_PACKET_HEADER); + CheckProcessingFails(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet, + i, expected_error, QUIC_INVALID_PACKET_HEADER); } } @@ -814,9 +848,25 @@ TEST_P(QuicFramerTest, PacketHeaderWith2BytePacketNumber) { // packet number 0xBC, 0x9A, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id and 2 byte packet number) + 0x18, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_FALSE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_MISSING_PAYLOAD, framer_.error()); ASSERT_TRUE(visitor_.header_.get()); @@ -837,12 +887,15 @@ TEST_P(QuicFramerTest, PacketHeaderWith2BytePacketNumber) { string expected_error; if (i < kConnectionIdOffset) { expected_error = "Unable to read public flags."; - } else if (i < GetPacketNumberOffset(!kIncludeVersion, !kIncludePathId)) { + } else if (i < GetPacketNumberOffset(!kIncludeVersion)) { expected_error = "Unable to read ConnectionId."; } else { expected_error = "Unable to read packet number."; } - CheckProcessingFails(packet, i, expected_error, QUIC_INVALID_PACKET_HEADER); + CheckProcessingFails(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet, + i, expected_error, QUIC_INVALID_PACKET_HEADER); } } @@ -858,9 +911,25 @@ TEST_P(QuicFramerTest, PacketHeaderWith1BytePacketNumber) { // packet number 0xBC, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id and 1 byte packet number) + 0x08, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_FALSE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_MISSING_PAYLOAD, framer_.error()); ASSERT_TRUE(visitor_.header_.get()); @@ -881,12 +950,15 @@ TEST_P(QuicFramerTest, PacketHeaderWith1BytePacketNumber) { string expected_error; if (i < kConnectionIdOffset) { expected_error = "Unable to read public flags."; - } else if (i < GetPacketNumberOffset(!kIncludeVersion, !kIncludePathId)) { + } else if (i < GetPacketNumberOffset(!kIncludeVersion)) { expected_error = "Unable to read ConnectionId."; } else { expected_error = "Unable to read packet number."; } - CheckProcessingFails(packet, i, expected_error, QUIC_INVALID_PACKET_HEADER); + CheckProcessingFails(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet, + i, expected_error, QUIC_INVALID_PACKET_HEADER); } } @@ -952,7 +1024,8 @@ TEST_P(QuicFramerTest, PacketWithDiversificationNonce) { // clang-format off unsigned char packet[] = { // public flags: includes nonce flag - 0x7C, + static_cast<unsigned char>( + FLAGS_quic_reloadable_flag_quic_remove_multipath_bit ? 0x3C : 0x7C), // connection_id 0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE, // nonce @@ -967,9 +1040,35 @@ TEST_P(QuicFramerTest, PacketWithDiversificationNonce) { 0x00, 0x00, 0x00, 0x00, 0x00 }; + + unsigned char packet_cid_be[] = { + // public flags: includes nonce flag + static_cast<unsigned char>( + FLAGS_quic_reloadable_flag_quic_remove_multipath_bit ? 0x3C : 0x7C), + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // nonce + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + // packet number + 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12, + + // frame type (padding) + 0x00, + 0x00, 0x00, 0x00, 0x00 + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); QuicFramerPeer::SetPerspective(&framer_, Perspective::IS_CLIENT); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); ASSERT_TRUE(visitor_.public_header_->nonce != nullptr); @@ -982,7 +1081,8 @@ TEST_P(QuicFramerTest, LargePublicFlagWithMismatchedVersions) { // clang-format off unsigned char packet[] = { // public flags (8 byte connection_id, version flag and an unknown flag) - 0x79, + static_cast<unsigned char>( + FLAGS_quic_reloadable_flag_quic_remove_multipath_bit ? 0x39 : 0x79), // connection_id 0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE, @@ -996,8 +1096,32 @@ TEST_P(QuicFramerTest, LargePublicFlagWithMismatchedVersions) { 0x00, 0x00, 0x00, 0x00, 0x00 }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id, version flag and an unknown flag) + static_cast<unsigned char>( + FLAGS_quic_reloadable_flag_quic_remove_multipath_bit ? 0x39 : 0x79), + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // version tag + 'Q', '0', '0', '0', + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (padding frame) + 0x00, + 0x00, 0x00, 0x00, 0x00 + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); ASSERT_TRUE(visitor_.header_.get()); @@ -1034,9 +1158,43 @@ TEST_P(QuicFramerTest, PaddingFrame) { 'o', ' ', 'w', 'o', 'r', 'l', 'd', '!', }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (padding frame) + 0x00, + // Ignored data (which in this case is a stream frame) + // frame type (stream frame with fin) + 0xFF, + // stream id + 0x04, 0x03, 0x02, 0x01, + // offset + 0x54, 0x76, 0x10, 0x32, + 0xDC, 0xFE, 0x98, 0xBA, + // data length + 0x0c, 0x00, + // data + 'h', 'e', 'l', 'l', + 'o', ' ', 'w', 'o', + 'r', 'l', 'd', '!', + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); ASSERT_TRUE(visitor_.header_.get()); @@ -1047,7 +1205,8 @@ TEST_P(QuicFramerTest, PaddingFrame) { EXPECT_EQ(0u, visitor_.ack_frames_.size()); // A packet with no frames is not acceptable. CheckProcessingFails( - packet, + FLAGS_quic_restart_flag_quic_big_endian_connection_id ? packet_cid_be + : packet, GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion, !kIncludeDiversificationNonce, PACKET_6BYTE_PACKET_NUMBER), @@ -1080,9 +1239,40 @@ TEST_P(QuicFramerTest, StreamFrame) { 'o', ' ', 'w', 'o', 'r', 'l', 'd', '!', }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (stream frame with fin) + 0xFF, + // stream id + 0x04, 0x03, 0x02, 0x01, + // offset + 0x54, 0x76, 0x10, 0x32, + 0xDC, 0xFE, 0x98, 0xBA, + // data length + 0x0c, 0x00, + // data + 'h', 'e', 'l', 'l', + 'o', ' ', 'w', 'o', + 'r', 'l', 'd', '!', + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); @@ -1098,7 +1288,10 @@ TEST_P(QuicFramerTest, StreamFrame) { CheckStreamFrameData("hello world!", visitor_.stream_frames_[0].get()); // Now test framing boundaries. - CheckStreamFrameBoundaries(packet, kQuicMaxStreamIdSize, !kIncludeVersion); + CheckStreamFrameBoundaries( + FLAGS_quic_restart_flag_quic_big_endian_connection_id ? packet_cid_be + : packet, + kQuicMaxStreamIdSize, !kIncludeVersion); } TEST_P(QuicFramerTest, MissingDiversificationNonce) { @@ -1133,9 +1326,40 @@ TEST_P(QuicFramerTest, MissingDiversificationNonce) { 'o', ' ', 'w', 'o', 'r', 'l', 'd', '!', }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (stream frame with fin) + 0xFF, + // stream id + 0x04, 0x03, 0x02, 0x01, + // offset + 0x54, 0x76, 0x10, 0x32, + 0xDC, 0xFE, 0x98, 0xBA, + // data length + 0x0c, 0x00, + // data + 'h', 'e', 'l', 'l', + 'o', ' ', 'w', 'o', + 'r', 'l', 'd', '!', + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_FALSE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_DECRYPTION_FAILURE, framer_.error()); } @@ -1166,9 +1390,40 @@ TEST_P(QuicFramerTest, StreamFrame3ByteStreamId) { 'o', ' ', 'w', 'o', 'r', 'l', 'd', '!', }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (stream frame with fin) + 0xFE, + // stream id + 0x04, 0x03, 0x02, + // offset + 0x54, 0x76, 0x10, 0x32, + 0xDC, 0xFE, 0x98, 0xBA, + // data length + 0x0c, 0x00, + // data + 'h', 'e', 'l', 'l', + 'o', ' ', 'w', 'o', + 'r', 'l', 'd', '!', + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); @@ -1186,7 +1441,10 @@ TEST_P(QuicFramerTest, StreamFrame3ByteStreamId) { // Now test framing boundaries. const size_t stream_id_size = 3; - CheckStreamFrameBoundaries(packet, stream_id_size, !kIncludeVersion); + CheckStreamFrameBoundaries( + FLAGS_quic_restart_flag_quic_big_endian_connection_id ? packet_cid_be + : packet, + stream_id_size, !kIncludeVersion); } TEST_P(QuicFramerTest, StreamFrame2ByteStreamId) { @@ -1215,9 +1473,40 @@ TEST_P(QuicFramerTest, StreamFrame2ByteStreamId) { 'o', ' ', 'w', 'o', 'r', 'l', 'd', '!', }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (stream frame with fin) + 0xFD, + // stream id + 0x04, 0x03, + // offset + 0x54, 0x76, 0x10, 0x32, + 0xDC, 0xFE, 0x98, 0xBA, + // data length + 0x0c, 0x00, + // data + 'h', 'e', 'l', 'l', + 'o', ' ', 'w', 'o', + 'r', 'l', 'd', '!', + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); @@ -1235,7 +1524,10 @@ TEST_P(QuicFramerTest, StreamFrame2ByteStreamId) { // Now test framing boundaries. const size_t stream_id_size = 2; - CheckStreamFrameBoundaries(packet, stream_id_size, !kIncludeVersion); + CheckStreamFrameBoundaries( + FLAGS_quic_restart_flag_quic_big_endian_connection_id ? packet_cid_be + : packet, + stream_id_size, !kIncludeVersion); } TEST_P(QuicFramerTest, StreamFrame1ByteStreamId) { @@ -1264,9 +1556,40 @@ TEST_P(QuicFramerTest, StreamFrame1ByteStreamId) { 'o', ' ', 'w', 'o', 'r', 'l', 'd', '!', }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (stream frame with fin) + 0xFC, + // stream id + 0x04, + // offset + 0x54, 0x76, 0x10, 0x32, + 0xDC, 0xFE, 0x98, 0xBA, + // data length + 0x0c, 0x00, + // data + 'h', 'e', 'l', 'l', + 'o', ' ', 'w', 'o', + 'r', 'l', 'd', '!', + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); @@ -1284,7 +1607,10 @@ TEST_P(QuicFramerTest, StreamFrame1ByteStreamId) { // Now test framing boundaries. const size_t stream_id_size = 1; - CheckStreamFrameBoundaries(packet, stream_id_size, !kIncludeVersion); + CheckStreamFrameBoundaries( + FLAGS_quic_restart_flag_quic_big_endian_connection_id ? packet_cid_be + : packet, + stream_id_size, !kIncludeVersion); } TEST_P(QuicFramerTest, StreamFrameWithVersion) { @@ -1315,9 +1641,42 @@ TEST_P(QuicFramerTest, StreamFrameWithVersion) { 'o', ' ', 'w', 'o', 'r', 'l', 'd', '!', }; + + unsigned char packet_cid_be[] = { + // public flags (version, 8 byte connection_id) + 0x39, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // version tag + 'Q', '0', GetQuicVersionDigitTens(), GetQuicVersionDigitOnes(), + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (stream frame with fin) + 0xFF, + // stream id + 0x04, 0x03, 0x02, 0x01, + // offset + 0x54, 0x76, 0x10, 0x32, + 0xDC, 0xFE, 0x98, 0xBA, + // data length + 0x0c, 0x00, + // data + 'h', 'e', 'l', 'l', + 'o', ' ', 'w', 'o', + 'r', 'l', 'd', '!', + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); @@ -1335,7 +1694,10 @@ TEST_P(QuicFramerTest, StreamFrameWithVersion) { CheckStreamFrameData("hello world!", visitor_.stream_frames_[0].get()); // Now test framing boundaries. - CheckStreamFrameBoundaries(packet, kQuicMaxStreamIdSize, kIncludeVersion); + CheckStreamFrameBoundaries( + FLAGS_quic_restart_flag_quic_big_endian_connection_id ? packet_cid_be + : packet, + kQuicMaxStreamIdSize, kIncludeVersion); } TEST_P(QuicFramerTest, RejectPacket) { @@ -1366,9 +1728,40 @@ TEST_P(QuicFramerTest, RejectPacket) { 'o', ' ', 'w', 'o', 'r', 'l', 'd', '!', }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (stream frame with fin) + 0xFF, + // stream id + 0x04, 0x03, 0x02, 0x01, + // offset + 0x54, 0x76, 0x10, 0x32, + 0xDC, 0xFE, 0x98, 0xBA, + // data length + 0x0c, 0x00, + // data + 'h', 'e', 'l', 'l', + 'o', ' ', 'w', 'o', + 'r', 'l', 'd', '!', + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); @@ -1388,12 +1781,25 @@ TEST_P(QuicFramerTest, RejectPublicHeader) { // public flags (8 byte connection_id) 0x38, // connection_id - 0x10, 0x32, 0x54, 0x76, - 0x98, 0xBA, 0xDC, 0xFE, + 0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE, + }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); @@ -1423,9 +1829,37 @@ TEST_P(QuicFramerTest, AckFrameOneAckBlock) { // num timestamps. 0x00, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x3C, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12, + + // frame type (ack frame) + // (one ack block, 2 byte largest observed, 2 byte block length) + 0x45, + // largest acked + 0x34, 0x12, + // Zero delta time. + 0x00, 0x00, + // first ack block length. + 0x34, 0x12, + // num timestamps. + 0x00, + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); @@ -1461,7 +1895,8 @@ TEST_P(QuicFramerTest, AckFrameOneAckBlock) { expected_error = "Unable to read num received packets."; } CheckProcessingFails( - packet, + FLAGS_quic_restart_flag_quic_big_endian_connection_id ? packet_cid_be + : packet, i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion, !kIncludeDiversificationNonce, PACKET_6BYTE_PACKET_NUMBER), @@ -1517,9 +1952,63 @@ TEST_P(QuicFramerTest, AckFrameTwoTimeStampsMultipleAckBlocks) { // Delta time. 0x10, 0x32, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x3C, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12, + + // frame type (ack frame) + // (more than one ack block, 2 byte largest observed, 2 byte block length) + 0x65, + // largest acked + 0x34, 0x12, + // Zero delta time. + 0x00, 0x00, + // num ack blocks ranges. + 0x04, + // first ack block length. + 0x01, 0x00, + // gap to next block. + 0x01, + // ack block length. + 0xaf, 0x0e, + // gap to next block. + 0xff, + // ack block length. + 0x00, 0x00, + // gap to next block. + 0x91, + // ack block length. + 0xea, 0x01, + // gap to next block. + 0x05, + // ack block length. + 0x04, 0x00, + // Number of timestamps. + 0x02, + // Delta from largest observed. + 0x01, + // Delta time. + 0x10, 0x32, 0x54, 0x76, + // Delta from largest observed. + 0x02, + // Delta time. + 0x10, 0x32, + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); @@ -1606,7 +2095,8 @@ TEST_P(QuicFramerTest, AckFrameTwoTimeStampsMultipleAckBlocks) { } CheckProcessingFails( - packet, + FLAGS_quic_restart_flag_quic_big_endian_connection_id ? packet_cid_be + : packet, i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion, !kIncludeDiversificationNonce, PACKET_6BYTE_PACKET_NUMBER), @@ -1631,9 +2121,31 @@ TEST_P(QuicFramerTest, NewStopWaitingFrame) { 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x3C, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xA8, 0x9A, 0x78, 0x56, + 0x34, 0x12, + // frame type (stop waiting frame) + 0x06, + // least packet number awaiting an ack, delta from packet number. + 0x08, 0x00, 0x00, 0x00, + 0x00, 0x00, + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); @@ -1651,7 +2163,8 @@ TEST_P(QuicFramerTest, NewStopWaitingFrame) { string expected_error; expected_error = "Unable to read least unacked delta."; CheckProcessingFails( - packet, + FLAGS_quic_restart_flag_quic_big_endian_connection_id ? packet_cid_be + : packet, i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion, !kIncludeDiversificationNonce, PACKET_6BYTE_PACKET_NUMBER), @@ -1683,9 +2196,38 @@ TEST_P(QuicFramerTest, RstStreamFrameQuic) { // error code 0x01, 0x00, 0x00, 0x00, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (rst stream frame) + 0x01, + // stream id + 0x04, 0x03, 0x02, 0x01, + + // sent byte offset + 0x54, 0x76, 0x10, 0x32, + 0xDC, 0xFE, 0x98, 0xBA, + + // error code + 0x01, 0x00, 0x00, 0x00, + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); @@ -1711,7 +2253,8 @@ TEST_P(QuicFramerTest, RstStreamFrameQuic) { expected_error = "Unable to read rst stream error code."; } CheckProcessingFails( - packet, + FLAGS_quic_restart_flag_quic_big_endian_connection_id ? packet_cid_be + : packet, i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion, !kIncludeDiversificationNonce, PACKET_6BYTE_PACKET_NUMBER), @@ -1744,9 +2287,39 @@ TEST_P(QuicFramerTest, ConnectionCloseFrame) { 'I', ' ', 'c', 'a', 'n', }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (connection close frame) + 0x02, + // error code + 0x11, 0x00, 0x00, 0x00, + + // error details length + 0x0d, 0x00, + // error details + 'b', 'e', 'c', 'a', + 'u', 's', 'e', ' ', + 'I', ' ', 'c', 'a', + 'n', + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); @@ -1771,7 +2344,8 @@ TEST_P(QuicFramerTest, ConnectionCloseFrame) { expected_error = "Unable to read connection close error details."; } CheckProcessingFails( - packet, + FLAGS_quic_restart_flag_quic_big_endian_connection_id ? packet_cid_be + : packet, i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion, !kIncludeDiversificationNonce, PACKET_6BYTE_PACKET_NUMBER), @@ -1805,9 +2379,40 @@ TEST_P(QuicFramerTest, GoAwayFrame) { 'I', ' ', 'c', 'a', 'n', }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (go away frame) + 0x03, + // error code + 0x09, 0x00, 0x00, 0x00, + // stream id + 0x04, 0x03, 0x02, 0x01, + // error details length + 0x0d, 0x00, + // error details + 'b', 'e', 'c', 'a', + 'u', 's', 'e', ' ', + 'I', ' ', 'c', 'a', + 'n', + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); @@ -1833,7 +2438,8 @@ TEST_P(QuicFramerTest, GoAwayFrame) { expected_error = "Unable to read goaway reason."; } CheckProcessingFails( - packet, + FLAGS_quic_restart_flag_quic_big_endian_connection_id ? packet_cid_be + : packet, i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion, !kIncludeDiversificationNonce, PACKET_6BYTE_PACKET_NUMBER), @@ -1861,9 +2467,34 @@ TEST_P(QuicFramerTest, WindowUpdateFrame) { 0x54, 0x76, 0x10, 0x32, 0xDC, 0xFE, 0x98, 0xBA, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (window update frame) + 0x04, + // stream id + 0x04, 0x03, 0x02, 0x01, + // byte offset + 0x54, 0x76, 0x10, 0x32, + 0xDC, 0xFE, 0x98, 0xBA, + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); @@ -1884,7 +2515,8 @@ TEST_P(QuicFramerTest, WindowUpdateFrame) { expected_error = "Unable to read window byte_offset."; } CheckProcessingFails( - packet, + FLAGS_quic_restart_flag_quic_big_endian_connection_id ? packet_cid_be + : packet, i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion, !kIncludeDiversificationNonce, PACKET_6BYTE_PACKET_NUMBER), @@ -1909,9 +2541,31 @@ TEST_P(QuicFramerTest, BlockedFrame) { // stream id 0x04, 0x03, 0x02, 0x01, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (blocked frame) + 0x05, + // stream id + 0x04, 0x03, 0x02, 0x01, + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); @@ -1926,7 +2580,8 @@ TEST_P(QuicFramerTest, BlockedFrame) { ++i) { string expected_error = "Unable to read stream_id."; CheckProcessingFails( - packet, + FLAGS_quic_restart_flag_quic_big_endian_connection_id ? packet_cid_be + : packet, i + GetPacketHeaderSize(framer_.version(), PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion, !kIncludeDiversificationNonce, PACKET_6BYTE_PACKET_NUMBER), @@ -1949,9 +2604,29 @@ TEST_P(QuicFramerTest, PingFrame) { // frame type (ping frame) 0x07, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (ping frame) + 0x07, + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); @@ -1991,9 +2666,41 @@ TEST_P(QuicFramerTest, PublicResetPacketV33) { 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12, 0x00, 0x00, }; + + unsigned char packet_cid_be[] = { + // public flags (public reset, 8 byte connection_id) + 0x0A, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // message tag (kPRST) + 'P', 'R', 'S', 'T', + // num_entries (2) + padding + 0x02, 0x00, 0x00, 0x00, + // tag kRNON + 'R', 'N', 'O', 'N', + // end offset 8 + 0x08, 0x00, 0x00, 0x00, + // tag kRSEQ + 'R', 'S', 'E', 'Q', + // end offset 16 + 0x10, 0x00, 0x00, 0x00, + // nonce proof + 0x89, 0x67, 0x45, 0x23, + 0x01, 0xEF, 0xCD, 0xAB, + // rejected packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, 0x00, 0x00, + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); ASSERT_EQ(QUIC_NO_ERROR, framer_.error()); ASSERT_TRUE(visitor_.public_reset_packet_.get()); @@ -2008,20 +2715,41 @@ TEST_P(QuicFramerTest, PublicResetPacketV33) { visitor_.public_reset_packet_->client_address.host().address_family()); // Now test framing boundaries. - for (size_t i = 0; i < arraysize(packet); ++i) { + if (!FLAGS_quic_restart_flag_quic_big_endian_connection_id) { + for (size_t i = 0; i < arraysize(packet); ++i) { + string expected_error; + QUIC_DLOG(INFO) << "iteration: " << i; + if (i < kConnectionIdOffset) { + expected_error = "Unable to read public flags."; + CheckProcessingFails(packet, i, expected_error, + QUIC_INVALID_PACKET_HEADER); + } else if (i < kPublicResetPacketMessageTagOffset) { + expected_error = "Unable to read ConnectionId."; + CheckProcessingFails(packet, i, expected_error, + QUIC_INVALID_PACKET_HEADER); + } else { + expected_error = "Unable to read reset message."; + CheckProcessingFails(packet, i, expected_error, + QUIC_INVALID_PUBLIC_RST_PACKET); + } + } + return; + } + + for (size_t i = 0; i < arraysize(packet_cid_be); ++i) { string expected_error; QUIC_DLOG(INFO) << "iteration: " << i; if (i < kConnectionIdOffset) { expected_error = "Unable to read public flags."; - CheckProcessingFails(packet, i, expected_error, + CheckProcessingFails(packet_cid_be, i, expected_error, QUIC_INVALID_PACKET_HEADER); } else if (i < kPublicResetPacketMessageTagOffset) { expected_error = "Unable to read ConnectionId."; - CheckProcessingFails(packet, i, expected_error, + CheckProcessingFails(packet_cid_be, i, expected_error, QUIC_INVALID_PACKET_HEADER); } else { expected_error = "Unable to read reset message."; - CheckProcessingFails(packet, i, expected_error, + CheckProcessingFails(packet_cid_be, i, expected_error, QUIC_INVALID_PUBLIC_RST_PACKET); } } @@ -2056,9 +2784,41 @@ TEST_P(QuicFramerTest, PublicResetPacket) { 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12, 0x00, 0x00, }; + + unsigned char packet_cid_be[] = { + // public flags (public reset, 8 byte connection_id) + 0x0E, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // message tag (kPRST) + 'P', 'R', 'S', 'T', + // num_entries (2) + padding + 0x02, 0x00, 0x00, 0x00, + // tag kRNON + 'R', 'N', 'O', 'N', + // end offset 8 + 0x08, 0x00, 0x00, 0x00, + // tag kRSEQ + 'R', 'S', 'E', 'Q', + // end offset 16 + 0x10, 0x00, 0x00, 0x00, + // nonce proof + 0x89, 0x67, 0x45, 0x23, + 0x01, 0xEF, 0xCD, 0xAB, + // rejected packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, 0x00, 0x00, + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); ASSERT_EQ(QUIC_NO_ERROR, framer_.error()); ASSERT_TRUE(visitor_.public_reset_packet_.get()); @@ -2073,20 +2833,41 @@ TEST_P(QuicFramerTest, PublicResetPacket) { visitor_.public_reset_packet_->client_address.host().address_family()); // Now test framing boundaries. - for (size_t i = 0; i < arraysize(packet); ++i) { + if (!FLAGS_quic_restart_flag_quic_big_endian_connection_id) { + for (size_t i = 0; i < arraysize(packet); ++i) { + string expected_error; + QUIC_DLOG(INFO) << "iteration: " << i; + if (i < kConnectionIdOffset) { + expected_error = "Unable to read public flags."; + CheckProcessingFails(packet, i, expected_error, + QUIC_INVALID_PACKET_HEADER); + } else if (i < kPublicResetPacketMessageTagOffset) { + expected_error = "Unable to read ConnectionId."; + CheckProcessingFails(packet, i, expected_error, + QUIC_INVALID_PACKET_HEADER); + } else { + expected_error = "Unable to read reset message."; + CheckProcessingFails(packet, i, expected_error, + QUIC_INVALID_PUBLIC_RST_PACKET); + } + } + return; + } + + for (size_t i = 0; i < arraysize(packet_cid_be); ++i) { string expected_error; QUIC_DLOG(INFO) << "iteration: " << i; if (i < kConnectionIdOffset) { expected_error = "Unable to read public flags."; - CheckProcessingFails(packet, i, expected_error, + CheckProcessingFails(packet_cid_be, i, expected_error, QUIC_INVALID_PACKET_HEADER); } else if (i < kPublicResetPacketMessageTagOffset) { expected_error = "Unable to read ConnectionId."; - CheckProcessingFails(packet, i, expected_error, + CheckProcessingFails(packet_cid_be, i, expected_error, QUIC_INVALID_PACKET_HEADER); } else { expected_error = "Unable to read reset message."; - CheckProcessingFails(packet, i, expected_error, + CheckProcessingFails(packet_cid_be, i, expected_error, QUIC_INVALID_PUBLIC_RST_PACKET); } } @@ -2121,11 +2902,43 @@ TEST_P(QuicFramerTest, PublicResetPacketWithTrailingJunk) { // trailing junk 'j', 'u', 'n', 'k', }; + + unsigned char packet_cid_be[] = { + // public flags (public reset, 8 byte connection_id) + 0x0A, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // message tag (kPRST) + 'P', 'R', 'S', 'T', + // num_entries (2) + padding + 0x02, 0x00, 0x00, 0x00, + // tag kRNON + 'R', 'N', 'O', 'N', + // end offset 8 + 0x08, 0x00, 0x00, 0x00, + // tag kRSEQ + 'R', 'S', 'E', 'Q', + // end offset 16 + 0x10, 0x00, 0x00, 0x00, + // nonce proof + 0x89, 0x67, 0x45, 0x23, + 0x01, 0xEF, 0xCD, 0xAB, + // rejected packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, 0x00, 0x00, + // trailing junk + 'j', 'u', 'n', 'k', + }; // clang-format on string expected_error = "Unable to read reset message."; - CheckProcessingFails(packet, arraysize(packet), expected_error, - QUIC_INVALID_PUBLIC_RST_PACKET); + CheckProcessingFails(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet, + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + expected_error, QUIC_INVALID_PUBLIC_RST_PACKET); } TEST_P(QuicFramerTest, PublicResetPacketWithClientAddress) { @@ -2163,9 +2976,49 @@ TEST_P(QuicFramerTest, PublicResetPacketWithClientAddress) { 0x04, 0x1F, 0xC6, 0x2C, 0xBB, 0x01, }; + + unsigned char packet_cid_be[] = { + // public flags (public reset, 8 byte connection_id) + 0x0A, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // message tag (kPRST) + 'P', 'R', 'S', 'T', + // num_entries (3) + padding + 0x03, 0x00, 0x00, 0x00, + // tag kRNON + 'R', 'N', 'O', 'N', + // end offset 8 + 0x08, 0x00, 0x00, 0x00, + // tag kRSEQ + 'R', 'S', 'E', 'Q', + // end offset 16 + 0x10, 0x00, 0x00, 0x00, + // tag kCADR + 'C', 'A', 'D', 'R', + // end offset 24 + 0x18, 0x00, 0x00, 0x00, + // nonce proof + 0x89, 0x67, 0x45, 0x23, + 0x01, 0xEF, 0xCD, 0xAB, + // rejected packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, 0x00, 0x00, + // client address: 4.31.198.44:443 + 0x02, 0x00, + 0x04, 0x1F, 0xC6, 0x2C, + 0xBB, 0x01, + }; // clang-format on - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); ASSERT_EQ(QUIC_NO_ERROR, framer_.error()); ASSERT_TRUE(visitor_.public_reset_packet_.get()); @@ -2180,20 +3033,41 @@ TEST_P(QuicFramerTest, PublicResetPacketWithClientAddress) { EXPECT_EQ(443, visitor_.public_reset_packet_->client_address.port()); // Now test framing boundaries. - for (size_t i = 0; i < arraysize(packet); ++i) { + if (!FLAGS_quic_restart_flag_quic_big_endian_connection_id) { + for (size_t i = 0; i < arraysize(packet); ++i) { + string expected_error; + QUIC_DLOG(INFO) << "iteration: " << i; + if (i < kConnectionIdOffset) { + expected_error = "Unable to read public flags."; + CheckProcessingFails(packet, i, expected_error, + QUIC_INVALID_PACKET_HEADER); + } else if (i < kPublicResetPacketMessageTagOffset) { + expected_error = "Unable to read ConnectionId."; + CheckProcessingFails(packet, i, expected_error, + QUIC_INVALID_PACKET_HEADER); + } else { + expected_error = "Unable to read reset message."; + CheckProcessingFails(packet, i, expected_error, + QUIC_INVALID_PUBLIC_RST_PACKET); + } + } + return; + } + + for (size_t i = 0; i < arraysize(packet_cid_be); ++i) { string expected_error; QUIC_DLOG(INFO) << "iteration: " << i; if (i < kConnectionIdOffset) { expected_error = "Unable to read public flags."; - CheckProcessingFails(packet, i, expected_error, + CheckProcessingFails(packet_cid_be, i, expected_error, QUIC_INVALID_PACKET_HEADER); } else if (i < kPublicResetPacketMessageTagOffset) { expected_error = "Unable to read ConnectionId."; - CheckProcessingFails(packet, i, expected_error, + CheckProcessingFails(packet_cid_be, i, expected_error, QUIC_INVALID_PACKET_HEADER); } else { expected_error = "Unable to read reset message."; - CheckProcessingFails(packet, i, expected_error, + CheckProcessingFails(packet_cid_be, i, expected_error, QUIC_INVALID_PUBLIC_RST_PACKET); } } @@ -2211,11 +3085,28 @@ TEST_P(QuicFramerTest, VersionNegotiationPacket) { 'Q', '0', GetQuicVersionDigitTens(), GetQuicVersionDigitOnes(), 'Q', '2', '.', '0', }; + + unsigned char packet_cid_be[] = { + // public flags (version, 8 byte connection_id) + 0x39, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // version tag + 'Q', '0', GetQuicVersionDigitTens(), GetQuicVersionDigitOnes(), + 'Q', '2', '.', '0', + }; // clang-format on QuicFramerPeer::SetPerspective(&framer_, Perspective::IS_CLIENT); - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); ASSERT_EQ(QUIC_NO_ERROR, framer_.error()); ASSERT_TRUE(visitor_.version_negotiation_packet_.get()); @@ -2233,7 +3124,10 @@ TEST_P(QuicFramerTest, VersionNegotiationPacket) { expected_error = "Unable to read supported version in negotiation."; error_code = QUIC_INVALID_VERSION_NEGOTIATION_PACKET; } - CheckProcessingFails(packet, i, expected_error, error_code); + CheckProcessingFails(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet, + i, expected_error, error_code); } } @@ -2249,11 +3143,28 @@ TEST_P(QuicFramerTest, OldVersionNegotiationPacket) { 'Q', '0', GetQuicVersionDigitTens(), GetQuicVersionDigitOnes(), 'Q', '2', '.', '0', }; + + unsigned char packet_cid_be[] = { + // public flags (version, 8 byte connection_id) + 0x3D, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // version tag + 'Q', '0', GetQuicVersionDigitTens(), GetQuicVersionDigitOnes(), + 'Q', '2', '.', '0', + }; // clang-format on QuicFramerPeer::SetPerspective(&framer_, Perspective::IS_CLIENT); - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); ASSERT_EQ(QUIC_NO_ERROR, framer_.error()); ASSERT_TRUE(visitor_.version_negotiation_packet_.get()); @@ -2271,7 +3182,10 @@ TEST_P(QuicFramerTest, OldVersionNegotiationPacket) { expected_error = "Unable to read supported version in negotiation."; error_code = QUIC_INVALID_VERSION_NEGOTIATION_PACKET; } - CheckProcessingFails(packet, i, expected_error, error_code); + CheckProcessingFails(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet, + i, expected_error, error_code); } } @@ -2299,19 +3213,41 @@ TEST_P(QuicFramerTest, BuildPaddingFramePacket) { 0x00, 0x00, 0x00, 0x00, 0x00 }; + + unsigned char packet_cid_be[kMaxPacketSize] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (padding frame) + 0x00, + 0x00, 0x00, 0x00, 0x00 + }; // clang-format on uint64_t header_size = GetPacketHeaderSize( framer_.version(), PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion, !kIncludeDiversificationNonce, PACKET_6BYTE_PACKET_NUMBER); - memset(packet + header_size + 1, 0x00, kMaxPacketSize - header_size - 1); + memset((FLAGS_quic_restart_flag_quic_big_endian_connection_id ? packet_cid_be + : packet) + + header_size + 1, + 0x00, kMaxPacketSize - header_size - 1); std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames)); ASSERT_TRUE(data != nullptr); - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } TEST_P(QuicFramerTest, Build4ByteSequenceNumberPaddingFramePacket) { @@ -2338,19 +3274,40 @@ TEST_P(QuicFramerTest, Build4ByteSequenceNumberPaddingFramePacket) { 0x00, 0x00, 0x00, 0x00, 0x00 }; + + unsigned char packet_cid_be[kMaxPacketSize] = { + // public flags (8 byte connection_id and 4 byte packet number) + 0x28, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + + // frame type (padding frame) + 0x00, + 0x00, 0x00, 0x00, 0x00 + }; // clang-format on uint64_t header_size = GetPacketHeaderSize( framer_.version(), PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion, !kIncludeDiversificationNonce, PACKET_4BYTE_PACKET_NUMBER); - memset(packet + header_size + 1, 0x00, kMaxPacketSize - header_size - 1); + memset((FLAGS_quic_restart_flag_quic_big_endian_connection_id ? packet_cid_be + : packet) + + header_size + 1, + 0x00, kMaxPacketSize - header_size - 1); std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames)); ASSERT_TRUE(data != nullptr); - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } TEST_P(QuicFramerTest, Build2ByteSequenceNumberPaddingFramePacket) { @@ -2377,19 +3334,40 @@ TEST_P(QuicFramerTest, Build2ByteSequenceNumberPaddingFramePacket) { 0x00, 0x00, 0x00, 0x00, 0x00 }; + + unsigned char packet_cid_be[kMaxPacketSize] = { + // public flags (8 byte connection_id and 2 byte packet number) + 0x18, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, + + // frame type (padding frame) + 0x00, + 0x00, 0x00, 0x00, 0x00 + }; // clang-format on uint64_t header_size = GetPacketHeaderSize( framer_.version(), PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion, !kIncludeDiversificationNonce, PACKET_2BYTE_PACKET_NUMBER); - memset(packet + header_size + 1, 0x00, kMaxPacketSize - header_size - 1); + memset((FLAGS_quic_restart_flag_quic_big_endian_connection_id ? packet_cid_be + : packet) + + header_size + 1, + 0x00, kMaxPacketSize - header_size - 1); std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames)); ASSERT_TRUE(data != nullptr); - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } TEST_P(QuicFramerTest, Build1ByteSequenceNumberPaddingFramePacket) { @@ -2416,19 +3394,40 @@ TEST_P(QuicFramerTest, Build1ByteSequenceNumberPaddingFramePacket) { 0x00, 0x00, 0x00, 0x00, 0x00 }; + + unsigned char packet_cid_be[kMaxPacketSize] = { + // public flags (8 byte connection_id and 1 byte packet number) + 0x08, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, + + // frame type (padding frame) + 0x00, + 0x00, 0x00, 0x00, 0x00 + }; // clang-format on uint64_t header_size = GetPacketHeaderSize( framer_.version(), PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion, !kIncludeDiversificationNonce, PACKET_1BYTE_PACKET_NUMBER); - memset(packet + header_size + 1, 0x00, kMaxPacketSize - header_size - 1); + memset((FLAGS_quic_restart_flag_quic_big_endian_connection_id ? packet_cid_be + : packet) + + header_size + 1, + 0x00, kMaxPacketSize - header_size - 1); std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames)); ASSERT_TRUE(data != nullptr); - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } TEST_P(QuicFramerTest, BuildStreamFramePacket) { @@ -2439,7 +3438,7 @@ TEST_P(QuicFramerTest, BuildStreamFramePacket) { header.packet_number = kPacketNumber; QuicStreamFrame stream_frame(kStreamId, true, kStreamOffset, - StringPiece("hello world!")); + QuicStringPiece("hello world!")); QuicFrames frames = {QuicFrame(&stream_frame)}; @@ -2466,14 +3465,41 @@ TEST_P(QuicFramerTest, BuildStreamFramePacket) { 'o', ' ', 'w', 'o', 'r', 'l', 'd', '!', }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (stream frame with fin and no length) + 0xDF, + // stream id + 0x04, 0x03, 0x02, 0x01, + // offset + 0x54, 0x76, 0x10, 0x32, + 0xDC, 0xFE, 0x98, 0xBA, + // data + 'h', 'e', 'l', 'l', + 'o', ' ', 'w', 'o', + 'r', 'l', 'd', '!', + }; // clang-format on std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames)); ASSERT_TRUE(data != nullptr); - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } TEST_P(QuicFramerTest, BuildStreamFramePacketWithVersionFlag) { @@ -2484,7 +3510,7 @@ TEST_P(QuicFramerTest, BuildStreamFramePacketWithVersionFlag) { header.packet_number = kPacketNumber; QuicStreamFrame stream_frame(kStreamId, true, kStreamOffset, - StringPiece("hello world!")); + QuicStringPiece("hello world!")); QuicFrames frames = {QuicFrame(&stream_frame)}; // clang-format off @@ -2493,7 +3519,28 @@ TEST_P(QuicFramerTest, BuildStreamFramePacketWithVersionFlag) { static_cast<unsigned char>( FLAGS_quic_reloadable_flag_quic_remove_v33_hacks2 ? 0x39 : 0x3D), // connection_id - 0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE, + 0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE, + // version tag + 'Q', '0', GetQuicVersionDigitTens(), GetQuicVersionDigitOnes(), + // packet number + 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12, + + // frame type (stream frame with fin and no length) + 0xDF, + // stream id + 0x04, 0x03, 0x02, 0x01, + // offset + 0x54, 0x76, 0x10, 0x32, 0xDC, 0xFE, 0x98, 0xBA, + // data + 'h', 'e', 'l', 'l', 'o', ' ', 'w', 'o', 'r', 'l', 'd', '!', + }; + + unsigned char packet_cid_be[] = { + // public flags (version, 8 byte connection_id) + static_cast<unsigned char>( + FLAGS_quic_reloadable_flag_quic_remove_v33_hacks2 ? 0x39 : 0x3D), + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, // version tag 'Q', '0', GetQuicVersionDigitTens(), GetQuicVersionDigitOnes(), // packet number @@ -2514,9 +3561,14 @@ TEST_P(QuicFramerTest, BuildStreamFramePacketWithVersionFlag) { std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames)); ASSERT_TRUE(data != nullptr); - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } TEST_P(QuicFramerTest, BuildVersionNegotiationPacket) { @@ -2529,15 +3581,29 @@ TEST_P(QuicFramerTest, BuildVersionNegotiationPacket) { // version tag 'Q', '0', GetQuicVersionDigitTens(), GetQuicVersionDigitOnes(), }; + + unsigned char packet_cid_be[] = { + // public flags (version, 8 byte connection_id) + 0x0D, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // version tag + 'Q', '0', GetQuicVersionDigitTens(), GetQuicVersionDigitOnes(), + }; // clang-format on QuicConnectionId connection_id = kConnectionId; std::unique_ptr<QuicEncryptedPacket> data( framer_.BuildVersionNegotiationPacket(connection_id, SupportedVersions(GetParam()))); - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } TEST_P(QuicFramerTest, BuildAckFramePacketOneAckBlock) { @@ -2576,14 +3642,40 @@ TEST_P(QuicFramerTest, BuildAckFramePacketOneAckBlock) { // num timestamps. 0x00, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12, + + // frame type (ack frame) + // (no ack blocks, 2 byte largest observed, 2 byte block length) + 0x45, + // largest acked + 0x34, 0x12, + // Zero delta time. + 0x00, 0x00, + // first ack block length. + 0x34, 0x12, + // num timestamps. + 0x00, + }; // clang-format on std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames)); ASSERT_TRUE(data != nullptr); - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } TEST_P(QuicFramerTest, BuildAckFramePacketMultipleAckBlocks) { @@ -2643,14 +3735,58 @@ TEST_P(QuicFramerTest, BuildAckFramePacketMultipleAckBlocks) { // num timestamps. 0x00, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12, + + // frame type (ack frame) + // (has ack blocks, 2 byte largest observed, 2 byte block length) + 0x65, + // largest acked + 0x34, 0x12, + // Zero delta time. + 0x00, 0x00, + // num ack blocks ranges. + 0x04, + // first ack block length. + 0x01, 0x00, + // gap to next block. + 0x01, + // ack block length. + 0xaf, 0x0e, + // gap to next block. + 0xff, + // ack block length. + 0x00, 0x00, + // gap to next block. + 0x91, + // ack block length. + 0xea, 0x01, + // gap to next block. + 0x05, + // ack block length. + 0x04, 0x00, + // num timestamps. + 0x00, + }; // clang-format on std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames)); ASSERT_TRUE(data != nullptr); - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } TEST_P(QuicFramerTest, BuildAckFramePacketMaxAckBlocks) { @@ -2766,12 +3902,111 @@ TEST_P(QuicFramerTest, BuildAckFramePacketMaxAckBlocks) { 0x00, }; + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12, + // frame type (ack frame) + // (has ack blocks, 2 byte largest observed, 2 byte block length) + 0x65, + // largest acked + 0x34, 0x12, + // Zero delta time. + 0x00, 0x00, + // num ack blocks ranges. + 0xff, + // first ack block length. + 0xdd, 0x0f, + // 255 = 4 * 63 + 3 + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x00, + // num timestamps. + 0x00, + }; + // clang-format on + std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames)); ASSERT_TRUE(data != nullptr); - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } TEST_P(QuicFramerTest, BuildNewStopWaitingPacket) { @@ -2802,14 +4037,34 @@ TEST_P(QuicFramerTest, BuildNewStopWaitingPacket) { 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12, + + // frame type (stop waiting frame) + 0x06, + // least packet number awaiting an ack, delta from packet number. + 0x1C, 0x00, 0x00, 0x00, + 0x00, 0x00, + }; // clang-format on std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames)); ASSERT_TRUE(data != nullptr); - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } TEST_P(QuicFramerTest, BuildRstFramePacketQuic) { @@ -2845,6 +4100,26 @@ TEST_P(QuicFramerTest, BuildRstFramePacketQuic) { // error code 0x08, 0x07, 0x06, 0x05, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (rst stream frame) + 0x01, + // stream id + 0x04, 0x03, 0x02, 0x01, + // sent byte offset + 0x01, 0x02, 0x03, 0x04, + 0x05, 0x06, 0x07, 0x08, + // error code + 0x08, 0x07, 0x06, 0x05, + }; // clang-format on QuicFrames frames = {QuicFrame(&rst_frame)}; @@ -2852,9 +4127,14 @@ TEST_P(QuicFramerTest, BuildRstFramePacketQuic) { std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames)); ASSERT_TRUE(data != nullptr); - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } TEST_P(QuicFramerTest, BuildCloseFramePacket) { @@ -2893,14 +4173,41 @@ TEST_P(QuicFramerTest, BuildCloseFramePacket) { 'I', ' ', 'c', 'a', 'n', }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (connection close frame) + 0x02, + // error code + 0x08, 0x07, 0x06, 0x05, + // error details length + 0x0d, 0x00, + // error details + 'b', 'e', 'c', 'a', + 'u', 's', 'e', ' ', + 'I', ' ', 'c', 'a', + 'n', + }; // clang-format on std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames)); ASSERT_TRUE(data != nullptr); - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } TEST_P(QuicFramerTest, BuildGoAwayPacket) { @@ -2942,14 +4249,43 @@ TEST_P(QuicFramerTest, BuildGoAwayPacket) { 'I', ' ', 'c', 'a', 'n', }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (go away frame) + 0x03, + // error code + 0x08, 0x07, 0x06, 0x05, + // stream id + 0x04, 0x03, 0x02, 0x01, + // error details length + 0x0d, 0x00, + // error details + 'b', 'e', 'c', 'a', + 'u', 's', 'e', ' ', + 'I', ' ', 'c', 'a', + 'n', + }; // clang-format on std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames)); ASSERT_TRUE(data != nullptr); - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } TEST_P(QuicFramerTest, BuildWindowUpdatePacket) { @@ -2984,14 +4320,37 @@ TEST_P(QuicFramerTest, BuildWindowUpdatePacket) { 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (window update frame) + 0x04, + // stream id + 0x04, 0x03, 0x02, 0x01, + // byte offset + 0x88, 0x77, 0x66, 0x55, + 0x44, 0x33, 0x22, 0x11, + }; // clang-format on std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames)); ASSERT_TRUE(data != nullptr); - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } TEST_P(QuicFramerTest, BuildBlockedPacket) { @@ -3022,14 +4381,34 @@ TEST_P(QuicFramerTest, BuildBlockedPacket) { // stream id 0x04, 0x03, 0x02, 0x01, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (blocked frame) + 0x05, + // stream id + 0x04, 0x03, 0x02, 0x01, + }; // clang-format on std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames)); ASSERT_TRUE(data != nullptr); - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } TEST_P(QuicFramerTest, BuildPingPacket) { @@ -3055,14 +4434,32 @@ TEST_P(QuicFramerTest, BuildPingPacket) { // frame type (ping frame) 0x07, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (ping frame) + 0x07, + }; // clang-format on std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames)); ASSERT_TRUE(data != nullptr); - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } // Test that the MTU discovery packet is serialized correctly as a PING packet. @@ -3089,14 +4486,32 @@ TEST_P(QuicFramerTest, BuildMtuDiscoveryPacket) { // frame type (ping frame) 0x07, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (ping frame) + 0x07, + }; // clang-format on std::unique_ptr<QuicPacket> data(BuildDataPacket(header, frames)); ASSERT_TRUE(data != nullptr); - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } TEST_P(QuicFramerTest, BuildPublicResetPacketOld) { @@ -3134,6 +4549,32 @@ TEST_P(QuicFramerTest, BuildPublicResetPacketOld) { 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12, 0x00, 0x00, }; + + unsigned char packet_cid_be[] = { + // public flags (public reset, 8 byte ConnectionId) + 0x0E, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // message tag (kPRST) + 'P', 'R', 'S', 'T', + // num_entries (2) + padding + 0x02, 0x00, 0x00, 0x00, + // tag kRNON + 'R', 'N', 'O', 'N', + // end offset 8 + 0x08, 0x00, 0x00, 0x00, + // tag kRSEQ + 'R', 'S', 'E', 'Q', + // end offset 16 + 0x10, 0x00, 0x00, 0x00, + // nonce proof + 0x89, 0x67, 0x45, 0x23, + 0x01, 0xEF, 0xCD, 0xAB, + // rejected packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, 0x00, 0x00, + }; + unsigned char packet_no_rejected_packet_number[] = { // public flags (public reset, 8 byte ConnectionId) 0x0E, @@ -3152,6 +4593,24 @@ TEST_P(QuicFramerTest, BuildPublicResetPacketOld) { 0x89, 0x67, 0x45, 0x23, 0x01, 0xEF, 0xCD, 0xAB, }; + + unsigned char packet_no_rejected_packet_number_cid_be[] = { + // public flags (public reset, 8 byte ConnectionId) + 0x0E, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // message tag (kPRST) + 'P', 'R', 'S', 'T', + // num_entries (1) + padding + 0x01, 0x00, 0x00, 0x00, + // tag kRNON + 'R', 'N', 'O', 'N', + // end offset 8 + 0x08, 0x00, 0x00, 0x00, + // nonce proof + 0x89, 0x67, 0x45, 0x23, + 0x01, 0xEF, 0xCD, 0xAB, + }; // clang-format on std::unique_ptr<QuicEncryptedPacket> data( @@ -3160,12 +4619,21 @@ TEST_P(QuicFramerTest, BuildPublicResetPacketOld) { if (FLAGS_quic_reloadable_flag_quic_remove_packet_number_from_public_reset) { test::CompareCharArraysWithHexError( "constructed packet", data->data(), data->length(), - AsChars(packet_no_rejected_packet_number), - arraysize(packet_no_rejected_packet_number)); + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_no_rejected_packet_number_cid_be + : packet_no_rejected_packet_number), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_no_rejected_packet_number_cid_be) + : arraysize(packet_no_rejected_packet_number)); } else { - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } } @@ -3204,6 +4672,32 @@ TEST_P(QuicFramerTest, BuildPublicResetPacket) { 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12, 0x00, 0x00, }; + + unsigned char packet_cid_be[] = { + // public flags (public reset, 8 byte ConnectionId) + 0x0A, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // message tag (kPRST) + 'P', 'R', 'S', 'T', + // num_entries (2) + padding + 0x02, 0x00, 0x00, 0x00, + // tag kRNON + 'R', 'N', 'O', 'N', + // end offset 8 + 0x08, 0x00, 0x00, 0x00, + // tag kRSEQ + 'R', 'S', 'E', 'Q', + // end offset 16 + 0x10, 0x00, 0x00, 0x00, + // nonce proof + 0x89, 0x67, 0x45, 0x23, + 0x01, 0xEF, 0xCD, 0xAB, + // rejected packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, 0x00, 0x00, + }; + unsigned char packet_no_rejected_packet_number[] = { // public flags (public reset, 8 byte ConnectionId) 0x0A, @@ -3222,6 +4716,24 @@ TEST_P(QuicFramerTest, BuildPublicResetPacket) { 0x89, 0x67, 0x45, 0x23, 0x01, 0xEF, 0xCD, 0xAB, }; + + unsigned char packet_no_rejected_packet_number_cid_be[] = { + // public flags (public reset, 8 byte ConnectionId) + 0x0A, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // message tag (kPRST) + 'P', 'R', 'S', 'T', + // num_entries (1) + padding + 0x01, 0x00, 0x00, 0x00, + // tag kRNON + 'R', 'N', 'O', 'N', + // end offset 8 + 0x08, 0x00, 0x00, 0x00, + // nonce proof + 0x89, 0x67, 0x45, 0x23, + 0x01, 0xEF, 0xCD, 0xAB, + }; // clang-format on std::unique_ptr<QuicEncryptedPacket> data( @@ -3231,12 +4743,21 @@ TEST_P(QuicFramerTest, BuildPublicResetPacket) { if (FLAGS_quic_reloadable_flag_quic_remove_packet_number_from_public_reset) { test::CompareCharArraysWithHexError( "constructed packet", data->data(), data->length(), - AsChars(packet_no_rejected_packet_number), - arraysize(packet_no_rejected_packet_number)); + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_no_rejected_packet_number_cid_be + : packet_no_rejected_packet_number), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_no_rejected_packet_number_cid_be) + : arraysize(packet_no_rejected_packet_number)); } else { - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } } @@ -3285,6 +4806,40 @@ TEST_P(QuicFramerTest, BuildPublicResetPacketWithClientAddress) { 0x7F, 0x00, 0x00, 0x01, 0x34, 0x12, }; + + unsigned char packet_cid_be[] = { + // public flags (public reset, 8 byte ConnectionId) + 0x0A, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // message tag (kPRST) + 'P', 'R', 'S', 'T', + // num_entries (3) + padding + 0x03, 0x00, 0x00, 0x00, + // tag kRNON + 'R', 'N', 'O', 'N', + // end offset 8 + 0x08, 0x00, 0x00, 0x00, + // tag kRSEQ + 'R', 'S', 'E', 'Q', + // end offset 16 + 0x10, 0x00, 0x00, 0x00, + // tag kCADR + 'C', 'A', 'D', 'R', + // end offset 24 + 0x18, 0x00, 0x00, 0x00, + // nonce proof + 0x89, 0x67, 0x45, 0x23, + 0x01, 0xEF, 0xCD, 0xAB, + // rejected packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, 0x00, 0x00, + // client address + 0x02, 0x00, + 0x7F, 0x00, 0x00, 0x01, + 0x34, 0x12, + }; + unsigned char packet_no_rejected_packet_number[] = { // public flags (public reset, 8 byte ConnectionId) 0x0A, @@ -3310,7 +4865,33 @@ TEST_P(QuicFramerTest, BuildPublicResetPacketWithClientAddress) { 0x02, 0x00, 0x7F, 0x00, 0x00, 0x01, 0x34, 0x12, - }; + }; + + unsigned char packet_no_rejected_packet_number_cid_be[] = { + // public flags (public reset, 8 byte ConnectionId) + 0x0A, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // message tag (kPRST) + 'P', 'R', 'S', 'T', + // num_entries (2) + padding + 0x02, 0x00, 0x00, 0x00, + // tag kRNON + 'R', 'N', 'O', 'N', + // end offset 8 + 0x08, 0x00, 0x00, 0x00, + // tag kCADR + 'C', 'A', 'D', 'R', + // end offset 16 + 0x10, 0x00, 0x00, 0x00, + // nonce proof + 0x89, 0x67, 0x45, 0x23, + 0x01, 0xEF, 0xCD, 0xAB, + // client address + 0x02, 0x00, + 0x7F, 0x00, 0x00, 0x01, + 0x34, 0x12, + }; // clang-format on std::unique_ptr<QuicEncryptedPacket> data( @@ -3320,12 +4901,23 @@ TEST_P(QuicFramerTest, BuildPublicResetPacketWithClientAddress) { if (FLAGS_quic_reloadable_flag_quic_remove_packet_number_from_public_reset) { test::CompareCharArraysWithHexError( "constructed packet", data->data(), data->length(), - AsChars(packet_no_rejected_packet_number), - arraysize(packet_no_rejected_packet_number)); + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_no_rejected_packet_number_cid_be + : packet_no_rejected_packet_number), + + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_no_rejected_packet_number_cid_be) + : arraysize(packet_no_rejected_packet_number)); } else { - test::CompareCharArraysWithHexError("constructed packet", data->data(), - data->length(), AsChars(packet), - arraysize(packet)); + test::CompareCharArraysWithHexError( + "constructed packet", data->data(), data->length(), + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } } @@ -3348,18 +4940,39 @@ TEST_P(QuicFramerTest, EncryptPacket) { 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // redundancy + 'a', 'b', 'c', 'd', + 'e', 'f', 'g', 'h', + 'i', 'j', 'k', 'l', + 'm', 'n', 'o', 'p', + }; // clang-format on std::unique_ptr<QuicPacket> raw(new QuicPacket( - AsChars(packet), arraysize(packet), false, PACKET_8BYTE_CONNECTION_ID, - !kIncludeVersion, !kIncludeDiversificationNonce, - PACKET_6BYTE_PACKET_NUMBER)); + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false, PACKET_8BYTE_CONNECTION_ID, !kIncludeVersion, + !kIncludeDiversificationNonce, PACKET_6BYTE_PACKET_NUMBER)); char buffer[kMaxPacketSize]; size_t encrypted_length = framer_.EncryptPayload( ENCRYPTION_NONE, packet_number, *raw, buffer, kMaxPacketSize); ASSERT_NE(0u, encrypted_length); - EXPECT_TRUE(CheckEncryption(kDefaultPathId, packet_number, raw.get())); + EXPECT_TRUE(CheckEncryption(packet_number, raw.get())); } TEST_P(QuicFramerTest, EncryptPacketWithVersionFlag) { @@ -3383,18 +4996,41 @@ TEST_P(QuicFramerTest, EncryptPacketWithVersionFlag) { 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', }; + + unsigned char packet_cid_be[] = { + // public flags (version, 8 byte connection_id) + 0x39, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // version tag + 'Q', '.', '1', '0', + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // redundancy + 'a', 'b', 'c', 'd', + 'e', 'f', 'g', 'h', + 'i', 'j', 'k', 'l', + 'm', 'n', 'o', 'p', + }; // clang-format on std::unique_ptr<QuicPacket> raw(new QuicPacket( - AsChars(packet), arraysize(packet), false, PACKET_8BYTE_CONNECTION_ID, - kIncludeVersion, !kIncludeDiversificationNonce, - PACKET_6BYTE_PACKET_NUMBER)); + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false, PACKET_8BYTE_CONNECTION_ID, kIncludeVersion, + !kIncludeDiversificationNonce, PACKET_6BYTE_PACKET_NUMBER)); char buffer[kMaxPacketSize]; size_t encrypted_length = framer_.EncryptPayload( ENCRYPTION_NONE, packet_number, *raw, buffer, kMaxPacketSize); ASSERT_NE(0u, encrypted_length); - EXPECT_TRUE(CheckEncryption(kDefaultPathId, packet_number, raw.get())); + EXPECT_TRUE(CheckEncryption(packet_number, raw.get())); } TEST_P(QuicFramerTest, AckTruncationLargePacket) { @@ -3539,6 +5175,44 @@ TEST_P(QuicFramerTest, StopPacketProcessing) { 0xBE, 0x9A, 0x78, 0x56, 0x34, 0x12, }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x38, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + + // frame type (stream frame with fin) + 0xFF, + // stream id + 0x04, 0x03, 0x02, 0x01, + // offset + 0x54, 0x76, 0x10, 0x32, + 0xDC, 0xFE, 0x98, 0xBA, + // data length + 0x0c, 0x00, + // data + 'h', 'e', 'l', 'l', + 'o', ' ', 'w', 'o', + 'r', 'l', 'd', '!', + + // frame type (ack frame) + 0x40, + // least packet number awaiting an ack + 0xA0, 0x9A, 0x78, 0x56, + 0x34, 0x12, + // largest observed packet number + 0xBF, 0x9A, 0x78, 0x56, + 0x34, 0x12, + // num missing packets + 0x01, + // missing packet + 0xBE, 0x9A, 0x78, 0x56, + 0x34, 0x12, + }; // clang-format on MockFramerVisitor visitor; @@ -3552,7 +5226,14 @@ TEST_P(QuicFramerTest, StopPacketProcessing) { EXPECT_CALL(visitor, OnUnauthenticatedHeader(_)).WillOnce(Return(true)); EXPECT_CALL(visitor, OnDecryptedPacket(_)); - QuicEncryptedPacket encrypted(AsChars(packet), arraysize(packet), false); + QuicEncryptedPacket encrypted( + AsChars(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet), + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet), + false); EXPECT_TRUE(framer_.ProcessPacket(encrypted)); EXPECT_EQ(QUIC_NO_ERROR, framer_.error()); } @@ -3579,7 +5260,7 @@ TEST_P(QuicFramerTest, ConstructEncryptedPacket) { QuicVersionVector versions; versions.push_back(framer_.version()); std::unique_ptr<QuicEncryptedPacket> packet(ConstructEncryptedPacket( - 42, false, false, false, kDefaultPathId, kTestQuicStreamId, kTestString, + 42, false, false, kTestQuicStreamId, kTestString, PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, &versions)); MockFramerVisitor visitor; @@ -3615,7 +5296,7 @@ TEST_P(QuicFramerTest, ConstructMisFramedEncryptedPacket) { QuicVersionVector versions; versions.push_back(framer_.version()); std::unique_ptr<QuicEncryptedPacket> packet(ConstructMisFramedEncryptedPacket( - 42, false, false, kDefaultPathId, kTestQuicStreamId, kTestString, + 42, false, false, kTestQuicStreamId, kTestString, PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, &versions, Perspective::IS_CLIENT)); @@ -3652,9 +5333,9 @@ void QuicFramerFuzzFunc(unsigned char* data, size_t size) { const char* const packet_bytes = reinterpret_cast<const char*>(data); // Test the CryptoFramer. - StringPiece crypto_input(packet_bytes, size); + QuicStringPiece crypto_input(packet_bytes, size); std::unique_ptr<CryptoHandshakeMessage> handshake_message( - CryptoFramer::ParseMessage(crypto_input)); + CryptoFramer::ParseMessage(crypto_input, framer.perspective())); // Test the regular QuicFramer with the same input. NoOpFramerVisitor visitor; @@ -3695,9 +5376,40 @@ TEST_P(QuicFramerTest, FramerFuzzTest) { 'o', ' ', 'w', 'o', 'r', 'l', 'd', '!', }; + + unsigned char packet_cid_be[] = { + // public flags (8 byte connection_id) + 0x3C, + // connection_id + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + // packet number + 0xBC, 0x9A, 0x78, 0x56, + 0x34, 0x12, + // private flags + 0x00, + + // frame type (stream frame with fin) + 0xFF, + // stream id + 0x04, 0x03, 0x02, 0x01, + // offset + 0x54, 0x76, 0x10, 0x32, + 0xDC, 0xFE, 0x98, 0xBA, + // data length + 0x0c, 0x00, + // data + 'h', 'e', 'l', 'l', + 'o', ' ', 'w', 'o', + 'r', 'l', 'd', '!', + }; // clang-format on - QuicFramerFuzzFunc(packet, arraysize(packet)); + QuicFramerFuzzFunc(FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? packet_cid_be + : packet, + FLAGS_quic_restart_flag_quic_big_endian_connection_id + ? arraysize(packet_cid_be) + : arraysize(packet)); } } // namespace test diff --git a/chromium/net/quic/core/quic_header_list.cc b/chromium/net/quic/core/quic_header_list.cc index 77b85395e44..ad8f999b2cf 100644 --- a/chromium/net/quic/core/quic_header_list.cc +++ b/chromium/net/quic/core/quic_header_list.cc @@ -31,11 +31,10 @@ void QuicHeaderList::OnHeaderBlockStart() { << "OnHeaderBlockStart called more than once!"; } -void QuicHeaderList::OnHeader(base::StringPiece name, base::StringPiece value) { +void QuicHeaderList::OnHeader(QuicStringPiece name, QuicStringPiece value) { // Avoid infinte buffering of headers. No longer store headers // once the current headers are over the limit. - if (!FLAGS_quic_reloadable_flag_quic_limit_uncompressed_headers || - uncompressed_header_bytes_ == 0 || !header_list_.empty()) { + if (uncompressed_header_bytes_ == 0 || !header_list_.empty()) { header_list_.emplace_back(name.as_string(), value.as_string()); } } @@ -48,8 +47,7 @@ void QuicHeaderList::OnHeaderBlockEnd(size_t uncompressed_header_bytes, size_t compressed_header_bytes) { uncompressed_header_bytes_ = uncompressed_header_bytes; compressed_header_bytes_ = compressed_header_bytes; - if (FLAGS_quic_reloadable_flag_quic_limit_uncompressed_headers && - uncompressed_header_bytes_ > max_uncompressed_header_bytes_) { + if (uncompressed_header_bytes_ > max_uncompressed_header_bytes_) { Clear(); } } diff --git a/chromium/net/quic/core/quic_header_list.h b/chromium/net/quic/core/quic_header_list.h index fb20a6ba284..07aaeac3901 100644 --- a/chromium/net/quic/core/quic_header_list.h +++ b/chromium/net/quic/core/quic_header_list.h @@ -9,9 +9,9 @@ #include <deque> #include <functional> -#include "base/strings/string_piece.h" #include "net/quic/platform/api/quic_bug_tracker.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/spdy/spdy_header_block.h" #include "net/spdy/spdy_headers_handler_interface.h" @@ -32,7 +32,7 @@ class QUIC_EXPORT_PRIVATE QuicHeaderList : public SpdyHeadersHandlerInterface { // From SpdyHeadersHandlerInteface. void OnHeaderBlockStart() override; - void OnHeader(base::StringPiece name, base::StringPiece value) override; + void OnHeader(QuicStringPiece name, QuicStringPiece value) override; void OnHeaderBlockEnd(size_t uncompressed_header_bytes) override; void OnHeaderBlockEnd(size_t uncompressed_header_bytes, size_t compressed_header_bytes) override; diff --git a/chromium/net/quic/core/quic_header_list_test.cc b/chromium/net/quic/core/quic_header_list_test.cc index d9b0afd0fe6..42e2c4f9f56 100644 --- a/chromium/net/quic/core/quic_header_list_test.cc +++ b/chromium/net/quic/core/quic_header_list_test.cc @@ -23,8 +23,6 @@ TEST(QuicHeaderListTest, OnHeader) { } TEST(QuicHeaderListTest, TooLarge) { - test::QuicFlagSaver flags; - FLAGS_quic_reloadable_flag_quic_limit_uncompressed_headers = true; QuicHeaderList headers; string key = "key"; string value(1 << 18, '1'); diff --git a/chromium/net/quic/core/quic_headers_stream.cc b/chromium/net/quic/core/quic_headers_stream.cc index 9f035732844..00c769c5266 100644 --- a/chromium/net/quic/core/quic_headers_stream.cc +++ b/chromium/net/quic/core/quic_headers_stream.cc @@ -38,8 +38,7 @@ void QuicHeadersStream::OnDataAvailable() { } void QuicHeadersStream::MaybeReleaseSequencerBuffer() { - if (FLAGS_quic_reloadable_flag_quic_headers_stream_release_sequencer_buffer && - spdy_session_->ShouldReleaseHeadersStreamSequencerBuffer()) { + if (spdy_session_->ShouldReleaseHeadersStreamSequencerBuffer()) { sequencer()->ReleaseBufferIfEmpty(); } } diff --git a/chromium/net/quic/core/quic_headers_stream_test.cc b/chromium/net/quic/core/quic_headers_stream_test.cc index 8e1c56495da..056f34b266e 100644 --- a/chromium/net/quic/core/quic_headers_stream_test.cc +++ b/chromium/net/quic/core/quic_headers_stream_test.cc @@ -17,6 +17,7 @@ #include "net/quic/platform/api/quic_logging.h" #include "net/quic/platform/api/quic_ptr_util.h" #include "net/quic/platform/api/quic_str_cat.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/test_tools/quic_connection_peer.h" #include "net/quic/test_tools/quic_spdy_session_peer.h" #include "net/quic/test_tools/quic_stream_peer.h" @@ -28,7 +29,6 @@ #include "net/test/gtest_util.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; using testing::_; using testing::AtLeast; @@ -101,7 +101,7 @@ class MockVisitor : public SpdyFramerVisitorInterface { MOCK_METHOD2(OnContinuation, void(SpdyStreamId stream_id, bool end)); MOCK_METHOD3(OnAltSvc, void(SpdyStreamId stream_id, - StringPiece origin, + QuicStringPiece origin, const SpdyAltSvcWireFormat::AlternativeServiceVector& altsvc_vector)); MOCK_METHOD4(OnPriority, @@ -150,13 +150,11 @@ std::ostream& operator<<(std::ostream& os, Http2DecoderChoice v) { return os; } -enum HpackDecoderChoice { HPACK_DECODER_SPDY, HPACK_DECODER2, HPACK_DECODER3 }; +enum HpackDecoderChoice { HPACK_DECODER_SPDY, HPACK_DECODER3 }; std::ostream& operator<<(std::ostream& os, HpackDecoderChoice v) { switch (v) { case HPACK_DECODER_SPDY: return os << "SPDY"; - case HPACK_DECODER2: - return os << "HPACK_DECODER2"; case HPACK_DECODER3: return os << "HPACK_DECODER3"; } @@ -191,15 +189,9 @@ struct TestParams { } switch (hpack_decoder) { case HPACK_DECODER_SPDY: - FLAGS_chromium_http2_flag_spdy_use_hpack_decoder2 = false; - FLAGS_chromium_http2_flag_spdy_use_hpack_decoder3 = false; - break; - case HPACK_DECODER2: - FLAGS_chromium_http2_flag_spdy_use_hpack_decoder2 = true; FLAGS_chromium_http2_flag_spdy_use_hpack_decoder3 = false; break; case HPACK_DECODER3: - FLAGS_chromium_http2_flag_spdy_use_hpack_decoder2 = false; FLAGS_chromium_http2_flag_spdy_use_hpack_decoder3 = true; break; } @@ -282,7 +274,7 @@ class QuicHeadersStreamTest : public ::testing::TestWithParam<TestParamsTuple> { return true; } - void SaveHeaderDataStringPiece(StringPiece data) { + void SaveHeaderDataStringPiece(QuicStringPiece data) { saved_header_data_.append(data.data(), data.length()); } @@ -407,13 +399,13 @@ class QuicHeadersStreamTest : public ::testing::TestWithParam<TestParamsTuple> { INSTANTIATE_TEST_CASE_P( Tests, QuicHeadersStreamTest, - ::testing::Combine( - ::testing::ValuesIn(AllSupportedVersions()), - ::testing::Values(Perspective::IS_CLIENT, Perspective::IS_SERVER), - ::testing::Values(HTTP2_DECODER_SPDY, - HTTP2_DECODER_NESTED_SPDY, - HTTP2_DECODER_NEW), - ::testing::Values(HPACK_DECODER_SPDY, HPACK_DECODER2, HPACK_DECODER3))); + ::testing::Combine(::testing::ValuesIn(AllSupportedVersions()), + ::testing::Values(Perspective::IS_CLIENT, + Perspective::IS_SERVER), + ::testing::Values(HTTP2_DECODER_SPDY, + HTTP2_DECODER_NESTED_SPDY, + HTTP2_DECODER_NEW), + ::testing::Values(HPACK_DECODER_SPDY, HPACK_DECODER3))); TEST_P(QuicHeadersStreamTest, StreamId) { EXPECT_EQ(3u, headers_stream_->id()); @@ -755,9 +747,8 @@ TEST_P(QuicHeadersStreamTest, RespectHttp2SettingsFrameSupportedFields) { stream_frame_.data_buffer = frame.data(); stream_frame_.data_length = frame.size(); headers_stream_->OnStreamFrame(stream_frame_); - EXPECT_EQ(kTestHeaderTableSize, - QuicSpdySessionPeer::GetSpdyFramer(&session_) - .header_encoder_table_size()); + EXPECT_EQ(kTestHeaderTableSize, QuicSpdySessionPeer::GetSpdyFramer(&session_) + .header_encoder_table_size()); } TEST_P(QuicHeadersStreamTest, RespectHttp2SettingsFrameUnsupportedFields) { diff --git a/chromium/net/quic/core/quic_multipath_received_packet_manager.cc b/chromium/net/quic/core/quic_multipath_received_packet_manager.cc deleted file mode 100644 index c7931cf0baa..00000000000 --- a/chromium/net/quic/core/quic_multipath_received_packet_manager.cc +++ /dev/null @@ -1,117 +0,0 @@ -// Copyright (c) 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/quic/core/quic_multipath_received_packet_manager.h" - -#include <cstdint> - -#include "net/quic/platform/api/quic_bug_tracker.h" -#include "net/quic/platform/api/quic_ptr_util.h" - -namespace net { - -QuicMultipathReceivedPacketManager::QuicMultipathReceivedPacketManager( - QuicConnectionStats* stats) { - path_managers_[kDefaultPathId] = - QuicMakeUnique<QuicReceivedPacketManager>(stats); -} - -QuicMultipathReceivedPacketManager::~QuicMultipathReceivedPacketManager() {} - -void QuicMultipathReceivedPacketManager::OnPathCreated( - QuicPathId path_id, - QuicConnectionStats* stats) { - if (path_managers_[path_id] != nullptr) { - QUIC_BUG << "Received packet manager of path already exists: " - << static_cast<uint32_t>(path_id); - return; - } - - path_managers_[path_id] = QuicMakeUnique<QuicReceivedPacketManager>(stats); -} - -void QuicMultipathReceivedPacketManager::OnPathClosed(QuicPathId path_id) { - QuicReceivedPacketManager* manager = path_managers_[path_id].get(); - if (manager == nullptr) { - QUIC_BUG << "Received packet manager of path does not exist: " - << static_cast<uint32_t>(path_id); - return; - } - - path_managers_.erase(path_id); -} - -void QuicMultipathReceivedPacketManager::RecordPacketReceived( - QuicPathId path_id, - const QuicPacketHeader& header, - QuicTime receipt_time) { - QuicReceivedPacketManager* manager = path_managers_[path_id].get(); - if (manager == nullptr) { - QUIC_BUG << "Received a packet on a non-existent path."; - return; - } - - manager->RecordPacketReceived(header, receipt_time); -} - -bool QuicMultipathReceivedPacketManager::IsMissing( - QuicPathId path_id, - QuicPacketNumber packet_number) { - QuicReceivedPacketManager* manager = path_managers_[path_id].get(); - if (manager == nullptr) { - QUIC_BUG << "Check whether a packet is missing on a non-existent path."; - return true; - } - - return manager->IsMissing(packet_number); -} - -bool QuicMultipathReceivedPacketManager::IsAwaitingPacket( - QuicPathId path_id, - QuicPacketNumber packet_number) { - QuicReceivedPacketManager* manager = path_managers_[path_id].get(); - if (manager == nullptr) { - QUIC_BUG << "Check whether a packet is awaited on a non-existent path."; - return false; - } - - return manager->IsAwaitingPacket(packet_number); -} - -void QuicMultipathReceivedPacketManager::UpdatePacketInformationSentByPeer( - const std::vector<QuicStopWaitingFrame>& stop_waitings) { - for (QuicStopWaitingFrame stop_waiting : stop_waitings) { - QuicReceivedPacketManager* manager = - path_managers_[stop_waiting.path_id].get(); - if (manager != nullptr) { - manager->DontWaitForPacketsBefore(stop_waiting.least_unacked); - } - } -} - -bool QuicMultipathReceivedPacketManager::HasNewMissingPackets( - QuicPathId path_id) const { - auto it = path_managers_.find(path_id); - if (it == path_managers_.end()) { - QUIC_BUG << "Check whether has new missing packets on a non-existent path."; - return false; - } - - return it->second->HasNewMissingPackets(); -} - -QuicPacketNumber -QuicMultipathReceivedPacketManager::GetPeerLeastPacketAwaitingAck( - QuicPathId path_id) { - QuicReceivedPacketManager* manager = path_managers_[path_id].get(); - if (manager == nullptr) { - QUIC_BUG - << "Try to get peer_least_packet_awaiting_ack of a non-existent path."; - return false; - } - - return manager->peer_least_packet_awaiting_ack(); -} - -} // namespace net diff --git a/chromium/net/quic/core/quic_multipath_received_packet_manager.h b/chromium/net/quic/core/quic_multipath_received_packet_manager.h deleted file mode 100644 index 3f48aaa6453..00000000000 --- a/chromium/net/quic/core/quic_multipath_received_packet_manager.h +++ /dev/null @@ -1,79 +0,0 @@ -// Copyright (c) 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -// A connection level received packet manager which manages multiple per path -// received packet managers. - -#ifndef NET_QUIC_CORE_QUIC_MULTIPATH_RECEIVED_PACKET_MANAGER_H_ -#define NET_QUIC_CORE_QUIC_MULTIPATH_RECEIVED_PACKET_MANAGER_H_ - -#include <memory> -#include <unordered_map> -#include <vector> - -#include "net/quic/core/quic_packets.h" -#include "net/quic/core/quic_received_packet_manager.h" -#include "net/quic/platform/api/quic_export.h" - -namespace net { - -namespace test { -class QuicMultipathReceivedPacketManagerPeer; -} // namespace test - -class QUIC_EXPORT_PRIVATE QuicMultipathReceivedPacketManager { - public: - explicit QuicMultipathReceivedPacketManager(QuicConnectionStats* stats); - ~QuicMultipathReceivedPacketManager(); - QuicMultipathReceivedPacketManager( - const QuicMultipathReceivedPacketManager&) = delete; - QuicMultipathReceivedPacketManager& operator=( - const QuicMultipathReceivedPacketManager&) = delete; - - // Called when a new path with |path_id| is created. - void OnPathCreated(QuicPathId path_id, QuicConnectionStats* stats); - - // Called when path with |path_id| is closed. - void OnPathClosed(QuicPathId path_id); - - // Records packet receipt information on path with |path_id|. - void RecordPacketReceived(QuicPathId path_id, - const QuicPacketHeader& header, - QuicTime receipt_time); - - // Checks whether |packet_number| is missing on path with |path_id|. - bool IsMissing(QuicPathId path_id, QuicPacketNumber packet_number); - - // Checks if we're still waiting for the packet with |packet_number| on path - // with |path_id|. - bool IsAwaitingPacket(QuicPathId path_id, QuicPacketNumber packet_number); - - // If |force_all_paths| is false, populates ack information for paths whose - // ack has been updated since UpdateReceivedPacketInfo was called last time. - // Otherwise, populates ack for all paths. - void UpdateReceivedPacketInfo(std::vector<QuicAckFrame>* ack_frames, - QuicTime approximate_now, - bool force_all_paths); - - // Updates internal state based on stop_waiting frames for corresponding path. - void UpdatePacketInformationSentByPeer( - const std::vector<QuicStopWaitingFrame>& stop_waitings); - - // Returns true when there are new missing packets to be reported within 3 - // packets of the largest observed on path with |path_id|. - bool HasNewMissingPackets(QuicPathId path_id) const; - - QuicPacketNumber GetPeerLeastPacketAwaitingAck(QuicPathId path_id); - - private: - friend class test::QuicMultipathReceivedPacketManagerPeer; - - // Map mapping path id to path received packet manager. - std::unordered_map<QuicPathId, std::unique_ptr<QuicReceivedPacketManager>> - path_managers_; -}; - -} // namespace net - -#endif // NET_QUIC_CORE_QUIC_MULTIPATH_RECEIVED_PACKET_MANAGER_H_ diff --git a/chromium/net/quic/core/quic_multipath_received_packet_manager_test.cc b/chromium/net/quic/core/quic_multipath_received_packet_manager_test.cc deleted file mode 100644 index afedaa39c47..00000000000 --- a/chromium/net/quic/core/quic_multipath_received_packet_manager_test.cc +++ /dev/null @@ -1,139 +0,0 @@ -// Copyright (c) 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/quic/core/quic_multipath_received_packet_manager.h" - -#include "net/quic/core/quic_connection_stats.h" -#include "net/quic/platform/api/quic_ptr_util.h" -#include "net/quic/test_tools/quic_test_utils.h" -#include "testing/gmock/include/gmock/gmock.h" -#include "testing/gtest/include/gtest/gtest.h" - -using testing::Return; -using testing::_; - -namespace net { -namespace test { - -class QuicMultipathReceivedPacketManagerPeer { - public: - static bool PathReceivedPacketManagerExists( - QuicMultipathReceivedPacketManager* multipath_manager, - QuicPathId path_id) { - return multipath_manager->path_managers_.count(path_id); - } - - static void SetPathReceivedPacketManager( - QuicMultipathReceivedPacketManager* multipath_manager, - QuicPathId path_id, - std::unique_ptr<QuicReceivedPacketManager> manager) { - multipath_manager->path_managers_[path_id] = std::move(manager); - } -}; - -namespace { - -const QuicPathId kPathId1 = 1; -const QuicPathId kPathId2 = 2; -const QuicPathId kPathId3 = 3; - -class QuicMultipathReceivedPacketManagerTest : public testing::Test { - public: - QuicMultipathReceivedPacketManagerTest() - : multipath_manager_(&stats_), - manager_0_(new MockReceivedPacketManager(&stats_)), - manager_1_(new MockReceivedPacketManager(&stats_)) { - QuicMultipathReceivedPacketManagerPeer::SetPathReceivedPacketManager( - &multipath_manager_, kDefaultPathId, QuicWrapUnique(manager_0_)); - QuicMultipathReceivedPacketManagerPeer::SetPathReceivedPacketManager( - &multipath_manager_, kPathId1, QuicWrapUnique(manager_1_)); - } - - QuicConnectionStats stats_; - QuicMultipathReceivedPacketManager multipath_manager_; - MockReceivedPacketManager* manager_0_; - MockReceivedPacketManager* manager_1_; - QuicPacketHeader header_; -}; - -TEST_F(QuicMultipathReceivedPacketManagerTest, OnPathCreatedAndClosed) { - EXPECT_TRUE( - QuicMultipathReceivedPacketManagerPeer::PathReceivedPacketManagerExists( - &multipath_manager_, kDefaultPathId)); - EXPECT_TRUE( - QuicMultipathReceivedPacketManagerPeer::PathReceivedPacketManagerExists( - &multipath_manager_, kPathId1)); - EXPECT_QUIC_BUG(multipath_manager_.OnPathCreated(kDefaultPathId, &stats_), - "Received packet manager of path already exists"); - // Path 2 created. - multipath_manager_.OnPathCreated(kPathId2, &stats_); - EXPECT_TRUE( - QuicMultipathReceivedPacketManagerPeer::PathReceivedPacketManagerExists( - &multipath_manager_, kPathId2)); - EXPECT_FALSE( - QuicMultipathReceivedPacketManagerPeer::PathReceivedPacketManagerExists( - &multipath_manager_, kPathId3)); - // Path 3 created. - multipath_manager_.OnPathCreated(kPathId3, &stats_); - EXPECT_TRUE( - QuicMultipathReceivedPacketManagerPeer::PathReceivedPacketManagerExists( - &multipath_manager_, kPathId3)); - - // Path 0 closed. - multipath_manager_.OnPathClosed(kDefaultPathId); - EXPECT_FALSE( - QuicMultipathReceivedPacketManagerPeer::PathReceivedPacketManagerExists( - &multipath_manager_, kDefaultPathId)); - EXPECT_QUIC_BUG(multipath_manager_.OnPathClosed(kDefaultPathId), - "Received packet manager of path does not exist"); -} - -TEST_F(QuicMultipathReceivedPacketManagerTest, RecordPacketReceived) { - EXPECT_CALL(*manager_0_, RecordPacketReceived(_, _)).Times(1); - multipath_manager_.RecordPacketReceived(kDefaultPathId, header_, - QuicTime::Zero()); - EXPECT_QUIC_BUG(multipath_manager_.RecordPacketReceived(kPathId2, header_, - QuicTime::Zero()), - "Received a packet on a non-existent path"); -} - -TEST_F(QuicMultipathReceivedPacketManagerTest, IsMissing) { - EXPECT_CALL(*manager_0_, IsMissing(header_.packet_number)) - .WillOnce(Return(true)); - EXPECT_CALL(*manager_1_, IsMissing(header_.packet_number)) - .WillOnce(Return(false)); - EXPECT_TRUE( - multipath_manager_.IsMissing(kDefaultPathId, header_.packet_number)); - EXPECT_FALSE(multipath_manager_.IsMissing(kPathId1, header_.packet_number)); - EXPECT_QUIC_BUG(multipath_manager_.IsMissing(kPathId2, header_.packet_number), - "Check whether a packet is missing on a non-existent path"); -} - -TEST_F(QuicMultipathReceivedPacketManagerTest, IsAwaitingPacket) { - EXPECT_CALL(*manager_0_, IsAwaitingPacket(header_.packet_number)) - .WillOnce(Return(true)); - EXPECT_CALL(*manager_1_, IsAwaitingPacket(header_.packet_number)) - .WillOnce(Return(false)); - EXPECT_TRUE(multipath_manager_.IsAwaitingPacket(kDefaultPathId, - header_.packet_number)); - EXPECT_FALSE( - multipath_manager_.IsAwaitingPacket(kPathId1, header_.packet_number)); - EXPECT_QUIC_BUG( - multipath_manager_.IsAwaitingPacket(kPathId2, header_.packet_number), - "Check whether a packet is awaited on a non-existent path"); -} - -TEST_F(QuicMultipathReceivedPacketManagerTest, HasNewMissingPackets) { - EXPECT_CALL(*manager_0_, HasNewMissingPackets()).WillOnce(Return(true)); - EXPECT_CALL(*manager_1_, HasNewMissingPackets()).WillOnce(Return(false)); - EXPECT_TRUE(multipath_manager_.HasNewMissingPackets(kDefaultPathId)); - EXPECT_FALSE(multipath_manager_.HasNewMissingPackets(kPathId1)); - EXPECT_QUIC_BUG( - multipath_manager_.HasNewMissingPackets(kPathId2), - "Check whether has new missing packets on a non-existent path"); -} - -} // namespace -} // namespace test -} // namespace net diff --git a/chromium/net/quic/core/quic_multipath_transmissions_map.cc b/chromium/net/quic/core/quic_multipath_transmissions_map.cc deleted file mode 100644 index 100bf0869ae..00000000000 --- a/chromium/net/quic/core/quic_multipath_transmissions_map.cc +++ /dev/null @@ -1,70 +0,0 @@ -// Copyright (c) 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/quic/core/quic_multipath_transmissions_map.h" - -namespace net { - -QuicMultipathTransmissionsMap::QuicMultipathTransmissionsMap() {} - -QuicMultipathTransmissionsMap::~QuicMultipathTransmissionsMap() { - for (std::pair<QuicPathIdPacketNumber, MultipathTransmissionsList*> - packet_transmissions : transmission_map_) { - packet_transmissions.second->pop_front(); - if (packet_transmissions.second->empty()) { - delete packet_transmissions.second; - } - } -} - -void QuicMultipathTransmissionsMap::OnPacketRetransmittedOnDifferentPath( - QuicPathIdPacketNumber original_path_id_packet_number, - QuicPathIdPacketNumber path_id_packet_number) { - MultipathTransmissionsList* across_paths_transmission_list = nullptr; - MultipathTransmissionsMap::iterator it = - transmission_map_.find(original_path_id_packet_number); - if (it != transmission_map_.end()) { - across_paths_transmission_list = it->second; - } else { - across_paths_transmission_list = new MultipathTransmissionsList(); - across_paths_transmission_list->push_back(original_path_id_packet_number); - transmission_map_[original_path_id_packet_number] = - across_paths_transmission_list; - } - - across_paths_transmission_list->push_back(path_id_packet_number); - transmission_map_[path_id_packet_number] = across_paths_transmission_list; -} - -const QuicMultipathTransmissionsMap::MultipathTransmissionsList* -QuicMultipathTransmissionsMap::MaybeGetTransmissionsOnOtherPaths( - QuicPathIdPacketNumber path_id_packet_number) const { - MultipathTransmissionsMap::const_iterator it = - transmission_map_.find(path_id_packet_number); - if (it == transmission_map_.end()) { - return nullptr; - } - - return it->second; -} - -void QuicMultipathTransmissionsMap::OnPacketHandled( - QuicPathIdPacketNumber path_id_packet_number) { - MultipathTransmissionsMap::iterator it = - transmission_map_.find(path_id_packet_number); - if (it == transmission_map_.end()) { - return; - } - - MultipathTransmissionsList* transmission_list = it->second; - MultipathTransmissionsList::iterator transmission_it; - // Remove all across paths transmissions of this packet from the map. - for (QuicPathIdPacketNumber path_id_packet_number : *transmission_list) { - transmission_map_.erase(path_id_packet_number); - } - // Remove the multipath transmissions list. - delete transmission_list; -} - -} // namespace net diff --git a/chromium/net/quic/core/quic_multipath_transmissions_map.h b/chromium/net/quic/core/quic_multipath_transmissions_map.h deleted file mode 100644 index 6b40076ce63..00000000000 --- a/chromium/net/quic/core/quic_multipath_transmissions_map.h +++ /dev/null @@ -1,74 +0,0 @@ -// Copyright (c) 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -// A map manages packets which are transmitted across multiple paths. -// For example, a packet is originally transmitted on path 1 with packet number -// 1. Then this packet is retransmitted on path 2 with packet number 1. (1, 1) -// and (2, 1) are inserted into this map. Suppose (2, 1) is detected lost and -// gets retransmitted on path 2 with packet 2. (2, 2) will not be inserted -// because this transmission does not "across" path compared to (2, 1). - -#ifndef NET_QUIC_CORE_QUIC_MULTIPATH_TRANSMISSIONS_MAP_H_ -#define NET_QUIC_CORE_QUIC_MULTIPATH_TRANSMISSIONS_MAP_H_ - -#include <deque> -#include <unordered_map> - -#include "base/macros.h" -#include "net/quic/core/quic_packets.h" -#include "net/quic/core/quic_utils.h" -#include "net/quic/platform/api/quic_export.h" - -namespace net { - -typedef std::pair<QuicPathId, QuicPacketNumber> QuicPathIdPacketNumber; - -class QUIC_EXPORT_PRIVATE QuicMultipathTransmissionsMap { - public: - struct QuicPathIdPacketNumberHash { - size_t operator()(std::pair<QuicPathId, QuicPacketNumber> value) const { - return QuicUtils::PackPathIdAndPacketNumber(value.first, value.second); - } - }; - - typedef std::deque<QuicPathIdPacketNumber> MultipathTransmissionsList; - typedef std::unordered_map<QuicPathIdPacketNumber, - MultipathTransmissionsList*, - QuicPathIdPacketNumberHash> - MultipathTransmissionsMap; - - QuicMultipathTransmissionsMap(); - ~QuicMultipathTransmissionsMap(); - - // Called when a packet is retransmitted on a different path. Adds both - // |original_path_id_packet_number| (if not exists) and - // |path_id_packet_number| to |transmission_map_|. - void OnPacketRetransmittedOnDifferentPath( - QuicPathIdPacketNumber original_path_id_packet_number, - QuicPathIdPacketNumber path_id_packet_number); - - // Returns all multipath transmissions list if |path_id_packet_number| has - // been transmitted across multiple paths, nullptr otherwise. - const MultipathTransmissionsList* MaybeGetTransmissionsOnOtherPaths( - QuicPathIdPacketNumber path_id_packet_number) const; - - // Called after packet |path_id_packet_number| is received. - // If |path_id_packet_number| has been transmitted across multiple paths, - // clears all multipath transmissions list and removes each transmission from - // |transmission_map_|, does nothing otherwise. - void OnPacketHandled(QuicPathIdPacketNumber path_id_packet_number); - - private: - // Keys of the map are QuicPathIdPacketNumber, and values are pointers to - // lists of multipath transmissions of the same packet. For example, if a - // packet has been transmitted as (1, 1) and (2, 1), two entries are added - // to this map and both values point to the same list: {(1, 1), (2, 1)}. - // The MultipathTransmissionsList is owned by the transmission which is - // received first (on any path). - MultipathTransmissionsMap transmission_map_; -}; - -} // namespace net - -#endif // NET_QUIC_CORE_QUIC_MULTIPATH_TRANSMISSIONS_MAP_H_ diff --git a/chromium/net/quic/core/quic_multipath_transmissions_map_test.cc b/chromium/net/quic/core/quic_multipath_transmissions_map_test.cc deleted file mode 100644 index a264b0d75c9..00000000000 --- a/chromium/net/quic/core/quic_multipath_transmissions_map_test.cc +++ /dev/null @@ -1,114 +0,0 @@ -// Copyright (c) 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/quic/core/quic_multipath_transmissions_map.h" -#include "testing/gtest/include/gtest/gtest.h" - -namespace net { -namespace test { -namespace { - -TEST(QuicAcrossPathsTransmissionMapTest, OnPacketRetransmittedOnDifferentPath) { - QuicMultipathTransmissionsMap transmission_map; - // Packet0's original transmission sent on path 1 with packet number 1. - QuicPathIdPacketNumber packet0_0(1, 1); - // Packet0's retransmission sent on path 2 with packet number 1. - QuicPathIdPacketNumber packet0_1(2, 1); - // packet0's 2nd retransmission sent on path 3 with packet number 1. - QuicPathIdPacketNumber packet0_2(3, 1); - - transmission_map.OnPacketRetransmittedOnDifferentPath(packet0_0, packet0_1); - const QuicMultipathTransmissionsMap::MultipathTransmissionsList* - transmission_list1 = - transmission_map.MaybeGetTransmissionsOnOtherPaths(packet0_0); - EXPECT_EQ(packet0_0, (*transmission_list1)[0]); - EXPECT_EQ(packet0_1, (*transmission_list1)[1]); - - transmission_map.OnPacketRetransmittedOnDifferentPath(packet0_1, packet0_2); - const QuicMultipathTransmissionsMap::MultipathTransmissionsList* - transmission_list2 = - transmission_map.MaybeGetTransmissionsOnOtherPaths(packet0_0); - EXPECT_EQ(packet0_0, (*transmission_list2)[0]); - EXPECT_EQ(packet0_1, (*transmission_list2)[1]); - EXPECT_EQ(packet0_2, (*transmission_list2)[2]); - // Make sure there is no memory leakage. -} - -TEST(QuicAcrossPathsTransmissionMapTest, MaybeGetTransmissionsOnOtherPaths) { - QuicMultipathTransmissionsMap transmission_map; - // Packet0's original transmission sent on path 1 with packet number 1. - QuicPathIdPacketNumber packet0_0(1, 1); - // Packet0's retransmission sent on path 2 with packet number 1. - QuicPathIdPacketNumber packet0_1(2, 1); - // packet0's 2nd retransmission sent on path 3 with packet number 1. - QuicPathIdPacketNumber packet0_2(3, 1); - - transmission_map.OnPacketRetransmittedOnDifferentPath(packet0_0, packet0_1); - transmission_map.OnPacketRetransmittedOnDifferentPath(packet0_1, packet0_2); - - const QuicMultipathTransmissionsMap::MultipathTransmissionsList* - transmission_list1 = - transmission_map.MaybeGetTransmissionsOnOtherPaths(packet0_0); - const QuicMultipathTransmissionsMap::MultipathTransmissionsList* - transmission_list2 = - transmission_map.MaybeGetTransmissionsOnOtherPaths(packet0_1); - const QuicMultipathTransmissionsMap::MultipathTransmissionsList* - transmission_list3 = - transmission_map.MaybeGetTransmissionsOnOtherPaths(packet0_2); - // Make sure all three pointers point to the same list. - EXPECT_EQ(transmission_list1, transmission_list2); - EXPECT_EQ(transmission_list2, transmission_list3); - EXPECT_EQ(packet0_0, (*transmission_list1)[0]); - EXPECT_EQ(packet0_1, (*transmission_list1)[1]); - EXPECT_EQ(packet0_2, (*transmission_list1)[2]); - - // Packet1 which is not transmitted across path. - QuicPathIdPacketNumber packet1_0(1, 2); - EXPECT_EQ(nullptr, - transmission_map.MaybeGetTransmissionsOnOtherPaths(packet1_0)); - // Make sure there is no memory leakage. -} - -TEST(QuicAcrossPathsTransmissionMapTest, OnPacketHandled) { - QuicMultipathTransmissionsMap transmission_map; - - // Packet's original transmission sent on path 1 with packet number 1. - QuicPathIdPacketNumber packet0_0(1, 1); - // Packet's retransmission sent on path 2 with packet number 1. - QuicPathIdPacketNumber packet0_1(2, 1); - // packet's 2nd retransmission sent on path 3 with packet number 1. - QuicPathIdPacketNumber packet0_2(3, 1); - transmission_map.OnPacketRetransmittedOnDifferentPath(packet0_0, packet0_1); - transmission_map.OnPacketRetransmittedOnDifferentPath(packet0_1, packet0_2); - - // Packet1's original transmission sent on path 1 with packet number 2. - QuicPathIdPacketNumber packet1_0(1, 2); - // Packet1's retransmission sent on path 2 with packet number 2. - QuicPathIdPacketNumber packet1_1(2, 2); - transmission_map.OnPacketRetransmittedOnDifferentPath(packet1_0, packet1_1); - - transmission_map.OnPacketHandled(packet0_0); - EXPECT_EQ(nullptr, - transmission_map.MaybeGetTransmissionsOnOtherPaths(packet0_0)); - EXPECT_EQ(nullptr, - transmission_map.MaybeGetTransmissionsOnOtherPaths(packet0_1)); - EXPECT_EQ(nullptr, - transmission_map.MaybeGetTransmissionsOnOtherPaths(packet0_2)); - const QuicMultipathTransmissionsMap::MultipathTransmissionsList* - transmission_list = - transmission_map.MaybeGetTransmissionsOnOtherPaths(packet1_0); - EXPECT_EQ(packet1_0, (*transmission_list)[0]); - EXPECT_EQ(packet1_1, (*transmission_list)[1]); - // Packet 1 is received on path 2. - transmission_map.OnPacketHandled(packet1_1); - EXPECT_EQ(nullptr, - transmission_map.MaybeGetTransmissionsOnOtherPaths(packet1_0)); - EXPECT_EQ(nullptr, - transmission_map.MaybeGetTransmissionsOnOtherPaths(packet1_1)); - // Make sure there is no memory leakage. -} - -} // namespace -} // namespace test -} // namespace net diff --git a/chromium/net/quic/core/quic_packet_creator.cc b/chromium/net/quic/core/quic_packet_creator.cc index 5c4f4f823ac..bcafa95014d 100644 --- a/chromium/net/quic/core/quic_packet_creator.cc +++ b/chromium/net/quic/core/quic_packet_creator.cc @@ -15,8 +15,8 @@ #include "net/quic/platform/api/quic_aligned.h" #include "net/quic/platform/api/quic_bug_tracker.h" #include "net/quic/platform/api/quic_logging.h" +#include "net/quic/platform/api/quic_string_piece.h" -using base::StringPiece; using std::string; // If true, enforce that QUIC CHLOs fit in one packet. @@ -24,6 +24,9 @@ bool FLAGS_quic_enforce_single_packet_chlo = true; namespace net { +#define ENDPOINT \ + (framer_->perspective() == Perspective::IS_SERVER ? "Server: " : "Client: ") + QuicPacketCreator::QuicPacketCreator(QuicConnectionId connection_id, QuicFramer* framer, QuicBufferAllocator* buffer_allocator, @@ -39,13 +42,9 @@ QuicPacketCreator::QuicPacketCreator(QuicConnectionId connection_id, connection_id_length_(PACKET_8BYTE_CONNECTION_ID), packet_size_(0), connection_id_(connection_id), - packet_(kDefaultPathId, - 0, - PACKET_1BYTE_PACKET_NUMBER, - nullptr, - 0, - false, - false) { + packet_(0, PACKET_1BYTE_PACKET_NUMBER, nullptr, 0, false, false), + latched_flag_no_stop_waiting_frames_( + FLAGS_quic_reloadable_flag_quic_no_stop_waiting_frames) { SetMaxPacketLength(kDefaultMaxPacketSize); } @@ -196,7 +195,8 @@ void QuicPacketCreator::CreateStreamFrame(QuicStreamId id, if (iov_offset == iov.total_length) { QUIC_BUG_IF(!fin) << "Creating a stream frame with no data or fin."; // Create a new packet for the fin, if necessary. - *frame = QuicFrame(new QuicStreamFrame(id, true, offset, StringPiece())); + *frame = + QuicFrame(new QuicStreamFrame(id, true, offset, QuicStringPiece())); return; } @@ -341,6 +341,7 @@ void QuicPacketCreator::ClearPacket() { packet_.encrypted_length = 0; DCHECK(packet_.retransmittable_frames.empty()); packet_.listeners.clear(); + packet_.largest_acked = 0; } void QuicPacketCreator::CreateAndSerializeStreamFrame( @@ -356,7 +357,8 @@ void QuicPacketCreator::CreateAndSerializeStreamFrame( QuicPacketHeader header; FillPacketHeader(&header); QUIC_CACHELINE_ALIGNED char encrypted_buffer[kMaxPacketSize]; - QuicDataWriter writer(arraysize(encrypted_buffer), encrypted_buffer); + QuicDataWriter writer(arraysize(encrypted_buffer), encrypted_buffer, + framer_->perspective()); if (!framer_->AppendPacketHeader(header, &writer)) { QUIC_BUG << "AppendPacketHeader failed"; return; @@ -379,7 +381,7 @@ void QuicPacketCreator::CreateAndSerializeStreamFrame( CopyToBuffer(iov, iov_offset, bytes_consumed, stream_buffer.get()); std::unique_ptr<QuicStreamFrame> frame(new QuicStreamFrame( id, set_fin, stream_offset, bytes_consumed, std::move(stream_buffer))); - QUIC_DVLOG(1) << "Adding frame: " << *frame; + QUIC_DVLOG(1) << ENDPOINT << "Adding frame: " << *frame; // TODO(ianswett): AppendTypeByte and AppendStreamFrame could be optimized // into one method that takes a QuicStreamFrame, if warranted. @@ -395,7 +397,7 @@ void QuicPacketCreator::CreateAndSerializeStreamFrame( } size_t encrypted_length = framer_->EncryptInPlace( - packet_.encryption_level, packet_.path_id, packet_.packet_number, + packet_.encryption_level, packet_.packet_number, GetStartOfEncryptedData(framer_->version(), header), writer.length(), arraysize(encrypted_buffer), encrypted_buffer); if (encrypted_length == 0) { @@ -499,7 +501,7 @@ void QuicPacketCreator::SerializePacket(char* encrypted_buffer, DCHECK_EQ(packet_size_, length); } const size_t encrypted_length = framer_->EncryptInPlace( - packet_.encryption_level, packet_.path_id, packet_.packet_number, + packet_.encryption_level, packet_.packet_number, GetStartOfEncryptedData(framer_->version(), header), length, encrypted_buffer_len, encrypted_buffer); if (encrypted_length == 0) { @@ -527,8 +529,8 @@ QuicPacketCreator::SerializeVersionNegotiationPacket( // TODO(jri): Make this a public method of framer? SerializedPacket QuicPacketCreator::NoPacket() { - return SerializedPacket(kInvalidPathId, 0, PACKET_1BYTE_PACKET_NUMBER, - nullptr, 0, false, false); + return SerializedPacket(0, PACKET_1BYTE_PACKET_NUMBER, nullptr, 0, false, + false); } void QuicPacketCreator::FillPacketHeader(QuicPacketHeader* header) { @@ -543,7 +545,6 @@ void QuicPacketCreator::FillPacketHeader(QuicPacketHeader* header) { } else { header->public_header.nonce = nullptr; } - header->path_id = packet_.path_id; header->packet_number = ++packet_.packet_number; header->public_header.packet_number_length = packet_.packet_number_length; } @@ -562,7 +563,7 @@ bool QuicPacketCreator::ShouldRetransmit(const QuicFrame& frame) { bool QuicPacketCreator::AddFrame(const QuicFrame& frame, bool save_retransmittable_frames) { - QUIC_DVLOG(1) << "Adding frame: " << frame; + QUIC_DVLOG(1) << ENDPOINT << "Adding frame: " << frame; if (frame.type == STREAM_FRAME && frame.stream_frame->stream_id != kCryptoStreamId && packet_.encryption_level == ENCRYPTION_NONE) { @@ -600,6 +601,9 @@ bool QuicPacketCreator::AddFrame(const QuicFrame& frame, if (frame.type == ACK_FRAME) { packet_.has_ack = true; + if (latched_flag_no_stop_waiting_frames_) { + packet_.largest_acked = frame.ack_frame->largest_observed; + } } if (frame.type == STOP_WAITING_FRAME) { packet_.has_stop_waiting = true; diff --git a/chromium/net/quic/core/quic_packet_creator.h b/chromium/net/quic/core/quic_packet_creator.h index f7bce4e830b..68b70d42ff4 100644 --- a/chromium/net/quic/core/quic_packet_creator.h +++ b/chromium/net/quic/core/quic_packet_creator.h @@ -3,9 +3,7 @@ // found in the LICENSE file. // // Accumulates frames for the next packet until more frames no longer fit or -// it's time to create a packet from them. If multipath enabled, only creates -// packets on one path at the same time. Currently, next packet number is -// tracked per-path. +// it's time to create a packet from them. #ifndef NET_QUIC_CORE_QUIC_PACKET_CREATOR_H_ #define NET_QUIC_CORE_QUIC_PACKET_CREATOR_H_ @@ -18,7 +16,6 @@ #include <vector> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/quic_connection_close_delegate_interface.h" #include "net/quic/core/quic_framer.h" #include "net/quic/core/quic_iovector.h" @@ -209,6 +206,10 @@ class QUIC_EXPORT_PRIVATE QuicPacketCreator { debug_delegate_ = debug_delegate; } + bool latched_flag_no_stop_waiting_frames() const { + return latched_flag_no_stop_waiting_frames_; + } + private: friend class test::QuicPacketCreatorPeer; @@ -299,8 +300,8 @@ class QUIC_EXPORT_PRIVATE QuicPacketCreator { // Packet used to invoke OnSerializedPacket. SerializedPacket packet_; - // Map mapping path_id to last sent packet number on the path. - std::unordered_map<QuicPathId, QuicPacketNumber> multipath_packet_number_; + // The latched value of FLAGS_quic_reloadable_flag_quic_no_stop_waiting_frames + bool latched_flag_no_stop_waiting_frames_; DISALLOW_COPY_AND_ASSIGN(QuicPacketCreator); }; diff --git a/chromium/net/quic/core/quic_packet_creator_test.cc b/chromium/net/quic/core/quic_packet_creator_test.cc index 69439d3db1e..69cf24d467f 100644 --- a/chromium/net/quic/core/quic_packet_creator_test.cc +++ b/chromium/net/quic/core/quic_packet_creator_test.cc @@ -17,13 +17,13 @@ #include "net/quic/core/quic_simple_buffer_allocator.h" #include "net/quic/core/quic_utils.h" #include "net/quic/platform/api/quic_socket_address.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/test_tools/quic_framer_peer.h" #include "net/quic/test_tools/quic_packet_creator_peer.h" #include "net/quic/test_tools/quic_test_utils.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; using testing::DoAll; using testing::InSequence; @@ -164,8 +164,8 @@ class QuicPacketCreatorTest : public ::testing::TestWithParam<TestParams> { EXPECT_EQ(STREAM_FRAME, frame.type); ASSERT_TRUE(frame.stream_frame); EXPECT_EQ(stream_id, frame.stream_frame->stream_id); - EXPECT_EQ(data, StringPiece(frame.stream_frame->data_buffer, - frame.stream_frame->data_length)); + EXPECT_EQ(data, QuicStringPiece(frame.stream_frame->data_buffer, + frame.stream_frame->data_length)); EXPECT_EQ(offset, frame.stream_frame->offset); EXPECT_EQ(fin, frame.stream_frame->fin); } @@ -193,7 +193,7 @@ class QuicPacketCreatorTest : public ::testing::TestWithParam<TestParams> { true); } - QuicIOVector MakeIOVectorFromStringPiece(StringPiece s) { + QuicIOVector MakeIOVectorFromStringPiece(QuicStringPiece s) { return MakeIOVector(s, &iov_); } @@ -238,9 +238,9 @@ TEST_P(QuicPacketCreatorTest, SerializeFrames) { creator_.set_encryption_level(level); frames_.push_back(QuicFrame(new QuicAckFrame(MakeAckFrame(0u)))); frames_.push_back(QuicFrame( - new QuicStreamFrame(kCryptoStreamId, false, 0u, StringPiece()))); + new QuicStreamFrame(kCryptoStreamId, false, 0u, QuicStringPiece()))); frames_.push_back(QuicFrame( - new QuicStreamFrame(kCryptoStreamId, true, 0u, StringPiece()))); + new QuicStreamFrame(kCryptoStreamId, true, 0u, QuicStringPiece()))); SerializedPacket serialized = SerializeAllFrames(frames_); EXPECT_EQ(level, serialized.encryption_level); delete frames_[0].ack_frame; @@ -270,8 +270,8 @@ TEST_P(QuicPacketCreatorTest, ReserializeFramesWithSequenceNumberLength) { // retransmit must sent with the original length and the others do not change. QuicPacketCreatorPeer::SetPacketNumberLength(&creator_, PACKET_2BYTE_PACKET_NUMBER); - QuicStreamFrame* stream_frame = - new QuicStreamFrame(kCryptoStreamId, /*fin=*/false, 0u, StringPiece()); + QuicStreamFrame* stream_frame = new QuicStreamFrame( + kCryptoStreamId, /*fin=*/false, 0u, QuicStringPiece()); QuicFrames frames; frames.push_back(QuicFrame(stream_frame)); char buffer[kMaxPacketSize]; @@ -304,8 +304,8 @@ TEST_P(QuicPacketCreatorTest, ReserializeFramesWithSequenceNumberLength) { } TEST_P(QuicPacketCreatorTest, ReserializeCryptoFrameWithForwardSecurity) { - QuicStreamFrame* stream_frame = - new QuicStreamFrame(kCryptoStreamId, /*fin=*/false, 0u, StringPiece()); + QuicStreamFrame* stream_frame = new QuicStreamFrame( + kCryptoStreamId, /*fin=*/false, 0u, QuicStringPiece()); QuicFrames frames; frames.push_back(QuicFrame(stream_frame)); creator_.set_encryption_level(ENCRYPTION_FORWARD_SECURE); @@ -323,7 +323,7 @@ TEST_P(QuicPacketCreatorTest, ReserializeCryptoFrameWithForwardSecurity) { TEST_P(QuicPacketCreatorTest, ReserializeFrameWithForwardSecurity) { QuicStreamFrame* stream_frame = - new QuicStreamFrame(0u, /*fin=*/false, 0u, StringPiece()); + new QuicStreamFrame(0u, /*fin=*/false, 0u, QuicStringPiece()); QuicFrames frames; frames.push_back(QuicFrame(stream_frame)); creator_.set_encryption_level(ENCRYPTION_FORWARD_SECURE); @@ -690,7 +690,7 @@ TEST_P(QuicPacketCreatorTest, SerializeFrame) { creator_.StopSendingVersion(); } frames_.push_back(QuicFrame( - new QuicStreamFrame(kCryptoStreamId, false, 0u, StringPiece()))); + new QuicStreamFrame(kCryptoStreamId, false, 0u, QuicStringPiece()))); SerializedPacket serialized = SerializeAllFrames(frames_); delete frames_[0].stream_frame; @@ -753,7 +753,7 @@ TEST_P(QuicPacketCreatorTest, AddFrameAndFlush) { creator_.BytesFree()); // Add a variety of frame types and then a padding frame. - QuicAckFrame ack_frame(MakeAckFrame(0u)); + QuicAckFrame ack_frame(MakeAckFrame(10u)); EXPECT_TRUE(creator_.AddSavedFrame(QuicFrame(&ack_frame))); EXPECT_TRUE(creator_.HasPendingFrames()); @@ -783,6 +783,10 @@ TEST_P(QuicPacketCreatorTest, AddFrameAndFlush) { ASSERT_EQ(1u, retransmittable.size()); EXPECT_EQ(STREAM_FRAME, retransmittable[0].type); ASSERT_TRUE(retransmittable[0].stream_frame); + EXPECT_TRUE(serialized_packet_.has_ack); + if (FLAGS_quic_reloadable_flag_quic_no_stop_waiting_frames) { + EXPECT_EQ(10u, serialized_packet_.largest_acked); + } DeleteSerializedPacket(); EXPECT_FALSE(creator_.HasPendingFrames()); @@ -824,7 +828,7 @@ TEST_P(QuicPacketCreatorTest, AddUnencryptedStreamDataClosesConnection) { creator_.set_encryption_level(ENCRYPTION_NONE); EXPECT_CALL(delegate_, OnUnrecoverableError(_, _, _)); QuicStreamFrame stream_frame(kHeadersStreamId, /*fin=*/false, 0u, - StringPiece()); + QuicStringPiece()); EXPECT_QUIC_BUG(creator_.AddSavedFrame(QuicFrame(&stream_frame)), "Cannot send stream data without encryption."); } @@ -835,11 +839,12 @@ TEST_P(QuicPacketCreatorTest, ChloTooLarge) { message.set_minimum_size(kMaxPacketSize); CryptoFramer framer; std::unique_ptr<QuicData> message_data; - message_data.reset(framer.ConstructHandshakeMessage(message)); + message_data.reset( + framer.ConstructHandshakeMessage(message, Perspective::IS_CLIENT)); struct iovec iov; QuicIOVector data_iovec(MakeIOVector( - StringPiece(message_data->data(), message_data->length()), &iov)); + QuicStringPiece(message_data->data(), message_data->length()), &iov)); QuicFrame frame; EXPECT_CALL(delegate_, OnUnrecoverableError(QUIC_CRYPTO_CHLO_TOO_LARGE, _, _)); diff --git a/chromium/net/quic/core/quic_packet_generator.cc b/chromium/net/quic/core/quic_packet_generator.cc index 2191fd3a3bb..025b54d573d 100644 --- a/chromium/net/quic/core/quic_packet_generator.cc +++ b/chromium/net/quic/core/quic_packet_generator.cc @@ -10,8 +10,6 @@ #include "net/quic/platform/api/quic_bug_tracker.h" #include "net/quic/platform/api/quic_logging.h" -using base::StringPiece; - namespace net { QuicPacketGenerator::QuicPacketGenerator(QuicConnectionId connection_id, diff --git a/chromium/net/quic/core/quic_packet_generator.h b/chromium/net/quic/core/quic_packet_generator.h index 5821aadc48f..676691c5513 100644 --- a/chromium/net/quic/core/quic_packet_generator.h +++ b/chromium/net/quic/core/quic_packet_generator.h @@ -176,6 +176,10 @@ class QUIC_EXPORT_PRIVATE QuicPacketGenerator { packet_creator_.set_debug_delegate(debug_delegate); } + bool latched_flag_no_stop_waiting_frames() const { + return packet_creator_.latched_flag_no_stop_waiting_frames(); + } + private: friend class test::QuicPacketGeneratorPeer; diff --git a/chromium/net/quic/core/quic_packet_generator_test.cc b/chromium/net/quic/core/quic_packet_generator_test.cc index 45f8890e0d2..990888359cf 100644 --- a/chromium/net/quic/core/quic_packet_generator_test.cc +++ b/chromium/net/quic/core/quic_packet_generator_test.cc @@ -16,6 +16,7 @@ #include "net/quic/core/quic_simple_buffer_allocator.h" #include "net/quic/core/quic_utils.h" #include "net/quic/platform/api/quic_socket_address.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/test_tools/quic_packet_creator_peer.h" #include "net/quic/test_tools/quic_packet_generator_peer.h" #include "net/quic/test_tools/quic_test_utils.h" @@ -23,7 +24,6 @@ #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; using testing::InSequence; using testing::Return; @@ -202,7 +202,7 @@ class QuicPacketGeneratorTest : public ::testing::Test { return QuicIOVector(&iov_, 1, len); } - QuicIOVector MakeIOVectorFromStringPiece(StringPiece s) { + QuicIOVector MakeIOVectorFromStringPiece(QuicStringPiece s) { return MakeIOVector(s, &iov_); } @@ -853,7 +853,7 @@ TEST_F(QuicPacketGeneratorTest, ConnectionCloseFrameLargerThanPacketSize) { QuicConnectionCloseFrame* frame = new QuicConnectionCloseFrame(); frame->error_code = QUIC_PACKET_WRITE_ERROR; char buf[2000]; - StringPiece error_details(buf, 2000); + QuicStringPiece error_details(buf, 2000); frame->error_details = error_details.as_string(); EXPECT_CALL(delegate_, OnUnrecoverableError(QUIC_FAILED_TO_SERIALIZE_PACKET, diff --git a/chromium/net/quic/core/quic_packets.cc b/chromium/net/quic/core/quic_packets.cc index a88b6e8faea..cdd6325627a 100644 --- a/chromium/net/quic/core/quic_packets.cc +++ b/chromium/net/quic/core/quic_packets.cc @@ -11,7 +11,6 @@ #include "net/quic/platform/api/quic_str_cat.h" #include "net/quic/platform/api/quic_text_utils.h" -using base::StringPiece; using std::string; namespace net { @@ -64,11 +63,10 @@ QuicPacketPublicHeader::QuicPacketPublicHeader( QuicPacketPublicHeader::~QuicPacketPublicHeader() {} -QuicPacketHeader::QuicPacketHeader() - : packet_number(0), path_id(kDefaultPathId) {} +QuicPacketHeader::QuicPacketHeader() : packet_number(0) {} QuicPacketHeader::QuicPacketHeader(const QuicPacketPublicHeader& header) - : public_header(header), packet_number(0), path_id(kDefaultPathId) {} + : public_header(header), packet_number(0) {} QuicPacketHeader::QuicPacketHeader(const QuicPacketHeader& other) = default; @@ -95,11 +93,10 @@ std::ostream& operator<<(std::ostream& os, const QuicPacketHeader& header) { if (header.public_header.nonce != nullptr) { os << ", diversification_nonce: " << QuicTextUtils::HexEncode( - StringPiece(header.public_header.nonce->data(), - header.public_header.nonce->size())); + QuicStringPiece(header.public_header.nonce->data(), + header.public_header.nonce->size())); } - os << ", path_id: " << static_cast<int>(header.path_id) - << ", packet_number: " << header.packet_number << " }\n"; + os << ", packet_number: " << header.packet_number << " }\n"; return os; } @@ -185,23 +182,22 @@ std::ostream& operator<<(std::ostream& os, const QuicReceivedPacket& s) { return os; } -StringPiece QuicPacket::AssociatedData(QuicVersion version) const { - return StringPiece( +QuicStringPiece QuicPacket::AssociatedData(QuicVersion version) const { + return QuicStringPiece( data(), GetStartOfEncryptedData( version, connection_id_length_, includes_version_, includes_diversification_nonce_, packet_number_length_)); } -StringPiece QuicPacket::Plaintext(QuicVersion version) const { +QuicStringPiece QuicPacket::Plaintext(QuicVersion version) const { const size_t start_of_encrypted_data = GetStartOfEncryptedData( version, connection_id_length_, includes_version_, includes_diversification_nonce_, packet_number_length_); - return StringPiece(data() + start_of_encrypted_data, - length() - start_of_encrypted_data); + return QuicStringPiece(data() + start_of_encrypted_data, + length() - start_of_encrypted_data); } -SerializedPacket::SerializedPacket(QuicPathId path_id, - QuicPacketNumber packet_number, +SerializedPacket::SerializedPacket(QuicPacketNumber packet_number, QuicPacketNumberLength packet_number_length, const char* encrypted_buffer, QuicPacketLength encrypted_length, @@ -211,14 +207,14 @@ SerializedPacket::SerializedPacket(QuicPathId path_id, encrypted_length(encrypted_length), has_crypto_handshake(NOT_HANDSHAKE), num_padding_bytes(0), - path_id(path_id), packet_number(packet_number), packet_number_length(packet_number_length), encryption_level(ENCRYPTION_NONE), has_ack(has_ack), has_stop_waiting(has_stop_waiting), transmission_type(NOT_RETRANSMISSION), - original_packet_number(0) {} + original_packet_number(0), + largest_acked(0) {} SerializedPacket::SerializedPacket(const SerializedPacket& other) = default; @@ -230,6 +226,7 @@ void ClearSerializedPacket(SerializedPacket* serialized_packet) { } serialized_packet->encrypted_buffer = nullptr; serialized_packet->encrypted_length = 0; + serialized_packet->largest_acked = 0; } char* CopyBuffer(const SerializedPacket& packet) { diff --git a/chromium/net/quic/core/quic_packets.h b/chromium/net/quic/core/quic_packets.h index 5f2d8630568..95bef7c254d 100644 --- a/chromium/net/quic/core/quic_packets.h +++ b/chromium/net/quic/core/quic_packets.h @@ -15,7 +15,6 @@ #include <vector> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/base/iovec.h" #include "net/quic/core/frames/quic_frame.h" #include "net/quic/core/quic_ack_listener_interface.h" @@ -27,6 +26,7 @@ #include "net/quic/core/quic_versions.h" #include "net/quic/platform/api/quic_export.h" #include "net/quic/platform/api/quic_socket_address.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -64,6 +64,8 @@ struct QUIC_EXPORT_PRIVATE QuicPacketPublicHeader { // public flags. QuicConnectionId connection_id; QuicConnectionIdLength connection_id_length; + // TODO(fayang): Remove multipath_flag when deprecating + // quic_reloadable_flag_quic_remove_multipath_bit. bool multipath_flag; bool reset_flag; bool version_flag; @@ -86,7 +88,6 @@ struct QUIC_EXPORT_PRIVATE QuicPacketHeader { QuicPacketPublicHeader public_header; QuicPacketNumber packet_number; - QuicPathId path_id; }; struct QUIC_EXPORT_PRIVATE QuicPublicResetPacket { @@ -109,8 +110,8 @@ class QUIC_EXPORT_PRIVATE QuicData { QuicData(const char* buffer, size_t length, bool owns_buffer); virtual ~QuicData(); - base::StringPiece AsStringPiece() const { - return base::StringPiece(data(), length()); + QuicStringPiece AsStringPiece() const { + return QuicStringPiece(data(), length()); } const char* data() const { return buffer_; } @@ -137,8 +138,8 @@ class QUIC_EXPORT_PRIVATE QuicPacket : public QuicData { bool includes_diversification_nonce, QuicPacketNumberLength packet_number_length); - base::StringPiece AssociatedData(QuicVersion version) const; - base::StringPiece Plaintext(QuicVersion version) const; + QuicStringPiece AssociatedData(QuicVersion version) const; + QuicStringPiece Plaintext(QuicVersion version) const; char* mutable_data() { return buffer_; } @@ -212,8 +213,7 @@ class QUIC_EXPORT_PRIVATE QuicReceivedPacket : public QuicEncryptedPacket { }; struct QUIC_EXPORT_PRIVATE SerializedPacket { - SerializedPacket(QuicPathId path_id, - QuicPacketNumber packet_number, + SerializedPacket(QuicPacketNumber packet_number, QuicPacketNumberLength packet_number_length, const char* encrypted_buffer, QuicPacketLength encrypted_length, @@ -231,7 +231,6 @@ struct QUIC_EXPORT_PRIVATE SerializedPacket { // 0: no padding // otherwise: only pad up to num_padding_bytes bytes int16_t num_padding_bytes; - QuicPathId path_id; QuicPacketNumber packet_number; QuicPacketNumberLength packet_number_length; EncryptionLevel encryption_level; @@ -239,6 +238,9 @@ struct QUIC_EXPORT_PRIVATE SerializedPacket { bool has_stop_waiting; TransmissionType transmission_type; QuicPacketNumber original_packet_number; + // The largest acked of the AckFrame in this packet if has_ack is true, + // 0 otherwise. + QuicPacketNumber largest_acked; // Optional notifiers which will be informed when this packet has been ACKed. std::list<AckListenerWrapper> listeners; diff --git a/chromium/net/quic/core/quic_received_packet_manager.cc b/chromium/net/quic/core/quic_received_packet_manager.cc index 668301de52d..2c4ae8f8739 100644 --- a/chromium/net/quic/core/quic_received_packet_manager.cc +++ b/chromium/net/quic/core/quic_received_packet_manager.cc @@ -26,6 +26,7 @@ const size_t kMaxPacketsAfterNewMissing = 4; QuicReceivedPacketManager::QuicReceivedPacketManager(QuicConnectionStats* stats) : peer_least_packet_awaiting_ack_(0), ack_frame_updated_(false), + max_ack_ranges_(0), time_largest_observed_(QuicTime::Zero()), stats_(stats) { ack_frame_.largest_observed = 0; @@ -87,6 +88,10 @@ const QuicFrame QuicReceivedPacketManager::GetUpdatedAckFrame( ? QuicTime::Delta::Zero() : approximate_now - time_largest_observed_; } + while (max_ack_ranges_ > 0 && + ack_frame_.packets.NumIntervals() > max_ack_ranges_) { + ack_frame_.packets.RemoveSmallestInterval(); + } // Clear all packet times if any are too far from largest observed. // It's expected this is extremely rare. diff --git a/chromium/net/quic/core/quic_received_packet_manager.h b/chromium/net/quic/core/quic_received_packet_manager.h index 08001a84e86..4da4a1e0f70 100644 --- a/chromium/net/quic/core/quic_received_packet_manager.h +++ b/chromium/net/quic/core/quic_received_packet_manager.h @@ -65,6 +65,10 @@ class QUIC_EXPORT_PRIVATE QuicReceivedPacketManager { // For logging purposes. const QuicAckFrame& ack_frame() const { return ack_frame_; } + void set_max_ack_ranges(size_t max_ack_ranges) { + max_ack_ranges_ = max_ack_ranges; + } + private: friend class test::QuicConnectionPeer; @@ -79,6 +83,9 @@ class QUIC_EXPORT_PRIVATE QuicReceivedPacketManager { // last called. bool ack_frame_updated_; + // Maximum number of ack ranges allowed to be stored in the ack frame. + size_t max_ack_ranges_; + // The time we received the largest_observed packet number, or zero if // no packet numbers have been received since UpdateReceivedPacketInfo. // Needed for calculating ack_delay_time. diff --git a/chromium/net/quic/core/quic_received_packet_manager_test.cc b/chromium/net/quic/core/quic_received_packet_manager_test.cc index e7ff3d3cab5..2f2c7a779da 100644 --- a/chromium/net/quic/core/quic_received_packet_manager_test.cc +++ b/chromium/net/quic/core/quic_received_packet_manager_test.cc @@ -124,6 +124,23 @@ TEST_P(QuicReceivedPacketManagerTest, UpdateReceivedConnectionStats) { EXPECT_EQ(1u, stats_.packets_reordered); } +TEST_P(QuicReceivedPacketManagerTest, LimitAckRanges) { + received_manager_.set_max_ack_ranges(10); + EXPECT_FALSE(received_manager_.ack_frame_updated()); + for (int i = 0; i < 100; ++i) { + RecordPacketReceipt(1 + 2 * i); + EXPECT_TRUE(received_manager_.ack_frame_updated()); + received_manager_.GetUpdatedAckFrame(QuicTime::Zero()); + EXPECT_GE(10u, received_manager_.ack_frame().packets.NumIntervals()); + EXPECT_EQ(1u + 2 * i, received_manager_.ack_frame().packets.Max()); + for (int j = 0; j < std::min(10, i + 1); ++j) { + EXPECT_TRUE( + received_manager_.ack_frame().packets.Contains(1 + (i - j) * 2)); + EXPECT_FALSE(received_manager_.ack_frame().packets.Contains((i - j) * 2)); + } + } +} + } // namespace } // namespace test } // namespace net diff --git a/chromium/net/quic/core/quic_sent_packet_manager.cc b/chromium/net/quic/core/quic_sent_packet_manager.cc index 3b601e25365..a3084734ae4 100644 --- a/chromium/net/quic/core/quic_sent_packet_manager.cc +++ b/chromium/net/quic/core/quic_sent_packet_manager.cc @@ -83,7 +83,8 @@ QuicSentPacketManager::QuicSentPacketManager( conservative_handshake_retransmits_(false), largest_newly_acked_(0), largest_mtu_acked_(0), - handshake_confirmed_(false) { + handshake_confirmed_(false), + largest_packet_peer_knows_is_acked_(0) { SetSendAlgorithm(congestion_control_type); } @@ -104,40 +105,18 @@ void QuicSentPacketManager::SetFromConfig(const QuicConfig& config) { config.GetInitialRoundTripTimeUsToSend()))); } // Configure congestion control. - const bool enable_client_connection_options = - FLAGS_quic_reloadable_flag_quic_client_connection_options; - if (enable_client_connection_options) { - if (FLAGS_quic_reloadable_flag_quic_allow_new_bbr && - config.HasClientRequestedIndependentOption(kTBBR, perspective_)) { - SetSendAlgorithm(kBBR); - } - if (config.HasClientRequestedIndependentOption(kRENO, perspective_)) { - if (config.HasClientRequestedIndependentOption(kBYTE, perspective_)) { - SetSendAlgorithm(kRenoBytes); - } else { - SetSendAlgorithm(kReno); - } - } else if (config.HasClientRequestedIndependentOption(kBYTE, - perspective_)) { - SetSendAlgorithm(kCubic); - } - } else { - if (FLAGS_quic_reloadable_flag_quic_allow_new_bbr && - config.HasReceivedConnectionOptions() && - ContainsQuicTag(config.ReceivedConnectionOptions(), kTBBR)) { - SetSendAlgorithm(kBBR); - } - if (config.HasReceivedConnectionOptions() && - ContainsQuicTag(config.ReceivedConnectionOptions(), kRENO)) { - if (ContainsQuicTag(config.ReceivedConnectionOptions(), kBYTE)) { - SetSendAlgorithm(kRenoBytes); - } else { - SetSendAlgorithm(kReno); - } - } else if (config.HasReceivedConnectionOptions() && - ContainsQuicTag(config.ReceivedConnectionOptions(), kBYTE)) { - SetSendAlgorithm(kCubic); + if (FLAGS_quic_reloadable_flag_quic_allow_new_bbr && + config.HasClientRequestedIndependentOption(kTBBR, perspective_)) { + SetSendAlgorithm(kBBR); + } + if (config.HasClientRequestedIndependentOption(kRENO, perspective_)) { + if (config.HasClientRequestedIndependentOption(kBYTE, perspective_)) { + SetSendAlgorithm(kRenoBytes); + } else { + SetSendAlgorithm(kReno); } + } else if (config.HasClientRequestedIndependentOption(kBYTE, perspective_)) { + SetSendAlgorithm(kCubic); } using_pacing_ = !FLAGS_quic_disable_pacing_for_perf_tests; @@ -157,37 +136,19 @@ void QuicSentPacketManager::SetFromConfig(const QuicConfig& config) { use_new_rto_ = true; } // Configure loss detection. - if (enable_client_connection_options) { - if (config.HasClientRequestedIndependentOption(kTIME, perspective_)) { - general_loss_algorithm_.SetLossDetectionType(kTime); - } - if (config.HasClientRequestedIndependentOption(kATIM, perspective_)) { - general_loss_algorithm_.SetLossDetectionType(kAdaptiveTime); - } - if (FLAGS_quic_reloadable_flag_quic_enable_lazy_fack && - config.HasClientRequestedIndependentOption(kLFAK, perspective_)) { - general_loss_algorithm_.SetLossDetectionType(kLazyFack); - } - } else { - if (config.HasReceivedConnectionOptions() && - ContainsQuicTag(config.ReceivedConnectionOptions(), kTIME)) { - general_loss_algorithm_.SetLossDetectionType(kTime); - } - if (config.HasReceivedConnectionOptions() && - ContainsQuicTag(config.ReceivedConnectionOptions(), kATIM)) { - general_loss_algorithm_.SetLossDetectionType(kAdaptiveTime); - } - if (FLAGS_quic_reloadable_flag_quic_enable_lazy_fack && - config.HasReceivedConnectionOptions() && - ContainsQuicTag(config.ReceivedConnectionOptions(), kLFAK)) { - general_loss_algorithm_.SetLossDetectionType(kLazyFack); - } + if (config.HasClientRequestedIndependentOption(kTIME, perspective_)) { + general_loss_algorithm_.SetLossDetectionType(kTime); + } + if (config.HasClientRequestedIndependentOption(kATIM, perspective_)) { + general_loss_algorithm_.SetLossDetectionType(kAdaptiveTime); + } + if (config.HasClientRequestedIndependentOption(kLFAK, perspective_)) { + general_loss_algorithm_.SetLossDetectionType(kLazyFack); } if (config.HasClientSentConnectionOption(kUNDO, perspective_)) { undo_pending_retransmits_ = true; } - if (FLAGS_quic_reloadable_flag_quic_conservative_handshake_retransmits && - config.HasClientSentConnectionOption(kCONH, perspective_)) { + if (config.HasClientSentConnectionOption(kCONH, perspective_)) { conservative_handshake_retransmits_ = true; } send_algorithm_->SetFromConfig(config, perspective_); @@ -339,6 +300,10 @@ void QuicSentPacketManager::HandleAckForSentPackets( } // Packet was acked, so remove it from our unacked packet list. QUIC_DVLOG(1) << ENDPOINT << "Got an ack for packet " << packet_number; + if (it->largest_acked > 0) { + largest_packet_peer_knows_is_acked_ = + std::max(largest_packet_peer_knows_is_acked_, it->largest_acked); + } // If data is associated with the most recent transmission of this // packet, then inform the caller. if (it->in_flight) { @@ -741,18 +706,6 @@ bool QuicSentPacketManager::MaybeUpdateRTT(const QuicAckFrame& ack_frame, } QuicTime::Delta send_delta = ack_receive_time - transmission_info.sent_time; - const int kMaxSendDeltaSeconds = 30; - if (!FLAGS_quic_reloadable_flag_quic_allow_large_send_deltas && - send_delta.ToSeconds() > kMaxSendDeltaSeconds) { - // send_delta can be very high if local clock is changed mid-connection. - QUIC_LOG_FIRST_N(WARNING, 10) - << "Excessive send delta: " << send_delta.ToSeconds() - << ", setting to: " << kMaxSendDeltaSeconds - << " largest_observed:" << ack_frame.largest_observed - << " ack_receive_time:" << ack_receive_time.ToDebuggingValue() - << " sent_time:" << transmission_info.sent_time.ToDebuggingValue(); - return false; - } rtt_stats_.UpdateRtt(send_delta, ack_frame.ack_delay_time, ack_receive_time); return true; @@ -914,6 +867,10 @@ std::string QuicSentPacketManager::GetDebugState() const { return send_algorithm_->GetDebugState(); } +QuicByteCount QuicSentPacketManager::GetBytesInFlight() const { + return unacked_packets_.bytes_in_flight(); +} + void QuicSentPacketManager::CancelRetransmissionsForStream( QuicStreamId stream_id) { unacked_packets_.CancelRetransmissionsForStream(stream_id); diff --git a/chromium/net/quic/core/quic_sent_packet_manager.h b/chromium/net/quic/core/quic_sent_packet_manager.h index c135b2f9867..acdf795dd60 100644 --- a/chromium/net/quic/core/quic_sent_packet_manager.h +++ b/chromium/net/quic/core/quic_sent_packet_manager.h @@ -79,8 +79,6 @@ class QUIC_EXPORT_PRIVATE QuicSentPacketManager { // Called with the path may be degrading. Note that the path may only be // temporarily degrading. - // TODO(jri): With multipath, this method should probably have a path_id - // parameter, and should maybe result in the path being marked as inactive. virtual void OnPathDegrading() = 0; // Called when the Path MTU may have increased. @@ -196,6 +194,10 @@ class QUIC_EXPORT_PRIVATE QuicSentPacketManager { // Returns debugging information about the state of the congestion controller. std::string GetDebugState() const; + // Returns the number of bytes that are considered in-flight, i.e. not lost or + // acknowledged. + QuicByteCount GetBytesInFlight() const; + // No longer retransmit data for |stream_id|. void CancelRetransmissionsForStream(QuicStreamId stream_id); @@ -222,6 +224,10 @@ class QUIC_EXPORT_PRIVATE QuicSentPacketManager { const SendAlgorithmInterface* GetSendAlgorithm() const; + QuicPacketNumber largest_packet_peer_knows_is_acked() const { + return largest_packet_peer_knows_is_acked_; + } + private: friend class test::QuicConnectionPeer; friend class test::QuicSentPacketManagerPeer; @@ -402,6 +408,9 @@ class QUIC_EXPORT_PRIVATE QuicSentPacketManager { // of time with no loss events. QuicSustainedBandwidthRecorder sustained_bandwidth_recorder_; + // The largest acked value that was sent in an ack, which has then been acked. + QuicPacketNumber largest_packet_peer_knows_is_acked_; + DISALLOW_COPY_AND_ASSIGN(QuicSentPacketManager); }; diff --git a/chromium/net/quic/core/quic_sent_packet_manager_test.cc b/chromium/net/quic/core/quic_sent_packet_manager_test.cc index b0f4c347c0b..9a544a2b196 100644 --- a/chromium/net/quic/core/quic_sent_packet_manager_test.cc +++ b/chromium/net/quic/core/quic_sent_packet_manager_test.cc @@ -8,6 +8,7 @@ #include "net/quic/core/quic_flags.h" #include "net/quic/platform/api/quic_ptr_util.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/test_tools/quic_config_peer.h" #include "net/quic/test_tools/quic_sent_packet_manager_peer.h" #include "net/quic/test_tools/quic_test_utils.h" @@ -28,7 +29,6 @@ using testing::_; namespace net { namespace test { namespace { - // Default packet length. const uint32_t kDefaultLength = 1000; @@ -192,12 +192,11 @@ class QuicSentPacketManagerTest : public ::testing::Test { SerializedPacket CreatePacket(QuicPacketNumber packet_number, bool retransmittable) { - SerializedPacket packet(kDefaultPathId, packet_number, - PACKET_6BYTE_PACKET_NUMBER, nullptr, kDefaultLength, - false, false); + SerializedPacket packet(packet_number, PACKET_6BYTE_PACKET_NUMBER, nullptr, + kDefaultLength, false, false); if (retransmittable) { - packet.retransmittable_frames.push_back( - QuicFrame(new QuicStreamFrame(kStreamId, false, 0, StringPiece()))); + packet.retransmittable_frames.push_back(QuicFrame( + new QuicStreamFrame(kStreamId, false, 0, QuicStringPiece()))); } return packet; } @@ -220,19 +219,21 @@ class QuicSentPacketManagerTest : public ::testing::Test { .WillOnce(Return(true)); SerializedPacket packet(CreateDataPacket(packet_number)); packet.retransmittable_frames.push_back( - QuicFrame(new QuicStreamFrame(1, false, 0, StringPiece()))); + QuicFrame(new QuicStreamFrame(1, false, 0, QuicStringPiece()))); packet.has_crypto_handshake = IS_HANDSHAKE; manager_.OnPacketSent(&packet, 0, clock_.Now(), NOT_RETRANSMISSION, HAS_RETRANSMITTABLE_DATA); } - void SendAckPacket(QuicPacketNumber packet_number) { + void SendAckPacket(QuicPacketNumber packet_number, + QuicPacketNumber largest_acked) { EXPECT_CALL(*send_algorithm_, OnPacketSent(_, BytesInFlight(), packet_number, kDefaultLength, NO_RETRANSMITTABLE_DATA)) .Times(1) .WillOnce(Return(false)); SerializedPacket packet(CreatePacket(packet_number, false)); + packet.largest_acked = largest_acked; manager_.OnPacketSent(&packet, 0, clock_.Now(), NOT_RETRANSMISSION, NO_RETRANSMITTABLE_DATA); } @@ -536,8 +537,10 @@ TEST_F(QuicSentPacketManagerTest, GetLeastUnackedUnacked) { } TEST_F(QuicSentPacketManagerTest, AckAckAndUpdateRtt) { + FLAGS_quic_reloadable_flag_quic_no_stop_waiting_frames = true; + EXPECT_EQ(0u, manager_.largest_packet_peer_knows_is_acked()); SendDataPacket(1); - SendAckPacket(2); + SendAckPacket(2, 1); // Now ack the ack and expect an RTT update. QuicAckFrame ack_frame = InitAckFrame(2); @@ -545,13 +548,15 @@ TEST_F(QuicSentPacketManagerTest, AckAckAndUpdateRtt) { ExpectAck(1); manager_.OnIncomingAck(ack_frame, clock_.Now()); + EXPECT_EQ(1u, manager_.largest_packet_peer_knows_is_acked()); - SendAckPacket(3); + SendAckPacket(3, 3); // Now ack the ack and expect only an RTT update. ack_frame = InitAckFrame(3); ExpectUpdatedRtt(3); manager_.OnIncomingAck(ack_frame, clock_.Now()); + EXPECT_EQ(3u, manager_.largest_packet_peer_knows_is_acked()); } TEST_F(QuicSentPacketManagerTest, Rtt) { @@ -1109,7 +1114,6 @@ TEST_F(QuicSentPacketManagerTest, GetTransmissionTimeCryptoHandshake) { TEST_F(QuicSentPacketManagerTest, GetConservativeTransmissionTimeCryptoHandshake) { - FLAGS_quic_reloadable_flag_quic_conservative_handshake_retransmits = true; QuicConfig config; QuicTagVector options; options.push_back(kCONH); @@ -1403,7 +1407,6 @@ TEST_F(QuicSentPacketManagerTest, NegotiateCongestionControlFromOptions) { TEST_F(QuicSentPacketManagerTest, NegotiateClientCongestionControlFromOptions) { FLAGS_quic_reloadable_flag_quic_allow_new_bbr = true; - FLAGS_quic_reloadable_flag_quic_client_connection_options = true; QuicConfig config; QuicTagVector options; @@ -1718,8 +1721,8 @@ TEST_F(QuicSentPacketManagerTest, PathMtuIncreased) { EXPECT_CALL(*send_algorithm_, OnPacketSent(_, BytesInFlight(), 1, _, _)) .Times(1) .WillOnce(Return(true)); - SerializedPacket packet(kDefaultPathId, 1, PACKET_6BYTE_PACKET_NUMBER, - nullptr, kDefaultLength + 100, false, false); + SerializedPacket packet(1, PACKET_6BYTE_PACKET_NUMBER, nullptr, + kDefaultLength + 100, false, false); manager_.OnPacketSent(&packet, 0, clock_.Now(), NOT_RETRANSMISSION, HAS_RETRANSMITTABLE_DATA); diff --git a/chromium/net/quic/core/quic_server_id.cc b/chromium/net/quic/core/quic_server_id.cc index 6239706104c..8efb8815b48 100644 --- a/chromium/net/quic/core/quic_server_id.cc +++ b/chromium/net/quic/core/quic_server_id.cc @@ -6,6 +6,7 @@ #include <tuple> +#include "net/quic/platform/api/quic_estimate_memory_usage.h" #include "net/quic/platform/api/quic_str_cat.h" using std::string; @@ -43,4 +44,8 @@ string QuicServerId::ToString() const { (privacy_mode_ == PRIVACY_MODE_ENABLED ? "/private" : "")); } +size_t QuicServerId::EstimateMemoryUsage() const { + return QuicEstimateMemoryUsage(host_port_pair_); +} + } // namespace net diff --git a/chromium/net/quic/core/quic_server_id.h b/chromium/net/quic/core/quic_server_id.h index 580789c40b4..880afd2be9d 100644 --- a/chromium/net/quic/core/quic_server_id.h +++ b/chromium/net/quic/core/quic_server_id.h @@ -44,6 +44,8 @@ class QUIC_EXPORT_PRIVATE QuicServerId { PrivacyMode privacy_mode() const { return privacy_mode_; } + size_t EstimateMemoryUsage() const; + private: HostPortPair host_port_pair_; PrivacyMode privacy_mode_; diff --git a/chromium/net/quic/core/quic_server_session_base.cc b/chromium/net/quic/core/quic_server_session_base.cc index 9b13dba1238..60e6794bc65 100644 --- a/chromium/net/quic/core/quic_server_session_base.cc +++ b/chromium/net/quic/core/quic_server_session_base.cc @@ -10,6 +10,7 @@ #include "net/quic/core/quic_stream.h" #include "net/quic/platform/api/quic_bug_tracker.h" #include "net/quic/platform/api/quic_logging.h" +#include "net/quic/platform/api/quic_string_piece.h" using std::string; diff --git a/chromium/net/quic/core/quic_server_session_base_test.cc b/chromium/net/quic/core/quic_server_session_base_test.cc index 6e18cd544f6..cbd13030ebd 100644 --- a/chromium/net/quic/core/quic_server_session_base_test.cc +++ b/chromium/net/quic/core/quic_server_session_base_test.cc @@ -203,7 +203,7 @@ TEST_P(QuicServerSessionBaseTest, ServerPushDisabledByDefault) { TEST_P(QuicServerSessionBaseTest, CloseStreamDueToReset) { // Open a stream, then reset it. // Send two bytes of payload to open it. - QuicStreamFrame data1(kClientDataStreamId1, false, 0, StringPiece("HT")); + QuicStreamFrame data1(kClientDataStreamId1, false, 0, QuicStringPiece("HT")); session_->OnStreamFrame(data1); EXPECT_EQ(1u, session_->GetNumOpenIncomingStreams()); @@ -233,7 +233,7 @@ TEST_P(QuicServerSessionBaseTest, NeverOpenStreamDueToReset) { EXPECT_EQ(0u, session_->GetNumOpenIncomingStreams()); // Send two bytes of payload. - QuicStreamFrame data1(kClientDataStreamId1, false, 0, StringPiece("HT")); + QuicStreamFrame data1(kClientDataStreamId1, false, 0, QuicStringPiece("HT")); visitor_->OnStreamFrame(data1); // The stream should never be opened, now that the reset is received. @@ -244,9 +244,9 @@ TEST_P(QuicServerSessionBaseTest, NeverOpenStreamDueToReset) { TEST_P(QuicServerSessionBaseTest, AcceptClosedStream) { // Send (empty) compressed headers followed by two bytes of data. QuicStreamFrame frame1(kClientDataStreamId1, false, 0, - StringPiece("\1\0\0\0\0\0\0\0HT")); + QuicStringPiece("\1\0\0\0\0\0\0\0HT")); QuicStreamFrame frame2(kClientDataStreamId2, false, 0, - StringPiece("\2\0\0\0\0\0\0\0HT")); + QuicStringPiece("\2\0\0\0\0\0\0\0HT")); visitor_->OnStreamFrame(frame1); visitor_->OnStreamFrame(frame2); EXPECT_EQ(2u, session_->GetNumOpenIncomingStreams()); @@ -260,8 +260,8 @@ TEST_P(QuicServerSessionBaseTest, AcceptClosedStream) { // If we were tracking, we'd probably want to reject this because it's data // past the reset point of stream 3. As it's a closed stream we just drop the // data on the floor, but accept the packet because it has data for stream 5. - QuicStreamFrame frame3(kClientDataStreamId1, false, 2, StringPiece("TP")); - QuicStreamFrame frame4(kClientDataStreamId2, false, 2, StringPiece("TP")); + QuicStreamFrame frame3(kClientDataStreamId1, false, 2, QuicStringPiece("TP")); + QuicStreamFrame frame4(kClientDataStreamId2, false, 2, QuicStringPiece("TP")); visitor_->OnStreamFrame(frame3); visitor_->OnStreamFrame(frame4); // The stream should never be opened, now that the reset is received. @@ -409,8 +409,6 @@ TEST_P(QuicServerSessionBaseTest, BandwidthEstimates) { // and we don't have any other data to write. // Client has sent kBWRE connection option to trigger bandwidth resumption. - // Disable this flag because if connection uses multipath sent packet manager, - // static_cast here does not work. QuicTagVector copt; copt.push_back(kBWRE); QuicConfigPeer::SetReceivedConnectionOptions(session_->config(), copt); @@ -474,9 +472,9 @@ TEST_P(QuicServerSessionBaseTest, BandwidthEstimates) { // Bandwidth estimate has now changed sufficiently, enough time has passed, // and enough packets have been sent. - SerializedPacket packet( - kDefaultPathId, 1 + kMinPacketsBetweenServerConfigUpdates, - PACKET_6BYTE_PACKET_NUMBER, nullptr, 1000, false, false); + SerializedPacket packet(1 + kMinPacketsBetweenServerConfigUpdates, + PACKET_6BYTE_PACKET_NUMBER, nullptr, 1000, false, + false); sent_packet_manager->OnPacketSent(&packet, 0, now, NOT_RETRANSMISSION, HAS_RETRANSMITTABLE_DATA); @@ -613,8 +611,10 @@ TEST_P(StreamMemberLifetimeTest, Basic) { chlo.SetVector(kCOPT, QuicTagVector{kSREJ}); std::vector<QuicVersion> packet_version_list = {version}; std::unique_ptr<QuicEncryptedPacket> packet(ConstructEncryptedPacket( - 1, true, false, false, kDefaultPathId, 1, - chlo.GetSerialized().AsStringPiece().as_string(), + 1, true, false, 1, + string(chlo.GetSerialized(Perspective::IS_CLIENT) + .AsStringPiece() + .as_string()), PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, &packet_version_list)); @@ -625,7 +625,7 @@ TEST_P(StreamMemberLifetimeTest, Basic) { // Set the current packet QuicConnectionPeer::SetCurrentPacket(session_->connection(), - packet->AsStringPiece()); + packet->AsStringPiece().as_string()); // Yes, this is horrible. But it's the easiest way to trigger the behavior we // need to exercise. diff --git a/chromium/net/quic/core/quic_session.cc b/chromium/net/quic/core/quic_session.cc index 6160cdd2a31..5f106f20371 100644 --- a/chromium/net/quic/core/quic_session.cc +++ b/chromium/net/quic/core/quic_session.cc @@ -15,7 +15,6 @@ #include "net/quic/platform/api/quic_map_util.h" #include "net/quic/platform/api/quic_str_cat.h" -using base::StringPiece; using std::string; namespace net { diff --git a/chromium/net/quic/core/quic_session.h b/chromium/net/quic/core/quic_session.h index 283f55f3ff3..cba66a07d60 100644 --- a/chromium/net/quic/core/quic_session.h +++ b/chromium/net/quic/core/quic_session.h @@ -16,7 +16,6 @@ #include "base/compiler_specific.h" #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/quic_connection.h" #include "net/quic/core/quic_crypto_stream.h" #include "net/quic/core/quic_packet_creator.h" @@ -439,7 +438,7 @@ class QUIC_EXPORT_PRIVATE QuicSession : public QuicConnectionVisitorInterface { // call stack of OnCanWrite. QuicStreamId currently_writing_stream_id_; - // Latched value of gfe2_reloadable_flag_quic_flow_control_invariant. + // Latched value of quic_reloadable_flag_quic_flow_control_invariant. const bool flow_control_invariant_; DISALLOW_COPY_AND_ASSIGN(QuicSession); diff --git a/chromium/net/quic/core/quic_session_test.cc b/chromium/net/quic/core/quic_session_test.cc index edc935699b0..a5451e79170 100644 --- a/chromium/net/quic/core/quic_session_test.cc +++ b/chromium/net/quic/core/quic_session_test.cc @@ -20,6 +20,7 @@ #include "net/quic/platform/api/quic_map_util.h" #include "net/quic/platform/api/quic_ptr_util.h" #include "net/quic/platform/api/quic_str_cat.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/test_tools/quic_config_peer.h" #include "net/quic/test_tools/quic_connection_peer.h" #include "net/quic/test_tools/quic_flow_controller_peer.h" @@ -795,7 +796,7 @@ TEST_P(QuicSessionTestServer, IncreasedTimeoutAfterCryptoHandshake) { TEST_P(QuicSessionTestServer, RstStreamBeforeHeadersDecompressed) { // Send two bytes of payload. - QuicStreamFrame data1(kClientDataStreamId1, false, 0, StringPiece("HT")); + QuicStreamFrame data1(kClientDataStreamId1, false, 0, QuicStringPiece("HT")); session_.OnStreamFrame(data1); EXPECT_EQ(1u, session_.GetNumOpenIncomingStreams()); @@ -1020,7 +1021,7 @@ TEST_P(QuicSessionTestServer, ConnectionFlowControlAccountingFinAfterRst) { // account the total number of bytes sent by the peer. const QuicStreamOffset kByteOffset = 5678; string body = "hello"; - QuicStreamFrame frame(stream->id(), true, kByteOffset, StringPiece(body)); + QuicStreamFrame frame(stream->id(), true, kByteOffset, QuicStringPiece(body)); session_.OnStreamFrame(frame); QuicStreamOffset total_stream_bytes_sent_by_peer = @@ -1115,7 +1116,7 @@ TEST_P(QuicSessionTestServer, FlowControlWithInvalidFinalOffset) { TestStream* stream = session_.CreateOutgoingDynamicStream(kDefaultPriority); EXPECT_CALL(*connection_, SendRstStream(stream->id(), _, _)); stream->Reset(QUIC_STREAM_CANCELLED); - QuicStreamFrame frame(stream->id(), true, kLargeOffset, StringPiece()); + QuicStreamFrame frame(stream->id(), true, kLargeOffset, QuicStringPiece()); session_.OnStreamFrame(frame); // Check that RST results in connection close. @@ -1157,7 +1158,7 @@ TEST_P(QuicSessionTestServer, TooManyUnfinishedStreamsCauseServerRejectStream) { // Create kMaxStreams data streams, and close them all without receiving a // FIN or a RST_STREAM from the client. for (QuicStreamId i = kFirstStreamId; i < kFinalStreamId; i += 2) { - QuicStreamFrame data1(i, false, 0, StringPiece("HT")); + QuicStreamFrame data1(i, false, 0, QuicStringPiece("HT")); session_.OnStreamFrame(data1); // EXPECT_EQ(1u, session_.GetNumOpenStreams()); EXPECT_CALL(*connection_, SendRstStream(i, _, _)); @@ -1168,7 +1169,7 @@ TEST_P(QuicSessionTestServer, TooManyUnfinishedStreamsCauseServerRejectStream) { SendRstStream(kFinalStreamId, QUIC_REFUSED_STREAM, _)) .Times(1); // Create one more data streams to exceed limit of open stream. - QuicStreamFrame data1(kFinalStreamId, false, 0, StringPiece("HT")); + QuicStreamFrame data1(kFinalStreamId, false, 0, QuicStringPiece("HT")); session_.OnStreamFrame(data1); // Called after any new data is received by the session, and triggers the @@ -1189,7 +1190,7 @@ TEST_P(QuicSessionTestServer, DrainingStreamsDoNotCountAsOpened) { const QuicStreamId kFinalStreamId = kClientDataStreamId1 + 2 * kMaxStreams + 1; for (QuicStreamId i = kFirstStreamId; i < kFinalStreamId; i += 2) { - QuicStreamFrame data1(i, true, 0, StringPiece("HT")); + QuicStreamFrame data1(i, true, 0, QuicStringPiece("HT")); session_.OnStreamFrame(data1); EXPECT_EQ(1u, session_.GetNumOpenIncomingStreams()); session_.StreamDraining(i); @@ -1258,7 +1259,7 @@ TEST_P(QuicSessionTestClient, RecordFinAfterReadSideClosed) { QuicStreamPeer::CloseReadSide(stream); // Receive a stream data frame with FIN. - QuicStreamFrame frame(stream_id, true, 0, StringPiece()); + QuicStreamFrame frame(stream_id, true, 0, QuicStringPiece()); session_.OnStreamFrame(frame); EXPECT_TRUE(stream->fin_received()); diff --git a/chromium/net/quic/core/quic_spdy_session.cc b/chromium/net/quic/core/quic_spdy_session.cc index 29f71db0b32..61d16c9020a 100644 --- a/chromium/net/quic/core/quic_spdy_session.cc +++ b/chromium/net/quic/core/quic_spdy_session.cc @@ -15,7 +15,6 @@ #include "net/quic/platform/api/quic_logging.h" #include "net/quic/platform/api/quic_str_cat.h" -using base::StringPiece; using std::string; namespace net { @@ -125,7 +124,8 @@ class QuicSpdySession::SpdyFramerVisitor if (session_->OnStreamFrameData(stream_id, data, len)) { return; } - CloseConnection("SPDY DATA frame received."); + CloseConnection("SPDY DATA frame received.", + QUIC_INVALID_HEADERS_STREAM_DATA); } void OnStreamEnd(SpdyStreamId stream_id) override { @@ -134,13 +134,23 @@ class QuicSpdySession::SpdyFramerVisitor } void OnStreamPadding(SpdyStreamId stream_id, size_t len) override { - CloseConnection("SPDY frame padding received."); + CloseConnection("SPDY frame padding received.", + QUIC_INVALID_HEADERS_STREAM_DATA); } void OnError(SpdyFramer* framer) override { - CloseConnection(QuicStrCat( - "SPDY framing error: ", - SpdyFramer::SpdyFramerErrorToString(framer->spdy_framer_error()))); + QuicErrorCode code = QUIC_INVALID_HEADERS_STREAM_DATA; + SpdyFramer::SpdyFramerError error = framer->spdy_framer_error(); + switch (error) { + case SpdyFramer::SpdyFramerError::SPDY_DECOMPRESS_FAILURE: + code = QUIC_HEADERS_STREAM_DATA_DECOMPRESS_FAILURE; + break; + default: + break; + } + CloseConnection(QuicStrCat("SPDY framing error: ", + SpdyFramer::SpdyFramerErrorToString(error)), + code); } void OnDataFrameHeader(SpdyStreamId stream_id, @@ -149,16 +159,19 @@ class QuicSpdySession::SpdyFramerVisitor if (session_->OnDataFrameHeader(stream_id, length, fin)) { return; } - CloseConnection("SPDY DATA frame received."); + CloseConnection("SPDY DATA frame received.", + QUIC_INVALID_HEADERS_STREAM_DATA); } void OnRstStream(SpdyStreamId stream_id, SpdyErrorCode error_code) override { - CloseConnection("SPDY RST_STREAM frame received."); + CloseConnection("SPDY RST_STREAM frame received.", + QUIC_INVALID_HEADERS_STREAM_DATA); } void OnSetting(SpdySettingsIds id, uint32_t value) override { if (!FLAGS_quic_reloadable_flag_quic_respect_http2_settings_frame) { - CloseConnection("SPDY SETTINGS frame received."); + CloseConnection("SPDY SETTINGS frame received.", + QUIC_INVALID_HEADERS_STREAM_DATA); return; } switch (id) { @@ -171,14 +184,16 @@ class QuicSpdySession::SpdyFramerVisitor // See rfc7540, Section 6.5.2. if (value > 1) { CloseConnection( - QuicStrCat("Invalid value for SETTINGS_ENABLE_PUSH: ", value)); + QuicStrCat("Invalid value for SETTINGS_ENABLE_PUSH: ", value), + QUIC_INVALID_HEADERS_STREAM_DATA); return; } session_->UpdateEnableServerPush(value > 0); break; } else { CloseConnection( - QuicStrCat("Unsupported field of HTTP/2 SETTINGS frame: ", id)); + QuicStrCat("Unsupported field of HTTP/2 SETTINGS frame: ", id), + QUIC_INVALID_HEADERS_STREAM_DATA); } break; // TODO(fayang): Need to support SETTINGS_MAX_HEADER_LIST_SIZE when @@ -189,29 +204,34 @@ class QuicSpdySession::SpdyFramerVisitor } default: CloseConnection( - QuicStrCat("Unsupported field of HTTP/2 SETTINGS frame: ", id)); + QuicStrCat("Unsupported field of HTTP/2 SETTINGS frame: ", id), + QUIC_INVALID_HEADERS_STREAM_DATA); } } void OnSettingsAck() override { if (!FLAGS_quic_reloadable_flag_quic_respect_http2_settings_frame) { - CloseConnection("SPDY SETTINGS frame received."); + CloseConnection("SPDY SETTINGS frame received.", + QUIC_INVALID_HEADERS_STREAM_DATA); } } void OnSettingsEnd() override { if (!FLAGS_quic_reloadable_flag_quic_respect_http2_settings_frame) { - CloseConnection("SPDY SETTINGS frame received."); + CloseConnection("SPDY SETTINGS frame received.", + QUIC_INVALID_HEADERS_STREAM_DATA); } } void OnPing(SpdyPingId unique_id, bool is_ack) override { - CloseConnection("SPDY PING frame received."); + CloseConnection("SPDY PING frame received.", + QUIC_INVALID_HEADERS_STREAM_DATA); } void OnGoAway(SpdyStreamId last_accepted_stream_id, SpdyErrorCode error_code) override { - CloseConnection("SPDY GOAWAY frame received."); + CloseConnection("SPDY GOAWAY frame received.", + QUIC_INVALID_HEADERS_STREAM_DATA); } void OnHeaders(SpdyStreamId stream_id, @@ -233,14 +253,16 @@ class QuicSpdySession::SpdyFramerVisitor } void OnWindowUpdate(SpdyStreamId stream_id, int delta_window_size) override { - CloseConnection("SPDY WINDOW_UPDATE frame received."); + CloseConnection("SPDY WINDOW_UPDATE frame received.", + QUIC_INVALID_HEADERS_STREAM_DATA); } void OnPushPromise(SpdyStreamId stream_id, SpdyStreamId promised_stream_id, bool end) override { if (!session_->supports_push_promise()) { - CloseConnection("PUSH_PROMISE not supported."); + CloseConnection("PUSH_PROMISE not supported.", + QUIC_INVALID_HEADERS_STREAM_DATA); return; } if (!session_->IsConnected()) { @@ -255,11 +277,13 @@ class QuicSpdySession::SpdyFramerVisitor SpdyStreamId parent_id, int weight, bool exclusive) override { - CloseConnection("SPDY PRIORITY frame received."); + CloseConnection("SPDY PRIORITY frame received.", + QUIC_INVALID_HEADERS_STREAM_DATA); } bool OnUnknownFrame(SpdyStreamId stream_id, uint8_t frame_type) override { - CloseConnection("Unknown frame type received."); + CloseConnection("Unknown frame type received.", + QUIC_INVALID_HEADERS_STREAM_DATA); return false; } @@ -291,10 +315,9 @@ class QuicSpdySession::SpdyFramerVisitor } private: - void CloseConnection(const string& details) { + void CloseConnection(const string& details, QuicErrorCode code) { if (session_->IsConnected()) { - session_->CloseConnectionWithDetails(QUIC_INVALID_HEADERS_STREAM_DATA, - details); + session_->CloseConnectionWithDetails(code, details); } } @@ -410,8 +433,9 @@ size_t QuicSpdySession::WriteHeadersImpl( headers_frame.set_weight(Spdy3PriorityToHttp2Weight(priority)); } SpdySerializedFrame frame(spdy_framer_.SerializeFrame(headers_frame)); - headers_stream_->WriteOrBufferData(StringPiece(frame.data(), frame.size()), - false, std::move(ack_notifier_delegate)); + headers_stream_->WriteOrBufferData( + QuicStringPiece(frame.data(), frame.size()), false, + std::move(ack_notifier_delegate)); return frame.size(); } @@ -430,14 +454,14 @@ size_t QuicSpdySession::WritePushPromise(QuicStreamId original_stream_id, push_promise.set_fin(false); SpdySerializedFrame frame(spdy_framer_.SerializeFrame(push_promise)); - headers_stream_->WriteOrBufferData(StringPiece(frame.data(), frame.size()), - false, nullptr); + headers_stream_->WriteOrBufferData( + QuicStringPiece(frame.data(), frame.size()), false, nullptr); return frame.size(); } void QuicSpdySession::WriteDataFrame( QuicStreamId id, - StringPiece data, + QuicStringPiece data, bool fin, QuicReferenceCountedPointer<QuicAckListenerInterface> ack_listener) { // Note that certain SpdyDataIR constructors perform a deep copy of |data| @@ -453,8 +477,9 @@ void QuicSpdySession::WriteDataFrame( } // Use buffered writes so that coherence of framing is preserved // between streams. - headers_stream_->WriteOrBufferData(StringPiece(frame.data(), frame.size()), - false, std::move(force_hol_ack_listener)); + headers_stream_->WriteOrBufferData( + QuicStringPiece(frame.data(), frame.size()), false, + std::move(force_hol_ack_listener)); } QuicConsumedData QuicSpdySession::WritevStreamData( @@ -470,7 +495,7 @@ QuicConsumedData QuicSpdySession::WritevStreamData( size_t total_length = iov.total_length; if (total_length == 0 && fin) { - WriteDataFrame(id, StringPiece(), true, std::move(ack_listener)); + WriteDataFrame(id, QuicStringPiece(), true, std::move(ack_listener)); result.fin_consumed = true; return result; } @@ -497,7 +522,7 @@ QuicConsumedData QuicSpdySession::WritevStreamData( bool last_iov = i == iov.iov_count - 1; bool last_fragment_within_iov = src_iov_offset >= src_iov->iov_len; bool frame_fin = (last_iov && last_fragment_within_iov) ? fin : false; - WriteDataFrame(id, StringPiece(data, len), frame_fin, ack_listener); + WriteDataFrame(id, QuicStringPiece(data, len), frame_fin, ack_listener); result.bytes_consumed += len; if (frame_fin) { result.fin_consumed = true; @@ -518,8 +543,8 @@ size_t QuicSpdySession::SendMaxHeaderListSize(size_t value) { settings_frame.AddSetting(SETTINGS_MAX_HEADER_LIST_SIZE, value); SpdySerializedFrame frame(spdy_framer_.SerializeFrame(settings_frame)); - headers_stream_->WriteOrBufferData(StringPiece(frame.data(), frame.size()), - false, nullptr); + headers_stream_->WriteOrBufferData( + QuicStringPiece(frame.data(), frame.size()), false, nullptr); return frame.size(); } @@ -600,7 +625,8 @@ void QuicSpdySession::OnStreamFrameData(QuicStreamId stream_id, } const QuicStreamOffset offset = stream->flow_controller()->highest_received_byte_offset(); - const QuicStreamFrame frame(stream_id, fin, offset, StringPiece(data, len)); + const QuicStreamFrame frame(stream_id, fin, offset, + QuicStringPiece(data, len)); QUIC_DVLOG(1) << "De-encapsulating DATA frame for stream " << stream_id << " offset " << offset << " len " << len << " fin " << fin; OnStreamFrame(frame); diff --git a/chromium/net/quic/core/quic_spdy_session.h b/chromium/net/quic/core/quic_spdy_session.h index 183c5f1f97b..7ec0a01c1d2 100644 --- a/chromium/net/quic/core/quic_spdy_session.h +++ b/chromium/net/quic/core/quic_spdy_session.h @@ -14,6 +14,7 @@ #include "net/quic/core/quic_session.h" #include "net/quic/core/quic_spdy_stream.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -235,7 +236,7 @@ class QUIC_EXPORT_PRIVATE QuicSpdySession : public QuicSession { // Helper for |WritevStreamData()|. void WriteDataFrame( QuicStreamId stream_id, - base::StringPiece data, + QuicStringPiece data, bool fin, QuicReferenceCountedPointer<QuicAckListenerInterface> ack_listener); diff --git a/chromium/net/quic/core/quic_spdy_stream.cc b/chromium/net/quic/core/quic_spdy_stream.cc index 8a6cf48dbcf..76c480a5afe 100644 --- a/chromium/net/quic/core/quic_spdy_stream.cc +++ b/chromium/net/quic/core/quic_spdy_stream.cc @@ -12,10 +12,10 @@ #include "net/quic/core/spdy_utils.h" #include "net/quic/platform/api/quic_bug_tracker.h" #include "net/quic/platform/api/quic_logging.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/api/quic_text_utils.h" using base::IntToString; -using base::StringPiece; using std::string; namespace net { @@ -45,17 +45,6 @@ QuicSpdyStream::~QuicSpdyStream() { } } -void QuicSpdyStream::StopReading() { - if (!fin_received() && !rst_received() && write_side_closed() && - !rst_sent()) { - DCHECK(fin_sent()); - // Tell the peer to stop sending further data. - QUIC_DVLOG(1) << ENDPOINT << "Send QUIC_STREAM_NO_ERROR on stream " << id(); - Reset(QUIC_STREAM_NO_ERROR); - } - QuicStream::StopReading(); -} - size_t QuicSpdyStream::WriteHeaders( SpdyHeaderBlock header_block, bool fin, @@ -81,7 +70,7 @@ size_t QuicSpdyStream::WriteTrailers( SpdyHeaderBlock trailer_block, QuicReferenceCountedPointer<QuicAckListenerInterface> ack_listener) { if (fin_sent()) { - QUIC_BUG << "Trailers cannot be sent after a FIN."; + QUIC_BUG << "Trailers cannot be sent after a FIN, on stream " << id(); return 0; } @@ -167,8 +156,7 @@ void QuicSpdyStream::OnStreamHeaderList(bool fin, // be reset. // TODO(rch): Use an explicit "headers too large" signal. An empty header list // might be acceptable if it corresponds to a trailing header frame. - if (FLAGS_quic_reloadable_flag_quic_limit_uncompressed_headers && - header_list.empty()) { + if (header_list.empty()) { OnHeadersTooLarge(); if (IsDoneReading()) { return; @@ -192,7 +180,7 @@ void QuicSpdyStream::OnInitialHeadersComplete( headers_decompressed_ = true; header_list_ = header_list; if (fin) { - OnStreamFrame(QuicStreamFrame(id(), fin, 0, StringPiece())); + OnStreamFrame(QuicStreamFrame(id(), fin, 0, QuicStringPiece())); } if (FinishedReadingHeaders()) { sequencer()->SetUnblocked(); @@ -234,14 +222,15 @@ void QuicSpdyStream::OnTrailingHeadersComplete( size_t final_byte_offset = 0; if (!SpdyUtils::CopyAndValidateTrailers(header_list, &final_byte_offset, &received_trailers_)) { - QUIC_DLOG(ERROR) << "Trailers are malformed: " << id(); + QUIC_DLOG(ERROR) << "Trailers for stream " << id() << " are malformed."; session()->connection()->CloseConnection( QUIC_INVALID_HEADERS_STREAM_DATA, "Trailers are malformed", ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); return; } trailers_decompressed_ = true; - OnStreamFrame(QuicStreamFrame(id(), fin, final_byte_offset, StringPiece())); + OnStreamFrame( + QuicStreamFrame(id(), fin, final_byte_offset, QuicStringPiece())); } void QuicSpdyStream::OnStreamReset(const QuicRstStreamFrame& frame) { @@ -287,7 +276,7 @@ bool QuicSpdyStream::ParseHeaderStatusCode(const SpdyHeaderBlock& header, if (it == header.end()) { return false; } - const StringPiece status(it->second); + const QuicStringPiece status(it->second); if (status.size() != 3) { return false; } diff --git a/chromium/net/quic/core/quic_spdy_stream.h b/chromium/net/quic/core/quic_spdy_stream.h index fec1fd70d3d..247af4d7509 100644 --- a/chromium/net/quic/core/quic_spdy_stream.h +++ b/chromium/net/quic/core/quic_spdy_stream.h @@ -16,7 +16,6 @@ #include <string> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/base/iovec.h" #include "net/quic/core/quic_flags.h" #include "net/quic/core/quic_header_list.h" @@ -67,8 +66,6 @@ class QUIC_EXPORT_PRIVATE QuicSpdyStream : public QuicStream { QuicSpdyStream(QuicStreamId id, QuicSpdySession* spdy_session); ~QuicSpdyStream() override; - void StopReading() override; - // QuicStream implementation void OnClose() override; diff --git a/chromium/net/quic/core/quic_spdy_stream_test.cc b/chromium/net/quic/core/quic_spdy_stream_test.cc index 04d32fc7ccf..a34b0c78244 100644 --- a/chromium/net/quic/core/quic_spdy_stream_test.cc +++ b/chromium/net/quic/core/quic_spdy_stream_test.cc @@ -12,15 +12,15 @@ #include "net/quic/core/quic_write_blocked_list.h" #include "net/quic/core/spdy_utils.h" #include "net/quic/platform/api/quic_ptr_util.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/api/quic_text_utils.h" #include "net/quic/test_tools/quic_flow_controller_peer.h" #include "net/quic/test_tools/quic_session_peer.h" #include "net/quic/test_tools/quic_stream_peer.h" #include "net/quic/test_tools/quic_test_utils.h" -#include "net/test/gtest_util.h" #include "testing/gmock/include/gmock/gmock.h" +#include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; using testing::AnyNumber; using testing::Invoke; @@ -144,7 +144,6 @@ TEST_P(QuicSpdyStreamTest, ProcessHeaderList) { } TEST_P(QuicSpdyStreamTest, ProcessTooLargeHeaderList) { - FLAGS_quic_reloadable_flag_quic_limit_uncompressed_headers = true; Initialize(kShouldProcessData); QuicHeaderList headers; @@ -251,7 +250,7 @@ TEST_P(QuicSpdyStreamTest, ProcessHeadersAndBody) { QuicHeaderList headers = ProcessHeaders(false, headers_); EXPECT_EQ(headers, stream_->header_list()); stream_->ConsumeHeaderList(); - QuicStreamFrame frame(kClientDataStreamId1, false, 0, StringPiece(body)); + QuicStreamFrame frame(kClientDataStreamId1, false, 0, QuicStringPiece(body)); stream_->OnStreamFrame(frame); EXPECT_EQ(QuicHeaderList(), stream_->header_list()); EXPECT_EQ(body, stream_->data()); @@ -267,10 +266,10 @@ TEST_P(QuicSpdyStreamTest, ProcessHeadersAndBodyFragments) { stream_->ConsumeHeaderList(); for (size_t offset = 0; offset < body.size(); offset += fragment_size) { size_t remaining_data = body.size() - offset; - StringPiece fragment(body.data() + offset, - std::min(fragment_size, remaining_data)); + QuicStringPiece fragment(body.data() + offset, + std::min(fragment_size, remaining_data)); QuicStreamFrame frame(kClientDataStreamId1, false, offset, - StringPiece(fragment)); + QuicStringPiece(fragment)); stream_->OnStreamFrame(frame); } ASSERT_EQ(body, stream_->data()) << "fragment_size: " << fragment_size; @@ -286,14 +285,15 @@ TEST_P(QuicSpdyStreamTest, ProcessHeadersAndBodyFragmentsSplit) { ASSERT_EQ(headers, stream_->header_list()); stream_->ConsumeHeaderList(); - StringPiece fragment1(body.data(), split_point); + QuicStringPiece fragment1(body.data(), split_point); QuicStreamFrame frame1(kClientDataStreamId1, false, 0, - StringPiece(fragment1)); + QuicStringPiece(fragment1)); stream_->OnStreamFrame(frame1); - StringPiece fragment2(body.data() + split_point, body.size() - split_point); + QuicStringPiece fragment2(body.data() + split_point, + body.size() - split_point); QuicStreamFrame frame2(kClientDataStreamId1, false, split_point, - StringPiece(fragment2)); + QuicStringPiece(fragment2)); stream_->OnStreamFrame(frame2); ASSERT_EQ(body, stream_->data()) << "split_point: " << split_point; @@ -306,7 +306,7 @@ TEST_P(QuicSpdyStreamTest, ProcessHeadersAndBodyReadv) { string body = "this is the body"; ProcessHeaders(false, headers_); - QuicStreamFrame frame(kClientDataStreamId1, false, 0, StringPiece(body)); + QuicStreamFrame frame(kClientDataStreamId1, false, 0, QuicStringPiece(body)); stream_->OnStreamFrame(frame); stream_->ConsumeHeaderList(); @@ -327,7 +327,7 @@ TEST_P(QuicSpdyStreamTest, ProcessHeadersAndBodyMarkConsumed) { string body = "this is the body"; ProcessHeaders(false, headers_); - QuicStreamFrame frame(kClientDataStreamId1, false, 0, StringPiece(body)); + QuicStreamFrame frame(kClientDataStreamId1, false, 0, QuicStringPiece(body)); stream_->OnStreamFrame(frame); stream_->ConsumeHeaderList(); @@ -346,7 +346,7 @@ TEST_P(QuicSpdyStreamTest, ProcessHeadersAndBodyIncrementalReadv) { string body = "this is the body"; ProcessHeaders(false, headers_); - QuicStreamFrame frame(kClientDataStreamId1, false, 0, StringPiece(body)); + QuicStreamFrame frame(kClientDataStreamId1, false, 0, QuicStringPiece(body)); stream_->OnStreamFrame(frame); stream_->ConsumeHeaderList(); @@ -367,7 +367,7 @@ TEST_P(QuicSpdyStreamTest, ProcessHeadersUsingReadvWithMultipleIovecs) { string body = "this is the body"; ProcessHeaders(false, headers_); - QuicStreamFrame frame(kClientDataStreamId1, false, 0, StringPiece(body)); + QuicStreamFrame frame(kClientDataStreamId1, false, 0, QuicStringPiece(body)); stream_->OnStreamFrame(frame); stream_->ConsumeHeaderList(); @@ -442,7 +442,7 @@ TEST_P(QuicSpdyStreamTest, StreamFlowControlNoWindowUpdateIfNotConsumed) { string body(kWindow / 3, 'a'); ProcessHeaders(false, headers_); - QuicStreamFrame frame1(kClientDataStreamId1, false, 0, StringPiece(body)); + QuicStreamFrame frame1(kClientDataStreamId1, false, 0, QuicStringPiece(body)); stream_->OnStreamFrame(frame1); EXPECT_EQ(kWindow - (kWindow / 3), QuicFlowControllerPeer::ReceiveWindowSize( stream_->flow_controller())); @@ -451,7 +451,7 @@ TEST_P(QuicSpdyStreamTest, StreamFlowControlNoWindowUpdateIfNotConsumed) { // half full. This should all be buffered, decreasing the receive window but // not sending WINDOW_UPDATE. QuicStreamFrame frame2(kClientDataStreamId1, false, kWindow / 3, - StringPiece(body)); + QuicStringPiece(body)); stream_->OnStreamFrame(frame2); EXPECT_EQ( kWindow - (2 * kWindow / 3), @@ -478,7 +478,7 @@ TEST_P(QuicSpdyStreamTest, StreamFlowControlWindowUpdate) { ProcessHeaders(false, headers_); stream_->ConsumeHeaderList(); - QuicStreamFrame frame1(kClientDataStreamId1, false, 0, StringPiece(body)); + QuicStreamFrame frame1(kClientDataStreamId1, false, 0, QuicStringPiece(body)); stream_->OnStreamFrame(frame1); EXPECT_EQ(kWindow - (kWindow / 3), QuicFlowControllerPeer::ReceiveWindowSize( stream_->flow_controller())); @@ -488,7 +488,7 @@ TEST_P(QuicSpdyStreamTest, StreamFlowControlWindowUpdate) { // offset and send a WINDOW_UPDATE. The result will be again an available // window of kWindow bytes. QuicStreamFrame frame2(kClientDataStreamId1, false, kWindow / 3, - StringPiece(body)); + QuicStringPiece(body)); EXPECT_CALL(*connection_, SendWindowUpdate(kClientDataStreamId1, QuicFlowControllerPeer::ReceiveWindowOffset( @@ -532,9 +532,9 @@ TEST_P(QuicSpdyStreamTest, ConnectionFlowControlWindowUpdate) { // Each stream gets a quarter window of data. This should not trigger a // WINDOW_UPDATE for either stream, nor for the connection. string body(kWindow / 4, 'a'); - QuicStreamFrame frame1(kClientDataStreamId1, false, 0, StringPiece(body)); + QuicStreamFrame frame1(kClientDataStreamId1, false, 0, QuicStringPiece(body)); stream_->OnStreamFrame(frame1); - QuicStreamFrame frame2(kClientDataStreamId2, false, 0, StringPiece(body)); + QuicStreamFrame frame2(kClientDataStreamId2, false, 0, QuicStringPiece(body)); stream2_->OnStreamFrame(frame2); // Now receive a further single byte on one stream - again this does not @@ -548,7 +548,7 @@ TEST_P(QuicSpdyStreamTest, ConnectionFlowControlWindowUpdate) { session_->flow_controller()) + 1 + kWindow / 2)); QuicStreamFrame frame3(kClientDataStreamId1, false, (kWindow / 4), - StringPiece("a")); + QuicStringPiece("a")); stream_->OnStreamFrame(frame3); } @@ -569,7 +569,7 @@ TEST_P(QuicSpdyStreamTest, StreamFlowControlViolation) { // Receive data to overflow the window, violating flow control. string body(kWindow + 1, 'a'); - QuicStreamFrame frame(kClientDataStreamId1, false, 0, StringPiece(body)); + QuicStreamFrame frame(kClientDataStreamId1, false, 0, QuicStringPiece(body)); EXPECT_CALL(*connection_, CloseConnection(QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA, _, _)); stream_->OnStreamFrame(frame); @@ -607,7 +607,7 @@ TEST_P(QuicSpdyStreamTest, ConnectionFlowControlViolation) { // Send enough data to overflow the connection level flow control window. string body(kConnectionWindow + 1, 'a'); EXPECT_LT(body.size(), kStreamWindow); - QuicStreamFrame frame(kClientDataStreamId1, false, 0, StringPiece(body)); + QuicStreamFrame frame(kClientDataStreamId1, false, 0, QuicStringPiece(body)); EXPECT_CALL(*connection_, CloseConnection(QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA, _, _)); @@ -752,9 +752,11 @@ TEST_P(QuicSpdyStreamTest, ReceivingTrailersWithoutFin) { auto headers = AsHeaderList(headers_); stream_->OnStreamHeaderList(/*fin=*/false, headers.uncompressed_header_bytes(), headers); + stream_->ConsumeHeaderList(); // Receive trailing headers with FIN deliberately set to false. SpdyHeaderBlock trailers_block; + trailers_block["foo"] = "bar"; auto trailers = AsHeaderList(trailers_block); EXPECT_CALL(*connection_, @@ -774,6 +776,7 @@ TEST_P(QuicSpdyStreamTest, ReceivingTrailersAfterHeadersWithFin) { // Receive trailing headers after FIN already received. SpdyHeaderBlock trailers_block; + trailers_block["foo"] = "bar"; EXPECT_CALL(*connection_, CloseConnection(QUIC_INVALID_HEADERS_STREAM_DATA, _, _)) .Times(1); @@ -794,10 +797,11 @@ TEST_P(QuicSpdyStreamTest, ReceivingTrailersAfterBodyWithFin) { // Receive trailing headers after FIN already received. SpdyHeaderBlock trailers_block; + trailers_block["foo"] = "bar"; EXPECT_CALL(*connection_, CloseConnection(QUIC_INVALID_HEADERS_STREAM_DATA, _, _)) .Times(1); - ProcessHeaders(false, trailers_block); + ProcessHeaders(true, trailers_block); } TEST_P(QuicSpdyStreamTest, ClosingStreamWithNoTrailers) { diff --git a/chromium/net/quic/core/quic_stream.cc b/chromium/net/quic/core/quic_stream.cc index 13df51088ca..a7ab1afe662 100644 --- a/chromium/net/quic/core/quic_stream.cc +++ b/chromium/net/quic/core/quic_stream.cc @@ -9,7 +9,6 @@ #include "net/quic/platform/api/quic_bug_tracker.h" #include "net/quic/platform/api/quic_logging.h" -using base::StringPiece; using std::string; namespace net { @@ -19,7 +18,7 @@ namespace net { namespace { -struct iovec MakeIovec(StringPiece data) { +struct iovec MakeIovec(QuicStringPiece data) { struct iovec iov = {const_cast<char*>(data.data()), static_cast<size_t>(data.size())}; return iov; @@ -182,7 +181,7 @@ void QuicStream::CloseConnectionWithDetails(QuicErrorCode error, } void QuicStream::WriteOrBufferData( - StringPiece data, + QuicStringPiece data, bool fin, QuicReferenceCountedPointer<QuicAckListenerInterface> ack_listener) { if (data.empty() && !fin) { @@ -212,7 +211,7 @@ void QuicStream::WriteOrBufferData( // If there's unconsumed data or an unconsumed fin, queue it. if (consumed_data.bytes_consumed < data.length() || (fin && !consumed_data.fin_consumed)) { - StringPiece remainder(data.substr(consumed_data.bytes_consumed)); + QuicStringPiece remainder(data.substr(consumed_data.bytes_consumed)); queued_data_bytes_ += remainder.size(); queued_data_.emplace_back(remainder.as_string(), ack_listener); } diff --git a/chromium/net/quic/core/quic_stream.h b/chromium/net/quic/core/quic_stream.h index 553f6ba76bc..5133fa9f301 100644 --- a/chromium/net/quic/core/quic_stream.h +++ b/chromium/net/quic/core/quic_stream.h @@ -23,7 +23,6 @@ #include <string> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/base/iovec.h" #include "net/quic/core/quic_flow_controller.h" #include "net/quic/core/quic_iovector.h" @@ -32,6 +31,7 @@ #include "net/quic/core/quic_types.h" #include "net/quic/platform/api/quic_export.h" #include "net/quic/platform/api/quic_reference_counted.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -182,7 +182,7 @@ class QUIC_EXPORT_PRIVATE QuicStream { // If fin is true: if it is immediately passed on to the session, // write_side_closed() becomes true, otherwise fin_buffered_ becomes true. void WriteOrBufferData( - base::StringPiece data, + QuicStringPiece data, bool fin, QuicReferenceCountedPointer<QuicAckListenerInterface> ack_listener); diff --git a/chromium/net/quic/core/quic_stream_sequencer.cc b/chromium/net/quic/core/quic_stream_sequencer.cc index 1196424b314..d272910c300 100644 --- a/chromium/net/quic/core/quic_stream_sequencer.cc +++ b/chromium/net/quic/core/quic_stream_sequencer.cc @@ -17,8 +17,8 @@ #include "net/quic/platform/api/quic_clock.h" #include "net/quic/platform/api/quic_logging.h" #include "net/quic/platform/api/quic_str_cat.h" +#include "net/quic/platform/api/quic_string_piece.h" -using base::StringPiece; using std::string; namespace net { @@ -50,7 +50,7 @@ void QuicStreamSequencer::OnStreamFrame(const QuicStreamFrame& frame) { size_t bytes_written; string error_details; QuicErrorCode result = buffered_frames_.OnStreamData( - byte_offset, StringPiece(frame.data_buffer, frame.data_length), + byte_offset, QuicStringPiece(frame.data_buffer, frame.data_length), clock_->ApproximateNow(), &bytes_written, &error_details); if (result != QUIC_NO_ERROR) { string details = QuicStrCat( diff --git a/chromium/net/quic/core/quic_stream_sequencer_buffer.cc b/chromium/net/quic/core/quic_stream_sequencer_buffer.cc index 210bf56bd5d..09fd43d31bb 100644 --- a/chromium/net/quic/core/quic_stream_sequencer_buffer.cc +++ b/chromium/net/quic/core/quic_stream_sequencer_buffer.cc @@ -38,11 +38,7 @@ QuicStreamSequencerBuffer::QuicStreamSequencerBuffer(size_t max_capacity_bytes) blocks_count_( ceil(static_cast<double>(max_capacity_bytes) / kBlockSizeBytes)), total_bytes_read_(0), - reduce_sequencer_buffer_memory_life_time_( - FLAGS_quic_reloadable_flag_quic_reduce_sequencer_buffer_memory_life_time), // NOLINT - blocks_(reduce_sequencer_buffer_memory_life_time_ - ? nullptr - : new BufferBlock*[blocks_count_]()), + blocks_(nullptr), destruction_indicator_(123456) { CHECK_GT(blocks_count_, 1u) << "blocks_count_ = " << blocks_count_ @@ -56,7 +52,7 @@ QuicStreamSequencerBuffer::~QuicStreamSequencerBuffer() { } void QuicStreamSequencerBuffer::Clear() { - if (!reduce_sequencer_buffer_memory_life_time_ || blocks_ != nullptr) { + if (blocks_ != nullptr) { for (size_t i = 0; i < blocks_count_; ++i) { if (blocks_[i] != nullptr) { RetireBlock(i); @@ -85,7 +81,7 @@ bool QuicStreamSequencerBuffer::RetireBlock(size_t idx) { QuicErrorCode QuicStreamSequencerBuffer::OnStreamData( QuicStreamOffset starting_offset, - base::StringPiece data, + QuicStringPiece data, QuicTime timestamp, size_t* const bytes_buffered, std::string* error_details) { @@ -108,7 +104,7 @@ QuicErrorCode QuicStreamSequencerBuffer::OnStreamData( DCHECK(current_gap != gaps_.end()); // "duplication": might duplicate with data alread filled,but also might - // overlap across different base::StringPiece objects already written. + // overlap across different QuicStringPiece objects already written. // In both cases, don't write the data, // and allow the caller of this method to handle the result. if (offset < current_gap->begin_offset && @@ -175,7 +171,7 @@ QuicErrorCode QuicStreamSequencerBuffer::OnStreamData( bytes_avail = total_bytes_read_ + max_buffer_capacity_bytes_ - offset; } - if (reduce_sequencer_buffer_memory_life_time_ && blocks_ == nullptr) { + if (blocks_ == nullptr) { blocks_.reset(new BufferBlock*[blocks_count_]()); for (size_t i = 0; i < blocks_count_; ++i) { blocks_[i] = nullptr; @@ -464,10 +460,6 @@ size_t QuicStreamSequencerBuffer::FlushBufferedFrames() { } void QuicStreamSequencerBuffer::ReleaseWholeBuffer() { - if (!reduce_sequencer_buffer_memory_life_time_) { - // Don't release buffer if flag is off. - return; - } Clear(); blocks_.reset(nullptr); } diff --git a/chromium/net/quic/core/quic_stream_sequencer_buffer.h b/chromium/net/quic/core/quic_stream_sequencer_buffer.h index 14d10147c6c..781e6bb73c5 100644 --- a/chromium/net/quic/core/quic_stream_sequencer_buffer.h +++ b/chromium/net/quic/core/quic_stream_sequencer_buffer.h @@ -28,11 +28,11 @@ // Expected Use: // QuicStreamSequencerBuffer buffer(2.5 * 8 * 1024); // std::string source(1024, 'a'); -// base::StringPiece std::string_piece(source.data(), source.size()); +// QuicStringPiece std::string_piece(source.data(), source.size()); // size_t written = 0; // buffer.OnStreamData(800, std::string_piece, GetEpollClockNow(), &written); // source = std::string{800, 'b'}; -// base::StringPiece std::string_piece1(source.data(), 800); +// QuicStringPiece std::string_piece1(source.data(), 800); // // Try to write to [1, 801), but should fail due to overlapping, // // res should be QUIC_INVALID_STREAM_DATA // auto res = buffer.OnStreamData(1, std::string_piece1, &written)); @@ -67,6 +67,7 @@ #include "base/macros.h" #include "net/quic/core/quic_packets.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -117,7 +118,7 @@ class QUIC_EXPORT_PRIVATE QuicStreamSequencerBuffer { // bytes buffered in |bytes_buffered|. Returns an error otherwise. // |timestamp| is the time the data arrived. QuicErrorCode OnStreamData(QuicStreamOffset offset, - base::StringPiece data, + QuicStringPiece data, QuicTime timestamp, size_t* bytes_buffered, std::string* error_details); @@ -166,10 +167,6 @@ class QUIC_EXPORT_PRIVATE QuicStreamSequencerBuffer { // Count how many bytes are in buffer at this moment. size_t BytesBuffered() const; - bool reduce_sequencer_buffer_memory_life_time() const { - return reduce_sequencer_buffer_memory_life_time_; - } - private: friend class test::QuicStreamSequencerBufferPeer; @@ -237,10 +234,6 @@ class QUIC_EXPORT_PRIVATE QuicStreamSequencerBuffer { // Contains Gaps which represents currently missing data. std::list<Gap> gaps_; - // If true, allocate buffer memory upon the first frame arrival and release - // the memory when stream is read closed. - bool reduce_sequencer_buffer_memory_life_time_; - // An ordered, variable-length list of blocks, with the length limited // such that the number of blocks never exceeds blocks_count_. // Each list entry can hold up to kBlockSizeBytes bytes. diff --git a/chromium/net/quic/core/quic_stream_sequencer_buffer_test.cc b/chromium/net/quic/core/quic_stream_sequencer_buffer_test.cc index e3be181e0c4..175c54f00be 100644 --- a/chromium/net/quic/core/quic_stream_sequencer_buffer_test.cc +++ b/chromium/net/quic/core/quic_stream_sequencer_buffer_test.cc @@ -111,9 +111,7 @@ TEST_F(QuicStreamSequencerBufferTest, OnStreamData0length) { } TEST_F(QuicStreamSequencerBufferTest, OnStreamDataWithinBlock) { - if (FLAGS_quic_reloadable_flag_quic_reduce_sequencer_buffer_memory_life_time) { // NOLINT - EXPECT_FALSE(helper_->IsBufferAllocated()); - } + EXPECT_FALSE(helper_->IsBufferAllocated()); string source(1024, 'a'); size_t written; clock_.AdvanceTime(QuicTime::Delta::FromSeconds(1)); @@ -138,8 +136,8 @@ TEST_F(QuicStreamSequencerBufferTest, OnStreamDataWithinBlock) { TEST_F(QuicStreamSequencerBufferTest, OnStreamDataInvalidSource) { // Pass in an invalid source, expects to return error. - StringPiece source; - source = StringPiece(nullptr, 1024); + QuicStringPiece source; + source = QuicStringPiece(nullptr, 1024); size_t written; clock_.AdvanceTime(QuicTime::Delta::FromSeconds(1)); QuicTime t = clock_.ApproximateNow(); @@ -472,11 +470,6 @@ TEST_F(QuicStreamSequencerBufferTest, GetReadableRegionsEmpty) { TEST_F(QuicStreamSequencerBufferTest, ReleaseWholeBuffer) { // Tests that buffer is not deallocated unless ReleaseWholeBuffer() is called. - if (!FLAGS_quic_reloadable_flag_quic_reduce_sequencer_buffer_memory_life_time) { // NOLINT - // Won't release buffer when flag is off. - return; - } - string source(100, 'b'); clock_.AdvanceTime(QuicTime::Delta::FromSeconds(1)); QuicTime t1 = clock_.ApproximateNow(); @@ -872,7 +865,7 @@ class QuicStreamSequencerBufferRandomIOTest for (size_t i = 0; i < num_to_write; ++i) { write_buf[i] = (offset + i) % 256; } - base::StringPiece string_piece_w(write_buf.get(), num_to_write); + QuicStringPiece string_piece_w(write_buf.get(), num_to_write); size_t written; auto result = buffer_->OnStreamData(offset, string_piece_w, clock_.ApproximateNow(), diff --git a/chromium/net/quic/core/quic_stream_sequencer_test.cc b/chromium/net/quic/core/quic_stream_sequencer_test.cc index a7b64b5cbd3..a75ca27b0a7 100644 --- a/chromium/net/quic/core/quic_stream_sequencer_test.cc +++ b/chromium/net/quic/core/quic_stream_sequencer_test.cc @@ -13,6 +13,7 @@ #include "net/quic/core/quic_stream.h" #include "net/quic/core/quic_utils.h" #include "net/quic/platform/api/quic_logging.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/test_tools/mock_clock.h" #include "net/quic/test_tools/quic_stream_sequencer_peer.h" #include "net/quic/test_tools/quic_test_utils.h" @@ -21,7 +22,6 @@ #include "testing/gmock_mutant.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; using testing::_; using testing::AnyNumber; @@ -112,7 +112,7 @@ class QuicStreamSequencerTest : public ::testing::Test { return true; } - bool VerifyIovec(const iovec& iovec, StringPiece expected) { + bool VerifyIovec(const iovec& iovec, QuicStringPiece expected) { if (iovec.iov_len != expected.length()) { QUIC_LOG(ERROR) << "Invalid length: " << iovec.iov_len << " vs " << expected.length(); @@ -571,10 +571,12 @@ TEST_F(QuicStreamSequencerTest, DontAcceptOverlappingFrames) { // The peer should never send us non-identical stream frames which contain // overlapping byte ranges - if they do, we close the connection. - QuicStreamFrame frame1(kClientDataStreamId1, false, 1, StringPiece("hello")); + QuicStreamFrame frame1(kClientDataStreamId1, false, 1, + QuicStringPiece("hello")); sequencer_->OnStreamFrame(frame1); - QuicStreamFrame frame2(kClientDataStreamId1, false, 2, StringPiece("hello")); + QuicStreamFrame frame2(kClientDataStreamId1, false, 2, + QuicStringPiece("hello")); EXPECT_CALL(stream_, CloseConnectionWithDetails(QUIC_OVERLAPPING_STREAM_DATA, _)) .Times(1); @@ -666,7 +668,7 @@ TEST_F(QuicStreamSequencerTest, OutOfOrderTimestamps) { TEST_F(QuicStreamSequencerTest, OnStreamFrameWithNullSource) { // Pass in a frame with data pointing to null address, expect to close // connection with error. - StringPiece source; + QuicStringPiece source; source.set(nullptr, 5u); QuicStreamFrame frame(kClientDataStreamId1, false, 1, source); EXPECT_CALL(stream_, CloseConnectionWithDetails( diff --git a/chromium/net/quic/core/quic_stream_test.cc b/chromium/net/quic/core/quic_stream_test.cc index d8c91c9f36e..4c7ade9206a 100644 --- a/chromium/net/quic/core/quic_stream_test.cc +++ b/chromium/net/quic/core/quic_stream_test.cc @@ -23,7 +23,6 @@ #include "testing/gmock/include/gmock/gmock.h" #include "testing/gmock_mutant.h" -using base::StringPiece; using std::string; using testing::AnyNumber; using testing::AtLeast; @@ -184,7 +183,7 @@ TEST_F(QuicStreamTest, NoBlockingIfNoDataOrFin) { // Write no data and no fin. If we consume nothing we should not be write // blocked. - EXPECT_QUIC_BUG(stream_->WriteOrBufferData(StringPiece(), false, nullptr), + EXPECT_QUIC_BUG(stream_->WriteOrBufferData(QuicStringPiece(), false, nullptr), ""); EXPECT_FALSE(HasWriteBlockedStreams()); } @@ -196,7 +195,7 @@ TEST_F(QuicStreamTest, BlockIfOnlySomeDataConsumed) { // we should be write blocked a not all the data was consumed. EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _)) .WillOnce(Return(QuicConsumedData(1, false))); - stream_->WriteOrBufferData(StringPiece(kData1, 2), false, nullptr); + stream_->WriteOrBufferData(QuicStringPiece(kData1, 2), false, nullptr); ASSERT_EQ(1u, write_blocked_list_->NumBlockedStreams()); EXPECT_EQ(1u, stream_->queued_data_bytes()); } @@ -210,7 +209,7 @@ TEST_F(QuicStreamTest, BlockIfFinNotConsumedWithData) { // last data) EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _)) .WillOnce(Return(QuicConsumedData(2, false))); - stream_->WriteOrBufferData(StringPiece(kData1, 2), true, nullptr); + stream_->WriteOrBufferData(QuicStringPiece(kData1, 2), true, nullptr); ASSERT_EQ(1u, write_blocked_list_->NumBlockedStreams()); } @@ -221,7 +220,7 @@ TEST_F(QuicStreamTest, BlockIfSoloFinNotConsumed) { // as the fin was not consumed. EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _)) .WillOnce(Return(QuicConsumedData(0, false))); - stream_->WriteOrBufferData(StringPiece(), true, nullptr); + stream_->WriteOrBufferData(QuicStringPiece(), true, nullptr); ASSERT_EQ(1u, write_blocked_list_->NumBlockedStreams()); } @@ -233,7 +232,7 @@ TEST_F(QuicStreamTest, CloseOnPartialWrite) { // crash with an unknown stream. EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _)) .WillOnce(Invoke(this, &QuicStreamTest::CloseStreamOnWriteError)); - stream_->WriteOrBufferData(StringPiece(kData1, 2), false, nullptr); + stream_->WriteOrBufferData(QuicStringPiece(kData1, 2), false, nullptr); ASSERT_EQ(0u, write_blocked_list_->NumBlockedStreams()); } @@ -294,7 +293,7 @@ TEST_F(QuicStreamTest, RstAlwaysSentIfNoFinSent) { // Write some data, with no FIN. EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _)) .WillOnce(Return(QuicConsumedData(1, false))); - stream_->WriteOrBufferData(StringPiece(kData1, 1), false, nullptr); + stream_->WriteOrBufferData(QuicStringPiece(kData1, 1), false, nullptr); EXPECT_FALSE(fin_sent()); EXPECT_FALSE(rst_sent()); @@ -317,7 +316,7 @@ TEST_F(QuicStreamTest, RstNotSentIfFinSent) { // Write some data, with FIN. EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _)) .WillOnce(Return(QuicConsumedData(1, true))); - stream_->WriteOrBufferData(StringPiece(kData1, 1), true, nullptr); + stream_->WriteOrBufferData(QuicStringPiece(kData1, 1), true, nullptr); EXPECT_TRUE(fin_sent()); EXPECT_FALSE(rst_sent()); @@ -540,7 +539,7 @@ TEST_F(QuicStreamTest, StreamSequencerNeverSeesPacketsViolatingFlowControl) { // higher than the receive window offset. QuicStreamFrame frame(stream_->id(), false, kInitialSessionFlowControlWindowForTest + 1, - StringPiece(".")); + QuicStringPiece(".")); EXPECT_GT(frame.offset, QuicFlowControllerPeer::ReceiveWindowOffset( stream_->flow_controller())); @@ -581,12 +580,12 @@ TEST_F(QuicStreamTest, FinalByteOffsetFromFin) { EXPECT_FALSE(stream_->HasFinalReceivedByteOffset()); QuicStreamFrame stream_frame_no_fin(stream_->id(), false, 1234, - StringPiece(".")); + QuicStringPiece(".")); stream_->OnStreamFrame(stream_frame_no_fin); EXPECT_FALSE(stream_->HasFinalReceivedByteOffset()); QuicStreamFrame stream_frame_with_fin(stream_->id(), true, 1234, - StringPiece(".")); + QuicStringPiece(".")); stream_->OnStreamFrame(stream_frame_with_fin); EXPECT_TRUE(stream_->HasFinalReceivedByteOffset()); } @@ -622,7 +621,7 @@ TEST_F(QuicStreamTest, FinalByteOffsetFromZeroLengthStreamFrame) { current_connection_flow_control_offset); QuicStreamFrame zero_length_stream_frame_with_fin( stream_->id(), /*fin=*/true, kByteOffsetExceedingFlowControlWindow, - StringPiece()); + QuicStringPiece()); EXPECT_EQ(0, zero_length_stream_frame_with_fin.data_length); EXPECT_CALL(*connection_, CloseConnection(_, _, _)).Times(0); @@ -644,7 +643,7 @@ TEST_F(QuicStreamTest, SetDrainingIncomingOutgoing) { // Incoming data with FIN. QuicStreamFrame stream_frame_with_fin(stream_->id(), true, 1234, - StringPiece(".")); + QuicStringPiece(".")); stream_->OnStreamFrame(stream_frame_with_fin); // The FIN has been received but not consumed. EXPECT_TRUE(stream_->HasFinalReceivedByteOffset()); @@ -656,7 +655,7 @@ TEST_F(QuicStreamTest, SetDrainingIncomingOutgoing) { // Outgoing data with FIN. EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _)) .WillOnce(Return(QuicConsumedData(2, true))); - stream_->WriteOrBufferData(StringPiece(kData1, 2), true, nullptr); + stream_->WriteOrBufferData(QuicStringPiece(kData1, 2), true, nullptr); EXPECT_TRUE(stream_->write_side_closed()); EXPECT_EQ(1u, QuicSessionPeer::GetDrainingStreams(session_.get()) @@ -671,14 +670,14 @@ TEST_F(QuicStreamTest, SetDrainingOutgoingIncoming) { // Outgoing data with FIN. EXPECT_CALL(*session_, WritevData(stream_, kTestStreamId, _, _, _, _)) .WillOnce(Return(QuicConsumedData(2, true))); - stream_->WriteOrBufferData(StringPiece(kData1, 2), true, nullptr); + stream_->WriteOrBufferData(QuicStringPiece(kData1, 2), true, nullptr); EXPECT_TRUE(stream_->write_side_closed()); EXPECT_EQ(1u, session_->GetNumOpenIncomingStreams()); // Incoming data with FIN. QuicStreamFrame stream_frame_with_fin(stream_->id(), true, 1234, - StringPiece(".")); + QuicStringPiece(".")); stream_->OnStreamFrame(stream_frame_with_fin); // The FIN has been received but not consumed. EXPECT_TRUE(stream_->HasFinalReceivedByteOffset()); @@ -700,7 +699,7 @@ TEST_F(QuicStreamTest, EarlyResponseFinHandling) { .WillRepeatedly(Invoke(MockQuicSession::ConsumeAllData)); // Receive data for the request. - QuicStreamFrame frame1(stream_->id(), false, 0, StringPiece("Start")); + QuicStreamFrame frame1(stream_->id(), false, 0, QuicStringPiece("Start")); stream_->OnStreamFrame(frame1); // When QuicSimpleServerStream sends the response, it calls // QuicStream::CloseReadSide() first. @@ -709,7 +708,7 @@ TEST_F(QuicStreamTest, EarlyResponseFinHandling) { stream_->WriteOrBufferData(kData1, false, nullptr); EXPECT_TRUE(QuicStreamPeer::read_side_closed(stream_)); // Receive remaining data and FIN for the request. - QuicStreamFrame frame2(stream_->id(), true, 0, StringPiece("End")); + QuicStreamFrame frame2(stream_->id(), true, 0, QuicStringPiece("End")); stream_->OnStreamFrame(frame2); EXPECT_TRUE(stream_->fin_received()); EXPECT_TRUE(stream_->HasFinalReceivedByteOffset()); diff --git a/chromium/net/quic/core/quic_transmission_info.cc b/chromium/net/quic/core/quic_transmission_info.cc index 96cbfd2407d..d56543282f6 100644 --- a/chromium/net/quic/core/quic_transmission_info.cc +++ b/chromium/net/quic/core/quic_transmission_info.cc @@ -16,7 +16,8 @@ QuicTransmissionInfo::QuicTransmissionInfo() is_unackable(false), has_crypto_handshake(false), num_padding_bytes(0), - retransmission(0) {} + retransmission(0), + largest_acked(0) {} QuicTransmissionInfo::QuicTransmissionInfo( EncryptionLevel level, @@ -35,7 +36,8 @@ QuicTransmissionInfo::QuicTransmissionInfo( is_unackable(false), has_crypto_handshake(has_crypto_handshake), num_padding_bytes(num_padding_bytes), - retransmission(0) {} + retransmission(0), + largest_acked(0) {} QuicTransmissionInfo::QuicTransmissionInfo(const QuicTransmissionInfo& other) = default; diff --git a/chromium/net/quic/core/quic_transmission_info.h b/chromium/net/quic/core/quic_transmission_info.h index cce790e461b..1dee816bc4d 100644 --- a/chromium/net/quic/core/quic_transmission_info.h +++ b/chromium/net/quic/core/quic_transmission_info.h @@ -55,7 +55,14 @@ struct QUIC_EXPORT_PRIVATE QuicTransmissionInfo { QuicPacketNumber retransmission; // Non-empty if there is a listener for this packet. std::list<AckListenerWrapper> ack_listeners; + // The largest_acked in the ack frame, if the packet contains an ack. + QuicPacketNumber largest_acked; }; +// TODO(ianswett): Add static_assert when size of this struct is reduced below +// 64 bytes. +// NOTE(vlovich): Existing static_assert removed because padding differences on +// 64-bit iOS resulted in an 88-byte struct that is greater than the 84-byte +// limit on other platforms. Removing per ianswett's request. } // namespace net diff --git a/chromium/net/quic/core/quic_types.h b/chromium/net/quic/core/quic_types.h index 30fefd2137e..758081a66bb 100644 --- a/chromium/net/quic/core/quic_types.h +++ b/chromium/net/quic/core/quic_types.h @@ -16,7 +16,6 @@ namespace net { -typedef uint8_t QuicPathId; typedef uint16_t QuicPacketLength; typedef uint32_t QuicHeaderId; typedef uint32_t QuicStreamId; @@ -122,7 +121,6 @@ enum QuicFrameType { BLOCKED_FRAME = 5, STOP_WAITING_FRAME = 6, PING_FRAME = 7, - PATH_CLOSE_FRAME = 8, // STREAM and ACK frames are special frames. They are encoded differently on // the wire and their values do not need to be stable. @@ -184,6 +182,8 @@ enum QuicPacketPublicFlags { PACKET_PUBLIC_FLAGS_4BYTE_PACKET = PACKET_FLAGS_4BYTE_PACKET << 4, PACKET_PUBLIC_FLAGS_6BYTE_PACKET = PACKET_FLAGS_6BYTE_PACKET << 4, + // TODO(fayang): Remove PACKET_PUBLIC_FLAGS_MULTIPATH when deprecating + // quic_reloadable_flag_quic_remove_multipath_bit. // Bit 6: Does the packet header contain a path id? PACKET_PUBLIC_FLAGS_MULTIPATH = 1 << 6, @@ -192,8 +192,14 @@ enum QuicPacketPublicFlags { // Bit 7: indicates the presence of a second flags byte. PACKET_PUBLIC_FLAGS_TWO_OR_MORE_BYTES = 1 << 7, + // TODO(fayang): Remove PACKET_PUBLIC_FLAGS_MAX and rename + // PACKET_PUBLIC_FLAGS_MAX_WITHOUT_MULTIPATH_FLAG when deprecating + // quic_reloadable_flag_quic_remove_multipath_bit. // All bits set (bit 7 is not currently used): 01111111 PACKET_PUBLIC_FLAGS_MAX = (1 << 7) - 1, + + // All bits set (bits 6 and 7 are not currently used): 00111111 + PACKET_PUBLIC_FLAGS_MAX_WITHOUT_MULTIPATH_FLAG = (1 << 6) - 1, }; // The private flags are specified in one byte. diff --git a/chromium/net/quic/core/quic_unacked_packet_map.cc b/chromium/net/quic/core/quic_unacked_packet_map.cc index 62a687c7d3b..8c5fbf1b57e 100644 --- a/chromium/net/quic/core/quic_unacked_packet_map.cc +++ b/chromium/net/quic/core/quic_unacked_packet_map.cc @@ -43,6 +43,7 @@ void QuicUnackedPacketMap::AddSentPacket(SerializedPacket* packet, QuicTransmissionInfo info( packet->encryption_level, packet->packet_number_length, transmission_type, sent_time, bytes_sent, has_crypto_handshake, packet->num_padding_bytes); + info.largest_acked = packet->largest_acked; if (old_packet_number > 0) { TransferRetransmissionInfo(old_packet_number, packet_number, transmission_type, &info); diff --git a/chromium/net/quic/core/quic_unacked_packet_map_test.cc b/chromium/net/quic/core/quic_unacked_packet_map_test.cc index 443cae68807..29c75bb6e4f 100644 --- a/chromium/net/quic/core/quic_unacked_packet_map_test.cc +++ b/chromium/net/quic/core/quic_unacked_packet_map_test.cc @@ -30,9 +30,8 @@ class QuicUnackedPacketMapTest : public ::testing::Test { SerializedPacket CreateRetransmittablePacketForStream( QuicPacketNumber packet_number, QuicStreamId stream_id) { - SerializedPacket packet(kDefaultPathId, packet_number, - PACKET_1BYTE_PACKET_NUMBER, nullptr, kDefaultLength, - false, false); + SerializedPacket packet(packet_number, PACKET_1BYTE_PACKET_NUMBER, nullptr, + kDefaultLength, false, false); QuicStreamFrame* frame = new QuicStreamFrame(); frame->stream_id = stream_id; packet.retransmittable_frames.push_back(QuicFrame(frame)); @@ -41,9 +40,8 @@ class QuicUnackedPacketMapTest : public ::testing::Test { SerializedPacket CreateNonRetransmittablePacket( QuicPacketNumber packet_number) { - return SerializedPacket(kDefaultPathId, packet_number, - PACKET_1BYTE_PACKET_NUMBER, nullptr, kDefaultLength, - false, false); + return SerializedPacket(packet_number, PACKET_1BYTE_PACKET_NUMBER, nullptr, + kDefaultLength, false, false); } void VerifyInFlightPackets(QuicPacketNumber* packets, size_t num_packets) { diff --git a/chromium/net/quic/core/quic_utils.cc b/chromium/net/quic/core/quic_utils.cc index 861ee3d62c6..d68c55fb715 100644 --- a/chromium/net/quic/core/quic_utils.cc +++ b/chromium/net/quic/core/quic_utils.cc @@ -13,7 +13,6 @@ #include "net/quic/core/quic_constants.h" #include "net/quic/core/quic_flags.h" -using base::StringPiece; using std::string; namespace net { @@ -29,7 +28,7 @@ namespace { #endif #ifdef QUIC_UTIL_HAS_UINT128 -uint128 IncrementalHashFast(uint128 uhash, StringPiece data) { +uint128 IncrementalHashFast(uint128 uhash, QuicStringPiece data) { // This code ends up faster than the naive implementation for 2 reasons: // 1. uint128 from base/int128.h is sufficiently complicated that the compiler // cannot transform the multiplication by kPrime into a shift-multiply-add; @@ -53,7 +52,7 @@ uint128 IncrementalHashFast(uint128 uhash, StringPiece data) { #ifndef QUIC_UTIL_HAS_UINT128 // Slow implementation of IncrementalHash. In practice, only used by Chromium. -uint128 IncrementalHashSlow(uint128 hash, StringPiece data) { +uint128 IncrementalHashSlow(uint128 hash, QuicStringPiece data) { // kPrime = 309485009821345068724781371 static const uint128 kPrime = MakeUint128(16777216, 315); const uint8_t* octets = reinterpret_cast<const uint8_t*>(data.data()); @@ -65,7 +64,7 @@ uint128 IncrementalHashSlow(uint128 hash, StringPiece data) { } #endif -uint128 IncrementalHash(uint128 hash, StringPiece data) { +uint128 IncrementalHash(uint128 hash, QuicStringPiece data) { #ifdef QUIC_UTIL_HAS_UINT128 return IncrementalHashFast(hash, data); #else @@ -76,7 +75,7 @@ uint128 IncrementalHash(uint128 hash, StringPiece data) { } // namespace // static -uint64_t QuicUtils::FNV1a_64_Hash(StringPiece data) { +uint64_t QuicUtils::FNV1a_64_Hash(QuicStringPiece data) { static const uint64_t kOffset = UINT64_C(14695981039346656037); static const uint64_t kPrime = UINT64_C(1099511628211); @@ -93,19 +92,20 @@ uint64_t QuicUtils::FNV1a_64_Hash(StringPiece data) { } // static -uint128 QuicUtils::FNV1a_128_Hash(StringPiece data) { - return FNV1a_128_Hash_Three(data, StringPiece(), StringPiece()); +uint128 QuicUtils::FNV1a_128_Hash(QuicStringPiece data) { + return FNV1a_128_Hash_Three(data, QuicStringPiece(), QuicStringPiece()); } // static -uint128 QuicUtils::FNV1a_128_Hash_Two(StringPiece data1, StringPiece data2) { - return FNV1a_128_Hash_Three(data1, data2, StringPiece()); +uint128 QuicUtils::FNV1a_128_Hash_Two(QuicStringPiece data1, + QuicStringPiece data2) { + return FNV1a_128_Hash_Three(data1, data2, QuicStringPiece()); } // static -uint128 QuicUtils::FNV1a_128_Hash_Three(StringPiece data1, - StringPiece data2, - StringPiece data3) { +uint128 QuicUtils::FNV1a_128_Hash_Three(QuicStringPiece data1, + QuicStringPiece data2, + QuicStringPiece data3) { // The two constants are defined as part of the hash algorithm. // see http://www.isthe.com/chongo/tech/comp/fnv/ // kOffset = 144066263297769815596495629667062367629 @@ -176,21 +176,6 @@ string QuicUtils::PeerAddressChangeTypeToString(PeerAddressChangeType type) { } // static -uint64_t QuicUtils::PackPathIdAndPacketNumber(QuicPathId path_id, - QuicPacketNumber packet_number) { - // Setting the nonce below relies on QuicPathId and QuicPacketNumber being - // specific sizes. - static_assert(sizeof(path_id) == 1, "Size of QuicPathId changed."); - static_assert(sizeof(packet_number) == 8, - "Size of QuicPacketNumber changed."); - // Use path_id and lower 7 bytes of packet_number as lower 8 bytes of nonce. - uint64_t path_id_packet_number = - (static_cast<uint64_t>(path_id) << 56) | packet_number; - DCHECK(path_id != kDefaultPathId || path_id_packet_number == packet_number); - return path_id_packet_number; -} - -// static PeerAddressChangeType QuicUtils::DetermineAddressChangeType( const QuicSocketAddress& old_address, const QuicSocketAddress& new_address) { diff --git a/chromium/net/quic/core/quic_utils.h b/chromium/net/quic/core/quic_utils.h index c32e8657dde..723874f14cf 100644 --- a/chromium/net/quic/core/quic_utils.h +++ b/chromium/net/quic/core/quic_utils.h @@ -10,12 +10,12 @@ #include <string> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/base/int128.h" #include "net/quic/core/quic_error_codes.h" #include "net/quic/core/quic_types.h" #include "net/quic/platform/api/quic_export.h" #include "net/quic/platform/api/quic_socket_address.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -23,22 +23,22 @@ class QUIC_EXPORT_PRIVATE QuicUtils { public: // Returns the 64 bit FNV1a hash of the data. See // http://www.isthe.com/chongo/tech/comp/fnv/index.html#FNV-param - static uint64_t FNV1a_64_Hash(base::StringPiece data); + static uint64_t FNV1a_64_Hash(QuicStringPiece data); // Returns the 128 bit FNV1a hash of the data. See // http://www.isthe.com/chongo/tech/comp/fnv/index.html#FNV-param - static uint128 FNV1a_128_Hash(base::StringPiece data); + static uint128 FNV1a_128_Hash(QuicStringPiece data); // Returns the 128 bit FNV1a hash of the two sequences of data. See // http://www.isthe.com/chongo/tech/comp/fnv/index.html#FNV-param - static uint128 FNV1a_128_Hash_Two(base::StringPiece data1, - base::StringPiece data2); + static uint128 FNV1a_128_Hash_Two(QuicStringPiece data1, + QuicStringPiece data2); // Returns the 128 bit FNV1a hash of the three sequences of data. See // http://www.isthe.com/chongo/tech/comp/fnv/index.html#FNV-param - static uint128 FNV1a_128_Hash_Three(base::StringPiece data1, - base::StringPiece data2, - base::StringPiece data3); + static uint128 FNV1a_128_Hash_Three(QuicStringPiece data1, + QuicStringPiece data2, + QuicStringPiece data3); // SerializeUint128 writes the first 96 bits of |v| in little-endian form // to |out|. @@ -53,12 +53,6 @@ class QUIC_EXPORT_PRIVATE QuicUtils { // Returns PeerAddressChangeType as a std::string. static std::string PeerAddressChangeTypeToString(PeerAddressChangeType type); - // Returns a packed representation of |path_id| and |packet_number| in which - // the highest byte is set to |path_id| and the lower 7 bytes are the lower - // 7 bytes of |packet_number|. - static uint64_t PackPathIdAndPacketNumber(QuicPathId path_id, - QuicPacketNumber packet_number); - // Determines and returns change type of address change from |old_address| to // |new_address|. static PeerAddressChangeType DetermineAddressChangeType( diff --git a/chromium/net/quic/core/quic_utils_test.cc b/chromium/net/quic/core/quic_utils_test.cc index 6d0be398b07..201ae4b0de2 100644 --- a/chromium/net/quic/core/quic_utils_test.cc +++ b/chromium/net/quic/core/quic_utils_test.cc @@ -7,7 +7,6 @@ #include "net/quic/core/crypto/crypto_protocol.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; namespace net { @@ -95,7 +94,7 @@ TEST(QuicUtilsHashTest, ReferenceTest) { data[i] = i % 255; } EXPECT_EQ(IncrementalHashReference(data.data(), data.size()), - QuicUtils::FNV1a_128_Hash(StringPiece( + QuicUtils::FNV1a_128_Hash(QuicStringPiece( reinterpret_cast<const char*>(data.data()), data.size()))); } diff --git a/chromium/net/quic/core/quic_versions.cc b/chromium/net/quic/core/quic_versions.cc index 8705df3410a..a26aa2dddbd 100644 --- a/chromium/net/quic/core/quic_versions.cc +++ b/chromium/net/quic/core/quic_versions.cc @@ -4,14 +4,12 @@ #include "net/quic/core/quic_versions.h" -#include "base/strings/string_piece.h" #include "net/quic/core/quic_error_codes.h" #include "net/quic/core/quic_flags.h" #include "net/quic/core/quic_tag.h" #include "net/quic/core/quic_types.h" #include "net/quic/platform/api/quic_logging.h" -using base::StringPiece; using std::string; namespace net { diff --git a/chromium/net/quic/core/spdy_utils.cc b/chromium/net/quic/core/spdy_utils.cc index a38d17657f4..c86aee10d94 100644 --- a/chromium/net/quic/core/spdy_utils.cc +++ b/chromium/net/quic/core/spdy_utils.cc @@ -9,6 +9,7 @@ #include "net/quic/platform/api/quic_logging.h" #include "net/quic/platform/api/quic_map_util.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/api/quic_text_utils.h" #include "net/quic/platform/api/quic_url_utils.h" #include "net/spdy/spdy_flags.h" @@ -16,7 +17,6 @@ #include "net/spdy/spdy_framer.h" #include "net/spdy/spdy_protocol.h" -using base::StringPiece; using std::string; namespace net { @@ -57,10 +57,10 @@ bool SpdyUtils::ExtractContentLengthFromHeaders(int64_t* content_length, return false; } else { // Check whether multiple values are consistent. - StringPiece content_length_header = it->second; - std::vector<StringPiece> values = + QuicStringPiece content_length_header = it->second; + std::vector<QuicStringPiece> values = QuicTextUtils::Split(content_length_header, '\0'); - for (const StringPiece& value : values) { + for (const QuicStringPiece& value : values) { uint64_t new_value; if (!QuicTextUtils::StringToUint64(value, &new_value)) { QUIC_DLOG(ERROR) @@ -100,8 +100,8 @@ bool SpdyUtils::ParseTrailers(const char* data, auto it = trailers->find(kFinalOffsetHeaderKey); if (it == trailers->end() || !QuicTextUtils::StringToSizeT(it->second, final_byte_offset)) { - QUIC_DVLOG(1) << "Required key '" << kFinalOffsetHeaderKey - << "' not present"; + QUIC_DLOG(ERROR) << "Required key '" << kFinalOffsetHeaderKey + << "' not present"; return false; } // The final offset header is no longer needed. @@ -109,8 +109,8 @@ bool SpdyUtils::ParseTrailers(const char* data, // Trailers must not have empty keys, and must not contain pseudo headers. for (const auto& trailer : *trailers) { - StringPiece key = trailer.first; - StringPiece value = trailer.second; + QuicStringPiece key = trailer.first; + QuicStringPiece value = trailer.second; if (QuicTextUtils::StartsWith(key, ":")) { QUIC_DVLOG(1) << "Trailers must not contain pseudo-header: '" << key << "','" << value << "'."; @@ -130,7 +130,7 @@ bool SpdyUtils::CopyAndValidateHeaders(const QuicHeaderList& header_list, for (const auto& p : header_list) { const string& name = p.first; if (name.empty()) { - QUIC_DVLOG(1) << "Header name must not be empty."; + QUIC_DLOG(ERROR) << "Header name must not be empty."; return false; } @@ -168,20 +168,21 @@ bool SpdyUtils::CopyAndValidateTrailers(const QuicHeaderList& header_list, } if (name.empty() || name[0] == ':') { - QUIC_DVLOG(1) + QUIC_DLOG(ERROR) << "Trailers must not be empty, and must not contain pseudo-" << "headers. Found: '" << name << "'"; return false; } if (QuicTextUtils::ContainsUpperCase(name)) { - QUIC_DLOG(INFO) << "Malformed header: Header name " << name - << " contains upper-case characters."; + QUIC_DLOG(ERROR) << "Malformed header: Header name " << name + << " contains upper-case characters."; return false; } if (trailers->find(name) != trailers->end()) { - QUIC_DLOG(INFO) << "Duplicate header '" << name << "' found in trailers."; + QUIC_DLOG(ERROR) << "Duplicate header '" << name + << "' found in trailers."; return false; } @@ -189,8 +190,8 @@ bool SpdyUtils::CopyAndValidateTrailers(const QuicHeaderList& header_list, } if (!found_final_byte_offset) { - QUIC_DVLOG(1) << "Required key '" << kFinalOffsetHeaderKey - << "' not present"; + QUIC_DLOG(ERROR) << "Required key '" << kFinalOffsetHeaderKey + << "' not present"; return false; } diff --git a/chromium/net/quic/core/spdy_utils_test.cc b/chromium/net/quic/core/spdy_utils_test.cc index 75823c3de37..42200f2732f 100644 --- a/chromium/net/quic/core/spdy_utils_test.cc +++ b/chromium/net/quic/core/spdy_utils_test.cc @@ -4,12 +4,11 @@ #include "net/quic/core/spdy_utils.h" #include "base/macros.h" -#include "base/strings/string_piece.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/api/quic_text_utils.h" #include "net/test/gtest_util.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; using testing::UnorderedElementsAre; using testing::Pair; @@ -185,12 +184,13 @@ TEST(SpdyUtilsTest, CopyAndValidateHeaders) { SpdyHeaderBlock block; ASSERT_TRUE( SpdyUtils::CopyAndValidateHeaders(*headers, &content_length, &block)); - EXPECT_THAT(block, UnorderedElementsAre( - Pair("cookie", " part 1; part 2 ; part3; fin!"), - Pair("passed-through", StringPiece("foo\0baz", 7)), - Pair("joined", StringPiece("value 1\0value 2", 15)), - Pair("empty", ""), - Pair("empty-joined", StringPiece("\0foo\0\0", 6)))); + EXPECT_THAT(block, + UnorderedElementsAre( + Pair("cookie", " part 1; part 2 ; part3; fin!"), + Pair("passed-through", QuicStringPiece("foo\0baz", 7)), + Pair("joined", QuicStringPiece("value 1\0value 2", 15)), + Pair("empty", ""), + Pair("empty-joined", QuicStringPiece("\0foo\0\0", 6)))); EXPECT_EQ(-1, content_length); } @@ -223,10 +223,10 @@ TEST(SpdyUtilsTest, CopyAndValidateHeadersMultipleContentLengths) { SpdyUtils::CopyAndValidateHeaders(*headers, &content_length, &block)); EXPECT_THAT(block, UnorderedElementsAre( Pair("foo", "foovalue"), Pair("bar", "barvalue"), - Pair("content-length", StringPiece("9" - "\0" - "9", - 3)), + Pair("content-length", QuicStringPiece("9" + "\0" + "9", + 3)), Pair("baz", ""))); EXPECT_EQ(9, content_length); } @@ -254,7 +254,7 @@ TEST(SpdyUtilsTest, CopyAndValidateHeadersLargeContentLength) { SpdyUtils::CopyAndValidateHeaders(*headers, &content_length, &block)); EXPECT_THAT(block, UnorderedElementsAre( Pair("foo", "foovalue"), Pair("bar", "barvalue"), - Pair("content-length", StringPiece("9000000000")), + Pair("content-length", QuicStringPiece("9000000000")), Pair("baz", ""))); EXPECT_EQ(9000000000, content_length); } @@ -269,10 +269,10 @@ TEST(SpdyUtilsTest, CopyAndValidateHeadersMultipleValues) { SpdyHeaderBlock block; ASSERT_TRUE( SpdyUtils::CopyAndValidateHeaders(*headers, &content_length, &block)); - EXPECT_THAT( - block, UnorderedElementsAre(Pair("foo", StringPiece("foovalue\0boo", 12)), - Pair("bar", "barvalue"), - Pair("baz", StringPiece("\0buzz", 5)))); + EXPECT_THAT(block, UnorderedElementsAre( + Pair("foo", QuicStringPiece("foovalue\0boo", 12)), + Pair("bar", "barvalue"), + Pair("baz", QuicStringPiece("\0buzz", 5)))); EXPECT_EQ(-1, content_length); } @@ -284,9 +284,9 @@ TEST(SpdyUtilsTest, CopyAndValidateHeadersMoreThanTwoValues) { SpdyHeaderBlock block; ASSERT_TRUE( SpdyUtils::CopyAndValidateHeaders(*headers, &content_length, &block)); - EXPECT_THAT(block, - UnorderedElementsAre(Pair( - "set-cookie", StringPiece("value1\0value2\0value3", 20)))); + EXPECT_THAT( + block, UnorderedElementsAre(Pair( + "set-cookie", QuicStringPiece("value1\0value2\0value3", 20)))); EXPECT_EQ(-1, content_length); } diff --git a/chromium/net/quic/platform/api/quic_endian.h b/chromium/net/quic/platform/api/quic_endian.h index ae58b8b22e2..adf5c520a30 100644 --- a/chromium/net/quic/platform/api/quic_endian.h +++ b/chromium/net/quic/platform/api/quic_endian.h @@ -13,6 +13,7 @@ namespace net { // to/from host order (can be either little or big endian depending on the // platform). class QuicEndian { + public: // Convert |x| from host order (can be either little or big endian depending // on the platform) to network order (big endian). static uint16_t HostToNet16(uint16_t x) { @@ -36,6 +37,11 @@ class QuicEndian { static uint64_t NetToHost64(uint64_t x) { return QuicEndianImpl::NetToHost64(x); } + + // Returns true if current host order is little endian. + static bool HostIsLittleEndian() { + return QuicEndianImpl::HostIsLittleEndian(); + } }; } // namespace net diff --git a/chromium/net/quic/platform/api/quic_endian_test.cc b/chromium/net/quic/platform/api/quic_endian_test.cc new file mode 100644 index 00000000000..5b63dd94efd --- /dev/null +++ b/chromium/net/quic/platform/api/quic_endian_test.cc @@ -0,0 +1,49 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/quic/platform/api/quic_endian.h" + +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { +namespace test { +namespace { + +const uint16_t k16BitTestData = 0xaabb; +const uint16_t k16BitSwappedTestData = 0xbbaa; +const uint32_t k32BitTestData = 0xaabbccdd; +const uint32_t k32BitSwappedTestData = 0xddccbbaa; +const uint64_t k64BitTestData = 0xaabbccdd44332211; +const uint64_t k64BitSwappedTestData = 0x11223344ddccbbaa; + +TEST(QuicEndianTest, HostToNet) { + if (QuicEndian::HostIsLittleEndian()) { + EXPECT_EQ(k16BitSwappedTestData, QuicEndian::HostToNet16(k16BitTestData)); + EXPECT_EQ(k32BitSwappedTestData, QuicEndian::HostToNet32(k32BitTestData)); + EXPECT_EQ(k64BitSwappedTestData, QuicEndian::HostToNet64(k64BitTestData)); + } else { + EXPECT_EQ(k16BitTestData, QuicEndian::HostToNet16(k16BitTestData)); + EXPECT_EQ(k32BitTestData, QuicEndian::HostToNet32(k32BitTestData)); + EXPECT_EQ(k64BitTestData, QuicEndian::HostToNet64(k64BitTestData)); + } +} + +TEST(QuicEndianTest, NetToHost) { + if (QuicEndian::HostIsLittleEndian()) { + EXPECT_EQ(k16BitTestData, QuicEndian::NetToHost16(k16BitSwappedTestData)); + EXPECT_EQ(k32BitTestData, QuicEndian::NetToHost32(k32BitSwappedTestData)); + EXPECT_EQ(k64BitTestData, QuicEndian::NetToHost64(k64BitSwappedTestData)); + } else { + EXPECT_EQ(k16BitSwappedTestData, + QuicEndian::NetToHost16(k16BitSwappedTestData)); + EXPECT_EQ(k32BitSwappedTestData, + QuicEndian::NetToHost32(k32BitSwappedTestData)); + EXPECT_EQ(k64BitSwappedTestData, + QuicEndian::NetToHost64(k64BitSwappedTestData)); + } +} + +} // namespace +} // namespace test +} // namespace net diff --git a/chromium/net/quic/platform/api/quic_hostname_utils.cc b/chromium/net/quic/platform/api/quic_hostname_utils.cc index 0feceebaf38..2f5e65dd96c 100644 --- a/chromium/net/quic/platform/api/quic_hostname_utils.cc +++ b/chromium/net/quic/platform/api/quic_hostname_utils.cc @@ -4,13 +4,12 @@ #include "net/quic/platform/api/quic_hostname_utils.h" -using base::StringPiece; using std::string; namespace net { // static -bool QuicHostnameUtils::IsValidSNI(StringPiece sni) { +bool QuicHostnameUtils::IsValidSNI(QuicStringPiece sni) { return QuicHostnameUtilsImpl::IsValidSNI(sni); } diff --git a/chromium/net/quic/platform/api/quic_hostname_utils.h b/chromium/net/quic/platform/api/quic_hostname_utils.h index 14adea03b3c..9c46d68356c 100644 --- a/chromium/net/quic/platform/api/quic_hostname_utils.h +++ b/chromium/net/quic/platform/api/quic_hostname_utils.h @@ -7,6 +7,7 @@ #include "base/macros.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/impl/quic_hostname_utils_impl.h" namespace net { @@ -19,7 +20,7 @@ class QUIC_EXPORT_PRIVATE QuicHostnameUtils { // (1) disallow IP addresses; // (2) check that the hostname contains valid characters only; and // (3) contains at least one dot. - static bool IsValidSNI(base::StringPiece sni); + static bool IsValidSNI(QuicStringPiece sni); // Convert hostname to lowercase and remove the trailing '.'. // WARNING: mutates |hostname| in place and returns |hostname|. diff --git a/chromium/net/quic/platform/api/quic_str_cat_test.cc b/chromium/net/quic/platform/api/quic_str_cat_test.cc index 3064346952d..dc417d8e367 100644 --- a/chromium/net/quic/platform/api/quic_str_cat_test.cc +++ b/chromium/net/quic/platform/api/quic_str_cat_test.cc @@ -4,10 +4,9 @@ #include "net/quic/platform/api/quic_str_cat.h" -#include "base/strings/string_piece.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; namespace net { @@ -45,7 +44,7 @@ TEST(QuicStrCatTest, Basics) { string strs[] = {"Hello", "Cruel", "World"}; - StringPiece pieces[] = {"Hello", "Cruel", "World"}; + QuicStringPiece pieces[] = {"Hello", "Cruel", "World"}; const char* c_strs[] = {"Hello", "Cruel", "World"}; diff --git a/chromium/net/quic/platform/api/quic_string_piece.h b/chromium/net/quic/platform/api/quic_string_piece.h new file mode 100644 index 00000000000..d852429c845 --- /dev/null +++ b/chromium/net/quic/platform/api/quic_string_piece.h @@ -0,0 +1,16 @@ +// Copyright (c) 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_QUIC_PLATFORM_API_QUIC_STRING_PIECE_H_ +#define NET_QUIC_PLATFORM_API_QUIC_STRING_PIECE_H_ + +#include "net/quic/platform/impl/quic_string_piece_impl.h" + +namespace net { + +using QuicStringPiece = QuicStringPieceImpl; + +} // namespace net + +#endif // NET_QUIC_PLATFORM_API_QUIC_STRING_PIECE_H_ diff --git a/chromium/net/quic/platform/api/quic_text_utils.h b/chromium/net/quic/platform/api/quic_text_utils.h index 3509e9decb8..e80df74d35f 100644 --- a/chromium/net/quic/platform/api/quic_text_utils.h +++ b/chromium/net/quic/platform/api/quic_text_utils.h @@ -5,7 +5,7 @@ #ifndef NET_QUIC_PLATFORM_API_QUIC_TEXT_UTILS_H_ #define NET_QUIC_PLATFORM_API_QUIC_TEXT_UTILS_H_ -#include "base/strings/string_piece.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/impl/quic_text_utils_impl.h" namespace net { @@ -14,47 +14,46 @@ namespace net { class QuicTextUtils { public: // Returns true if |data| starts with |prefix|, case sensitively. - static bool StartsWith(base::StringPiece data, base::StringPiece prefix) { + static bool StartsWith(QuicStringPiece data, QuicStringPiece prefix) { return QuicTextUtilsImpl::StartsWith(data, prefix); } // Returns true if |data| ends with |suffix|, case insensitively. - static bool EndsWithIgnoreCase(base::StringPiece data, - base::StringPiece suffix) { + static bool EndsWithIgnoreCase(QuicStringPiece data, QuicStringPiece suffix) { return QuicTextUtilsImpl::EndsWithIgnoreCase(data, suffix); } // Returns a new string in which |data| has been converted to lower case. - static std::string ToLower(base::StringPiece data) { + static std::string ToLower(QuicStringPiece data) { return QuicTextUtilsImpl::ToLower(data); } // Removes leading and trailing whitespace from |data|. - static void RemoveLeadingAndTrailingWhitespace(base::StringPiece* data) { + static void RemoveLeadingAndTrailingWhitespace(QuicStringPiece* data) { QuicTextUtilsImpl::RemoveLeadingAndTrailingWhitespace(data); } // Returns true if |in| represents a valid uint64, and stores that value in // |out|. - static bool StringToUint64(base::StringPiece in, uint64_t* out) { + static bool StringToUint64(QuicStringPiece in, uint64_t* out) { return QuicTextUtilsImpl::StringToUint64(in, out); } // Returns true if |in| represents a valid int, and stores that value in // |out|. - static bool StringToInt(base::StringPiece in, int* out) { + static bool StringToInt(QuicStringPiece in, int* out) { return QuicTextUtilsImpl::StringToInt(in, out); } // Returns true if |in| represents a valid uint32, and stores that value in // |out|. - static bool StringToUint32(base::StringPiece in, uint32_t* out) { + static bool StringToUint32(QuicStringPiece in, uint32_t* out) { return QuicTextUtilsImpl::StringToUint32(in, out); } // Returns true if |in| represents a valid size_t, and stores that value in // |out|. - static bool StringToSizeT(base::StringPiece in, size_t* out) { + static bool StringToSizeT(QuicStringPiece in, size_t* out) { return QuicTextUtilsImpl::StringToSizeT(in, out); } @@ -67,19 +66,19 @@ class QuicTextUtils { // hexadecimal representation. // Return value: 2*|length| characters of ASCII string. static std::string HexEncode(const char* data, size_t length) { - return HexEncode(base::StringPiece(data, length)); + return HexEncode(QuicStringPiece(data, length)); } // This converts |data.length()| bytes of binary to a // 2*|data.length()|-character hexadecimal representation. // Return value: 2*|data.length()| characters of ASCII string. - static std::string HexEncode(base::StringPiece data) { + static std::string HexEncode(QuicStringPiece data) { return QuicTextUtilsImpl::HexEncode(data); } // Converts |data| from a hexadecimal ASCII string to a binary string // that is |data.length()/2| bytes long. - static std::string HexDecode(base::StringPiece data) { + static std::string HexDecode(QuicStringPiece data) { return QuicTextUtilsImpl::HexDecode(data); } @@ -95,18 +94,17 @@ class QuicTextUtils { // printed as '.' in the ASCII output. // For example, given the input "Hello, QUIC!\01\02\03\04", returns: // "0x0000: 4865 6c6c 6f2c 2051 5549 4321 0102 0304 Hello,.QUIC!...." - static std::string HexDump(base::StringPiece binary_data) { + static std::string HexDump(QuicStringPiece binary_data) { return QuicTextUtilsImpl::HexDump(binary_data); } // Returns true if |data| contains any uppercase characters. - static bool ContainsUpperCase(base::StringPiece data) { + static bool ContainsUpperCase(QuicStringPiece data) { return QuicTextUtilsImpl::ContainsUpperCase(data); } // Splits |data| into a vector of pieces delimited by |delim|. - static std::vector<base::StringPiece> Split(base::StringPiece data, - char delim) { + static std::vector<QuicStringPiece> Split(QuicStringPiece data, char delim) { return QuicTextUtilsImpl::Split(data, delim); } }; diff --git a/chromium/net/quic/platform/api/quic_text_utils_test.cc b/chromium/net/quic/platform/api/quic_text_utils_test.cc index 758ad545548..bde46278ace 100644 --- a/chromium/net/quic/platform/api/quic_text_utils_test.cc +++ b/chromium/net/quic/platform/api/quic_text_utils_test.cc @@ -6,10 +6,8 @@ #include <string> -#include "base/strings/string_piece.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; namespace net { @@ -45,7 +43,7 @@ TEST(QuicTextUtilsText, RemoveLeadingAndTrailingWhitespace) { for (auto* input : {"text", " text", " text", "text ", "text ", " text ", " text ", "\r\n\ttext", "text\n\r\t"}) { - StringPiece piece(input); + QuicStringPiece piece(input); QuicTextUtils::RemoveLeadingAndTrailingWhitespace(&piece); EXPECT_EQ("text", piece); } @@ -190,11 +188,11 @@ TEST(QuicTextUtilsText, ContainsUpperCase) { } TEST(QuicTextUtilsText, Split) { - EXPECT_EQ(std::vector<StringPiece>({"a", "b", "c"}), + EXPECT_EQ(std::vector<QuicStringPiece>({"a", "b", "c"}), QuicTextUtils::Split("a,b,c", ',')); - EXPECT_EQ(std::vector<StringPiece>({"a", "b", "c"}), + EXPECT_EQ(std::vector<QuicStringPiece>({"a", "b", "c"}), QuicTextUtils::Split("a:b:c", ':')); - EXPECT_EQ(std::vector<StringPiece>({"a:b:c"}), + EXPECT_EQ(std::vector<QuicStringPiece>({"a:b:c"}), QuicTextUtils::Split("a:b:c", ',')); } diff --git a/chromium/net/quic/platform/api/quic_url.cc b/chromium/net/quic/platform/api/quic_url.cc index 950f9dd877e..1dd770893c0 100644 --- a/chromium/net/quic/platform/api/quic_url.cc +++ b/chromium/net/quic/platform/api/quic_url.cc @@ -4,14 +4,13 @@ #include "net/quic/platform/api/quic_url.h" -using base::StringPiece; using std::string; namespace net { -QuicUrl::QuicUrl(StringPiece url) : impl_(url) {} +QuicUrl::QuicUrl(QuicStringPiece url) : impl_(url) {} -QuicUrl::QuicUrl(StringPiece url, StringPiece default_scheme) +QuicUrl::QuicUrl(QuicStringPiece url, QuicStringPiece default_scheme) : impl_(url, default_scheme) {} QuicUrl::QuicUrl(const QuicUrl& url) : impl_(url.impl()) {} diff --git a/chromium/net/quic/platform/api/quic_url.h b/chromium/net/quic/platform/api/quic_url.h index 931fcbd0d9d..330d96d49c8 100644 --- a/chromium/net/quic/platform/api/quic_url.h +++ b/chromium/net/quic/platform/api/quic_url.h @@ -6,6 +6,7 @@ #define NET_QUIC_PLATFORM_API_QUIC_URL_H_ #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/impl/quic_url_impl.h" namespace net { @@ -20,11 +21,11 @@ class QUIC_EXPORT_PRIVATE QuicUrl { // NOTE: If |url| doesn't have a scheme, it will have an empty scheme // field. If that's not what you want, use the QuicUrlImpl(url, // default_scheme) form below. - explicit QuicUrl(base::StringPiece url); + explicit QuicUrl(QuicStringPiece url); // Constructs a QuicUrl from |url|, assuming that the scheme for the QuicUrl // is |default_scheme| if there is no scheme specified in |url|. - QuicUrl(base::StringPiece url, base::StringPiece default_scheme); + QuicUrl(QuicStringPiece url, QuicStringPiece default_scheme); QuicUrl(const QuicUrl& url); diff --git a/chromium/net/quic/platform/api/quic_url_utils.cc b/chromium/net/quic/platform/api/quic_url_utils.cc index 4b2c33b561e..304699a3eea 100644 --- a/chromium/net/quic/platform/api/quic_url_utils.cc +++ b/chromium/net/quic/platform/api/quic_url_utils.cc @@ -4,18 +4,17 @@ #include "net/quic/platform/api/quic_url_utils.h" -using base::StringPiece; using std::string; namespace net { // static -string QuicUrlUtils::HostName(StringPiece url) { +string QuicUrlUtils::HostName(QuicStringPiece url) { return QuicUrlUtilsImpl::HostName(url); } // static -bool QuicUrlUtils::IsValidUrl(StringPiece url) { +bool QuicUrlUtils::IsValidUrl(QuicStringPiece url) { return QuicUrlUtilsImpl::IsValidUrl(url); } diff --git a/chromium/net/quic/platform/api/quic_url_utils.h b/chromium/net/quic/platform/api/quic_url_utils.h index 022e041be99..d857ba519f9 100644 --- a/chromium/net/quic/platform/api/quic_url_utils.h +++ b/chromium/net/quic/platform/api/quic_url_utils.h @@ -7,6 +7,7 @@ #include "base/macros.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/impl/quic_url_utils_impl.h" namespace net { @@ -14,12 +15,12 @@ namespace net { class QUIC_EXPORT_PRIVATE QuicUrlUtils { public: // Returns hostname, or empty std::string if missing. - static std::string HostName(base::StringPiece url); + static std::string HostName(QuicStringPiece url); // Returns false if any of these conditions occur: (1) Host name too long; (2) // Invalid characters in host name, path or params; (3) Invalid port number // (e.g. greater than 65535). - static bool IsValidUrl(base::StringPiece url); + static bool IsValidUrl(QuicStringPiece url); private: DISALLOW_COPY_AND_ASSIGN(QuicUrlUtils); diff --git a/chromium/net/quic/platform/impl/quic_endian_impl.h b/chromium/net/quic/platform/impl/quic_endian_impl.h index 4bcb3bb20a0..d4adfcd1a64 100644 --- a/chromium/net/quic/platform/impl/quic_endian_impl.h +++ b/chromium/net/quic/platform/impl/quic_endian_impl.h @@ -13,15 +13,24 @@ class QuicEndianImpl { public: // Convert |x| from host order (can be either little or big endian depending // on the platform) to network order (big endian). - static uint16_t HostToNet16(uint16_t x) { return HostToNet16(x); } - static uint32_t HostToNet32(uint32_t x) { return HostToNet32(x); } - static uint64_t HostToNet64(uint64_t x) { return HostToNet64(x); } + static uint16_t HostToNet16(uint16_t x) { return base::HostToNet16(x); } + static uint32_t HostToNet32(uint32_t x) { return base::HostToNet32(x); } + static uint64_t HostToNet64(uint64_t x) { return base::HostToNet64(x); } // Convert |x| from network order (big endian) to host order (can be either // little or big endian depending on the platform). - static uint16_t NetToHost16(uint16_t x) { return NetToHost16(x); } - static uint32_t NetToHost32(uint32_t x) { return NetToHost32(x); } - static uint64_t NetToHost64(uint64_t x) { return NetToHost64(x); } + static uint16_t NetToHost16(uint16_t x) { return base::NetToHost16(x); } + static uint32_t NetToHost32(uint32_t x) { return base::NetToHost32(x); } + static uint64_t NetToHost64(uint64_t x) { return base::NetToHost64(x); } + + // Returns true if current host order is little endian. + static bool HostIsLittleEndian() { +#if defined(ARCH_CPU_LITTLE_ENDIAN) + return true; +#else + return false; +#endif + } }; } // namespace net diff --git a/chromium/net/quic/platform/impl/quic_flag_utils_impl.h b/chromium/net/quic/platform/impl/quic_flag_utils_impl.h index 52e710766d1..ba6ddd9aa30 100644 --- a/chromium/net/quic/platform/impl/quic_flag_utils_impl.h +++ b/chromium/net/quic/platform/impl/quic_flag_utils_impl.h @@ -5,11 +5,7 @@ #ifndef NET_QUIC_PLATFORM_IMPL_QUIC_FLAG_UTILS_IMPL_H_ #define NET_QUIC_PLATFORM_IMPL_QUIC_FLAG_UTILS_IMPL_H_ -#define QUIC_FLAG_COUNT_IMPL(flag) \ - do { \ - } while (0) -#define QUIC_FLAG_COUNT_N_IMPL(flag, instance, total) \ - do { \ - } while (0) +#define QUIC_FLAG_COUNT_IMPL(flag) DVLOG(1) << "FLAG_##flag: " << FLAGS_##flag +#define QUIC_FLAG_COUNT_N_IMPL(flag, instance, total) QUIC_FLAG_COUNT_IMPL(flag) #endif // NET_QUIC_PLATFORM_IMPL_QUIC_FLAG_UTILS_IMPL_H_ diff --git a/chromium/net/quic/platform/impl/quic_hostname_utils_impl.cc b/chromium/net/quic/platform/impl/quic_hostname_utils_impl.cc index 0dc81390348..040a724ce4f 100644 --- a/chromium/net/quic/platform/impl/quic_hostname_utils_impl.cc +++ b/chromium/net/quic/platform/impl/quic_hostname_utils_impl.cc @@ -8,13 +8,12 @@ #include "url/gurl.h" #include "url/url_canon.h" -using base::StringPiece; using std::string; namespace net { // static -bool QuicHostnameUtilsImpl::IsValidSNI(StringPiece sni) { +bool QuicHostnameUtilsImpl::IsValidSNI(QuicStringPiece sni) { // TODO(rtenneti): Support RFC2396 hostname. // NOTE: Microsoft does NOT enforce this spec, so if we throw away hostnames // based on the above spec, we may be losing some hostnames that windows diff --git a/chromium/net/quic/platform/impl/quic_hostname_utils_impl.h b/chromium/net/quic/platform/impl/quic_hostname_utils_impl.h index 7e5cd1d39c1..57c67473e00 100644 --- a/chromium/net/quic/platform/impl/quic_hostname_utils_impl.h +++ b/chromium/net/quic/platform/impl/quic_hostname_utils_impl.h @@ -6,9 +6,9 @@ #define NET_QUIC_PLATFORM_IMPL_QUIC_HOSTNAME_UTILS_IMPL_H_ #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/quic_server_id.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -18,7 +18,7 @@ class QUIC_EXPORT_PRIVATE QuicHostnameUtilsImpl { // (1) disallow IP addresses; // (2) check that the hostname contains valid characters only; and // (3) contains at least one dot. - static bool IsValidSNI(base::StringPiece sni); + static bool IsValidSNI(QuicStringPiece sni); // Convert hostname to lowercase and remove the trailing '.'. // WARNING: mutates |hostname| in place and returns |hostname|. diff --git a/chromium/net/quic/platform/impl/quic_string_piece_impl.h b/chromium/net/quic/platform/impl/quic_string_piece_impl.h new file mode 100644 index 00000000000..a5bf3fd3e78 --- /dev/null +++ b/chromium/net/quic/platform/impl/quic_string_piece_impl.h @@ -0,0 +1,16 @@ +// Copyright (c) 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_QUIC_PLATFORM_IMPL_QUIC_STRING_PIECE_IMPL_H_ +#define NET_QUIC_PLATFORM_IMPL_QUIC_STRING_PIECE_IMPL_H_ + +#include "base/strings/string_piece.h" + +namespace net { + +using QuicStringPieceImpl = base::StringPiece; + +} // namespace net + +#endif // NET_QUIC_PLATFORM_IMPL_QUIC_STRING_PIECE_IMPL_H_ diff --git a/chromium/net/quic/platform/impl/quic_text_utils_impl.h b/chromium/net/quic/platform/impl/quic_text_utils_impl.h index c797ac6f446..19186328117 100644 --- a/chromium/net/quic/platform/impl/quic_text_utils_impl.h +++ b/chromium/net/quic/platform/impl/quic_text_utils_impl.h @@ -9,11 +9,11 @@ #include "base/base64.h" #include "base/strings/string_number_conversions.h" -#include "base/strings/string_piece.h" #include "base/strings/string_split.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "net/base/parse_number.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -21,47 +21,46 @@ namespace net { class QuicTextUtilsImpl { public: // Returns true of |data| starts with |prefix|, case sensitively. - static bool StartsWith(base::StringPiece data, base::StringPiece prefix) { + static bool StartsWith(QuicStringPiece data, QuicStringPiece prefix) { return base::StartsWith(data, prefix, base::CompareCase::SENSITIVE); } // Returns true of |data| ends with |suffix|, case insensitively. - static bool EndsWithIgnoreCase(base::StringPiece data, - base::StringPiece suffix) { + static bool EndsWithIgnoreCase(QuicStringPiece data, QuicStringPiece suffix) { return base::EndsWith(data, suffix, base::CompareCase::INSENSITIVE_ASCII); } // Returns a new std::string in which |data| has been converted to lower case. - static std::string ToLower(base::StringPiece data) { + static std::string ToLower(QuicStringPiece data) { return base::ToLowerASCII(data); } // Remove leading and trailing whitespace from |data|. - static void RemoveLeadingAndTrailingWhitespace(base::StringPiece* data) { + static void RemoveLeadingAndTrailingWhitespace(QuicStringPiece* data) { *data = base::TrimWhitespaceASCII(*data, base::TRIM_ALL); } // Returns true if |in| represents a valid uint64, and stores that value in // |out|. - static bool StringToUint64(base::StringPiece in, uint64_t* out) { + static bool StringToUint64(QuicStringPiece in, uint64_t* out) { return base::StringToUint64(in, out); } // Returns true if |in| represents a valid int, and stores that value in // |out|. - static bool StringToInt(base::StringPiece in, int* out) { + static bool StringToInt(QuicStringPiece in, int* out) { return base::StringToInt(in, out); } // Returns true if |in| represents a valid uint32, and stores that value in // |out|. - static bool StringToUint32(base::StringPiece in, uint32_t* out) { + static bool StringToUint32(QuicStringPiece in, uint32_t* out) { return ParseUint32(in, out, nullptr); } // Returns true if |in| represents a valid size_t, and stores that value in // |out|. - static bool StringToSizeT(base::StringPiece in, size_t* out) { + static bool StringToSizeT(QuicStringPiece in, size_t* out) { return base::StringToSizeT(in, out); } @@ -73,13 +72,13 @@ class QuicTextUtilsImpl { // This converts |length| bytes of binary to a 2*|length|-character // hexadecimal representation. // Return value: 2*|length| characters of ASCII std::string. - static std::string HexEncode(base::StringPiece data) { + static std::string HexEncode(QuicStringPiece data) { return base::ToLowerASCII(::base::HexEncode(data.data(), data.size())); } // Converts |data| from a hexadecimal ASCII string to a binary string // that is |data.length()/2| bytes long. - static std::string HexDecode(base::StringPiece data) { + static std::string HexDecode(QuicStringPiece data) { if (data.empty()) return ""; std::vector<uint8_t> v; @@ -115,7 +114,7 @@ class QuicTextUtilsImpl { // printed as '.' in the ASCII output. // For example, given the input "Hello, QUIC!\01\02\03\04", returns: // "0x0000: 4865 6c6c 6f2c 2051 5549 4321 0102 0304 Hello,.QUIC!...." - static std::string HexDump(base::StringPiece binary_input) { + static std::string HexDump(QuicStringPiece binary_input) { int offset = 0; const int kBytesPerLine = 16; // Max bytes dumped per line const char* buf = binary_input.data(); @@ -148,14 +147,13 @@ class QuicTextUtilsImpl { } // Returns true if |data| contains any uppercase characters. - static bool ContainsUpperCase(base::StringPiece data) { + static bool ContainsUpperCase(QuicStringPiece data) { return std::any_of(data.begin(), data.end(), base::IsAsciiUpper<char>); } // Splits |data| into a vector of pieces delimited by |delim|. - static std::vector<base::StringPiece> Split(base::StringPiece data, - char delim) { - return base::SplitStringPiece(data, base::StringPiece(&delim, 1), + static std::vector<QuicStringPiece> Split(QuicStringPiece data, char delim) { + return base::SplitStringPiece(data, QuicStringPiece(&delim, 1), base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); } }; diff --git a/chromium/net/quic/platform/impl/quic_url_impl.cc b/chromium/net/quic/platform/impl/quic_url_impl.cc index 76f5a540cd8..81f67606fe3 100644 --- a/chromium/net/quic/platform/impl/quic_url_impl.cc +++ b/chromium/net/quic/platform/impl/quic_url_impl.cc @@ -6,14 +6,13 @@ #include "net/quic/platform/api/quic_text_utils.h" -using base::StringPiece; using std::string; namespace net { -QuicUrlImpl::QuicUrlImpl(StringPiece url) : url_(url) {} +QuicUrlImpl::QuicUrlImpl(QuicStringPiece url) : url_(url) {} -QuicUrlImpl::QuicUrlImpl(StringPiece url, StringPiece default_scheme) +QuicUrlImpl::QuicUrlImpl(QuicStringPiece url, QuicStringPiece default_scheme) : url_(url) { if (url_.has_scheme()) { return; diff --git a/chromium/net/quic/platform/impl/quic_url_impl.h b/chromium/net/quic/platform/impl/quic_url_impl.h index bb688a9cc1d..7e5cb5be14d 100644 --- a/chromium/net/quic/platform/impl/quic_url_impl.h +++ b/chromium/net/quic/platform/impl/quic_url_impl.h @@ -6,6 +6,7 @@ #define NET_QUIC_PLATFORM_IMPL_QUIC_URL_IMPL_H_ #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "url/gurl.h" namespace net { @@ -21,11 +22,11 @@ class QUIC_EXPORT_PRIVATE QuicUrlImpl { // NOTE: If |url| doesn't have a scheme, it will have an empty scheme // field. If that's not what you want, use the QuicUrlImpl(url, // default_scheme) form below. - explicit QuicUrlImpl(base::StringPiece url); + explicit QuicUrlImpl(QuicStringPiece url); // Constructs a QuicUrlImpl from |url|, assuming that the scheme for the URL // is |default_scheme| if there is no scheme specified in |url|. - QuicUrlImpl(base::StringPiece url, base::StringPiece default_scheme); + QuicUrlImpl(QuicStringPiece url, QuicStringPiece default_scheme); QuicUrlImpl(const QuicUrlImpl& url); diff --git a/chromium/net/quic/platform/impl/quic_url_utils_impl.cc b/chromium/net/quic/platform/impl/quic_url_utils_impl.cc index 1ef757b1fd3..092f3ad001b 100644 --- a/chromium/net/quic/platform/impl/quic_url_utils_impl.cc +++ b/chromium/net/quic/platform/impl/quic_url_utils_impl.cc @@ -6,18 +6,17 @@ #include "url/gurl.h" -using base::StringPiece; using std::string; namespace net { // static -string QuicUrlUtilsImpl::HostName(StringPiece url) { +string QuicUrlUtilsImpl::HostName(QuicStringPiece url) { return GURL(url).host(); } // static -bool QuicUrlUtilsImpl::IsValidUrl(StringPiece url) { +bool QuicUrlUtilsImpl::IsValidUrl(QuicStringPiece url) { return GURL(url).is_valid(); } diff --git a/chromium/net/quic/platform/impl/quic_url_utils_impl.h b/chromium/net/quic/platform/impl/quic_url_utils_impl.h index 31fbfec32ed..6db0abb3b9e 100644 --- a/chromium/net/quic/platform/impl/quic_url_utils_impl.h +++ b/chromium/net/quic/platform/impl/quic_url_utils_impl.h @@ -6,21 +6,21 @@ #define NET_QUIC_PLATFORM_IMPL_QUIC_URL_UTILS_IMPL_H_ #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/quic_server_id.h" #include "net/quic/platform/api/quic_export.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { class QUIC_EXPORT_PRIVATE QuicUrlUtilsImpl { public: // Returns hostname, or empty std::string if missing. - static std::string HostName(base::StringPiece url); + static std::string HostName(QuicStringPiece url); // Returns false if any of these conditions occur: (1) Host name too long; (2) // Invalid characters in host name, path or params; (3) Invalid port number // (e.g. greater than 65535). - static bool IsValidUrl(base::StringPiece url); + static bool IsValidUrl(QuicStringPiece url); private: DISALLOW_COPY_AND_ASSIGN(QuicUrlUtilsImpl); diff --git a/chromium/net/quic/quartc/quartc_alarm_factory_test.cc b/chromium/net/quic/quartc/quartc_alarm_factory_test.cc index 7cb41a0e140..b55cccbe452 100644 --- a/chromium/net/quic/quartc/quartc_alarm_factory_test.cc +++ b/chromium/net/quic/quartc/quartc_alarm_factory_test.cc @@ -4,8 +4,8 @@ #include "net/quic/quartc/quartc_alarm_factory.h" +#include "net/quic/chromium/test_task_runner.h" #include "net/quic/test_tools/mock_clock.h" -#include "net/quic/test_tools/test_task_runner.h" #include "testing/gtest/include/gtest/gtest.h" namespace net { diff --git a/chromium/net/quic/quartc/quartc_session.cc b/chromium/net/quic/quartc/quartc_session.cc index 3664d893f61..826e4d6e3a0 100644 --- a/chromium/net/quic/quartc/quartc_session.cc +++ b/chromium/net/quic/quartc/quartc_session.cc @@ -5,6 +5,7 @@ #include "net/quic/quartc/quartc_session.h" #include "base/rand_util.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace { @@ -32,7 +33,7 @@ class DummyProofSource : public net::ProofSource { const std::string& hostname, const std::string& server_config, net::QuicVersion quic_version, - base::StringPiece chlo_hash, + net::QuicStringPiece chlo_hash, const net::QuicTagVector& connection_options, std::unique_ptr<Callback> callback) override { net::QuicReferenceCountedPointer<net::ProofSource::Chain> chain; @@ -60,7 +61,7 @@ class InsecureProofVerifier : public net::ProofVerifier { const uint16_t port, const std::string& server_config, net::QuicVersion quic_version, - base::StringPiece chlo_hash, + net::QuicStringPiece chlo_hash, const std::vector<std::string>& certs, const std::string& cert_sct, const std::string& signature, diff --git a/chromium/net/quic/quartc/quartc_session_test.cc b/chromium/net/quic/quartc/quartc_session_test.cc index 6bc2b5904a4..2844baf41e1 100644 --- a/chromium/net/quic/quartc/quartc_session_test.cc +++ b/chromium/net/quic/quartc/quartc_session_test.cc @@ -18,6 +18,7 @@ #include "net/quic/core/quic_crypto_client_stream.h" #include "net/quic/core/quic_crypto_server_stream.h" #include "net/quic/core/quic_simple_buffer_allocator.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/impl/quic_chromium_clock.h" #include "net/quic/quartc/quartc_alarm_factory.h" #include "net/quic/quartc/quartc_packet_writer.h" @@ -57,7 +58,7 @@ class FakeProofSource : public net::ProofSource { const std::string& hostname, const std::string& server_config, net::QuicVersion quic_version, - base::StringPiece chlo_hash, + QuicStringPiece chlo_hash, const net::QuicTagVector& connection_options, std::unique_ptr<Callback> callback) override { QuicReferenceCountedPointer<net::ProofSource::Chain> chain; @@ -89,7 +90,7 @@ class FakeProofVerifier : public net::ProofVerifier { const uint16_t port, const std::string& server_config, net::QuicVersion quic_version, - base::StringPiece chlo_hash, + QuicStringPiece chlo_hash, const std::vector<std::string>& certs, const std::string& cert_sct, const std::string& signature, diff --git a/chromium/net/quic/quartc/quartc_stream.cc b/chromium/net/quic/quartc/quartc_stream.cc index e702a5874ee..620b193894e 100644 --- a/chromium/net/quic/quartc/quartc_stream.cc +++ b/chromium/net/quic/quartc/quartc_stream.cc @@ -3,6 +3,7 @@ // found in the LICENSE file. #include "net/quic/quartc/quartc_stream.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -53,7 +54,7 @@ bool QuartcStream::fin_sent() { void QuartcStream::Write(const char* data, size_t size, const WriteParameters& param) { - WriteOrBufferData(base::StringPiece(data, size), param.fin, nullptr); + WriteOrBufferData(QuicStringPiece(data, size), param.fin, nullptr); } void QuartcStream::Close() { diff --git a/chromium/net/quic/test_tools/crypto_test_utils.cc b/chromium/net/quic/test_tools/crypto_test_utils.cc index f7eff11696b..fee44bb14c6 100644 --- a/chromium/net/quic/test_tools/crypto_test_utils.cc +++ b/chromium/net/quic/test_tools/crypto_test_utils.cc @@ -34,7 +34,6 @@ #include "third_party/boringssl/src/include/openssl/obj_mac.h" #include "third_party/boringssl/src/include/openssl/sha.h" -using base::StringPiece; using std::string; namespace net { @@ -44,7 +43,7 @@ TestChannelIDKey::TestChannelIDKey(EVP_PKEY* ecdsa_key) : ecdsa_key_(ecdsa_key) {} TestChannelIDKey::~TestChannelIDKey() {} -bool TestChannelIDKey::Sign(StringPiece signed_data, +bool TestChannelIDKey::Sign(QuicStringPiece signed_data, string* out_signature) const { bssl::ScopedEVP_MD_CTX md_ctx; if (EVP_DigestSignInit(md_ctx.get(), nullptr, EVP_sha256(), nullptr, @@ -341,16 +340,17 @@ class FullChloGenerator { EXPECT_THAT(rej->tag(), testing::AnyOf(testing::Eq(kSREJ), testing::Eq(kREJ))); - VLOG(1) << "Extract valid STK and SCID from\n" << rej->DebugString(); - StringPiece srct; + VLOG(1) << "Extract valid STK and SCID from\n" + << rej->DebugString(Perspective::IS_SERVER); + QuicStringPiece srct; ASSERT_TRUE(rej->GetStringPiece(kSourceAddressTokenTag, &srct)); - StringPiece scfg; + QuicStringPiece scfg; ASSERT_TRUE(rej->GetStringPiece(kSCFG, &scfg)); std::unique_ptr<CryptoHandshakeMessage> server_config( - CryptoFramer::ParseMessage(scfg)); + CryptoFramer::ParseMessage(scfg, Perspective::IS_SERVER)); - StringPiece scid; + QuicStringPiece scid; ASSERT_TRUE(server_config->GetStringPiece(kSCID, &scid)); *out_ = result_->client_hello; @@ -586,23 +586,23 @@ uint64_t LeafCertHashForTesting() { class MockCommonCertSets : public CommonCertSets { public: - MockCommonCertSets(StringPiece cert, uint64_t hash, uint32_t index) + MockCommonCertSets(QuicStringPiece cert, uint64_t hash, uint32_t index) : cert_(cert.as_string()), hash_(hash), index_(index) {} - StringPiece GetCommonHashes() const override { + QuicStringPiece GetCommonHashes() const override { CHECK(false) << "not implemented"; - return StringPiece(); + return QuicStringPiece(); } - StringPiece GetCert(uint64_t hash, uint32_t index) const override { + QuicStringPiece GetCert(uint64_t hash, uint32_t index) const override { if (hash == hash_ && index == index_) { return cert_; } - return StringPiece(); + return QuicStringPiece(); } - bool MatchCert(StringPiece cert, - StringPiece common_set_hashes, + bool MatchCert(QuicStringPiece cert, + QuicStringPiece common_set_hashes, uint64_t* out_hash, uint32_t* out_index) const override { if (cert != cert_) { @@ -637,7 +637,7 @@ class MockCommonCertSets : public CommonCertSets { const uint32_t index_; }; -CommonCertSets* MockCommonCertSets(StringPiece cert, +CommonCertSets* MockCommonCertSets(QuicStringPiece cert, uint64_t hash, uint32_t index) { return new class MockCommonCertSets(cert, hash, index); @@ -700,34 +700,34 @@ void CompareClientAndServerKeys(QuicCryptoClientStream* client, const QuicDecrypter* server_forward_secure_decrypter( QuicStreamPeer::session(server)->connection()->alternative_decrypter()); - StringPiece client_encrypter_key = client_encrypter->GetKey(); - StringPiece client_encrypter_iv = client_encrypter->GetNoncePrefix(); - StringPiece client_decrypter_key = client_decrypter->GetKey(); - StringPiece client_decrypter_iv = client_decrypter->GetNoncePrefix(); - StringPiece client_forward_secure_encrypter_key = + QuicStringPiece client_encrypter_key = client_encrypter->GetKey(); + QuicStringPiece client_encrypter_iv = client_encrypter->GetNoncePrefix(); + QuicStringPiece client_decrypter_key = client_decrypter->GetKey(); + QuicStringPiece client_decrypter_iv = client_decrypter->GetNoncePrefix(); + QuicStringPiece client_forward_secure_encrypter_key = client_forward_secure_encrypter->GetKey(); - StringPiece client_forward_secure_encrypter_iv = + QuicStringPiece client_forward_secure_encrypter_iv = client_forward_secure_encrypter->GetNoncePrefix(); - StringPiece client_forward_secure_decrypter_key = + QuicStringPiece client_forward_secure_decrypter_key = client_forward_secure_decrypter->GetKey(); - StringPiece client_forward_secure_decrypter_iv = + QuicStringPiece client_forward_secure_decrypter_iv = client_forward_secure_decrypter->GetNoncePrefix(); - StringPiece server_encrypter_key = server_encrypter->GetKey(); - StringPiece server_encrypter_iv = server_encrypter->GetNoncePrefix(); - StringPiece server_decrypter_key = server_decrypter->GetKey(); - StringPiece server_decrypter_iv = server_decrypter->GetNoncePrefix(); - StringPiece server_forward_secure_encrypter_key = + QuicStringPiece server_encrypter_key = server_encrypter->GetKey(); + QuicStringPiece server_encrypter_iv = server_encrypter->GetNoncePrefix(); + QuicStringPiece server_decrypter_key = server_decrypter->GetKey(); + QuicStringPiece server_decrypter_iv = server_decrypter->GetNoncePrefix(); + QuicStringPiece server_forward_secure_encrypter_key = server_forward_secure_encrypter->GetKey(); - StringPiece server_forward_secure_encrypter_iv = + QuicStringPiece server_forward_secure_encrypter_iv = server_forward_secure_encrypter->GetNoncePrefix(); - StringPiece server_forward_secure_decrypter_key = + QuicStringPiece server_forward_secure_decrypter_key = server_forward_secure_decrypter->GetKey(); - StringPiece server_forward_secure_decrypter_iv = + QuicStringPiece server_forward_secure_decrypter_iv = server_forward_secure_decrypter->GetNoncePrefix(); - StringPiece client_subkey_secret = + QuicStringPiece client_subkey_secret = client->crypto_negotiated_params().subkey_secret; - StringPiece server_subkey_secret = + QuicStringPiece server_subkey_secret = server->crypto_negotiated_params().subkey_secret; const char kSampleLabel[] = "label"; @@ -852,7 +852,7 @@ CryptoHandshakeMessage CreateCHLO( size_t value_len = value.length(); if (value_len > 0 && value[0] == '#') { // This is ascii encoded hex. - string hex_value = QuicTextUtils::HexDecode(StringPiece(&value[1])); + string hex_value = QuicTextUtils::HexDecode(QuicStringPiece(&value[1])); msg.SetStringPiece(quic_tag, hex_value); continue; } @@ -861,9 +861,10 @@ CryptoHandshakeMessage CreateCHLO( // The CryptoHandshakeMessage needs to be serialized and parsed to ensure // that any padding is included. - std::unique_ptr<QuicData> bytes(CryptoFramer::ConstructHandshakeMessage(msg)); - std::unique_ptr<CryptoHandshakeMessage> parsed( - CryptoFramer::ParseMessage(bytes->AsStringPiece())); + std::unique_ptr<QuicData> bytes( + CryptoFramer::ConstructHandshakeMessage(msg, Perspective::IS_CLIENT)); + std::unique_ptr<CryptoHandshakeMessage> parsed(CryptoFramer::ParseMessage( + bytes->AsStringPiece(), Perspective::IS_CLIENT)); CHECK(parsed.get()); return *parsed; @@ -901,7 +902,8 @@ void MovePackets(PacketSavingConnection* source_conn, for (const auto& stream_frame : framer.stream_frames()) { ASSERT_TRUE(crypto_framer.ProcessInput( - StringPiece(stream_frame->data_buffer, stream_frame->data_length))); + QuicStringPiece(stream_frame->data_buffer, stream_frame->data_length), + dest_perspective)); ASSERT_FALSE(crypto_visitor.error()); } QuicConnectionPeer::SetCurrentPacket( @@ -916,7 +918,7 @@ void MovePackets(PacketSavingConnection* source_conn, for (const CryptoHandshakeMessage& message : crypto_visitor.messages()) { dest_stream->OnHandshakeMessage(message); } - QuicConnectionPeer::SetCurrentPacket(dest_conn, StringPiece(nullptr, 0)); + QuicConnectionPeer::SetCurrentPacket(dest_conn, QuicStringPiece(nullptr, 0)); } CryptoHandshakeMessage GenerateDefaultInchoateCHLO( @@ -948,13 +950,13 @@ string GenerateClientNonceHex(const QuicClock* clock, primary_config->set_primary_time(clock->WallNow().ToUNIXSeconds()); std::unique_ptr<CryptoHandshakeMessage> msg( crypto_config->AddConfig(std::move(primary_config), clock->WallNow())); - StringPiece orbit; + QuicStringPiece orbit; CHECK(msg->GetStringPiece(kORBT, &orbit)); string nonce; CryptoUtils::GenerateNonce( clock->WallNow(), QuicRandom::GetInstance(), - StringPiece(reinterpret_cast<const char*>(orbit.data()), - sizeof(orbit.size())), + QuicStringPiece(reinterpret_cast<const char*>(orbit.data()), + sizeof(orbit.size())), &nonce); return ("#" + QuicTextUtils::HexEncode(nonce)); } diff --git a/chromium/net/quic/test_tools/crypto_test_utils.h b/chromium/net/quic/test_tools/crypto_test_utils.h index 0ed27ec24fc..e961220098a 100644 --- a/chromium/net/quic/test_tools/crypto_test_utils.h +++ b/chromium/net/quic/test_tools/crypto_test_utils.h @@ -12,10 +12,10 @@ #include <vector> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/crypto/crypto_framer.h" #include "net/quic/core/quic_framer.h" #include "net/quic/core/quic_packets.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/test_tools/quic_test_utils.h" #include "third_party/boringssl/src/include/openssl/evp.h" @@ -46,7 +46,7 @@ class TestChannelIDKey : public ChannelIDKey { // ChannelIDKey implementation. - bool Sign(base::StringPiece signed_data, + bool Sign(QuicStringPiece signed_data, std::string* out_signature) const override; std::string SerializeKey() const override; @@ -185,7 +185,7 @@ ProofVerifyContext* ProofVerifyContextForTesting(); // MockCommonCertSets returns a CommonCertSets that contains a single set with // hash |hash|, consisting of the certificate |cert| at index |index|. -CommonCertSets* MockCommonCertSets(base::StringPiece cert, +CommonCertSets* MockCommonCertSets(QuicStringPiece cert, uint64_t hash, uint32_t index); diff --git a/chromium/net/quic/test_tools/crypto_test_utils_test.cc b/chromium/net/quic/test_tools/crypto_test_utils_test.cc index 2349f1f9c51..77cc3020d8f 100644 --- a/chromium/net/quic/test_tools/crypto_test_utils_test.cc +++ b/chromium/net/quic/test_tools/crypto_test_utils_test.cc @@ -93,7 +93,8 @@ class ShloVerifier { void ProcessClientHelloDone(std::unique_ptr<CryptoHandshakeMessage> message) { // Verify output is a SHLO. EXPECT_EQ(message->tag(), kSHLO) - << "Fail to pass validation. Get " << message->DebugString(); + << "Fail to pass validation. Get " + << message->DebugString(Perspective::IS_SERVER); } QuicCryptoServerConfig* crypto_config_; @@ -132,13 +133,13 @@ TEST(CryptoTestUtilsTest, TestGenerateFullCHLO) { primary_config->set_primary_time(clock.WallNow().ToUNIXSeconds()); std::unique_ptr<CryptoHandshakeMessage> msg( crypto_config.AddConfig(std::move(primary_config), clock.WallNow())); - StringPiece orbit; + QuicStringPiece orbit; ASSERT_TRUE(msg->GetStringPiece(kORBT, &orbit)); string nonce; CryptoUtils::GenerateNonce( clock.WallNow(), QuicRandom::GetInstance(), - StringPiece(reinterpret_cast<const char*>(orbit.data()), - sizeof(orbit.size())), + QuicStringPiece(reinterpret_cast<const char*>(orbit.data()), + sizeof(orbit.size())), &nonce); string nonce_hex = "#" + QuicTextUtils::HexEncode(nonce); diff --git a/chromium/net/quic/test_tools/delayed_verify_strike_register_client.cc b/chromium/net/quic/test_tools/delayed_verify_strike_register_client.cc index 430f34f46cb..da736d792a1 100644 --- a/chromium/net/quic/test_tools/delayed_verify_strike_register_client.cc +++ b/chromium/net/quic/test_tools/delayed_verify_strike_register_client.cc @@ -4,7 +4,6 @@ #include "net/quic/test_tools/delayed_verify_strike_register_client.h" -using base::StringPiece; using std::string; namespace net { @@ -26,7 +25,7 @@ DelayedVerifyStrikeRegisterClient::DelayedVerifyStrikeRegisterClient( DelayedVerifyStrikeRegisterClient::~DelayedVerifyStrikeRegisterClient() {} void DelayedVerifyStrikeRegisterClient::VerifyNonceIsValidAndUnique( - StringPiece nonce, + QuicStringPiece nonce, QuicWallTime now, ResultCallback* cb) { if (delay_verifications_) { diff --git a/chromium/net/quic/test_tools/delayed_verify_strike_register_client.h b/chromium/net/quic/test_tools/delayed_verify_strike_register_client.h index c67aedbda25..98be376875b 100644 --- a/chromium/net/quic/test_tools/delayed_verify_strike_register_client.h +++ b/chromium/net/quic/test_tools/delayed_verify_strike_register_client.h @@ -10,8 +10,8 @@ #include <vector> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/crypto/local_strike_register_client.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { namespace test { @@ -27,7 +27,7 @@ class DelayedVerifyStrikeRegisterClient : public LocalStrikeRegisterClient { StrikeRegister::StartupType startup); ~DelayedVerifyStrikeRegisterClient() override; - void VerifyNonceIsValidAndUnique(base::StringPiece nonce, + void VerifyNonceIsValidAndUnique(QuicStringPiece nonce, QuicWallTime now, ResultCallback* cb) override; @@ -40,7 +40,7 @@ class DelayedVerifyStrikeRegisterClient : public LocalStrikeRegisterClient { private: struct VerifyArgs { - VerifyArgs(base::StringPiece in_nonce, + VerifyArgs(QuicStringPiece in_nonce, QuicWallTime in_now, ResultCallback* in_cb) : nonce(in_nonce.as_string()), now(in_now), cb(in_cb) {} diff --git a/chromium/net/quic/test_tools/failing_proof_source.cc b/chromium/net/quic/test_tools/failing_proof_source.cc index a45bf5264de..45ce8e85a5f 100644 --- a/chromium/net/quic/test_tools/failing_proof_source.cc +++ b/chromium/net/quic/test_tools/failing_proof_source.cc @@ -11,7 +11,7 @@ void FailingProofSource::GetProof(const QuicSocketAddress& server_address, const std::string& hostname, const std::string& server_config, QuicVersion quic_version, - base::StringPiece chlo_hash, + QuicStringPiece chlo_hash, const QuicTagVector& connection_options, std::unique_ptr<Callback> callback) { callback->Run(false, nullptr, QuicCryptoProof(), nullptr); diff --git a/chromium/net/quic/test_tools/failing_proof_source.h b/chromium/net/quic/test_tools/failing_proof_source.h index dfc72fe32fe..a73a596e906 100644 --- a/chromium/net/quic/test_tools/failing_proof_source.h +++ b/chromium/net/quic/test_tools/failing_proof_source.h @@ -6,6 +6,7 @@ #define NET_QUIC_TEST_TOOLS_FAILING_PROOF_SOURCE_H_ #include "net/quic/core/crypto/proof_source.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { namespace test { @@ -16,7 +17,7 @@ class FailingProofSource : public ProofSource { const std::string& hostname, const std::string& server_config, QuicVersion quic_version, - base::StringPiece chlo_hash, + QuicStringPiece chlo_hash, const QuicTagVector& connection_options, std::unique_ptr<Callback> callback) override; }; diff --git a/chromium/net/quic/test_tools/fake_proof_source.cc b/chromium/net/quic/test_tools/fake_proof_source.cc index 296384ee8bf..1eb334b5493 100644 --- a/chromium/net/quic/test_tools/fake_proof_source.cc +++ b/chromium/net/quic/test_tools/fake_proof_source.cc @@ -48,7 +48,7 @@ void FakeProofSource::GetProof( const string& hostname, const string& server_config, QuicVersion quic_version, - StringPiece chlo_hash, + QuicStringPiece chlo_hash, const QuicTagVector& connection_options, std::unique_ptr<ProofSource::Callback> callback) { if (!active_) { diff --git a/chromium/net/quic/test_tools/fake_proof_source.h b/chromium/net/quic/test_tools/fake_proof_source.h index b6713f37716..dad7aee6dc8 100644 --- a/chromium/net/quic/test_tools/fake_proof_source.h +++ b/chromium/net/quic/test_tools/fake_proof_source.h @@ -10,6 +10,7 @@ #include <vector> #include "net/quic/core/crypto/proof_source.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { namespace test { @@ -34,7 +35,7 @@ class FakeProofSource : public ProofSource { const std::string& hostname, const std::string& server_config, QuicVersion quic_version, - base::StringPiece chlo_hash, + QuicStringPiece chlo_hash, const QuicTagVector& connection_options, std::unique_ptr<ProofSource::Callback> callback) override; diff --git a/chromium/net/quic/test_tools/mock_crypto_client_stream.cc b/chromium/net/quic/test_tools/mock_crypto_client_stream.cc index 2f0089a2625..1a2449a80cf 100644 --- a/chromium/net/quic/test_tools/mock_crypto_client_stream.cc +++ b/chromium/net/quic/test_tools/mock_crypto_client_stream.cc @@ -42,7 +42,7 @@ void MockCryptoClientStream::OnHandshakeMessage( "Forced mock failure"); } -void MockCryptoClientStream::CryptoConnect() { +bool MockCryptoClientStream::CryptoConnect() { if (proof_verify_details_) { if (!proof_verify_details_->cert_verify_result.verified_cert ->VerifyNameMatch(server_id_.host(), false)) { @@ -51,7 +51,7 @@ void MockCryptoClientStream::CryptoConnect() { session()->connection()->CloseConnection( QUIC_PROOF_INVALID, "proof invalid", ConnectionCloseBehavior::SILENT_CLOSE); - return; + return false; } } @@ -106,6 +106,8 @@ void MockCryptoClientStream::CryptoConnect() { break; } } + + return session()->connection()->connected(); } void MockCryptoClientStream::SendOnCryptoHandshakeEvent( diff --git a/chromium/net/quic/test_tools/mock_crypto_client_stream.h b/chromium/net/quic/test_tools/mock_crypto_client_stream.h index ffec4aa527a..0d0f5a48ce1 100644 --- a/chromium/net/quic/test_tools/mock_crypto_client_stream.h +++ b/chromium/net/quic/test_tools/mock_crypto_client_stream.h @@ -58,7 +58,7 @@ class MockCryptoClientStream : public QuicCryptoClientStream { void OnHandshakeMessage(const CryptoHandshakeMessage& message) override; // QuicCryptoClientStream implementation. - void CryptoConnect() override; + bool CryptoConnect() override; // Invokes the sessions's CryptoHandshakeEvent method with the specified // event. diff --git a/chromium/net/quic/test_tools/quic_connection_peer.cc b/chromium/net/quic/test_tools/quic_connection_peer.cc index 8c2e1956134..d96b991425e 100644 --- a/chromium/net/quic/test_tools/quic_connection_peer.cc +++ b/chromium/net/quic/test_tools/quic_connection_peer.cc @@ -104,11 +104,6 @@ bool QuicConnectionPeer::IsSilentCloseEnabled(QuicConnection* connection) { } // static -bool QuicConnectionPeer::IsMultipathEnabled(QuicConnection* connection) { - return connection->multipath_enabled_; -} - -// static void QuicConnectionPeer::SwapCrypters(QuicConnection* connection, QuicFramer* framer) { QuicFramerPeer::SwapCrypters(framer, &connection->framer_); @@ -116,7 +111,7 @@ void QuicConnectionPeer::SwapCrypters(QuicConnection* connection, // static void QuicConnectionPeer::SetCurrentPacket(QuicConnection* connection, - base::StringPiece current_packet) { + QuicStringPiece current_packet) { connection->current_packet_data_ = current_packet.data(); connection->last_size_ = current_packet.size(); } @@ -252,11 +247,16 @@ void QuicConnectionPeer::SetAckDecimationDelay(QuicConnection* connection, // static bool QuicConnectionPeer::HasRetransmittableFrames( QuicConnection* connection, - QuicPathId path_id, QuicPacketNumber packet_number) { return QuicSentPacketManagerPeer::HasRetransmittableFrames( GetSentPacketManager(connection), packet_number); } +// static +void QuicConnectionPeer::SetNoStopWaitingFrames(QuicConnection* connection, + bool no_stop_waiting_frames) { + connection->no_stop_waiting_frames_ = no_stop_waiting_frames; +} + } // namespace test } // namespace net diff --git a/chromium/net/quic/test_tools/quic_connection_peer.h b/chromium/net/quic/test_tools/quic_connection_peer.h index 64e06855763..81f4d1db9af 100644 --- a/chromium/net/quic/test_tools/quic_connection_peer.h +++ b/chromium/net/quic/test_tools/quic_connection_peer.h @@ -10,6 +10,7 @@ #include "net/quic/core/quic_connection_stats.h" #include "net/quic/core/quic_packets.h" #include "net/quic/platform/api/quic_socket_address.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -65,12 +66,10 @@ class QuicConnectionPeer { static bool IsSilentCloseEnabled(QuicConnection* connection); - static bool IsMultipathEnabled(QuicConnection* connection); - static void SwapCrypters(QuicConnection* connection, QuicFramer* framer); static void SetCurrentPacket(QuicConnection* connection, - base::StringPiece current_packet); + QuicStringPiece current_packet); static QuicConnectionHelperInterface* GetHelper(QuicConnection* connection); @@ -113,8 +112,9 @@ class QuicConnectionPeer { static void SetAckDecimationDelay(QuicConnection* connection, float ack_decimation_delay); static bool HasRetransmittableFrames(QuicConnection* connection, - QuicPathId path_id, QuicPacketNumber packet_number); + static void SetNoStopWaitingFrames(QuicConnection* connection, + bool no_stop_waiting_frames); private: DISALLOW_COPY_AND_ASSIGN(QuicConnectionPeer); diff --git a/chromium/net/quic/test_tools/quic_crypto_server_config_peer.cc b/chromium/net/quic/test_tools/quic_crypto_server_config_peer.cc index 1be6ffc7f2d..8bf1d5b41b8 100644 --- a/chromium/net/quic/test_tools/quic_crypto_server_config_peer.cc +++ b/chromium/net/quic/test_tools/quic_crypto_server_config_peer.cc @@ -59,7 +59,7 @@ string QuicCryptoServerConfigPeer::NewSourceAddressToken( HandshakeFailureReason QuicCryptoServerConfigPeer::ValidateSourceAddressTokens( string config_id, - StringPiece srct, + QuicStringPiece srct, const QuicIpAddress& ip, QuicWallTime now, CachedNetworkParameters* cached_network_params) { @@ -76,7 +76,7 @@ HandshakeFailureReason QuicCryptoServerConfigPeer::ValidateSourceAddressTokens( HandshakeFailureReason QuicCryptoServerConfigPeer::ValidateSingleSourceAddressToken( - StringPiece token, + QuicStringPiece token, const QuicIpAddress& ip, QuicWallTime now) { SourceAddressTokens tokens; diff --git a/chromium/net/quic/test_tools/quic_crypto_server_config_peer.h b/chromium/net/quic/test_tools/quic_crypto_server_config_peer.h index 2b4bc053c75..374a8063e9f 100644 --- a/chromium/net/quic/test_tools/quic_crypto_server_config_peer.h +++ b/chromium/net/quic/test_tools/quic_crypto_server_config_peer.h @@ -6,6 +6,7 @@ #define NET_QUIC_TEST_TOOLS_QUIC_CRYPTO_SERVER_CONFIG_PEER_H_ #include "net/quic/core/crypto/quic_crypto_server_config.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { namespace test { @@ -45,14 +46,14 @@ class QuicCryptoServerConfigPeer { // Attempts to validate the tokens in |tokens|. HandshakeFailureReason ValidateSourceAddressTokens( std::string config_id, - base::StringPiece tokens, + QuicStringPiece tokens, const QuicIpAddress& ip, QuicWallTime now, CachedNetworkParameters* cached_network_params); // Attempts to validate the single source address token in |token|. HandshakeFailureReason ValidateSingleSourceAddressToken( - base::StringPiece token, + QuicStringPiece token, const QuicIpAddress& ip, QuicWallTime now); diff --git a/chromium/net/quic/test_tools/quic_packet_creator_peer.cc b/chromium/net/quic/test_tools/quic_packet_creator_peer.cc index 840eec894c9..e8788d6c802 100644 --- a/chromium/net/quic/test_tools/quic_packet_creator_peer.cc +++ b/chromium/net/quic/test_tools/quic_packet_creator_peer.cc @@ -82,10 +82,5 @@ EncryptionLevel QuicPacketCreatorPeer::GetEncryptionLevel( return creator->packet_.encryption_level; } -// static -QuicPathId QuicPacketCreatorPeer::GetCurrentPath(QuicPacketCreator* creator) { - return creator->packet_.path_id; -} - } // namespace test } // namespace net diff --git a/chromium/net/quic/test_tools/quic_packet_creator_peer.h b/chromium/net/quic/test_tools/quic_packet_creator_peer.h index 5c190918b69..c798cb13dd0 100644 --- a/chromium/net/quic/test_tools/quic_packet_creator_peer.h +++ b/chromium/net/quic/test_tools/quic_packet_creator_peer.h @@ -40,7 +40,6 @@ class QuicPacketCreatorPeer { char* buffer, size_t buffer_len); static EncryptionLevel GetEncryptionLevel(QuicPacketCreator* creator); - static QuicPathId GetCurrentPath(QuicPacketCreator* creator); private: DISALLOW_COPY_AND_ASSIGN(QuicPacketCreatorPeer); diff --git a/chromium/net/quic/test_tools/quic_stream_peer.cc b/chromium/net/quic/test_tools/quic_stream_peer.cc index 859bc6ac50c..7b79cb3c8ec 100644 --- a/chromium/net/quic/test_tools/quic_stream_peer.cc +++ b/chromium/net/quic/test_tools/quic_stream_peer.cc @@ -8,8 +8,6 @@ #include "net/quic/core/quic_stream.h" -using base::StringPiece; - namespace net { namespace test { @@ -66,7 +64,7 @@ bool QuicStreamPeer::StreamContributesToConnectionFlowControl( // static void QuicStreamPeer::WriteOrBufferData( QuicStream* stream, - StringPiece data, + QuicStringPiece data, bool fin, QuicReferenceCountedPointer<QuicAckListenerInterface> ack_listener) { stream->WriteOrBufferData(data, fin, std::move(ack_listener)); diff --git a/chromium/net/quic/test_tools/quic_stream_peer.h b/chromium/net/quic/test_tools/quic_stream_peer.h index c0fa1063c3e..b7c33565303 100644 --- a/chromium/net/quic/test_tools/quic_stream_peer.h +++ b/chromium/net/quic/test_tools/quic_stream_peer.h @@ -10,6 +10,7 @@ #include "base/macros.h" #include "net/quic/core/quic_packets.h" #include "net/quic/core/quic_stream_sequencer.h" +#include "net/quic/platform/api/quic_string_piece.h" namespace net { @@ -35,7 +36,7 @@ class QuicStreamPeer { static void WriteOrBufferData( QuicStream* stream, - base::StringPiece data, + QuicStringPiece data, bool fin, QuicReferenceCountedPointer<QuicAckListenerInterface> ack_listener); diff --git a/chromium/net/quic/test_tools/quic_stream_sequencer_buffer_peer.cc b/chromium/net/quic/test_tools/quic_stream_sequencer_buffer_peer.cc index e7f38b20689..a759104cb39 100644 --- a/chromium/net/quic/test_tools/quic_stream_sequencer_buffer_peer.cc +++ b/chromium/net/quic/test_tools/quic_stream_sequencer_buffer_peer.cc @@ -42,8 +42,7 @@ bool QuicStreamSequencerBufferPeer::CheckEmptyInvariants() { } bool QuicStreamSequencerBufferPeer::IsBlockArrayEmpty() { - if (FLAGS_quic_reloadable_flag_quic_reduce_sequencer_buffer_memory_life_time && // NOLINT - buffer_->blocks_ == nullptr) { + if (buffer_->blocks_ == nullptr) { return true; } diff --git a/chromium/net/quic/test_tools/quic_test_utils.cc b/chromium/net/quic/test_tools/quic_test_utils.cc index 1d2282d5553..adf9df17a83 100644 --- a/chromium/net/quic/test_tools/quic_test_utils.cc +++ b/chromium/net/quic/test_tools/quic_test_utils.cc @@ -4,6 +4,7 @@ #include "net/quic/test_tools/quic_test_utils.h" +#include <algorithm> #include <memory> #include "net/quic/core/crypto/crypto_framer.h" @@ -24,9 +25,6 @@ #include "net/spdy/spdy_frame_builder.h" #include "third_party/boringssl/src/include/openssl/sha.h" -using base::StringPiece; -using std::max; -using std::min; using std::string; using testing::_; using testing::Invoke; @@ -98,7 +96,7 @@ QuicFlagSaver::~QuicFlagSaver() { #undef QUIC_FLAG } -string Sha1Hash(StringPiece data) { +string Sha1Hash(QuicStringPiece data) { char buffer[SHA_DIGEST_LENGTH]; SHA1(reinterpret_cast<const uint8_t*>(data.data()), data.size(), reinterpret_cast<uint8_t*>(buffer)); @@ -107,7 +105,7 @@ string Sha1Hash(StringPiece data) { uint64_t SimpleRandom::RandUint64() { string hash = - Sha1Hash(StringPiece(reinterpret_cast<char*>(&seed_), sizeof(seed_))); + Sha1Hash(QuicStringPiece(reinterpret_cast<char*>(&seed_), sizeof(seed_))); DCHECK_EQ(static_cast<size_t>(SHA_DIGEST_LENGTH), hash.length()); memcpy(&seed_, hash.data(), sizeof(seed_)); return seed_; @@ -223,10 +221,6 @@ bool NoOpFramerVisitor::OnBlockedFrame(const QuicBlockedFrame& frame) { return true; } -bool NoOpFramerVisitor::OnPathCloseFrame(const QuicPathCloseFrame& frame) { - return true; -} - MockQuicConnectionVisitor::MockQuicConnectionVisitor() {} MockQuicConnectionVisitor::~MockQuicConnectionVisitor() {} @@ -510,8 +504,8 @@ string HexDumpWithMarks(const char* data, const int kSizeLimit = 1024; if (length > kSizeLimit || mark_length > kSizeLimit) { QUIC_LOG(ERROR) << "Only dumping first " << kSizeLimit << " bytes."; - length = min(length, kSizeLimit); - mark_length = min(mark_length, kSizeLimit); + length = std::min(length, kSizeLimit); + mark_length = std::min(mark_length, kSizeLimit); } string hex; @@ -556,54 +550,45 @@ QuicVersion QuicVersionMin() { QuicEncryptedPacket* ConstructEncryptedPacket(QuicConnectionId connection_id, bool version_flag, - bool multipath_flag, bool reset_flag, - QuicPathId path_id, QuicPacketNumber packet_number, const string& data) { - return ConstructEncryptedPacket(connection_id, version_flag, multipath_flag, - reset_flag, path_id, packet_number, data, - PACKET_8BYTE_CONNECTION_ID, - PACKET_6BYTE_PACKET_NUMBER); + return ConstructEncryptedPacket( + connection_id, version_flag, reset_flag, packet_number, data, + PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER); } QuicEncryptedPacket* ConstructEncryptedPacket( QuicConnectionId connection_id, bool version_flag, - bool multipath_flag, bool reset_flag, - QuicPathId path_id, QuicPacketNumber packet_number, const string& data, QuicConnectionIdLength connection_id_length, QuicPacketNumberLength packet_number_length) { - return ConstructEncryptedPacket( - connection_id, version_flag, multipath_flag, reset_flag, path_id, - packet_number, data, connection_id_length, packet_number_length, nullptr); + return ConstructEncryptedPacket(connection_id, version_flag, reset_flag, + packet_number, data, connection_id_length, + packet_number_length, nullptr); } QuicEncryptedPacket* ConstructEncryptedPacket( QuicConnectionId connection_id, bool version_flag, - bool multipath_flag, bool reset_flag, - QuicPathId path_id, QuicPacketNumber packet_number, const string& data, QuicConnectionIdLength connection_id_length, QuicPacketNumberLength packet_number_length, QuicVersionVector* versions) { - return ConstructEncryptedPacket(connection_id, version_flag, multipath_flag, - reset_flag, path_id, packet_number, data, - connection_id_length, packet_number_length, - versions, Perspective::IS_CLIENT); + return ConstructEncryptedPacket(connection_id, version_flag, reset_flag, + packet_number, data, connection_id_length, + packet_number_length, versions, + Perspective::IS_CLIENT); } QuicEncryptedPacket* ConstructEncryptedPacket( QuicConnectionId connection_id, bool version_flag, - bool multipath_flag, bool reset_flag, - QuicPathId path_id, QuicPacketNumber packet_number, const string& data, QuicConnectionIdLength connection_id_length, @@ -614,12 +599,11 @@ QuicEncryptedPacket* ConstructEncryptedPacket( header.public_header.connection_id = connection_id; header.public_header.connection_id_length = connection_id_length; header.public_header.version_flag = version_flag; - header.public_header.multipath_flag = multipath_flag; + header.public_header.multipath_flag = false; header.public_header.reset_flag = reset_flag; header.public_header.packet_number_length = packet_number_length; - header.path_id = path_id; header.packet_number = packet_number; - QuicStreamFrame stream_frame(1, false, 0, StringPiece(data)); + QuicStreamFrame stream_frame(1, false, 0, QuicStringPiece(data)); QuicFrame frame(&stream_frame); QuicFrames frames; frames.push_back(frame); @@ -650,7 +634,6 @@ QuicEncryptedPacket* ConstructMisFramedEncryptedPacket( QuicConnectionId connection_id, bool version_flag, bool reset_flag, - QuicPathId path_id, QuicPacketNumber packet_number, const string& data, QuicConnectionIdLength connection_id_length, @@ -663,9 +646,8 @@ QuicEncryptedPacket* ConstructMisFramedEncryptedPacket( header.public_header.version_flag = version_flag; header.public_header.reset_flag = reset_flag; header.public_header.packet_number_length = packet_number_length; - header.path_id = path_id; header.packet_number = packet_number; - QuicStreamFrame stream_frame(1, false, 0, StringPiece(data)); + QuicStreamFrame stream_frame(1, false, 0, QuicStringPiece(data)); QuicFrame frame(&stream_frame); QuicFrames frames; frames.push_back(frame); @@ -695,8 +677,8 @@ void CompareCharArraysWithHexError(const string& description, const char* expected, const int expected_len) { EXPECT_EQ(actual_len, expected_len); - const int min_len = min(actual_len, expected_len); - const int max_len = max(actual_len, expected_len); + const int min_len = std::min(actual_len, expected_len); + const int max_len = std::max(actual_len, expected_len); std::unique_ptr<bool[]> marks(new bool[max_len]); bool identical = (actual_len == expected_len); for (int i = 0; i < min_len; ++i) { diff --git a/chromium/net/quic/test_tools/quic_test_utils.h b/chromium/net/quic/test_tools/quic_test_utils.h index 5b53b4a6b54..a53d2fbe55c 100644 --- a/chromium/net/quic/test_tools/quic_test_utils.h +++ b/chromium/net/quic/test_tools/quic_test_utils.h @@ -14,7 +14,6 @@ #include <vector> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/congestion_control/loss_detection_interface.h" #include "net/quic/core/congestion_control/send_algorithm_interface.h" #include "net/quic/core/quic_client_push_promise_index.h" @@ -25,6 +24,7 @@ #include "net/quic/core/quic_sent_packet_manager.h" #include "net/quic/core/quic_server_session_base.h" #include "net/quic/core/quic_simple_buffer_allocator.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/test_tools/mock_clock.h" #include "net/quic/test_tools/mock_random.h" #include "net/test/gtest_util.h" @@ -32,8 +32,6 @@ #include "net/tools/quic/test_tools/mock_quic_session_visitor.h" #include "testing/gmock/include/gmock/gmock.h" -using base::StringPiece; - // EXPECT_QUIC_BUG is like EXPECT_DFATAL, except it ensures that no DFATAL // logging is skipped due to exponential backoff. // @@ -72,9 +70,7 @@ QuicVersion QuicVersionMin(); QuicEncryptedPacket* ConstructEncryptedPacket( QuicConnectionId connection_id, bool version_flag, - bool multipath_flag, bool reset_flag, - QuicPathId path_id, QuicPacketNumber packet_number, const std::string& data, QuicConnectionIdLength connection_id_length, @@ -89,9 +85,7 @@ QuicEncryptedPacket* ConstructEncryptedPacket( QuicEncryptedPacket* ConstructEncryptedPacket( QuicConnectionId connection_id, bool version_flag, - bool multipath_flag, bool reset_flag, - QuicPathId path_id, QuicPacketNumber packet_number, const std::string& data, QuicConnectionIdLength connection_id_length, @@ -102,9 +96,7 @@ QuicEncryptedPacket* ConstructEncryptedPacket( QuicEncryptedPacket* ConstructEncryptedPacket( QuicConnectionId connection_id, bool version_flag, - bool multipath_flag, bool reset_flag, - QuicPathId path_id, QuicPacketNumber packet_number, const std::string& data, QuicConnectionIdLength connection_id_length, @@ -115,9 +107,7 @@ QuicEncryptedPacket* ConstructEncryptedPacket( // |versions| == nullptr. QuicEncryptedPacket* ConstructEncryptedPacket(QuicConnectionId connection_id, bool version_flag, - bool multipath_flag, bool reset_flag, - QuicPathId path_id, QuicPacketNumber packet_number, const std::string& data); @@ -136,7 +126,6 @@ QuicEncryptedPacket* ConstructMisFramedEncryptedPacket( QuicConnectionId connection_id, bool version_flag, bool reset_flag, - QuicPathId path_id, QuicPacketNumber packet_number, const std::string& data, QuicConnectionIdLength connection_id_length, @@ -199,7 +188,7 @@ class QuicFlagSaver { }; // Compute SHA-1 hash of the supplied std::string. -std::string Sha1Hash(base::StringPiece data); +std::string Sha1Hash(QuicStringPiece data); // Simple random number generator used to compute random numbers suitable // for pseudo-randomly dropping packets in tests. It works by computing @@ -254,7 +243,6 @@ class MockFramerVisitor : public QuicFramerVisitorInterface { MOCK_METHOD1(OnGoAwayFrame, bool(const QuicGoAwayFrame& frame)); MOCK_METHOD1(OnWindowUpdateFrame, bool(const QuicWindowUpdateFrame& frame)); MOCK_METHOD1(OnBlockedFrame, bool(const QuicBlockedFrame& frame)); - MOCK_METHOD1(OnPathCloseFrame, bool(const QuicPathCloseFrame& frame)); MOCK_METHOD0(OnPacketComplete, void()); private: @@ -286,7 +274,6 @@ class NoOpFramerVisitor : public QuicFramerVisitorInterface { bool OnGoAwayFrame(const QuicGoAwayFrame& frame) override; bool OnWindowUpdateFrame(const QuicWindowUpdateFrame& frame) override; bool OnBlockedFrame(const QuicBlockedFrame& frame) override; - bool OnPathCloseFrame(const QuicPathCloseFrame& frame) override; void OnPacketComplete() override {} private: @@ -510,7 +497,7 @@ class MockQuicSession : public QuicSession { QuicStreamOffset bytes_written)); MOCK_METHOD2(OnStreamHeaders, - void(QuicStreamId stream_id, base::StringPiece headers_data)); + void(QuicStreamId stream_id, QuicStringPiece headers_data)); MOCK_METHOD2(OnStreamHeadersPriority, void(QuicStreamId stream_id, SpdyPriority priority)); MOCK_METHOD3(OnStreamHeadersComplete, @@ -571,7 +558,7 @@ class MockQuicSpdySession : public QuicSpdySession { QuicStreamOffset bytes_written)); MOCK_METHOD2(OnStreamHeaders, - void(QuicStreamId stream_id, StringPiece headers_data)); + void(QuicStreamId stream_id, QuicStringPiece headers_data)); MOCK_METHOD2(OnStreamHeadersPriority, void(QuicStreamId stream_id, SpdyPriority priority)); MOCK_METHOD3(OnStreamHeadersComplete, @@ -583,7 +570,7 @@ class MockQuicSpdySession : public QuicSpdySession { const QuicHeaderList& header_list)); MOCK_METHOD0(IsCryptoHandshakeConfirmed, bool()); MOCK_METHOD2(OnPromiseHeaders, - void(QuicStreamId stream_id, StringPiece headers_data)); + void(QuicStreamId stream_id, QuicStringPiece headers_data)); MOCK_METHOD3(OnPromiseHeadersComplete, void(QuicStreamId stream_id, QuicStreamId promised_stream_id, @@ -986,7 +973,7 @@ QuicHeaderList AsHeaderList(const T& container) { // Utility function that returns an QuicIOVector object wrapped around |str|. // // |str|'s data is stored in |iov|. -inline QuicIOVector MakeIOVector(base::StringPiece str, struct iovec* iov) { +inline QuicIOVector MakeIOVector(QuicStringPiece str, struct iovec* iov) { iov->iov_base = const_cast<char*>(str.data()); iov->iov_len = static_cast<size_t>(str.size()); QuicIOVector quic_iov(iov, 1, str.size()); diff --git a/chromium/net/quic/test_tools/simple_quic_framer.cc b/chromium/net/quic/test_tools/simple_quic_framer.cc index 8ba739253fd..734b1dc03c6 100644 --- a/chromium/net/quic/test_tools/simple_quic_framer.cc +++ b/chromium/net/quic/test_tools/simple_quic_framer.cc @@ -10,8 +10,8 @@ #include "net/quic/core/crypto/quic_decrypter.h" #include "net/quic/core/crypto/quic_encrypter.h" #include "net/quic/platform/api/quic_ptr_util.h" +#include "net/quic/platform/api/quic_string_piece.h" -using base::StringPiece; using std::string; namespace net { @@ -56,7 +56,8 @@ class SimpleFramerVisitor : public QuicFramerVisitorInterface { stream_data_.push_back(QuicWrapUnique(string_data)); // TODO(ianswett): A pointer isn't necessary with emplace_back. stream_frames_.push_back(QuicMakeUnique<QuicStreamFrame>( - frame.stream_id, frame.fin, frame.offset, StringPiece(*string_data))); + frame.stream_id, frame.fin, frame.offset, + QuicStringPiece(*string_data))); return true; } @@ -105,11 +106,6 @@ class SimpleFramerVisitor : public QuicFramerVisitorInterface { return true; } - bool OnPathCloseFrame(const QuicPathCloseFrame& frame) override { - path_close_frames_.push_back(frame); - return true; - } - void OnPacketComplete() override {} const QuicPacketHeader& header() const { return header_; } @@ -150,7 +146,6 @@ class SimpleFramerVisitor : public QuicFramerVisitorInterface { std::vector<QuicConnectionCloseFrame> connection_close_frames_; std::vector<QuicWindowUpdateFrame> window_update_frames_; std::vector<QuicBlockedFrame> blocked_frames_; - std::vector<QuicPathCloseFrame> path_close_frames_; std::vector<std::unique_ptr<string>> stream_data_; DISALLOW_COPY_AND_ASSIGN(SimpleFramerVisitor); diff --git a/chromium/net/quic/test_tools/simulator/queue.cc b/chromium/net/quic/test_tools/simulator/queue.cc index 12073f8e0a8..a7e8cb901bc 100644 --- a/chromium/net/quic/test_tools/simulator/queue.cc +++ b/chromium/net/quic/test_tools/simulator/queue.cc @@ -2,8 +2,9 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/quic/platform/api/quic_logging.h" #include "net/quic/test_tools/simulator/queue.h" +#include "net/quic/platform/api/quic_logging.h" +#include "net/quic/test_tools/simulator/simulator.h" using std::string; @@ -16,7 +17,14 @@ Queue::Queue(Simulator* simulator, string name, QuicByteCount capacity) : Actor(simulator, name), capacity_(capacity), bytes_queued_(0), - listener_(nullptr) {} + aggregation_threshold_(0), + aggregation_timeout_(QuicTime::Delta::Infinite()), + current_bundle_(0), + current_bundle_bytes_(0), + listener_(nullptr) { + aggregation_timeout_alarm_.reset(simulator_->GetAlarmFactory()->CreateAlarm( + new AggregationAlarmDelegate(this))); +} Queue::~Queue() {} @@ -35,17 +43,28 @@ void Queue::AcceptPacket(std::unique_ptr<Packet> packet) { } bytes_queued_ += packet->size; - queue_.emplace(std::move(packet)); + queue_.emplace(std::move(packet), current_bundle_); + + if (IsAggregationEnabled()) { + current_bundle_bytes_ += queue_.front().packet->size; + if (!aggregation_timeout_alarm_->IsSet()) { + aggregation_timeout_alarm_->Set(clock_->Now() + aggregation_timeout_); + } + if (current_bundle_bytes_ >= aggregation_threshold_) { + NextBundle(); + } + } + ScheduleNextPacketDequeue(); } void Queue::Act() { DCHECK(!queue_.empty()); if (tx_port_->TimeUntilAvailable().IsZero()) { - DCHECK(bytes_queued_ >= queue_.front()->size); - bytes_queued_ -= queue_.front()->size; + DCHECK(bytes_queued_ >= queue_.front().packet->size); + bytes_queued_ -= queue_.front().packet->size; - tx_port_->AcceptPacket(std::move(queue_.front())); + tx_port_->AcceptPacket(std::move(queue_.front().packet)); queue_.pop(); if (listener_ != nullptr) { listener_->OnPacketDequeued(); @@ -55,12 +74,46 @@ void Queue::Act() { ScheduleNextPacketDequeue(); } +void Queue::EnableAggregation(QuicByteCount aggregation_threshold, + QuicTime::Delta aggregation_timeout) { + DCHECK_EQ(bytes_queued_, 0u); + DCHECK_GT(aggregation_threshold, 0u); + DCHECK(!aggregation_timeout.IsZero()); + DCHECK(!aggregation_timeout.IsInfinite()); + + aggregation_threshold_ = aggregation_threshold; + aggregation_timeout_ = aggregation_timeout; +} + +Queue::AggregationAlarmDelegate::AggregationAlarmDelegate(Queue* queue) + : queue_(queue) {} + +void Queue::AggregationAlarmDelegate::OnAlarm() { + queue_->NextBundle(); + queue_->ScheduleNextPacketDequeue(); +} + +Queue::EnqueuedPacket::EnqueuedPacket(std::unique_ptr<Packet> packet, + AggregationBundleNumber bundle) + : packet(std::move(packet)), bundle(bundle) {} +Queue::EnqueuedPacket::~EnqueuedPacket() = default; + +void Queue::NextBundle() { + current_bundle_++; + current_bundle_bytes_ = 0; + aggregation_timeout_alarm_->Cancel(); +} + void Queue::ScheduleNextPacketDequeue() { if (queue_.empty()) { DCHECK_EQ(bytes_queued_, 0u); return; } + if (IsAggregationEnabled() && queue_.front().bundle == current_bundle_) { + return; + } + Schedule(clock_->Now() + tx_port_->TimeUntilAvailable()); } diff --git a/chromium/net/quic/test_tools/simulator/queue.h b/chromium/net/quic/test_tools/simulator/queue.h index b7048930f1a..532bb220241 100644 --- a/chromium/net/quic/test_tools/simulator/queue.h +++ b/chromium/net/quic/test_tools/simulator/queue.h @@ -5,6 +5,7 @@ #ifndef NET_QUIC_TEST_TOOLS_SIMULATOR_QUEUE_H_ #define NET_QUIC_TEST_TOOLS_SIMULATOR_QUEUE_H_ +#include "net/quic/core/quic_alarm.h" #include "net/quic/test_tools/simulator/link.h" namespace net { @@ -39,14 +40,73 @@ class Queue : public Actor, public UnconstrainedPortInterface { listener_ = listener; } + // Enables packet aggregation on the queue. Packet aggregation makes the + // queue bundle packets up until they reach certain size. When the + // aggregation is enabled, the packets are not dequeued until the total size + // of packets in the queue reaches |aggregation_threshold|. The packets are + // automatically flushed from the queue if the oldest packet has been in it + // for |aggregation_timeout|. + // + // This method may only be called when the queue is empty. Once enabled, + // aggregation cannot be disabled. + void EnableAggregation(QuicByteCount aggregation_threshold, + QuicTime::Delta aggregation_timeout); + private: + typedef uint64_t AggregationBundleNumber; + + // In order to implement packet aggregation, each packet is tagged with a + // bundle number. The queue keeps a bundle counter, and whenever a bundle is + // ready, it increments the number of the current bundle. Only the packets + // outside of the current bundle are allowed to leave the queue. + struct EnqueuedPacket { + EnqueuedPacket(std::unique_ptr<Packet> packet, + AggregationBundleNumber bundle); + ~EnqueuedPacket(); + + std::unique_ptr<Packet> packet; + AggregationBundleNumber bundle; + }; + + // Alarm handler for aggregation timeout. + class AggregationAlarmDelegate : public QuicAlarm::Delegate { + public: + explicit AggregationAlarmDelegate(Queue* queue); + + void OnAlarm() override; + + private: + Queue* queue_; + }; + + inline bool IsAggregationEnabled() const { + return aggregation_threshold_ > 0; + } + + // Increment the bundle counter and reset the bundle state. This causes all + // packets currently in the bundle to be flushed onto the link. + void NextBundle(); + void ScheduleNextPacketDequeue(); const QuicByteCount capacity_; QuicByteCount bytes_queued_; + QuicByteCount aggregation_threshold_; + QuicTime::Delta aggregation_timeout_; + // The number of the current aggregation bundle. Monotonically increasing. + // All packets in the previous bundles are allowed to leave the queue, and + // none of the packets in the current one are. + AggregationBundleNumber current_bundle_; + // Size of the current bundle. Whenever it exceeds |aggregation_threshold_|, + // the next bundle is created. + QuicByteCount current_bundle_bytes_; + // Alarm responsible for flushing the current bundle upon timeout. Set when + // the first packet in the bundle is enqueued. + std::unique_ptr<QuicAlarm> aggregation_timeout_alarm_; + ConstrainedPortInterface* tx_port_; - std::queue<std::unique_ptr<Packet>> queue_; + std::queue<EnqueuedPacket> queue_; ListenerInterface* listener_; diff --git a/chromium/net/quic/test_tools/simulator/simulator_test.cc b/chromium/net/quic/test_tools/simulator/simulator_test.cc index 577491e4198..d72330c788c 100644 --- a/chromium/net/quic/test_tools/simulator/simulator_test.cc +++ b/chromium/net/quic/test_tools/simulator/simulator_test.cc @@ -728,5 +728,81 @@ TEST(SimulatorTest, TrafficPolicerBurst) { saturator2.counter()->bytes(), 0.1f); } +// Test that the packet aggregation support in queues work. +TEST(SimulatorTest, PacketAggregation) { + // Model network where the delays are dominated by transfer delay. + const QuicBandwidth bandwidth = QuicBandwidth::FromBytesPerSecond(1000); + const QuicTime::Delta base_propagation_delay = + QuicTime::Delta::FromMicroseconds(1); + const QuicByteCount aggregation_threshold = 1000; + const QuicTime::Delta aggregation_timeout = QuicTime::Delta::FromSeconds(30); + + Simulator simulator; + LinkSaturator saturator1(&simulator, "Saturator 1", 10, "Saturator 2"); + LinkSaturator saturator2(&simulator, "Saturator 2", 10, "Saturator 1"); + Switch network_switch(&simulator, "Switch", 8, 10 * aggregation_threshold); + + // Make links with asymmetric propagation delay so that Saturator 2 only + // receives packets addressed to it. + SymmetricLink link1(&saturator1, network_switch.port(1), bandwidth, + base_propagation_delay); + SymmetricLink link2(&saturator2, network_switch.port(2), bandwidth, + 2 * base_propagation_delay); + + // Enable aggregation in 1 -> 2 direction. + Queue* queue = network_switch.port_queue(2); + queue->EnableAggregation(aggregation_threshold, aggregation_timeout); + + // Enable aggregation in 2 -> 1 direction in a way that all packets are larger + // than the threshold, so that aggregation is effectively a no-op. + network_switch.port_queue(1)->EnableAggregation(5, aggregation_timeout); + + // Fill up the aggregation buffer up to 90% (900 bytes). + simulator.RunFor(0.9 * bandwidth.TransferTime(aggregation_threshold)); + EXPECT_EQ(0u, saturator2.counter()->bytes()); + + // Stop sending, ensure that given a timespan much shorter than timeout, the + // packets remain in the queue. + saturator1.Pause(); + saturator2.Pause(); + simulator.RunFor(QuicTime::Delta::FromSeconds(10)); + EXPECT_EQ(0u, saturator2.counter()->bytes()); + EXPECT_EQ(900u, queue->bytes_queued()); + + // Ensure that all packets have reached the saturator not affected by + // aggregation. Here, 10 extra bytes account for a misrouted packet in the + // beginning. + EXPECT_EQ(910u, saturator1.counter()->bytes()); + + // Send 500 more bytes. Since the aggregation threshold is 1000 bytes, and + // queue already has 900 bytes, 1000 bytes will be send and 400 will be in the + // queue. + saturator1.Resume(); + simulator.RunFor(0.5 * bandwidth.TransferTime(aggregation_threshold)); + saturator1.Pause(); + simulator.RunFor(QuicTime::Delta::FromSeconds(10)); + EXPECT_EQ(1000u, saturator2.counter()->bytes()); + EXPECT_EQ(400u, queue->bytes_queued()); + + // Actually time out, and cause all of the data to be received. + simulator.RunFor(aggregation_timeout); + EXPECT_EQ(1400u, saturator2.counter()->bytes()); + EXPECT_EQ(0u, queue->bytes_queued()); + + // Run saturator for a longer time, to ensure that the logic to cancel and + // reset alarms works correctly. + saturator1.Resume(); + simulator.RunFor(5.5 * bandwidth.TransferTime(aggregation_threshold)); + saturator1.Pause(); + simulator.RunFor(QuicTime::Delta::FromSeconds(10)); + EXPECT_EQ(6400u, saturator2.counter()->bytes()); + EXPECT_EQ(500u, queue->bytes_queued()); + + // Time out again. + simulator.RunFor(aggregation_timeout); + EXPECT_EQ(6900u, saturator2.counter()->bytes()); + EXPECT_EQ(0u, queue->bytes_queued()); +} + } // namespace simulator } // namespace net diff --git a/chromium/net/quic/test_tools/simulator/switch.h b/chromium/net/quic/test_tools/simulator/switch.h index c6177c5e414..35a1aa88a61 100644 --- a/chromium/net/quic/test_tools/simulator/switch.h +++ b/chromium/net/quic/test_tools/simulator/switch.h @@ -31,7 +31,10 @@ class Switch { return &ports_[port_number - 1]; } - inline const Queue* port_queue(SwitchPortNumber port_number) { + inline const Queue* port_queue(SwitchPortNumber port_number) const { + return ports_[port_number - 1].queue(); + } + inline Queue* port_queue(SwitchPortNumber port_number) { return ports_[port_number - 1].queue(); } @@ -58,6 +61,7 @@ class Switch { inline bool connected() const { return connected_; } inline const Queue* queue() const { return &queue_; } + inline Queue* queue() { return &queue_; } private: Switch* parent_; diff --git a/chromium/net/reporting/README.md b/chromium/net/reporting/README.md new file mode 100644 index 00000000000..82d663a25cf --- /dev/null +++ b/chromium/net/reporting/README.md @@ -0,0 +1,77 @@ +# Reporting + +Reporting is a central mechanism for sending out-of-band error reports +to origins from various other components (e.g. HTTP Public Key Pinning, +Interventions, or Content Security Policy could potentially use it). + +The parts of it that are exposed to the web platform are specified in +the [draft spec](http://wicg.github.io/reporting/). This document +assumes that you've read that one. + +## Reporting in Chromium + +Reporting is implemented as part of the network stack in Chromium, such +that it can be used by other parts of the network stack (e.g. HPKP) or +by non-browser embedders as well as by Chromium. + +Almost all of Reporting lives in `//net/reporting`; there is a small +amount of code in `//chrome/browser/net` to set up Reporting in +profiles and provide a persistent store for reports and endpoints +across browser restarts. + +### Inside `//net` + +* The top-level class is the *`ReportingService`*. This lives in the + `URLRequestContext`, and provides the high-level operations used by + other parts of `//net` and other components: queueing reports, + handling configuration headers, clearing browsing data, and so on. + + * Within `ReportingService` lives *`ReportingContext`*, which in turn + contains the inner workings of Reporting, spread across several + classes: + + * The *`ReportingCache`* stores undelivered reports and unexpired + endpoint configurations. + + * The *`ReportingHeaderParser`* parses `Report-To:` headers and + updates the `Cache` accordingly. + + * The *`ReportingDeliveryAgent`* reads reports from the `Cache`, + decides which endpoints to deliver them to, and attempts to + do so. It uses a couple of helper classes: + + * The *`ReportingUploader`* does the low-level work of delivering + reports: accepts a URL and JSON from the `DeliveryAgent`, + creates a `URLRequest`, and parses the result. + + * The *`ReportingEndpointManager`* keeps track of which endpoints + are in use, and manages exponential backoff (using + `BackoffEntry`) for failing endpoints. + + * The *`ReportingGarbageCollector`* periodically examines the + `Cache` and removes reports that have remained undelivered for too + long, or that have failed delivery too many times. + + * The *`ReportingSerializer`* reads the `Cache` and serializes it + into a `base::Value` for persistent storage (in Chromium, as a + pref); it can also deserialize a serialized `Value` back into the + `Cache`. + + * The *`ReportingBrowsingDataRemover`* examines the `Cache` upon + request and removes browsing data (reports and endpoints) of + selected types and origins. + +### Outside `//net` + +* In `*ProfileImplIOData*::InitializeInternal`, the `ReportingService` + is created and set in the `URLRequestContext`, where the net stack + can use it. + + (There is currently no interface to Reporting besides "hop over to + the IO thread and poke the `ReportingService` in your favorite + `URLRequestContext`", but that should change as various components + need to queue reports.) + +* *`ChromeReportingDelegate`* implements `ReportingDelegate` and plumbs + the persistent data interface into prefs. It lives in + `//chrome/browser/net`. diff --git a/chromium/net/reporting/reporting_browsing_data_remover.cc b/chromium/net/reporting/reporting_browsing_data_remover.cc new file mode 100644 index 00000000000..5041a47487c --- /dev/null +++ b/chromium/net/reporting/reporting_browsing_data_remover.cc @@ -0,0 +1,59 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_browsing_data_remover.h" + +#include <vector> + +#include "net/reporting/reporting_cache.h" +#include "net/reporting/reporting_context.h" +#include "net/reporting/reporting_report.h" + +namespace net { + +// static +void ReportingBrowsingDataRemover::RemoveBrowsingData( + ReportingContext* context, + int data_type_mask, + base::Callback<bool(const GURL&)> origin_filter) { + ReportingCache* cache = context->cache(); + bool remove_reports = (data_type_mask & DATA_TYPE_REPORTS) != 0; + bool remove_clients = (data_type_mask & DATA_TYPE_CLIENTS) != 0; + + if (origin_filter.is_null()) { + if (remove_reports) + cache->RemoveAllReports(); + if (remove_clients) + cache->RemoveAllClients(); + return; + } + + if (remove_reports) { + std::vector<const ReportingReport*> all_reports; + cache->GetReports(&all_reports); + + std::vector<const ReportingReport*> reports_to_remove; + for (const ReportingReport* report : all_reports) { + if (origin_filter.Run(report->url)) + reports_to_remove.push_back(report); + } + + cache->RemoveReports(reports_to_remove); + } + + if (remove_clients) { + std::vector<const ReportingClient*> all_clients; + cache->GetClients(&all_clients); + + std::vector<const ReportingClient*> clients_to_remove; + for (const ReportingClient* client : all_clients) { + if (origin_filter.Run(client->origin.GetURL())) + clients_to_remove.push_back(client); + } + + cache->RemoveClients(clients_to_remove); + } +} + +} // namespace net diff --git a/chromium/net/reporting/reporting_browsing_data_remover.h b/chromium/net/reporting/reporting_browsing_data_remover.h new file mode 100644 index 00000000000..db2bfb6df19 --- /dev/null +++ b/chromium/net/reporting/reporting_browsing_data_remover.h @@ -0,0 +1,36 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_REPORTING_REPORTING_BROWSING_DATA_REMOVER_H_ +#define NET_REPORTING_REPORTING_BROWSING_DATA_REMOVER_H_ + +#include "base/callback.h" +#include "base/macros.h" +#include "net/base/net_export.h" +#include "url/gurl.h" + +namespace net { + +class ReportingContext; + +// Clears browsing data (reports and clients) from the Reporting system. +class NET_EXPORT ReportingBrowsingDataRemover { + public: + enum DataType { + DATA_TYPE_REPORTS = 0x1, + DATA_TYPE_CLIENTS = 0x2, + }; + + static void RemoveBrowsingData( + ReportingContext* context, + int data_type_mask, + base::Callback<bool(const GURL&)> origin_filter); + + private: + DISALLOW_IMPLICIT_CONSTRUCTORS(ReportingBrowsingDataRemover); +}; + +} // namespace net + +#endif // NET_REPORTING_REPORTING_BROWSING_DATA_REMOVER_H_ diff --git a/chromium/net/reporting/reporting_browsing_data_remover_unittest.cc b/chromium/net/reporting/reporting_browsing_data_remover_unittest.cc new file mode 100644 index 00000000000..349c5d531ac --- /dev/null +++ b/chromium/net/reporting/reporting_browsing_data_remover_unittest.cc @@ -0,0 +1,193 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_browsing_data_remover.h" + +#include <string> + +#include "base/bind.h" +#include "base/memory/ptr_util.h" +#include "base/test/simple_test_tick_clock.h" +#include "net/reporting/reporting_cache.h" +#include "net/reporting/reporting_client.h" +#include "net/reporting/reporting_report.h" +#include "net/reporting/reporting_test_util.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { +namespace { + +class ReportingBrowsingDataRemoverTest : public ReportingTestBase { + protected: + void RemoveBrowsingData(bool remove_reports, + bool remove_clients, + std::string host) { + int data_type_mask = 0; + if (remove_reports) + data_type_mask |= ReportingBrowsingDataRemover::DATA_TYPE_REPORTS; + if (remove_clients) + data_type_mask |= ReportingBrowsingDataRemover::DATA_TYPE_CLIENTS; + + base::Callback<bool(const GURL&)> origin_filter; + if (!host.empty()) { + origin_filter = + base::Bind(&ReportingBrowsingDataRemoverTest::HostIs, host); + } + + ReportingBrowsingDataRemover::RemoveBrowsingData(context(), data_type_mask, + origin_filter); + } + + static bool HostIs(std::string host, const GURL& url) { + return url.host() == host; + } + + size_t report_count() { + std::vector<const ReportingReport*> reports; + cache()->GetReports(&reports); + return reports.size(); + } + + size_t client_count() { + std::vector<const ReportingClient*> clients; + cache()->GetClients(&clients); + return clients.size(); + } + + const GURL kUrl1_ = GURL("https://origin1/path"); + const GURL kUrl2_ = GURL("https://origin2/path"); + const url::Origin kOrigin1_ = url::Origin(kUrl1_); + const url::Origin kOrigin2_ = url::Origin(kUrl2_); + const GURL kEndpoint_ = GURL("https://endpoint/"); + const std::string kGroup_ = "group"; + const std::string kType_ = "default"; +}; + +TEST_F(ReportingBrowsingDataRemoverTest, RemoveNothing) { + cache()->AddReport(kUrl1_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + cache()->AddReport(kUrl2_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + cache()->SetClient(kOrigin1_, kEndpoint_, + ReportingClient::Subdomains::EXCLUDE, kGroup_, + tick_clock()->NowTicks() + base::TimeDelta::FromDays(7)); + cache()->SetClient(kOrigin2_, kEndpoint_, + ReportingClient::Subdomains::EXCLUDE, kGroup_, + tick_clock()->NowTicks() + base::TimeDelta::FromDays(7)); + + RemoveBrowsingData(/* remove_reports= */ false, /* remove_clients= */ false, + /* host= */ ""); + EXPECT_EQ(2u, report_count()); + EXPECT_EQ(2u, client_count()); +} + +TEST_F(ReportingBrowsingDataRemoverTest, RemoveAllReports) { + cache()->AddReport(kUrl1_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + cache()->AddReport(kUrl2_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + cache()->SetClient(kOrigin1_, kEndpoint_, + ReportingClient::Subdomains::EXCLUDE, kGroup_, + tick_clock()->NowTicks() + base::TimeDelta::FromDays(7)); + cache()->SetClient(kOrigin2_, kEndpoint_, + ReportingClient::Subdomains::EXCLUDE, kGroup_, + tick_clock()->NowTicks() + base::TimeDelta::FromDays(7)); + + RemoveBrowsingData(/* remove_reports= */ true, /* remove_clients= */ false, + /* host= */ ""); + EXPECT_EQ(0u, report_count()); + EXPECT_EQ(2u, client_count()); +} + +TEST_F(ReportingBrowsingDataRemoverTest, RemoveAllClients) { + cache()->AddReport(kUrl1_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + cache()->AddReport(kUrl2_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + cache()->SetClient(kOrigin1_, kEndpoint_, + ReportingClient::Subdomains::EXCLUDE, kGroup_, + tick_clock()->NowTicks() + base::TimeDelta::FromDays(7)); + cache()->SetClient(kOrigin2_, kEndpoint_, + ReportingClient::Subdomains::EXCLUDE, kGroup_, + tick_clock()->NowTicks() + base::TimeDelta::FromDays(7)); + + RemoveBrowsingData(/* remove_reports= */ false, /* remove_clients= */ true, + /* host= */ ""); + EXPECT_EQ(2u, report_count()); + EXPECT_EQ(0u, client_count()); +} + +TEST_F(ReportingBrowsingDataRemoverTest, RemoveAllReportsAndClients) { + cache()->AddReport(kUrl1_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + cache()->AddReport(kUrl2_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + cache()->SetClient(kOrigin1_, kEndpoint_, + ReportingClient::Subdomains::EXCLUDE, kGroup_, + tick_clock()->NowTicks() + base::TimeDelta::FromDays(7)); + cache()->SetClient(kOrigin2_, kEndpoint_, + ReportingClient::Subdomains::EXCLUDE, kGroup_, + tick_clock()->NowTicks() + base::TimeDelta::FromDays(7)); + + RemoveBrowsingData(/* remove_reports= */ true, /* remove_clients= */ true, + /* host= */ ""); + EXPECT_EQ(0u, report_count()); + EXPECT_EQ(0u, client_count()); +} + +TEST_F(ReportingBrowsingDataRemoverTest, RemoveSomeReports) { + cache()->AddReport(kUrl1_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + cache()->AddReport(kUrl2_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + cache()->SetClient(kOrigin1_, kEndpoint_, + ReportingClient::Subdomains::EXCLUDE, kGroup_, + tick_clock()->NowTicks() + base::TimeDelta::FromDays(7)); + cache()->SetClient(kOrigin2_, kEndpoint_, + ReportingClient::Subdomains::EXCLUDE, kGroup_, + tick_clock()->NowTicks() + base::TimeDelta::FromDays(7)); + + RemoveBrowsingData(/* remove_reports= */ true, /* remove_clients= */ false, + /* host= */ kUrl1_.host()); + EXPECT_EQ(2u, client_count()); + + std::vector<const ReportingReport*> reports; + cache()->GetReports(&reports); + ASSERT_EQ(1u, reports.size()); + EXPECT_EQ(kUrl2_, reports[0]->url); +} + +TEST_F(ReportingBrowsingDataRemoverTest, RemoveSomeClients) { + cache()->AddReport(kUrl1_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + cache()->AddReport(kUrl2_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + cache()->SetClient(kOrigin1_, kEndpoint_, + ReportingClient::Subdomains::EXCLUDE, kGroup_, + tick_clock()->NowTicks() + base::TimeDelta::FromDays(7)); + cache()->SetClient(kOrigin2_, kEndpoint_, + ReportingClient::Subdomains::EXCLUDE, kGroup_, + tick_clock()->NowTicks() + base::TimeDelta::FromDays(7)); + + RemoveBrowsingData(/* remove_reports= */ false, /* remove_clients= */ true, + /* host= */ kUrl1_.host()); + EXPECT_EQ(2u, report_count()); + EXPECT_FALSE(FindClientInCache(cache(), kOrigin1_, kEndpoint_) != nullptr); + EXPECT_TRUE(FindClientInCache(cache(), kOrigin2_, kEndpoint_) != nullptr); +} + +} // namespace +} // namespace net diff --git a/chromium/net/reporting/reporting_cache.cc b/chromium/net/reporting/reporting_cache.cc new file mode 100644 index 00000000000..b3b60101eb8 --- /dev/null +++ b/chromium/net/reporting/reporting_cache.cc @@ -0,0 +1,271 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_cache.h" + +#include <map> +#include <memory> +#include <set> +#include <string> +#include <vector> + +#include "base/memory/ptr_util.h" +#include "base/stl_util.h" +#include "base/time/time.h" +#include "net/reporting/reporting_client.h" +#include "net/reporting/reporting_context.h" +#include "net/reporting/reporting_report.h" +#include "url/gurl.h" + +namespace net { + +namespace { + +// Returns the superdomain of a given domain, or the empty string if the given +// domain is just a single label. Note that this does not take into account +// anything like the Public Suffix List, so the superdomain may end up being a +// bare TLD. +// +// Examples: +// +// GetSuperdomain("assets.example.com") -> "example.com" +// GetSuperdomain("example.net") -> "net" +// GetSuperdomain("littlebox") -> "" +std::string GetSuperdomain(const std::string& domain) { + size_t dot_pos = domain.find('.'); + if (dot_pos == std::string::npos) + return ""; + + return domain.substr(dot_pos + 1); +} + +} // namespace + +ReportingCache::ReportingCache(ReportingContext* context) : context_(context) { + DCHECK(context_); +} + +ReportingCache::~ReportingCache() {} + +void ReportingCache::AddReport(const GURL& url, + const std::string& group, + const std::string& type, + std::unique_ptr<const base::Value> body, + base::TimeTicks queued, + int attempts) { + auto report = base::MakeUnique<ReportingReport>( + url, group, type, std::move(body), queued, attempts); + + auto inserted = + reports_.insert(std::make_pair(report.get(), std::move(report))); + DCHECK(inserted.second); + + context_->NotifyCacheUpdated(); +} + +void ReportingCache::GetReports( + std::vector<const ReportingReport*>* reports_out) const { + reports_out->clear(); + for (const auto& it : reports_) { + if (!base::ContainsKey(doomed_reports_, it.first)) + reports_out->push_back(it.second.get()); + } +} + +void ReportingCache::SetReportsPending( + const std::vector<const ReportingReport*>& reports) { + for (const ReportingReport* report : reports) { + auto inserted = pending_reports_.insert(report); + DCHECK(inserted.second); + } +} + +void ReportingCache::ClearReportsPending( + const std::vector<const ReportingReport*>& reports) { + std::vector<const ReportingReport*> reports_to_remove; + + for (const ReportingReport* report : reports) { + size_t erased = pending_reports_.erase(report); + DCHECK_EQ(1u, erased); + if (base::ContainsKey(doomed_reports_, report)) { + reports_to_remove.push_back(report); + doomed_reports_.erase(report); + } + } + + RemoveReports(reports_to_remove); +} + +void ReportingCache::IncrementReportsAttempts( + const std::vector<const ReportingReport*>& reports) { + for (const ReportingReport* report : reports) { + DCHECK(base::ContainsKey(reports_, report)); + reports_[report]->attempts++; + } + + context_->NotifyCacheUpdated(); +} + +void ReportingCache::RemoveReports( + const std::vector<const ReportingReport*>& reports) { + for (const ReportingReport* report : reports) { + if (base::ContainsKey(pending_reports_, report)) { + doomed_reports_.insert(report); + } else { + DCHECK(!base::ContainsKey(doomed_reports_, report)); + size_t erased = reports_.erase(report); + DCHECK_EQ(1u, erased); + } + } + + context_->NotifyCacheUpdated(); +} + +void ReportingCache::RemoveAllReports() { + std::vector<std::unordered_map<const ReportingReport*, + std::unique_ptr<ReportingReport>>::iterator> + reports_to_remove; + for (auto it = reports_.begin(); it != reports_.end(); ++it) { + ReportingReport* report = it->second.get(); + if (!base::ContainsKey(pending_reports_, report)) + reports_to_remove.push_back(it); + else + doomed_reports_.insert(report); + } + + for (auto& it : reports_to_remove) + reports_.erase(it); + + context_->NotifyCacheUpdated(); +} + +void ReportingCache::GetClients( + std::vector<const ReportingClient*>* clients_out) const { + clients_out->clear(); + for (const auto& it : clients_) + for (const auto& endpoint_and_client : it.second) + clients_out->push_back(endpoint_and_client.second.get()); +} + +void ReportingCache::GetClientsForOriginAndGroup( + const url::Origin& origin, + const std::string& group, + std::vector<const ReportingClient*>* clients_out) const { + clients_out->clear(); + + const auto it = clients_.find(origin); + if (it != clients_.end()) { + for (const auto& endpoint_and_client : it->second) { + if (endpoint_and_client.second->group == group) + clients_out->push_back(endpoint_and_client.second.get()); + } + } + + // If no clients were found, try successive superdomain suffixes until a + // client with includeSubdomains is found or there are no more domain + // components left. + std::string domain = origin.host(); + while (clients_out->empty() && !domain.empty()) { + GetWildcardClientsForDomainAndGroup(domain, group, clients_out); + domain = GetSuperdomain(domain); + } +} + +void ReportingCache::SetClient(const url::Origin& origin, + const GURL& endpoint, + ReportingClient::Subdomains subdomains, + const std::string& group, + base::TimeTicks expires) { + DCHECK(endpoint.SchemeIsCryptographic()); + + // Since |subdomains| may differ from a previous call to SetClient for this + // origin and endpoint, the cache needs to remove and re-add the client to the + // index of wildcard clients, if applicable. + if (base::ContainsKey(clients_, origin) && + base::ContainsKey(clients_[origin], endpoint)) { + MaybeRemoveWildcardClient(clients_[origin][endpoint].get()); + } + + clients_[origin][endpoint] = base::MakeUnique<ReportingClient>( + origin, endpoint, subdomains, group, expires); + + MaybeAddWildcardClient(clients_[origin][endpoint].get()); + + context_->NotifyCacheUpdated(); +} + +void ReportingCache::RemoveClients( + const std::vector<const ReportingClient*>& clients_to_remove) { + for (const ReportingClient* client : clients_to_remove) { + MaybeRemoveWildcardClient(client); + size_t erased = clients_[client->origin].erase(client->endpoint); + DCHECK_EQ(1u, erased); + } + + context_->NotifyCacheUpdated(); +} + +void ReportingCache::RemoveClientForOriginAndEndpoint(const url::Origin& origin, + const GURL& endpoint) { + MaybeRemoveWildcardClient(clients_[origin][endpoint].get()); + size_t erased = clients_[origin].erase(endpoint); + DCHECK_EQ(1u, erased); + + context_->NotifyCacheUpdated(); +} + +void ReportingCache::RemoveClientsForEndpoint(const GURL& endpoint) { + for (auto& origin_and_endpoints : clients_) { + if (base::ContainsKey(origin_and_endpoints.second, endpoint)) { + MaybeRemoveWildcardClient(origin_and_endpoints.second[endpoint].get()); + origin_and_endpoints.second.erase(endpoint); + } + } + + context_->NotifyCacheUpdated(); +} + +void ReportingCache::RemoveAllClients() { + clients_.clear(); + wildcard_clients_.clear(); + + context_->NotifyCacheUpdated(); +} + +void ReportingCache::MaybeAddWildcardClient(const ReportingClient* client) { + if (client->subdomains != ReportingClient::Subdomains::INCLUDE) + return; + + const std::string& domain = client->origin.host(); + auto inserted = wildcard_clients_[domain].insert(client); + DCHECK(inserted.second); +} + +void ReportingCache::MaybeRemoveWildcardClient(const ReportingClient* client) { + if (client->subdomains != ReportingClient::Subdomains::INCLUDE) + return; + + const std::string& domain = client->origin.host(); + size_t erased = wildcard_clients_[domain].erase(client); + DCHECK_EQ(1u, erased); +} + +void ReportingCache::GetWildcardClientsForDomainAndGroup( + const std::string& domain, + const std::string& group, + std::vector<const ReportingClient*>* clients_out) const { + clients_out->clear(); + + auto it = wildcard_clients_.find(domain); + if (it == wildcard_clients_.end()) + return; + + for (const ReportingClient* client : it->second) { + DCHECK_EQ(ReportingClient::Subdomains::INCLUDE, client->subdomains); + if (client->group == group) + clients_out->push_back(client); + } +} + +} // namespace net diff --git a/chromium/net/reporting/reporting_cache.h b/chromium/net/reporting/reporting_cache.h new file mode 100644 index 00000000000..30ad0429e16 --- /dev/null +++ b/chromium/net/reporting/reporting_cache.h @@ -0,0 +1,201 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_REPORTING_REPORTING_CACHE_H_ +#define NET_REPORTING_REPORTING_CACHE_H_ + +#include <map> +#include <memory> +#include <set> +#include <string> +#include <unordered_map> +#include <unordered_set> +#include <vector> + +#include "base/macros.h" +#include "base/stl_util.h" +#include "base/time/time.h" +#include "base/values.h" +#include "net/base/net_export.h" +#include "net/reporting/reporting_client.h" +#include "url/gurl.h" +#include "url/origin.h" + +namespace net { + +class ReportingContext; +struct ReportingReport; + +// The cache holds undelivered reports and clients (per-origin endpoint +// configurations) in memory. (It is not responsible for persisting them.) +// +// This corresponds roughly to the "Reporting cache" in the spec, except that +// endpoints and clients are stored in a more structurally-convenient way, and +// endpoint failures/retry-after are tracked in ReportingEndpointManager. +// +// The cache implementation has the notion of "pending" reports. These are +// reports that are part of an active delivery attempt, so they won't be +// actually deallocated. Any attempt to remove a pending report wil mark it +// "doomed", which will cause it to be deallocated once it is no longer pending. +class NET_EXPORT ReportingCache { + public: + // |context| must outlive the ReportingCache. + ReportingCache(ReportingContext* context); + + ~ReportingCache(); + + // Adds a report to the cache. + // + // All parameters correspond to the desired values for the relevant fields in + // ReportingReport. + void AddReport(const GURL& url, + const std::string& group, + const std::string& type, + std::unique_ptr<const base::Value> body, + base::TimeTicks queued, + int attempts); + + // Gets all reports in the cache. The returned pointers are valid as long as + // either no calls to |RemoveReports| have happened or the reports' |pending| + // flag has been set to true using |SetReportsPending|. Does not return + // doomed reports (pending reports for which removal has been requested). + // + // (Clears any existing data in |*reports_out|.) + void GetReports(std::vector<const ReportingReport*>* reports_out) const; + + // Marks a set of reports as pending. |reports| must not already be marked as + // pending. + void SetReportsPending(const std::vector<const ReportingReport*>& reports); + + // Unmarks a set of reports as pending. |reports| must be previously marked as + // pending. + void ClearReportsPending(const std::vector<const ReportingReport*>& reports); + + // Increments |attempts| on a set of reports. + void IncrementReportsAttempts( + const std::vector<const ReportingReport*>& reports); + + // Removes a set of reports. Any reports that are pending will not be removed + // immediately, but rather marked doomed and removed once they are no longer + // pending. + void RemoveReports(const std::vector<const ReportingReport*>& reports); + + // Removes all reports. Like |RemoveReports()|, pending reports are doomed + // until no longer pending. + void RemoveAllReports(); + + // Creates or updates a client for a particular origin and a particular + // endpoint. + // + // All parameters correspond to the desired values for the fields in + // |Client|. + // + // |endpoint| must use a cryptographic scheme. + void SetClient(const url::Origin& origin, + const GURL& endpoint, + ReportingClient::Subdomains subdomains, + const std::string& group, + base::TimeTicks expires); + + // Gets all of the clients in the cache, regardless of origin or group. + // + // (Clears any existing data in |*clients_out|.) + void GetClients(std::vector<const ReportingClient*>* clients_out) const; + + // Gets all of the clients configured for a particular origin in a particular + // group. The returned pointers are only guaranteed to be valid if no calls + // have been made to |SetClient| or |RemoveEndpoint| in between. + // + // If no origin match is found, the cache will return clients from the most + // specific superdomain which contains any clients with includeSubdomains set. + // For example, given the origin https://foo.bar.baz.com/, the cache would + // prioritize returning each potential match below over the ones below it: + // + // 1. https://foo.bar.baz.com/ (exact origin match) + // 2. https://foo.bar.baz.com:444/ (technically, a superdomain) + // 3. https://bar.baz.com/, https://bar.baz.com:444/, etc. (superdomain) + // 4. https://baz.com/, https://baz.com:444/, etc. (superdomain) + // etc. + // + // (Clears any existing data in |*clients_out|.) + void GetClientsForOriginAndGroup( + const url::Origin& origin, + const std::string& group, + std::vector<const ReportingClient*>* clients_out) const; + + // Removes a set of clients. + // + // May invalidate ReportingClient pointers returned by |GetClients| or + // |GetClientsForOriginAndGroup|. + void RemoveClients(const std::vector<const ReportingClient*>& clients); + + // Removes a client for a particular origin and a particular endpoint. + void RemoveClientForOriginAndEndpoint(const url::Origin& origin, + const GURL& endpoint); + + // Removes all clients whose endpoint is |endpoint|. + // + // May invalidate ReportingClient pointers returned by |GetClients| or + // |GetClientsForOriginAndGroup|. + void RemoveClientsForEndpoint(const GURL& endpoint); + + // Removes all clients. + void RemoveAllClients(); + + // Gets the count of reports in the cache, *including* doomed reports. + // + // Needed to ensure that doomed reports are eventually deleted, since no + // method provides a view of *every* report in the cache, just non-doomed + // ones. + size_t GetFullReportCountForTesting() const { return reports_.size(); } + + bool IsReportPendingForTesting(const ReportingReport* report) const { + return base::ContainsKey(pending_reports_, report); + } + + bool IsReportDoomedForTesting(const ReportingReport* report) const { + return base::ContainsKey(doomed_reports_, report); + } + + private: + void MaybeAddWildcardClient(const ReportingClient* client); + + void MaybeRemoveWildcardClient(const ReportingClient* client); + + void GetWildcardClientsForDomainAndGroup( + const std::string& domain, + const std::string& group, + std::vector<const ReportingClient*>* clients_out) const; + + ReportingContext* context_; + + // Owns all clients, keyed by origin, then endpoint URL. + // (These would be unordered_map, but neither url::Origin nor GURL has a hash + // function implemented.) + std::map<url::Origin, std::map<GURL, std::unique_ptr<ReportingClient>>> + clients_; + + // References but does not own all clients with includeSubdomains set, keyed + // by domain name. + std::unordered_map<std::string, std::unordered_set<const ReportingClient*>> + wildcard_clients_; + + // Owns all reports, keyed by const raw pointer for easier lookup. + std::unordered_map<const ReportingReport*, std::unique_ptr<ReportingReport>> + reports_; + + // Reports that have been marked pending (in use elsewhere and should not be + // deleted until no longer pending). + std::unordered_set<const ReportingReport*> pending_reports_; + + // Reports that have been marked doomed (would have been deleted, but were + // pending when the deletion was requested). + std::unordered_set<const ReportingReport*> doomed_reports_; + + DISALLOW_COPY_AND_ASSIGN(ReportingCache); +}; + +} // namespace net + +#endif // NET_REPORTING_REPORTING_CACHE_H_ diff --git a/chromium/net/reporting/reporting_cache_unittest.cc b/chromium/net/reporting/reporting_cache_unittest.cc new file mode 100644 index 00000000000..73023400392 --- /dev/null +++ b/chromium/net/reporting/reporting_cache_unittest.cc @@ -0,0 +1,404 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_cache.h" + +#include <string> + +#include "base/memory/ptr_util.h" +#include "base/time/time.h" +#include "base/values.h" +#include "net/reporting/reporting_client.h" +#include "net/reporting/reporting_observer.h" +#include "net/reporting/reporting_report.h" +#include "net/reporting/reporting_test_util.h" +#include "testing/gtest/include/gtest/gtest.h" +#include "url/gurl.h" +#include "url/origin.h" + +namespace net { +namespace { + +class TestReportingObserver : public ReportingObserver { + public: + TestReportingObserver() : cache_update_count_(0) {} + + void OnCacheUpdated() override { ++cache_update_count_; } + + int cache_update_count() const { return cache_update_count_; } + + private: + int cache_update_count_; +}; + +class ReportingCacheTest : public ReportingTestBase { + protected: + ReportingCacheTest() : ReportingTestBase() { + context()->AddObserver(&observer_); + } + + ~ReportingCacheTest() override { context()->RemoveObserver(&observer_); } + + TestReportingObserver* observer() { return &observer_; } + + const GURL kUrl1_ = GURL("https://origin1/path"); + const url::Origin kOrigin1_ = url::Origin(GURL("https://origin1/")); + const url::Origin kOrigin2_ = url::Origin(GURL("https://origin2/")); + const GURL kEndpoint1_ = GURL("https://endpoint1/"); + const GURL kEndpoint2_ = GURL("https://endpoint2/"); + const std::string kGroup1_ = "group1"; + const std::string kGroup2 = "group2"; + const std::string kType_ = "default"; + const base::TimeTicks kNow_ = base::TimeTicks::Now(); + const base::TimeTicks kExpires1_ = kNow_ + base::TimeDelta::FromDays(7); + const base::TimeTicks kExpires2_ = kExpires1_ + base::TimeDelta::FromDays(7); + + private: + TestReportingObserver observer_; +}; + +TEST_F(ReportingCacheTest, Reports) { + std::vector<const ReportingReport*> reports; + cache()->GetReports(&reports); + EXPECT_TRUE(reports.empty()); + + cache()->AddReport(kUrl1_, kGroup1_, kType_, + base::MakeUnique<base::DictionaryValue>(), kNow_, 0); + EXPECT_EQ(1, observer()->cache_update_count()); + + cache()->GetReports(&reports); + ASSERT_EQ(1u, reports.size()); + const ReportingReport* report = reports[0]; + ASSERT_TRUE(report); + EXPECT_EQ(kUrl1_, report->url); + EXPECT_EQ(kGroup1_, report->group); + EXPECT_EQ(kType_, report->type); + // TODO(juliatuttle): Check body? + EXPECT_EQ(kNow_, report->queued); + EXPECT_EQ(0, report->attempts); + EXPECT_FALSE(cache()->IsReportPendingForTesting(report)); + EXPECT_FALSE(cache()->IsReportDoomedForTesting(report)); + + cache()->IncrementReportsAttempts(reports); + EXPECT_EQ(2, observer()->cache_update_count()); + + cache()->GetReports(&reports); + ASSERT_EQ(1u, reports.size()); + report = reports[0]; + ASSERT_TRUE(report); + EXPECT_EQ(1, report->attempts); + + cache()->RemoveReports(reports); + EXPECT_EQ(3, observer()->cache_update_count()); + + cache()->GetReports(&reports); + EXPECT_TRUE(reports.empty()); +} + +TEST_F(ReportingCacheTest, RemoveAllReports) { + cache()->AddReport(kUrl1_, kGroup1_, kType_, + base::MakeUnique<base::DictionaryValue>(), kNow_, 0); + cache()->AddReport(kUrl1_, kGroup1_, kType_, + base::MakeUnique<base::DictionaryValue>(), kNow_, 0); + EXPECT_EQ(2, observer()->cache_update_count()); + + std::vector<const ReportingReport*> reports; + cache()->GetReports(&reports); + EXPECT_EQ(2u, reports.size()); + + cache()->RemoveAllReports(); + EXPECT_EQ(3, observer()->cache_update_count()); + + cache()->GetReports(&reports); + EXPECT_TRUE(reports.empty()); +} + +TEST_F(ReportingCacheTest, RemovePendingReports) { + cache()->AddReport(kUrl1_, kGroup1_, kType_, + base::MakeUnique<base::DictionaryValue>(), kNow_, 0); + EXPECT_EQ(1, observer()->cache_update_count()); + + std::vector<const ReportingReport*> reports; + cache()->GetReports(&reports); + ASSERT_EQ(1u, reports.size()); + EXPECT_FALSE(cache()->IsReportPendingForTesting(reports[0])); + EXPECT_FALSE(cache()->IsReportDoomedForTesting(reports[0])); + + cache()->SetReportsPending(reports); + EXPECT_TRUE(cache()->IsReportPendingForTesting(reports[0])); + EXPECT_FALSE(cache()->IsReportDoomedForTesting(reports[0])); + + cache()->RemoveReports(reports); + EXPECT_TRUE(cache()->IsReportPendingForTesting(reports[0])); + EXPECT_TRUE(cache()->IsReportDoomedForTesting(reports[0])); + EXPECT_EQ(2, observer()->cache_update_count()); + + // After removing report, future calls to GetReports should not return it. + std::vector<const ReportingReport*> visible_reports; + cache()->GetReports(&visible_reports); + EXPECT_TRUE(visible_reports.empty()); + EXPECT_EQ(1u, cache()->GetFullReportCountForTesting()); + + // After clearing pending flag, report should be deleted. + cache()->ClearReportsPending(reports); + EXPECT_EQ(0u, cache()->GetFullReportCountForTesting()); +} + +TEST_F(ReportingCacheTest, RemoveAllPendingReports) { + cache()->AddReport(kUrl1_, kGroup1_, kType_, + base::MakeUnique<base::DictionaryValue>(), kNow_, 0); + EXPECT_EQ(1, observer()->cache_update_count()); + + std::vector<const ReportingReport*> reports; + cache()->GetReports(&reports); + ASSERT_EQ(1u, reports.size()); + EXPECT_FALSE(cache()->IsReportPendingForTesting(reports[0])); + EXPECT_FALSE(cache()->IsReportDoomedForTesting(reports[0])); + + cache()->SetReportsPending(reports); + EXPECT_TRUE(cache()->IsReportPendingForTesting(reports[0])); + EXPECT_FALSE(cache()->IsReportDoomedForTesting(reports[0])); + + cache()->RemoveAllReports(); + EXPECT_TRUE(cache()->IsReportPendingForTesting(reports[0])); + EXPECT_TRUE(cache()->IsReportDoomedForTesting(reports[0])); + EXPECT_EQ(2, observer()->cache_update_count()); + + // After removing report, future calls to GetReports should not return it. + std::vector<const ReportingReport*> visible_reports; + cache()->GetReports(&visible_reports); + EXPECT_TRUE(visible_reports.empty()); + EXPECT_EQ(1u, cache()->GetFullReportCountForTesting()); + + // After clearing pending flag, report should be deleted. + cache()->ClearReportsPending(reports); + EXPECT_EQ(0u, cache()->GetFullReportCountForTesting()); +} + +TEST_F(ReportingCacheTest, Endpoints) { + cache()->SetClient(kOrigin1_, kEndpoint1_, + ReportingClient::Subdomains::EXCLUDE, kGroup1_, + kExpires1_); + EXPECT_EQ(1, observer()->cache_update_count()); + + const ReportingClient* client = + FindClientInCache(cache(), kOrigin1_, kEndpoint1_); + ASSERT_TRUE(client); + EXPECT_EQ(kOrigin1_, client->origin); + EXPECT_EQ(kEndpoint1_, client->endpoint); + EXPECT_EQ(ReportingClient::Subdomains::EXCLUDE, client->subdomains); + EXPECT_EQ(kGroup1_, client->group); + EXPECT_EQ(kExpires1_, client->expires); + + cache()->SetClient(kOrigin1_, kEndpoint1_, + ReportingClient::Subdomains::INCLUDE, kGroup2, kExpires2_); + EXPECT_EQ(2, observer()->cache_update_count()); + + client = FindClientInCache(cache(), kOrigin1_, kEndpoint1_); + ASSERT_TRUE(client); + EXPECT_EQ(kOrigin1_, client->origin); + EXPECT_EQ(kEndpoint1_, client->endpoint); + EXPECT_EQ(ReportingClient::Subdomains::INCLUDE, client->subdomains); + EXPECT_EQ(kGroup2, client->group); + EXPECT_EQ(kExpires2_, client->expires); + + cache()->RemoveClients(std::vector<const ReportingClient*>{client}); + EXPECT_EQ(3, observer()->cache_update_count()); + + client = FindClientInCache(cache(), kOrigin1_, kEndpoint1_); + EXPECT_FALSE(client); +} + +TEST_F(ReportingCacheTest, GetClientsForOriginAndGroup) { + cache()->SetClient(kOrigin1_, kEndpoint1_, + ReportingClient::Subdomains::EXCLUDE, kGroup1_, + kExpires1_); + cache()->SetClient(kOrigin1_, kEndpoint2_, + ReportingClient::Subdomains::EXCLUDE, kGroup2, kExpires1_); + cache()->SetClient(kOrigin2_, kEndpoint1_, + ReportingClient::Subdomains::EXCLUDE, kGroup1_, + kExpires1_); + + std::vector<const ReportingClient*> clients; + cache()->GetClientsForOriginAndGroup(kOrigin1_, kGroup1_, &clients); + ASSERT_EQ(1u, clients.size()); + const ReportingClient* client = clients[0]; + ASSERT_TRUE(client); + EXPECT_EQ(kOrigin1_, client->origin); + EXPECT_EQ(kGroup1_, client->group); +} + +TEST_F(ReportingCacheTest, RemoveClientForOriginAndEndpoint) { + cache()->SetClient(kOrigin1_, kEndpoint1_, + ReportingClient::Subdomains::EXCLUDE, kGroup1_, + kExpires1_); + cache()->SetClient(kOrigin1_, kEndpoint2_, + ReportingClient::Subdomains::EXCLUDE, kGroup2, kExpires1_); + cache()->SetClient(kOrigin2_, kEndpoint1_, + ReportingClient::Subdomains::EXCLUDE, kGroup1_, + kExpires1_); + EXPECT_EQ(3, observer()->cache_update_count()); + + cache()->RemoveClientForOriginAndEndpoint(kOrigin1_, kEndpoint1_); + EXPECT_EQ(4, observer()->cache_update_count()); + + std::vector<const ReportingClient*> clients; + cache()->GetClientsForOriginAndGroup(kOrigin1_, kGroup1_, &clients); + EXPECT_TRUE(clients.empty()); + + cache()->GetClientsForOriginAndGroup(kOrigin1_, kGroup2, &clients); + EXPECT_EQ(1u, clients.size()); + + cache()->GetClientsForOriginAndGroup(kOrigin2_, kGroup1_, &clients); + EXPECT_EQ(1u, clients.size()); +} + +TEST_F(ReportingCacheTest, RemoveClientsForEndpoint) { + cache()->SetClient(kOrigin1_, kEndpoint1_, + ReportingClient::Subdomains::EXCLUDE, kGroup1_, + kExpires1_); + cache()->SetClient(kOrigin1_, kEndpoint2_, + ReportingClient::Subdomains::EXCLUDE, kGroup2, kExpires1_); + cache()->SetClient(kOrigin2_, kEndpoint1_, + ReportingClient::Subdomains::EXCLUDE, kGroup1_, + kExpires1_); + EXPECT_EQ(3, observer()->cache_update_count()); + + cache()->RemoveClientsForEndpoint(kEndpoint1_); + EXPECT_EQ(4, observer()->cache_update_count()); + + std::vector<const ReportingClient*> clients; + cache()->GetClientsForOriginAndGroup(kOrigin1_, kGroup1_, &clients); + EXPECT_TRUE(clients.empty()); + + cache()->GetClientsForOriginAndGroup(kOrigin1_, kGroup2, &clients); + EXPECT_EQ(1u, clients.size()); + + cache()->GetClientsForOriginAndGroup(kOrigin2_, kGroup1_, &clients); + EXPECT_TRUE(clients.empty()); +} + +TEST_F(ReportingCacheTest, RemoveAllClients) { + cache()->SetClient(kOrigin1_, kEndpoint1_, + ReportingClient::Subdomains::EXCLUDE, kGroup1_, + kExpires1_); + cache()->SetClient(kOrigin2_, kEndpoint2_, + ReportingClient::Subdomains::EXCLUDE, kGroup1_, + kExpires1_); + EXPECT_EQ(2, observer()->cache_update_count()); + + cache()->RemoveAllClients(); + EXPECT_EQ(3, observer()->cache_update_count()); + + std::vector<const ReportingClient*> clients; + cache()->GetClients(&clients); + EXPECT_TRUE(clients.empty()); +} + +TEST_F(ReportingCacheTest, ExcludeSubdomainsDifferentPort) { + const url::Origin kOrigin(GURL("https://example/")); + const url::Origin kDifferentPortOrigin(GURL("https://example:444/")); + + cache()->SetClient(kDifferentPortOrigin, kEndpoint1_, + ReportingClient::Subdomains::EXCLUDE, kGroup1_, + kExpires1_); + + std::vector<const ReportingClient*> clients; + cache()->GetClientsForOriginAndGroup(kOrigin, kGroup1_, &clients); + EXPECT_TRUE(clients.empty()); +} + +TEST_F(ReportingCacheTest, ExcludeSubdomainsSuperdomain) { + const url::Origin kOrigin(GURL("https://foo.example/")); + const url::Origin kSuperOrigin(GURL("https://example/")); + + cache()->SetClient(kSuperOrigin, kEndpoint1_, + ReportingClient::Subdomains::EXCLUDE, kGroup1_, + kExpires1_); + + std::vector<const ReportingClient*> clients; + cache()->GetClientsForOriginAndGroup(kOrigin, kGroup1_, &clients); + EXPECT_TRUE(clients.empty()); +} + +TEST_F(ReportingCacheTest, IncludeSubdomainsDifferentPort) { + const url::Origin kOrigin(GURL("https://example/")); + const url::Origin kDifferentPortOrigin(GURL("https://example:444/")); + + cache()->SetClient(kDifferentPortOrigin, kEndpoint1_, + ReportingClient::Subdomains::INCLUDE, kGroup1_, + kExpires1_); + + std::vector<const ReportingClient*> clients; + cache()->GetClientsForOriginAndGroup(kOrigin, kGroup1_, &clients); + ASSERT_EQ(1u, clients.size()); + EXPECT_EQ(kDifferentPortOrigin, clients[0]->origin); +} + +TEST_F(ReportingCacheTest, IncludeSubdomainsSuperdomain) { + const url::Origin kOrigin(GURL("https://foo.example/")); + const url::Origin kSuperOrigin(GURL("https://example/")); + + cache()->SetClient(kSuperOrigin, kEndpoint1_, + ReportingClient::Subdomains::INCLUDE, kGroup1_, + kExpires1_); + + std::vector<const ReportingClient*> clients; + cache()->GetClientsForOriginAndGroup(kOrigin, kGroup1_, &clients); + ASSERT_EQ(1u, clients.size()); + EXPECT_EQ(kSuperOrigin, clients[0]->origin); +} + +TEST_F(ReportingCacheTest, IncludeSubdomainsPreferOriginToDifferentPort) { + const url::Origin kOrigin(GURL("https://foo.example/")); + const url::Origin kDifferentPortOrigin(GURL("https://example:444/")); + + cache()->SetClient(kOrigin, kEndpoint1_, ReportingClient::Subdomains::INCLUDE, + kGroup1_, kExpires1_); + cache()->SetClient(kDifferentPortOrigin, kEndpoint1_, + ReportingClient::Subdomains::INCLUDE, kGroup1_, + kExpires1_); + + std::vector<const ReportingClient*> clients; + cache()->GetClientsForOriginAndGroup(kOrigin, kGroup1_, &clients); + ASSERT_EQ(1u, clients.size()); + EXPECT_EQ(kOrigin, clients[0]->origin); +} + +TEST_F(ReportingCacheTest, IncludeSubdomainsPreferOriginToSuperdomain) { + const url::Origin kOrigin(GURL("https://foo.example/")); + const url::Origin kSuperOrigin(GURL("https://example/")); + + cache()->SetClient(kOrigin, kEndpoint1_, ReportingClient::Subdomains::INCLUDE, + kGroup1_, kExpires1_); + cache()->SetClient(kSuperOrigin, kEndpoint1_, + ReportingClient::Subdomains::INCLUDE, kGroup1_, + kExpires1_); + + std::vector<const ReportingClient*> clients; + cache()->GetClientsForOriginAndGroup(kOrigin, kGroup1_, &clients); + ASSERT_EQ(1u, clients.size()); + EXPECT_EQ(kOrigin, clients[0]->origin); +} + +TEST_F(ReportingCacheTest, IncludeSubdomainsPreferMoreSpecificSuperdomain) { + const url::Origin kOrigin(GURL("https://foo.bar.example/")); + const url::Origin kSuperOrigin(GURL("https://bar.example/")); + const url::Origin kSuperSuperOrigin(GURL("https://example/")); + + cache()->SetClient(kSuperOrigin, kEndpoint1_, + ReportingClient::Subdomains::INCLUDE, kGroup1_, + kExpires1_); + cache()->SetClient(kSuperSuperOrigin, kEndpoint1_, + ReportingClient::Subdomains::INCLUDE, kGroup1_, + kExpires1_); + + std::vector<const ReportingClient*> clients; + cache()->GetClientsForOriginAndGroup(kOrigin, kGroup1_, &clients); + ASSERT_EQ(1u, clients.size()); + EXPECT_EQ(kSuperOrigin, clients[0]->origin); +} + +} // namespace +} // namespace net diff --git a/chromium/net/reporting/reporting_client.cc b/chromium/net/reporting/reporting_client.cc new file mode 100644 index 00000000000..d8c8a0f35b7 --- /dev/null +++ b/chromium/net/reporting/reporting_client.cc @@ -0,0 +1,28 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_client.h" + +#include <string> + +#include "base/time/time.h" +#include "url/gurl.h" +#include "url/origin.h" + +namespace net { + +ReportingClient::ReportingClient(const url::Origin& origin, + const GURL& endpoint, + Subdomains subdomains, + const std::string& group, + base::TimeTicks expires) + : origin(origin), + endpoint(endpoint), + subdomains(subdomains), + group(group), + expires(expires) {} + +ReportingClient::~ReportingClient() {} + +} // namespace net diff --git a/chromium/net/reporting/reporting_client.h b/chromium/net/reporting/reporting_client.h new file mode 100644 index 00000000000..0aa11bea57d --- /dev/null +++ b/chromium/net/reporting/reporting_client.h @@ -0,0 +1,53 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_REPORTING_REPORTING_CLIENT_H_ +#define NET_REPORTING_REPORTING_CLIENT_H_ + +#include <string> + +#include "base/macros.h" +#include "base/time/time.h" +#include "net/base/net_export.h" +#include "url/gurl.h" +#include "url/origin.h" + +namespace net { + +// The configuration by an origin to use an endpoint for report delivery. +struct NET_EXPORT ReportingClient { + public: + enum class Subdomains { EXCLUDE = 0, INCLUDE = 1 }; + + ReportingClient(const url::Origin& origin, + const GURL& endpoint, + Subdomains subdomains, + const std::string& group, + base::TimeTicks expires); + ~ReportingClient(); + + // The origin from which reports will be delivered. + url::Origin origin; + + // The endpoint to which reports may be delivered. (Origins may configure + // many.) + GURL endpoint; + + // Whether subdomains of the host of |origin| should also be handled by this + // client. + Subdomains subdomains = Subdomains::EXCLUDE; + + // The endpoint group to which this client belongs. + std::string group = "default"; + + // When this client's max-age has expired. + base::TimeTicks expires; + + private: + DISALLOW_COPY_AND_ASSIGN(ReportingClient); +}; + +} // namespace net + +#endif // NET_REPORTING_REPORTING_CLIENT_H_ diff --git a/chromium/net/reporting/reporting_context.cc b/chromium/net/reporting/reporting_context.cc new file mode 100644 index 00000000000..1dd255bcb1b --- /dev/null +++ b/chromium/net/reporting/reporting_context.cc @@ -0,0 +1,102 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_context.h" + +#include <memory> + +#include "base/memory/ptr_util.h" +#include "base/observer_list.h" +#include "base/time/clock.h" +#include "base/time/default_clock.h" +#include "base/time/default_tick_clock.h" +#include "base/time/tick_clock.h" +#include "base/time/time.h" +#include "base/timer/timer.h" +#include "net/base/backoff_entry.h" +#include "net/reporting/reporting_cache.h" +#include "net/reporting/reporting_delegate.h" +#include "net/reporting/reporting_delivery_agent.h" +#include "net/reporting/reporting_endpoint_manager.h" +#include "net/reporting/reporting_garbage_collector.h" +#include "net/reporting/reporting_observer.h" +#include "net/reporting/reporting_persister.h" +#include "net/reporting/reporting_policy.h" + +namespace net { + +class URLRequestContext; + +namespace { + +class ReportingContextImpl : public ReportingContext { + public: + ReportingContextImpl(const ReportingPolicy& policy, + std::unique_ptr<ReportingDelegate> delegate, + URLRequestContext* request_context) + : ReportingContext(policy, + std::move(delegate), + base::MakeUnique<base::DefaultClock>(), + base::MakeUnique<base::DefaultTickClock>(), + ReportingUploader::Create(request_context)) {} +}; + +} // namespace + +// static +std::unique_ptr<ReportingContext> ReportingContext::Create( + const ReportingPolicy& policy, + std::unique_ptr<ReportingDelegate> delegate, + URLRequestContext* request_context) { + return base::MakeUnique<ReportingContextImpl>(policy, std::move(delegate), + request_context); +} + +ReportingContext::~ReportingContext() {} + +void ReportingContext::Initialize() { + DCHECK(!initialized_); + + persister_->Initialize(); + garbage_collector_->Initialize(); + + initialized_ = true; +} + +void ReportingContext::AddObserver(ReportingObserver* observer) { + DCHECK(!observers_.HasObserver(observer)); + observers_.AddObserver(observer); +} + +void ReportingContext::RemoveObserver(ReportingObserver* observer) { + DCHECK(observers_.HasObserver(observer)); + observers_.RemoveObserver(observer); +} + +void ReportingContext::NotifyCacheUpdated() { + if (!initialized_) + return; + + for (auto& observer : observers_) + observer.OnCacheUpdated(); +} + +ReportingContext::ReportingContext(const ReportingPolicy& policy, + std::unique_ptr<ReportingDelegate> delegate, + std::unique_ptr<base::Clock> clock, + std::unique_ptr<base::TickClock> tick_clock, + std::unique_ptr<ReportingUploader> uploader) + : policy_(policy), + delegate_(std::move(delegate)), + clock_(std::move(clock)), + tick_clock_(std::move(tick_clock)), + uploader_(std::move(uploader)), + initialized_(false), + cache_(base::MakeUnique<ReportingCache>(this)), + endpoint_manager_(base::MakeUnique<ReportingEndpointManager>(this)), + delivery_agent_(base::MakeUnique<ReportingDeliveryAgent>(this)), + persister_(ReportingPersister::Create(this)), + garbage_collector_(ReportingGarbageCollector::Create(this)) {} + +} // namespace net diff --git a/chromium/net/reporting/reporting_context.h b/chromium/net/reporting/reporting_context.h new file mode 100644 index 00000000000..75aa11918ae --- /dev/null +++ b/chromium/net/reporting/reporting_context.h @@ -0,0 +1,116 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_REPORTING_REPORTING_CONTEXT_H_ +#define NET_REPORTING_REPORTING_CONTEXT_H_ + +#include <memory> + +#include "base/observer_list.h" +#include "base/time/time.h" +#include "net/base/backoff_entry.h" +#include "net/base/net_export.h" +#include "net/reporting/reporting_policy.h" + +namespace base { +class Clock; +class TickClock; +} // namespace base + +namespace net { + +class ReportingCache; +class ReportingDelegate; +class ReportingDeliveryAgent; +class ReportingEndpointManager; +class ReportingGarbageCollector; +class ReportingObserver; +class ReportingPersister; +class ReportingUploader; +class URLRequestContext; + +// Contains the various internal classes that make up the Reporting system. +// Wrapped by ReportingService, which provides the external interface. +class NET_EXPORT ReportingContext { + public: + static std::unique_ptr<ReportingContext> Create( + const ReportingPolicy& policy, + std::unique_ptr<ReportingDelegate> delegate, + URLRequestContext* request_context); + + ~ReportingContext(); + + // Initializes the ReportingContext. This may take a while (e.g. it may + // involve reloading state persisted to disk). Should be called only once. + // + // Components of the ReportingContext won't reference their dependencies (e.g. + // the Clock/TickClock or Timers inside the individual components) until + // during/after the call to Init. + void Initialize(); + + bool initialized() const { return initialized_; } + + const ReportingPolicy& policy() { return policy_; } + ReportingDelegate* delegate() { return delegate_.get(); } + + base::Clock* clock() { return clock_.get(); } + base::TickClock* tick_clock() { return tick_clock_.get(); } + ReportingUploader* uploader() { return uploader_.get(); } + + ReportingCache* cache() { return cache_.get(); } + ReportingEndpointManager* endpoint_manager() { + return endpoint_manager_.get(); + } + ReportingDeliveryAgent* delivery_agent() { return delivery_agent_.get(); } + ReportingGarbageCollector* garbage_collector() { + return garbage_collector_.get(); + } + + ReportingPersister* persister() { return persister_.get(); } + + void AddObserver(ReportingObserver* observer); + void RemoveObserver(ReportingObserver* observer); + + void NotifyCacheUpdated(); + + protected: + ReportingContext(const ReportingPolicy& policy, + std::unique_ptr<ReportingDelegate> delegate, + std::unique_ptr<base::Clock> clock, + std::unique_ptr<base::TickClock> tick_clock, + std::unique_ptr<ReportingUploader> uploader); + + private: + ReportingPolicy policy_; + std::unique_ptr<ReportingDelegate> delegate_; + + std::unique_ptr<base::Clock> clock_; + std::unique_ptr<base::TickClock> tick_clock_; + std::unique_ptr<ReportingUploader> uploader_; + + base::ObserverList<ReportingObserver, /* check_empty= */ true> observers_; + bool initialized_; + + std::unique_ptr<ReportingCache> cache_; + + // |endpoint_manager_| must come after |tick_clock_| and |cache_|. + std::unique_ptr<ReportingEndpointManager> endpoint_manager_; + + // |delivery_agent_| must come after |tick_clock_|, |uploader_|, |cache_|, + // and |endpoint_manager_|. + std::unique_ptr<ReportingDeliveryAgent> delivery_agent_; + + // |persister_| must come after |delegate_|, |clock_|, |tick_clock_|, and + // |cache_|. + std::unique_ptr<ReportingPersister> persister_; + + // |garbage_collector_| must come after |tick_clock_| and |cache_|. + std::unique_ptr<ReportingGarbageCollector> garbage_collector_; + + DISALLOW_COPY_AND_ASSIGN(ReportingContext); +}; + +} // namespace net + +#endif // NET_REPORTING_REPORTING_CONTEXT_H_ diff --git a/chromium/net/reporting/reporting_delegate.cc b/chromium/net/reporting/reporting_delegate.cc new file mode 100644 index 00000000000..cef5bafa28c --- /dev/null +++ b/chromium/net/reporting/reporting_delegate.cc @@ -0,0 +1,13 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_delegate.h" + +namespace net { + +ReportingDelegate::~ReportingDelegate() {} + +ReportingDelegate::ReportingDelegate() {} + +} // namespace net diff --git a/chromium/net/reporting/reporting_delegate.h b/chromium/net/reporting/reporting_delegate.h new file mode 100644 index 00000000000..57d01ab4a6a --- /dev/null +++ b/chromium/net/reporting/reporting_delegate.h @@ -0,0 +1,45 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_REPORTING_REPORTING_DELEGATE_H_ +#define NET_REPORTING_REPORTING_DELEGATE_H_ + +#include <memory> + +#include "base/macros.h" +#include "net/base/net_export.h" + +namespace base { +class Value; +} // namespace base + +namespace net { + +// Delegate for things that the Reporting system can't do by itself, like +// persisting data across embedder restarts. +class NET_EXPORT ReportingDelegate { + public: + virtual ~ReportingDelegate(); + + // Gets previously persisted data, if any is available. Returns a null pointer + // if no data is available. Can be called any number of times. + virtual std::unique_ptr<const base::Value> GetPersistedData() = 0; + + // Sets data to be persisted across embedder restarts. Ideally, this data will + // be returned by any future calls to GetPersistedData() in this or future + // sessions (until newer data is persisted), but no guarantee is made, since + // the underlying persistence mechanism may or may not be reliable. + virtual void PersistData( + std::unique_ptr<const base::Value> persisted_data) = 0; + + protected: + ReportingDelegate(); + + private: + DISALLOW_COPY_AND_ASSIGN(ReportingDelegate); +}; + +} // namespace net + +#endif // NET_REPORTING_REPORTING_DELEGATE_H_ diff --git a/chromium/net/reporting/reporting_delivery_agent.cc b/chromium/net/reporting/reporting_delivery_agent.cc new file mode 100644 index 00000000000..f39dde936ea --- /dev/null +++ b/chromium/net/reporting/reporting_delivery_agent.cc @@ -0,0 +1,142 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_delivery_agent.h" + +#include <map> +#include <string> +#include <vector> + +#include "base/bind.h" +#include "base/json/json_writer.h" +#include "base/logging.h" +#include "base/memory/ptr_util.h" +#include "base/time/tick_clock.h" +#include "base/values.h" +#include "net/reporting/reporting_cache.h" +#include "net/reporting/reporting_endpoint_manager.h" +#include "net/reporting/reporting_report.h" +#include "net/reporting/reporting_uploader.h" +#include "url/gurl.h" +#include "url/origin.h" + +namespace net { + +namespace { + +void SerializeReports(const std::vector<const ReportingReport*>& reports, + base::TimeTicks now, + std::string* json_out) { + base::ListValue reports_value; + + for (const ReportingReport* report : reports) { + std::unique_ptr<base::DictionaryValue> report_value = + base::MakeUnique<base::DictionaryValue>(); + + report_value->SetInteger("age", (now - report->queued).InMilliseconds()); + report_value->SetString("type", report->type); + report_value->SetString("url", report->url.spec()); + report_value->Set("report", report->body->DeepCopy()); + + reports_value.Append(std::move(report_value)); + } + + bool json_written = base::JSONWriter::Write(reports_value, json_out); + DCHECK(json_written); +} + +} // namespace + +ReportingDeliveryAgent::ReportingDeliveryAgent(ReportingContext* context) + : context_(context), weak_factory_(this) {} +ReportingDeliveryAgent::~ReportingDeliveryAgent() {} + +class ReportingDeliveryAgent::Delivery { + public: + Delivery(const GURL& endpoint, + const std::vector<const ReportingReport*>& reports) + : endpoint(endpoint), reports(reports) {} + + ~Delivery() {} + + const GURL endpoint; + const std::vector<const ReportingReport*> reports; +}; + +void ReportingDeliveryAgent::SendReports() { + std::vector<const ReportingReport*> reports; + cache()->GetReports(&reports); + + // Sort reports into (origin, group) buckets. + std::map<OriginGroup, std::vector<const ReportingReport*>> + origin_group_reports; + for (const ReportingReport* report : reports) { + OriginGroup origin_group(url::Origin(report->url), report->group); + origin_group_reports[origin_group].push_back(report); + } + + // Find endpoint for each (origin, group) bucket and sort reports into + // endpoint buckets. Don't allow concurrent deliveries to the same (origin, + // group) bucket. + std::map<GURL, std::vector<const ReportingReport*>> endpoint_reports; + for (auto& it : origin_group_reports) { + const OriginGroup& origin_group = it.first; + + if (base::ContainsKey(pending_origin_groups_, origin_group)) + continue; + + GURL endpoint_url; + if (!endpoint_manager()->FindEndpointForOriginAndGroup( + origin_group.first, origin_group.second, &endpoint_url)) { + continue; + } + + endpoint_reports[endpoint_url].insert(endpoint_reports[endpoint_url].end(), + it.second.begin(), it.second.end()); + pending_origin_groups_.insert(origin_group); + } + + // Start a delivery to each endpoint. + for (auto& it : endpoint_reports) { + const GURL& endpoint = it.first; + const std::vector<const ReportingReport*>& reports = it.second; + + endpoint_manager()->SetEndpointPending(endpoint); + cache()->SetReportsPending(reports); + + std::string json; + SerializeReports(reports, tick_clock()->NowTicks(), &json); + + uploader()->StartUpload( + endpoint, json, + base::Bind(&ReportingDeliveryAgent::OnUploadComplete, + weak_factory_.GetWeakPtr(), + base::MakeUnique<Delivery>(endpoint, reports))); + } +} + +void ReportingDeliveryAgent::OnUploadComplete( + const std::unique_ptr<Delivery>& delivery, + ReportingUploader::Outcome outcome) { + if (outcome == ReportingUploader::Outcome::SUCCESS) { + cache()->RemoveReports(delivery->reports); + endpoint_manager()->InformOfEndpointRequest(delivery->endpoint, true); + } else { + cache()->IncrementReportsAttempts(delivery->reports); + endpoint_manager()->InformOfEndpointRequest(delivery->endpoint, false); + } + + if (outcome == ReportingUploader::Outcome::REMOVE_ENDPOINT) + cache()->RemoveClientsForEndpoint(delivery->endpoint); + + for (const ReportingReport* report : delivery->reports) { + pending_origin_groups_.erase( + OriginGroup(url::Origin(report->url), report->group)); + } + + endpoint_manager()->ClearEndpointPending(delivery->endpoint); + cache()->ClearReportsPending(delivery->reports); +} + +} // namespace net diff --git a/chromium/net/reporting/reporting_delivery_agent.h b/chromium/net/reporting/reporting_delivery_agent.h new file mode 100644 index 00000000000..eaae8a3ae62 --- /dev/null +++ b/chromium/net/reporting/reporting_delivery_agent.h @@ -0,0 +1,99 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_REPORTING_REPORTING_DELIVERY_AGENT_H_ +#define NET_REPORTING_REPORTING_DELIVERY_AGENT_H_ + +#include <memory> +#include <set> +#include <string> +#include <utility> + +#include "base/macros.h" +#include "base/memory/weak_ptr.h" +#include "net/base/backoff_entry.h" +#include "net/base/net_export.h" +#include "net/reporting/reporting_context.h" +#include "net/reporting/reporting_uploader.h" +#include "url/gurl.h" +#include "url/origin.h" + +namespace base { +class TickClock; +} // namespace base + +namespace net { + +class ReportingCache; +class ReportingEndpointManager; + +// Takes reports from the ReportingCache, assembles reports into deliveries to +// endpoints, and sends those deliveries using ReportingUploader. +// +// Since the Reporting spec is completely silent on issues of concurrency, the +// delivery agent handles it as so: +// +// 1. An individual report can only be included in one delivery at once -- if +// SendReports is called again while a report is being delivered, it won't +// be included in another delivery during that call to SendReports. (This is, +// in fact, made redundant by rule 3, but it's included anyway in case rule 3 +// changes.) +// +// 2. An endpoint can only be the target of one delivery at once -- if +// SendReports is called again with reports that could be delivered to that +// endpoint, they won't be delivered to that endpoint. +// +// 3. Reports for an (origin, group) tuple can only be included in one delivery +// at once -- if SendReports is called again with reports in that (origin, +// group), they won't be included in any delivery during that call to +// SendReports. (This prevents the agent from getting around rule 2 by using +// other endpoints in the same group.) +// +// 4. Reports for the same origin *can* be included in multiple parallel +// deliveries if they are in different groups within that origin. +// +// (Note that a single delivery can contain an infinite number of reports.) +// +// TODO(juliatuttle): Consider capping the maximum number of reports per +// delivery attempt. +class NET_EXPORT ReportingDeliveryAgent { + public: + // |context| must outlive the ReportingDeliveryAgent. + ReportingDeliveryAgent(ReportingContext* context); + ~ReportingDeliveryAgent(); + + // Tries to deliver all of the reports in the cache. Reports that are already + // being delivered will not be attempted a second time, and reports that do + // not have a viable endpoint will be neither attempted nor removed. + void SendReports(); + + private: + class Delivery; + + using OriginGroup = std::pair<url::Origin, std::string>; + + void OnUploadComplete(const std::unique_ptr<Delivery>& delivery, + ReportingUploader::Outcome outcome); + + base::TickClock* tick_clock() { return context_->tick_clock(); } + ReportingCache* cache() { return context_->cache(); } + ReportingUploader* uploader() { return context_->uploader(); } + ReportingEndpointManager* endpoint_manager() { + return context_->endpoint_manager(); + } + + ReportingContext* context_; + + // Tracks OriginGroup tuples for which there is a pending delivery running. + // (Would be an unordered_set, but there's no hash on pair.) + std::set<OriginGroup> pending_origin_groups_; + + base::WeakPtrFactory<ReportingDeliveryAgent> weak_factory_; + + DISALLOW_COPY_AND_ASSIGN(ReportingDeliveryAgent); +}; + +} // namespace net + +#endif // NET_REPORTING_REPORTING_DELIVERY_AGENT_H_ diff --git a/chromium/net/reporting/reporting_delivery_agent_unittest.cc b/chromium/net/reporting/reporting_delivery_agent_unittest.cc new file mode 100644 index 00000000000..d62f97c0133 --- /dev/null +++ b/chromium/net/reporting/reporting_delivery_agent_unittest.cc @@ -0,0 +1,318 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_delivery_agent.h" + +#include <vector> + +#include "base/json/json_reader.h" +#include "base/memory/ptr_util.h" +#include "base/test/simple_test_tick_clock.h" +#include "base/test/values_test_util.h" +#include "base/time/time.h" +#include "base/values.h" +#include "net/base/backoff_entry.h" +#include "net/reporting/reporting_cache.h" +#include "net/reporting/reporting_report.h" +#include "net/reporting/reporting_test_util.h" +#include "net/reporting/reporting_uploader.h" +#include "testing/gtest/include/gtest/gtest.h" +#include "url/gurl.h" +#include "url/origin.h" + +namespace net { +namespace { + +class ReportingDeliveryAgentTest : public ReportingTestBase { + protected: + ReportingDeliveryAgentTest() { + ReportingPolicy policy; + policy.endpoint_backoff_policy.num_errors_to_ignore = 0; + policy.endpoint_backoff_policy.initial_delay_ms = 60000; + policy.endpoint_backoff_policy.multiply_factor = 2.0; + policy.endpoint_backoff_policy.jitter_factor = 0.0; + policy.endpoint_backoff_policy.maximum_backoff_ms = -1; + policy.endpoint_backoff_policy.entry_lifetime_ms = 0; + policy.endpoint_backoff_policy.always_use_initial_delay = false; + UsePolicy(policy); + } + + base::TimeTicks tomorrow() { + return tick_clock()->NowTicks() + base::TimeDelta::FromDays(1); + } + + const std::vector<std::unique_ptr<TestReportingUploader::PendingUpload>>& + pending_uploads() { + return uploader()->pending_uploads(); + } + + const GURL kUrl_ = GURL("https://origin/path"); + const url::Origin kOrigin_ = url::Origin(GURL("https://origin/")); + const GURL kEndpoint_ = GURL("https://endpoint/"); + const std::string kGroup_ = "group"; + const std::string kType_ = "type"; +}; + +TEST_F(ReportingDeliveryAgentTest, SuccessfulUpload) { + static const int kAgeMillis = 12345; + + base::DictionaryValue body; + body.SetString("key", "value"); + + cache()->SetClient(kOrigin_, kEndpoint_, ReportingClient::Subdomains::EXCLUDE, + kGroup_, tomorrow()); + cache()->AddReport(kUrl_, kGroup_, kType_, body.CreateDeepCopy(), + tick_clock()->NowTicks(), 0); + + tick_clock()->Advance(base::TimeDelta::FromMilliseconds(kAgeMillis)); + + delivery_agent()->SendReports(); + + ASSERT_EQ(1u, pending_uploads().size()); + EXPECT_EQ(kEndpoint_, pending_uploads()[0]->url()); + { + auto value = pending_uploads()[0]->GetValue(); + + base::ListValue* list; + ASSERT_TRUE(value->GetAsList(&list)); + EXPECT_EQ(1u, list->GetSize()); + + base::DictionaryValue* report; + ASSERT_TRUE(list->GetDictionary(0, &report)); + EXPECT_EQ(4u, report->size()); + + ExpectDictIntegerValue(kAgeMillis, *report, "age"); + ExpectDictStringValue(kType_, *report, "type"); + ExpectDictStringValue(kUrl_.spec(), *report, "url"); + ExpectDictDictionaryValue(body, *report, "report"); + } + pending_uploads()[0]->Complete(ReportingUploader::Outcome::SUCCESS); + + // Successful upload should remove delivered reports. + std::vector<const ReportingReport*> reports; + cache()->GetReports(&reports); + EXPECT_TRUE(reports.empty()); + + // TODO(juliatuttle): Check that BackoffEntry was informed of success. +} + +TEST_F(ReportingDeliveryAgentTest, FailedUpload) { + cache()->SetClient(kOrigin_, kEndpoint_, ReportingClient::Subdomains::EXCLUDE, + kGroup_, tomorrow()); + cache()->AddReport(kUrl_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + + delivery_agent()->SendReports(); + + ASSERT_EQ(1u, pending_uploads().size()); + pending_uploads()[0]->Complete(ReportingUploader::Outcome::FAILURE); + + // Failed upload should increment reports' attempts. + std::vector<const ReportingReport*> reports; + cache()->GetReports(&reports); + ASSERT_EQ(1u, reports.size()); + EXPECT_EQ(1, reports[0]->attempts); + + // Since endpoint is now failing, an upload won't be started despite a pending + // report. + ASSERT_TRUE(pending_uploads().empty()); + delivery_agent()->SendReports(); + EXPECT_TRUE(pending_uploads().empty()); +} + +TEST_F(ReportingDeliveryAgentTest, RemoveEndpointUpload) { + static const url::Origin kDifferentOrigin(GURL("https://origin2/")); + + cache()->SetClient(kOrigin_, kEndpoint_, ReportingClient::Subdomains::EXCLUDE, + kGroup_, tomorrow()); + cache()->SetClient(kDifferentOrigin, kEndpoint_, + ReportingClient::Subdomains::EXCLUDE, kGroup_, tomorrow()); + ASSERT_TRUE(FindClientInCache(cache(), kOrigin_, kEndpoint_)); + ASSERT_TRUE(FindClientInCache(cache(), kDifferentOrigin, kEndpoint_)); + + cache()->AddReport(kUrl_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + + delivery_agent()->SendReports(); + + ASSERT_EQ(1u, pending_uploads().size()); + pending_uploads()[0]->Complete(ReportingUploader::Outcome::REMOVE_ENDPOINT); + + // "Remove endpoint" upload should remove endpoint from *all* origins and + // increment reports' attempts. + std::vector<const ReportingReport*> reports; + cache()->GetReports(&reports); + ASSERT_EQ(1u, reports.size()); + EXPECT_EQ(1, reports[0]->attempts); + + EXPECT_FALSE(FindClientInCache(cache(), kOrigin_, kEndpoint_)); + EXPECT_FALSE(FindClientInCache(cache(), kDifferentOrigin, kEndpoint_)); + + // Since endpoint is now failing, an upload won't be started despite a pending + // report. + delivery_agent()->SendReports(); + EXPECT_TRUE(pending_uploads().empty()); +} + +TEST_F(ReportingDeliveryAgentTest, ConcurrentRemove) { + cache()->SetClient(kOrigin_, kEndpoint_, ReportingClient::Subdomains::EXCLUDE, + kGroup_, tomorrow()); + cache()->AddReport(kUrl_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + + delivery_agent()->SendReports(); + ASSERT_EQ(1u, pending_uploads().size()); + + // Remove the report while the upload is running. + std::vector<const ReportingReport*> reports; + cache()->GetReports(&reports); + EXPECT_EQ(1u, reports.size()); + + const ReportingReport* report = reports[0]; + EXPECT_FALSE(cache()->IsReportDoomedForTesting(report)); + + // Report should appear removed, even though the cache has doomed it. + cache()->RemoveReports(reports); + cache()->GetReports(&reports); + EXPECT_TRUE(reports.empty()); + EXPECT_TRUE(cache()->IsReportDoomedForTesting(report)); + + // Completing upload shouldn't crash, and report should still be gone. + pending_uploads()[0]->Complete(ReportingUploader::Outcome::SUCCESS); + cache()->GetReports(&reports); + EXPECT_TRUE(reports.empty()); + // This is slightly sketchy since |report| has been freed, but it nonetheless + // should not be in the set of doomed reports. + EXPECT_FALSE(cache()->IsReportDoomedForTesting(report)); +} + +// Test that the agent will combine reports destined for the same endpoint, even +// if the reports are from different origins. +TEST_F(ReportingDeliveryAgentTest, + BatchReportsFromDifferentOriginsToSameEndpoint) { + static const GURL kDifferentUrl("https://origin2/path"); + static const url::Origin kDifferentOrigin(kDifferentUrl); + + cache()->SetClient(kOrigin_, kEndpoint_, ReportingClient::Subdomains::EXCLUDE, + kGroup_, tomorrow()); + cache()->SetClient(kDifferentOrigin, kEndpoint_, + ReportingClient::Subdomains::EXCLUDE, kGroup_, tomorrow()); + + cache()->AddReport(kUrl_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + cache()->AddReport(kDifferentUrl, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + + delivery_agent()->SendReports(); + ASSERT_EQ(1u, pending_uploads().size()); + + pending_uploads()[0]->Complete(ReportingUploader::Outcome::SUCCESS); + EXPECT_EQ(0u, pending_uploads().size()); +} + +// Test that the agent won't start a second upload to the same endpoint (even +// for a different origin) while one is pending, but will once it is no longer +// pending. +TEST_F(ReportingDeliveryAgentTest, SerializeUploadsToEndpoint) { + static const GURL kDifferentUrl("https://origin2/path"); + static const url::Origin kDifferentOrigin(kDifferentUrl); + + cache()->SetClient(kOrigin_, kEndpoint_, ReportingClient::Subdomains::EXCLUDE, + kGroup_, tomorrow()); + cache()->SetClient(kDifferentOrigin, kEndpoint_, + ReportingClient::Subdomains::EXCLUDE, kGroup_, tomorrow()); + + cache()->AddReport(kUrl_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + + delivery_agent()->SendReports(); + EXPECT_EQ(1u, pending_uploads().size()); + + cache()->AddReport(kDifferentUrl, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + + delivery_agent()->SendReports(); + ASSERT_EQ(1u, pending_uploads().size()); + + pending_uploads()[0]->Complete(ReportingUploader::Outcome::SUCCESS); + EXPECT_EQ(0u, pending_uploads().size()); + + delivery_agent()->SendReports(); + ASSERT_EQ(1u, pending_uploads().size()); + + pending_uploads()[0]->Complete(ReportingUploader::Outcome::SUCCESS); + EXPECT_EQ(0u, pending_uploads().size()); +} + +// Test that the agent won't start a second upload for an (origin, group) while +// one is pending, even if a different endpoint is available, but will once the +// original delivery is complete and the (origin, group) is no longer pending. +TEST_F(ReportingDeliveryAgentTest, SerializeUploadsToGroup) { + static const GURL kDifferentEndpoint("https://endpoint2/"); + + cache()->SetClient(kOrigin_, kEndpoint_, ReportingClient::Subdomains::EXCLUDE, + kGroup_, tomorrow()); + cache()->SetClient(kOrigin_, kDifferentEndpoint, + ReportingClient::Subdomains::EXCLUDE, kGroup_, tomorrow()); + + cache()->AddReport(kUrl_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + + delivery_agent()->SendReports(); + EXPECT_EQ(1u, pending_uploads().size()); + + cache()->AddReport(kUrl_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + + delivery_agent()->SendReports(); + ASSERT_EQ(1u, pending_uploads().size()); + + pending_uploads()[0]->Complete(ReportingUploader::Outcome::SUCCESS); + EXPECT_EQ(0u, pending_uploads().size()); + + delivery_agent()->SendReports(); + ASSERT_EQ(1u, pending_uploads().size()); + + pending_uploads()[0]->Complete(ReportingUploader::Outcome::SUCCESS); + EXPECT_EQ(0u, pending_uploads().size()); +} + +// Tests that the agent will start parallel uploads to different groups within +// the same origin. +TEST_F(ReportingDeliveryAgentTest, ParallelizeUploadsAcrossGroups) { + static const GURL kDifferentEndpoint("https://endpoint2/"); + static const std::string kDifferentGroup("group2"); + + cache()->SetClient(kOrigin_, kEndpoint_, ReportingClient::Subdomains::EXCLUDE, + kGroup_, tomorrow()); + cache()->SetClient(kOrigin_, kDifferentEndpoint, + ReportingClient::Subdomains::EXCLUDE, kDifferentGroup, + tomorrow()); + + cache()->AddReport(kUrl_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + cache()->AddReport(kUrl_, kDifferentGroup, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + + delivery_agent()->SendReports(); + ASSERT_EQ(2u, pending_uploads().size()); + + pending_uploads()[1]->Complete(ReportingUploader::Outcome::SUCCESS); + pending_uploads()[0]->Complete(ReportingUploader::Outcome::SUCCESS); + EXPECT_EQ(0u, pending_uploads().size()); +} + +} // namespace +} // namespace net diff --git a/chromium/net/reporting/reporting_endpoint_manager.cc b/chromium/net/reporting/reporting_endpoint_manager.cc new file mode 100644 index 00000000000..3d533dafbdf --- /dev/null +++ b/chromium/net/reporting/reporting_endpoint_manager.cc @@ -0,0 +1,80 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_endpoint_manager.h" + +#include <string> +#include <vector> + +#include "base/logging.h" +#include "base/memory/ptr_util.h" +#include "base/rand_util.h" +#include "base/stl_util.h" +#include "base/time/tick_clock.h" +#include "net/base/backoff_entry.h" +#include "net/reporting/reporting_cache.h" +#include "net/reporting/reporting_client.h" +#include "net/reporting/reporting_policy.h" +#include "url/gurl.h" +#include "url/origin.h" + +namespace net { + +ReportingEndpointManager::ReportingEndpointManager(ReportingContext* context) + : context_(context) {} + +ReportingEndpointManager::~ReportingEndpointManager() {} + +bool ReportingEndpointManager::FindEndpointForOriginAndGroup( + const url::Origin& origin, + const std::string& group, + GURL* endpoint_url_out) { + std::vector<const ReportingClient*> clients; + cache()->GetClientsForOriginAndGroup(origin, group, &clients); + + // Filter out expired, pending, and backed-off endpoints. + std::vector<const ReportingClient*> available_clients; + base::TimeTicks now = tick_clock()->NowTicks(); + for (const ReportingClient* client : clients) { + if (client->expires < now) + continue; + if (base::ContainsKey(pending_endpoints_, client->endpoint)) + continue; + if (base::ContainsKey(endpoint_backoff_, client->endpoint) && + endpoint_backoff_[client->endpoint]->ShouldRejectRequest()) { + continue; + } + available_clients.push_back(client); + } + + if (available_clients.empty()) { + *endpoint_url_out = GURL(); + return false; + } + + int random_index = base::RandInt(0, available_clients.size() - 1); + *endpoint_url_out = available_clients[random_index]->endpoint; + return true; +} + +void ReportingEndpointManager::SetEndpointPending(const GURL& endpoint) { + DCHECK(!base::ContainsKey(pending_endpoints_, endpoint)); + pending_endpoints_.insert(endpoint); +} + +void ReportingEndpointManager::ClearEndpointPending(const GURL& endpoint) { + DCHECK(base::ContainsKey(pending_endpoints_, endpoint)); + pending_endpoints_.erase(endpoint); +} + +void ReportingEndpointManager::InformOfEndpointRequest(const GURL& endpoint, + bool succeeded) { + if (!base::ContainsKey(endpoint_backoff_, endpoint)) { + endpoint_backoff_[endpoint] = base::MakeUnique<BackoffEntry>( + &policy().endpoint_backoff_policy, tick_clock()); + } + endpoint_backoff_[endpoint]->InformOfRequest(succeeded); +} + +} // namespace net diff --git a/chromium/net/reporting/reporting_endpoint_manager.h b/chromium/net/reporting/reporting_endpoint_manager.h new file mode 100644 index 00000000000..e3cc8277fa7 --- /dev/null +++ b/chromium/net/reporting/reporting_endpoint_manager.h @@ -0,0 +1,82 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_REPORTING_REPORTING_ENDPOINT_MANAGER_H_ +#define NET_REPORTING_REPORTING_ENDPOINT_MANAGER_H_ + +#include <map> +#include <memory> +#include <set> +#include <string> + +#include "base/macros.h" +#include "base/time/tick_clock.h" +#include "net/base/backoff_entry.h" +#include "net/base/net_export.h" +#include "net/reporting/reporting_context.h" + +class GURL; + +namespace base { +class TickClock; +} // namespace base + +namespace url { +class Origin; +} // namespace url + +namespace net { + +class ReportingCache; +struct ReportingPolicy; + +// Keeps track of which endpoints are pending (have active delivery attempts to +// them) or in exponential backoff after one or more failures, and chooses an +// endpoint from an endpoint group to receive reports for an origin. +class NET_EXPORT ReportingEndpointManager { + public: + // |context| must outlive the ReportingEndpointManager. + ReportingEndpointManager(ReportingContext* context); + ~ReportingEndpointManager(); + + // Finds an endpoint configured by |origin| in group |group| that is not + // pending, in exponential backoff from failed requests, or expired. + // + // Deliberately chooses an endpoint randomly to ensure sites aren't relying on + // any sort of fallback ordering. + // + // Returns true and sets |*endpoint_url_out| to the endpoint URL if an + // endpoint was chosen; returns false (and leaves |*endpoint_url_out| invalid) + // if no endpoint was found. + bool FindEndpointForOriginAndGroup(const url::Origin& origin, + const std::string& group, + GURL* endpoint_url_out); + + // Adds |endpoint| to the set of pending endpoints, preventing it from being + // chosen for a second parallel delivery attempt. + void SetEndpointPending(const GURL& endpoint); + + // Removes |endpoint| from the set of pending endpoints. + void ClearEndpointPending(const GURL& endpoint); + + // Informs the EndpointManager of a successful or unsuccessful request made to + // |endpoint| so it can manage exponential backoff of failing endpoints. + void InformOfEndpointRequest(const GURL& endpoint, bool succeeded); + + private: + const ReportingPolicy& policy() { return context_->policy(); } + base::TickClock* tick_clock() { return context_->tick_clock(); } + ReportingCache* cache() { return context_->cache(); } + + ReportingContext* context_; + + std::set<GURL> pending_endpoints_; + std::map<GURL, std::unique_ptr<net::BackoffEntry>> endpoint_backoff_; + + DISALLOW_COPY_AND_ASSIGN(ReportingEndpointManager); +}; + +} // namespace net + +#endif // NET_REPORTING_REPORTING_ENDPOINT_MANAGER_H_ diff --git a/chromium/net/reporting/reporting_endpoint_manager_unittest.cc b/chromium/net/reporting/reporting_endpoint_manager_unittest.cc new file mode 100644 index 00000000000..113128dbf50 --- /dev/null +++ b/chromium/net/reporting/reporting_endpoint_manager_unittest.cc @@ -0,0 +1,178 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_endpoint_manager.h" + +#include <string> + +#include "base/test/simple_test_tick_clock.h" +#include "base/time/time.h" +#include "net/base/backoff_entry.h" +#include "net/reporting/reporting_cache.h" +#include "net/reporting/reporting_client.h" +#include "net/reporting/reporting_policy.h" +#include "net/reporting/reporting_test_util.h" +#include "testing/gtest/include/gtest/gtest.h" +#include "url/gurl.h" +#include "url/origin.h" + +namespace net { +namespace { + +class ReportingEndpointManagerTest : public ReportingTestBase { + protected: + const url::Origin kOrigin_ = url::Origin(GURL("https://origin/")); + const GURL kEndpoint_ = GURL("https://endpoint/"); + const std::string kGroup_ = "group"; +}; + +TEST_F(ReportingEndpointManagerTest, NoEndpoint) { + GURL endpoint_url; + bool found_endpoint = endpoint_manager()->FindEndpointForOriginAndGroup( + kOrigin_, kGroup_, &endpoint_url); + EXPECT_FALSE(found_endpoint); +} + +TEST_F(ReportingEndpointManagerTest, Endpoint) { + cache()->SetClient(kOrigin_, kEndpoint_, ReportingClient::Subdomains::EXCLUDE, + kGroup_, tomorrow()); + + GURL endpoint_url; + bool found_endpoint = endpoint_manager()->FindEndpointForOriginAndGroup( + kOrigin_, kGroup_, &endpoint_url); + EXPECT_TRUE(found_endpoint); + EXPECT_EQ(kEndpoint_, endpoint_url); +} + +TEST_F(ReportingEndpointManagerTest, ExpiredEndpoint) { + cache()->SetClient(kOrigin_, kEndpoint_, ReportingClient::Subdomains::EXCLUDE, + kGroup_, yesterday()); + + GURL endpoint_url; + bool found_endpoint = endpoint_manager()->FindEndpointForOriginAndGroup( + kOrigin_, kGroup_, &endpoint_url); + EXPECT_FALSE(found_endpoint); +} + +TEST_F(ReportingEndpointManagerTest, PendingEndpoint) { + cache()->SetClient(kOrigin_, kEndpoint_, ReportingClient::Subdomains::EXCLUDE, + kGroup_, tomorrow()); + + endpoint_manager()->SetEndpointPending(kEndpoint_); + + GURL endpoint_url; + bool found_endpoint = endpoint_manager()->FindEndpointForOriginAndGroup( + kOrigin_, kGroup_, &endpoint_url); + EXPECT_FALSE(found_endpoint); + + endpoint_manager()->ClearEndpointPending(kEndpoint_); + + found_endpoint = endpoint_manager()->FindEndpointForOriginAndGroup( + kOrigin_, kGroup_, &endpoint_url); + EXPECT_TRUE(found_endpoint); + EXPECT_EQ(kEndpoint_, endpoint_url); +} + +TEST_F(ReportingEndpointManagerTest, BackedOffEndpoint) { + ASSERT_EQ(2.0, policy().endpoint_backoff_policy.multiply_factor); + + base::TimeDelta initial_delay = base::TimeDelta::FromMilliseconds( + policy().endpoint_backoff_policy.initial_delay_ms); + + cache()->SetClient(kOrigin_, kEndpoint_, ReportingClient::Subdomains::EXCLUDE, + kGroup_, tomorrow()); + + endpoint_manager()->InformOfEndpointRequest(kEndpoint_, false); + + // After one failure, endpoint is in exponential backoff. + GURL endpoint_url; + bool found_endpoint = endpoint_manager()->FindEndpointForOriginAndGroup( + kOrigin_, kGroup_, &endpoint_url); + EXPECT_FALSE(found_endpoint); + + // After initial delay, endpoint is usable again. + tick_clock()->Advance(initial_delay); + + found_endpoint = endpoint_manager()->FindEndpointForOriginAndGroup( + kOrigin_, kGroup_, &endpoint_url); + EXPECT_TRUE(found_endpoint); + EXPECT_EQ(kEndpoint_, endpoint_url); + + endpoint_manager()->InformOfEndpointRequest(kEndpoint_, false); + + // After a second failure, endpoint is backed off again. + found_endpoint = endpoint_manager()->FindEndpointForOriginAndGroup( + kOrigin_, kGroup_, &endpoint_url); + EXPECT_FALSE(found_endpoint); + + tick_clock()->Advance(initial_delay); + + // Next backoff is longer -- 2x the first -- so endpoint isn't usable yet. + found_endpoint = endpoint_manager()->FindEndpointForOriginAndGroup( + kOrigin_, kGroup_, &endpoint_url); + EXPECT_FALSE(found_endpoint); + + tick_clock()->Advance(initial_delay); + + // After 2x the initial delay, the endpoint is usable again. + found_endpoint = endpoint_manager()->FindEndpointForOriginAndGroup( + kOrigin_, kGroup_, &endpoint_url); + EXPECT_TRUE(found_endpoint); + EXPECT_EQ(kEndpoint_, endpoint_url); + + endpoint_manager()->InformOfEndpointRequest(kEndpoint_, true); + endpoint_manager()->InformOfEndpointRequest(kEndpoint_, true); + + // Two more successful requests should reset the backoff to the initial delay + // again. + endpoint_manager()->InformOfEndpointRequest(kEndpoint_, false); + + found_endpoint = endpoint_manager()->FindEndpointForOriginAndGroup( + kOrigin_, kGroup_, &endpoint_url); + EXPECT_FALSE(found_endpoint); + + tick_clock()->Advance(initial_delay); + + found_endpoint = endpoint_manager()->FindEndpointForOriginAndGroup( + kOrigin_, kGroup_, &endpoint_url); + EXPECT_TRUE(found_endpoint); +} + +// Make sure that multiple endpoints will all be returned at some point, to +// avoid accidentally or intentionally implementing any priority ordering. +TEST_F(ReportingEndpointManagerTest, RandomEndpoint) { + static const GURL kEndpoint_1("https://endpoint1/"); + static const GURL kEndpoint_2("https://endpoint2/"); + static const int kMaxAttempts = 20; + + cache()->SetClient(kOrigin_, kEndpoint_1, + ReportingClient::Subdomains::EXCLUDE, kGroup_, tomorrow()); + cache()->SetClient(kOrigin_, kEndpoint_2, + ReportingClient::Subdomains::EXCLUDE, kGroup_, tomorrow()); + + bool endpoint1_seen = false; + bool endpoint2_seen = false; + + for (int i = 0; i < kMaxAttempts; i++) { + GURL endpoint_url; + bool found_endpoint = endpoint_manager()->FindEndpointForOriginAndGroup( + kOrigin_, kGroup_, &endpoint_url); + ASSERT_TRUE(found_endpoint); + ASSERT_TRUE(endpoint_url == kEndpoint_1 || endpoint_url == kEndpoint_2); + + if (endpoint_url == kEndpoint_1) + endpoint1_seen = true; + else if (endpoint_url == kEndpoint_2) + endpoint2_seen = true; + + if (endpoint1_seen && endpoint2_seen) + break; + } + + EXPECT_TRUE(endpoint1_seen); + EXPECT_TRUE(endpoint2_seen); +} + +} // namespace +} // namespace net diff --git a/chromium/net/reporting/reporting_garbage_collector.cc b/chromium/net/reporting/reporting_garbage_collector.cc new file mode 100644 index 00000000000..76dbf3ad0e4 --- /dev/null +++ b/chromium/net/reporting/reporting_garbage_collector.cc @@ -0,0 +1,95 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_garbage_collector.h" + +#include <vector> + +#include "base/memory/ptr_util.h" +#include "base/time/tick_clock.h" +#include "base/time/time.h" +#include "base/timer/timer.h" +#include "net/reporting/reporting_cache.h" +#include "net/reporting/reporting_context.h" +#include "net/reporting/reporting_observer.h" +#include "net/reporting/reporting_policy.h" +#include "net/reporting/reporting_report.h" + +namespace net { + +namespace { + +class ReportingGarbageCollectorImpl : public ReportingGarbageCollector, + public ReportingObserver { + public: + ReportingGarbageCollectorImpl(ReportingContext* context) + : context_(context), timer_(base::MakeUnique<base::OneShotTimer>()) {} + + // ReportingGarbageCollector implementation: + + ~ReportingGarbageCollectorImpl() override { + DCHECK(context_->initialized()); + context_->RemoveObserver(this); + } + + void Initialize() override { + context_->AddObserver(this); + CollectGarbage(); + } + + void SetTimerForTesting(std::unique_ptr<base::Timer> timer) override { + DCHECK(!context_->initialized()); + timer_ = std::move(timer); + } + + // ReportingObserver implementation: + void OnCacheUpdated() override { + DCHECK(context_->initialized()); + if (!timer_->IsRunning()) + StartTimer(); + } + + private: + void StartTimer() { + timer_->Start(FROM_HERE, context_->policy().garbage_collection_interval, + base::Bind(&ReportingGarbageCollectorImpl::CollectGarbage, + base::Unretained(this))); + } + + void CollectGarbage() { + base::TimeTicks now = context_->tick_clock()->NowTicks(); + const ReportingPolicy& policy = context_->policy(); + + std::vector<const ReportingReport*> all_reports; + context_->cache()->GetReports(&all_reports); + + std::vector<const ReportingReport*> reports_to_remove; + for (const ReportingReport* report : all_reports) { + if (now - report->queued >= policy.max_report_age || + report->attempts >= policy.max_report_attempts) { + reports_to_remove.push_back(report); + } + } + + // Don't restart the timer on the garbage collector's own updates. + context_->RemoveObserver(this); + context_->cache()->RemoveReports(reports_to_remove); + context_->AddObserver(this); + } + + ReportingContext* context_; + std::unique_ptr<base::Timer> timer_; +}; + +} // namespace + +// static +std::unique_ptr<ReportingGarbageCollector> ReportingGarbageCollector::Create( + ReportingContext* context) { + return base::MakeUnique<ReportingGarbageCollectorImpl>(context); +} + +ReportingGarbageCollector::~ReportingGarbageCollector() {} + +} // namespace net diff --git a/chromium/net/reporting/reporting_garbage_collector.h b/chromium/net/reporting/reporting_garbage_collector.h new file mode 100644 index 00000000000..17bd9ab5626 --- /dev/null +++ b/chromium/net/reporting/reporting_garbage_collector.h @@ -0,0 +1,42 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_REPORTING_REPORTING_GARBAGE_COLLECTOR_H_ +#define NET_REPORTING_REPORTING_GARBAGE_COLLECTOR_H_ + +#include <memory> + +#include "net/base/net_export.h" + +namespace base { +class Timer; +} // namespace base + +namespace net { + +class ReportingContext; + +// Removes reports that have remained undelivered for too long or that have been +// included in too many failed delivery attempts. +class NET_EXPORT ReportingGarbageCollector { + public: + // Creates a ReportingGarbageCollector. |context| must outlive the garbage + // collector. + static std::unique_ptr<ReportingGarbageCollector> Create( + ReportingContext* context); + + virtual ~ReportingGarbageCollector(); + + // Initializes the GarbageCollector, which performs an initial garbage + // collection pass over any data already in the Cache. + virtual void Initialize() = 0; + + // Replaces the internal Timer used for scheduling garbage collection passes + // with a caller-specified one so that unittests can provide a MockTimer. + virtual void SetTimerForTesting(std::unique_ptr<base::Timer> timer) = 0; +}; + +} // namespace net + +#endif // NET_REPORTING_REPORTING_GARBAGE_COLLECTOR_H_ diff --git a/chromium/net/reporting/reporting_garbage_collector_unittest.cc b/chromium/net/reporting/reporting_garbage_collector_unittest.cc new file mode 100644 index 00000000000..19ed2b30052 --- /dev/null +++ b/chromium/net/reporting/reporting_garbage_collector_unittest.cc @@ -0,0 +1,91 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_garbage_collector.h" + +#include <string> + +#include "base/memory/ptr_util.h" +#include "base/test/simple_test_tick_clock.h" +#include "base/time/time.h" +#include "base/timer/mock_timer.h" +#include "net/reporting/reporting_cache.h" +#include "net/reporting/reporting_policy.h" +#include "net/reporting/reporting_report.h" +#include "net/reporting/reporting_test_util.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { +namespace { + +class ReportingGarbageCollectorTest : public ReportingTestBase { + protected: + size_t report_count() { + std::vector<const ReportingReport*> reports; + cache()->GetReports(&reports); + return reports.size(); + } + + const GURL kUrl_ = GURL("https://origin/path"); + const std::string kGroup_ = "group"; + const std::string kType_ = "default"; +}; + +// Make sure the garbage collector is actually present in the context. +TEST_F(ReportingGarbageCollectorTest, Created) { + EXPECT_NE(nullptr, garbage_collector()); +} + +// Make sure that the garbage collection timer is started and stopped correctly. +TEST_F(ReportingGarbageCollectorTest, Timer) { + EXPECT_FALSE(garbage_collection_timer()->IsRunning()); + + cache()->AddReport(kUrl_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + + EXPECT_TRUE(garbage_collection_timer()->IsRunning()); + + garbage_collection_timer()->Fire(); + + EXPECT_FALSE(garbage_collection_timer()->IsRunning()); +} + +TEST_F(ReportingGarbageCollectorTest, Report) { + cache()->AddReport(kUrl_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + garbage_collection_timer()->Fire(); + + EXPECT_EQ(1u, report_count()); +} + +TEST_F(ReportingGarbageCollectorTest, ExpiredReport) { + cache()->AddReport(kUrl_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + tick_clock()->Advance(2 * policy().max_report_age); + garbage_collection_timer()->Fire(); + + EXPECT_EQ(0u, report_count()); +} + +TEST_F(ReportingGarbageCollectorTest, FailedReport) { + cache()->AddReport(kUrl_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>(), + tick_clock()->NowTicks(), 0); + + std::vector<const ReportingReport*> reports; + cache()->GetReports(&reports); + for (int i = 0; i < policy().max_report_attempts; i++) { + cache()->IncrementReportsAttempts(reports); + } + + garbage_collection_timer()->Fire(); + + EXPECT_EQ(0u, report_count()); +} + +} // namespace +} // namespace net diff --git a/chromium/net/reporting/reporting_header_parser.cc b/chromium/net/reporting/reporting_header_parser.cc new file mode 100644 index 00000000000..8dbcb8e20ab --- /dev/null +++ b/chromium/net/reporting/reporting_header_parser.cc @@ -0,0 +1,98 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_header_parser.h" + +#include <string> + +#include "base/json/json_reader.h" +#include "base/logging.h" +#include "base/time/tick_clock.h" +#include "base/time/time.h" +#include "base/values.h" +#include "net/reporting/reporting_cache.h" +#include "net/reporting/reporting_context.h" + +namespace net { + +namespace { + +const char kUrlKey[] = "url"; +const char kIncludeSubdomainsKey[] = "includeSubdomains"; +const char kGroupKey[] = "group"; +const char kGroupDefaultValue[] = "default"; +const char kMaxAgeKey[] = "max-age"; + +} // namespace + +// static +void ReportingHeaderParser::ParseHeader(ReportingContext* context, + const GURL& url, + const std::string& json_value) { + DCHECK(url.SchemeIsCryptographic()); + + std::unique_ptr<base::Value> value = + base::JSONReader::Read("[" + json_value + "]"); + if (!value) + return; + + const base::ListValue* list = nullptr; + bool is_list = value->GetAsList(&list); + DCHECK(is_list); + + ReportingCache* cache = context->cache(); + base::TimeTicks now = context->tick_clock()->NowTicks(); + for (size_t i = 0; i < list->GetSize(); i++) { + const base::Value* endpoint = nullptr; + bool got_endpoint = list->Get(i, &endpoint); + DCHECK(got_endpoint); + ProcessEndpoint(cache, now, url, *endpoint); + } +} + +// static +void ReportingHeaderParser::ProcessEndpoint(ReportingCache* cache, + base::TimeTicks now, + const GURL& url, + const base::Value& value) { + const base::DictionaryValue* dict = nullptr; + if (!value.GetAsDictionary(&dict)) + return; + DCHECK(dict); + + std::string endpoint_url_string; + if (!dict->GetString(kUrlKey, &endpoint_url_string)) + return; + + GURL endpoint_url(endpoint_url_string); + if (!endpoint_url.is_valid()) + return; + if (!endpoint_url.SchemeIsCryptographic()) + return; + + int ttl_sec = -1; + if (!dict->GetInteger(kMaxAgeKey, &ttl_sec) || ttl_sec < 0) + return; + + std::string group = kGroupDefaultValue; + if (dict->HasKey(kGroupKey) && !dict->GetString(kGroupKey, &group)) + return; + + ReportingClient::Subdomains subdomains = ReportingClient::Subdomains::EXCLUDE; + bool subdomains_bool = false; + if (dict->HasKey(kIncludeSubdomainsKey) && + dict->GetBoolean(kIncludeSubdomainsKey, &subdomains_bool) && + subdomains_bool == true) { + subdomains = ReportingClient::Subdomains::INCLUDE; + } + + if (ttl_sec > 0) { + cache->SetClient(url::Origin(url), endpoint_url, subdomains, group, + now + base::TimeDelta::FromSeconds(ttl_sec)); + } else { + cache->RemoveClientForOriginAndEndpoint(url::Origin(url), endpoint_url); + } +} + +} // namespace net diff --git a/chromium/net/reporting/reporting_header_parser.h b/chromium/net/reporting/reporting_header_parser.h new file mode 100644 index 00000000000..2d7ac6ee242 --- /dev/null +++ b/chromium/net/reporting/reporting_header_parser.h @@ -0,0 +1,48 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_REPORTING_REPORTING_HEADER_PARSER_H_ +#define NET_REPORTING_REPORTING_HEADER_PARSER_H_ + +#include <string> + +#include "base/macros.h" +#include "base/time/time.h" +#include "net/base/net_export.h" + +class GURL; + +namespace base { +class Value; +} // namespace base + +namespace net { + +class ReportingCache; +class ReportingContext; + +class NET_EXPORT ReportingHeaderParser { + public: + static void ParseHeader(ReportingContext* context, + const GURL& url, + const std::string& json_value); + + private: + // Processes a single endpoint's parsed value from the Report-To header(s). + // Creates, updates, or removes a client in the cache as needed. + // + // |url| is the URL that the header came from. + // + // |value| is the parsed value. + static void ProcessEndpoint(ReportingCache* cache, + base::TimeTicks now, + const GURL& url, + const base::Value& value); + + DISALLOW_IMPLICIT_CONSTRUCTORS(ReportingHeaderParser); +}; + +} // namespace net + +#endif // NET_REPORTING_REPORTING_HEADER_PARSER_H_ diff --git a/chromium/net/reporting/reporting_header_parser_unittest.cc b/chromium/net/reporting/reporting_header_parser_unittest.cc new file mode 100644 index 00000000000..69210f2aa2f --- /dev/null +++ b/chromium/net/reporting/reporting_header_parser_unittest.cc @@ -0,0 +1,109 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_header_parser.h" + +#include <string> +#include <vector> + +#include "base/memory/ptr_util.h" +#include "base/test/simple_test_tick_clock.h" +#include "base/time/time.h" +#include "base/values.h" +#include "net/reporting/reporting_cache.h" +#include "net/reporting/reporting_client.h" +#include "net/reporting/reporting_test_util.h" +#include "testing/gtest/include/gtest/gtest.h" +#include "url/gurl.h" +#include "url/origin.h" + +namespace net { +namespace { + +class ReportingHeaderParserTest : public ReportingTestBase { + protected: + const GURL kUrl_ = GURL("https://origin/path"); + const url::Origin kOrigin_ = url::Origin(GURL("https://origin/")); + const GURL kEndpoint_ = GURL("https://endpoint/"); + const std::string kGroup_ = "group"; + const std::string kType_ = "type"; +}; + +TEST_F(ReportingHeaderParserTest, Invalid) { + static const struct { + const char* header_value; + const char* description; + } kInvalidHeaderTestCases[] = { + {"{\"max-age\":1}", "missing url"}, + {"{\"url\":0,\"max-age\":1}", "non-string url"}, + {"{\"url\":\"http://insecure/\",\"max-age\":1}", "insecure url"}, + + {"{\"url\":\"https://endpoint/\"}", "missing max-age"}, + {"{\"url\":\"https://endpoint/\",\"max-age\":\"\"}", + "non-integer max-age"}, + {"{\"url\":\"https://endpoint/\",\"max-age\":-1}", "negative max-age"}, + + {"{\"url\":\"https://endpoint/\",\"max-age\":1,\"group\":0}", + "non-string group"}, + + // Note that a non-boolean includeSubdomains field is *not* invalid, per + // the spec. + + {"[{\"url\":\"https://a/\",\"max-age\":1}," + "{\"url\":\"https://b/\",\"max-age\":1}]", + "wrapped in list"}}; + + for (size_t i = 0; i < arraysize(kInvalidHeaderTestCases); ++i) { + auto& test_case = kInvalidHeaderTestCases[i]; + ReportingHeaderParser::ParseHeader(context(), kUrl_, + test_case.header_value); + + std::vector<const ReportingClient*> clients; + cache()->GetClients(&clients); + EXPECT_TRUE(clients.empty()) + << "Invalid Report-To header (" << test_case.description << ": \"" + << test_case.header_value << "\") parsed as valid."; + } +} + +TEST_F(ReportingHeaderParserTest, Valid) { + ReportingHeaderParser::ParseHeader( + context(), kUrl_, + "{\"url\":\"" + kEndpoint_.spec() + "\",\"max-age\":86400}"); + + const ReportingClient* client = + FindClientInCache(cache(), kOrigin_, kEndpoint_); + ASSERT_TRUE(client); + EXPECT_EQ(kOrigin_, client->origin); + EXPECT_EQ(kEndpoint_, client->endpoint); + EXPECT_EQ(ReportingClient::Subdomains::EXCLUDE, client->subdomains); + EXPECT_EQ(86400, (client->expires - tick_clock()->NowTicks()).InSeconds()); +} + +TEST_F(ReportingHeaderParserTest, Subdomains) { + ReportingHeaderParser::ParseHeader(context(), kUrl_, + "{\"url\":\"" + kEndpoint_.spec() + + "\",\"max-age\":86400," + "\"includeSubdomains\":true}"); + + const ReportingClient* client = + FindClientInCache(cache(), kOrigin_, kEndpoint_); + ASSERT_TRUE(client); + EXPECT_EQ(ReportingClient::Subdomains::INCLUDE, client->subdomains); +} + +TEST_F(ReportingHeaderParserTest, ZeroMaxAge) { + cache()->SetClient(kOrigin_, kEndpoint_, ReportingClient::Subdomains::EXCLUDE, + kGroup_, + tick_clock()->NowTicks() + base::TimeDelta::FromDays(1)); + + ReportingHeaderParser::ParseHeader( + context(), kUrl_, + "{\"url\":\"" + kEndpoint_.spec() + "\",\"max-age\":0}"); + + EXPECT_EQ(nullptr, FindClientInCache(cache(), kOrigin_, kEndpoint_)); +} + +} // namespace +} // namespace net diff --git a/chromium/net/reporting/reporting_observer.cc b/chromium/net/reporting/reporting_observer.cc new file mode 100644 index 00000000000..5e8d778a61b --- /dev/null +++ b/chromium/net/reporting/reporting_observer.cc @@ -0,0 +1,15 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_observer.h" + +namespace net { + +void ReportingObserver::OnCacheUpdated() {} + +ReportingObserver::ReportingObserver() {} + +ReportingObserver::~ReportingObserver() {} + +} // namespace net diff --git a/chromium/net/reporting/reporting_observer.h b/chromium/net/reporting/reporting_observer.h new file mode 100644 index 00000000000..cb05389b6f3 --- /dev/null +++ b/chromium/net/reporting/reporting_observer.h @@ -0,0 +1,28 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_REPORTING_REPORTING_OBSERVER_H_ +#define NET_REPORTING_REPORTING_OBSERVER_H_ + +#include "base/macros.h" +#include "net/base/net_export.h" + +namespace net { + +class NET_EXPORT ReportingObserver { + public: + // Called whenever any change is made to the ReportingCache. + virtual void OnCacheUpdated(); + + protected: + ReportingObserver(); + + ~ReportingObserver(); + + DISALLOW_COPY_AND_ASSIGN(ReportingObserver); +}; + +} // namespace net + +#endif // NET_REPORTING_REPORTING_OBSERVER_H_ diff --git a/chromium/net/reporting/reporting_persister.cc b/chromium/net/reporting/reporting_persister.cc new file mode 100644 index 00000000000..ec2a37b7e48 --- /dev/null +++ b/chromium/net/reporting/reporting_persister.cc @@ -0,0 +1,358 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_persister.h" + +#include <vector> + +#include "base/memory/ptr_util.h" +#include "base/strings/string_number_conversions.h" +#include "base/time/clock.h" +#include "base/time/tick_clock.h" +#include "base/time/time.h" +#include "base/timer/timer.h" +#include "base/values.h" +#include "net/reporting/reporting_cache.h" +#include "net/reporting/reporting_client.h" +#include "net/reporting/reporting_context.h" +#include "net/reporting/reporting_delegate.h" +#include "net/reporting/reporting_observer.h" +#include "net/reporting/reporting_policy.h" +#include "net/reporting/reporting_report.h" + +namespace net { +namespace { + +std::unique_ptr<base::Value> SerializeOrigin(const url::Origin& origin) { + auto serialized = base::MakeUnique<base::DictionaryValue>(); + + serialized->SetString("scheme", origin.scheme()); + serialized->SetString("host", origin.host()); + serialized->SetInteger("port", origin.port()); + serialized->SetString("suborigin", origin.suborigin()); + + return std::move(serialized); +} + +bool DeserializeOrigin(const base::DictionaryValue& serialized, + url::Origin* origin_out) { + std::string scheme; + if (!serialized.GetString("scheme", &scheme)) + return false; + + std::string host; + if (!serialized.GetString("host", &host)) + return false; + + int port_int; + if (!serialized.GetInteger("port", &port_int)) + return false; + uint16_t port = static_cast<uint16_t>(port_int); + if (port_int != port) + return false; + + std::string suborigin; + if (!serialized.GetString("suborigin", &suborigin)) + return false; + + *origin_out = url::Origin::CreateFromNormalizedTupleWithSuborigin( + scheme, host, port, suborigin); + return true; +} + +class ReportingPersisterImpl : public ReportingPersister, + public ReportingObserver { + public: + ReportingPersisterImpl(ReportingContext* context) + : context_(context), timer_(base::MakeUnique<base::OneShotTimer>()) {} + + // ReportingPersister implementation: + + ~ReportingPersisterImpl() override { + DCHECK(context_->initialized()); + context_->RemoveObserver(this); + } + + void Initialize() override { + std::unique_ptr<const base::Value> persisted_data = + context_->delegate()->GetPersistedData(); + if (persisted_data) + Deserialize(*persisted_data); + context_->AddObserver(this); + } + + void SetTimerForTesting(std::unique_ptr<base::Timer> timer) override { + DCHECK(!context_->initialized()); + timer_ = std::move(timer); + } + + // ReportingObserver implementation: + + void OnCacheUpdated() override { + DCHECK(context_->initialized()); + if (!timer_->IsRunning()) + StartTimer(); + } + + private: + void StartTimer() { + timer_->Start( + FROM_HERE, context_->policy().persistence_interval, + base::Bind(&ReportingPersisterImpl::Persist, base::Unretained(this))); + } + + void Persist() { delegate()->PersistData(Serialize()); } + + std::string SerializeTicks(base::TimeTicks time_ticks) { + base::Time time = time_ticks - tick_clock()->NowTicks() + clock()->Now(); + return base::Int64ToString(time.ToInternalValue()); + } + + bool DeserializeTicks(const std::string& serialized, + base::TimeTicks* time_ticks_out) { + int64_t internal; + if (!base::StringToInt64(serialized, &internal)) + return false; + + base::Time time = base::Time::FromInternalValue(internal); + *time_ticks_out = time - clock()->Now() + tick_clock()->NowTicks(); + return true; + } + + std::unique_ptr<base::Value> SerializeReport(const ReportingReport& report) { + auto serialized = base::MakeUnique<base::DictionaryValue>(); + + serialized->SetString("url", report.url.spec()); + serialized->SetString("group", report.group); + serialized->SetString("type", report.type); + serialized->Set("body", report.body->CreateDeepCopy()); + serialized->SetString("queued", SerializeTicks(report.queued)); + serialized->SetInteger("attempts", report.attempts); + + return std::move(serialized); + } + + bool DeserializeReport(const base::DictionaryValue& report) { + std::string url_string; + if (!report.GetString("url", &url_string)) + return false; + GURL url(url_string); + if (!url.is_valid()) + return false; + + std::string group; + if (!report.GetString("group", &group)) + return false; + + std::string type; + if (!report.GetString("type", &type)) + return false; + + const base::Value* body_original; + if (!report.Get("body", &body_original)) + return false; + std::unique_ptr<base::Value> body = body_original->CreateDeepCopy(); + + std::string queued_string; + if (!report.GetString("queued", &queued_string)) + return false; + base::TimeTicks queued; + if (!DeserializeTicks(queued_string, &queued)) + return false; + + int attempts; + if (!report.GetInteger("attempts", &attempts)) + return false; + if (attempts < 0) + return false; + + cache()->AddReport(url, group, type, std::move(body), queued, attempts); + return true; + } + + std::unique_ptr<base::Value> SerializeReports() { + std::vector<const ReportingReport*> reports; + cache()->GetReports(&reports); + + auto serialized = base::MakeUnique<base::ListValue>(); + for (const ReportingReport* report : reports) + serialized->Append(SerializeReport(*report)); + + return std::move(serialized); + } + + bool DeserializeReports(const base::ListValue& reports) { + for (size_t i = 0; i < reports.GetSize(); ++i) { + const base::DictionaryValue* report; + if (!reports.GetDictionary(i, &report)) + return false; + if (!DeserializeReport(*report)) + return false; + } + + return true; + } + + std::unique_ptr<base::Value> SerializeClient(const ReportingClient& client) { + auto serialized = base::MakeUnique<base::DictionaryValue>(); + + serialized->Set("origin", SerializeOrigin(client.origin)); + serialized->SetString("endpoint", client.endpoint.spec()); + serialized->SetBoolean( + "subdomains", + client.subdomains == ReportingClient::Subdomains::INCLUDE); + serialized->SetString("group", client.group); + serialized->SetString("expires", SerializeTicks(client.expires)); + + return std::move(serialized); + } + + bool DeserializeClient(const base::DictionaryValue& client) { + const base::DictionaryValue* origin_value; + if (!client.GetDictionary("origin", &origin_value)) + return false; + url::Origin origin; + if (!DeserializeOrigin(*origin_value, &origin)) + return false; + + std::string endpoint_string; + if (!client.GetString("endpoint", &endpoint_string)) + return false; + GURL endpoint(endpoint_string); + if (!endpoint.is_valid()) + return false; + + bool subdomains_bool; + if (!client.GetBoolean("subdomains", &subdomains_bool)) + return false; + ReportingClient::Subdomains subdomains = + subdomains_bool ? ReportingClient::Subdomains::INCLUDE + : ReportingClient::Subdomains::EXCLUDE; + + std::string group; + if (!client.GetString("group", &group)) + return false; + + std::string expires_string; + if (!client.GetString("expires", &expires_string)) + return false; + base::TimeTicks expires; + if (!DeserializeTicks(expires_string, &expires)) + return false; + + cache()->SetClient(origin, endpoint, subdomains, group, expires); + return true; + } + + std::unique_ptr<base::Value> SerializeClients() { + std::vector<const ReportingClient*> clients; + cache()->GetClients(&clients); + + auto serialized = base::MakeUnique<base::ListValue>(); + for (const ReportingClient* client : clients) + serialized->Append(SerializeClient(*client)); + + return std::move(serialized); + } + + bool DeserializeClients(const base::ListValue& clients) { + for (size_t i = 0; i < clients.GetSize(); ++i) { + const base::DictionaryValue* client; + if (!clients.GetDictionary(i, &client)) + return false; + if (!DeserializeClient(*client)) + return false; + } + + return true; + } + + static const int kSupportedVersion = 1; + + std::unique_ptr<base::Value> Serialize() { + auto serialized = base::MakeUnique<base::DictionaryValue>(); + + serialized->SetInteger("reporting_serialized_cache_version", + kSupportedVersion); + + bool persist_reports = policy().persist_reports_across_restarts; + serialized->SetBoolean("includes_reports", persist_reports); + if (persist_reports) + serialized->Set("reports", SerializeReports()); + + bool persist_clients = policy().persist_clients_across_restarts; + serialized->SetBoolean("includes_clients", persist_clients); + if (persist_clients) + serialized->Set("clients", SerializeClients()); + + return std::move(serialized); + } + + bool Deserialize(const base::Value& serialized_value) { + std::vector<const ReportingReport*> reports; + cache()->GetReports(&reports); + DCHECK(reports.empty()); + + std::vector<const ReportingClient*> clients; + cache()->GetClients(&clients); + DCHECK(clients.empty()); + + int version; + + const base::DictionaryValue* serialized; + if (!serialized_value.GetAsDictionary(&serialized)) + return false; + + if (!serialized->GetInteger("reporting_serialized_cache_version", &version)) + return false; + if (version != kSupportedVersion) + return false; + + bool includes_reports; + bool includes_clients; + if (!serialized->GetBoolean("includes_reports", &includes_reports) || + !serialized->GetBoolean("includes_clients", &includes_clients)) { + return false; + } + + if (includes_reports) { + const base::ListValue* reports; + if (!serialized->GetList("reports", &reports)) + return false; + if (!DeserializeReports(*reports)) + return false; + } + + if (includes_clients) { + const base::ListValue* clients; + if (!serialized->GetList("clients", &clients)) + return false; + if (!DeserializeClients(*clients)) + return false; + } + + return true; + } + + const ReportingPolicy& policy() { return context_->policy(); } + ReportingDelegate* delegate() { return context_->delegate(); } + base::Clock* clock() { return context_->clock(); } + base::TickClock* tick_clock() { return context_->tick_clock(); } + ReportingCache* cache() { return context_->cache(); } + + ReportingContext* context_; + std::unique_ptr<base::Timer> timer_; +}; + +} // namespace + +// static +std::unique_ptr<ReportingPersister> ReportingPersister::Create( + ReportingContext* context) { + return base::MakeUnique<ReportingPersisterImpl>(context); +} + +ReportingPersister::~ReportingPersister() {} + +} // namespace net diff --git a/chromium/net/reporting/reporting_persister.h b/chromium/net/reporting/reporting_persister.h new file mode 100644 index 00000000000..27463a516bf --- /dev/null +++ b/chromium/net/reporting/reporting_persister.h @@ -0,0 +1,40 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_REPORTING_REPORTING_PERSISTER_H_ +#define NET_REPORTING_REPORTING_PERSISTER_H_ + +#include <memory> + +#include "net/base/net_export.h" + +namespace base { +class Timer; +} // namespace base + +namespace net { + +class ReportingContext; + +// Periodically persists the state of the Reporting system to (reasonably) +// stable storage using the methods provided by the ReportingDelegate. +class NET_EXPORT ReportingPersister { + public: + // Creates a ReportingPersister. |context| must outlive the persister. + static std::unique_ptr<ReportingPersister> Create(ReportingContext* context); + + virtual ~ReportingPersister(); + + // Initializes the Persister, which deserializes any previously-persisted data + // that is available through the Context's Delegate. + virtual void Initialize() = 0; + + // Replaces the internal Timer used for scheduling writes to stable storage + // with a caller-specified one so that unittests can provide a MockTimer. + virtual void SetTimerForTesting(std::unique_ptr<base::Timer> timer) = 0; +}; + +} // namespace net + +#endif // NET_REPORTING_REPORTING_PERSISTER_H_ diff --git a/chromium/net/reporting/reporting_persister_unittest.cc b/chromium/net/reporting/reporting_persister_unittest.cc new file mode 100644 index 00000000000..ed109edacae --- /dev/null +++ b/chromium/net/reporting/reporting_persister_unittest.cc @@ -0,0 +1,80 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_persister.h" + +#include "base/json/json_writer.h" +#include "base/memory/ptr_util.h" +#include "base/test/simple_test_clock.h" +#include "base/test/simple_test_tick_clock.h" +#include "base/time/time.h" +#include "base/timer/mock_timer.h" +#include "base/values.h" +#include "net/reporting/reporting_cache.h" +#include "net/reporting/reporting_client.h" +#include "net/reporting/reporting_policy.h" +#include "net/reporting/reporting_report.h" +#include "net/reporting/reporting_test_util.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { +namespace { + +class ReportingPersisterTest : public ReportingTestBase { + protected: + const GURL kUrl_ = GURL("https://origin/path"); + const url::Origin kOrigin_ = url::Origin(kUrl_); + const GURL kEndpoint_ = GURL("https://endpoint/"); + const std::string kGroup_ = "group"; + const std::string kType_ = "default"; +}; + +TEST_F(ReportingPersisterTest, Test) { + ReportingPolicy policy; + policy.persist_reports_across_restarts = true; + policy.persist_clients_across_restarts = true; + // Make sure reports don't expire on our simulated restart. + policy.max_report_age = base::TimeDelta::FromDays(30); + UsePolicy(policy); + + static const int kAttempts = 3; + + base::DictionaryValue body; + body.SetString("key", "value"); + + cache()->AddReport(kUrl_, kGroup_, kType_, body.CreateDeepCopy(), + tick_clock()->NowTicks(), kAttempts); + cache()->SetClient(kOrigin_, kEndpoint_, ReportingClient::Subdomains::EXCLUDE, + kGroup_, + tick_clock()->NowTicks() + base::TimeDelta::FromDays(1)); + + EXPECT_TRUE(persistence_timer()->IsRunning()); + persistence_timer()->Fire(); + + SimulateRestart(/* delta= */ base::TimeDelta::FromHours(1), + /* delta_ticks= */ base::TimeDelta::FromHours(-3)); + + std::vector<const ReportingReport*> reports; + cache()->GetReports(&reports); + ASSERT_EQ(1u, reports.size()); + EXPECT_EQ(kUrl_, reports[0]->url); + EXPECT_EQ(kGroup_, reports[0]->group); + EXPECT_EQ(kType_, reports[0]->type); + EXPECT_TRUE(base::Value::Equals(&body, reports[0]->body.get())); + EXPECT_EQ(tick_clock()->NowTicks() - base::TimeDelta::FromHours(1), + reports[0]->queued); + EXPECT_EQ(kAttempts, reports[0]->attempts); + + const ReportingClient* client = + FindClientInCache(cache(), kOrigin_, kEndpoint_); + ASSERT_TRUE(client); + EXPECT_EQ(ReportingClient::Subdomains::EXCLUDE, client->subdomains); + EXPECT_EQ(kGroup_, client->group); + EXPECT_EQ(tick_clock()->NowTicks() + base::TimeDelta::FromDays(1) - + base::TimeDelta::FromHours(1), + client->expires); +} + +} // namespace +} // namespace net diff --git a/chromium/net/reporting/reporting_policy.cc b/chromium/net/reporting/reporting_policy.cc new file mode 100644 index 00000000000..9461bfcb5cd --- /dev/null +++ b/chromium/net/reporting/reporting_policy.cc @@ -0,0 +1,38 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_policy.h" + +#include "base/time/time.h" + +namespace net { + +ReportingPolicy::ReportingPolicy() + : persistence_interval(base::TimeDelta::FromMinutes(1)), + persist_reports_across_restarts(false), + persist_clients_across_restarts(true), + garbage_collection_interval(base::TimeDelta::FromMinutes(5)), + max_report_age(base::TimeDelta::FromMinutes(15)), + max_report_attempts(5) { + endpoint_backoff_policy.num_errors_to_ignore = 0; + endpoint_backoff_policy.initial_delay_ms = 60 * 1000; // 1 minute + endpoint_backoff_policy.multiply_factor = 2.0; + endpoint_backoff_policy.jitter_factor = 0.1; + endpoint_backoff_policy.maximum_backoff_ms = -1; // 1 hour + endpoint_backoff_policy.entry_lifetime_ms = -1; // infinite + endpoint_backoff_policy.always_use_initial_delay = false; +} + +ReportingPolicy::ReportingPolicy(const ReportingPolicy& other) + : endpoint_backoff_policy(other.endpoint_backoff_policy), + persistence_interval(other.persistence_interval), + persist_reports_across_restarts(other.persist_reports_across_restarts), + persist_clients_across_restarts(other.persist_clients_across_restarts), + garbage_collection_interval(other.garbage_collection_interval), + max_report_age(other.max_report_age), + max_report_attempts(other.max_report_attempts) {} + +ReportingPolicy::~ReportingPolicy() {} + +} // namespace net diff --git a/chromium/net/reporting/reporting_policy.h b/chromium/net/reporting/reporting_policy.h new file mode 100644 index 00000000000..51bba69b403 --- /dev/null +++ b/chromium/net/reporting/reporting_policy.h @@ -0,0 +1,48 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_REPORTING_REPORTING_POLICY_H_ +#define NET_REPORTING_REPORTING_POLICY_H_ + +#include "base/time/time.h" +#include "net/base/backoff_entry.h" +#include "net/base/net_export.h" + +namespace net { + +// Various policy knobs for the Reporting system. +struct NET_EXPORT ReportingPolicy { + // Provides a reasonable default for use in a browser embedder. + ReportingPolicy(); + ReportingPolicy(const ReportingPolicy& other); + ~ReportingPolicy(); + + // Backoff policy for failing endpoints. + BackoffEntry::Policy endpoint_backoff_policy; + + // Minimum interval at which Reporting will persist state to (relatively) + // stable storage to be restored if the embedder restarts. + base::TimeDelta persistence_interval; + + // Whether to persist undelivered reports across embedder restarts. + bool persist_reports_across_restarts; + + // Whether to persist clients (per-origin endpoint configurations) across + // embedder restarts. + bool persist_clients_across_restarts; + + // Minimum interval at which to garbage-collect the cache. + base::TimeDelta garbage_collection_interval; + + // Maximum age a report can be queued for before being discarded as expired. + base::TimeDelta max_report_age; + + // Maximum number of delivery attempts a report can have before being + // discarded as failed. + int max_report_attempts; +}; + +} // namespace net + +#endif // NET_REPORTING_REPORTING_POLICY_H_ diff --git a/chromium/net/reporting/reporting_report.cc b/chromium/net/reporting/reporting_report.cc new file mode 100644 index 00000000000..24e571a8eef --- /dev/null +++ b/chromium/net/reporting/reporting_report.cc @@ -0,0 +1,31 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_report.h" + +#include <memory> +#include <string> + +#include "base/time/time.h" +#include "base/values.h" +#include "url/gurl.h" + +namespace net { + +ReportingReport::ReportingReport(const GURL& url, + const std::string& group, + const std::string& type, + std::unique_ptr<const base::Value> body, + base::TimeTicks queued, + int attempts) + : url(url), + group(group), + type(type), + body(std::move(body)), + queued(queued), + attempts(attempts) {} + +ReportingReport::~ReportingReport() {} + +} // namespace net diff --git a/chromium/net/reporting/reporting_report.h b/chromium/net/reporting/reporting_report.h new file mode 100644 index 00000000000..b1b310171f9 --- /dev/null +++ b/chromium/net/reporting/reporting_report.h @@ -0,0 +1,60 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_REPORTING_REPORTING_REPORT_H_ +#define NET_REPORTING_REPORTING_REPORT_H_ + +#include <memory> +#include <string> + +#include "base/time/time.h" +#include "net/base/net_export.h" +#include "url/gurl.h" + +namespace base { +class Value; +} // namespace base + +namespace net { + +// An undelivered report. +struct NET_EXPORT ReportingReport { + public: + ReportingReport(const GURL& url, + const std::string& group, + const std::string& type, + std::unique_ptr<const base::Value> body, + base::TimeTicks queued, + int attempts); + ~ReportingReport(); + + // The URL of the document that triggered the report. (Included in the + // delivered report.) + GURL url; + + // The endpoint group that should be used to deliver the report. (Not included + // in the delivered report.) + std::string group; + + // The type of the report. (Included in the delivered report.) + std::string type; + + // The body of the report. (Included in the delivered report.) + std::unique_ptr<const base::Value> body; + + // When the report was queued. (Included in the delivered report as an age + // relative to the time of the delivery attempt.) + base::TimeTicks queued; + + // The number of delivery attempts made so far, not including an active + // attempt. (Not included in the delivered report.) + int attempts = 0; + + private: + DISALLOW_COPY_AND_ASSIGN(ReportingReport); +}; + +} // namespace net + +#endif // NET_REPORTING_REPORTING_REPORT_H_ diff --git a/chromium/net/reporting/reporting_service.cc b/chromium/net/reporting/reporting_service.cc new file mode 100644 index 00000000000..6d2b215ce5f --- /dev/null +++ b/chromium/net/reporting/reporting_service.cc @@ -0,0 +1,76 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_service.h" + +#include <memory> + +#include "base/callback.h" +#include "base/macros.h" +#include "base/memory/ptr_util.h" +#include "base/time/tick_clock.h" +#include "base/time/time.h" +#include "base/values.h" +#include "net/reporting/reporting_cache.h" +#include "net/reporting/reporting_context.h" +#include "net/reporting/reporting_delegate.h" +#include "net/reporting/reporting_header_parser.h" +#include "url/gurl.h" + +namespace net { + +namespace { + +class ReportingServiceImpl : public ReportingService { + public: + ReportingServiceImpl(std::unique_ptr<ReportingContext> context) + : context_(std::move(context)) { + // TODO(juliatuttle): This can be slow, so it might be better to expose it + // as a separate method and call it separately from constructing everything. + context_->Initialize(); + } + + ~ReportingServiceImpl() override {} + + void QueueReport(const GURL& url, + const std::string& group, + const std::string& type, + std::unique_ptr<const base::Value> body) override { + DCHECK(context_->initialized()); + context_->cache()->AddReport(url, group, type, std::move(body), + context_->tick_clock()->NowTicks(), 0); + } + + void ProcessHeader(const GURL& url, + const std::string& header_value) override { + DCHECK(context_->initialized()); + ReportingHeaderParser::ParseHeader(context_.get(), url, header_value); + } + + private: + std::unique_ptr<ReportingContext> context_; + + DISALLOW_COPY_AND_ASSIGN(ReportingServiceImpl); +}; + +} // namespace + +ReportingService::~ReportingService() {} + +// static +std::unique_ptr<ReportingService> ReportingService::Create( + const ReportingPolicy& policy, + URLRequestContext* request_context, + std::unique_ptr<ReportingDelegate> delegate) { + return base::MakeUnique<ReportingServiceImpl>( + ReportingContext::Create(policy, std::move(delegate), request_context)); +} + +// static +std::unique_ptr<ReportingService> ReportingService::CreateForTesting( + std::unique_ptr<ReportingContext> reporting_context) { + return base::MakeUnique<ReportingServiceImpl>(std::move(reporting_context)); +} + +} // namespace net diff --git a/chromium/net/reporting/reporting_service.h b/chromium/net/reporting/reporting_service.h new file mode 100644 index 00000000000..c305410a1a6 --- /dev/null +++ b/chromium/net/reporting/reporting_service.h @@ -0,0 +1,74 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_REPORTING_REPORTING_SERVICE_H_ +#define NET_REPORTING_REPORTING_SERVICE_H_ + +#include <memory> +#include <string> + +#include "base/callback.h" +#include "base/macros.h" +#include "net/base/net_export.h" + +class GURL; + +namespace base { +class Value; +} // namespace + +namespace net { + +class ReportingContext; +class ReportingDelegate; +struct ReportingPolicy; +class URLRequestContext; + +// The external interface to the Reporting system, used by the embedder of //net +// and also other parts of //net. +class NET_EXPORT ReportingService { + public: + virtual ~ReportingService(); + + // Creates a ReportingService. |policy| will be copied. |request_context| must + // outlive the ReportingService. The ReportingService will take ownership of + // |delegate| and destroy it when the service is destroyed. + static std::unique_ptr<ReportingService> Create( + const ReportingPolicy& policy, + URLRequestContext* request_context, + std::unique_ptr<ReportingDelegate> delegate); + + // Creates a ReportingService for testing purposes using an + // already-constructed ReportingContext. The ReportingService will take + // ownership of |reporting_context| and destroy it when the service is + // destroyed. + static std::unique_ptr<ReportingService> CreateForTesting( + std::unique_ptr<ReportingContext> reporting_context); + + // Queues a report for delivery. |url| is the URL that originated the report. + // |group| is the endpoint group to which the report should be delivered. + // |type| is the type of the report. |body| is the body of the report. + // + // The Reporting system will take ownership of |body|; all other parameters + // will be copied. + virtual void QueueReport(const GURL& url, + const std::string& group, + const std::string& type, + std::unique_ptr<const base::Value> body) = 0; + + // Processes a Report-To header. |url| is the URL that originated the header; + // |header_value| is the normalized value of the Report-To header. + virtual void ProcessHeader(const GURL& url, + const std::string& header_value) = 0; + + protected: + ReportingService() {} + + private: + DISALLOW_COPY_AND_ASSIGN(ReportingService); +}; + +} // namespace net + +#endif // NET_REPORTING_REPORTING_SERVICE_H_ diff --git a/chromium/net/reporting/reporting_service_unittest.cc b/chromium/net/reporting/reporting_service_unittest.cc new file mode 100644 index 00000000000..20c86560d22 --- /dev/null +++ b/chromium/net/reporting/reporting_service_unittest.cc @@ -0,0 +1,78 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_service.h" + +#include <memory> +#include <string> + +#include "base/memory/ptr_util.h" +#include "base/time/tick_clock.h" +#include "base/values.h" +#include "net/reporting/reporting_cache.h" +#include "net/reporting/reporting_context.h" +#include "net/reporting/reporting_delegate.h" +#include "net/reporting/reporting_policy.h" +#include "net/reporting/reporting_report.h" +#include "net/reporting/reporting_service.h" +#include "net/reporting/reporting_test_util.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { +namespace { + +class ReportingServiceTest : public ::testing::Test { + protected: + const GURL kUrl_ = GURL("https://origin/path"); + const url::Origin kOrigin_ = url::Origin(kUrl_); + const GURL kEndpoint_ = GURL("https://endpoint/"); + const std::string kGroup_ = "group"; + const std::string kType_ = "type"; + + ReportingServiceTest() + : context_(new TestReportingContext(ReportingPolicy())), + service_( + ReportingService::CreateForTesting(base::WrapUnique(context_))) {} + + TestReportingContext* context() { return context_; } + ReportingService* service() { return service_.get(); } + + private: + TestReportingContext* context_; + std::unique_ptr<ReportingService> service_; +}; + +TEST_F(ReportingServiceTest, QueueReport) { + service()->QueueReport(kUrl_, kGroup_, kType_, + base::MakeUnique<base::DictionaryValue>()); + + std::vector<const ReportingReport*> reports; + context()->cache()->GetReports(&reports); + ASSERT_EQ(1u, reports.size()); + EXPECT_EQ(kUrl_, reports[0]->url); + EXPECT_EQ(kGroup_, reports[0]->group); + EXPECT_EQ(kType_, reports[0]->type); +} + +TEST_F(ReportingServiceTest, ProcessHeader) { + service()->ProcessHeader(kUrl_, "{\"url\":\"" + kEndpoint_.spec() + + "\"," + "\"group\":\"" + + kGroup_ + + "\"," + "\"max-age\":86400}"); + + const ReportingClient* client = + FindClientInCache(context()->cache(), kOrigin_, kEndpoint_); + ASSERT_TRUE(client != nullptr); + EXPECT_EQ(kOrigin_, client->origin); + EXPECT_EQ(kEndpoint_, client->endpoint); + EXPECT_EQ(ReportingClient::Subdomains::EXCLUDE, client->subdomains); + EXPECT_EQ(kGroup_, client->group); + EXPECT_EQ(context()->tick_clock()->NowTicks() + base::TimeDelta::FromDays(1), + client->expires); +} + +} // namespace +} // namespace net diff --git a/chromium/net/reporting/reporting_test_util.cc b/chromium/net/reporting/reporting_test_util.cc new file mode 100644 index 00000000000..8a7dbd06f4d --- /dev/null +++ b/chromium/net/reporting/reporting_test_util.cc @@ -0,0 +1,185 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_test_util.h" + +#include <memory> +#include <string> +#include <vector> + +#include "base/bind.h" +#include "base/json/json_reader.h" +#include "base/memory/ptr_util.h" +#include "base/test/simple_test_clock.h" +#include "base/test/simple_test_tick_clock.h" +#include "base/timer/mock_timer.h" +#include "base/timer/timer.h" +#include "net/reporting/reporting_cache.h" +#include "net/reporting/reporting_client.h" +#include "net/reporting/reporting_context.h" +#include "net/reporting/reporting_delegate.h" +#include "net/reporting/reporting_garbage_collector.h" +#include "net/reporting/reporting_persister.h" +#include "net/reporting/reporting_policy.h" +#include "net/reporting/reporting_uploader.h" +#include "testing/gtest/include/gtest/gtest.h" +#include "url/gurl.h" +#include "url/origin.h" + +namespace net { + +namespace { + +class PendingUploadImpl : public TestReportingUploader::PendingUpload { + public: + PendingUploadImpl( + const GURL& url, + const std::string& json, + const ReportingUploader::Callback& callback, + const base::Callback<void(PendingUpload*)>& complete_callback) + : url_(url), + json_(json), + callback_(callback), + complete_callback_(complete_callback) {} + + ~PendingUploadImpl() override {} + + // PendingUpload implementationP: + const GURL& url() const override { return url_; } + const std::string& json() const override { return json_; } + std::unique_ptr<base::Value> GetValue() const override { + return base::JSONReader::Read(json_); + } + + void Complete(ReportingUploader::Outcome outcome) override { + callback_.Run(outcome); + // Deletes |this|. + complete_callback_.Run(this); + } + + private: + GURL url_; + std::string json_; + ReportingUploader::Callback callback_; + base::Callback<void(PendingUpload*)> complete_callback_; +}; + +void ErasePendingUpload( + std::vector<std::unique_ptr<TestReportingUploader::PendingUpload>>* uploads, + TestReportingUploader::PendingUpload* upload) { + for (auto it = uploads->begin(); it != uploads->end(); ++it) { + if (it->get() == upload) { + uploads->erase(it); + return; + } + } + NOTREACHED(); +} + +} // namespace + +const ReportingClient* FindClientInCache(const ReportingCache* cache, + const url::Origin& origin, + const GURL& endpoint) { + std::vector<const ReportingClient*> clients; + cache->GetClients(&clients); + for (const ReportingClient* client : clients) { + if (client->origin == origin && client->endpoint == endpoint) + return client; + } + return nullptr; +} + +TestReportingDelegate::TestReportingDelegate() {} +TestReportingDelegate::~TestReportingDelegate() {} + +void TestReportingDelegate::PersistData( + std::unique_ptr<const base::Value> persisted_data) { + persisted_data_ = std::move(persisted_data); +} + +std::unique_ptr<const base::Value> TestReportingDelegate::GetPersistedData() { + if (!persisted_data_) + return std::unique_ptr<const base::Value>(); + return persisted_data_->CreateDeepCopy(); +} + +TestReportingUploader::PendingUpload::~PendingUpload() {} +TestReportingUploader::PendingUpload::PendingUpload() {} + +TestReportingUploader::TestReportingUploader() {} +TestReportingUploader::~TestReportingUploader() {} + +void TestReportingUploader::StartUpload(const GURL& url, + const std::string& json, + const Callback& callback) { + pending_uploads_.push_back(base::MakeUnique<PendingUploadImpl>( + url, json, callback, base::Bind(&ErasePendingUpload, &pending_uploads_))); +} + +TestReportingContext::TestReportingContext(const ReportingPolicy& policy) + : ReportingContext(policy, + base::MakeUnique<TestReportingDelegate>(), + base::MakeUnique<base::SimpleTestClock>(), + base::MakeUnique<base::SimpleTestTickClock>(), + base::MakeUnique<TestReportingUploader>()), + persistence_timer_(new base::MockTimer(/* retain_user_task= */ false, + /* is_repeating= */ false)), + garbage_collection_timer_( + new base::MockTimer(/* retain_user_task= */ false, + /* is_repeating= */ false)) { + persister()->SetTimerForTesting(base::WrapUnique(persistence_timer_)); + garbage_collector()->SetTimerForTesting( + base::WrapUnique(garbage_collection_timer_)); +} + +TestReportingContext::~TestReportingContext() { + persistence_timer_ = nullptr; + garbage_collection_timer_ = nullptr; +} + +ReportingTestBase::ReportingTestBase() { + // For tests, disable jitter. + ReportingPolicy policy; + policy.endpoint_backoff_policy.jitter_factor = 0.0; + + CreateAndInitializeContext(policy, std::unique_ptr<const base::Value>(), + base::Time::Now(), base::TimeTicks::Now()); +} + +ReportingTestBase::~ReportingTestBase() {} + +void ReportingTestBase::UsePolicy(const ReportingPolicy& new_policy) { + CreateAndInitializeContext(new_policy, delegate()->GetPersistedData(), + clock()->Now(), tick_clock()->NowTicks()); +} + +void ReportingTestBase::SimulateRestart(base::TimeDelta delta, + base::TimeDelta delta_ticks) { + CreateAndInitializeContext(policy(), delegate()->GetPersistedData(), + clock()->Now() + delta, + tick_clock()->NowTicks() + delta_ticks); +} + +void ReportingTestBase::CreateAndInitializeContext( + const ReportingPolicy& policy, + std::unique_ptr<const base::Value> persisted_data, + base::Time now, + base::TimeTicks now_ticks) { + context_ = base::MakeUnique<TestReportingContext>(policy); + delegate()->PersistData(std::move(persisted_data)); + clock()->SetNow(now); + tick_clock()->SetNowTicks(now_ticks); + context_->Initialize(); +} + +base::TimeTicks ReportingTestBase::yesterday() { + return tick_clock()->NowTicks() - base::TimeDelta::FromDays(1); +} + +base::TimeTicks ReportingTestBase::tomorrow() { + return tick_clock()->NowTicks() + base::TimeDelta::FromDays(1); +} + +} // namespace net diff --git a/chromium/net/reporting/reporting_test_util.h b/chromium/net/reporting/reporting_test_util.h new file mode 100644 index 00000000000..098fe0f4e21 --- /dev/null +++ b/chromium/net/reporting/reporting_test_util.h @@ -0,0 +1,195 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_REPORTING_REPORTING_TEST_UTIL_H_ +#define NET_REPORTING_REPORTING_TEST_UTIL_H_ + +#include <memory> +#include <string> +#include <vector> + +#include "base/macros.h" +#include "net/reporting/reporting_context.h" +#include "net/reporting/reporting_delegate.h" +#include "net/reporting/reporting_uploader.h" +#include "testing/gtest/include/gtest/gtest.h" + +class GURL; + +namespace base { +class MockTimer; +class SimpleTestClock; +class SimpleTestTickClock; +class Value; +} // namespace base + +namespace url { +class Origin; +} // namespace url + +namespace net { + +class ReportingCache; +struct ReportingClient; +class ReportingGarbageCollector; + +// Finds a particular client (by origin and endpoint) in the cache and returns +// it (or nullptr if not found). +const ReportingClient* FindClientInCache(const ReportingCache* cache, + const url::Origin& origin, + const GURL& endpoint); + +// A simple implementation of ReportingDelegate that only persists data in RAM. +class TestReportingDelegate : public ReportingDelegate { + public: + TestReportingDelegate(); + + ~TestReportingDelegate() override; + + // ReportingDelegate implementation: + std::unique_ptr<const base::Value> GetPersistedData() override; + + void PersistData(std::unique_ptr<const base::Value> persisted_data) override; + + private: + std::unique_ptr<const base::Value> persisted_data_; + + DISALLOW_COPY_AND_ASSIGN(TestReportingDelegate); +}; + +// A test implementation of ReportingUploader that holds uploads for tests to +// examine and complete with a specified outcome. +class TestReportingUploader : public ReportingUploader { + public: + class PendingUpload { + public: + virtual ~PendingUpload(); + + virtual const GURL& url() const = 0; + virtual const std::string& json() const = 0; + virtual std::unique_ptr<base::Value> GetValue() const = 0; + + virtual void Complete(Outcome outcome) = 0; + + protected: + PendingUpload(); + }; + + TestReportingUploader(); + ~TestReportingUploader() override; + + const std::vector<std::unique_ptr<PendingUpload>>& pending_uploads() const { + return pending_uploads_; + } + + // ReportingUploader implementation: + void StartUpload(const GURL& url, + const std::string& json, + const Callback& callback) override; + + private: + std::vector<std::unique_ptr<PendingUpload>> pending_uploads_; + + DISALLOW_COPY_AND_ASSIGN(TestReportingUploader); +}; + +// A test implementation of ReportingContext that uses test versions of +// ReportingDelegate, Clock, TickClock, and ReportingUploader. +class TestReportingContext : public ReportingContext { + public: + TestReportingContext(const ReportingPolicy& policy); + ~TestReportingContext(); + + TestReportingDelegate* test_delegate() { + return reinterpret_cast<TestReportingDelegate*>(delegate()); + } + base::SimpleTestClock* test_clock() { + return reinterpret_cast<base::SimpleTestClock*>(clock()); + } + base::SimpleTestTickClock* test_tick_clock() { + return reinterpret_cast<base::SimpleTestTickClock*>(tick_clock()); + } + base::MockTimer* test_persistence_timer() { return persistence_timer_; } + base::MockTimer* test_garbage_collection_timer() { + return garbage_collection_timer_; + } + TestReportingUploader* test_uploader() { + return reinterpret_cast<TestReportingUploader*>(uploader()); + } + + private: + // Owned by the Persister and GarbageCollector, respectively, but referenced + // here to preserve type: + + base::MockTimer* persistence_timer_; + base::MockTimer* garbage_collection_timer_; + + DISALLOW_COPY_AND_ASSIGN(TestReportingContext); +}; + +// A unit test base class that provides a TestReportingContext and shorthand +// getters. +class ReportingTestBase : public ::testing::Test { + protected: + ReportingTestBase(); + ~ReportingTestBase() override; + + void UsePolicy(const ReportingPolicy& policy); + + // Simulates an embedder restart, preserving the ReportingPolicy and any data + // persisted via the TestReportingDelegate, but nothing else. + // + // Advances the Clock by |delta|, and the TickClock by |delta_ticks|. Both can + // be zero or negative. + void SimulateRestart(base::TimeDelta delta, base::TimeDelta delta_ticks); + + TestReportingContext* context() { return context_.get(); } + + const ReportingPolicy& policy() { return context_->policy(); } + + TestReportingDelegate* delegate() { return context_->test_delegate(); } + base::SimpleTestClock* clock() { return context_->test_clock(); } + base::SimpleTestTickClock* tick_clock() { + return context_->test_tick_clock(); + } + base::MockTimer* persistence_timer() { + return context_->test_persistence_timer(); + } + base::MockTimer* garbage_collection_timer() { + return context_->test_garbage_collection_timer(); + } + TestReportingUploader* uploader() { return context_->test_uploader(); } + + ReportingCache* cache() { return context_->cache(); } + ReportingEndpointManager* endpoint_manager() { + return context_->endpoint_manager(); + } + ReportingDeliveryAgent* delivery_agent() { + return context_->delivery_agent(); + } + ReportingGarbageCollector* garbage_collector() { + return context_->garbage_collector(); + } + + ReportingPersister* persister() { return context_->persister(); } + + base::TimeTicks yesterday(); + + base::TimeTicks tomorrow(); + + private: + void CreateAndInitializeContext( + const ReportingPolicy& policy, + std::unique_ptr<const base::Value> persisted_data, + base::Time now, + base::TimeTicks now_ticks); + + std::unique_ptr<TestReportingContext> context_; + + DISALLOW_COPY_AND_ASSIGN(ReportingTestBase); +}; + +} // namespace net + +#endif // NET_REPORING_REPORTING_TEST_UTIL_H_ diff --git a/chromium/net/reporting/reporting_uploader.cc b/chromium/net/reporting/reporting_uploader.cc new file mode 100644 index 00000000000..19dbecb740a --- /dev/null +++ b/chromium/net/reporting/reporting_uploader.cc @@ -0,0 +1,154 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_uploader.h" + +#include <memory> +#include <string> +#include <vector> + +#include "base/callback_helpers.h" +#include "base/memory/ptr_util.h" +#include "base/metrics/histogram_macros.h" +#include "net/base/elements_upload_data_stream.h" +#include "net/base/load_flags.h" +#include "net/base/upload_bytes_element_reader.h" +#include "net/http/http_response_headers.h" +#include "net/url_request/redirect_info.h" +#include "net/url_request/url_request_context.h" +#include "url/gurl.h" + +namespace net { + +namespace { + +ReportingUploader::Outcome ResponseCodeToOutcome(int response_code) { + if (response_code >= 200 && response_code <= 299) + return ReportingUploader::Outcome::SUCCESS; + if (response_code == 410) + return ReportingUploader::Outcome::REMOVE_ENDPOINT; + return ReportingUploader::Outcome::FAILURE; +} + +class ReportingUploaderImpl : public ReportingUploader, URLRequest::Delegate { + public: + ReportingUploaderImpl(const URLRequestContext* context) : context_(context) { + DCHECK(context_); + } + + ~ReportingUploaderImpl() override { + for (auto& it : uploads_) { + base::ResetAndReturn(&it.second->second).Run(Outcome::FAILURE); + it.second->first->Cancel(); + } + uploads_.clear(); + } + + void StartUpload(const GURL& url, + const std::string& json, + const Callback& callback) override { + std::unique_ptr<URLRequest> request = + context_->CreateRequest(url, IDLE, this); + + request->set_method("POST"); + + request->SetLoadFlags(LOAD_DISABLE_CACHE | LOAD_DO_NOT_SAVE_COOKIES | + LOAD_DO_NOT_SEND_COOKIES); + + request->SetExtraRequestHeaderByName(HttpRequestHeaders::kContentType, + kUploadContentType, true); + + std::vector<char> json_data(json.begin(), json.end()); + std::unique_ptr<UploadElementReader> reader( + new UploadOwnedBytesElementReader(&json_data)); + request->set_upload( + ElementsUploadDataStream::CreateWithReader(std::move(reader), 0)); + + // This inherently sets mode = "no-cors", but that doesn't matter, because + // the origins that are included in the upload don't actually get to see + // the response. + // + // This inherently skips Service Worker, too. + request->Start(); + + // Have to grab the unique_ptr* first to ensure request.get() happens + // before std::move(request). + std::unique_ptr<Upload>* upload = &uploads_[request.get()]; + *upload = base::MakeUnique<Upload>(std::move(request), callback); + } + + // URLRequest::Delegate implementation: + + void OnReceivedRedirect(URLRequest* request, + const RedirectInfo& redirect_info, + bool* defer_redirect) override { + if (!redirect_info.new_url.SchemeIsCryptographic()) { + request->Cancel(); + return; + } + } + + void OnAuthRequired(URLRequest* request, + AuthChallengeInfo* auth_info) override { + request->Cancel(); + } + + void OnCertificateRequested(URLRequest* request, + SSLCertRequestInfo* cert_request_info) override { + request->Cancel(); + } + + void OnSSLCertificateError(URLRequest* request, + const SSLInfo& ssl_info, + bool fatal) override { + request->Cancel(); + } + + void OnResponseStarted(URLRequest* request, int net_error) override { + // Grab Upload from map, and hold on to it in a local unique_ptr so it's + // removed at the end of the method. + auto it = uploads_.find(request); + DCHECK(it != uploads_.end()); + std::unique_ptr<Upload> upload = std::move(it->second); + uploads_.erase(it); + + // request->GetResponseCode() should work, but doesn't in the cases above + // where the request was canceled, so get the response code by hand. + // TODO(juliatuttle): Check if mmenke fixed this yet. + HttpResponseHeaders* headers = request->response_headers(); + int response_code = headers ? headers->response_code() : 0; + Outcome outcome = ResponseCodeToOutcome(response_code); + + upload->second.Run(outcome); + + request->Cancel(); + } + + void OnReadCompleted(URLRequest* request, int bytes_read) override { + // Reporting doesn't need anything in the body of the response, so it + // doesn't read it, so it should never get OnReadCompleted calls. + NOTREACHED(); + } + + private: + using Upload = std::pair<std::unique_ptr<URLRequest>, Callback>; + + const URLRequestContext* context_; + std::map<const URLRequest*, std::unique_ptr<Upload>> uploads_; +}; + +} // namespace + +// static +const char ReportingUploader::kUploadContentType[] = "application/report"; + +ReportingUploader::~ReportingUploader() {} + +// static +std::unique_ptr<ReportingUploader> ReportingUploader::Create( + const URLRequestContext* context) { + return base::MakeUnique<ReportingUploaderImpl>(context); +} + +} // namespace net diff --git a/chromium/net/reporting/reporting_uploader.h b/chromium/net/reporting/reporting_uploader.h new file mode 100644 index 00000000000..dfe50e73624 --- /dev/null +++ b/chromium/net/reporting/reporting_uploader.h @@ -0,0 +1,46 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_REPORTING_REPORTING_UPLOADER_H_ +#define NET_REPORTING_REPORTING_UPLOADER_H_ + +#include <memory> +#include <string> + +#include "base/callback.h" +#include "net/base/net_export.h" + +class GURL; + +namespace net { + +class URLRequestContext; + +// Uploads already-serialized reports and converts responses to one of the +// specified outcomes. +class NET_EXPORT ReportingUploader { + public: + enum class Outcome { SUCCESS, REMOVE_ENDPOINT, FAILURE }; + + using Callback = base::Callback<void(Outcome outcome)>; + + static const char kUploadContentType[]; + + virtual ~ReportingUploader(); + + // Starts to upload the reports in |json| (properly tagged as JSON data) to + // |url|, and calls |callback| when complete (whether successful or not). + virtual void StartUpload(const GURL& url, + const std::string& json, + const Callback& callback) = 0; + + // Creates a real implementation of |ReportingUploader| that uploads reports + // using |context|. + static std::unique_ptr<ReportingUploader> Create( + const URLRequestContext* context); +}; + +} // namespace net + +#endif // NET_REPORTING_REPORTING_UPLOADER_H_ diff --git a/chromium/net/reporting/reporting_uploader_unittest.cc b/chromium/net/reporting/reporting_uploader_unittest.cc new file mode 100644 index 00000000000..8dc7e6ec73c --- /dev/null +++ b/chromium/net/reporting/reporting_uploader_unittest.cc @@ -0,0 +1,325 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/reporting/reporting_uploader.h" + +#include <memory> +#include <string> + +#include "base/bind.h" +#include "base/callback.h" +#include "base/run_loop.h" +#include "net/cookies/cookie_store.h" +#include "net/cookies/cookie_store_test_callbacks.h" +#include "net/http/http_status_code.h" +#include "net/test/embedded_test_server/embedded_test_server.h" +#include "net/test/embedded_test_server/http_request.h" +#include "net/test/embedded_test_server/http_response.h" +#include "net/url_request/url_request_test_util.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { +namespace { + +class ReportingUploaderTest : public ::testing::Test { + protected: + ReportingUploaderTest() + : server_(test_server::EmbeddedTestServer::TYPE_HTTPS), + uploader_(ReportingUploader::Create(&context_)) {} + + TestURLRequestContext context_; + test_server::EmbeddedTestServer server_; + std::unique_ptr<ReportingUploader> uploader_; +}; + +const char kUploadBody[] = "{}"; + +void CheckUpload(const test_server::HttpRequest& request) { + EXPECT_EQ("POST", request.method_string); + auto it = request.headers.find("Content-Type"); + EXPECT_TRUE(it != request.headers.end()); + EXPECT_EQ(ReportingUploader::kUploadContentType, it->second); + EXPECT_TRUE(request.has_content); + EXPECT_EQ(kUploadBody, request.content); +} + +std::unique_ptr<test_server::HttpResponse> ReturnResponse( + HttpStatusCode code, + const test_server::HttpRequest& request) { + auto response = base::MakeUnique<test_server::BasicHttpResponse>(); + response->set_code(code); + response->set_content(""); + response->set_content_type("text/plain"); + return std::move(response); +} + +std::unique_ptr<test_server::HttpResponse> ReturnInvalidResponse( + const test_server::HttpRequest& request) { + return base::MakeUnique<test_server::RawHttpResponse>( + "", "Not a valid HTTP response."); +} + +class TestUploadCallback { + public: + TestUploadCallback() : called_(false), waiting_(false) {} + + ReportingUploader::Callback callback() { + return base::Bind(&TestUploadCallback::OnUploadComplete, + base::Unretained(this)); + } + + void WaitForCall() { + if (called_) + return; + + base::RunLoop run_loop; + + waiting_ = true; + closure_ = run_loop.QuitClosure(); + run_loop.Run(); + } + + ReportingUploader::Outcome outcome() const { return outcome_; } + + private: + void OnUploadComplete(ReportingUploader::Outcome outcome) { + EXPECT_FALSE(called_); + + called_ = true; + outcome_ = outcome; + + if (waiting_) { + waiting_ = false; + closure_.Run(); + } + } + + bool called_; + ReportingUploader::Outcome outcome_; + + bool waiting_; + base::Closure closure_; +}; + +TEST_F(ReportingUploaderTest, Upload) { + server_.RegisterRequestMonitor(base::Bind(&CheckUpload)); + server_.RegisterRequestHandler(base::Bind(&ReturnResponse, HTTP_OK)); + ASSERT_TRUE(server_.Start()); + + TestUploadCallback callback; + uploader_->StartUpload(server_.GetURL("/"), kUploadBody, callback.callback()); + callback.WaitForCall(); +} + +TEST_F(ReportingUploaderTest, Success) { + server_.RegisterRequestHandler(base::Bind(&ReturnResponse, HTTP_OK)); + ASSERT_TRUE(server_.Start()); + + TestUploadCallback callback; + uploader_->StartUpload(server_.GetURL("/"), kUploadBody, callback.callback()); + callback.WaitForCall(); + + EXPECT_EQ(ReportingUploader::Outcome::SUCCESS, callback.outcome()); +} + +TEST_F(ReportingUploaderTest, NetworkError1) { + ASSERT_TRUE(server_.Start()); + GURL url = server_.GetURL("/"); + ASSERT_TRUE(server_.ShutdownAndWaitUntilComplete()); + + TestUploadCallback callback; + uploader_->StartUpload(url, kUploadBody, callback.callback()); + callback.WaitForCall(); + + EXPECT_EQ(ReportingUploader::Outcome::FAILURE, callback.outcome()); +} + +TEST_F(ReportingUploaderTest, NetworkError2) { + server_.RegisterRequestHandler(base::Bind(&ReturnInvalidResponse)); + ASSERT_TRUE(server_.Start()); + + TestUploadCallback callback; + uploader_->StartUpload(server_.GetURL("/"), kUploadBody, callback.callback()); + callback.WaitForCall(); + + EXPECT_EQ(ReportingUploader::Outcome::FAILURE, callback.outcome()); +} + +TEST_F(ReportingUploaderTest, ServerError) { + server_.RegisterRequestHandler( + base::Bind(&ReturnResponse, HTTP_INTERNAL_SERVER_ERROR)); + ASSERT_TRUE(server_.Start()); + + TestUploadCallback callback; + uploader_->StartUpload(server_.GetURL("/"), kUploadBody, callback.callback()); + callback.WaitForCall(); + + EXPECT_EQ(ReportingUploader::Outcome::FAILURE, callback.outcome()); +} + +TEST_F(ReportingUploaderTest, RemoveEndpoint) { + server_.RegisterRequestHandler(base::Bind(&ReturnResponse, HTTP_GONE)); + ASSERT_TRUE(server_.Start()); + + TestUploadCallback callback; + uploader_->StartUpload(server_.GetURL("/"), kUploadBody, callback.callback()); + callback.WaitForCall(); + + EXPECT_EQ(ReportingUploader::Outcome::REMOVE_ENDPOINT, callback.outcome()); +} + +const char kRedirectPath[] = "/redirect"; + +std::unique_ptr<test_server::HttpResponse> ReturnRedirect( + const std::string& location, + const test_server::HttpRequest& request) { + if (request.relative_url != "/") + return std::unique_ptr<test_server::HttpResponse>(); + + auto response = base::MakeUnique<test_server::BasicHttpResponse>(); + response->set_code(HTTP_FOUND); + response->AddCustomHeader("Location", location); + response->set_content( + "Thank you, Mario! But our Princess is in another castle."); + response->set_content_type("text/plain"); + return std::move(response); +} + +std::unique_ptr<test_server::HttpResponse> CheckRedirect( + bool* redirect_followed_out, + const test_server::HttpRequest& request) { + if (request.relative_url != kRedirectPath) + return std::unique_ptr<test_server::HttpResponse>(); + + *redirect_followed_out = true; + return ReturnResponse(HTTP_OK, request); +} + +TEST_F(ReportingUploaderTest, FollowHttpsRedirect) { + bool followed = false; + server_.RegisterRequestHandler(base::Bind(&ReturnRedirect, kRedirectPath)); + server_.RegisterRequestHandler(base::Bind(&CheckRedirect, &followed)); + ASSERT_TRUE(server_.Start()); + + TestUploadCallback callback; + uploader_->StartUpload(server_.GetURL("/"), kUploadBody, callback.callback()); + callback.WaitForCall(); + + EXPECT_TRUE(followed); + EXPECT_EQ(ReportingUploader::Outcome::SUCCESS, callback.outcome()); +} + +TEST_F(ReportingUploaderTest, DontFollowHttpRedirect) { + bool followed = false; + + test_server::EmbeddedTestServer http_server_; + http_server_.RegisterRequestHandler(base::Bind(&CheckRedirect, &followed)); + ASSERT_TRUE(http_server_.Start()); + + const GURL target = http_server_.GetURL(kRedirectPath); + server_.RegisterRequestHandler(base::Bind(&ReturnRedirect, target.spec())); + ASSERT_TRUE(server_.Start()); + + TestUploadCallback callback; + uploader_->StartUpload(server_.GetURL("/"), kUploadBody, callback.callback()); + callback.WaitForCall(); + + EXPECT_FALSE(followed); + EXPECT_EQ(ReportingUploader::Outcome::FAILURE, callback.outcome()); +} + +void CheckNoCookie(const test_server::HttpRequest& request) { + auto it = request.headers.find("Cookie"); + EXPECT_TRUE(it == request.headers.end()); +} + +TEST_F(ReportingUploaderTest, DontSendCookies) { + server_.RegisterRequestMonitor(base::Bind(&CheckNoCookie)); + server_.RegisterRequestHandler(base::Bind(&ReturnResponse, HTTP_OK)); + ASSERT_TRUE(server_.Start()); + + ResultSavingCookieCallback<bool> cookie_callback; + context_.cookie_store()->SetCookieWithOptionsAsync( + server_.GetURL("/"), "foo=bar", CookieOptions(), + base::Bind(&ResultSavingCookieCallback<bool>::Run, + base::Unretained(&cookie_callback))); + cookie_callback.WaitUntilDone(); + ASSERT_TRUE(cookie_callback.result()); + + TestUploadCallback upload_callback; + uploader_->StartUpload(server_.GetURL("/"), kUploadBody, + upload_callback.callback()); + upload_callback.WaitForCall(); +} + +std::unique_ptr<test_server::HttpResponse> SendCookie( + const test_server::HttpRequest& request) { + auto response = base::MakeUnique<test_server::BasicHttpResponse>(); + response->set_code(HTTP_OK); + response->AddCustomHeader("Set-Cookie", "foo=bar"); + response->set_content(""); + response->set_content_type("text/plain"); + return std::move(response); +} + +TEST_F(ReportingUploaderTest, DontSaveCookies) { + server_.RegisterRequestHandler(base::Bind(&SendCookie)); + ASSERT_TRUE(server_.Start()); + + TestUploadCallback upload_callback; + uploader_->StartUpload(server_.GetURL("/"), kUploadBody, + upload_callback.callback()); + upload_callback.WaitForCall(); + + GetCookieListCallback cookie_callback; + context_.cookie_store()->GetCookieListWithOptionsAsync( + server_.GetURL("/"), CookieOptions(), + base::Bind(&GetCookieListCallback::Run, + base::Unretained(&cookie_callback))); + cookie_callback.WaitUntilDone(); + + EXPECT_TRUE(cookie_callback.cookies().empty()); +} + +std::unique_ptr<test_server::HttpResponse> ReturnCacheableResponse( + int* request_count_out, + const test_server::HttpRequest& request) { + ++*request_count_out; + auto response = base::MakeUnique<test_server::BasicHttpResponse>(); + response->set_code(HTTP_OK); + response->AddCustomHeader("Cache-Control", "max-age=86400"); + response->set_content(""); + response->set_content_type("text/plain"); + return std::move(response); +} + +// TODO(juliatuttle): This passes even if the uploader doesn't set +// LOAD_DISABLE_CACHE. Maybe that's okay -- Chromium might not cache POST +// responses ever -- but this test should either not exist or be sure that it is +// testing actual functionality, not a default. +TEST_F(ReportingUploaderTest, DontCacheResponse) { + int request_count = 0; + server_.RegisterRequestHandler( + base::Bind(&ReturnCacheableResponse, &request_count)); + ASSERT_TRUE(server_.Start()); + + { + TestUploadCallback callback; + uploader_->StartUpload(server_.GetURL("/"), kUploadBody, + callback.callback()); + callback.WaitForCall(); + } + EXPECT_EQ(1, request_count); + + { + TestUploadCallback callback; + uploader_->StartUpload(server_.GetURL("/"), kUploadBody, + callback.callback()); + callback.WaitForCall(); + } + EXPECT_EQ(2, request_count); +} + +} // namespace +} // namespace net diff --git a/chromium/net/sdch/sdch_owner_unittest.cc b/chromium/net/sdch/sdch_owner_unittest.cc index 29880efd7c4..846ad79ba56 100644 --- a/chromium/net/sdch/sdch_owner_unittest.cc +++ b/chromium/net/sdch/sdch_owner_unittest.cc @@ -209,10 +209,6 @@ class MockURLRequestJobFactory : public URLRequestJobFactory { return scheme == "http"; }; - bool IsHandledURL(const GURL& url) const override { - return url.SchemeIs("http"); - } - bool IsSafeRedirectTarget(const GURL& location) const override { return false; } diff --git a/chromium/net/server/http_server_unittest.cc b/chromium/net/server/http_server_unittest.cc index a9168c91374..6e3198fe015 100644 --- a/chromium/net/server/http_server_unittest.cc +++ b/chromium/net/server/http_server_unittest.cc @@ -42,6 +42,7 @@ #include "net/socket/tcp_client_socket.h" #include "net/socket/tcp_server_socket.h" #include "net/test/gtest_util.h" +#include "net/traffic_annotation/network_traffic_annotation_test_helper.h" #include "net/url_request/url_fetcher.h" #include "net/url_request/url_fetcher_delegate.h" #include "net/url_request/url_request_context.h" @@ -503,10 +504,10 @@ TEST_F(HttpServerTest, RequestWithTooLargeBody) { scoped_refptr<URLRequestContextGetter> request_context_getter( new TestURLRequestContextGetter(base::ThreadTaskRunnerHandle::Get())); - std::unique_ptr<URLFetcher> fetcher = - URLFetcher::Create(GURL(base::StringPrintf("http://127.0.0.1:%d/test", - server_address_.port())), - URLFetcher::GET, &delegate); + std::unique_ptr<URLFetcher> fetcher = URLFetcher::Create( + GURL(base::StringPrintf("http://127.0.0.1:%d/test", + server_address_.port())), + URLFetcher::GET, &delegate, TRAFFIC_ANNOTATION_FOR_TESTS); fetcher->SetRequestContext(request_context_getter.get()); fetcher->AddExtraRequestHeader( base::StringPrintf("content-length:%d", 1 << 30)); diff --git a/chromium/net/socket/client_socket_handle.cc b/chromium/net/socket/client_socket_handle.cc index 3de9fd1eb71..3dad7a3f22d 100644 --- a/chromium/net/socket/client_socket_handle.cc +++ b/chromium/net/socket/client_socket_handle.cc @@ -126,6 +126,11 @@ void ClientSocketHandle::RemoveHigherLayeredPool( } } +void ClientSocketHandle::CloseIdleSocketsInGroup() { + if (pool_) + pool_->CloseIdleSocketsInGroup(group_name_); +} + bool ClientSocketHandle::GetLoadTimingInfo( bool is_reused, LoadTimingInfo* load_timing_info) const { diff --git a/chromium/net/socket/client_socket_handle.h b/chromium/net/socket/client_socket_handle.h index 17cfaf80dfa..53e471972c4 100644 --- a/chromium/net/socket/client_socket_handle.h +++ b/chromium/net/socket/client_socket_handle.h @@ -117,6 +117,9 @@ class NET_EXPORT ClientSocketHandle { // to. |higher_pool| must have been added by the above function. void RemoveHigherLayeredPool(HigherLayeredPool* higher_pool); + // Closes idle sockets that are in the same group with |this|. + void CloseIdleSocketsInGroup(); + // Returns true when Init() has completed successfully. bool is_initialized() const { return is_initialized_; } diff --git a/chromium/net/socket/client_socket_pool.h b/chromium/net/socket/client_socket_pool.h index 94c36391cbc..fb876a84ccd 100644 --- a/chromium/net/socket/client_socket_pool.h +++ b/chromium/net/socket/client_socket_pool.h @@ -163,6 +163,9 @@ class NET_EXPORT ClientSocketPool : public LowerLayeredPool { // Called to close any idle connections held by the connection manager. virtual void CloseIdleSockets() = 0; + // Called to close any idle connections held by the connection manager. + virtual void CloseIdleSocketsInGroup(const std::string& group_name) = 0; + // The total number of idle sockets in the pool. virtual int IdleSocketCount() const = 0; diff --git a/chromium/net/socket/client_socket_pool_base.cc b/chromium/net/socket/client_socket_pool_base.cc index 15accce274f..f5978625bd2 100644 --- a/chromium/net/socket/client_socket_pool_base.cc +++ b/chromium/net/socket/client_socket_pool_base.cc @@ -620,6 +620,18 @@ void ClientSocketPoolBaseHelper::CloseIdleSockets() { DCHECK_EQ(0, idle_socket_count_); } +void ClientSocketPoolBaseHelper::CloseIdleSocketsInGroup( + const std::string& group_name) { + if (idle_socket_count_ == 0) + return; + GroupMap::iterator it = group_map_.find(group_name); + if (it == group_map_.end()) + return; + CleanupIdleSocketsInGroup(true, it->second, base::TimeTicks::Now()); + if (it->second->IsEmpty()) + RemoveGroup(it); +} + int ClientSocketPoolBaseHelper::IdleSocketCountInGroup( const std::string& group_name) const { GroupMap::const_iterator i = group_map_.find(group_name); @@ -770,46 +782,50 @@ void ClientSocketPoolBaseHelper::CleanupIdleSockets(bool force) { // inside the inner loop, since it shouldn't change by any meaningful amount. base::TimeTicks now = base::TimeTicks::Now(); - GroupMap::iterator i = group_map_.begin(); - while (i != group_map_.end()) { + for (GroupMap::iterator i = group_map_.begin(); i != group_map_.end();) { Group* group = i->second; - - auto idle_socket_it = group->mutable_idle_sockets()->begin(); - while (idle_socket_it != group->idle_sockets().end()) { - base::TimeDelta timeout = idle_socket_it->socket->WasEverUsed() - ? used_idle_socket_timeout_ - : unused_idle_socket_timeout_; - bool timed_out = (now - idle_socket_it->start_time) >= timeout; - bool should_clean_up = force || timed_out || !idle_socket_it->IsUsable(); - if (should_clean_up) { - if (force) { - RecordIdleSocketFate(IDLE_SOCKET_FATE_CLEAN_UP_FORCED); - } else if (timed_out) { - RecordIdleSocketFate( - idle_socket_it->socket->WasEverUsed() - ? IDLE_SOCKET_FATE_CLEAN_UP_TIMED_OUT_REUSED - : IDLE_SOCKET_FATE_CLEAN_UP_TIMED_OUT_UNUSED); - } else { - DCHECK(!idle_socket_it->IsUsable()); - RecordIdleSocketFate(IDLE_SOCKET_FATE_CLEAN_UP_UNUSABLE); - } - delete idle_socket_it->socket; - idle_socket_it = group->mutable_idle_sockets()->erase(idle_socket_it); - DecrementIdleCount(); - } else { - ++idle_socket_it; - } - } - + CleanupIdleSocketsInGroup(force, group, now); // Delete group if no longer needed. if (group->IsEmpty()) { - RemoveGroup(i++); + GroupMap::iterator old = i++; + RemoveGroup(old); } else { ++i; } } } +void ClientSocketPoolBaseHelper::CleanupIdleSocketsInGroup( + bool force, + Group* group, + const base::TimeTicks& now) { + auto idle_socket_it = group->mutable_idle_sockets()->begin(); + while (idle_socket_it != group->idle_sockets().end()) { + base::TimeDelta timeout = idle_socket_it->socket->WasEverUsed() + ? used_idle_socket_timeout_ + : unused_idle_socket_timeout_; + bool timed_out = (now - idle_socket_it->start_time) >= timeout; + bool should_clean_up = force || timed_out || !idle_socket_it->IsUsable(); + if (should_clean_up) { + if (force) { + RecordIdleSocketFate(IDLE_SOCKET_FATE_CLEAN_UP_FORCED); + } else if (timed_out) { + RecordIdleSocketFate(idle_socket_it->socket->WasEverUsed() + ? IDLE_SOCKET_FATE_CLEAN_UP_TIMED_OUT_REUSED + : IDLE_SOCKET_FATE_CLEAN_UP_TIMED_OUT_UNUSED); + } else { + DCHECK(!idle_socket_it->IsUsable()); + RecordIdleSocketFate(IDLE_SOCKET_FATE_CLEAN_UP_UNUSABLE); + } + delete idle_socket_it->socket; + idle_socket_it = group->mutable_idle_sockets()->erase(idle_socket_it); + DecrementIdleCount(); + } else { + ++idle_socket_it; + } + } +} + ClientSocketPoolBaseHelper::Group* ClientSocketPoolBaseHelper::GetOrCreateGroup( const std::string& group_name) { GroupMap::iterator it = group_map_.find(group_name); @@ -886,37 +902,36 @@ void ClientSocketPoolBaseHelper::ReleaseSocket( } void ClientSocketPoolBaseHelper::CheckForStalledSocketGroups() { - // If we have idle sockets, see if we can give one to the top-stalled group. - std::string top_group_name; - Group* top_group = NULL; - if (!FindTopStalledGroup(&top_group, &top_group_name)) { - // There may still be a stalled group in a lower level pool. - for (std::set<LowerLayeredPool*>::iterator it = lower_pools_.begin(); - it != lower_pools_.end(); - ++it) { - if ((*it)->IsStalled()) { - CloseOneIdleSocket(); - break; - } + // Loop until there's nothing more to do. + while (true) { + // If we have idle sockets, see if we can give one to the top-stalled group. + std::string top_group_name; + Group* top_group = NULL; + if (!FindTopStalledGroup(&top_group, &top_group_name)) { + // There may still be a stalled group in a lower level pool. + for (std::set<LowerLayeredPool*>::iterator it = lower_pools_.begin(); + it != lower_pools_.end(); ++it) { + if ((*it)->IsStalled()) { + CloseOneIdleSocket(); + break; + } + } + return; } - return; - } - if (ReachedMaxSocketsLimit()) { - if (idle_socket_count() > 0) { - CloseOneIdleSocket(); - } else { - // We can't activate more sockets since we're already at our global - // limit. - return; + if (ReachedMaxSocketsLimit()) { + if (idle_socket_count() > 0) { + CloseOneIdleSocket(); + } else { + // We can't activate more sockets since we're already at our global + // limit. + return; + } } - } - // Note: we don't loop on waking stalled groups. If the stalled group is at - // its limit, may be left with other stalled groups that could be - // woken. This isn't optimal, but there is no starvation, so to avoid - // the looping we leave it at this. - OnAvailableSocketSlot(top_group_name, top_group); + // Note that this may delete top_group. + OnAvailableSocketSlot(top_group_name, top_group); + } } // Search for the highest priority pending request, amongst the groups that @@ -1136,10 +1151,8 @@ void ClientSocketPoolBaseHelper::CancelAllConnectJobs() { // Delete group if no longer needed. if (group->IsEmpty()) { - // RemoveGroup() will call .erase() which will invalidate the iterator, - // but i will already have been incremented to a valid iterator before - // RemoveGroup() is called. - RemoveGroup(i++); + GroupMap::iterator old = i++; + RemoveGroup(old); } else { ++i; } @@ -1160,10 +1173,8 @@ void ClientSocketPoolBaseHelper::CancelAllRequestsWithError(int error) { // Delete group if no longer needed. if (group->IsEmpty()) { - // RemoveGroup() will call .erase() which will invalidate the iterator, - // but i will already have been incremented to a valid iterator before - // RemoveGroup() is called. - RemoveGroup(i++); + GroupMap::iterator old = i++; + RemoveGroup(old); } else { ++i; } diff --git a/chromium/net/socket/client_socket_pool_base.h b/chromium/net/socket/client_socket_pool_base.h index 2bcfdc8d983..904024dd8e3 100644 --- a/chromium/net/socket/client_socket_pool_base.h +++ b/chromium/net/socket/client_socket_pool_base.h @@ -293,6 +293,9 @@ class NET_EXPORT_PRIVATE ClientSocketPoolBaseHelper // See ClientSocketPool::CloseIdleSockets for documentation on this function. void CloseIdleSockets(); + // See ClientSocketPool::CloseIdleSocketsInGroup for documentation. + void CloseIdleSocketsInGroup(const std::string& group_name); + // See ClientSocketPool::IdleSocketCount() for documentation on this function. int idle_socket_count() const { return idle_socket_count_; @@ -537,6 +540,13 @@ class NET_EXPORT_PRIVATE ClientSocketPoolBaseHelper typedef std::map<const ClientSocketHandle*, CallbackResultPair> PendingCallbackMap; + // Closes all idle sockets in |group| if |force| is true. Else, only closes + // idle sockets in |group| that timed out with respect to |now| or can't be + // reused. + void CleanupIdleSocketsInGroup(bool force, + Group* group, + const base::TimeTicks& now); + Group* GetOrCreateGroup(const std::string& group_name); void RemoveGroup(const std::string& group_name); void RemoveGroup(GroupMap::iterator it); @@ -806,6 +816,10 @@ class ClientSocketPoolBase { void CloseIdleSockets() { return helper_.CloseIdleSockets(); } + void CloseIdleSocketsInGroup(const std::string& group_name) { + return helper_.CloseIdleSocketsInGroup(group_name); + } + int idle_socket_count() const { return helper_.idle_socket_count(); } int IdleSocketCountInGroup(const std::string& group_name) const { diff --git a/chromium/net/socket/client_socket_pool_base_unittest.cc b/chromium/net/socket/client_socket_pool_base_unittest.cc index b201809d4c0..81fc5d51990 100644 --- a/chromium/net/socket/client_socket_pool_base_unittest.cc +++ b/chromium/net/socket/client_socket_pool_base_unittest.cc @@ -555,6 +555,10 @@ class TestClientSocketPool : public ClientSocketPool { void CloseIdleSockets() override { base_.CloseIdleSockets(); } + void CloseIdleSocketsInGroup(const std::string& group_name) override { + base_.CloseIdleSocketsInGroup(group_name); + } + int IdleSocketCount() const override { return base_.idle_socket_count(); } int IdleSocketCountInGroup(const std::string& group_name) const override { @@ -1685,6 +1689,28 @@ TEST_F(ClientSocketPoolBaseTest, FailingActiveRequestWithPendingRequests) { EXPECT_THAT(request(i)->WaitForResult(), IsError(ERR_CONNECTION_FAILED)); } +// Make sure that pending requests that complete synchronously get serviced +// after active requests fail. See https://crbug.com/723748 +TEST_F(ClientSocketPoolBaseTest, HandleMultipleSyncFailuresAfterAsyncFailure) { + const size_t kNumberOfRequests = 10; + const size_t kMaxSockets = 1; + CreatePool(kMaxSockets, kMaxSockets); + + connect_job_factory_->set_job_type(TestConnectJob::kMockPendingFailingJob); + + EXPECT_THAT(StartRequest("a", DEFAULT_PRIORITY), IsError(ERR_IO_PENDING)); + + connect_job_factory_->set_job_type(TestConnectJob::kMockFailingJob); + + // Queue up all the other requests + for (size_t i = 1; i < kNumberOfRequests; ++i) + EXPECT_THAT(StartRequest("a", DEFAULT_PRIORITY), IsError(ERR_IO_PENDING)); + + // Make sure all requests fail, instead of hanging. + for (size_t i = 0; i < kNumberOfRequests; ++i) + EXPECT_THAT(request(i)->WaitForResult(), IsError(ERR_CONNECTION_FAILED)); +} + TEST_F(ClientSocketPoolBaseTest, CancelActiveRequestThenRequestSocket) { CreatePool(kDefaultMaxSockets, kDefaultMaxSocketsPerGroup); @@ -1729,6 +1755,36 @@ TEST_F(ClientSocketPoolBaseTest, CloseIdleSocketsForced) { base::Bucket(/*IDLE_SOCKET_FATE_CLEAN_UP_FORCED=*/4, 1))); } +TEST_F(ClientSocketPoolBaseTest, CloseIdleSocketsInGroupForced) { + base::HistogramTester histograms; + CreatePool(kDefaultMaxSockets, kDefaultMaxSocketsPerGroup); + TestCompletionCallback callback; + BoundTestNetLog log; + ClientSocketHandle handle1; + int rv = handle1.Init("a", params_, LOWEST, + ClientSocketPool::RespectLimits::ENABLED, + callback.callback(), pool_.get(), log.bound()); + EXPECT_THAT(rv, IsOk()); + ClientSocketHandle handle2; + rv = handle2.Init("a", params_, LOWEST, + ClientSocketPool::RespectLimits::ENABLED, + callback.callback(), pool_.get(), log.bound()); + ClientSocketHandle handle3; + rv = handle3.Init("b", params_, LOWEST, + ClientSocketPool::RespectLimits::ENABLED, + callback.callback(), pool_.get(), log.bound()); + EXPECT_THAT(rv, IsOk()); + handle1.Reset(); + handle2.Reset(); + handle3.Reset(); + EXPECT_EQ(3, pool_->IdleSocketCount()); + pool_->CloseIdleSocketsInGroup("a"); + EXPECT_EQ(1, pool_->IdleSocketCount()); + EXPECT_THAT(histograms.GetAllSamples(kIdleSocketFateHistogram), + testing::ElementsAre( + base::Bucket(/*IDLE_SOCKET_FATE_CLEAN_UP_FORCED=*/4, 2))); +} + TEST_F(ClientSocketPoolBaseTest, CleanUpUnusableIdleSockets) { base::HistogramTester histograms; CreatePool(kDefaultMaxSockets, kDefaultMaxSocketsPerGroup); diff --git a/chromium/net/socket/socket.cc b/chromium/net/socket/socket.cc new file mode 100644 index 00000000000..4e9cf3fe031 --- /dev/null +++ b/chromium/net/socket/socket.cc @@ -0,0 +1,20 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/socket/socket.h" + +#include "net/base/net_errors.h" + +namespace net { + +const base::Feature Socket::kReadIfReadyExperiment{ + "SocketReadIfReady", base::FEATURE_DISABLED_BY_DEFAULT}; + +int Socket::ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) { + return ERR_READ_IF_READY_NOT_IMPLEMENTED; +} + +} // namespace net diff --git a/chromium/net/socket/socket.h b/chromium/net/socket/socket.h index cda54063f30..8f5fed6dea0 100644 --- a/chromium/net/socket/socket.h +++ b/chromium/net/socket/socket.h @@ -7,6 +7,7 @@ #include <stdint.h> +#include "base/feature_list.h" #include "net/base/completion_callback.h" #include "net/base/net_export.h" @@ -17,6 +18,9 @@ class IOBuffer; // Represents a read/write socket. class NET_EXPORT Socket { public: + // Name of the field trial for using ReadyIfReady() instead of Read(). + static const base::Feature kReadIfReadyExperiment; + virtual ~Socket() {} // Reads data, up to |buf_len| bytes, from the socket. The number of bytes @@ -33,6 +37,19 @@ class NET_EXPORT Socket { virtual int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) = 0; + // Reads data, up to |buf_len| bytes, into |buf| without blocking. Default + // implementation returns ERR_READ_IF_READY_NOT_IMPLEMENTED. Caller should + // fall back to Read() if receives ERR_READ_IF_READY_NOT_IMPLEMENTED. + // Upon synchronous completion, returns the number of bytes read, or 0 on EOF, + // or an error code if an error happens. If read cannot be completed + // synchronously, returns ERR_IO_PENDING and does not hold on to |buf|. + // |callback| will be invoked with OK when data can be read, at which point, + // caller can call ReadIfReady() again. If an error occurs asynchronously, + // |callback| will be invoked with the error code. + virtual int ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback); + // Writes data, up to |buf_len| bytes, to the socket. Note: data may be // written partially. The number of bytes written is returned, or an error // is returned upon failure. ERR_SOCKET_NOT_CONNECTED should be returned if diff --git a/chromium/net/socket/socket_bio_adapter.cc b/chromium/net/socket/socket_bio_adapter.cc index 0d75e68ec85..25b43261c0c 100644 --- a/chromium/net/socket/socket_bio_adapter.cc +++ b/chromium/net/socket/socket_bio_adapter.cc @@ -9,11 +9,13 @@ #include <algorithm> #include "base/bind.h" +#include "base/feature_list.h" #include "base/location.h" #include "base/logging.h" #include "base/threading/thread_task_runner_handle.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" +#include "net/socket/socket.h" #include "net/socket/stream_socket.h" #include "net/ssl/openssl_ssl_util.h" #include "third_party/boringssl/src/include/openssl/bio.h" @@ -87,8 +89,19 @@ int SocketBIOAdapter::BIORead(char* out, int len) { DCHECK(!read_buffer_); DCHECK_EQ(0, read_offset_); read_buffer_ = new IOBuffer(read_buffer_capacity_); - int result = socket_->Read(read_buffer_.get(), read_buffer_capacity_, - read_callback_); + int result = ERR_READ_IF_READY_NOT_IMPLEMENTED; + if (base::FeatureList::IsEnabled(Socket::kReadIfReadyExperiment)) { + result = socket_->ReadIfReady( + read_buffer_.get(), read_buffer_capacity_, + base::Bind(&SocketBIOAdapter::OnSocketReadIfReadyComplete, + weak_factory_.GetWeakPtr())); + if (result == ERR_IO_PENDING) + read_buffer_ = nullptr; + } + if (result == ERR_READ_IF_READY_NOT_IMPLEMENTED) { + result = socket_->Read(read_buffer_.get(), read_buffer_capacity_, + read_callback_); + } if (result == ERR_IO_PENDING) { read_result_ = ERR_IO_PENDING; } else { @@ -146,6 +159,16 @@ void SocketBIOAdapter::OnSocketReadComplete(int result) { delegate_->OnReadReady(); } +void SocketBIOAdapter::OnSocketReadIfReadyComplete(int result) { + DCHECK_EQ(ERR_IO_PENDING, read_result_); + DCHECK_GE(OK, result); + + // Do not use HandleSocketReadResult() because result == OK doesn't mean EOF. + read_result_ = result; + + delegate_->OnReadReady(); +} + int SocketBIOAdapter::BIOWrite(const char* in, int len) { if (len <= 0) return len; diff --git a/chromium/net/socket/socket_bio_adapter.h b/chromium/net/socket/socket_bio_adapter.h index 235917a0891..48f255750ec 100644 --- a/chromium/net/socket/socket_bio_adapter.h +++ b/chromium/net/socket/socket_bio_adapter.h @@ -85,6 +85,7 @@ class NET_EXPORT_PRIVATE SocketBIOAdapter { int BIORead(char* out, int len); void HandleSocketReadResult(int result); void OnSocketReadComplete(int result); + void OnSocketReadIfReadyComplete(int result); int BIOWrite(const char* in, int len); void SocketWrite(); diff --git a/chromium/net/socket/socket_bio_adapter_unittest.cc b/chromium/net/socket/socket_bio_adapter_unittest.cc index 09d9a97091f..8bd6549670d 100644 --- a/chromium/net/socket/socket_bio_adapter_unittest.cc +++ b/chromium/net/socket/socket_bio_adapter_unittest.cc @@ -13,6 +13,7 @@ #include "base/macros.h" #include "base/memory/ptr_util.h" #include "base/run_loop.h" +#include "base/test/scoped_feature_list.h" #include "crypto/openssl_util.h" #include "net/base/address_list.h" #include "net/base/net_errors.h" @@ -27,9 +28,25 @@ namespace net { -class SocketBIOAdapterTest : public testing::Test, +enum ReadIfReadySupport { + // ReadIfReady() field trial is enabled, and ReadyIfReady() is implemented. + READ_IF_READY_ENABLED_SUPPORTED, + // ReadIfReady() field trial is enabled, but ReadyIfReady() is unimplemented. + READ_IF_READY_ENABLED_NOT_SUPPORTED, + // ReadIfReady() field trial is disabled. + READ_IF_READY_DISABLED, +}; + +class SocketBIOAdapterTest : public testing::TestWithParam<ReadIfReadySupport>, public SocketBIOAdapter::Delegate { protected: + void SetUp() override { + if (GetParam() != READ_IF_READY_DISABLED) + scoped_feature_list_.InitAndEnableFeature(Socket::kReadIfReadyExperiment); + if (GetParam() == READ_IF_READY_ENABLED_SUPPORTED) + factory_.set_enable_read_if_ready(true); + } + std::unique_ptr<StreamSocket> MakeTestSocket(SocketDataProvider* data) { data->set_connect_data(MockConnect(SYNCHRONOUS, OK)); factory_.AddSocketDataProvider(data); @@ -139,10 +156,17 @@ class SocketBIOAdapterTest : public testing::Test, bool expect_write_ready_ = false; MockClientSocketFactory factory_; std::unique_ptr<SocketBIOAdapter>* reset_on_write_ready_ = nullptr; + base::test::ScopedFeatureList scoped_feature_list_; }; +INSTANTIATE_TEST_CASE_P(/* no prefix */, + SocketBIOAdapterTest, + testing::Values(READ_IF_READY_ENABLED_SUPPORTED, + READ_IF_READY_ENABLED_NOT_SUPPORTED, + READ_IF_READY_DISABLED)); + // Test that data can be read synchronously. -TEST_F(SocketBIOAdapterTest, ReadSync) { +TEST_P(SocketBIOAdapterTest, ReadSync) { crypto::OpenSSLErrStackTracer tracer(FROM_HERE); MockRead reads[] = { @@ -183,7 +207,7 @@ TEST_F(SocketBIOAdapterTest, ReadSync) { } // Test that data can be read asynchronously. -TEST_F(SocketBIOAdapterTest, ReadAsync) { +TEST_P(SocketBIOAdapterTest, ReadAsync) { crypto::OpenSSLErrStackTracer tracer(FROM_HERE); MockRead reads[] = { @@ -203,9 +227,13 @@ TEST_F(SocketBIOAdapterTest, ReadAsync) { ExpectBlockingRead(bio, buf, sizeof(buf)); EXPECT_FALSE(adapter->HasPendingReadData()); - // After waiting, the data is available. + // After waiting, the data is available if Read() is used. WaitForReadReady(); - EXPECT_TRUE(adapter->HasPendingReadData()); + if (GetParam() == READ_IF_READY_ENABLED_SUPPORTED) { + EXPECT_FALSE(adapter->HasPendingReadData()); + } else { + EXPECT_TRUE(adapter->HasPendingReadData()); + } // The first read is now available synchronously. EXPECT_EQ(5, BIO_read(bio, buf, sizeof(buf))); @@ -220,8 +248,14 @@ TEST_F(SocketBIOAdapterTest, ReadAsync) { // amount. ExpectBlockingRead(bio, buf, 1); EXPECT_FALSE(adapter->HasPendingReadData()); + + // After waiting, the data is available if Read() is used. WaitForReadReady(); - EXPECT_TRUE(adapter->HasPendingReadData()); + if (GetParam() == READ_IF_READY_ENABLED_SUPPORTED) { + EXPECT_FALSE(adapter->HasPendingReadData()); + } else { + EXPECT_TRUE(adapter->HasPendingReadData()); + } // The next read is now available synchronously. EXPECT_EQ(5, BIO_read(bio, buf, sizeof(buf))); @@ -237,7 +271,7 @@ TEST_F(SocketBIOAdapterTest, ReadAsync) { } // Test that synchronous EOF is mapped to ERR_CONNECTION_CLOSED. -TEST_F(SocketBIOAdapterTest, ReadEOFSync) { +TEST_P(SocketBIOAdapterTest, ReadEOFSync) { crypto::OpenSSLErrStackTracer tracer(FROM_HERE); MockRead reads[] = { @@ -253,7 +287,7 @@ TEST_F(SocketBIOAdapterTest, ReadEOFSync) { } // Test that asynchronous EOF is mapped to ERR_CONNECTION_CLOSED. -TEST_F(SocketBIOAdapterTest, ReadEOFAsync) { +TEST_P(SocketBIOAdapterTest, ReadEOFAsync) { crypto::OpenSSLErrStackTracer tracer(FROM_HERE); MockRead reads[] = { @@ -272,7 +306,7 @@ TEST_F(SocketBIOAdapterTest, ReadEOFAsync) { } // Test that data can be written synchronously. -TEST_F(SocketBIOAdapterTest, WriteSync) { +TEST_P(SocketBIOAdapterTest, WriteSync) { crypto::OpenSSLErrStackTracer tracer(FROM_HERE); MockWrite writes[] = { @@ -307,7 +341,7 @@ TEST_F(SocketBIOAdapterTest, WriteSync) { } // Test that data can be written asynchronously. -TEST_F(SocketBIOAdapterTest, WriteAsync) { +TEST_P(SocketBIOAdapterTest, WriteAsync) { crypto::OpenSSLErrStackTracer tracer(FROM_HERE); MockWrite writes[] = { @@ -436,7 +470,7 @@ TEST_F(SocketBIOAdapterTest, WriteAsync) { // Test that a failed socket write is reported through BIO_read and prevents it // from scheduling a socket read. See https://crbug.com/249848. -TEST_F(SocketBIOAdapterTest, WriteStopsRead) { +TEST_P(SocketBIOAdapterTest, WriteStopsRead) { crypto::OpenSSLErrStackTracer tracer(FROM_HERE); MockWrite writes[] = { @@ -459,7 +493,7 @@ TEST_F(SocketBIOAdapterTest, WriteStopsRead) { // Test that a synchronous failed socket write interrupts a blocked // BIO_read. See https://crbug.com/249848. -TEST_F(SocketBIOAdapterTest, SyncWriteInterruptsRead) { +TEST_P(SocketBIOAdapterTest, SyncWriteInterruptsRead) { crypto::OpenSSLErrStackTracer tracer(FROM_HERE); MockRead reads[] = { @@ -492,7 +526,7 @@ TEST_F(SocketBIOAdapterTest, SyncWriteInterruptsRead) { // Test that an asynchronous failed socket write interrupts a blocked // BIO_read. See https://crbug.com/249848. -TEST_F(SocketBIOAdapterTest, AsyncWriteInterruptsRead) { +TEST_P(SocketBIOAdapterTest, AsyncWriteInterruptsRead) { crypto::OpenSSLErrStackTracer tracer(FROM_HERE); MockRead reads[] = { @@ -527,7 +561,7 @@ TEST_F(SocketBIOAdapterTest, AsyncWriteInterruptsRead) { // Test that an asynchronous failed socket write interrupts a blocked BIO_read, // signaling both if the buffer was full. See https://crbug.com/249848. -TEST_F(SocketBIOAdapterTest, AsyncWriteInterruptsBoth) { +TEST_P(SocketBIOAdapterTest, AsyncWriteInterruptsBoth) { crypto::OpenSSLErrStackTracer tracer(FROM_HERE); MockRead reads[] = { @@ -562,7 +596,7 @@ TEST_F(SocketBIOAdapterTest, AsyncWriteInterruptsBoth) { // Test that SocketBIOAdapter handles OnWriteReady deleting itself when both // need to be signaled. -TEST_F(SocketBIOAdapterTest, DeleteOnWriteReady) { +TEST_P(SocketBIOAdapterTest, DeleteOnWriteReady) { crypto::OpenSSLErrStackTracer tracer(FROM_HERE); MockRead reads[] = { @@ -595,7 +629,7 @@ TEST_F(SocketBIOAdapterTest, DeleteOnWriteReady) { // Test that using a BIO after the underlying adapter is destroyed fails // gracefully. -TEST_F(SocketBIOAdapterTest, Detached) { +TEST_P(SocketBIOAdapterTest, Detached) { crypto::OpenSSLErrStackTracer tracer(FROM_HERE); SequencedSocketData data(nullptr, 0, nullptr, 0); diff --git a/chromium/net/socket/socket_options.cc b/chromium/net/socket/socket_options.cc new file mode 100644 index 00000000000..5be5d978c98 --- /dev/null +++ b/chromium/net/socket/socket_options.cc @@ -0,0 +1,82 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/socket/socket_options.h" + +#include "build/build_config.h" +#include "net/base/net_errors.h" + +#if defined(OS_POSIX) +#include <netinet/in.h> +#include <netinet/tcp.h> +#include <sys/socket.h> +#elif defined(OS_WIN) +#include <winsock2.h> +#endif + +namespace net { + +int SetTCPNoDelay(SocketDescriptor fd, bool no_delay) { +#if defined(OS_POSIX) + int on = no_delay ? 1 : 0; +#elif defined(OS_WIN) + BOOL on = no_delay ? TRUE : FALSE; +#endif + int rv = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, + reinterpret_cast<const char*>(&on), sizeof(on)); + return rv == -1 ? MapSystemError(errno) : OK; +} + +int SetReuseAddr(SocketDescriptor fd, bool reuse) { +// SO_REUSEADDR is useful for server sockets to bind to a recently unbound +// port. When a socket is closed, the end point changes its state to TIME_WAIT +// and wait for 2 MSL (maximum segment lifetime) to ensure the remote peer +// acknowledges its closure. For server sockets, it is usually safe to +// bind to a TIME_WAIT end point immediately, which is a widely adopted +// behavior. +// +// Note that on *nix, SO_REUSEADDR does not enable the socket (which can be +// either TCP or UDP) to bind to an end point that is already bound by another +// socket. To do that one must set SO_REUSEPORT instead. This option is not +// provided on Linux prior to 3.9. +// +// SO_REUSEPORT is provided in MacOS X and iOS. +#if defined(OS_POSIX) + int boolean_value = reuse ? 1 : 0; +#elif defined(OS_WIN) + BOOL boolean_value = reuse ? TRUE : FALSE; +#endif + int rv = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, + reinterpret_cast<const char*>(&boolean_value), + sizeof(boolean_value)); + return rv == -1 ? MapSystemError(errno) : OK; +} + +int SetSocketReceiveBufferSize(SocketDescriptor fd, int32_t size) { + int rv = setsockopt(fd, SOL_SOCKET, SO_RCVBUF, + reinterpret_cast<const char*>(&size), sizeof(size)); +#if defined(OS_POSIX) + int os_error = errno; +#elif defined(OS_WIN) + int os_error = WSAGetLastError(); +#endif + int net_error = (rv == -1) ? MapSystemError(os_error) : OK; + DCHECK(!rv) << "Could not set socket receive buffer size: " << net_error; + return net_error; +} + +int SetSocketSendBufferSize(SocketDescriptor fd, int32_t size) { + int rv = setsockopt(fd, SOL_SOCKET, SO_SNDBUF, + reinterpret_cast<const char*>(&size), sizeof(size)); +#if defined(OS_POSIX) + int os_error = errno; +#elif defined(OS_WIN) + int os_error = WSAGetLastError(); +#endif + int net_error = (rv == -1) ? MapSystemError(os_error) : OK; + DCHECK(!rv) << "Could not set socket receive buffer size: " << net_error; + return net_error; +} + +} // namespace net diff --git a/chromium/net/socket/socket_options.h b/chromium/net/socket/socket_options.h new file mode 100644 index 00000000000..2a8ac6c7afb --- /dev/null +++ b/chromium/net/socket/socket_options.h @@ -0,0 +1,62 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_SOCKET_SOCKET_OPTIONS_H_ +#define NET_SOCKET_SOCKET_OPTIONS_H_ + +#include <stdint.h> + +#include "net/base/net_export.h" +#include "net/socket/socket_descriptor.h" + +namespace net { + +// This function enables/disables buffering in the kernel. By default, on Linux, +// TCP sockets will wait up to 200ms for more data to complete a packet before +// transmitting. After calling this function, the kernel will not wait. See +// TCP_NODELAY in `man 7 tcp`. +// +// For Windows: +// +// The Nagle implementation on Windows is governed by RFC 896. The idea +// behind Nagle is to reduce small packets on the network. When Nagle is +// enabled, if a partial packet has been sent, the TCP stack will disallow +// further *partial* packets until an ACK has been received from the other +// side. Good applications should always strive to send as much data as +// possible and avoid partial-packet sends. However, in most real world +// applications, there are edge cases where this does not happen, and two +// partial packets may be sent back to back. For a browser, it is NEVER +// a benefit to delay for an RTT before the second packet is sent. +// +// As a practical example in Chromium today, consider the case of a small +// POST. I have verified this: +// Client writes 649 bytes of header (partial packet #1) +// Client writes 50 bytes of POST data (partial packet #2) +// In the above example, with Nagle, a RTT delay is inserted between these +// two sends due to nagle. RTTs can easily be 100ms or more. The best +// fix is to make sure that for POSTing data, we write as much data as +// possible and minimize partial packets. We will fix that. But disabling +// Nagle also ensure we don't run into this delay in other edge cases. +// See also: +// http://technet.microsoft.com/en-us/library/bb726981.aspx +// +// SetTCPNoDelay() sets the TCP_NODELAY option. Use |no_delay| to enable or +// disable it. On error returns a net error code, on success returns OK. +int SetTCPNoDelay(SocketDescriptor fd, bool no_delay); + +// SetReuseAddr() sets the SO_REUSEADDR socket option. Use |reuse| to enable or +// disable it. On error returns a net error code, on success returns OK. +int SetReuseAddr(SocketDescriptor fd, bool reuse); + +// SetSocketReceiveBufferSize() sets the SO_RCVBUF socket option. On error +// returns a net error code, on success returns OK. +int SetSocketReceiveBufferSize(SocketDescriptor fd, int32_t size); + +// SetSocketSendBufferSize() sets the SO_SNDBUF socket option. On error +// returns a net error code, on success returns OK. +int SetSocketSendBufferSize(SocketDescriptor fd, int32_t size); + +} // namespace net + +#endif // NET_SOCKET_SOCKET_OPTIONS_H_ diff --git a/chromium/net/socket/socket_posix.cc b/chromium/net/socket/socket_posix.cc index 20cc92bf593..6955aa2a1e8 100644 --- a/chromium/net/socket/socket_posix.cc +++ b/chromium/net/socket/socket_posix.cc @@ -253,11 +253,26 @@ bool SocketPosix::IsConnectedAndIdle() const { int SocketPosix::Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) { + // Use base::Unretained() is safe here because OnFileCanReadWithoutBlocking() + // won't be called if |this| is gone. + int rv = + ReadIfReady(buf, buf_len, + base::Bind(&SocketPosix::RetryRead, base::Unretained(this))); + if (rv == ERR_IO_PENDING) { + read_buf_ = buf; + read_buf_len_ = buf_len; + read_callback_ = callback; + } + return rv; +} + +int SocketPosix::ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) { DCHECK(thread_checker_.CalledOnValidThread()); DCHECK_NE(kInvalidSocket, socket_fd_); DCHECK(!waiting_connect_); - CHECK(read_callback_.is_null()); - // Synchronous operation not supported + CHECK(read_if_ready_callback_.is_null()); DCHECK(!callback.is_null()); DCHECK_LT(0, buf_len); @@ -272,9 +287,7 @@ int SocketPosix::Read(IOBuffer* buf, return MapSystemError(errno); } - read_buf_ = buf; - read_buf_len_ = buf_len; - read_callback_ = callback; + read_if_ready_callback_ = callback; return ERR_IO_PENDING; } @@ -375,10 +388,10 @@ void SocketPosix::DetachFromThread() { void SocketPosix::OnFileCanReadWithoutBlocking(int fd) { TRACE_EVENT0(kNetTracingCategory, "SocketPosix::OnFileCanReadWithoutBlocking"); - DCHECK(!accept_callback_.is_null() || !read_callback_.is_null()); if (!accept_callback_.is_null()) { AcceptCompleted(); - } else { // !read_callback_.is_null() + } else { + DCHECK(!read_if_ready_callback_.is_null()); ReadCompleted(); } } @@ -453,16 +466,29 @@ int SocketPosix::DoRead(IOBuffer* buf, int buf_len) { return rv >= 0 ? rv : MapSystemError(errno); } +void SocketPosix::RetryRead(int rv) { + DCHECK(read_callback_); + DCHECK(read_buf_); + DCHECK_LT(0, read_buf_len_); + + if (rv == OK) { + rv = ReadIfReady( + read_buf_.get(), read_buf_len_, + base::Bind(&SocketPosix::RetryRead, base::Unretained(this))); + if (rv == ERR_IO_PENDING) + return; + } + read_buf_ = nullptr; + read_buf_len_ = 0; + base::ResetAndReturn(&read_callback_).Run(rv); +} + void SocketPosix::ReadCompleted() { - int rv = DoRead(read_buf_.get(), read_buf_len_); - if (rv == ERR_IO_PENDING) - return; + DCHECK(read_if_ready_callback_); bool ok = read_socket_watcher_.StopWatchingFileDescriptor(); DCHECK(ok); - read_buf_ = NULL; - read_buf_len_ = 0; - base::ResetAndReturn(&read_callback_).Run(rv); + base::ResetAndReturn(&read_if_ready_callback_).Run(OK); } int SocketPosix::DoWrite(IOBuffer* buf, int buf_len) { @@ -509,6 +535,8 @@ void SocketPosix::StopWatchingAndCleanUp() { read_callback_.Reset(); } + read_if_ready_callback_.Reset(); + if (!write_callback_.is_null()) { write_buf_ = NULL; write_buf_len_ = 0; diff --git a/chromium/net/socket/socket_posix.h b/chromium/net/socket/socket_posix.h index bf4b7e53d9b..65a692e27de 100644 --- a/chromium/net/socket/socket_posix.h +++ b/chromium/net/socket/socket_posix.h @@ -59,6 +59,14 @@ class NET_EXPORT_PRIVATE SocketPosix : public base::MessageLoopForIO::Watcher { // errno, though errno is set if read or write events happen with error. // TODO(byungchul): Need more robust way to pass system errno. int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback); + + // Reads up to |buf_len| bytes into |buf| without blocking. If read is to + // be retried later, |callback| will be invoked when data is ready for + // reading. This method doesn't hold on to |buf|. + // See socket.h for more information. + int ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback); int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback); // Waits for next write event. This is called by TCPSocketPosix for TCP @@ -95,6 +103,7 @@ class NET_EXPORT_PRIVATE SocketPosix : public base::MessageLoopForIO::Watcher { void ConnectCompleted(); int DoRead(IOBuffer* buf, int buf_len); + void RetryRead(int rv); void ReadCompleted(); int DoWrite(IOBuffer* buf, int buf_len); @@ -109,11 +118,15 @@ class NET_EXPORT_PRIVATE SocketPosix : public base::MessageLoopForIO::Watcher { CompletionCallback accept_callback_; base::MessageLoopForIO::FileDescriptorWatcher read_socket_watcher_; + + // Non-null when a Read() is in progress. scoped_refptr<IOBuffer> read_buf_; int read_buf_len_; - // External callback; called when read is complete. CompletionCallback read_callback_; + // Non-null when a ReadIfReady() is in progress. + CompletionCallback read_if_ready_callback_; + base::MessageLoopForIO::FileDescriptorWatcher write_socket_watcher_; scoped_refptr<IOBuffer> write_buf_; int write_buf_len_; diff --git a/chromium/net/socket/socket_test_util.cc b/chromium/net/socket/socket_test_util.cc index 0c7adca5cdf..57ca977f50f 100644 --- a/chromium/net/socket/socket_test_util.cc +++ b/chromium/net/socket/socket_test_util.cc @@ -10,6 +10,7 @@ #include "base/bind.h" #include "base/bind_helpers.h" +#include "base/callback_helpers.h" #include "base/compiler_specific.h" #include "base/location.h" #include "base/logging.h" @@ -699,7 +700,8 @@ void SequencedSocketData::OnWriteComplete() { SequencedSocketData::~SequencedSocketData() { } -MockClientSocketFactory::MockClientSocketFactory() {} +MockClientSocketFactory::MockClientSocketFactory() + : enable_read_if_ready_(false) {} MockClientSocketFactory::~MockClientSocketFactory() {} @@ -743,6 +745,8 @@ MockClientSocketFactory::CreateTransportClientSocket( SocketDataProvider* data_provider = mock_data_.GetNext(); std::unique_ptr<MockTCPClientSocket> socket( new MockTCPClientSocket(addresses, net_log, data_provider)); + if (enable_read_if_ready_) + socket->set_enable_read_if_ready(enable_read_if_ready_); return std::move(socket); } @@ -882,7 +886,8 @@ MockTCPClientSocket::MockTCPClientSocket(const AddressList& addresses, peer_closed_connection_(false), pending_read_buf_(NULL), pending_read_buf_len_(0), - was_used_to_convey_data_(false) { + was_used_to_convey_data_(false), + enable_read_if_ready_(false) { DCHECK(data_); peer_addr_ = data->connect_data().peer_addr; data_->Initialize(this); @@ -895,41 +900,29 @@ MockTCPClientSocket::~MockTCPClientSocket() { int MockTCPClientSocket::Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) { - if (!connected_ || !data_) - return ERR_UNEXPECTED; - // If the buffer is already in use, a read is already in progress! DCHECK(!pending_read_buf_); - - // Store our async IO data. - pending_read_buf_ = buf; - pending_read_buf_len_ = buf_len; - pending_read_callback_ = callback; - - if (need_read_data_) { - read_data_ = data_->OnRead(); - if (read_data_.result == ERR_CONNECTION_CLOSED) { - // This MockRead is just a marker to instruct us to set - // peer_closed_connection_. - peer_closed_connection_ = true; - } - if (read_data_.result == ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ) { - // This MockRead is just a marker to instruct us to set - // peer_closed_connection_. Skip it and get the next one. - read_data_ = data_->OnRead(); - peer_closed_connection_ = true; - } - // ERR_IO_PENDING means that the SocketDataProvider is taking responsibility - // to complete the async IO manually later (via OnReadComplete). - if (read_data_.result == ERR_IO_PENDING) { - // We need to be using async IO in this case. - DCHECK(!callback.is_null()); - return ERR_IO_PENDING; - } - need_read_data_ = false; + // Use base::Unretained() is safe because MockClientSocket::RunCallbackAsync() + // takes a weak ptr of the base class, MockClientSocket. + int rv = ReadIfReadyImpl( + buf, buf_len, + base::Bind(&MockTCPClientSocket::RetryRead, base::Unretained(this))); + if (rv == ERR_IO_PENDING) { + pending_read_buf_ = buf; + pending_read_buf_len_ = buf_len; + pending_read_callback_ = callback; } + return rv; +} - return CompleteRead(); +int MockTCPClientSocket::ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) { + DCHECK(!pending_read_if_ready_callback_); + + if (!enable_read_if_ready_) + return ERR_READ_IF_READY_NOT_IMPLEMENTED; + return ReadIfReadyImpl(buf, buf_len, callback); } int MockTCPClientSocket::Write(IOBuffer* buf, int buf_len, @@ -1048,7 +1041,7 @@ void MockTCPClientSocket::OnReadComplete(const MockRead& data) { return; // There must be a read pending. - DCHECK(pending_read_buf_.get()); + DCHECK(pending_read_if_ready_callback_); // You can't complete a read with another ERR_IO_PENDING status code. DCHECK_NE(ERR_IO_PENDING, data.result); // Since we've been waiting for data, need_read_data_ should be true. @@ -1060,10 +1053,8 @@ void MockTCPClientSocket::OnReadComplete(const MockRead& data) { // The caller is simulating that this IO completes right now. Don't // let CompleteRead() schedule a callback. read_data_.mode = SYNCHRONOUS; - - CompletionCallback callback = pending_read_callback_; - int rv = CompleteRead(); - RunCallback(callback, rv); + RunCallback(base::ResetAndReturn(&pending_read_if_ready_callback_), + read_data_.result > 0 ? OK : read_data_.result); } void MockTCPClientSocket::OnWriteComplete(int rv) { @@ -1090,23 +1081,65 @@ void MockTCPClientSocket::OnDataProviderDestroyed() { data_ = nullptr; } -int MockTCPClientSocket::CompleteRead() { +void MockTCPClientSocket::RetryRead(int rv) { + DCHECK(pending_read_callback_); DCHECK(pending_read_buf_.get()); - DCHECK(pending_read_buf_len_ > 0); - - was_used_to_convey_data_ = true; + DCHECK_LT(0, pending_read_buf_len_); - // Save the pending async IO data and reset our |pending_| state. - scoped_refptr<IOBuffer> buf = pending_read_buf_; - int buf_len = pending_read_buf_len_; - CompletionCallback callback = pending_read_callback_; - pending_read_buf_ = NULL; + if (rv == OK) { + rv = ReadIfReadyImpl( + pending_read_buf_.get(), pending_read_buf_len_, + base::Bind(&MockTCPClientSocket::RetryRead, base::Unretained(this))); + if (rv == ERR_IO_PENDING) + return; + } + pending_read_buf_ = nullptr; pending_read_buf_len_ = 0; - pending_read_callback_.Reset(); + RunCallback(base::ResetAndReturn(&pending_read_callback_), rv); +} + +int MockTCPClientSocket::ReadIfReadyImpl(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) { + if (!connected_ || !data_) + return ERR_UNEXPECTED; + + DCHECK(!pending_read_if_ready_callback_); + + if (need_read_data_) { + read_data_ = data_->OnRead(); + if (read_data_.result == ERR_CONNECTION_CLOSED) { + // This MockRead is just a marker to instruct us to set + // peer_closed_connection_. + peer_closed_connection_ = true; + } + if (read_data_.result == ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ) { + // This MockRead is just a marker to instruct us to set + // peer_closed_connection_. Skip it and get the next one. + read_data_ = data_->OnRead(); + peer_closed_connection_ = true; + } + // ERR_IO_PENDING means that the SocketDataProvider is taking responsibility + // to complete the async IO manually later (via OnReadComplete). + if (read_data_.result == ERR_IO_PENDING) { + // We need to be using async IO in this case. + DCHECK(!callback.is_null()); + pending_read_if_ready_callback_ = callback; + return ERR_IO_PENDING; + } + need_read_data_ = false; + } int result = read_data_.result; - DCHECK(result != ERR_IO_PENDING); + DCHECK_NE(ERR_IO_PENDING, result); + if (read_data_.mode == ASYNC) { + DCHECK(!callback.is_null()); + read_data_.mode = SYNCHRONOUS; + RunCallbackAsync(callback, result); + return ERR_IO_PENDING; + } + was_used_to_convey_data_ = true; if (read_data_.data) { if (read_data_.data_len - read_offset_ > 0) { result = std::min(buf_len, read_data_.data_len - read_offset_); @@ -1120,12 +1153,6 @@ int MockTCPClientSocket::CompleteRead() { result = 0; // EOF } } - - if (read_data_.mode == ASYNC) { - DCHECK(!callback.is_null()); - RunCallbackAsync(callback, result); - return ERR_IO_PENDING; - } return result; } @@ -1164,6 +1191,12 @@ int MockSSLClientSocket::Read(IOBuffer* buf, int buf_len, return transport_->socket()->Read(buf, buf_len, callback); } +int MockSSLClientSocket::ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) { + return transport_->socket()->ReadIfReady(buf, buf_len, callback); +} + int MockSSLClientSocket::Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback) { return transport_->socket()->Write(buf, buf_len, callback); diff --git a/chromium/net/socket/socket_test_util.h b/chromium/net/socket/socket_test_util.h index c8f9b68fe9f..9790f498fa7 100644 --- a/chromium/net/socket/socket_test_util.h +++ b/chromium/net/socket/socket_test_util.h @@ -518,6 +518,10 @@ class MockClientSocketFactory : public ClientSocketFactory { return mock_data_; } + void set_enable_read_if_ready(bool enable_read_if_ready) { + enable_read_if_ready_ = enable_read_if_ready; + } + // ClientSocketFactory std::unique_ptr<DatagramClientSocket> CreateDatagramClientSocket( DatagramSocket::BindType bind_type, @@ -545,6 +549,10 @@ class MockClientSocketFactory : public ClientSocketFactory { SocketDataProviderArray<SSLSocketDataProvider> mock_ssl_data_; std::vector<uint16_t> udp_client_socket_ports_; + // If true, ReadIfReady() is enabled; otherwise ReadIfReady() returns + // ERR_READ_IF_READY_NOT_IMPLEMENTED. + bool enable_read_if_ready_; + DISALLOW_COPY_AND_ASSIGN(MockClientSocketFactory); }; @@ -627,6 +635,9 @@ class MockTCPClientSocket : public MockClientSocket, public AsyncSocket { int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) override; + int ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) override; int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback) override; @@ -650,9 +661,15 @@ class MockTCPClientSocket : public MockClientSocket, public AsyncSocket { void OnConnectComplete(const MockConnect& data) override; void OnDataProviderDestroyed() override; - private: - int CompleteRead(); + void set_enable_read_if_ready(bool enable_read_if_ready) { + enable_read_if_ready_ = enable_read_if_ready; + } + private: + void RetryRead(int rv); + int ReadIfReadyImpl(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback); AddressList addresses_; SocketDataProvider* data_; @@ -668,11 +685,19 @@ class MockTCPClientSocket : public MockClientSocket, public AsyncSocket { // While an asynchronous read is pending, we save our user-buffer state. scoped_refptr<IOBuffer> pending_read_buf_; int pending_read_buf_len_; - CompletionCallback pending_connect_callback_; CompletionCallback pending_read_callback_; + + // Non-null when a ReadIfReady() is pending. + CompletionCallback pending_read_if_ready_callback_; + + CompletionCallback pending_connect_callback_; CompletionCallback pending_write_callback_; bool was_used_to_convey_data_; + // If true, ReadIfReady() is enabled; otherwise ReadIfReady() returns + // ERR_READ_IF_READY_NOT_IMPLEMENTED. + bool enable_read_if_ready_; + ConnectionAttempts connection_attempts_; DISALLOW_COPY_AND_ASSIGN(MockTCPClientSocket); @@ -690,6 +715,9 @@ class MockSSLClientSocket : public MockClientSocket, public AsyncSocket { int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) override; + int ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) override; int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback) override; diff --git a/chromium/net/socket/socks_client_socket_pool.cc b/chromium/net/socket/socks_client_socket_pool.cc index 02941886704..e8a8fb77c60 100644 --- a/chromium/net/socket/socks_client_socket_pool.cc +++ b/chromium/net/socket/socks_client_socket_pool.cc @@ -261,6 +261,11 @@ void SOCKSClientSocketPool::CloseIdleSockets() { base_.CloseIdleSockets(); } +void SOCKSClientSocketPool::CloseIdleSocketsInGroup( + const std::string& group_name) { + base_.CloseIdleSocketsInGroup(group_name); +} + int SOCKSClientSocketPool::IdleSocketCount() const { return base_.idle_socket_count(); } diff --git a/chromium/net/socket/socks_client_socket_pool.h b/chromium/net/socket/socks_client_socket_pool.h index cf6456b1e44..5b55b6ca3d9 100644 --- a/chromium/net/socket/socks_client_socket_pool.h +++ b/chromium/net/socket/socks_client_socket_pool.h @@ -147,6 +147,8 @@ class NET_EXPORT_PRIVATE SOCKSClientSocketPool void CloseIdleSockets() override; + void CloseIdleSocketsInGroup(const std::string& group_name) override; + int IdleSocketCount() const override; int IdleSocketCountInGroup(const std::string& group_name) const override; diff --git a/chromium/net/socket/ssl_client_socket_impl.cc b/chromium/net/socket/ssl_client_socket_impl.cc index a81e33144c1..ab4f11350e2 100644 --- a/chromium/net/socket/ssl_client_socket_impl.cc +++ b/chromium/net/socket/ssl_client_socket_impl.cc @@ -12,7 +12,6 @@ #include "base/bind.h" #include "base/callback_helpers.h" -#include "base/feature_list.h" #include "base/lazy_instance.h" #include "base/macros.h" #include "base/memory/singleton.h" @@ -219,24 +218,44 @@ int GetBufferSize(const char* field_trial) { return buffer_size; } -#if defined(OS_NACL) -bool AreLegacyECDSACiphersEnabled() { - return false; -} +scoped_refptr<X509Certificate> OSChainFromBuffers(STACK_OF(CRYPTO_BUFFER) * + openssl_chain) { + if (sk_CRYPTO_BUFFER_num(openssl_chain) == 0) { + NOTREACHED(); + return nullptr; + } + +#if BUILDFLAG(USE_BYTE_CERTS) + std::vector<CRYPTO_BUFFER*> intermediate_chain; + for (size_t i = 1; i < sk_CRYPTO_BUFFER_num(openssl_chain); ++i) + intermediate_chain.push_back(sk_CRYPTO_BUFFER_value(openssl_chain, i)); + return X509Certificate::CreateFromHandle( + sk_CRYPTO_BUFFER_value(openssl_chain, 0), intermediate_chain); #else -// TODO(davidben): Remove this after the ECDSA CBC removal sticks. -// https:/crbug.com/666191. -const base::Feature kLegacyECDSACiphersFeature{ - "SSLLegacyECDSACiphers", base::FEATURE_DISABLED_BY_DEFAULT}; + // Convert the certificate chains to a platform certificate handle. + std::vector<base::StringPiece> der_chain; + der_chain.reserve(sk_CRYPTO_BUFFER_num(openssl_chain)); + for (size_t i = 0; i < sk_CRYPTO_BUFFER_num(openssl_chain); ++i) { + const CRYPTO_BUFFER* cert = sk_CRYPTO_BUFFER_value(openssl_chain, i); + base::StringPiece der; + der_chain.push_back(base::StringPiece( + reinterpret_cast<const char*>(CRYPTO_BUFFER_data(cert)), + CRYPTO_BUFFER_len(cert))); + } + return X509Certificate::CreateFromDERCertChain(der_chain); +#endif +} -bool AreLegacyECDSACiphersEnabled() { - return base::FeatureList::IsEnabled(kLegacyECDSACiphersFeature); +#if !defined(OS_IOS) && !BUILDFLAG(USE_BYTE_CERTS) +bssl::UniquePtr<CRYPTO_BUFFER> OSCertHandleToBuffer( + X509Certificate::OSCertHandle os_handle) { + std::string der_encoded; + if (!X509Certificate::GetDEREncoded(os_handle, &der_encoded)) + return nullptr; + return x509_util::CreateCryptoBuffer(der_encoded); } #endif -const base::Feature kShortRecordHeaderFeature{ - "SSLShortRecordHeader", base::FEATURE_DISABLED_BY_DEFAULT}; - } // namespace class SSLClientSocketImpl::SSLContext { @@ -279,10 +298,11 @@ class SSLClientSocketImpl::SSLContext { crypto::EnsureOpenSSLInit(); ssl_socket_data_index_ = SSL_get_ex_new_index(0, 0, 0, 0, 0); DCHECK_NE(ssl_socket_data_index_, -1); - ssl_ctx_.reset(SSL_CTX_new(SSLv23_client_method())); - SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), CertVerifyCallback, NULL); + ssl_ctx_.reset(SSL_CTX_new(TLS_with_buffers_method())); SSL_CTX_set_cert_cb(ssl_ctx_.get(), ClientCertRequestCallback, NULL); - SSL_CTX_set_verify(ssl_ctx_.get(), SSL_VERIFY_PEER, NULL); + + // The server certificate is verified after the handshake in DoVerifyCert. + SSL_CTX_i_promise_to_verify_certs_after_the_handshake(ssl_ctx_.get()); // Disable the internal session cache. Session caching is handled // externally (i.e. by SSLClientSessionCache). @@ -296,10 +316,6 @@ class SSLClientSocketImpl::SSLContext { // Deduplicate all certificates minted from the SSL_CTX in memory. SSL_CTX_set0_buffer_pool(ssl_ctx_.get(), x509_util::GetBufferPool()); - if (base::FeatureList::IsEnabled(kShortRecordHeaderFeature)) { - SSL_CTX_set_short_header_enabled(ssl_ctx_.get(), 1); - } - if (!SSL_CTX_add_client_custom_ext(ssl_ctx_.get(), kTbExtNum, &TokenBindingAddCallback, &TokenBindingFreeCallback, nullptr, @@ -348,15 +364,6 @@ class SSLClientSocketImpl::SSLContext { return socket->ClientCertRequestCallback(ssl); } - static int CertVerifyCallback(X509_STORE_CTX* store_ctx, void* arg) { - SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data( - store_ctx, SSL_get_ex_data_X509_STORE_CTX_idx())); - SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); - CHECK(socket); - - return socket->CertVerifyCallback(store_ctx); - } - static int NewSessionCallback(SSL* ssl, SSL_SESSION* session) { SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl); return socket->NewSessionCallback(session); @@ -428,88 +435,6 @@ const SSL_PRIVATE_KEY_METHOD &SSLClientSocketImpl::SSLContext::PrivateKeyCompleteCallback, }; -// PeerCertificateChain is a helper object which extracts the certificate -// chain, as given by the server, from an OpenSSL socket and performs the needed -// resource management. The first element of the chain is the leaf certificate -// and the other elements are in the order given by the server. -class SSLClientSocketImpl::PeerCertificateChain { - public: - explicit PeerCertificateChain(STACK_OF(X509) * chain) { Reset(chain); } - PeerCertificateChain(const PeerCertificateChain& other) { *this = other; } - ~PeerCertificateChain() {} - PeerCertificateChain& operator=(const PeerCertificateChain& other); - - // Resets the PeerCertificateChain to the set of certificates in|chain|, - // which may be NULL, indicating to empty the store certificates. - // Note: If an error occurs, such as being unable to parse the certificates, - // this will behave as if Reset(NULL) was called. - void Reset(STACK_OF(X509) * chain); - - // Note that when USE_OPENSSL_CERTS is defined, OSCertHandle is X509* - scoped_refptr<X509Certificate> AsOSChain() const; - - size_t size() const { - if (!openssl_chain_.get()) - return 0; - return sk_X509_num(openssl_chain_.get()); - } - - bool empty() const { return size() == 0; } - - X509* Get(size_t index) const { - DCHECK_LT(index, size()); - return sk_X509_value(openssl_chain_.get(), index); - } - - private: - bssl::UniquePtr<STACK_OF(X509)> openssl_chain_; -}; - -SSLClientSocketImpl::PeerCertificateChain& -SSLClientSocketImpl::PeerCertificateChain::operator=( - const PeerCertificateChain& other) { - if (this == &other) - return *this; - - openssl_chain_.reset(X509_chain_up_ref(other.openssl_chain_.get())); - return *this; -} - -void SSLClientSocketImpl::PeerCertificateChain::Reset(STACK_OF(X509) * chain) { - openssl_chain_.reset(chain ? X509_chain_up_ref(chain) : NULL); -} - -scoped_refptr<X509Certificate> -SSLClientSocketImpl::PeerCertificateChain::AsOSChain() const { -#if defined(USE_OPENSSL_CERTS) - // When OSCertHandle is typedef'ed to X509, this implementation does a short - // cut to avoid converting back and forth between DER and the X509 struct. - X509Certificate::OSCertHandles intermediates; - for (size_t i = 1; i < sk_X509_num(openssl_chain_.get()); ++i) { - X509* cert = sk_X509_value(openssl_chain_.get(), i); - DCHECK(cert->buf); - intermediates.push_back(cert); - } - - X509* leaf = sk_X509_value(openssl_chain_.get(), 0); - DCHECK(leaf->buf); - return X509Certificate::CreateFromHandle(leaf, intermediates); -#else - // Convert the certificate chains to a platform certificate handle. - std::vector<base::StringPiece> der_chain; - der_chain.reserve(sk_X509_num(openssl_chain_.get())); - for (size_t i = 0; i < sk_X509_num(openssl_chain_.get()); ++i) { - X509* cert = sk_X509_value(openssl_chain_.get(), i); - DCHECK(cert->buf); - base::StringPiece der; - if (!x509_util::GetDER(cert, &der)) - return nullptr; - der_chain.push_back(der); - } - return X509Certificate::CreateFromDERCertChain(der_chain); -#endif -} - // static void SSLClientSocket::ClearSessionCache() { SSLClientSocketImpl::SSLContext* context = @@ -524,7 +449,6 @@ SSLClientSocketImpl::SSLClientSocketImpl( const SSLClientSocketContext& context) : pending_read_error_(kNoPendingResult), pending_read_ssl_error_(SSL_ERROR_NONE), - server_cert_chain_(new PeerCertificateChain(NULL)), completed_connect_(false), was_ever_used_(false), cert_verifier_(context.cert_verifier), @@ -577,18 +501,13 @@ void SSLClientSocketImpl::GetSSLCertRequestInfo( cert_request_info->host_and_port = host_and_port_; cert_request_info->cert_authorities.clear(); - STACK_OF(X509_NAME)* authorities = SSL_get_client_CA_list(ssl_.get()); - for (size_t i = 0; i < sk_X509_NAME_num(authorities); i++) { - X509_NAME* ca_name = sk_X509_NAME_value(authorities, i); - uint8_t* str = nullptr; - int length = i2d_X509_NAME(ca_name, &str); - if (length > 0) { - cert_request_info->cert_authorities.push_back(std::string( - reinterpret_cast<const char*>(str), static_cast<size_t>(length))); - } else { - NOTREACHED(); // Error serializing |ca_name|. - } - OPENSSL_free(str); + const STACK_OF(CRYPTO_BUFFER)* authorities = + SSL_get0_server_requested_CAs(ssl_.get()); + for (size_t i = 0; i < sk_CRYPTO_BUFFER_num(authorities); i++) { + const CRYPTO_BUFFER* ca_name = sk_CRYPTO_BUFFER_value(authorities, i); + cert_request_info->cert_authorities.push_back( + std::string(reinterpret_cast<const char*>(CRYPTO_BUFFER_data(ca_name)), + CRYPTO_BUFFER_len(ca_name))); } cert_request_info->cert_key_types.clear(); @@ -792,7 +711,7 @@ NextProto SSLClientSocketImpl::GetNegotiatedProtocol() const { bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) { ssl_info->Reset(); - if (server_cert_chain_->empty()) + if (!server_cert_) return false; ssl_info->cert = server_cert_verify_result_.verified_cert; @@ -842,16 +761,14 @@ int64_t SSLClientSocketImpl::GetTotalReceivedBytes() const { void SSLClientSocketImpl::DumpMemoryStats(SocketMemoryStats* stats) const { if (transport_adapter_) stats->buffer_size = transport_adapter_->GetAllocationSize(); - if (server_cert_chain_) { - for (size_t i = 0; i < server_cert_chain_->size(); ++i) { - X509* cert = server_cert_chain_->Get(i); - // Estimate the size of the certificate before deduplication. - // The multiplier (4) is added to account for the difference between the - // serialized cert size and the actual cert allocation. - // TODO(xunjieli): Update this after crbug.com/671420 is done. - stats->cert_size += 4 * i2d_X509(cert, nullptr); + const STACK_OF(CRYPTO_BUFFER)* server_cert_chain = + SSL_get0_peer_certificates(ssl_.get()); + if (server_cert_chain) { + for (size_t i = 0; i < sk_CRYPTO_BUFFER_num(server_cert_chain); ++i) { + const CRYPTO_BUFFER* cert = sk_CRYPTO_BUFFER_value(server_cert_chain, i); + stats->cert_size += CRYPTO_BUFFER_len(cert); } - stats->cert_count = server_cert_chain_->size(); + stats->cert_count = sk_CRYPTO_BUFFER_num(server_cert_chain); } stats->total_size = stats->buffer_size + stats->cert_size; } @@ -865,20 +782,25 @@ void SSLClientSocketImpl::DumpSSLClientSessionMemoryStats( int SSLClientSocketImpl::Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) { - user_read_buf_ = buf; - user_read_buf_len_ = buf_len; + int rv = ReadIfReady(buf, buf_len, callback); + if (rv == ERR_IO_PENDING) { + user_read_buf_ = buf; + user_read_buf_len_ = buf_len; + } + return rv; +} - int rv = DoPayloadRead(); +int SSLClientSocketImpl::ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) { + int rv = DoPayloadRead(buf, buf_len); if (rv == ERR_IO_PENDING) { user_read_callback_ = callback; } else { if (rv > 0) was_ever_used_ = true; - user_read_buf_ = NULL; - user_read_buf_len_ = 0; } - return rv; } @@ -999,16 +921,13 @@ int SSLClientSocketImpl::Init() { // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers // (note that SHA256 and SHA384 only select legacy CBC ciphers). - std::string command("ALL:!SHA256:!SHA384:!kDHE:!aPSK:!RC4"); + // Additionally disable HMAC-SHA1 ciphers in ECDSA. These are the remaining + // CBC-mode ECDSA ciphers. + std::string command("ALL:!SHA256:!SHA384:!kDHE:!aPSK:!RC4:!ECDSA+SHA1"); if (ssl_config_.require_ecdhe) command.append(":!kRSA:!kDHE"); - // Additionally disable HMAC-SHA1 ciphers in ECDSA. These are the remaining - // CBC-mode ECDSA ciphers. - if (!AreLegacyECDSACiphersEnabled()) - command.append("!ECDSA+SHA1"); - // Remove any disabled ciphers. for (uint16_t id : ssl_config_.disabled_cipher_suites) { const SSL_CIPHER* cipher = SSL_get_cipher_by_value(id); @@ -1061,7 +980,7 @@ void SSLClientSocketImpl::DoReadCallback(int rv) { // up front. if (rv > 0) was_ever_used_ = true; - user_read_buf_ = NULL; + user_read_buf_ = nullptr; user_read_buf_len_ = 0; base::ResetAndReturn(&user_read_callback_).Run(rv); } @@ -1147,6 +1066,11 @@ int SSLClientSocketImpl::DoHandshakeComplete(int result) { if (result < 0) return result; + if (ssl_config_.version_interference_probe) { + DCHECK_LT(ssl_config_.version_max, TLS1_3_VERSION); + return ERR_SSL_VERSION_INTERFERENCE; + } + SSLContext::GetInstance()->session_cache()->ResetLookupCount( GetSessionCacheKey()); // Check that if token binding was negotiated, then extended master secret @@ -1201,7 +1125,6 @@ int SSLClientSocketImpl::DoHandshakeComplete(int result) { } // Verify the certificate. - UpdateServerCert(); next_handshake_state_ = STATE_VERIFY_CERT; return OK; } @@ -1241,10 +1164,9 @@ int SSLClientSocketImpl::DoChannelIDLookupComplete(int result) { } int SSLClientSocketImpl::DoVerifyCert(int result) { - DCHECK(!server_cert_chain_->empty()); DCHECK(start_cert_verification_time_.is_null()); - next_handshake_state_ = STATE_VERIFY_CERT_COMPLETE; + server_cert_ = OSChainFromBuffers(SSL_get0_peer_certificates(ssl_.get())); // OpenSSL decoded the certificate, but the platform certificate // implementation could not. This is treated as a fatal SSL-level protocol @@ -1252,6 +1174,12 @@ int SSLClientSocketImpl::DoVerifyCert(int result) { if (!server_cert_) return ERR_SSL_SERVER_CERT_BAD_FORMAT; + net_log_.AddEvent(NetLogEventType::SSL_CERTIFICATES_RECEIVED, + base::Bind(&NetLogX509CertificateCallback, + base::Unretained(server_cert_.get()))); + + next_handshake_state_ = STATE_VERIFY_CERT_COMPLETE; + // If the certificate is bad and has been previously accepted, use // the previous status and bypass the error. CertStatus cert_status; @@ -1356,16 +1284,6 @@ void SSLClientSocketImpl::DoConnectCallback(int rv) { } } -void SSLClientSocketImpl::UpdateServerCert() { - server_cert_chain_->Reset(SSL_get_peer_cert_chain(ssl_.get())); - server_cert_ = server_cert_chain_->AsOSChain(); - if (server_cert_.get()) { - net_log_.AddEvent(NetLogEventType::SSL_CERTIFICATES_RECEIVED, - base::Bind(&NetLogX509CertificateCallback, - base::Unretained(server_cert_.get()))); - } -} - void SSLClientSocketImpl::OnHandshakeIOComplete(int result) { int rv = DoHandshakeLoop(result); if (rv != ERR_IO_PENDING) { @@ -1416,11 +1334,11 @@ int SSLClientSocketImpl::DoHandshakeLoop(int last_io_result) { return rv; } -int SSLClientSocketImpl::DoPayloadRead() { +int SSLClientSocketImpl::DoPayloadRead(IOBuffer* buf, int buf_len) { crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); - DCHECK_LT(0, user_read_buf_len_); - DCHECK(user_read_buf_.get()); + DCHECK_LT(0, buf_len); + DCHECK(buf); int rv; if (pending_read_error_ != kNoPendingResult) { @@ -1428,7 +1346,7 @@ int SSLClientSocketImpl::DoPayloadRead() { pending_read_error_ = kNoPendingResult; if (rv == 0) { net_log_.AddByteTransferEvent(NetLogEventType::SSL_SOCKET_BYTES_RECEIVED, - rv, user_read_buf_->data()); + rv, buf->data()); } else { net_log_.AddEvent( NetLogEventType::SSL_READ_ERROR, @@ -1443,11 +1361,14 @@ int SSLClientSocketImpl::DoPayloadRead() { int total_bytes_read = 0; int ssl_ret; do { - ssl_ret = SSL_read(ssl_.get(), user_read_buf_->data() + total_bytes_read, - user_read_buf_len_ - total_bytes_read); + ssl_ret = SSL_read(ssl_.get(), buf->data() + total_bytes_read, + buf_len - total_bytes_read); if (ssl_ret > 0) total_bytes_read += ssl_ret; - } while (total_bytes_read < user_read_buf_len_ && ssl_ret > 0); + // Continue processing records as long as there is more data available + // synchronously. + } while (total_bytes_read < buf_len && ssl_ret > 0 && + transport_adapter_->HasPendingReadData()); // Although only the final SSL_read call may have failed, the failure needs to // processed immediately, while the information still available in OpenSSL's @@ -1504,7 +1425,7 @@ int SSLClientSocketImpl::DoPayloadRead() { if (rv >= 0) { net_log_.AddByteTransferEvent(NetLogEventType::SSL_SOCKET_BYTES_RECEIVED, - rv, user_read_buf_->data()); + rv, buf->data()); } else if (rv != ERR_IO_PENDING) { net_log_.AddEvent( NetLogEventType::SSL_READ_ERROR, @@ -1553,8 +1474,14 @@ void SSLClientSocketImpl::RetryAllOperations() { int rv_read = ERR_IO_PENDING; int rv_write = ERR_IO_PENDING; - if (user_read_buf_) - rv_read = DoPayloadRead(); + if (user_read_buf_) { + rv_read = DoPayloadRead(user_read_buf_.get(), user_read_buf_len_); + } else if (!user_read_callback_.is_null()) { + // ReadIfReady() is called by the user. Skip DoPayloadRead() and just let + // the user know that read can be retried. + rv_read = OK; + } + if (user_write_buf_) rv_write = DoPayloadWrite(); @@ -1660,38 +1587,53 @@ int SSLClientSocketImpl::ClientCertRequestCallback(SSL* ssl) { // Second pass: a client certificate should have been selected. if (ssl_config_.client_cert.get()) { - bssl::UniquePtr<X509> leaf_x509 = - OSCertHandleToOpenSSL(ssl_config_.client_cert->os_cert_handle()); - if (!leaf_x509) { - LOG(WARNING) << "Failed to import certificate"; - OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_BAD_FORMAT); + if (!ssl_config_.client_private_key) { + // The caller supplied a null private key. Fail the handshake and surface + // an appropriate error to the caller. + LOG(WARNING) << "Client cert found without private key"; + OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY); return -1; } - bssl::UniquePtr<STACK_OF(X509)> chain = OSCertHandlesToOpenSSL( - ssl_config_.client_cert->GetIntermediateCertificates()); - if (!chain) { - LOG(WARNING) << "Failed to import intermediate certificates"; +#if BUILDFLAG(USE_BYTE_CERTS) + std::vector<CRYPTO_BUFFER*> chain_raw; + chain_raw.push_back(ssl_config_.client_cert->os_cert_handle()); + for (X509Certificate::OSCertHandle cert : + ssl_config_.client_cert->GetIntermediateCertificates()) { + chain_raw.push_back(cert); + } +#else + std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> chain; + std::vector<CRYPTO_BUFFER*> chain_raw; + bssl::UniquePtr<CRYPTO_BUFFER> buf = + OSCertHandleToBuffer(ssl_config_.client_cert->os_cert_handle()); + if (!buf) { + LOG(WARNING) << "Failed to import certificate"; OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_BAD_FORMAT); return -1; } - - if (!SSL_use_certificate(ssl_.get(), leaf_x509.get()) || - !SSL_set1_chain(ssl_.get(), chain.get())) { - LOG(WARNING) << "Failed to set client certificate"; - return -1; + chain_raw.push_back(buf.get()); + chain.push_back(std::move(buf)); + + for (X509Certificate::OSCertHandle cert : + ssl_config_.client_cert->GetIntermediateCertificates()) { + bssl::UniquePtr<CRYPTO_BUFFER> buf = OSCertHandleToBuffer(cert); + if (!buf) { + LOG(WARNING) << "Failed to import intermediate"; + OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_BAD_FORMAT); + return -1; + } + chain_raw.push_back(buf.get()); + chain.push_back(std::move(buf)); } +#endif - if (!ssl_config_.client_private_key) { - // The caller supplied a null private key. Fail the handshake and surface - // an appropriate error to the caller. - LOG(WARNING) << "Client cert found without private key"; - OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY); + if (!SSL_set_chain_and_key(ssl_.get(), chain_raw.data(), chain_raw.size(), + nullptr, &SSLContext::kPrivateKeyMethod)) { + LOG(WARNING) << "Failed to set client certificate"; return -1; } - SSL_set_private_key_method(ssl_.get(), &SSLContext::kPrivateKeyMethod); - std::vector<SSLPrivateKey::Hash> digest_prefs = ssl_config_.client_private_key->GetDigestPreferences(); @@ -1720,9 +1662,8 @@ int SSLClientSocketImpl::ClientCertRequestCallback(SSL* ssl) { SSL_set_private_key_digest_prefs(ssl_.get(), digests.data(), digests.size()); - int cert_count = 1 + sk_X509_num(chain.get()); net_log_.AddEvent(NetLogEventType::SSL_CLIENT_CERT_PROVIDED, - NetLog::IntCallback("cert_count", cert_count)); + NetLog::IntCallback("cert_count", chain_raw.size())); return 1; } #endif // defined(OS_IOS) @@ -1733,33 +1674,6 @@ int SSLClientSocketImpl::ClientCertRequestCallback(SSL* ssl) { return 1; } -int SSLClientSocketImpl::CertVerifyCallback(X509_STORE_CTX* store_ctx) { - if (!completed_connect_) { - // If the first handshake hasn't completed then we accept any certificates - // because we verify after the handshake. - return 1; - } - - // Disallow the server certificate to change in a renegotiation. - if (server_cert_chain_->empty()) { - LOG(ERROR) << "Received invalid certificate chain between handshakes"; - return 0; - } - base::StringPiece old_der, new_der; - if (store_ctx->cert == NULL || - !x509_util::GetDER(server_cert_chain_->Get(0), &old_der) || - !x509_util::GetDER(store_ctx->cert, &new_der)) { - LOG(ERROR) << "Failed to encode certificates"; - return 0; - } - if (old_der != new_der) { - LOG(ERROR) << "Server certificate changed between handshakes"; - return 0; - } - - return 1; -} - void SSLClientSocketImpl::MaybeCacheSession() { // Only cache the session once both a new session has been established and the // certificate has been verified. Due to False Start, these events may happen @@ -1785,17 +1699,13 @@ void SSLClientSocketImpl::AddCTInfoToSSLInfo(SSLInfo* ssl_info) const { std::string SSLClientSocketImpl::GetSessionCacheKey() const { std::string result = host_and_port_.ToString(); - result.append("/"); + result.push_back('/'); result.append(ssl_session_cache_shard_); - result.append("/"); - if (ssl_config_.deprecated_cipher_suites_enabled) - result.append("deprecated"); - - result.append("/"); - if (ssl_config_.channel_id_enabled) - result.append("channelid"); - + result.push_back('/'); + result.push_back(ssl_config_.deprecated_cipher_suites_enabled ? '1' : '0'); + result.push_back(ssl_config_.channel_id_enabled ? '1' : '0'); + result.push_back(ssl_config_.version_interference_probe ? '1' : '0'); return result; } diff --git a/chromium/net/socket/ssl_client_socket_impl.h b/chromium/net/socket/ssl_client_socket_impl.h index 86505ab2f4a..019c1c57d08 100644 --- a/chromium/net/socket/ssl_client_socket_impl.h +++ b/chromium/net/socket/ssl_client_socket_impl.h @@ -127,6 +127,9 @@ class SSLClientSocketImpl : public SSLClientSocket, int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) override; + int ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) override; int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback) override; @@ -154,12 +157,11 @@ class SSLClientSocketImpl : public SSLClientSocket, int DoVerifyCert(int result); int DoVerifyCertComplete(int result); void DoConnectCallback(int result); - void UpdateServerCert(); void OnHandshakeIOComplete(int result); int DoHandshakeLoop(int last_io_result); - int DoPayloadRead(); + int DoPayloadRead(IOBuffer* buf, int buf_len); int DoPayloadWrite(); // Called when an asynchronous event completes which may have blocked the @@ -173,11 +175,6 @@ class SSLClientSocketImpl : public SSLClientSocket, // a certificate for this client. int ClientCertRequestCallback(SSL* ssl); - // CertVerifyCallback is called to verify the server's certificates. We do - // verification after the handshake so this function only enforces that the - // certificates don't change during renegotiation. - int CertVerifyCallback(X509_STORE_CTX* store_ctx); - // Called after the initial handshake completes and after the server // certificate has been verified. The order of handshake completion and // certificate verification depends on whether the connection was false @@ -272,7 +269,6 @@ class SSLClientSocketImpl : public SSLClientSocket, OpenSSLErrorInfo pending_read_error_info_; // Set when Connect finishes. - std::unique_ptr<PeerCertificateChain> server_cert_chain_; scoped_refptr<X509Certificate> server_cert_; CertVerifyResult server_cert_verify_result_; bool completed_connect_; diff --git a/chromium/net/socket/ssl_client_socket_pool.cc b/chromium/net/socket/ssl_client_socket_pool.cc index a0938f3ca65..a557e5be2e8 100644 --- a/chromium/net/socket/ssl_client_socket_pool.cc +++ b/chromium/net/socket/ssl_client_socket_pool.cc @@ -4,6 +4,7 @@ #include "net/socket/ssl_client_socket_pool.h" +#include <cstdlib> #include <utility> #include "base/bind.h" @@ -130,7 +131,9 @@ SSLConnectJob::SSLConnectJob(const std::string& group_name, ? "pm/" + context.ssl_session_cache_shard : context.ssl_session_cache_shard)), callback_( - base::Bind(&SSLConnectJob::OnIOComplete, base::Unretained(this))) {} + base::Bind(&SSLConnectJob::OnIOComplete, base::Unretained(this))), + version_interference_probe_(false), + version_interference_error_(OK) {} SSLConnectJob::~SSLConnectJob() { } @@ -236,7 +239,10 @@ int SSLConnectJob::DoTransportConnect() { } int SSLConnectJob::DoTransportConnectComplete(int result) { - connection_attempts_ = transport_socket_handle_->connection_attempts(); + connection_attempts_.insert( + connection_attempts_.end(), + transport_socket_handle_->connection_attempts().begin(), + transport_socket_handle_->connection_attempts().end()); if (result == OK) { next_state_ = STATE_SSL_CONNECT; transport_socket_handle_->socket()->GetPeerAddress(&server_address_); @@ -321,13 +327,22 @@ int SSLConnectJob::DoSSLConnect() { connect_timing_.ssl_start = base::TimeTicks::Now(); + SSLConfig ssl_config = params_->ssl_config(); + if (version_interference_probe_) { + DCHECK_EQ(SSL_PROTOCOL_VERSION_TLS1_3, ssl_config.version_max); + ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2; + ssl_config.version_interference_probe = true; + } ssl_socket_ = client_socket_factory_->CreateSSLClientSocket( - std::move(transport_socket_handle_), params_->host_and_port(), - params_->ssl_config(), context_); + std::move(transport_socket_handle_), params_->host_and_port(), ssl_config, + context_); return ssl_socket_->Connect(callback_); } int SSLConnectJob::DoSSLConnectComplete(int result) { + // Version interference probes should not result in success. + DCHECK(!version_interference_probe_ || result != OK); + // TODO(rvargas): Remove ScopedTracker below once crbug.com/462784 is fixed. tracked_objects::ScopedTracker tracking_profile( FROM_HERE_WITH_EXPLICIT_FUNCTION( @@ -346,6 +361,32 @@ int SSLConnectJob::DoSSLConnectComplete(int result) { return ERR_ALPN_NEGOTIATION_FAILED; } + // Perform a TLS 1.3 version interference probe on various connection + // errors. The retry will never produce a successful connection but may map + // errors to ERR_SSL_VERSION_INTERFERENCE, which signals a probable + // version-interfering middlebox. + if (params_->ssl_config().version_max == SSL_PROTOCOL_VERSION_TLS1_3 && + !params_->ssl_config().deprecated_cipher_suites_enabled && + !version_interference_probe_) { + if (result == ERR_CONNECTION_CLOSED || result == ERR_SSL_PROTOCOL_ERROR || + result == ERR_SSL_VERSION_OR_CIPHER_MISMATCH || + result == ERR_CONNECTION_RESET || + result == ERR_SSL_BAD_RECORD_MAC_ALERT) { + // Report the error code for each time a version interference probe is + // triggered. + UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSLVersionInterferenceProbeTrigger", + std::abs(result)); + net_log().AddEventWithNetErrorCode( + NetLogEventType::SSL_VERSION_INTERFERENCE_PROBE, result); + + ResetStateForRetry(); + version_interference_probe_ = true; + version_interference_error_ = result; + next_state_ = GetInitialState(params_->GetConnectionType()); + return OK; + } + } + const std::string& host = params_->host_and_port().host(); bool is_google = host == "google.com" || @@ -450,6 +491,14 @@ int SSLConnectJob::DoSSLConnectComplete(int result) { std::abs(result)); } + if (result == ERR_SSL_VERSION_INTERFERENCE) { + // Record the error code version interference was detected at. + DCHECK(version_interference_probe_); + DCHECK_NE(OK, version_interference_error_); + UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSLVersionInterferenceError", + std::abs(version_interference_error_)); + } + if (result == OK || IsCertificateError(result)) { SetSocket(std::move(ssl_socket_)); } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { @@ -480,6 +529,13 @@ int SSLConnectJob::ConnectInternal() { return DoLoop(OK); } +void SSLConnectJob::ResetStateForRetry() { + transport_socket_handle_.reset(); + ssl_socket_.reset(); + error_response_info_ = HttpResponseInfo(); + server_address_ = IPEndPoint(); +} + SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory( TransportClientSocketPool* transport_pool, SOCKSClientSocketPool* socks_pool, @@ -630,6 +686,11 @@ void SSLClientSocketPool::CloseIdleSockets() { base_.CloseIdleSockets(); } +void SSLClientSocketPool::CloseIdleSocketsInGroup( + const std::string& group_name) { + base_.CloseIdleSocketsInGroup(group_name); +} + int SSLClientSocketPool::IdleSocketCount() const { return base_.idle_socket_count(); } diff --git a/chromium/net/socket/ssl_client_socket_pool.h b/chromium/net/socket/ssl_client_socket_pool.h index d39f9202aba..c4913df808c 100644 --- a/chromium/net/socket/ssl_client_socket_pool.h +++ b/chromium/net/socket/ssl_client_socket_pool.h @@ -151,6 +151,8 @@ class SSLConnectJob : public ConnectJob { // Otherwise, it returns a net error code. int ConnectInternal() override; + void ResetStateForRetry(); + scoped_refptr<SSLSocketParams> params_; TransportClientSocketPool* const transport_pool_; SOCKSClientSocketPool* const socks_pool_; @@ -172,6 +174,12 @@ class SSLConnectJob : public ConnectJob { // through an HTTPS CONNECT request or a SOCKS proxy). IPEndPoint server_address_; + bool version_interference_probe_; + + // The error which triggered a TLS 1.3 version interference probe, or OK if + // none was triggered. + int version_interference_error_; + DISALLOW_COPY_AND_ASSIGN(SSLConnectJob); }; @@ -230,6 +238,8 @@ class NET_EXPORT_PRIVATE SSLClientSocketPool void CloseIdleSockets() override; + void CloseIdleSocketsInGroup(const std::string& group_name) override; + int IdleSocketCount() const override; int IdleSocketCountInGroup(const std::string& group_name) const override; diff --git a/chromium/net/socket/ssl_client_socket_pool_unittest.cc b/chromium/net/socket/ssl_client_socket_pool_unittest.cc index 26c722fae41..9f736038ceb 100644 --- a/chromium/net/socket/ssl_client_socket_pool_unittest.cc +++ b/chromium/net/socket/ssl_client_socket_pool_unittest.cc @@ -846,6 +846,7 @@ TEST_F(SSLClientSocketPoolTest, IPPooling) { SSLSocketDataProvider ssl(ASYNC, OK); ssl.cert = X509Certificate::CreateFromBytes( reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); + ASSERT_TRUE(ssl.cert); ssl.next_proto = kProtoHTTP2; socket_factory_.AddSSLSocketDataProvider(&ssl); @@ -922,6 +923,7 @@ TEST_F(SSLClientSocketPoolTest, IPPoolingClientCert) { SSLSocketDataProvider ssl(ASYNC, OK); ssl.cert = X509Certificate::CreateFromBytes( reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)); + ASSERT_TRUE(ssl.cert); ssl.client_cert_sent = true; ssl.next_proto = kProtoHTTP2; TestIPPoolingDisabled(&ssl); diff --git a/chromium/net/socket/ssl_client_socket_unittest.cc b/chromium/net/socket/ssl_client_socket_unittest.cc index 8073af33297..6067721f84f 100644 --- a/chromium/net/socket/ssl_client_socket_unittest.cc +++ b/chromium/net/socket/ssl_client_socket_unittest.cc @@ -7,6 +7,7 @@ #include <errno.h> #include <string.h> +#include <algorithm> #include <utility> #include "base/callback_helpers.h" @@ -17,12 +18,16 @@ #include "base/message_loop/message_loop.h" #include "base/run_loop.h" #include "base/single_thread_task_runner.h" +#include "base/test/scoped_feature_list.h" #include "base/test/scoped_task_scheduler.h" #include "base/threading/thread_task_runner_handle.h" #include "base/time/time.h" #include "base/values.h" +#include "crypto/rsa_private_key.h" #include "net/base/address_list.h" #include "net/base/io_buffer.h" +#include "net/base/ip_address.h" +#include "net/base/ip_endpoint.h" #include "net/base/net_errors.h" #include "net/base/test_completion_callback.h" #include "net/cert/asn1_util.h" @@ -46,14 +51,17 @@ #include "net/socket/client_socket_factory.h" #include "net/socket/client_socket_handle.h" #include "net/socket/socket_test_util.h" +#include "net/socket/ssl_server_socket.h" #include "net/socket/stream_socket.h" #include "net/socket/tcp_client_socket.h" +#include "net/socket/tcp_server_socket.h" #include "net/ssl/channel_id_service.h" #include "net/ssl/default_channel_id_store.h" #include "net/ssl/ssl_cert_request_info.h" #include "net/ssl/ssl_config_service.h" #include "net/ssl/ssl_connection_status_flags.h" #include "net/ssl/ssl_info.h" +#include "net/ssl/ssl_server_config.h" #include "net/ssl/test_ssl_private_key.h" #include "net/test/cert_test_util.h" #include "net/test/gtest_util.h" @@ -70,6 +78,7 @@ using net::test::IsError; using net::test::IsOk; using testing::_; +using testing::AnyOf; using testing::Return; using testing::Truly; @@ -142,6 +151,11 @@ class WrappedStreamSocket : public StreamSocket { const CompletionCallback& callback) override { return transport_->Read(buf, buf_len, callback); } + int ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) override { + return transport_->ReadIfReady(buf, buf_len, callback); + } int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback) override { @@ -174,6 +188,10 @@ class ReadBufferingStreamSocket : public WrappedStreamSocket { int buf_len, const CompletionCallback& callback) override; + int ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) override; + // Sets the internal buffer to |size|. This must not be greater than // the largest value supplied to Read() - that is, it does not handle // having "leftovers" at the end of Read(). @@ -210,7 +228,7 @@ ReadBufferingStreamSocket::ReadBufferingStreamSocket( buffer_size_(0) {} void ReadBufferingStreamSocket::SetBufferSize(int size) { - DCHECK(!user_read_buf_.get()); + DCHECK(!user_read_buf_); buffer_size_ = size; read_buffer_->SetCapacity(size); } @@ -218,20 +236,37 @@ void ReadBufferingStreamSocket::SetBufferSize(int size) { int ReadBufferingStreamSocket::Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) { + DCHECK(!user_read_buf_); if (buffer_size_ == 0) return transport_->Read(buf, buf_len, callback); + int rv = ReadIfReady(buf, buf_len, callback); + if (rv == ERR_IO_PENDING) + user_read_buf_ = buf; + return rv; +} + +int ReadBufferingStreamSocket::ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) { + DCHECK(!user_read_buf_); + if (buffer_size_ == 0) + return transport_->ReadIfReady(buf, buf_len, callback); + + if (read_buffer_->RemainingCapacity() == 0) { + memcpy(buf->data(), read_buffer_->StartOfBuffer(), + read_buffer_->capacity()); + read_buffer_->set_offset(0); + return read_buffer_->capacity(); + } if (buf_len < buffer_size_) return ERR_UNEXPECTED; state_ = STATE_READ; - user_read_buf_ = buf; - int result = DoLoop(OK); - if (result == ERR_IO_PENDING) + int rv = DoLoop(OK); + if (rv == ERR_IO_PENDING) user_read_callback_ = callback; - else - user_read_buf_ = NULL; - return result; + return rv; } int ReadBufferingStreamSocket::DoLoop(int result) { @@ -258,16 +293,15 @@ int ReadBufferingStreamSocket::DoLoop(int result) { int ReadBufferingStreamSocket::DoRead() { state_ = STATE_READ_COMPLETE; - int rv = - transport_->Read(read_buffer_.get(), - read_buffer_->RemainingCapacity(), - base::Bind(&ReadBufferingStreamSocket::OnReadCompleted, - base::Unretained(this))); - return rv; + return transport_->Read( + read_buffer_.get(), read_buffer_->RemainingCapacity(), + base::Bind(&ReadBufferingStreamSocket::OnReadCompleted, + base::Unretained(this))); } int ReadBufferingStreamSocket::DoReadComplete(int result) { state_ = STATE_NONE; + if (result <= 0) return result; @@ -277,6 +311,11 @@ int ReadBufferingStreamSocket::DoReadComplete(int result) { return OK; } + // If ReadIfReady() is called by the user and this is an asynchronous + // completion, notify the user that read can be retried. + if (user_read_buf_ == nullptr) + return OK; + memcpy(user_read_buf_->data(), read_buffer_->StartOfBuffer(), read_buffer_->capacity()); @@ -285,11 +324,13 @@ int ReadBufferingStreamSocket::DoReadComplete(int result) { } void ReadBufferingStreamSocket::OnReadCompleted(int result) { + DCHECK_NE(ERR_IO_PENDING, result); + DCHECK(user_read_callback_); + result = DoLoop(result); if (result == ERR_IO_PENDING) return; - - user_read_buf_ = NULL; + user_read_buf_ = nullptr; base::ResetAndReturn(&user_read_callback_).Run(result); } @@ -304,6 +345,9 @@ class SynchronousErrorStreamSocket : public WrappedStreamSocket { int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) override; + int ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) override; int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback) override; @@ -346,6 +390,15 @@ int SynchronousErrorStreamSocket::Read(IOBuffer* buf, return transport_->Read(buf, buf_len, callback); } +int SynchronousErrorStreamSocket::ReadIfReady( + IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) { + if (have_read_error_) + return pending_read_error_; + return transport_->ReadIfReady(buf, buf_len, callback); +} + int SynchronousErrorStreamSocket::Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback) { @@ -368,6 +421,9 @@ class FakeBlockingStreamSocket : public WrappedStreamSocket { int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) override; + int ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) override; int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback) override; @@ -405,12 +461,21 @@ class FakeBlockingStreamSocket : public WrappedStreamSocket { // Handles completion from the underlying transport read. void OnReadCompleted(int result); + // Handles async completion of ReadIfReady(). + void CompleteReadIfReady(scoped_refptr<IOBuffer> buffer, int rv); + // Finishes the current read. void ReturnReadResult(); // True if read callbacks are blocked. bool should_block_read_ = false; + // Used to buffer result returned by a completed ReadIfReady(). + std::string read_if_ready_buf_; + + // Non-null if there is a pending ReadIfReady(). + CompletionCallback read_if_ready_callback_; + // The buffer for the pending read, or NULL if not consumed. scoped_refptr<IOBuffer> pending_read_buf_; @@ -451,8 +516,10 @@ int FakeBlockingStreamSocket::Read(IOBuffer* buf, DCHECK_EQ(ERR_IO_PENDING, pending_read_result_); DCHECK(!callback.is_null()); - int rv = transport_->Read(buf, len, base::Bind( - &FakeBlockingStreamSocket::OnReadCompleted, base::Unretained(this))); + int rv = + transport_->Read(buf, len, + base::Bind(&FakeBlockingStreamSocket::OnReadCompleted, + base::Unretained(this))); if (rv == ERR_IO_PENDING || should_block_read_) { // Save the callback to be called later. pending_read_buf_ = buf; @@ -467,6 +534,32 @@ int FakeBlockingStreamSocket::Read(IOBuffer* buf, return rv; } +int FakeBlockingStreamSocket::ReadIfReady(IOBuffer* buf, + int len, + const CompletionCallback& callback) { + if (!read_if_ready_buf_.empty()) { + // If ReadIfReady() is used, asynchronous reads with a large enough buffer + // and no BlockReadResult() are supported by this class. Explicitly check + // that |should_block_read_| doesn't apply and |len| is greater than the + // size of the buffered data. + CHECK(!should_block_read_); + CHECK_GE(len, static_cast<int>(read_if_ready_buf_.size())); + int rv = read_if_ready_buf_.size(); + memcpy(buf->data(), read_if_ready_buf_.data(), rv); + read_if_ready_buf_.clear(); + return rv; + } + scoped_refptr<IOBuffer> buf_copy = new IOBuffer(len); + int rv = Read(buf_copy.get(), len, + base::Bind(&FakeBlockingStreamSocket::CompleteReadIfReady, + base::Unretained(this), buf_copy)); + if (rv > 0) + memcpy(buf->data(), buf_copy->data(), rv); + if (rv == ERR_IO_PENDING) + read_if_ready_callback_ = callback; + return rv; +} + int FakeBlockingStreamSocket::Write(IOBuffer* buf, int len, const CompletionCallback& callback) { @@ -584,6 +677,16 @@ void FakeBlockingStreamSocket::OnReadCompleted(int result) { ReturnReadResult(); } +void FakeBlockingStreamSocket::CompleteReadIfReady(scoped_refptr<IOBuffer> buf, + int rv) { + DCHECK(read_if_ready_callback_); + DCHECK(read_if_ready_buf_.empty()); + DCHECK(!should_block_read_); + if (rv > 0) + read_if_ready_buf_ = std::string(buf->data(), buf->data() + rv); + base::ResetAndReturn(&read_if_ready_callback_).Run(rv > 0 ? OK : rv); +} + void FakeBlockingStreamSocket::ReturnReadResult() { int result = pending_read_result_; pending_read_result_ = ERR_IO_PENDING; @@ -858,6 +961,66 @@ class SSLClientSocketTest : public PlatformTest { AddressList addr_; }; +// If GetParam(), try ReadIfReady() and fall back to Read() if needed. +class SSLClientSocketReadTest : public SSLClientSocketTest, + public ::testing::WithParamInterface<bool> { + protected: + SSLClientSocketReadTest() + : SSLClientSocketTest(), read_if_ready_enabled_(GetParam()) {} + + void SetUp() override { + if (read_if_ready_enabled()) + scoped_feature_list_.InitAndEnableFeature(Socket::kReadIfReadyExperiment); + } + + // Convienient wrapper to call Read()/ReadIfReady() depending on whether + // ReadyIfReady() is enabled. + int Read(StreamSocket* socket, + IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) { + if (read_if_ready_enabled()) + return socket->ReadIfReady(buf, buf_len, callback); + return socket->Read(buf, buf_len, callback); + } + + // Wait for Read()/ReadIfReady() to complete. + int WaitForReadCompletion(StreamSocket* socket, + IOBuffer* buf, + int buf_len, + TestCompletionCallback* callback, + int rv) { + if (!read_if_ready_enabled()) + return callback->GetResult(rv); + while (rv == ERR_IO_PENDING) { + rv = callback->GetResult(rv); + if (rv != OK) + return rv; + rv = socket->ReadIfReady(buf, buf_len, callback->callback()); + } + return rv; + } + + // Calls Read()/ReadIfReady() and waits for it to return data. + int ReadAndWaitForCompletion(StreamSocket* socket, + IOBuffer* buf, + int buf_len) { + TestCompletionCallback callback; + int rv = Read(socket, buf, buf_len, callback.callback()); + return WaitForReadCompletion(socket, buf, buf_len, &callback, rv); + } + + bool read_if_ready_enabled() const { return read_if_ready_enabled_; } + + private: + base::test::ScopedFeatureList scoped_feature_list_; + const bool read_if_ready_enabled_; +}; + +INSTANTIATE_TEST_CASE_P(/* no prefix */, + SSLClientSocketReadTest, + ::testing::Bool()); + // Verifies the correctness of GetSSLCertRequestInfo. class SSLClientSocketCertRequestInfoTest : public SSLClientSocketTest { protected: @@ -1131,26 +1294,30 @@ TEST_F(SSLClientSocketTest, ConnectMismatched) { EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT)); } -#if defined(OS_WIN) // Tests that certificates parsable by SSLClientSocket's internal SSL -// implementation, but not X509Certificate are treated as fatal non-certificate -// errors. This is regression test for https://crbug.com/91341. +// implementation, but not X509Certificate are treated as fatal connection +// errors. This is a regression test for https://crbug.com/91341. TEST_F(SSLClientSocketTest, ConnectBadValidity) { SpawnedTestServer::SSLOptions ssl_options( SpawnedTestServer::SSLOptions::CERT_BAD_VALIDITY); ASSERT_TRUE(StartTestServer(ssl_options)); + cert_verifier_->set_default_result(ERR_CERT_DATE_INVALID); + SSLConfig ssl_config; int rv; ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); +#if defined(OS_WIN) EXPECT_THAT(rv, IsError(ERR_SSL_SERVER_CERT_BAD_FORMAT)); EXPECT_FALSE(IsCertificateError(rv)); - - SSLInfo ssl_info; - ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); - EXPECT_FALSE(ssl_info.cert); +#elif defined(OS_ANDROID) + // Android date handling behavior can vary depending on the platform. + EXPECT_THAT(rv, AnyOf(IsError(ERR_SSL_SERVER_CERT_BAD_FORMAT), + IsError(ERR_CERT_DATE_INVALID))); +#else // !(defined(OS_WIN) || defined(OS_ANDROID)) + EXPECT_THAT(rv, IsError(ERR_CERT_DATE_INVALID)); +#endif } -#endif // defined(OS_WIN) // Attempt to connect to a page which requests a client certificate. It should // return an error code on connect. @@ -1206,7 +1373,7 @@ TEST_F(SSLClientSocketTest, ConnectClientAuthSendNullCert) { // Tests that the socket can be read from successfully. Also test that a peer's // close_notify alert is successfully processed without error. -TEST_F(SSLClientSocketTest, Read) { +TEST_P(SSLClientSocketReadTest, Read) { ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); TestCompletionCallback callback; @@ -1242,7 +1409,7 @@ TEST_F(SSLClientSocketTest, Read) { int64_t unencrypted_bytes_read = 0; int64_t network_bytes_read_during_handshake = sock->GetTotalReceivedBytes(); do { - rv = callback.GetResult(sock->Read(buf.get(), 4096, callback.callback())); + rv = ReadAndWaitForCompletion(sock.get(), buf.get(), 4096); EXPECT_GE(rv, 0); if (rv >= 0) { unencrypted_bytes_read += rv; @@ -1293,7 +1460,7 @@ TEST_F(SSLClientSocketTest, Connect_WithSynchronousError) { // synchronously returns an error code - such as if an intermediary terminates // the socket connection uncleanly. // This is a regression test for http://crbug.com/238536 -TEST_F(SSLClientSocketTest, Read_WithSynchronousError) { +TEST_P(SSLClientSocketReadTest, Read_WithSynchronousError) { ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); TestCompletionCallback callback; @@ -1335,7 +1502,7 @@ TEST_F(SSLClientSocketTest, Read_WithSynchronousError) { // Note: This test will hang if this bug has regressed. Simply checking that // rv != ERR_IO_PENDING is insufficient, as ERR_IO_PENDING is a legitimate // result when using a dedicated task runner for NSS. - rv = callback.GetResult(sock->Read(buf.get(), 4096, callback.callback())); + rv = ReadAndWaitForCompletion(sock.get(), buf.get(), 4096); EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET)); } @@ -1470,7 +1637,7 @@ TEST_F(SSLClientSocketTest, Write_WithSynchronousErrorNoRead) { // Test the full duplex mode, with Read and Write pending at the same time. // This test also serves as a regression test for http://crbug.com/29815. -TEST_F(SSLClientSocketTest, Read_FullDuplex) { +TEST_P(SSLClientSocketReadTest, Read_FullDuplex) { ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); int rv; @@ -1480,7 +1647,7 @@ TEST_F(SSLClientSocketTest, Read_FullDuplex) { // Issue a "hanging" Read first. TestCompletionCallback callback; scoped_refptr<IOBuffer> buf(new IOBuffer(4096)); - rv = sock_->Read(buf.get(), 4096, callback.callback()); + rv = Read(sock_.get(), buf.get(), 4096, callback.callback()); // We haven't written the request, so there should be no response yet. ASSERT_THAT(rv, IsError(ERR_IO_PENDING)); @@ -1500,7 +1667,7 @@ TEST_F(SSLClientSocketTest, Read_FullDuplex) { EXPECT_EQ(static_cast<int>(request_text.size()), rv); // Now get the Read result. - rv = callback.WaitForResult(); + rv = WaitForReadCompletion(sock_.get(), buf.get(), 4096, &callback, rv); EXPECT_GT(rv, 0); } @@ -1510,7 +1677,7 @@ TEST_F(SSLClientSocketTest, Read_FullDuplex) { // Read() and Write() callbacks. If the socket is deleted by the Read() // callback, the Write() callback should not be invoked. // Regression test for http://crbug.com/232633 -TEST_F(SSLClientSocketTest, Read_DeleteWhilePendingFullDuplex) { +TEST_P(SSLClientSocketReadTest, Read_DeleteWhilePendingFullDuplex) { ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); TestCompletionCallback callback; @@ -1559,7 +1726,7 @@ TEST_F(SSLClientSocketTest, Read_DeleteWhilePendingFullDuplex) { SSLClientSocket* raw_sock = sock.get(); DeleteSocketCallback read_callback(sock.release()); scoped_refptr<IOBuffer> read_buf(new IOBuffer(4096)); - rv = raw_sock->Read(read_buf.get(), 4096, read_callback.callback()); + rv = Read(raw_sock, read_buf.get(), 4096, read_callback.callback()); // Ensure things didn't complete synchronously, otherwise |sock| is invalid. ASSERT_THAT(rv, IsError(ERR_IO_PENDING)); @@ -1578,8 +1745,14 @@ TEST_F(SSLClientSocketTest, Read_DeleteWhilePendingFullDuplex) { // the Write() callback. raw_transport->UnblockWrite(); + // |read_callback| deletes |sock| so if ReadIfReady() is used, we will get OK + // asynchronously but can't continue reading because the socket is gone. rv = read_callback.WaitForResult(); - EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET)); + if (read_if_ready_enabled()) { + EXPECT_THAT(rv, IsOk()); + } else { + EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET)); + } // The Write callback should not have been called. EXPECT_FALSE(callback.have_result()); @@ -1589,7 +1762,7 @@ TEST_F(SSLClientSocketTest, Read_DeleteWhilePendingFullDuplex) { // transport socket after a failing write. This can occur if we have a Write // error in a SPDY socket. // Regression test for http://crbug.com/335557 -TEST_F(SSLClientSocketTest, Read_WithWriteError) { +TEST_P(SSLClientSocketReadTest, Read_WithWriteError) { ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); TestCompletionCallback callback; @@ -1634,7 +1807,7 @@ TEST_F(SSLClientSocketTest, Read_WithWriteError) { TestCompletionCallback read_callback; raw_transport->BlockReadResult(); scoped_refptr<IOBuffer> buf(new IOBuffer(4096)); - rv = sock->Read(buf.get(), 4096, read_callback.callback()); + rv = Read(sock.get(), buf.get(), 4096, read_callback.callback()); EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); // Perform another write, but have it fail. Write a request larger than the @@ -1666,7 +1839,7 @@ TEST_F(SSLClientSocketTest, Read_WithWriteError) { // At this point the Read result is available. Transport write errors are // surfaced through Writes. See https://crbug.com/249848. - rv = read_callback.WaitForResult(); + rv = WaitForReadCompletion(sock.get(), buf.get(), 4096, &read_callback, rv); EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET)); // Release the read. This does not cause a crash. @@ -1702,7 +1875,7 @@ TEST_F(SSLClientSocketTest, Connect_WithZeroReturn) { // Tests that SSLClientSocket returns a Read of size 0 if the underlying socket // is cleanly closed, but the peer does not send close_notify. // This is a regression test for https://crbug.com/422246 -TEST_F(SSLClientSocketTest, Read_WithZeroReturn) { +TEST_P(SSLClientSocketReadTest, Read_WithZeroReturn) { ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); TestCompletionCallback callback; @@ -1728,14 +1901,14 @@ TEST_F(SSLClientSocketTest, Read_WithZeroReturn) { raw_transport->SetNextReadError(0); scoped_refptr<IOBuffer> buf(new IOBuffer(4096)); - rv = callback.GetResult(sock->Read(buf.get(), 4096, callback.callback())); + rv = ReadAndWaitForCompletion(sock.get(), buf.get(), 4096); EXPECT_EQ(0, rv); } // Tests that SSLClientSocket cleanly returns a Read of size 0 if the // underlying socket is cleanly closed asynchronously. // This is a regression test for https://crbug.com/422246 -TEST_F(SSLClientSocketTest, Read_WithAsyncZeroReturn) { +TEST_P(SSLClientSocketReadTest, Read_WithAsyncZeroReturn) { ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); TestCompletionCallback callback; @@ -1765,17 +1938,18 @@ TEST_F(SSLClientSocketTest, Read_WithAsyncZeroReturn) { raw_error_socket->SetNextReadError(0); raw_transport->BlockReadResult(); scoped_refptr<IOBuffer> buf(new IOBuffer(4096)); - rv = sock->Read(buf.get(), 4096, callback.callback()); + TestCompletionCallback read_callback; + rv = Read(sock.get(), buf.get(), 4096, read_callback.callback()); EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); raw_transport->UnblockReadResult(); - rv = callback.GetResult(rv); + rv = WaitForReadCompletion(sock.get(), buf.get(), 4096, &read_callback, rv); EXPECT_EQ(0, rv); } // Tests that fatal alerts from the peer are processed. This is a regression // test for https://crbug.com/466303. -TEST_F(SSLClientSocketTest, Read_WithFatalAlert) { +TEST_P(SSLClientSocketReadTest, Read_WithFatalAlert) { SpawnedTestServer::SSLOptions ssl_options; ssl_options.alert_after_handshake = true; ASSERT_TRUE(StartTestServer(ssl_options)); @@ -1787,11 +1961,11 @@ TEST_F(SSLClientSocketTest, Read_WithFatalAlert) { // Receive the fatal alert. TestCompletionCallback callback; scoped_refptr<IOBuffer> buf(new IOBuffer(4096)); - EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, callback.GetResult(sock_->Read( - buf.get(), 4096, callback.callback()))); + EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, + ReadAndWaitForCompletion(sock_.get(), buf.get(), 4096)); } -TEST_F(SSLClientSocketTest, Read_SmallChunks) { +TEST_P(SSLClientSocketReadTest, Read_SmallChunks) { ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); int rv; @@ -1810,12 +1984,12 @@ TEST_F(SSLClientSocketTest, Read_SmallChunks) { scoped_refptr<IOBuffer> buf(new IOBuffer(1)); do { - rv = callback.GetResult(sock_->Read(buf.get(), 1, callback.callback())); + rv = ReadAndWaitForCompletion(sock_.get(), buf.get(), 1); EXPECT_GE(rv, 0); } while (rv > 0); } -TEST_F(SSLClientSocketTest, Read_ManySmallRecords) { +TEST_P(SSLClientSocketReadTest, Read_ManySmallRecords) { ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); TestCompletionCallback callback; @@ -1858,11 +2032,11 @@ TEST_F(SSLClientSocketTest, Read_ManySmallRecords) { raw_transport->SetBufferSize(15000); scoped_refptr<IOBuffer> buffer(new IOBuffer(8192)); - rv = callback.GetResult(sock->Read(buffer.get(), 8192, callback.callback())); + rv = ReadAndWaitForCompletion(sock.get(), buffer.get(), 8192); ASSERT_EQ(rv, 8192); } -TEST_F(SSLClientSocketTest, Read_Interrupted) { +TEST_P(SSLClientSocketReadTest, Read_Interrupted) { ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); int rv; @@ -1881,11 +2055,11 @@ TEST_F(SSLClientSocketTest, Read_Interrupted) { // Do a partial read and then exit. This test should not crash! scoped_refptr<IOBuffer> buf(new IOBuffer(512)); - rv = callback.GetResult(sock_->Read(buf.get(), 512, callback.callback())); + rv = ReadAndWaitForCompletion(sock_.get(), buf.get(), 512); EXPECT_GT(rv, 0); } -TEST_F(SSLClientSocketTest, Read_FullLogging) { +TEST_P(SSLClientSocketReadTest, Read_FullLogging) { ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); TestCompletionCallback callback; @@ -1921,7 +2095,7 @@ TEST_F(SSLClientSocketTest, Read_FullLogging) { scoped_refptr<IOBuffer> buf(new IOBuffer(4096)); for (;;) { - rv = callback.GetResult(sock->Read(buf.get(), 4096, callback.callback())); + rv = ReadAndWaitForCompletion(sock.get(), buf.get(), 4096); EXPECT_GE(rv, 0); if (rv <= 0) break; @@ -2182,6 +2356,7 @@ TEST_F(SSLClientSocketTest, VerifyReturnChainProperlyOrdered) { CertVerifyResult verify_result; verify_result.verified_cert = X509Certificate::CreateFromHandle( certs[0]->os_cert_handle(), temp_intermediates); + ASSERT_TRUE(verify_result.verified_cert); // Add a rule that maps the server cert (A) to the chain of A->B->C2 // rather than A->B->C. @@ -2666,6 +2841,37 @@ TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) { EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); } +// Tests that the version_interference_probe option rejects successful +// connections and passes errors through. +TEST_F(SSLClientSocketTest, VersionInterferenceProbe) { + ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); + + SSLConfig ssl_config; + ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2; + ssl_config.version_interference_probe = true; + + // Successful connections map to a dedicated error. + int rv; + ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); + EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_INTERFERENCE)); + + // Failed connections pass through. + TestCompletionCallback callback; + std::unique_ptr<StreamSocket> real_transport( + new TCPClientSocket(addr(), NULL, NULL, NetLogSource())); + std::unique_ptr<SynchronousErrorStreamSocket> transport( + new SynchronousErrorStreamSocket(std::move(real_transport))); + rv = callback.GetResult(transport->Connect(callback.callback())); + EXPECT_THAT(rv, IsOk()); + SynchronousErrorStreamSocket* raw_transport = transport.get(); + std::unique_ptr<SSLClientSocket> sock(CreateSSLClientSocket( + std::move(transport), spawned_test_server()->host_port_pair(), + ssl_config)); + raw_transport->SetNextWriteError(ERR_CONNECTION_RESET); + rv = callback.GetResult(sock->Connect(callback.callback())); + EXPECT_THAT(rv, IsError(ERR_CONNECTION_RESET)); +} + TEST_F(SSLClientSocketTest, RequireECDHE) { // Run test server without ECDHE. SpawnedTestServer::SSLOptions ssl_options; @@ -3046,11 +3252,7 @@ TEST_F(SSLClientSocketTest, AlpnClientDisabled) { namespace { -// Loads a PEM-encoded private key file into a SSLPrivateKey object. -// |filepath| is the private key file path. -// Returns the new SSLPrivateKey. -scoped_refptr<SSLPrivateKey> LoadPrivateKeyOpenSSL( - const base::FilePath& filepath) { +bssl::UniquePtr<EVP_PKEY> LoadEVP_PKEY(const base::FilePath& filepath) { std::string data; if (!base::ReadFileToString(filepath, &data)) { LOG(ERROR) << "Could not read private key file: " << filepath.value(); @@ -3068,7 +3270,18 @@ scoped_refptr<SSLPrivateKey> LoadPrivateKeyOpenSSL( LOG(ERROR) << "Could not decode private key file: " << filepath.value(); return nullptr; } - return WrapOpenSSLPrivateKey(std::move(result)); + return result; +} + +// Loads a PEM-encoded private key file into a SSLPrivateKey object. +// |filepath| is the private key file path. +// Returns the new SSLPrivateKey. +scoped_refptr<SSLPrivateKey> LoadPrivateKeyOpenSSL( + const base::FilePath& filepath) { + bssl::UniquePtr<EVP_PKEY> key = LoadEVP_PKEY(filepath); + if (!key) + return nullptr; + return WrapOpenSSLPrivateKey(std::move(key)); } } // namespace @@ -3593,7 +3806,7 @@ TEST_F(SSLClientSocketTest, AccessDeniedClientCerts) { } // Basic test for dumping memory stats. -TEST_F(SSLClientSocketTest, DumpMemoryStats) { +TEST_P(SSLClientSocketReadTest, DumpMemoryStats) { ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); int rv; @@ -3609,16 +3822,98 @@ TEST_F(SSLClientSocketTest, DumpMemoryStats) { // Read the response without writing a request, so the read will be pending. TestCompletionCallback read_callback; scoped_refptr<IOBuffer> buf(new IOBuffer(4096)); - rv = sock_->Read(buf.get(), 4096, read_callback.callback()); + rv = Read(sock_.get(), buf.get(), 4096, read_callback.callback()); EXPECT_EQ(ERR_IO_PENDING, rv); // Dump memory again and check that |buffer_size| contain the read buffer. StreamSocket::SocketMemoryStats stats2; sock_->DumpMemoryStats(&stats2); - EXPECT_EQ(17 * 1024u, stats2.buffer_size); + + if (read_if_ready_enabled()) { + EXPECT_EQ(0u, stats2.buffer_size); + EXPECT_EQ(stats.cert_size, stats2.total_size); + } else { + EXPECT_EQ(17 * 1024u, stats2.buffer_size); + EXPECT_LT(17 * 1024u, stats2.total_size); + } EXPECT_EQ(1u, stats2.cert_count); EXPECT_LT(0u, stats2.cert_size); - EXPECT_LT(17 * 1024u, stats2.total_size); +} + +TEST_P(SSLClientSocketReadTest, IdleAfterRead) { + // Set up a TCP server. + TCPServerSocket server_listener(NULL, NetLogSource()); + ASSERT_THAT( + server_listener.Listen(IPEndPoint(IPAddress::IPv4Localhost(), 0), 1), + IsOk()); + IPEndPoint server_address; + ASSERT_THAT(server_listener.GetLocalAddress(&server_address), IsOk()); + + // Connect a TCP client and server socket. + TestCompletionCallback server_callback; + std::unique_ptr<StreamSocket> server_transport; + int server_rv = + server_listener.Accept(&server_transport, server_callback.callback()); + + TestCompletionCallback client_callback; + std::unique_ptr<TCPClientSocket> client_transport(new TCPClientSocket( + AddressList(server_address), NULL, NULL, NetLogSource())); + int client_rv = client_transport->Connect(client_callback.callback()); + + EXPECT_THAT(server_callback.GetResult(server_rv), IsOk()); + EXPECT_THAT(client_callback.GetResult(client_rv), IsOk()); + + // Set up an SSL server. + base::FilePath certs_dir = GetTestCertsDirectory(); + scoped_refptr<net::X509Certificate> cert = + ImportCertFromFile(certs_dir, "ok_cert.pem"); + ASSERT_TRUE(cert); + bssl::UniquePtr<EVP_PKEY> pkey = + LoadEVP_PKEY(certs_dir.AppendASCII("ok_cert.pem")); + ASSERT_TRUE(pkey); + std::unique_ptr<crypto::RSAPrivateKey> key = + crypto::RSAPrivateKey::CreateFromKey(pkey.get()); + ASSERT_TRUE(key); + std::unique_ptr<SSLServerContext> server_context = + CreateSSLServerContext(cert.get(), *key.get(), SSLServerConfig()); + + // Complete the SSL handshake on both sides. + std::unique_ptr<SSLClientSocket> client(CreateSSLClientSocket( + std::move(client_transport), HostPortPair::FromIPEndPoint(server_address), + SSLConfig())); + std::unique_ptr<SSLServerSocket> server( + server_context->CreateSSLServerSocket(std::move(server_transport))); + + server_rv = server->Handshake(server_callback.callback()); + client_rv = client->Connect(client_callback.callback()); + + EXPECT_THAT(server_callback.GetResult(server_rv), IsOk()); + EXPECT_THAT(client_callback.GetResult(client_rv), IsOk()); + + // Write a single record on the server. + scoped_refptr<IOBuffer> write_buf(new StringIOBuffer("a")); + server_rv = server->Write(write_buf.get(), 1, server_callback.callback()); + + // Read that record on the server, but with a much larger buffer than + // necessary. + scoped_refptr<IOBuffer> read_buf(new IOBuffer(1024)); + client_rv = + Read(client.get(), read_buf.get(), 1024, client_callback.callback()); + + EXPECT_EQ(1, server_callback.GetResult(server_rv)); + EXPECT_EQ(1, WaitForReadCompletion(client.get(), read_buf.get(), 1024, + &client_callback, client_rv)); + + // At this point the client socket should be idle. + EXPECT_TRUE(client->IsConnectedAndIdle()); + + // The read buffer should be released. + StreamSocket::SocketMemoryStats stats; + client->DumpMemoryStats(&stats); + EXPECT_EQ(0u, stats.buffer_size); + EXPECT_EQ(1u, stats.cert_count); + EXPECT_LT(0u, stats.cert_size); + EXPECT_EQ(stats.cert_size, stats.total_size); } } // namespace net diff --git a/chromium/net/socket/ssl_server_socket.h b/chromium/net/socket/ssl_server_socket.h index 1258a870643..b61e6631761 100644 --- a/chromium/net/socket/ssl_server_socket.h +++ b/chromium/net/socket/ssl_server_socket.h @@ -32,6 +32,7 @@ namespace net { struct SSLServerConfig; class X509Certificate; +// A server socket that uses SSL as the transport layer. class SSLServerSocket : public SSLSocket { public: ~SSLServerSocket() override {} diff --git a/chromium/net/socket/ssl_server_socket_impl.cc b/chromium/net/socket/ssl_server_socket_impl.cc index 4337aa10531..5d4bce72d7b 100644 --- a/chromium/net/socket/ssl_server_socket_impl.cc +++ b/chromium/net/socket/ssl_server_socket_impl.cc @@ -14,6 +14,7 @@ #include "net/base/net_errors.h" #include "net/cert/cert_verify_result.h" #include "net/cert/client_cert_verifier.h" +#include "net/cert/x509_util.h" #include "net/cert/x509_util_openssl.h" #include "net/log/net_log_event_type.h" #include "net/log/net_log_with_source.h" @@ -504,12 +505,13 @@ int SSLServerSocketImpl::DoHandshake() { OpenSSLErrorInfo error_info; net_error = MapOpenSSLErrorWithDetails(ssl_error, err_tracer, &error_info); - // This hack is necessary because the mapping of SSL error codes to - // net_errors assumes (correctly for client sockets, but erroneously for - // server sockets) that peer cert verification failure can only occur if - // the cert changed during a renego. crbug.com/570351 - if (net_error == ERR_SSL_SERVER_CERT_CHANGED) + // SSL_R_CERTIFICATE_VERIFY_FAILED's mapping is different between client and + // server. + if (ERR_GET_LIB(error_info.error_code) == ERR_LIB_SSL && + ERR_GET_REASON(error_info.error_code) == + SSL_R_CERTIFICATE_VERIFY_FAILED) { net_error = ERR_BAD_SSL_CLIENT_AUTH_CERT; + } // If not done, stay in this state if (net_error == ERR_IO_PENDING) { @@ -623,6 +625,8 @@ SSLServerContextImpl::SSLServerContextImpl( uint8_t session_ctx_id = 0; SSL_CTX_set_session_id_context(ssl_ctx_.get(), &session_ctx_id, sizeof(session_ctx_id)); + // Deduplicate all certificates minted from the SSL_CTX in memory. + SSL_CTX_set0_buffer_pool(ssl_ctx_.get(), x509_util::GetBufferPool()); int verify_mode = 0; switch (ssl_server_config_.client_cert_type) { @@ -642,26 +646,26 @@ SSLServerContextImpl::SSLServerContextImpl( // Set certificate and private key. DCHECK(cert_->os_cert_handle()); -#if defined(USE_OPENSSL_CERTS) + DCHECK(key_->key()); +#if BUILDFLAG(USE_BYTE_CERTS) + // On success, SSL_CTX_set_chain_and_key acquires a reference to + // |cert_->os_cert_handle()| and |key_->key()|. + CRYPTO_BUFFER* cert_buffers[] = {cert_->os_cert_handle()}; + CHECK(SSL_CTX_set_chain_and_key(ssl_ctx_.get(), cert_buffers, + arraysize(cert_buffers), key_->key(), + nullptr /* privkey_method */)); +#elif defined(USE_OPENSSL_CERTS) CHECK(SSL_CTX_use_certificate(ssl_ctx_.get(), cert_->os_cert_handle())); + CHECK(SSL_CTX_use_PrivateKey(ssl_ctx_.get(), key_->key())); #else - // Convert OSCertHandle to X509 structure. std::string der_string; CHECK(X509Certificate::GetDEREncoded(cert_->os_cert_handle(), &der_string)); - - const unsigned char* der_string_array = - reinterpret_cast<const unsigned char*>(der_string.data()); - - bssl::UniquePtr<X509> x509( - d2i_X509(NULL, &der_string_array, der_string.length())); - CHECK(x509); - - // On success, SSL_CTX_use_certificate acquires a reference to |x509|. - CHECK(SSL_CTX_use_certificate(ssl_ctx_.get(), x509.get())); -#endif // USE_OPENSSL_CERTS - - DCHECK(key_->key()); + CHECK(SSL_CTX_use_certificate_ASN1( + ssl_ctx_.get(), der_string.length(), + reinterpret_cast<const unsigned char*>(der_string.data()))); + // On success, SSL_CTX_use_PrivateKey acquires a reference to |key_->key()|. CHECK(SSL_CTX_use_PrivateKey(ssl_ctx_.get(), key_->key())); +#endif // USE_OPENSSL_CERTS && !USE_BYTE_CERTS DCHECK_LT(SSL3_VERSION, ssl_server_config_.version_min); DCHECK_LT(SSL3_VERSION, ssl_server_config_.version_max); diff --git a/chromium/net/socket/tcp_client_socket.cc b/chromium/net/socket/tcp_client_socket.cc index 01ce316ee14..9e1470ffcdb 100644 --- a/chromium/net/socket/tcp_client_socket.cc +++ b/chromium/net/socket/tcp_client_socket.cc @@ -100,6 +100,26 @@ int TCPClientSocket::Connect(const CompletionCallback& callback) { return rv; } +int TCPClientSocket::ReadCommon(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback, + bool read_if_ready) { + DCHECK(!callback.is_null()); + + // |socket_| is owned by |this| and the callback won't be run once |socket_| + // is gone/closed. Therefore, it is safe to use base::Unretained() here. + CompletionCallback read_callback = base::Bind( + &TCPClientSocket::DidCompleteRead, base::Unretained(this), callback); + int result = read_if_ready ? socket_->ReadIfReady(buf, buf_len, read_callback) + : socket_->Read(buf, buf_len, read_callback); + if (result > 0) { + use_history_.set_was_used_to_convey_data(); + total_received_bytes_ += result; + } + + return result; +} + int TCPClientSocket::DoConnectLoop(int result) { DCHECK_NE(next_connect_state_, CONNECT_STATE_NONE); @@ -272,19 +292,13 @@ bool TCPClientSocket::GetSSLInfo(SSLInfo* ssl_info) { int TCPClientSocket::Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) { - DCHECK(!callback.is_null()); - - // |socket_| is owned by this class and the callback won't be run once - // |socket_| is gone. Therefore, it is safe to use base::Unretained() here. - CompletionCallback read_callback = base::Bind( - &TCPClientSocket::DidCompleteRead, base::Unretained(this), callback); - int result = socket_->Read(buf, buf_len, read_callback); - if (result > 0) { - use_history_.set_was_used_to_convey_data(); - total_received_bytes_ += result; - } + return ReadCommon(buf, buf_len, callback, /*read_if_ready=*/false); +} - return result; +int TCPClientSocket::ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) { + return ReadCommon(buf, buf_len, callback, /*read_if_ready=*/true); } int TCPClientSocket::Write(IOBuffer* buf, diff --git a/chromium/net/socket/tcp_client_socket.h b/chromium/net/socket/tcp_client_socket.h index 65a51837103..8981fb066f5 100644 --- a/chromium/net/socket/tcp_client_socket.h +++ b/chromium/net/socket/tcp_client_socket.h @@ -68,6 +68,9 @@ class NET_EXPORT TCPClientSocket : public StreamSocket { int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) override; + int ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) override; int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback) override; @@ -90,6 +93,13 @@ class NET_EXPORT TCPClientSocket : public StreamSocket { CONNECT_STATE_NONE, }; + // A helper method shared by Read() and ReadIfReady(). If |read_if_ready| is + // set to true, ReadIfReady() will be used instead of Read(). + int ReadCommon(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback, + bool read_if_ready); + // State machine used by Connect(). int DoConnectLoop(int result); int DoConnect(); diff --git a/chromium/net/socket/tcp_server_socket.h b/chromium/net/socket/tcp_server_socket.h index 546f48df521..3b4a9616ede 100644 --- a/chromium/net/socket/tcp_server_socket.h +++ b/chromium/net/socket/tcp_server_socket.h @@ -18,6 +18,7 @@ namespace net { class NetLog; struct NetLogSource; +// A server socket that uses TCP as the transport layer. class NET_EXPORT TCPServerSocket : public ServerSocket { public: TCPServerSocket(NetLog* net_log, const NetLogSource& source); diff --git a/chromium/net/socket/tcp_socket.cc b/chromium/net/socket/tcp_socket.cc deleted file mode 100644 index ad5250620d0..00000000000 --- a/chromium/net/socket/tcp_socket.cc +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/socket/tcp_socket.h" - -#include "build/build_config.h" - -#if defined(OS_POSIX) -#include <sys/socket.h> -#include <netinet/in.h> -#include <netinet/tcp.h> -#elif defined(OS_WIN) -#include <winsock2.h> -#endif - -namespace net { - -bool SetTCPNoDelay(SocketDescriptor socket, bool no_delay) { -#if defined(OS_POSIX) - int on = no_delay ? 1 : 0; -#elif defined(OS_WIN) - BOOL on = no_delay ? TRUE : FALSE; -#endif - return setsockopt(socket, IPPROTO_TCP, TCP_NODELAY, - reinterpret_cast<const char*>(&on), sizeof(on)) == 0; -} - -} // namespace net diff --git a/chromium/net/socket/tcp_socket.h b/chromium/net/socket/tcp_socket.h index 319a6b261d0..71ac9a24d8d 100644 --- a/chromium/net/socket/tcp_socket.h +++ b/chromium/net/socket/tcp_socket.h @@ -40,39 +40,6 @@ bool IsTCPFastOpenUserEnabled(); // Not thread safe. Must be called during initialization/startup only. NET_EXPORT void CheckSupportAndMaybeEnableTCPFastOpen(bool user_enabled); -// This function enables/disables buffering in the kernel. By default, on Linux, -// TCP sockets will wait up to 200ms for more data to complete a packet before -// transmitting. After calling this function, the kernel will not wait. See -// TCP_NODELAY in `man 7 tcp`. -// -// For Windows: -// -// The Nagle implementation on Windows is governed by RFC 896. The idea -// behind Nagle is to reduce small packets on the network. When Nagle is -// enabled, if a partial packet has been sent, the TCP stack will disallow -// further *partial* packets until an ACK has been received from the other -// side. Good applications should always strive to send as much data as -// possible and avoid partial-packet sends. However, in most real world -// applications, there are edge cases where this does not happen, and two -// partial packets may be sent back to back. For a browser, it is NEVER -// a benefit to delay for an RTT before the second packet is sent. -// -// As a practical example in Chromium today, consider the case of a small -// POST. I have verified this: -// Client writes 649 bytes of header (partial packet #1) -// Client writes 50 bytes of POST data (partial packet #2) -// In the above example, with Nagle, a RTT delay is inserted between these -// two sends due to nagle. RTTs can easily be 100ms or more. The best -// fix is to make sure that for POSTing data, we write as much data as -// possible and minimize partial packets. We will fix that. But disabling -// Nagle also ensure we don't run into this delay in other edge cases. -// See also: -// http://technet.microsoft.com/en-us/library/bb726981.aspx -// -// This function returns true if it succeeds to set the TCP_NODELAY option, -// otherwise returns false. -NET_EXPORT_PRIVATE bool SetTCPNoDelay(SocketDescriptor socket, bool no_delay); - } // namespace net #endif // NET_SOCKET_TCP_SOCKET_H_ diff --git a/chromium/net/socket/tcp_socket_posix.cc b/chromium/net/socket/tcp_socket_posix.cc index a37d83b5e72..c758e635381 100644 --- a/chromium/net/socket/tcp_socket_posix.cc +++ b/chromium/net/socket/tcp_socket_posix.cc @@ -31,6 +31,7 @@ #include "net/log/net_log_source.h" #include "net/log/net_log_source_type.h" #include "net/socket/socket_net_log_params.h" +#include "net/socket/socket_options.h" #include "net/socket/socket_posix.h" // If we don't have a definition for TCPI_OPT_SYN_DATA, create one. @@ -293,6 +294,21 @@ int TCPSocketPosix::Read(IOBuffer* buf, return rv; } +int TCPSocketPosix::ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) { + DCHECK(socket_); + DCHECK(!callback.is_null()); + + int rv = + socket_->ReadIfReady(buf, buf_len, + base::Bind(&TCPSocketPosix::ReadIfReadyCompleted, + base::Unretained(this), callback)); + if (rv != ERR_IO_PENDING) + rv = HandleReadCompleted(buf, rv); + return rv; +} + int TCPSocketPosix::Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback) { @@ -386,39 +402,17 @@ void TCPSocketPosix::SetDefaultOptionsForClient() { int TCPSocketPosix::SetAddressReuse(bool allow) { DCHECK(socket_); - // SO_REUSEADDR is useful for server sockets to bind to a recently unbound - // port. When a socket is closed, the end point changes its state to TIME_WAIT - // and wait for 2 MSL (maximum segment lifetime) to ensure the remote peer - // acknowledges its closure. For server sockets, it is usually safe to - // bind to a TIME_WAIT end point immediately, which is a widely adopted - // behavior. - // - // Note that on *nix, SO_REUSEADDR does not enable the TCP socket to bind to - // an end point that is already bound by another socket. To do that one must - // set SO_REUSEPORT instead. This option is not provided on Linux prior - // to 3.9. - // - // SO_REUSEPORT is provided in MacOS X and iOS. - int boolean_value = allow ? 1 : 0; - int rv = setsockopt(socket_->socket_fd(), SOL_SOCKET, SO_REUSEADDR, - &boolean_value, sizeof(boolean_value)); - if (rv < 0) - return MapSystemError(errno); - return OK; + return SetReuseAddr(socket_->socket_fd(), allow); } int TCPSocketPosix::SetReceiveBufferSize(int32_t size) { DCHECK(socket_); - int rv = setsockopt(socket_->socket_fd(), SOL_SOCKET, SO_RCVBUF, - reinterpret_cast<const char*>(&size), sizeof(size)); - return (rv == 0) ? OK : MapSystemError(errno); + return SetSocketReceiveBufferSize(socket_->socket_fd(), size); } int TCPSocketPosix::SetSendBufferSize(int32_t size) { DCHECK(socket_); - int rv = setsockopt(socket_->socket_fd(), SOL_SOCKET, SO_SNDBUF, - reinterpret_cast<const char*>(&size), sizeof(size)); - return (rv == 0) ? OK : MapSystemError(errno); + return SetSocketSendBufferSize(socket_->socket_fd(), size); } bool TCPSocketPosix::SetKeepAlive(bool enable, int delay) { @@ -428,7 +422,7 @@ bool TCPSocketPosix::SetKeepAlive(bool enable, int delay) { bool TCPSocketPosix::SetNoDelay(bool no_delay) { DCHECK(socket_); - return SetTCPNoDelay(socket_->socket_fd(), no_delay); + return SetTCPNoDelay(socket_->socket_fd(), no_delay) == OK; } void TCPSocketPosix::Close() { @@ -586,10 +580,37 @@ void TCPSocketPosix::ReadCompleted(const scoped_refptr<IOBuffer>& buf, const CompletionCallback& callback, int rv) { DCHECK_NE(ERR_IO_PENDING, rv); + callback.Run(HandleReadCompleted(buf.get(), rv)); } +void TCPSocketPosix::ReadIfReadyCompleted(const CompletionCallback& callback, + int rv) { + DCHECK_NE(ERR_IO_PENDING, rv); + DCHECK_GE(OK, rv); + + HandleReadCompletedHelper(rv); + callback.Run(rv); +} + int TCPSocketPosix::HandleReadCompleted(IOBuffer* buf, int rv) { + HandleReadCompletedHelper(rv); + + if (rv < 0) + return rv; + + // Notify the watcher only if at least 1 byte was read. + if (rv > 0) + NotifySocketPerformanceWatcher(); + + net_log_.AddByteTransferEvent(NetLogEventType::SOCKET_BYTES_RECEIVED, rv, + buf->data()); + NetworkActivityMonitor::GetInstance()->IncrementBytesReceived(rv); + + return rv; +} + +void TCPSocketPosix::HandleReadCompletedHelper(int rv) { if (tcp_fastopen_write_attempted_ && !tcp_fastopen_connected_) { // A TCP FastOpen connect-with-write was attempted. This read was a // subsequent read, which either succeeded or failed. If the read @@ -610,18 +631,7 @@ int TCPSocketPosix::HandleReadCompleted(IOBuffer* buf, int rv) { if (rv < 0) { net_log_.AddEvent(NetLogEventType::SOCKET_READ_ERROR, CreateNetLogSocketErrorCallback(rv, errno)); - return rv; } - - // Notify the watcher only if at least 1 byte was read. - if (rv > 0) - NotifySocketPerformanceWatcher(); - - net_log_.AddByteTransferEvent(NetLogEventType::SOCKET_BYTES_RECEIVED, rv, - buf->data()); - NetworkActivityMonitor::GetInstance()->IncrementBytesReceived(rv); - - return rv; } void TCPSocketPosix::WriteCompleted(const scoped_refptr<IOBuffer>& buf, diff --git a/chromium/net/socket/tcp_socket_posix.h b/chromium/net/socket/tcp_socket_posix.h index 93b8261a1f4..f52479fea0c 100644 --- a/chromium/net/socket/tcp_socket_posix.h +++ b/chromium/net/socket/tcp_socket_posix.h @@ -59,6 +59,9 @@ class NET_EXPORT TCPSocketPosix { // Multiple outstanding requests are not supported. // Full duplex mode (reading and writing at the same time) is supported. int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback); + int ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback); int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback); int GetLocalAddress(IPEndPoint* address) const; @@ -197,7 +200,9 @@ class NET_EXPORT TCPSocketPosix { void ReadCompleted(const scoped_refptr<IOBuffer>& buf, const CompletionCallback& callback, int rv); + void ReadIfReadyCompleted(const CompletionCallback& callback, int rv); int HandleReadCompleted(IOBuffer* buf, int rv); + void HandleReadCompletedHelper(int rv); void WriteCompleted(const scoped_refptr<IOBuffer>& buf, const CompletionCallback& callback, diff --git a/chromium/net/socket/tcp_socket_win.cc b/chromium/net/socket/tcp_socket_win.cc index 6bb5895eff1..1ca554842c5 100644 --- a/chromium/net/socket/tcp_socket_win.cc +++ b/chromium/net/socket/tcp_socket_win.cc @@ -30,6 +30,7 @@ #include "net/log/net_log_source_type.h" #include "net/socket/socket_descriptor.h" #include "net/socket/socket_net_log_params.h" +#include "net/socket/socket_options.h" namespace net { @@ -37,24 +38,6 @@ namespace { const int kTCPKeepAliveSeconds = 45; -int SetSocketReceiveBufferSize(SOCKET socket, int32_t size) { - int rv = setsockopt(socket, SOL_SOCKET, SO_RCVBUF, - reinterpret_cast<const char*>(&size), sizeof(size)); - int os_error = WSAGetLastError(); - int net_error = (rv == 0) ? OK : MapSystemError(os_error); - DCHECK(!rv) << "Could not set socket receive buffer size: " << net_error; - return net_error; -} - -int SetSocketSendBufferSize(SOCKET socket, int32_t size) { - int rv = setsockopt(socket, SOL_SOCKET, SO_SNDBUF, - reinterpret_cast<const char*>(&size), sizeof(size)); - int os_error = WSAGetLastError(); - int net_error = (rv == 0) ? OK : MapSystemError(os_error); - DCHECK(!rv) << "Could not set socket send buffer size: " << net_error; - return net_error; -} - // Disable Nagle. // Enable TCP Keep-Alive to prevent NAT routers from timing out TCP // connections. See http://crbug.com/27400 for details. @@ -489,12 +472,52 @@ int TCPSocketWin::Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback) { DCHECK(CalledOnValidThread()); + DCHECK(!core_->read_iobuffer_.get()); + // base::Unretained() is safe because RetryRead() won't be called when |this| + // is gone. + int rv = + ReadIfReady(buf, buf_len, + base::Bind(&TCPSocketWin::RetryRead, base::Unretained(this))); + if (rv != ERR_IO_PENDING) + return rv; + read_callback_ = callback; + core_->read_iobuffer_ = buf; + core_->read_buffer_length_ = buf_len; + return ERR_IO_PENDING; +} + +int TCPSocketWin::ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback) { + DCHECK(CalledOnValidThread()); DCHECK_NE(socket_, INVALID_SOCKET); DCHECK(!waiting_read_); - CHECK(read_callback_.is_null()); - DCHECK(!core_->read_iobuffer_.get()); + DCHECK(read_if_ready_callback_.is_null()); + + if (!core_->non_blocking_reads_initialized_) { + WSAEventSelect(socket_, core_->read_overlapped_.hEvent, FD_READ | FD_CLOSE); + core_->non_blocking_reads_initialized_ = true; + } + int rv = recv(socket_, buf->data(), buf_len, 0); + int os_error = WSAGetLastError(); + if (rv == SOCKET_ERROR) { + if (os_error != WSAEWOULDBLOCK) { + int net_error = MapSystemError(os_error); + net_log_.AddEvent(NetLogEventType::SOCKET_READ_ERROR, + CreateNetLogSocketErrorCallback(net_error, os_error)); + return net_error; + } + } else { + net_log_.AddByteTransferEvent(NetLogEventType::SOCKET_BYTES_RECEIVED, rv, + buf->data()); + NetworkActivityMonitor::GetInstance()->IncrementBytesReceived(rv); + return rv; + } - return DoRead(buf, buf_len, callback); + waiting_read_ = true; + read_if_ready_callback_ = callback; + core_->WatchForRead(); + return ERR_IO_PENDING; } int TCPSocketWin::Write(IOBuffer* buf, @@ -622,7 +645,7 @@ bool TCPSocketWin::SetKeepAlive(bool enable, int delay) { } bool TCPSocketWin::SetNoDelay(bool no_delay) { - return SetTCPNoDelay(socket_, no_delay); + return SetTCPNoDelay(socket_, no_delay) == OK; } void TCPSocketWin::Close() { @@ -677,6 +700,7 @@ void TCPSocketWin::Close() { waiting_write_ = false; read_callback_.Reset(); + read_if_ready_callback_.Reset(); write_callback_.Reset(); peer_address_.reset(); connect_os_error_ = 0; @@ -871,35 +895,21 @@ void TCPSocketWin::LogConnectEnd(int net_error) { sizeof(source_address))); } -int TCPSocketWin::DoRead(IOBuffer* buf, int buf_len, - const CompletionCallback& callback) { - if (!core_->non_blocking_reads_initialized_) { - WSAEventSelect(socket_, core_->read_overlapped_.hEvent, - FD_READ | FD_CLOSE); - core_->non_blocking_reads_initialized_ = true; - } - int rv = recv(socket_, buf->data(), buf_len, 0); - int os_error = WSAGetLastError(); - if (rv == SOCKET_ERROR) { - if (os_error != WSAEWOULDBLOCK) { - int net_error = MapSystemError(os_error); - net_log_.AddEvent(NetLogEventType::SOCKET_READ_ERROR, - CreateNetLogSocketErrorCallback(net_error, os_error)); - return net_error; - } - } else { - net_log_.AddByteTransferEvent(NetLogEventType::SOCKET_BYTES_RECEIVED, rv, - buf->data()); - NetworkActivityMonitor::GetInstance()->IncrementBytesReceived(rv); - return rv; - } +void TCPSocketWin::RetryRead(int rv) { + DCHECK(core_->read_iobuffer_); - waiting_read_ = true; - read_callback_ = callback; - core_->read_iobuffer_ = buf; - core_->read_buffer_length_ = buf_len; - core_->WatchForRead(); - return ERR_IO_PENDING; + if (rv == OK) { + // base::Unretained() is safe because RetryRead() won't be called when + // |this| is gone. + rv = ReadIfReady( + core_->read_iobuffer_.get(), core_->read_buffer_length_, + base::Bind(&TCPSocketWin::RetryRead, base::Unretained(this))); + if (rv == ERR_IO_PENDING) + return; + } + core_->read_iobuffer_ = nullptr; + core_->read_buffer_length_ = 0; + base::ResetAndReturn(&read_callback_).Run(rv); } void TCPSocketWin::DidCompleteConnect() { @@ -981,7 +991,7 @@ void TCPSocketWin::DidCompleteWrite() { void TCPSocketWin::DidSignalRead() { DCHECK(waiting_read_); - DCHECK(!read_callback_.is_null()); + DCHECK(!read_if_ready_callback_.is_null()); int os_error = 0; WSANETWORKEVENTS network_events; @@ -1002,20 +1012,17 @@ void TCPSocketWin::DidSignalRead() { // network_events.iErrorCode[FD_CLOSE_BIT] is 0, it is a graceful // connection closure. It is tempting to directly set rv to 0 in // this case, but the MSDN pages for WSAEventSelect and - // WSAAsyncSelect recommend we still call DoRead(): + // WSAAsyncSelect recommend we still call RetryRead(): // FD_CLOSE should only be posted after all data is read from a // socket, but an application should check for remaining data upon // receipt of FD_CLOSE to avoid any possibility of losing data. // // If network_events.iErrorCode[FD_READ_BIT] or // network_events.iErrorCode[FD_CLOSE_BIT] is nonzero, still call - // DoRead() because recv() reports a more accurate error code + // RetryRead() because recv() reports a more accurate error code // (WSAECONNRESET vs. WSAECONNABORTED) when the connection was // reset. - rv = DoRead(core_->read_iobuffer_.get(), core_->read_buffer_length_, - read_callback_); - if (rv == ERR_IO_PENDING) - return; + rv = OK; } else { // This may happen because Read() may succeed synchronously and // consume all the received data without resetting the event object. @@ -1023,12 +1030,9 @@ void TCPSocketWin::DidSignalRead() { return; } - waiting_read_ = false; - core_->read_iobuffer_ = NULL; - core_->read_buffer_length_ = 0; - DCHECK_NE(rv, ERR_IO_PENDING); - base::ResetAndReturn(&read_callback_).Run(rv); + waiting_read_ = false; + base::ResetAndReturn(&read_if_ready_callback_).Run(rv); } bool TCPSocketWin::GetEstimatedRoundTripTime(base::TimeDelta* out_rtt) const { diff --git a/chromium/net/socket/tcp_socket_win.h b/chromium/net/socket/tcp_socket_win.h index 54e115b38f3..1cefdca0a29 100644 --- a/chromium/net/socket/tcp_socket_win.h +++ b/chromium/net/socket/tcp_socket_win.h @@ -61,6 +61,9 @@ class NET_EXPORT TCPSocketWin : NON_EXPORTED_BASE(public base::NonThreadSafe), // Multiple outstanding requests are not supported. // Full duplex mode (reading and writing at the same time) is supported. int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback); + int ReadIfReady(IOBuffer* buf, + int buf_len, + const CompletionCallback& callback); int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback); int GetLocalAddress(IPEndPoint* address) const; @@ -127,7 +130,7 @@ class NET_EXPORT TCPSocketWin : NON_EXPORTED_BASE(public base::NonThreadSafe), void LogConnectBegin(const AddressList& addresses); void LogConnectEnd(int net_error); - int DoRead(IOBuffer* buf, int buf_len, const CompletionCallback& callback); + void RetryRead(int rv); void DidCompleteConnect(); void DidCompleteWrite(); void DidSignalRead(); @@ -157,6 +160,11 @@ class NET_EXPORT TCPSocketWin : NON_EXPORTED_BASE(public base::NonThreadSafe), // External callback; called when connect or read is complete. CompletionCallback read_callback_; + // Non-null if a ReadIfReady() is to be completed asynchronously. This is an + // external callback if user used ReadIfReady() instead of Read(), but a + // wrapped callback on top of RetryRead() if Read() is used. + CompletionCallback read_if_ready_callback_; + // External callback; called when write is complete. CompletionCallback write_callback_; diff --git a/chromium/net/socket/transport_client_socket_pool.cc b/chromium/net/socket/transport_client_socket_pool.cc index 67e15ce6eae..5d968f12840 100644 --- a/chromium/net/socket/transport_client_socket_pool.cc +++ b/chromium/net/socket/transport_client_socket_pool.cc @@ -570,6 +570,11 @@ void TransportClientSocketPool::CloseIdleSockets() { base_.CloseIdleSockets(); } +void TransportClientSocketPool::CloseIdleSocketsInGroup( + const std::string& group_name) { + base_.CloseIdleSocketsInGroup(group_name); +} + int TransportClientSocketPool::IdleSocketCount() const { return base_.idle_socket_count(); } diff --git a/chromium/net/socket/transport_client_socket_pool.h b/chromium/net/socket/transport_client_socket_pool.h index d89fefdb1f0..15692e36a23 100644 --- a/chromium/net/socket/transport_client_socket_pool.h +++ b/chromium/net/socket/transport_client_socket_pool.h @@ -225,6 +225,7 @@ class NET_EXPORT_PRIVATE TransportClientSocketPool : public ClientSocketPool { int id) override; void FlushWithError(int error) override; void CloseIdleSockets() override; + void CloseIdleSocketsInGroup(const std::string& group_name) override; int IdleSocketCount() const override; int IdleSocketCountInGroup(const std::string& group_name) const override; LoadState GetLoadState(const std::string& group_name, diff --git a/chromium/net/socket/udp_server_socket.h b/chromium/net/socket/udp_server_socket.h index 65a49e187ed..5d3cbdb28c1 100644 --- a/chromium/net/socket/udp_server_socket.h +++ b/chromium/net/socket/udp_server_socket.h @@ -20,7 +20,7 @@ class IPEndPoint; class NetLog; struct NetLogSource; -// A client socket that uses UDP as the transport layer. +// A server socket that uses UDP as the transport layer. class NET_EXPORT UDPServerSocket : public DatagramServerSocket { public: UDPServerSocket(net::NetLog* net_log, const net::NetLogSource& source); diff --git a/chromium/net/socket/udp_socket_posix.cc b/chromium/net/socket/udp_socket_posix.cc index 1fee49590c6..66f037b40ec 100644 --- a/chromium/net/socket/udp_socket_posix.cc +++ b/chromium/net/socket/udp_socket_posix.cc @@ -33,6 +33,7 @@ #include "net/log/net_log_source.h" #include "net/log/net_log_source_type.h" #include "net/socket/socket_descriptor.h" +#include "net/socket/socket_options.h" #include "net/socket/udp_net_log_parameters.h" #if defined(OS_ANDROID) @@ -501,17 +502,13 @@ int UDPSocketPosix::BindToNetwork( int UDPSocketPosix::SetReceiveBufferSize(int32_t size) { DCHECK_NE(socket_, kInvalidSocket); DCHECK(CalledOnValidThread()); - int rv = setsockopt(socket_, SOL_SOCKET, SO_RCVBUF, - reinterpret_cast<const char*>(&size), sizeof(size)); - return rv == 0 ? OK : MapSystemError(errno); + return SetSocketReceiveBufferSize(socket_, size); } int UDPSocketPosix::SetSendBufferSize(int32_t size) { DCHECK_NE(socket_, kInvalidSocket); DCHECK(CalledOnValidThread()); - int rv = setsockopt(socket_, SOL_SOCKET, SO_SNDBUF, - reinterpret_cast<const char*>(&size), sizeof(size)); - return rv == 0 ? OK : MapSystemError(errno); + return SetSocketSendBufferSize(socket_, size); } int UDPSocketPosix::SetDoNotFragment() { @@ -549,10 +546,7 @@ int UDPSocketPosix::AllowAddressReuse() { DCHECK_NE(socket_, kInvalidSocket); DCHECK(CalledOnValidThread()); DCHECK(!is_connected()); - int true_value = 1; - int rv = setsockopt( - socket_, SOL_SOCKET, SO_REUSEADDR, &true_value, sizeof(true_value)); - return rv == 0 ? OK : MapSystemError(errno); + return SetReuseAddr(socket_, true); } int UDPSocketPosix::SetBroadcast(bool broadcast) { diff --git a/chromium/net/socket/udp_socket_unittest.cc b/chromium/net/socket/udp_socket_unittest.cc index befa2da8608..1a602125766 100644 --- a/chromium/net/socket/udp_socket_unittest.cc +++ b/chromium/net/socket/udp_socket_unittest.cc @@ -606,7 +606,8 @@ TEST_F(UDPSocketTest, ServerSetDoNotFragment) { UDPServerSocket server(nullptr, NetLogSource()); int rv = server.Listen(bind_address); // May fail on IPv6 is IPv6 is not configure - if (bind_address.address().IsIPv6() && rv == ERR_ADDRESS_INVALID) + if (bind_address.address().IsIPv6() && + (rv == ERR_ADDRESS_INVALID || rv == ERR_ADDRESS_UNREACHABLE)) return; EXPECT_THAT(rv, IsOk()); diff --git a/chromium/net/socket/udp_socket_win.cc b/chromium/net/socket/udp_socket_win.cc index 1b78e75d2a0..83538c91c16 100644 --- a/chromium/net/socket/udp_socket_win.cc +++ b/chromium/net/socket/udp_socket_win.cc @@ -28,6 +28,7 @@ #include "net/log/net_log_source.h" #include "net/log/net_log_source_type.h" #include "net/socket/socket_descriptor.h" +#include "net/socket/socket_options.h" #include "net/socket/udp_net_log_parameters.h" namespace { @@ -499,8 +500,8 @@ int UDPSocketWin::BindToNetwork(NetworkChangeNotifier::NetworkHandle network) { int UDPSocketWin::SetReceiveBufferSize(int32_t size) { DCHECK_NE(socket_, INVALID_SOCKET); DCHECK(CalledOnValidThread()); - int rv = setsockopt(socket_, SOL_SOCKET, SO_RCVBUF, - reinterpret_cast<const char*>(&size), sizeof(size)); + int rv = SetSocketReceiveBufferSize(socket_, size); + if (rv != 0) return MapSystemError(WSAGetLastError()); @@ -522,8 +523,7 @@ int UDPSocketWin::SetReceiveBufferSize(int32_t size) { int UDPSocketWin::SetSendBufferSize(int32_t size) { DCHECK_NE(socket_, INVALID_SOCKET); DCHECK(CalledOnValidThread()); - int rv = setsockopt(socket_, SOL_SOCKET, SO_SNDBUF, - reinterpret_cast<const char*>(&size), sizeof(size)); + int rv = SetSocketSendBufferSize(socket_, size); if (rv != 0) return MapSystemError(WSAGetLastError()); // According to documentation, setsockopt may succeed, but we need to check diff --git a/chromium/net/socket/unix_domain_server_socket_posix.h b/chromium/net/socket/unix_domain_server_socket_posix.h index 0d52835120b..27116eef660 100644 --- a/chromium/net/socket/unix_domain_server_socket_posix.h +++ b/chromium/net/socket/unix_domain_server_socket_posix.h @@ -21,8 +21,8 @@ namespace net { class SocketPosix; -// Unix Domain Server Socket Implementation. Supports abstract namespaces on -// Linux and Android. +// A server socket that uses unix domain socket as the transport layer. +// Supports abstract namespaces on Linux and Android. class NET_EXPORT UnixDomainServerSocket : public ServerSocket { public: // Credentials of a peer process connected to the socket. diff --git a/chromium/net/socket/websocket_transport_client_socket_pool.cc b/chromium/net/socket/websocket_transport_client_socket_pool.cc index 8d8fd4bc284..73bf5362727 100644 --- a/chromium/net/socket/websocket_transport_client_socket_pool.cc +++ b/chromium/net/socket/websocket_transport_client_socket_pool.cc @@ -463,6 +463,11 @@ void WebSocketTransportClientSocketPool::CloseIdleSockets() { // We have no idle sockets. } +void WebSocketTransportClientSocketPool::CloseIdleSocketsInGroup( + const std::string& group_name) { + // We have no idle sockets. +} + int WebSocketTransportClientSocketPool::IdleSocketCount() const { return 0; } diff --git a/chromium/net/socket/websocket_transport_client_socket_pool.h b/chromium/net/socket/websocket_transport_client_socket_pool.h index a2c0235f9f0..5758e9d74e0 100644 --- a/chromium/net/socket/websocket_transport_client_socket_pool.h +++ b/chromium/net/socket/websocket_transport_client_socket_pool.h @@ -173,6 +173,7 @@ class NET_EXPORT_PRIVATE WebSocketTransportClientSocketPool int id) override; void FlushWithError(int error) override; void CloseIdleSockets() override; + void CloseIdleSocketsInGroup(const std::string& group_name) override; int IdleSocketCount() const override; int IdleSocketCountInGroup(const std::string& group_name) const override; LoadState GetLoadState(const std::string& group_name, diff --git a/chromium/net/spdy/array_output_buffer.h b/chromium/net/spdy/array_output_buffer.h index a363e56db3f..f6c805abf9a 100644 --- a/chromium/net/spdy/array_output_buffer.h +++ b/chromium/net/spdy/array_output_buffer.h @@ -5,7 +5,7 @@ #ifndef NET_SPDY_ARRAY_OUTPUT_BUFFER_H_ #define NET_SPDY_ARRAY_OUTPUT_BUFFER_H_ -#include <string.h> +#include <cstddef> #include "net/spdy/zero_copy_output_buffer.h" namespace net { diff --git a/chromium/net/spdy/bidirectional_stream_spdy_impl.cc b/chromium/net/spdy/bidirectional_stream_spdy_impl.cc index 07f240db5e4..e926201edaa 100644 --- a/chromium/net/spdy/bidirectional_stream_spdy_impl.cc +++ b/chromium/net/spdy/bidirectional_stream_spdy_impl.cc @@ -30,10 +30,12 @@ const int kBufferTimeMs = 1; } // namespace BidirectionalStreamSpdyImpl::BidirectionalStreamSpdyImpl( - const base::WeakPtr<SpdySession>& spdy_session) + const base::WeakPtr<SpdySession>& spdy_session, + NetLogSource source_dependency) : spdy_session_(spdy_session), request_info_(nullptr), delegate_(nullptr), + source_dependency_(source_dependency), negotiated_protocol_(kProtoUnknown), more_read_data_pending_(false), read_buffer_len_(0), @@ -293,6 +295,10 @@ void BidirectionalStreamSpdyImpl::OnClose(int status) { OnDataSent(); } +NetLogSource BidirectionalStreamSpdyImpl::source_dependency() const { + return source_dependency_; +} + int BidirectionalStreamSpdyImpl::SendRequestHeadersHelper() { SpdyHeaderBlock headers; HttpRequestInfo http_request_info; diff --git a/chromium/net/spdy/bidirectional_stream_spdy_impl.h b/chromium/net/spdy/bidirectional_stream_spdy_impl.h index b5398b35274..9e97b9142ee 100644 --- a/chromium/net/spdy/bidirectional_stream_spdy_impl.h +++ b/chromium/net/spdy/bidirectional_stream_spdy_impl.h @@ -18,6 +18,7 @@ #include "net/http/bidirectional_stream_impl.h" #include "net/http/bidirectional_stream_request_info.h" #include "net/http/http_request_info.h" +#include "net/log/net_log_source.h" #include "net/spdy/spdy_read_queue.h" #include "net/spdy/spdy_session.h" #include "net/spdy/spdy_stream.h" @@ -36,8 +37,8 @@ class NET_EXPORT_PRIVATE BidirectionalStreamSpdyImpl : public BidirectionalStreamImpl, public SpdyStream::Delegate { public: - explicit BidirectionalStreamSpdyImpl( - const base::WeakPtr<SpdySession>& spdy_session); + BidirectionalStreamSpdyImpl(const base::WeakPtr<SpdySession>& spdy_session, + NetLogSource source_dependency); ~BidirectionalStreamSpdyImpl() override; @@ -67,6 +68,7 @@ class NET_EXPORT_PRIVATE BidirectionalStreamSpdyImpl void OnDataSent() override; void OnTrailers(const SpdyHeaderBlock& trailers) override; void OnClose(int status) override; + NetLogSource source_dependency() const override; private: int SendRequestHeadersHelper(); @@ -87,6 +89,7 @@ class NET_EXPORT_PRIVATE BidirectionalStreamSpdyImpl std::unique_ptr<base::Timer> timer_; SpdyStreamRequest stream_request_; base::WeakPtr<SpdyStream> stream_; + const NetLogSource source_dependency_; NextProto negotiated_protocol_; diff --git a/chromium/net/spdy/bidirectional_stream_spdy_impl_unittest.cc b/chromium/net/spdy/bidirectional_stream_spdy_impl_unittest.cc index bd75d3bade1..a37ad013366 100644 --- a/chromium/net/spdy/bidirectional_stream_spdy_impl_unittest.cc +++ b/chromium/net/spdy/bidirectional_stream_spdy_impl_unittest.cc @@ -5,13 +5,11 @@ #include "net/spdy/bidirectional_stream_spdy_impl.h" #include <memory> -#include <string> #include "base/macros.h" #include "base/memory/ptr_util.h" #include "base/run_loop.h" #include "base/strings/string_number_conversions.h" -#include "base/strings/string_piece.h" #include "base/time/time.h" #include "base/timer/mock_timer.h" #include "net/base/load_timing_info.h" @@ -20,9 +18,9 @@ #include "net/http/http_request_info.h" #include "net/http/http_response_headers.h" #include "net/http/http_response_info.h" -#include "net/log/net_log_source.h" #include "net/log/test_net_log.h" #include "net/socket/socket_test_util.h" +#include "net/spdy/platform/api/spdy_string.h" #include "net/spdy/spdy_session.h" #include "net/spdy/spdy_test_util_common.h" #include "net/test/cert_test_util.h" @@ -70,7 +68,7 @@ class TestDelegateBase : public BidirectionalStreamImpl::Delegate { TestDelegateBase(base::WeakPtr<SpdySession> session, IOBuffer* read_buf, int read_buf_len) - : stream_(new BidirectionalStreamSpdyImpl(session)), + : stream_(new BidirectionalStreamSpdyImpl(session, NetLogSource())), read_buf_(read_buf), read_buf_len_(read_buf_len), loop_(nullptr), @@ -198,7 +196,7 @@ class TestDelegateBase : public BidirectionalStreamImpl::Delegate { } // Const getters for internal states. - const std::string& data_received() const { return data_received_; } + const SpdyString& data_received() const { return data_received_; } int bytes_read() const { return bytes_read_; } int error() const { return error_; } const SpdyHeaderBlock& response_headers() const { return response_headers_; } @@ -216,7 +214,7 @@ class TestDelegateBase : public BidirectionalStreamImpl::Delegate { std::unique_ptr<BidirectionalStreamSpdyImpl> stream_; scoped_refptr<IOBuffer> read_buf_; int read_buf_len_; - std::string data_received_; + SpdyString data_received_; std::unique_ptr<base::RunLoop> loop_; SpdyHeaderBlock response_headers_; SpdyHeaderBlock trailers_; @@ -315,7 +313,7 @@ TEST_F(BidirectionalStreamSpdyImplTest, SimplePostRequest) { sequenced_data_->RunUntilPaused(); scoped_refptr<StringIOBuffer> write_buffer( - new StringIOBuffer(std::string(kBodyData, kBodyDataSize))); + new StringIOBuffer(SpdyString(kBodyData, kBodyDataSize))); delegate->SendData(write_buffer.get(), write_buffer->size(), true); sequenced_data_->Resume(); base::RunLoop().RunUntilIdle(); @@ -467,7 +465,7 @@ TEST_P(BidirectionalStreamSpdyImplTest, RstWithNoErrorBeforeSendIsComplete) { sequenced_data_->RunUntilPaused(); // Make a write pending before receiving RST_STREAM. scoped_refptr<StringIOBuffer> write_buffer( - new StringIOBuffer(std::string(kBodyData, kBodyDataSize))); + new StringIOBuffer(SpdyString(kBodyData, kBodyDataSize))); delegate->SendData(write_buffer.get(), write_buffer->size(), false); sequenced_data_->Resume(); base::RunLoop().RunUntilIdle(); diff --git a/chromium/net/spdy/buffered_spdy_framer.cc b/chromium/net/spdy/buffered_spdy_framer.cc index 332b06bdaba..435e9d3b298 100644 --- a/chromium/net/spdy/buffered_spdy_framer.cc +++ b/chromium/net/spdy/buffered_spdy_framer.cc @@ -55,7 +55,7 @@ void BufferedSpdyFramer::OnHeaders(SpdyStreamId stream_id, frames_received_++; DCHECK(!control_frame_fields_.get()); control_frame_fields_.reset(new ControlFrameFields()); - control_frame_fields_->type = HEADERS; + control_frame_fields_->type = SpdyFrameType::HEADERS; control_frame_fields_->stream_id = stream_id; control_frame_fields_->has_priority = has_priority; if (control_frame_fields_->has_priority) { @@ -105,7 +105,7 @@ void BufferedSpdyFramer::OnHeaderFrameEnd(SpdyStreamId stream_id, } DCHECK(control_frame_fields_.get()); switch (control_frame_fields_->type) { - case HEADERS: + case SpdyFrameType::HEADERS: visitor_->OnHeaders( control_frame_fields_->stream_id, control_frame_fields_->has_priority, control_frame_fields_->weight, @@ -113,7 +113,7 @@ void BufferedSpdyFramer::OnHeaderFrameEnd(SpdyStreamId stream_id, control_frame_fields_->exclusive, control_frame_fields_->fin, coalescer_->release_headers()); break; - case PUSH_PROMISE: + case SpdyFrameType::PUSH_PROMISE: visitor_->OnPushPromise(control_frame_fields_->stream_id, control_frame_fields_->promised_stream_id, coalescer_->release_headers()); @@ -185,7 +185,7 @@ void BufferedSpdyFramer::OnPushPromise(SpdyStreamId stream_id, frames_received_++; DCHECK(!control_frame_fields_.get()); control_frame_fields_.reset(new ControlFrameFields()); - control_frame_fields_->type = PUSH_PROMISE; + control_frame_fields_->type = SpdyFrameType::PUSH_PROMISE; control_frame_fields_->stream_id = stream_id; control_frame_fields_->promised_stream_id = promised_stream_id; @@ -194,7 +194,7 @@ void BufferedSpdyFramer::OnPushPromise(SpdyStreamId stream_id, void BufferedSpdyFramer::OnAltSvc( SpdyStreamId stream_id, - base::StringPiece origin, + SpdyStringPiece origin, const SpdyAltSvcWireFormat::AlternativeServiceVector& altsvc_vector) { visitor_->OnAltSvc(stream_id, origin, altsvc_vector); } @@ -284,8 +284,7 @@ std::unique_ptr<SpdySerializedFrame> BufferedSpdyFramer::CreateDataFrame( const char* data, uint32_t len, SpdyDataFlags flags) { - SpdyDataIR data_ir(stream_id, - base::StringPiece(data, len)); + SpdyDataIR data_ir(stream_id, SpdyStringPiece(data, len)); data_ir.set_fin((flags & DATA_FLAG_FIN) != 0); return base::MakeUnique<SpdySerializedFrame>( spdy_framer_.SerializeData(data_ir)); diff --git a/chromium/net/spdy/buffered_spdy_framer.h b/chromium/net/spdy/buffered_spdy_framer.h index fa0ead92314..9c6c0d9ddbc 100644 --- a/chromium/net/spdy/buffered_spdy_framer.h +++ b/chromium/net/spdy/buffered_spdy_framer.h @@ -9,11 +9,12 @@ #include <stdint.h> #include <memory> -#include <string> #include "base/macros.h" #include "net/base/net_export.h" #include "net/spdy/header_coalescer.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/spdy_alt_svc_wire_format.h" #include "net/spdy/spdy_framer.h" #include "net/spdy/spdy_header_block.h" @@ -30,7 +31,7 @@ class NET_EXPORT_PRIVATE BufferedSpdyFramerVisitorInterface { // Called if an error is detected in a HTTP2 stream. virtual void OnStreamError(SpdyStreamId stream_id, - const std::string& description) = 0; + const SpdyString& description) = 0; // Called after all the header data for HEADERS control frame is received. virtual void OnHeaders(SpdyStreamId stream_id, @@ -86,7 +87,7 @@ class NET_EXPORT_PRIVATE BufferedSpdyFramerVisitorInterface { // Called when a GOAWAY frame has been parsed. virtual void OnGoAway(SpdyStreamId last_accepted_stream_id, SpdyErrorCode error_code, - base::StringPiece debug_data) = 0; + SpdyStringPiece debug_data) = 0; // Called when a WINDOW_UPDATE frame has been parsed. virtual void OnWindowUpdate(SpdyStreamId stream_id, @@ -100,7 +101,7 @@ class NET_EXPORT_PRIVATE BufferedSpdyFramerVisitorInterface { // Called when an ALTSVC frame has been parsed. virtual void OnAltSvc( SpdyStreamId stream_id, - base::StringPiece origin, + SpdyStringPiece origin, const SpdyAltSvcWireFormat::AlternativeServiceVector& altsvc_vector) = 0; // Called when a frame type we don't recognize is received. @@ -164,7 +165,7 @@ class NET_EXPORT_PRIVATE BufferedSpdyFramer SpdyStreamId promised_stream_id, bool end) override; void OnAltSvc(SpdyStreamId stream_id, - base::StringPiece origin, + SpdyStringPiece origin, const SpdyAltSvcWireFormat::AlternativeServiceVector& altsvc_vector) override; void OnDataFrameHeader(SpdyStreamId stream_id, @@ -260,7 +261,7 @@ class NET_EXPORT_PRIVATE BufferedSpdyFramer struct GoAwayFields { SpdyStreamId last_accepted_stream_id; SpdyErrorCode error_code; - std::string debug_data; + SpdyString debug_data; // Returns the estimate of dynamically allocated memory in bytes. size_t EstimateMemoryUsage() const; diff --git a/chromium/net/spdy/buffered_spdy_framer_unittest.cc b/chromium/net/spdy/buffered_spdy_framer_unittest.cc index da2d5710d82..770f21c4b11 100644 --- a/chromium/net/spdy/buffered_spdy_framer_unittest.cc +++ b/chromium/net/spdy/buffered_spdy_framer_unittest.cc @@ -34,7 +34,7 @@ class TestBufferedSpdyVisitor : public BufferedSpdyFramerVisitorInterface { } void OnStreamError(SpdyStreamId stream_id, - const std::string& description) override { + const SpdyString& description) override { VLOG(1) << "SpdyFramer Error on stream: " << stream_id << " " << description; error_count_++; @@ -85,7 +85,7 @@ class TestBufferedSpdyVisitor : public BufferedSpdyFramerVisitorInterface { void OnGoAway(SpdyStreamId last_accepted_stream_id, SpdyErrorCode error_code, - base::StringPiece debug_data) override { + SpdyStringPiece debug_data) override { goaway_count_++; goaway_last_accepted_stream_id_ = last_accepted_stream_id; goaway_error_code_ = error_code; @@ -113,7 +113,7 @@ class TestBufferedSpdyVisitor : public BufferedSpdyFramerVisitorInterface { } void OnAltSvc(SpdyStreamId stream_id, - base::StringPiece origin, + SpdyStringPiece origin, const SpdyAltSvcWireFormat::AlternativeServiceVector& altsvc_vector) override { altsvc_count_++; @@ -167,11 +167,11 @@ class TestBufferedSpdyVisitor : public BufferedSpdyFramerVisitorInterface { // OnGoAway parameters. SpdyStreamId goaway_last_accepted_stream_id_; SpdyErrorCode goaway_error_code_; - std::string goaway_debug_data_; + SpdyString goaway_debug_data_; // OnAltSvc parameters. SpdyStreamId altsvc_stream_id_; - std::string altsvc_origin_; + SpdyString altsvc_origin_; SpdyAltSvcWireFormat::AlternativeServiceVector altsvc_vector_; }; @@ -194,7 +194,7 @@ TEST_F(BufferedSpdyFramerTest, OnSetting) { TEST_F(BufferedSpdyFramerTest, HeaderListTooLarge) { SpdyHeaderBlock headers; - std::string long_header_value(256 * 1024, 'x'); + SpdyString long_header_value(256 * 1024, 'x'); headers["foo"] = long_header_value; SpdyHeadersIR headers_ir(/*stream_id=*/1, std::move(headers)); diff --git a/chromium/net/spdy/fuzzing/hpack_example_generator.cc b/chromium/net/spdy/fuzzing/hpack_example_generator.cc index e73681bf400..ba6e43fcbe5 100644 --- a/chromium/net/spdy/fuzzing/hpack_example_generator.cc +++ b/chromium/net/spdy/fuzzing/hpack_example_generator.cc @@ -10,6 +10,7 @@ #include "net/spdy/fuzzing/hpack_fuzz_util.h" #include "net/spdy/hpack/hpack_constants.h" #include "net/spdy/hpack/hpack_encoder.h" +#include "net/spdy/platform/api/spdy_string.h" #include "net/spdy/spdy_protocol.h" namespace { @@ -23,8 +24,8 @@ const char kExampleCount[] = "example-count"; } // namespace using net::HpackFuzzUtil; +using net::SpdyString; using std::map; -using std::string; // Generates a configurable number of header sets (using HpackFuzzUtil), and // sequentially encodes each header set with an HpackEncoder. Encoded header @@ -43,7 +44,7 @@ int main(int argc, char** argv) { << " --" << kExampleCount << "=1000"; return -1; } - string file_to_write = command_line.GetSwitchValueASCII(kFileToWrite); + SpdyString file_to_write = command_line.GetSwitchValueASCII(kFileToWrite); int example_count = 0; base::StringToInt(command_line.GetSwitchValueASCII(kExampleCount), @@ -62,10 +63,10 @@ int main(int argc, char** argv) { net::SpdyHeaderBlock headers = HpackFuzzUtil::NextGeneratedHeaderSet(&context); - string buffer; + SpdyString buffer; CHECK(encoder.EncodeHeaderSet(headers, &buffer)); - string prefix = HpackFuzzUtil::HeaderBlockPrefix(buffer.size()); + SpdyString prefix = HpackFuzzUtil::HeaderBlockPrefix(buffer.size()); CHECK_LT(0, file_out.WriteAtCurrentPos(prefix.data(), prefix.size())); CHECK_LT(0, file_out.WriteAtCurrentPos(buffer.data(), buffer.size())); diff --git a/chromium/net/spdy/fuzzing/hpack_fuzz_util.cc b/chromium/net/spdy/fuzzing/hpack_fuzz_util.cc index d82e34c52a3..90b633ea60b 100644 --- a/chromium/net/spdy/fuzzing/hpack_fuzz_util.cc +++ b/chromium/net/spdy/fuzzing/hpack_fuzz_util.cc @@ -31,10 +31,8 @@ const size_t kValueLengthMax = 75; } // namespace -using base::StringPiece; using base::RandBytesAsString; using std::map; -using std::string; HpackFuzzUtil::GeneratorContext::GeneratorContext() {} HpackFuzzUtil::GeneratorContext::~GeneratorContext() {} @@ -83,7 +81,7 @@ SpdyHeaderBlock HpackFuzzUtil::NextGeneratedHeaderSet( kHeaderIndexMax); size_t value_index = SampleExponential(kHeaderIndexMean, kHeaderIndexMax); - string name, value; + SpdyString name, value; if (name_index >= context->names.size()) { context->names.push_back( RandBytesAsString(1 + SampleExponential(kNameLengthMean, @@ -112,8 +110,7 @@ size_t HpackFuzzUtil::SampleExponential(size_t mean, size_t sanity_bound) { } // static -bool HpackFuzzUtil::NextHeaderBlock(Input* input, - StringPiece* out) { +bool HpackFuzzUtil::NextHeaderBlock(Input* input, SpdyStringPiece* out) { // ClusterFuzz may truncate input files if the fuzzer ran out of allocated // disk space. Be tolerant of these. CHECK_LE(input->offset, input->input.size()); @@ -128,15 +125,15 @@ bool HpackFuzzUtil::NextHeaderBlock(Input* input, if (input->remaining() < length) { return false; } - *out = StringPiece(input->ptr(), length); + *out = SpdyStringPiece(input->ptr(), length); input->offset += length; return true; } // static -string HpackFuzzUtil::HeaderBlockPrefix(size_t block_size) { +SpdyString HpackFuzzUtil::HeaderBlockPrefix(size_t block_size) { uint32_t length = base::HostToNet32(static_cast<uint32_t>(block_size)); - return string(reinterpret_cast<char*>(&length), sizeof(uint32_t)); + return SpdyString(reinterpret_cast<char*>(&length), sizeof(uint32_t)); } // static @@ -147,8 +144,9 @@ void HpackFuzzUtil::InitializeFuzzerContext(FuzzerContext* context) { } // static -bool HpackFuzzUtil::RunHeaderBlockThroughFuzzerStages(FuzzerContext* context, - StringPiece input_block) { +bool HpackFuzzUtil::RunHeaderBlockThroughFuzzerStages( + FuzzerContext* context, + SpdyStringPiece input_block) { // First stage: Decode the input header block. This may fail on invalid input. if (!context->first_stage->HandleControlFrameHeadersData( input_block.data(), input_block.size())) { @@ -158,7 +156,7 @@ bool HpackFuzzUtil::RunHeaderBlockThroughFuzzerStages(FuzzerContext* context, return false; } // Second stage: Re-encode the decoded header block. This must succeed. - string second_stage_out; + SpdyString second_stage_out; CHECK(context->second_stage->EncodeHeaderSet( context->first_stage->decoded_block(), &second_stage_out)); diff --git a/chromium/net/spdy/fuzzing/hpack_fuzz_util.h b/chromium/net/spdy/fuzzing/hpack_fuzz_util.h index 289bb6a1646..163b8b9e067 100644 --- a/chromium/net/spdy/fuzzing/hpack_fuzz_util.h +++ b/chromium/net/spdy/fuzzing/hpack_fuzz_util.h @@ -9,13 +9,13 @@ #include <stdint.h> #include <memory> -#include <string> #include <vector> -#include "base/strings/string_piece.h" #include "net/base/net_export.h" #include "net/spdy/hpack/hpack_decoder.h" #include "net/spdy/hpack/hpack_encoder.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" namespace net { @@ -26,8 +26,8 @@ class NET_EXPORT_PRIVATE HpackFuzzUtil { struct NET_EXPORT_PRIVATE GeneratorContext { GeneratorContext(); ~GeneratorContext(); - std::vector<std::string> names; - std::vector<std::string> values; + std::vector<SpdyString> names; + std::vector<SpdyString> values; }; // Initializes a GeneratorContext with a random seed and name/value fixtures. @@ -40,7 +40,7 @@ class NET_EXPORT_PRIVATE HpackFuzzUtil { // upper-bounded by |sanity_bound|. static size_t SampleExponential(size_t mean, size_t sanity_bound); - // Holds an input string, and manages an offset into that string. + // Holds an input SpdyString, and manages an offset into that SpdyString. struct NET_EXPORT_PRIVATE Input { Input(); // Initializes |offset| to zero. ~Input(); @@ -52,17 +52,17 @@ class NET_EXPORT_PRIVATE HpackFuzzUtil { return input.data() + offset; } - std::string input; + SpdyString input; size_t offset; }; // Returns true if the next header block was set at |out|. Returns // false if no input header blocks remain. - static bool NextHeaderBlock(Input* input, base::StringPiece* out); + static bool NextHeaderBlock(Input* input, SpdyStringPiece* out); // Returns the serialized header block length prefix for a block of // |block_size| bytes. - static std::string HeaderBlockPrefix(size_t block_size); + static SpdyString HeaderBlockPrefix(size_t block_size); // A FuzzerContext holds fuzzer input, as well as each of the decoder and // encoder stages which fuzzed header blocks are processed through. @@ -80,7 +80,7 @@ class NET_EXPORT_PRIVATE HpackFuzzUtil { // |second_stage| and |third_stage| as well. Returns whether all stages // processed the input without error. static bool RunHeaderBlockThroughFuzzerStages(FuzzerContext* context, - base::StringPiece input_block); + SpdyStringPiece input_block); // Flips random bits within |buffer|. The total number of flips is // |flip_per_thousand| bits for every 1,024 bytes of |buffer_length|, diff --git a/chromium/net/spdy/fuzzing/hpack_fuzz_util_test.cc b/chromium/net/spdy/fuzzing/hpack_fuzz_util_test.cc index ecbcb6b2a7a..bbc72dfdbb0 100644 --- a/chromium/net/spdy/fuzzing/hpack_fuzz_util_test.cc +++ b/chromium/net/spdy/fuzzing/hpack_fuzz_util_test.cc @@ -17,9 +17,7 @@ namespace net { namespace test { -using base::StringPiece; using std::map; -using std::string; using test::a2b_hex; TEST(HpackFuzzUtilTest, GeneratorContextInitialization) { @@ -66,7 +64,7 @@ TEST(HpackFuzzUtilTest, ParsesSequenceOfHeaderBlocks) { HpackFuzzUtil::Input input; input.input.assign(fixture, arraysize(fixture) - 1); - StringPiece block; + SpdyStringPiece block; EXPECT_TRUE(HpackFuzzUtil::NextHeaderBlock(&input, &block)); EXPECT_EQ("aaaaa", block); @@ -86,16 +84,16 @@ TEST(HpackFuzzUtilTest, ParsesSequenceOfHeaderBlocks) { } TEST(HpackFuzzUtilTest, SerializedHeaderBlockPrefixes) { - EXPECT_EQ(string("\x00\x00\x00\x00", 4), HpackFuzzUtil::HeaderBlockPrefix(0)); - EXPECT_EQ(string("\x00\x00\x00\x05", 4), HpackFuzzUtil::HeaderBlockPrefix(5)); - EXPECT_EQ(string("\x4f\xb3\x0a\x91", 4), - HpackFuzzUtil::HeaderBlockPrefix(1337133713)); + EXPECT_EQ(SpdyString("\x00\x00\x00\x00", 4), + HpackFuzzUtil::HeaderBlockPrefix(0)); + EXPECT_EQ(SpdyString("\x00\x00\x00\x05", 4), + HpackFuzzUtil::HeaderBlockPrefix(5)); + EXPECT_EQ("\x4f\xb3\x0a\x91", HpackFuzzUtil::HeaderBlockPrefix(1337133713)); } TEST(HpackFuzzUtilTest, PassValidInputThroughAllStages) { // Example lifted from HpackDecoderTest.SectionD4RequestHuffmanExamples. - string input = a2b_hex("828684418cf1e3c2e5f23a6ba0ab90f4" - "ff"); + SpdyString input = a2b_hex("828684418cf1e3c2e5f23a6ba0ab90f4ff"); HpackFuzzUtil::FuzzerContext context; HpackFuzzUtil::InitializeFuzzerContext(&context); @@ -127,7 +125,7 @@ TEST(HpackFuzzUtilTest, ValidFuzzExamplesRegressionTest) { HpackFuzzUtil::FuzzerContext context; HpackFuzzUtil::InitializeFuzzerContext(&context); - StringPiece block; + SpdyStringPiece block; while (HpackFuzzUtil::NextHeaderBlock(&input, &block)) { // As these are valid examples, all fuzz stages should succeed. EXPECT_TRUE(HpackFuzzUtil::RunHeaderBlockThroughFuzzerStages( @@ -137,7 +135,7 @@ TEST(HpackFuzzUtilTest, ValidFuzzExamplesRegressionTest) { TEST(HpackFuzzUtilTest, FlipBitsMutatesBuffer) { char buffer[] = "testbuffer1234567890"; - string unmodified(buffer, arraysize(buffer) - 1); + SpdyString unmodified(buffer, arraysize(buffer) - 1); EXPECT_EQ(unmodified, buffer); HpackFuzzUtil::FlipBits(reinterpret_cast<uint8_t*>(buffer), diff --git a/chromium/net/spdy/header_coalescer.cc b/chromium/net/spdy/header_coalescer.cc index 03633cc6129..2158998328a 100644 --- a/chromium/net/spdy/header_coalescer.cc +++ b/chromium/net/spdy/header_coalescer.cc @@ -9,12 +9,13 @@ #include "base/strings/string_util.h" #include "net/http/http_util.h" #include "net/spdy/platform/api/spdy_estimate_memory_usage.h" +#include "net/spdy/platform/api/spdy_string.h" namespace net { const size_t kMaxHeaderListSize = 256 * 1024; -void HeaderCoalescer::OnHeader(base::StringPiece key, base::StringPiece value) { +void HeaderCoalescer::OnHeader(SpdyStringPiece key, SpdyStringPiece value) { if (error_seen_) { return; } @@ -25,7 +26,7 @@ void HeaderCoalescer::OnHeader(base::StringPiece key, base::StringPiece value) { return; } - base::StringPiece key_name = key; + SpdyStringPiece key_name = key; if (key[0] == ':') { if (regular_header_seen_) { error_seen_ = true; @@ -50,7 +51,7 @@ void HeaderCoalescer::OnHeader(base::StringPiece key, base::StringPiece value) { // End of line delimiter is forbidden according to RFC 7230 Section 3.2. // Line folding, RFC 7230 Section 3.2.4., is a special case of this. - if (value.find("\r\n") != base::StringPiece::npos) { + if (value.find("\r\n") != SpdyStringPiece::npos) { error_seen_ = true; return; } @@ -60,13 +61,13 @@ void HeaderCoalescer::OnHeader(base::StringPiece key, base::StringPiece value) { headers_[key] = value; } else { // This header had multiple values, so it must be reconstructed. - base::StringPiece v = iter->second; - std::string s(v.data(), v.length()); + SpdyStringPiece v = iter->second; + SpdyString s(v.data(), v.length()); if (key == "cookie") { // Obeys section 8.1.2.5 in RFC 7540 for cookie reconstruction. s.append("; "); } else { - base::StringPiece("\0", 1).AppendToString(&s); + SpdyStringPiece("\0", 1).AppendToString(&s); } value.AppendToString(&s); headers_[key] = s; diff --git a/chromium/net/spdy/header_coalescer.h b/chromium/net/spdy/header_coalescer.h index f6151390d6f..b98d76e0f08 100644 --- a/chromium/net/spdy/header_coalescer.h +++ b/chromium/net/spdy/header_coalescer.h @@ -6,6 +6,7 @@ #define NET_SPDY_HEADER_COALESCER_H_ #include "net/base/net_export.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/spdy_header_block.h" #include "net/spdy/spdy_headers_handler_interface.h" @@ -17,7 +18,7 @@ class NET_EXPORT_PRIVATE HeaderCoalescer : public SpdyHeadersHandlerInterface { void OnHeaderBlockStart() override {} - void OnHeader(base::StringPiece key, base::StringPiece value) override; + void OnHeader(SpdyStringPiece key, SpdyStringPiece value) override; void OnHeaderBlockEnd(size_t uncompressed_header_bytes) override {} void OnHeaderBlockEnd(size_t uncompressed_header_bytes, diff --git a/chromium/net/spdy/header_coalescer_test.cc b/chromium/net/spdy/header_coalescer_test.cc index 9005257d52b..64900324bc4 100644 --- a/chromium/net/spdy/header_coalescer_test.cc +++ b/chromium/net/spdy/header_coalescer_test.cc @@ -2,12 +2,12 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "header_coalescer.h" +#include "net/spdy/header_coalescer.h" -#include <string> +#include <vector> -#include "base/strings/string_piece.h" -#include "base/strings/stringprintf.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_utils.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" @@ -42,7 +42,7 @@ TEST_F(HeaderCoalescerTest, EmptyHeaderKey) { TEST_F(HeaderCoalescerTest, HeaderBlockTooLarge) { // 3 byte key, 256 * 1024 - 40 byte value, 32 byte overhead: // less than 256 * 1024 bytes in total. - std::string data(256 * 1024 - 40, 'a'); + SpdyString data(256 * 1024 - 40, 'a'); header_coalescer_.OnHeader("foo", data); EXPECT_FALSE(header_coalescer_.error_seen()); @@ -67,7 +67,7 @@ TEST_F(HeaderCoalescerTest, Append) { SpdyHeaderBlock header_block = header_coalescer_.release_headers(); EXPECT_THAT(header_block, - ElementsAre(Pair("foo", base::StringPiece("bar\0quux", 8)), + ElementsAre(Pair("foo", SpdyStringPiece("bar\0quux", 8)), Pair("cookie", "baz; qux"))); } @@ -78,7 +78,7 @@ TEST_F(HeaderCoalescerTest, CRLFInHeaderValue) { } TEST_F(HeaderCoalescerTest, HeaderNameNotValid) { - base::StringPiece header_name("\x01\x7F\x80\xff"); + SpdyStringPiece header_name("\x01\x7F\x80\xff"); header_coalescer_.OnHeader(header_name, "foo"); EXPECT_TRUE(header_coalescer_.error_seen()); } @@ -89,7 +89,7 @@ TEST_F(HeaderCoalescerTest, HeaderNameNotValid) { // tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / // "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA TEST_F(HeaderCoalescerTest, HeaderNameValid) { - base::StringPiece header_name( + SpdyStringPiece header_name( "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!#$%&'*+-." "^_`|~"); header_coalescer_.OnHeader(header_name, "foo"); @@ -122,18 +122,17 @@ TEST_F(HeaderCoalescerTest, HeaderValueValid) { header_values[i].push_back(j); } header_coalescer_.OnHeader( - base::StringPrintf("%s_%d", "foo", i), - base::StringPiece(header_values[i].data(), header_values[i].size())); + SpdyStringPrintf("%s_%d", "foo", i), + SpdyStringPiece(header_values[i].data(), header_values[i].size())); EXPECT_FALSE(header_coalescer_.error_seen()); } SpdyHeaderBlock header_block = header_coalescer_.release_headers(); - EXPECT_THAT(header_block, - ElementsAre(Pair("foo_0", - base::StringPiece(header_values[0].data(), - header_values[0].size())), - Pair("foo_1", - base::StringPiece(header_values[1].data(), - header_values[1].size())))); + EXPECT_THAT( + header_block, + ElementsAre(Pair("foo_0", SpdyStringPiece(header_values[0].data(), + header_values[0].size())), + Pair("foo_1", SpdyStringPiece(header_values[1].data(), + header_values[1].size())))); } } // namespace test diff --git a/chromium/net/spdy/hpack/hpack_decoder.cc b/chromium/net/spdy/hpack/hpack_decoder.cc index 5f76762555a..611e2c5c855 100644 --- a/chromium/net/spdy/hpack/hpack_decoder.cc +++ b/chromium/net/spdy/hpack/hpack_decoder.cc @@ -14,9 +14,6 @@ namespace net { -using base::StringPiece; -using std::string; - HpackDecoder::HpackDecoder() : handler_(nullptr), total_header_bytes_(0), @@ -128,8 +125,8 @@ size_t HpackDecoder::EstimateMemoryUsage() const { SpdyEstimateMemoryUsage(value_buffer_); } -bool HpackDecoder::HandleHeaderRepresentation(StringPiece name, - StringPiece value) { +bool HpackDecoder::HandleHeaderRepresentation(SpdyStringPiece name, + SpdyStringPiece value) { size_updates_allowed_ = false; total_header_bytes_ += name.size() + value.size(); @@ -219,12 +216,12 @@ bool HpackDecoder::DecodeNextIndexedHeader(HpackInputStream* input_stream) { bool HpackDecoder::DecodeNextLiteralHeader(HpackInputStream* input_stream, bool should_index) { - StringPiece name; + SpdyStringPiece name; if (!DecodeNextName(input_stream, &name)) { return false; } - StringPiece value; + SpdyStringPiece value; if (!DecodeNextStringLiteral(input_stream, false, &value)) { return false; } @@ -242,7 +239,7 @@ bool HpackDecoder::DecodeNextLiteralHeader(HpackInputStream* input_stream, } bool HpackDecoder::DecodeNextName(HpackInputStream* input_stream, - StringPiece* next_name) { + SpdyStringPiece* next_name) { uint32_t index_or_zero = 0; if (!input_stream->DecodeNextUint32(&index_or_zero)) { DVLOG(1) << "Failed to decode the next uint."; @@ -270,11 +267,11 @@ bool HpackDecoder::DecodeNextName(HpackInputStream* input_stream, bool HpackDecoder::DecodeNextStringLiteral(HpackInputStream* input_stream, bool is_key, - StringPiece* output) { + SpdyStringPiece* output) { if (input_stream->MatchPrefixAndConsume(kStringLiteralHuffmanEncoded)) { - string* buffer = is_key ? &key_buffer_ : &value_buffer_; + SpdyString* buffer = is_key ? &key_buffer_ : &value_buffer_; bool result = input_stream->DecodeNextHuffmanString(buffer); - *output = StringPiece(*buffer); + *output = SpdyStringPiece(*buffer); return result; } else if (input_stream->MatchPrefixAndConsume( kStringLiteralIdentityEncoded)) { diff --git a/chromium/net/spdy/hpack/hpack_decoder.h b/chromium/net/spdy/hpack/hpack_decoder.h index 76d18b7730d..6df4d1a3bd1 100644 --- a/chromium/net/spdy/hpack/hpack_decoder.h +++ b/chromium/net/spdy/hpack/hpack_decoder.h @@ -10,15 +10,15 @@ #include <map> #include <memory> -#include <string> #include <vector> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/base/net_export.h" #include "net/spdy/hpack/hpack_decoder_interface.h" #include "net/spdy/hpack/hpack_header_table.h" #include "net/spdy/hpack/hpack_input_stream.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/spdy_headers_handler_interface.h" #include "net/spdy/spdy_protocol.h" @@ -94,8 +94,7 @@ class NET_EXPORT_PRIVATE HpackDecoder : public HpackDecoderInterface { // MUST be treated as malformed, as per sections 8.1.2.3. of the HTTP2 // specification (RFC 7540). // - bool HandleHeaderRepresentation(base::StringPiece name, - base::StringPiece value); + bool HandleHeaderRepresentation(SpdyStringPiece name, SpdyStringPiece value); // Handlers for decoding HPACK opcodes and header representations // (or parts thereof). These methods return true on success and @@ -107,21 +106,21 @@ class NET_EXPORT_PRIVATE HpackDecoder : public HpackDecoderInterface { bool DecodeNextLiteralHeader(HpackInputStream* input_stream, bool should_index); bool DecodeNextName(HpackInputStream* input_stream, - base::StringPiece* next_name); + SpdyStringPiece* next_name); bool DecodeNextStringLiteral(HpackInputStream* input_stream, bool is_header_key, // As distinct from a value. - base::StringPiece* output); + SpdyStringPiece* output); HpackHeaderTable header_table_; // TODO(jgraettinger): Buffer for headers data, and storage for the last- // processed headers block. Both will be removed with the switch to // SpdyHeadersHandlerInterface. - std::string headers_block_buffer_; + SpdyString headers_block_buffer_; SpdyHeaderBlock decoded_block_; // Scratch space for storing decoded literals. - std::string key_buffer_, value_buffer_; + SpdyString key_buffer_, value_buffer_; // If non-NULL, handles decoded headers. SpdyHeadersHandlerInterface* handler_; @@ -145,7 +144,7 @@ class NET_EXPORT_PRIVATE HpackDecoder : public HpackDecoderInterface { // at the start, but not once we've seen a header entry. bool size_updates_allowed_; - // Saved value of --gfe2_reloadable_flag_add_hpack_incremental_decode. + // Saved value of --chromium_http2_flag_add_hpack_incremental_decode. bool incremental_decode_; DISALLOW_COPY_AND_ASSIGN(HpackDecoder); diff --git a/chromium/net/spdy/hpack/hpack_decoder2.cc b/chromium/net/spdy/hpack/hpack_decoder2.cc deleted file mode 100644 index 14ff94e990f..00000000000 --- a/chromium/net/spdy/hpack/hpack_decoder2.cc +++ /dev/null @@ -1,337 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/spdy/hpack/hpack_decoder2.h" - -#include <list> -#include <utility> - -#include "base/logging.h" -#include "base/strings/string_piece.h" -#include "net/http2/decoder/decode_buffer.h" -#include "net/http2/decoder/decode_status.h" -#include "net/spdy/hpack/hpack_entry.h" -#include "net/spdy/platform/api/spdy_estimate_memory_usage.h" - -using base::StringPiece; - -namespace net { - -HpackDecoder2::HpackDecoder2() : hpack_block_decoder_(this) { - Reset(); -} - -HpackDecoder2::~HpackDecoder2() {} - -void HpackDecoder2::Reset() { - DVLOG(2) << "HpackDecoder2::Reset"; - handler_ = nullptr; - - hpack_block_decoder_.Reset(); - hpack_block_decoder_.set_listener(this); - - total_hpack_bytes_ = 0; - total_header_bytes_ = 0; - size_update_count_ = 0; - header_seen_ = false; - in_progress_ = false; - error_detected_ = false; - header_block_started_ = false; - - name_.Reset(); - value_.Reset(); -} - -void HpackDecoder2::SetErrorDetected() { - if (!error_detected_) { - DVLOG(2) << "HpackDecoder2::SetErrorDetected"; - hpack_block_decoder_.set_listener(&no_op_listener_); - error_detected_ = true; - } -} - -void HpackDecoder2::ApplyHeaderTableSizeSetting(size_t size_setting) { - DVLOG(2) << "HpackDecoder2::ApplyHeaderTableSizeSetting"; - header_table_.SetSettingsHeaderTableSize(size_setting); -} - -// If a SpdyHeadersHandlerInterface is provided, the decoder will emit -// headers to it rather than accumulating them in a SpdyHeaderBlock. -void HpackDecoder2::HandleControlFrameHeadersStart( - SpdyHeadersHandlerInterface* handler) { - DVLOG(2) << "HpackDecoder2::HandleControlFrameHeadersStart"; - DCHECK(!header_block_started_); - handler_ = handler; -} - -// Called as HPACK block fragments arrive. Returns false -// if an error occurred while decoding the block. -bool HpackDecoder2::HandleControlFrameHeadersData(const char* headers_data, - size_t headers_data_length) { - DVLOG(2) << "HpackDecoder2::HandleControlFrameHeadersData: len=" - << headers_data_length; - if (!header_block_started_) { - DCHECK_EQ(total_hpack_bytes_, 0u); - // Clear the SpdyHeaderBlock here rather than in Reset so that it is NOT - // cleared in HandleControlFrameHeadersComplete, which would be before it - // could be used. - decoded_block_.clear(); - header_block_started_ = true; - if (handler_ != nullptr) { - handler_->OnHeaderBlockStart(); - } - } - - // Sometimes we get a call with headers_data==nullptr and - // headers_data_length==0, in which case we need to avoid creating - // a DecodeBuffer, which would otherwise complain. - if (headers_data_length > 0) { - DCHECK_NE(headers_data, nullptr); - total_hpack_bytes_ += headers_data_length; - DecodeBuffer db(headers_data, headers_data_length); - DecodeStatus status = hpack_block_decoder_.Decode(&db); - switch (status) { - case DecodeStatus::kDecodeDone: - // We've completed the decoding of headers_data, and it ended at the - // boundary between two HPACK block entries, so name_ and value_ are - // currently reset. - DCHECK_EQ(0u, db.Remaining()); - in_progress_ = false; - break; - - case DecodeStatus::kDecodeInProgress: - DCHECK_EQ(0u, db.Remaining()); - in_progress_ = true; - if (!error_detected_) { - name_.BufferStringIfUnbuffered(); - value_.BufferStringIfUnbuffered(); - EnforceMaxDecodeBufferSize(); - } - break; - - case DecodeStatus::kDecodeError: - SetErrorDetected(); - break; - } - } - return !error_detected_; -} - -// Called after a HPACK block has been completely delivered via -// HandleControlFrameHeadersData(). Returns false if an error occurred. -// |compressed_len| if non-null will be set to the size of the encoded -// buffered block that was accumulated in HandleControlFrameHeadersData(), -// to support subsequent calculation of compression percentage. -// Discards the handler supplied at the start of decoding the block. -// TODO(jamessynge): Determine if compressed_len is needed; it is used to -// produce UUMA stat Net.SpdyHpackDecompressionPercentage, but only for -// SPDY3, not HTTP2. -bool HpackDecoder2::HandleControlFrameHeadersComplete(size_t* compressed_len) { - DVLOG(2) << "HpackDecoder2::HandleControlFrameHeadersComplete"; - if (error_detected_ || in_progress_) { - DVLOG(2) << "error_detected_=" << error_detected_ - << ", in_progress_=" << in_progress_; - return false; - } - if (compressed_len != nullptr) { - *compressed_len = total_hpack_bytes_; - } - if (handler_ != nullptr) { - handler_->OnHeaderBlockEnd(total_header_bytes_); - } - Reset(); - return true; -} - -const SpdyHeaderBlock& HpackDecoder2::decoded_block() const { - return decoded_block_; -} - -void HpackDecoder2::SetHeaderTableDebugVisitor( - std::unique_ptr<HpackHeaderTable::DebugVisitorInterface> visitor) { - DVLOG(2) << "HpackDecoder2::SetHeaderTableDebugVisitor"; - header_table_.set_debug_visitor(std::move(visitor)); -} - -void HpackDecoder2::set_max_decode_buffer_size_bytes( - size_t max_decode_buffer_size_bytes) { - DVLOG(2) << "HpackDecoder2::set_max_decode_buffer_size_bytes"; - max_decode_buffer_size_bytes_ = max_decode_buffer_size_bytes; -} - -size_t HpackDecoder2::EstimateMemoryUsage() const { - return SpdyEstimateMemoryUsage(header_table_) + - SpdyEstimateMemoryUsage(decoded_block_) + - SpdyEstimateMemoryUsage(name_) + SpdyEstimateMemoryUsage(value_); -} - -void HpackDecoder2::OnIndexedHeader(size_t index) { - DVLOG(2) << "HpackDecoder2::OnIndexedHeader: index=" << index; - DCHECK(!error_detected_); - const HpackEntry* entry = header_table_.GetByIndex(index); - if (entry == nullptr) { - SetErrorDetected(); - return; - } - HandleHeaderRepresentation(entry->name(), entry->value()); -} - -void HpackDecoder2::OnStartLiteralHeader(HpackEntryType entry_type, - size_t maybe_name_index) { - DVLOG(2) << "HpackDecoder2::OnStartLiteralHeader: entry_type=" << entry_type - << ", maybe_name_index=" << maybe_name_index; - DCHECK(!error_detected_); - entry_type_ = entry_type; - if (maybe_name_index > 0) { - const HpackEntry* entry = header_table_.GetByIndex(maybe_name_index); - if (entry == nullptr) { - SetErrorDetected(); - return; - } else { - // Non-static entries could be evicted, leaving us with a dangling - // pointer, so we preemptively copy. This could be avoided if - // TryAddEntry would copy the strings prior to performing eviction. - name_.Set(entry->name(), entry->IsStatic()); - name_.BufferStringIfUnbuffered(); - } - } -} - -void HpackDecoder2::OnNameStart(bool huffman_encoded, size_t len) { - DVLOG(2) << "HpackDecoder2::OnNameStart: huffman_encoded=" - << (huffman_encoded ? "true" : "false") << ", len=" << len; - if (len > max_decode_buffer_size_bytes_) { - DVLOG(1) << "Name length (" << len << ") is longer than permitted (" - << max_decode_buffer_size_bytes_ << ")"; - SetErrorDetected(); - return; - } - name_.OnStart(huffman_encoded, len); -} - -void HpackDecoder2::OnNameData(const char* data, size_t len) { - DVLOG(2) << "HpackDecoder2::OnNameData: len=" << len - << "\n data: " << StringPiece(data, len); - if (error_detected_) { - return; - } - if (!name_.OnData(data, len)) { - SetErrorDetected(); - } -} - -void HpackDecoder2::OnNameEnd() { - DVLOG(2) << "HpackDecoder2::OnNameEnd"; - if (error_detected_) { - return; - } - if (!name_.OnEnd()) { - SetErrorDetected(); - } -} - -void HpackDecoder2::OnValueStart(bool huffman_encoded, size_t len) { - DVLOG(2) << "HpackDecoder2::OnValueStart: huffman_encoded=" - << (huffman_encoded ? "true" : "false") << ", len=" << len; - if (len > max_decode_buffer_size_bytes_) { - DVLOG(1) << "Value length (" << len << ") is longer than permitted (" - << max_decode_buffer_size_bytes_ << ")"; - SetErrorDetected(); - return; - } - value_.OnStart(huffman_encoded, len); -} - -void HpackDecoder2::OnValueData(const char* data, size_t len) { - DVLOG(2) << "HpackDecoder2::OnValueData: len=" << len - << "\n data: " << StringPiece(data, len); - if (error_detected_) { - return; - } - if (!value_.OnData(data, len)) { - SetErrorDetected(); - } -} - -void HpackDecoder2::OnValueEnd() { - DVLOG(2) << "HpackDecoder2::OnValueEnd"; - if (error_detected_) { - return; - } - if (!value_.OnEnd()) { - SetErrorDetected(); - return; - } - if (EnforceMaxDecodeBufferSize()) { - // All is well. - HandleHeaderRepresentation(name_.str(), value_.str()); - if (entry_type_ == HpackEntryType::kIndexedLiteralHeader) { - header_table_.TryAddEntry(name_.str(), value_.str()); - } - name_.Reset(); - value_.Reset(); - } -} - -void HpackDecoder2::OnDynamicTableSizeUpdate(size_t size) { - DVLOG(2) << "HpackDecoder2::OnDynamicTableSizeUpdate: size=" << size; - if (error_detected_) { - return; - } - if (size > header_table_.settings_size_bound()) { - DVLOG(1) << "Dynamic Table Size Update with too large a size: " << size - << " > " << header_table_.settings_size_bound(); - SetErrorDetected(); - return; - } - if (header_seen_) { - DVLOG(1) << "Dynamic Table Size Update seen after a Header"; - SetErrorDetected(); - return; - } - ++size_update_count_; - if (size_update_count_ > 2) { - DVLOG(1) << "Too many (" << size_update_count_ - << ") Dynamic Table Size Updates"; - SetErrorDetected(); - return; - } - header_table_.SetMaxSize(size); - return; -} - -bool HpackDecoder2::EnforceMaxDecodeBufferSize() { - if (!error_detected_) { - size_t buffered_length = name_.BufferedLength() + value_.BufferedLength(); - DVLOG(2) << "buffered_length=" << buffered_length - << "; max=" << max_decode_buffer_size_bytes_; - if (buffered_length > max_decode_buffer_size_bytes_) { - DVLOG(1) << "Header length (" << buffered_length - << ") is longer than permitted (" - << max_decode_buffer_size_bytes_ << ")"; - SetErrorDetected(); - } - } - return !error_detected_; -} - -void HpackDecoder2::HandleHeaderRepresentation(StringPiece name, - StringPiece value) { - DVLOG(2) << "HpackDecoder2::HandleHeaderRepresentation:\n name: " << name - << "\n value: " << value; - total_header_bytes_ += name.size() + value.size(); - header_seen_ = true; - if (handler_ == nullptr) { - DVLOG(3) << "HpackDecoder2::HandleHeaderRepresentation " - << "adding to decoded_block"; - decoded_block_.AppendValueOrAddHeader(name, value); - } else { - DVLOG(3) << "HpackDecoder2::HandleHeaderRepresentation " - << "passing to handler"; - DCHECK(decoded_block_.empty()); - handler_->OnHeader(name, value); - } -} - -} // namespace net diff --git a/chromium/net/spdy/hpack/hpack_decoder2.h b/chromium/net/spdy/hpack/hpack_decoder2.h deleted file mode 100644 index 614ac01e588..00000000000 --- a/chromium/net/spdy/hpack/hpack_decoder2.h +++ /dev/null @@ -1,147 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_SPDY_HPACK_HPACK_DECODER2_H_ -#define NET_SPDY_HPACK_HPACK_DECODER2_H_ - -// HpackDecoder2 - -// An HpackDecoder decodes header sets as outlined in -// http://tools.ietf.org/html/rfc7541. This implementation uses the -// new HpackBlockDecoder in //net/http2/hpack/ - -#include <stddef.h> - -#include <memory> -#include <string> - -#include "base/macros.h" -#include "base/strings/string_piece.h" -#include "net/base/net_export.h" -#include "net/http2/hpack/decoder/hpack_block_decoder.h" -#include "net/http2/hpack/decoder/hpack_decoder_string_buffer.h" -#include "net/http2/hpack/decoder/hpack_entry_decoder_listener.h" -#include "net/http2/hpack/http2_hpack_constants.h" -#include "net/http2/hpack/huffman/http2_hpack_huffman_decoder.h" -#include "net/spdy/hpack/hpack_constants.h" -#include "net/spdy/hpack/hpack_decoder_interface.h" -#include "net/spdy/hpack/hpack_header_table.h" -#include "net/spdy/spdy_header_block.h" -#include "net/spdy/spdy_headers_handler_interface.h" - -namespace net { -namespace test { -class HpackDecoder2Peer; -} // namespace test - -class NET_EXPORT_PRIVATE HpackDecoder2 : public HpackDecoderInterface, - HpackEntryDecoderListener { - public: - friend test::HpackDecoder2Peer; - HpackDecoder2(); - ~HpackDecoder2() override; - - // Override the interface methods: - - void ApplyHeaderTableSizeSetting(size_t size_setting) override; - void HandleControlFrameHeadersStart( - SpdyHeadersHandlerInterface* handler) override; - bool HandleControlFrameHeadersData(const char* headers_data, - size_t headers_data_length) override; - bool HandleControlFrameHeadersComplete(size_t* compressed_len) override; - const SpdyHeaderBlock& decoded_block() const override; - void SetHeaderTableDebugVisitor( - std::unique_ptr<HpackHeaderTable::DebugVisitorInterface> visitor) - override; - void set_max_decode_buffer_size_bytes( - size_t max_decode_buffer_size_bytes) override; - size_t EstimateMemoryUsage() const override; - - protected: - // Override the HpackEntryDecoderListener methods: - - void OnIndexedHeader(size_t index) override; - void OnStartLiteralHeader(HpackEntryType entry_type, - size_t maybe_name_index) override; - void OnNameStart(bool huffman_encoded, size_t len) override; - void OnNameData(const char* data, size_t len) override; - void OnNameEnd() override; - void OnValueStart(bool huffman_encoded, size_t len) override; - void OnValueData(const char* data, size_t len) override; - void OnValueEnd() override; - void OnDynamicTableSizeUpdate(size_t size) override; - - private: - // Called when a complete header entry has been decoded, with the name and - // value of the entry. If check_header_order_ is true, confirms that - // pseudo-headers don't appear after normal headers, else it treats the - // headers as malformed, as per sections 8.1.2.3. of the HTTP2 specification. - // Calls handler_->OnHeader() if there is a handler, else adds the header - // to decoded_block_. - void HandleHeaderRepresentation(base::StringPiece name, - base::StringPiece value); - - // Reset state in preparation for decoding a new HPACK block. Does not reset - // the dynamic table. - void Reset(); - - // Called when an error is detected while decoding. Replaces the listener - // in the HpackBlockDecoder with the no-op listener. - void SetErrorDetected(); - - // Enforce the limit on the maximum size of strings that can be buffered. - // It happens that this test is made after the strings have been buffered, - // but that isn't a problem because we don't pass enormous buffers into - // HandleControlFrameHeadersData. - bool EnforceMaxDecodeBufferSize(); - - HpackHeaderTable header_table_; - SpdyHeaderBlock decoded_block_; - - // Scratch space for storing decoded literals. - HpackDecoderStringBuffer name_, value_; - - // If non-NULL, handles decoded headers. - SpdyHeadersHandlerInterface* handler_; - - HpackEntryDecoderNoOpListener no_op_listener_; - - // Total bytes that have been received as input (i.e. HPACK encoded). - size_t total_hpack_bytes_; - - // Total bytes of the name and value strings in the current HPACK block. - size_t total_header_bytes_; - - // How much encoded data this decoder is willing to buffer. - size_t max_decode_buffer_size_bytes_ = 32 * 1024; // 32 KB - - HpackBlockDecoder hpack_block_decoder_; - - // Count of Dynamic Table Size Updates seen in the current HPACK block. - uint32_t size_update_count_; - - // The type of the current header entry (with literals) that is being decoded. - HpackEntryType entry_type_; - - // Has a header been seen in the current HPACK block? - bool header_seen_; - - // Did the HpackBlockDecoder stop in the middle of an entry? - bool in_progress_; - - // Has an error been detected while decoding the HPACK block? - bool error_detected_; - - // Flag to keep track of having seen the header block start. Needed at the - // moment because HandleControlFrameHeadersStart won't be called if a handler - // is not being provided by the caller. - // TODO(jamessynge): Consider collapsing several of these bools into a single - // enum representing the state of the decoding process. - bool header_block_started_; - - DISALLOW_COPY_AND_ASSIGN(HpackDecoder2); -}; - -} // namespace net -#endif // NET_SPDY_HPACK_HPACK_DECODER2_H_ diff --git a/chromium/net/spdy/hpack/hpack_decoder2_test.cc b/chromium/net/spdy/hpack/hpack_decoder2_test.cc deleted file mode 100644 index 8c70051e2c1..00000000000 --- a/chromium/net/spdy/hpack/hpack_decoder2_test.cc +++ /dev/null @@ -1,959 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/spdy/hpack/hpack_decoder2.h" - -// Tests of HpackDecoder2. - -#include <string> -#include <tuple> -#include <utility> -#include <vector> - -#include "base/logging.h" -#include "base/strings/string_piece.h" -#include "net/http2/hpack/tools/hpack_block_builder.h" -#include "net/http2/tools/http2_random.h" -#include "net/spdy/hpack/hpack_encoder.h" -#include "net/spdy/hpack/hpack_entry.h" -#include "net/spdy/hpack/hpack_huffman_table.h" -#include "net/spdy/hpack/hpack_output_stream.h" -#include "net/spdy/spdy_test_utils.h" -#include "testing/gtest/include/gtest/gtest.h" - -using base::StringPiece; -using std::string; - -namespace net { -namespace test { - -class HpackDecoder2Peer { - public: - explicit HpackDecoder2Peer(HpackDecoder2* decoder) : decoder_(decoder) {} - - void HandleHeaderRepresentation(StringPiece name, StringPiece value) { - decoder_->HandleHeaderRepresentation(name, value); - } - HpackHeaderTable* header_table() { return &decoder_->header_table_; } - - private: - HpackDecoder2* decoder_; -}; - -namespace { - -using testing::ElementsAre; -using testing::Pair; - -// Is HandleControlFrameHeadersStart to be called, and with what value? -enum StartChoice { START_WITH_HANDLER, START_WITHOUT_HANDLER, NO_START }; - -class HpackDecoder2Test - : public ::testing::TestWithParam<std::tuple<StartChoice, bool>> { - protected: - HpackDecoder2Test() : decoder_(), decoder_peer_(&decoder_) {} - - void SetUp() override { - std::tie(start_choice_, randomly_split_input_buffer_) = GetParam(); - } - - void HandleControlFrameHeadersStart() { - switch (start_choice_) { - case START_WITH_HANDLER: - decoder_.HandleControlFrameHeadersStart(&handler_); - break; - case START_WITHOUT_HANDLER: - decoder_.HandleControlFrameHeadersStart(nullptr); - break; - case NO_START: - break; - } - } - - bool HandleControlFrameHeadersData(StringPiece str) { - return decoder_.HandleControlFrameHeadersData(str.data(), str.size()); - } - - bool HandleControlFrameHeadersComplete(size_t* size) { - return decoder_.HandleControlFrameHeadersComplete(size); - } - - bool DecodeHeaderBlock(StringPiece str) { - // Don't call this again if HandleControlFrameHeadersData failed previously. - EXPECT_FALSE(decode_has_failed_); - HandleControlFrameHeadersStart(); - if (randomly_split_input_buffer_) { - do { - // Decode some fragment of the remaining bytes. - size_t bytes = str.length(); - if (!str.empty()) { - bytes = (random_.Rand8() % str.length()) + 1; - } - EXPECT_LE(bytes, str.length()); - if (!HandleControlFrameHeadersData(str.substr(0, bytes))) { - decode_has_failed_ = true; - return false; - } - str.remove_prefix(bytes); - } while (!str.empty()); - } else if (!HandleControlFrameHeadersData(str)) { - decode_has_failed_ = true; - return false; - } - if (!HandleControlFrameHeadersComplete(nullptr)) { - decode_has_failed_ = true; - return false; - } - return true; - } - - const SpdyHeaderBlock& decoded_block() const { - if (start_choice_ == START_WITH_HANDLER) { - return handler_.decoded_block(); - } else { - return decoder_.decoded_block(); - } - } - - const SpdyHeaderBlock& DecodeBlockExpectingSuccess(StringPiece str) { - EXPECT_TRUE(DecodeHeaderBlock(str)); - return decoded_block(); - } - - void expectEntry(size_t index, - size_t size, - const string& name, - const string& value) { - const HpackEntry* entry = decoder_peer_.header_table()->GetByIndex(index); - EXPECT_EQ(name, entry->name()) << "index " << index; - EXPECT_EQ(value, entry->value()); - EXPECT_EQ(size, entry->Size()); - EXPECT_EQ(index, decoder_peer_.header_table()->IndexOf(entry)); - } - - SpdyHeaderBlock MakeHeaderBlock( - const std::vector<std::pair<string, string>>& headers) { - SpdyHeaderBlock result; - for (const auto& kv : headers) { - result.AppendValueOrAddHeader(kv.first, kv.second); - } - return result; - } - - Http2Random random_; - HpackDecoder2 decoder_; - test::HpackDecoder2Peer decoder_peer_; - TestHeadersHandler handler_; - StartChoice start_choice_; - bool randomly_split_input_buffer_; - bool decode_has_failed_ = false; -}; - -INSTANTIATE_TEST_CASE_P( - StartChoiceAndRandomlySplitChoice, - HpackDecoder2Test, - ::testing::Combine( - ::testing::Values(START_WITH_HANDLER, START_WITHOUT_HANDLER, NO_START), - ::testing::Bool())); - -TEST_P(HpackDecoder2Test, AddHeaderDataWithHandleControlFrameHeadersData) { - // The hpack decode buffer size is limited in size. This test verifies that - // adding encoded data under that limit is accepted, and data that exceeds the - // limit is rejected. - HandleControlFrameHeadersStart(); - const size_t kMaxBufferSizeBytes = 50; - const string a_value = string(49, 'x'); - decoder_.set_max_decode_buffer_size_bytes(kMaxBufferSizeBytes); - { - HpackBlockBuilder hbb; - hbb.AppendLiteralNameAndValue(HpackEntryType::kNeverIndexedLiteralHeader, - false, "a", false, a_value); - const auto& s = hbb.buffer(); - EXPECT_TRUE(decoder_.HandleControlFrameHeadersData(s.data(), s.size())); - } - { - HpackBlockBuilder hbb; - hbb.AppendLiteralNameAndValue(HpackEntryType::kNeverIndexedLiteralHeader, - false, "b", false, string(51, 'x')); - const auto& s = hbb.buffer(); - EXPECT_FALSE(decoder_.HandleControlFrameHeadersData(s.data(), s.size())); - } - - SpdyHeaderBlock expected_block = MakeHeaderBlock({{"a", a_value}}); - EXPECT_EQ(expected_block, decoded_block()); -} - -TEST_P(HpackDecoder2Test, NameTooLong) { - // Verify that a name longer than the allowed size generates an error. - const size_t kMaxBufferSizeBytes = 50; - const string name = string(2 * kMaxBufferSizeBytes, 'x'); - const string value = "abc"; - - decoder_.set_max_decode_buffer_size_bytes(kMaxBufferSizeBytes); - - HpackBlockBuilder hbb; - hbb.AppendLiteralNameAndValue(HpackEntryType::kNeverIndexedLiteralHeader, - false, name, false, value); - - const size_t fragment_size = (3 * kMaxBufferSizeBytes) / 2; - const string fragment = hbb.buffer().substr(0, fragment_size); - - HandleControlFrameHeadersStart(); - EXPECT_FALSE(HandleControlFrameHeadersData(fragment)); -} - -TEST_P(HpackDecoder2Test, HeaderTooLongToBuffer) { - // Verify that a header longer than the allowed size generates an error if - // it isn't all in one input buffer. - const string name = "some-key"; - const string value = "some-value"; - const size_t kMaxBufferSizeBytes = name.size() + value.size() - 2; - decoder_.set_max_decode_buffer_size_bytes(kMaxBufferSizeBytes); - - HpackBlockBuilder hbb; - hbb.AppendLiteralNameAndValue(HpackEntryType::kNeverIndexedLiteralHeader, - false, name, false, value); - const size_t fragment_size = hbb.size() - 1; - const string fragment = hbb.buffer().substr(0, fragment_size); - - HandleControlFrameHeadersStart(); - EXPECT_FALSE(HandleControlFrameHeadersData(fragment)); -} - -// Decode with incomplete data in buffer. -TEST_P(HpackDecoder2Test, DecodeWithIncompleteData) { - HandleControlFrameHeadersStart(); - - // No need to wait for more data. - EXPECT_TRUE(HandleControlFrameHeadersData("\x82\x85\x82")); - std::vector<std::pair<string, string>> expected_headers = { - {":method", "GET"}, {":path", "/index.html"}, {":method", "GET"}}; - - SpdyHeaderBlock expected_block1 = MakeHeaderBlock(expected_headers); - EXPECT_EQ(expected_block1, decoded_block()); - - // Full and partial headers, won't add partial to the headers. - EXPECT_TRUE( - HandleControlFrameHeadersData("\x40\x03goo" - "\x03gar\xbe\x40\x04spam")); - expected_headers.push_back({"goo", "gar"}); - expected_headers.push_back({"goo", "gar"}); - - SpdyHeaderBlock expected_block2 = MakeHeaderBlock(expected_headers); - EXPECT_EQ(expected_block2, decoded_block()); - - // Add the needed data. - EXPECT_TRUE(HandleControlFrameHeadersData("\x04gggs")); - - size_t size = 0; - EXPECT_TRUE(HandleControlFrameHeadersComplete(&size)); - EXPECT_EQ(24u, size); - - expected_headers.push_back({"spam", "gggs"}); - - SpdyHeaderBlock expected_block3 = MakeHeaderBlock(expected_headers); - EXPECT_EQ(expected_block3, decoded_block()); -} - -TEST_P(HpackDecoder2Test, HandleHeaderRepresentation) { - // Make sure the decoder is properly initialized. - HandleControlFrameHeadersStart(); - HandleControlFrameHeadersData(""); - - // All cookie crumbs are joined. - decoder_peer_.HandleHeaderRepresentation("cookie", " part 1"); - decoder_peer_.HandleHeaderRepresentation("cookie", "part 2 "); - decoder_peer_.HandleHeaderRepresentation("cookie", "part3"); - - // Already-delimited headers are passed through. - decoder_peer_.HandleHeaderRepresentation("passed-through", - string("foo\0baz", 7)); - - // Other headers are joined on \0. Case matters. - decoder_peer_.HandleHeaderRepresentation("joined", "not joined"); - decoder_peer_.HandleHeaderRepresentation("joineD", "value 1"); - decoder_peer_.HandleHeaderRepresentation("joineD", "value 2"); - - // Empty headers remain empty. - decoder_peer_.HandleHeaderRepresentation("empty", ""); - - // Joined empty headers work as expected. - decoder_peer_.HandleHeaderRepresentation("empty-joined", ""); - decoder_peer_.HandleHeaderRepresentation("empty-joined", "foo"); - decoder_peer_.HandleHeaderRepresentation("empty-joined", ""); - decoder_peer_.HandleHeaderRepresentation("empty-joined", ""); - - // Non-contiguous cookie crumb. - decoder_peer_.HandleHeaderRepresentation("cookie", " fin!"); - - // Finish and emit all headers. - decoder_.HandleControlFrameHeadersComplete(nullptr); - - // Resulting decoded headers are in the same order as the inputs. - EXPECT_THAT(decoded_block(), - ElementsAre(Pair("cookie", " part 1; part 2 ; part3; fin!"), - Pair("passed-through", StringPiece("foo\0baz", 7)), - Pair("joined", "not joined"), - Pair("joineD", StringPiece("value 1\0value 2", 15)), - Pair("empty", ""), - Pair("empty-joined", StringPiece("\0foo\0\0", 6)))); -} - -// Decoding indexed static table field should work. -TEST_P(HpackDecoder2Test, IndexedHeaderStatic) { - // Reference static table entries #2 and #5. - const SpdyHeaderBlock& header_set1 = DecodeBlockExpectingSuccess("\x82\x85"); - SpdyHeaderBlock expected_header_set1; - expected_header_set1[":method"] = "GET"; - expected_header_set1[":path"] = "/index.html"; - EXPECT_EQ(expected_header_set1, header_set1); - - // Reference static table entry #2. - const SpdyHeaderBlock& header_set2 = DecodeBlockExpectingSuccess("\x82"); - SpdyHeaderBlock expected_header_set2; - expected_header_set2[":method"] = "GET"; - EXPECT_EQ(expected_header_set2, header_set2); -} - -TEST_P(HpackDecoder2Test, IndexedHeaderDynamic) { - // First header block: add an entry to header table. - const SpdyHeaderBlock& header_set1 = DecodeBlockExpectingSuccess( - "\x40\x03" - "foo" - "\x03" - "bar"); - SpdyHeaderBlock expected_header_set1; - expected_header_set1["foo"] = "bar"; - EXPECT_EQ(expected_header_set1, header_set1); - - // Second header block: add another entry to header table. - const SpdyHeaderBlock& header_set2 = DecodeBlockExpectingSuccess( - "\xbe\x40\x04" - "spam" - "\x04" - "eggs"); - SpdyHeaderBlock expected_header_set2; - expected_header_set2["foo"] = "bar"; - expected_header_set2["spam"] = "eggs"; - EXPECT_EQ(expected_header_set2, header_set2); - - // Third header block: refer to most recently added entry. - const SpdyHeaderBlock& header_set3 = DecodeBlockExpectingSuccess("\xbe"); - SpdyHeaderBlock expected_header_set3; - expected_header_set3["spam"] = "eggs"; - EXPECT_EQ(expected_header_set3, header_set3); -} - -// Test a too-large indexed header. -TEST_P(HpackDecoder2Test, InvalidIndexedHeader) { - // High-bit set, and a prefix of one more than the number of static entries. - EXPECT_FALSE(DecodeHeaderBlock("\xbe")); -} - -TEST_P(HpackDecoder2Test, ContextUpdateMaximumSize) { - EXPECT_EQ(kDefaultHeaderTableSizeSetting, - decoder_peer_.header_table()->max_size()); - string input; - { - // Maximum-size update with size 126. Succeeds. - HpackOutputStream output_stream; - output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode); - output_stream.AppendUint32(126); - - output_stream.TakeString(&input); - EXPECT_TRUE(DecodeHeaderBlock(StringPiece(input))); - EXPECT_EQ(126u, decoder_peer_.header_table()->max_size()); - } - { - // Maximum-size update with kDefaultHeaderTableSizeSetting. Succeeds. - HpackOutputStream output_stream; - output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode); - output_stream.AppendUint32(kDefaultHeaderTableSizeSetting); - - output_stream.TakeString(&input); - EXPECT_TRUE(DecodeHeaderBlock(StringPiece(input))); - EXPECT_EQ(kDefaultHeaderTableSizeSetting, - decoder_peer_.header_table()->max_size()); - } - { - // Maximum-size update with kDefaultHeaderTableSizeSetting + 1. Fails. - HpackOutputStream output_stream; - output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode); - output_stream.AppendUint32(kDefaultHeaderTableSizeSetting + 1); - - output_stream.TakeString(&input); - EXPECT_FALSE(DecodeHeaderBlock(StringPiece(input))); - EXPECT_EQ(kDefaultHeaderTableSizeSetting, - decoder_peer_.header_table()->max_size()); - } -} - -// Two HeaderTableSizeUpdates may appear at the beginning of the block -TEST_P(HpackDecoder2Test, TwoTableSizeUpdates) { - string input; - { - // Should accept two table size updates, update to second one - HpackOutputStream output_stream; - output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode); - output_stream.AppendUint32(0); - output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode); - output_stream.AppendUint32(122); - - output_stream.TakeString(&input); - EXPECT_TRUE(DecodeHeaderBlock(StringPiece(input))); - EXPECT_EQ(122u, decoder_peer_.header_table()->max_size()); - } -} - -// Three HeaderTableSizeUpdates should result in an error -TEST_P(HpackDecoder2Test, ThreeTableSizeUpdatesError) { - string input; - { - // Should reject three table size updates, update to second one - HpackOutputStream output_stream; - output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode); - output_stream.AppendUint32(5); - output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode); - output_stream.AppendUint32(10); - output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode); - output_stream.AppendUint32(15); - - output_stream.TakeString(&input); - - EXPECT_FALSE(DecodeHeaderBlock(StringPiece(input))); - EXPECT_EQ(10u, decoder_peer_.header_table()->max_size()); - } -} - -// HeaderTableSizeUpdates may only appear at the beginning of the block -// Any other updates should result in an error -TEST_P(HpackDecoder2Test, TableSizeUpdateSecondError) { - string input; - { - // Should reject a table size update appearing after a different entry - // The table size should remain as the default - HpackOutputStream output_stream; - output_stream.AppendBytes("\x82\x85"); - output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode); - output_stream.AppendUint32(123); - - output_stream.TakeString(&input); - - EXPECT_FALSE(DecodeHeaderBlock(StringPiece(input))); - EXPECT_EQ(kDefaultHeaderTableSizeSetting, - decoder_peer_.header_table()->max_size()); - } -} - -// HeaderTableSizeUpdates may only appear at the beginning of the block -// Any other updates should result in an error -TEST_P(HpackDecoder2Test, TableSizeUpdateFirstThirdError) { - string input; - { - // Should reject the second table size update - // if a different entry appears after the first update - // The table size should update to the first but not the second - HpackOutputStream output_stream; - output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode); - output_stream.AppendUint32(60); - output_stream.AppendBytes("\x82\x85"); - output_stream.AppendPrefix(kHeaderTableSizeUpdateOpcode); - output_stream.AppendUint32(125); - - output_stream.TakeString(&input); - - EXPECT_FALSE(DecodeHeaderBlock(StringPiece(input))); - EXPECT_EQ(60u, decoder_peer_.header_table()->max_size()); - } -} - -// Decoding two valid encoded literal headers with no indexing should -// work. -TEST_P(HpackDecoder2Test, LiteralHeaderNoIndexing) { - // First header with indexed name, second header with string literal - // name. - const char input[] = "\x04\x0c/sample/path\x00\x06:path2\x0e/sample/path/2"; - const SpdyHeaderBlock& header_set = - DecodeBlockExpectingSuccess(StringPiece(input, arraysize(input) - 1)); - - SpdyHeaderBlock expected_header_set; - expected_header_set[":path"] = "/sample/path"; - expected_header_set[":path2"] = "/sample/path/2"; - EXPECT_EQ(expected_header_set, header_set); -} - -// Decoding two valid encoded literal headers with incremental -// indexing and string literal names should work. -TEST_P(HpackDecoder2Test, LiteralHeaderIncrementalIndexing) { - const char input[] = "\x44\x0c/sample/path\x40\x06:path2\x0e/sample/path/2"; - const SpdyHeaderBlock& header_set = - DecodeBlockExpectingSuccess(StringPiece(input, arraysize(input) - 1)); - - SpdyHeaderBlock expected_header_set; - expected_header_set[":path"] = "/sample/path"; - expected_header_set[":path2"] = "/sample/path/2"; - EXPECT_EQ(expected_header_set, header_set); -} - -TEST_P(HpackDecoder2Test, LiteralHeaderWithIndexingInvalidNameIndex) { - decoder_.ApplyHeaderTableSizeSetting(0); - - // Name is the last static index. Works. - EXPECT_TRUE(DecodeHeaderBlock(StringPiece("\x7d\x03ooo"))); - // Name is one beyond the last static index. Fails. - EXPECT_FALSE(DecodeHeaderBlock(StringPiece("\x7e\x03ooo"))); -} - -TEST_P(HpackDecoder2Test, LiteralHeaderNoIndexingInvalidNameIndex) { - // Name is the last static index. Works. - EXPECT_TRUE(DecodeHeaderBlock(StringPiece("\x0f\x2e\x03ooo"))); - // Name is one beyond the last static index. Fails. - EXPECT_FALSE(DecodeHeaderBlock(StringPiece("\x0f\x2f\x03ooo"))); -} - -TEST_P(HpackDecoder2Test, LiteralHeaderNeverIndexedInvalidNameIndex) { - // Name is the last static index. Works. - EXPECT_TRUE(DecodeHeaderBlock(StringPiece("\x1f\x2e\x03ooo"))); - // Name is one beyond the last static index. Fails. - EXPECT_FALSE(DecodeHeaderBlock(StringPiece("\x1f\x2f\x03ooo"))); -} - -TEST_P(HpackDecoder2Test, TruncatedIndex) { - // Indexed Header, varint for index requires multiple bytes, - // but only one provided. - EXPECT_FALSE(DecodeHeaderBlock(StringPiece("\xff", 1))); -} - -TEST_P(HpackDecoder2Test, TruncatedHuffmanLiteral) { - // Literal value, Huffman encoded, but with the last byte missing (i.e. - // drop the final ff shown below). - // - // 41 | == Literal indexed == - // | Indexed name (idx = 1) - // | :authority - // 8c | Literal value (len = 12) - // | Huffman encoded: - // f1e3 c2e5 f23a 6ba0 ab90 f4ff | .....:k..... - // | Decoded: - // | www.example.com - // | -> :authority: www.example.com - - string first = a2b_hex("418cf1e3c2e5f23a6ba0ab90f4ff"); - EXPECT_TRUE(DecodeHeaderBlock(first)); - first = a2b_hex("418cf1e3c2e5f23a6ba0ab90f4"); - EXPECT_FALSE(DecodeHeaderBlock(first)); -} - -TEST_P(HpackDecoder2Test, HuffmanEOSError) { - // Literal value, Huffman encoded, but with an additional ff byte at the end - // of the string, i.e. an EOS that is longer than permitted. - // - // 41 | == Literal indexed == - // | Indexed name (idx = 1) - // | :authority - // 8d | Literal value (len = 13) - // | Huffman encoded: - // f1e3 c2e5 f23a 6ba0 ab90 f4ff | .....:k..... - // | Decoded: - // | www.example.com - // | -> :authority: www.example.com - - string first = a2b_hex("418cf1e3c2e5f23a6ba0ab90f4ff"); - EXPECT_TRUE(DecodeHeaderBlock(first)); - first = a2b_hex("418df1e3c2e5f23a6ba0ab90f4ffff"); - EXPECT_FALSE(DecodeHeaderBlock(first)); -} - -// Round-tripping the header set from RFC 7541 C.3.1 should work. -// http://httpwg.org/specs/rfc7541.html#rfc.section.C.3.1 -TEST_P(HpackDecoder2Test, BasicC31) { - HpackEncoder encoder(ObtainHpackHuffmanTable()); - - SpdyHeaderBlock expected_header_set; - expected_header_set[":method"] = "GET"; - expected_header_set[":scheme"] = "http"; - expected_header_set[":path"] = "/"; - expected_header_set[":authority"] = "www.example.com"; - - string encoded_header_set; - EXPECT_TRUE( - encoder.EncodeHeaderSet(expected_header_set, &encoded_header_set)); - - EXPECT_TRUE(DecodeHeaderBlock(encoded_header_set)); - EXPECT_EQ(expected_header_set, decoded_block()); -} - -// RFC 7541, Section C.4: Request Examples with Huffman Coding -// http://httpwg.org/specs/rfc7541.html#rfc.section.C.4 -TEST_P(HpackDecoder2Test, SectionC4RequestHuffmanExamples) { - // TODO(jamessynge): Use net/http2/hpack/tools/hpack_example.h to parse the - // example directly, instead of having it as a comment. - // 82 | == Indexed - Add == - // | idx = 2 - // | -> :method: GET - // 86 | == Indexed - Add == - // | idx = 6 - // | -> :scheme: http - // 84 | == Indexed - Add == - // | idx = 4 - // | -> :path: / - // 41 | == Literal indexed == - // | Indexed name (idx = 1) - // | :authority - // 8c | Literal value (len = 12) - // | Huffman encoded: - // f1e3 c2e5 f23a 6ba0 ab90 f4ff | .....:k..... - // | Decoded: - // | www.example.com - // | -> :authority: www.example.com - string first = a2b_hex("828684418cf1e3c2e5f23a6ba0ab90f4ff"); - const SpdyHeaderBlock& first_header_set = DecodeBlockExpectingSuccess(first); - - EXPECT_THAT(first_header_set, - ElementsAre( - // clang-format off - Pair(":method", "GET"), - Pair(":scheme", "http"), - Pair(":path", "/"), - Pair(":authority", "www.example.com"))); - // clang-format on - - expectEntry(62, 57, ":authority", "www.example.com"); - EXPECT_EQ(57u, decoder_peer_.header_table()->size()); - - // 82 | == Indexed - Add == - // | idx = 2 - // | -> :method: GET - // 86 | == Indexed - Add == - // | idx = 6 - // | -> :scheme: http - // 84 | == Indexed - Add == - // | idx = 4 - // | -> :path: / - // be | == Indexed - Add == - // | idx = 62 - // | -> :authority: www.example.com - // 58 | == Literal indexed == - // | Indexed name (idx = 24) - // | cache-control - // 86 | Literal value (len = 8) - // | Huffman encoded: - // a8eb 1064 9cbf | ...d.. - // | Decoded: - // | no-cache - // | -> cache-control: no-cache - - string second = a2b_hex("828684be5886a8eb10649cbf"); - const SpdyHeaderBlock& second_header_set = - DecodeBlockExpectingSuccess(second); - - EXPECT_THAT(second_header_set, - ElementsAre( - // clang-format off - Pair(":method", "GET"), - Pair(":scheme", "http"), - Pair(":path", "/"), - Pair(":authority", "www.example.com"), - Pair("cache-control", "no-cache"))); - // clang-format on - - expectEntry(62, 53, "cache-control", "no-cache"); - expectEntry(63, 57, ":authority", "www.example.com"); - EXPECT_EQ(110u, decoder_peer_.header_table()->size()); - - // 82 | == Indexed - Add == - // | idx = 2 - // | -> :method: GET - // 87 | == Indexed - Add == - // | idx = 7 - // | -> :scheme: https - // 85 | == Indexed - Add == - // | idx = 5 - // | -> :path: /index.html - // bf | == Indexed - Add == - // | idx = 63 - // | -> :authority: www.example.com - // 40 | == Literal indexed == - // 88 | Literal name (len = 10) - // | Huffman encoded: - // 25a8 49e9 5ba9 7d7f | %.I.[.}. - // | Decoded: - // | custom-key - // 89 | Literal value (len = 12) - // | Huffman encoded: - // 25a8 49e9 5bb8 e8b4 bf | %.I.[.... - // | Decoded: - // | custom-value - // | -> custom-key: custom-value - string third = a2b_hex("828785bf408825a849e95ba97d7f8925a849e95bb8e8b4bf"); - const SpdyHeaderBlock& third_header_set = DecodeBlockExpectingSuccess(third); - - EXPECT_THAT( - third_header_set, - ElementsAre( - // clang-format off - Pair(":method", "GET"), - Pair(":scheme", "https"), - Pair(":path", "/index.html"), - Pair(":authority", "www.example.com"), - Pair("custom-key", "custom-value"))); - // clang-format on - - expectEntry(62, 54, "custom-key", "custom-value"); - expectEntry(63, 53, "cache-control", "no-cache"); - expectEntry(64, 57, ":authority", "www.example.com"); - EXPECT_EQ(164u, decoder_peer_.header_table()->size()); -} - -// RFC 7541, Section C.6: Response Examples with Huffman Coding -// http://httpwg.org/specs/rfc7541.html#rfc.section.C.6 -TEST_P(HpackDecoder2Test, SectionC6ResponseHuffmanExamples) { - decoder_.ApplyHeaderTableSizeSetting(256); - - // 48 | == Literal indexed == - // | Indexed name (idx = 8) - // | :status - // 82 | Literal value (len = 3) - // | Huffman encoded: - // 6402 | d. - // | Decoded: - // | 302 - // | -> :status: 302 - // 58 | == Literal indexed == - // | Indexed name (idx = 24) - // | cache-control - // 85 | Literal value (len = 7) - // | Huffman encoded: - // aec3 771a 4b | ..w.K - // | Decoded: - // | private - // | -> cache-control: private - // 61 | == Literal indexed == - // | Indexed name (idx = 33) - // | date - // 96 | Literal value (len = 29) - // | Huffman encoded: - // d07a be94 1054 d444 a820 0595 040b 8166 | .z...T.D. .....f - // e082 a62d 1bff | ...-.. - // | Decoded: - // | Mon, 21 Oct 2013 20:13:21 - // | GMT - // | -> date: Mon, 21 Oct 2013 - // | 20:13:21 GMT - // 6e | == Literal indexed == - // | Indexed name (idx = 46) - // | location - // 91 | Literal value (len = 23) - // | Huffman encoded: - // 9d29 ad17 1863 c78f 0b97 c8e9 ae82 ae43 | .)...c.........C - // d3 | . - // | Decoded: - // | https://www.example.com - // | -> location: https://www.e - // | xample.com - - string first = a2b_hex( - "488264025885aec3771a4b6196d07abe" - "941054d444a8200595040b8166e082a6" - "2d1bff6e919d29ad171863c78f0b97c8" - "e9ae82ae43d3"); - const SpdyHeaderBlock& first_header_set = DecodeBlockExpectingSuccess(first); - - EXPECT_THAT(first_header_set, - ElementsAre( - // clang-format off - Pair(":status", "302"), - Pair("cache-control", "private"), - Pair("date", "Mon, 21 Oct 2013 20:13:21 GMT"), - Pair("location", "https://www.example.com"))); - // clang-format on - - expectEntry(62, 63, "location", "https://www.example.com"); - expectEntry(63, 65, "date", "Mon, 21 Oct 2013 20:13:21 GMT"); - expectEntry(64, 52, "cache-control", "private"); - expectEntry(65, 42, ":status", "302"); - EXPECT_EQ(222u, decoder_peer_.header_table()->size()); - - // 48 | == Literal indexed == - // | Indexed name (idx = 8) - // | :status - // 83 | Literal value (len = 3) - // | Huffman encoded: - // 640e ff | d.. - // | Decoded: - // | 307 - // | - evict: :status: 302 - // | -> :status: 307 - // c1 | == Indexed - Add == - // | idx = 65 - // | -> cache-control: private - // c0 | == Indexed - Add == - // | idx = 64 - // | -> date: Mon, 21 Oct 2013 - // | 20:13:21 GMT - // bf | == Indexed - Add == - // | idx = 63 - // | -> location: - // | https://www.example.com - string second = a2b_hex("4883640effc1c0bf"); - const SpdyHeaderBlock& second_header_set = - DecodeBlockExpectingSuccess(second); - - EXPECT_THAT(second_header_set, - ElementsAre( - // clang-format off - Pair(":status", "307"), - Pair("cache-control", "private"), - Pair("date", "Mon, 21 Oct 2013 20:13:21 GMT"), - Pair("location", "https://www.example.com"))); - // clang-format on - - expectEntry(62, 42, ":status", "307"); - expectEntry(63, 63, "location", "https://www.example.com"); - expectEntry(64, 65, "date", "Mon, 21 Oct 2013 20:13:21 GMT"); - expectEntry(65, 52, "cache-control", "private"); - EXPECT_EQ(222u, decoder_peer_.header_table()->size()); - - // 88 | == Indexed - Add == - // | idx = 8 - // | -> :status: 200 - // c1 | == Indexed - Add == - // | idx = 65 - // | -> cache-control: private - // 61 | == Literal indexed == - // | Indexed name (idx = 33) - // | date - // 96 | Literal value (len = 22) - // | Huffman encoded: - // d07a be94 1054 d444 a820 0595 040b 8166 | .z...T.D. .....f - // e084 a62d 1bff | ...-.. - // | Decoded: - // | Mon, 21 Oct 2013 20:13:22 - // | GMT - // | - evict: cache-control: - // | private - // | -> date: Mon, 21 Oct 2013 - // | 20:13:22 GMT - // c0 | == Indexed - Add == - // | idx = 64 - // | -> location: - // | https://www.example.com - // 5a | == Literal indexed == - // | Indexed name (idx = 26) - // | content-encoding - // 83 | Literal value (len = 3) - // | Huffman encoded: - // 9bd9 ab | ... - // | Decoded: - // | gzip - // | - evict: date: Mon, 21 Oct - // | 2013 20:13:21 GMT - // | -> content-encoding: gzip - // 77 | == Literal indexed == - // | Indexed name (idx = 55) - // | set-cookie - // ad | Literal value (len = 45) - // | Huffman encoded: - // 94e7 821d d7f2 e6c7 b335 dfdf cd5b 3960 | .........5...[9` - // d5af 2708 7f36 72c1 ab27 0fb5 291f 9587 | ..'..6r..'..)... - // 3160 65c0 03ed 4ee5 b106 3d50 07 | 1`e...N...=P. - // | Decoded: - // | foo=ASDJKHQKBZXOQWEOPIUAXQ - // | WEOIU; max-age=3600; versi - // | on=1 - // | - evict: location: - // | https://www.example.com - // | - evict: :status: 307 - // | -> set-cookie: foo=ASDJKHQ - // | KBZXOQWEOPIUAXQWEOIU; - // | max-age=3600; version=1 - string third = a2b_hex( - "88c16196d07abe941054d444a8200595" - "040b8166e084a62d1bffc05a839bd9ab" - "77ad94e7821dd7f2e6c7b335dfdfcd5b" - "3960d5af27087f3672c1ab270fb5291f" - "9587316065c003ed4ee5b1063d5007"); - const SpdyHeaderBlock& third_header_set = DecodeBlockExpectingSuccess(third); - - EXPECT_THAT(third_header_set, - ElementsAre( - // clang-format off - Pair(":status", "200"), - Pair("cache-control", "private"), - Pair("date", "Mon, 21 Oct 2013 20:13:22 GMT"), - Pair("location", "https://www.example.com"), - Pair("content-encoding", "gzip"), - Pair("set-cookie", "foo=ASDJKHQKBZXOQWEOPIUAXQWEOIU;" - " max-age=3600; version=1"))); - // clang-format on - - expectEntry(62, 98, "set-cookie", - "foo=ASDJKHQKBZXOQWEOPIUAXQWEOIU;" - " max-age=3600; version=1"); - expectEntry(63, 52, "content-encoding", "gzip"); - expectEntry(64, 65, "date", "Mon, 21 Oct 2013 20:13:22 GMT"); - EXPECT_EQ(215u, decoder_peer_.header_table()->size()); -} - -// Regression test: Found that entries with dynamic indexed names and literal -// values caused "use after free" MSAN failures if the name was evicted as it -// was being re-used. -TEST_P(HpackDecoder2Test, ReuseNameOfEvictedEntry) { - // Each entry is measured as 32 bytes plus the sum of the lengths of the name - // and the value. Set the size big enough for at most one entry, and a fairly - // small one at that (31 ASCII characters). - decoder_.ApplyHeaderTableSizeSetting(63); - - HpackBlockBuilder hbb; - - const StringPiece name("some-name"); - const StringPiece value1("some-value"); - const StringPiece value2("another-value"); - const StringPiece value3("yet-another-value"); - - // Add an entry that will become the first in the dynamic table, entry 62. - hbb.AppendLiteralNameAndValue(HpackEntryType::kIndexedLiteralHeader, false, - name, false, value1); - - // Confirm that entry has been added by re-using it. - hbb.AppendIndexedHeader(62); - - // Add another entry referring to the name of the first. This will evict the - // first. - hbb.AppendNameIndexAndLiteralValue(HpackEntryType::kIndexedLiteralHeader, 62, - false, value2); - - // Confirm that entry has been added by re-using it. - hbb.AppendIndexedHeader(62); - - // Add another entry referring to the name of the second. This will evict the - // second. - hbb.AppendNameIndexAndLiteralValue(HpackEntryType::kIndexedLiteralHeader, 62, - false, value3); - - // Confirm that entry has been added by re-using it. - hbb.AppendIndexedHeader(62); - - EXPECT_TRUE(DecodeHeaderBlock(hbb.buffer())); - - SpdyHeaderBlock expected_header_set; - expected_header_set.AppendValueOrAddHeader(name, value1); - expected_header_set.AppendValueOrAddHeader(name, value1); - expected_header_set.AppendValueOrAddHeader(name, value2); - expected_header_set.AppendValueOrAddHeader(name, value2); - expected_header_set.AppendValueOrAddHeader(name, value3); - expected_header_set.AppendValueOrAddHeader(name, value3); - - // SpdyHeaderBlock stores these 6 strings as '\0' separated values. - // Make sure that is what happened. - string joined_values = expected_header_set[name].as_string(); - EXPECT_EQ(joined_values.size(), - 2 * value1.size() + 2 * value2.size() + 2 * value3.size() + 5); - - EXPECT_EQ(expected_header_set, decoded_block()); -} - -} // namespace -} // namespace test -} // namespace net diff --git a/chromium/net/spdy/hpack/hpack_decoder3.cc b/chromium/net/spdy/hpack/hpack_decoder3.cc index 6929980158b..2e2fc39703e 100644 --- a/chromium/net/spdy/hpack/hpack_decoder3.cc +++ b/chromium/net/spdy/hpack/hpack_decoder3.cc @@ -9,8 +9,6 @@ #include "net/http2/decoder/decode_status.h" #include "net/spdy/platform/api/spdy_estimate_memory_usage.h" -using base::StringPiece; - namespace net { namespace { const size_t kMaxDecodeBufferSizeBytes = 32 * 1024; // 32 KB @@ -160,7 +158,7 @@ void HpackDecoder3::ListenerAdapter::OnHeaderListEnd() { } void HpackDecoder3::ListenerAdapter::OnHeaderErrorDetected( - StringPiece error_message) { + SpdyStringPiece error_message) { VLOG(1) << error_message; } diff --git a/chromium/net/spdy/hpack/hpack_decoder3.h b/chromium/net/spdy/hpack/hpack_decoder3.h index a83fdf2fad3..7517b30ded7 100644 --- a/chromium/net/spdy/hpack/hpack_decoder3.h +++ b/chromium/net/spdy/hpack/hpack_decoder3.h @@ -14,7 +14,6 @@ #include <memory> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/base/net_export.h" #include "net/http2/hpack/decoder/hpack_decoder_listener.h" #include "net/http2/hpack/decoder/http2_hpack_decoder.h" @@ -22,6 +21,7 @@ #include "net/http2/hpack/http2_hpack_constants.h" #include "net/spdy/hpack/hpack_decoder_interface.h" #include "net/spdy/hpack/hpack_header_table.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/spdy_header_block.h" #include "net/spdy/spdy_headers_handler_interface.h" @@ -76,7 +76,7 @@ class NET_EXPORT_PRIVATE HpackDecoder3 : public HpackDecoderInterface { const HpackString& name, const HpackString& value) override; void OnHeaderListEnd() override; - void OnHeaderErrorDetected(base::StringPiece error_message) override; + void OnHeaderErrorDetected(SpdyStringPiece error_message) override; // Override the HpackDecoderTablesDebugListener methods: int64_t OnEntryInserted(const HpackStringPair& entry, diff --git a/chromium/net/spdy/hpack/hpack_decoder3_test.cc b/chromium/net/spdy/hpack/hpack_decoder3_test.cc index 3f71724a4ff..73279aa66d7 100644 --- a/chromium/net/spdy/hpack/hpack_decoder3_test.cc +++ b/chromium/net/spdy/hpack/hpack_decoder3_test.cc @@ -8,7 +8,6 @@ #include <stdint.h> -#include <string> #include <tuple> #include <utility> #include <vector> @@ -23,12 +22,11 @@ #include "net/spdy/hpack/hpack_encoder.h" #include "net/spdy/hpack/hpack_huffman_table.h" #include "net/spdy/hpack/hpack_output_stream.h" +#include "net/spdy/platform/api/spdy_string.h" #include "net/spdy/spdy_test_utils.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; -using std::string; using ::testing::ElementsAre; using ::testing::Pair; @@ -56,7 +54,7 @@ class HpackDecoder3Peer { public: explicit HpackDecoder3Peer(HpackDecoder3* decoder) : decoder_(decoder) {} - void HandleHeaderRepresentation(StringPiece name, StringPiece value) { + void HandleHeaderRepresentation(SpdyStringPiece name, SpdyStringPiece value) { decoder_->listener_adapter_.OnHeader(HpackEntryType::kIndexedLiteralHeader, HpackString(name), HpackString(value)); } @@ -112,7 +110,7 @@ class HpackDecoder3Test } } - bool HandleControlFrameHeadersData(StringPiece str) { + bool HandleControlFrameHeadersData(SpdyStringPiece str) { VLOG(3) << "HandleControlFrameHeadersData:\n" << base::HexEncode(str.data(), str.size()); return decoder_.HandleControlFrameHeadersData(str.data(), str.size()); @@ -122,7 +120,7 @@ class HpackDecoder3Test return decoder_.HandleControlFrameHeadersComplete(size); } - bool DecodeHeaderBlock(StringPiece str) { + bool DecodeHeaderBlock(SpdyStringPiece str) { // Don't call this again if HandleControlFrameHeadersData failed previously. EXPECT_FALSE(decode_has_failed_); HandleControlFrameHeadersStart(); @@ -168,15 +166,15 @@ class HpackDecoder3Test } } - const SpdyHeaderBlock& DecodeBlockExpectingSuccess(StringPiece str) { + const SpdyHeaderBlock& DecodeBlockExpectingSuccess(SpdyStringPiece str) { EXPECT_TRUE(DecodeHeaderBlock(str)); return decoded_block(); } void expectEntry(size_t index, size_t size, - const string& name, - const string& value) { + const SpdyString& name, + const SpdyString& value) { const HpackStringPair* entry = decoder_peer_.GetTableEntry(index); EXPECT_EQ(name, entry->name) << "index " << index; EXPECT_EQ(value, entry->value); @@ -184,7 +182,7 @@ class HpackDecoder3Test } SpdyHeaderBlock MakeHeaderBlock( - const std::vector<std::pair<string, string>>& headers) { + const std::vector<std::pair<SpdyString, SpdyString>>& headers) { SpdyHeaderBlock result; for (const auto& kv : headers) { result.AppendValueOrAddHeader(kv.first, kv.second); @@ -215,12 +213,12 @@ TEST_P(HpackDecoder3Test, AddHeaderDataWithHandleControlFrameHeadersData) { // limit is rejected. HandleControlFrameHeadersStart(); const size_t kMaxBufferSizeBytes = 50; - const string a_value = string(49, 'x'); + const SpdyString a_value = SpdyString(49, 'x'); decoder_.set_max_decode_buffer_size_bytes(kMaxBufferSizeBytes); HpackBlockBuilder hbb; hbb.AppendLiteralNameAndValue(HpackEntryType::kNeverIndexedLiteralHeader, false, "a", false, a_value); - const string& s = hbb.buffer(); + const SpdyString& s = hbb.buffer(); EXPECT_GT(s.size(), kMaxBufferSizeBytes); // Any one in input buffer must not exceed kMaxBufferSizeBytes. @@ -235,8 +233,8 @@ TEST_P(HpackDecoder3Test, AddHeaderDataWithHandleControlFrameHeadersData) { TEST_P(HpackDecoder3Test, NameTooLong) { // Verify that a name longer than the allowed size generates an error. const size_t kMaxBufferSizeBytes = 50; - const string name = string(2 * kMaxBufferSizeBytes, 'x'); - const string value = "abc"; + const SpdyString name = SpdyString(2 * kMaxBufferSizeBytes, 'x'); + const SpdyString value = "abc"; decoder_.set_max_decode_buffer_size_bytes(kMaxBufferSizeBytes); @@ -245,7 +243,7 @@ TEST_P(HpackDecoder3Test, NameTooLong) { false, name, false, value); const size_t fragment_size = (3 * kMaxBufferSizeBytes) / 2; - const string fragment = hbb.buffer().substr(0, fragment_size); + const SpdyString fragment = hbb.buffer().substr(0, fragment_size); HandleControlFrameHeadersStart(); EXPECT_FALSE(HandleControlFrameHeadersData(fragment)); @@ -254,8 +252,8 @@ TEST_P(HpackDecoder3Test, NameTooLong) { TEST_P(HpackDecoder3Test, HeaderTooLongToBuffer) { // Verify that a header longer than the allowed size generates an error if // it isn't all in one input buffer. - const string name = "some-key"; - const string value = "some-value"; + const SpdyString name = "some-key"; + const SpdyString value = "some-value"; const size_t kMaxBufferSizeBytes = name.size() + value.size() - 2; decoder_.set_max_decode_buffer_size_bytes(kMaxBufferSizeBytes); @@ -263,7 +261,7 @@ TEST_P(HpackDecoder3Test, HeaderTooLongToBuffer) { hbb.AppendLiteralNameAndValue(HpackEntryType::kNeverIndexedLiteralHeader, false, name, false, value); const size_t fragment_size = hbb.size() - 1; - const string fragment = hbb.buffer().substr(0, fragment_size); + const SpdyString fragment = hbb.buffer().substr(0, fragment_size); HandleControlFrameHeadersStart(); EXPECT_FALSE(HandleControlFrameHeadersData(fragment)); @@ -275,7 +273,7 @@ TEST_P(HpackDecoder3Test, DecodeWithIncompleteData) { // No need to wait for more data. EXPECT_TRUE(HandleControlFrameHeadersData("\x82\x85\x82")); - std::vector<std::pair<string, string>> expected_headers = { + std::vector<std::pair<SpdyString, SpdyString>> expected_headers = { {":method", "GET"}, {":path", "/index.html"}, {":method", "GET"}}; SpdyHeaderBlock expected_block1 = MakeHeaderBlock(expected_headers); @@ -316,7 +314,7 @@ TEST_P(HpackDecoder3Test, HandleHeaderRepresentation) { // Already-delimited headers are passed through. decoder_peer_.HandleHeaderRepresentation("passed-through", - string("foo\0baz", 7)); + SpdyString("foo\0baz", 7)); // Other headers are joined on \0. Case matters. decoder_peer_.HandleHeaderRepresentation("joined", "not joined"); @@ -339,13 +337,14 @@ TEST_P(HpackDecoder3Test, HandleHeaderRepresentation) { decoder_.HandleControlFrameHeadersComplete(nullptr); // Resulting decoded headers are in the same order as the inputs. - EXPECT_THAT(decoded_block(), - ElementsAre(Pair("cookie", " part 1; part 2 ; part3; fin!"), - Pair("passed-through", StringPiece("foo\0baz", 7)), - Pair("joined", "not joined"), - Pair("joineD", StringPiece("value 1\0value 2", 15)), - Pair("empty", ""), - Pair("empty-joined", StringPiece("\0foo\0\0", 6)))); + EXPECT_THAT( + decoded_block(), + ElementsAre(Pair("cookie", " part 1; part 2 ; part3; fin!"), + Pair("passed-through", SpdyStringPiece("foo\0baz", 7)), + Pair("joined", "not joined"), + Pair("joineD", SpdyStringPiece("value 1\0value 2", 15)), + Pair("empty", ""), + Pair("empty-joined", SpdyStringPiece("\0foo\0\0", 6)))); } // Decoding indexed static table field should work. @@ -402,7 +401,7 @@ TEST_P(HpackDecoder3Test, InvalidIndexedHeader) { TEST_P(HpackDecoder3Test, ContextUpdateMaximumSize) { EXPECT_EQ(kDefaultHeaderTableSizeSetting, decoder_peer_.header_table_size_limit()); - string input; + SpdyString input; { // Maximum-size update with size 126. Succeeds. HpackOutputStream output_stream; @@ -410,7 +409,7 @@ TEST_P(HpackDecoder3Test, ContextUpdateMaximumSize) { output_stream.AppendUint32(126); output_stream.TakeString(&input); - EXPECT_TRUE(DecodeHeaderBlock(StringPiece(input))); + EXPECT_TRUE(DecodeHeaderBlock(SpdyStringPiece(input))); EXPECT_EQ(126u, decoder_peer_.header_table_size_limit()); } { @@ -420,7 +419,7 @@ TEST_P(HpackDecoder3Test, ContextUpdateMaximumSize) { output_stream.AppendUint32(kDefaultHeaderTableSizeSetting); output_stream.TakeString(&input); - EXPECT_TRUE(DecodeHeaderBlock(StringPiece(input))); + EXPECT_TRUE(DecodeHeaderBlock(SpdyStringPiece(input))); EXPECT_EQ(kDefaultHeaderTableSizeSetting, decoder_peer_.header_table_size_limit()); } @@ -431,7 +430,7 @@ TEST_P(HpackDecoder3Test, ContextUpdateMaximumSize) { output_stream.AppendUint32(kDefaultHeaderTableSizeSetting + 1); output_stream.TakeString(&input); - EXPECT_FALSE(DecodeHeaderBlock(StringPiece(input))); + EXPECT_FALSE(DecodeHeaderBlock(SpdyStringPiece(input))); EXPECT_EQ(kDefaultHeaderTableSizeSetting, decoder_peer_.header_table_size_limit()); } @@ -439,7 +438,7 @@ TEST_P(HpackDecoder3Test, ContextUpdateMaximumSize) { // Two HeaderTableSizeUpdates may appear at the beginning of the block TEST_P(HpackDecoder3Test, TwoTableSizeUpdates) { - string input; + SpdyString input; { // Should accept two table size updates, update to second one HpackOutputStream output_stream; @@ -449,14 +448,14 @@ TEST_P(HpackDecoder3Test, TwoTableSizeUpdates) { output_stream.AppendUint32(122); output_stream.TakeString(&input); - EXPECT_TRUE(DecodeHeaderBlock(StringPiece(input))); + EXPECT_TRUE(DecodeHeaderBlock(SpdyStringPiece(input))); EXPECT_EQ(122u, decoder_peer_.header_table_size_limit()); } } // Three HeaderTableSizeUpdates should result in an error TEST_P(HpackDecoder3Test, ThreeTableSizeUpdatesError) { - string input; + SpdyString input; { // Should reject three table size updates, update to second one HpackOutputStream output_stream; @@ -469,7 +468,7 @@ TEST_P(HpackDecoder3Test, ThreeTableSizeUpdatesError) { output_stream.TakeString(&input); - EXPECT_FALSE(DecodeHeaderBlock(StringPiece(input))); + EXPECT_FALSE(DecodeHeaderBlock(SpdyStringPiece(input))); EXPECT_EQ(10u, decoder_peer_.header_table_size_limit()); } } @@ -477,7 +476,7 @@ TEST_P(HpackDecoder3Test, ThreeTableSizeUpdatesError) { // HeaderTableSizeUpdates may only appear at the beginning of the block // Any other updates should result in an error TEST_P(HpackDecoder3Test, TableSizeUpdateSecondError) { - string input; + SpdyString input; { // Should reject a table size update appearing after a different entry // The table size should remain as the default @@ -488,7 +487,7 @@ TEST_P(HpackDecoder3Test, TableSizeUpdateSecondError) { output_stream.TakeString(&input); - EXPECT_FALSE(DecodeHeaderBlock(StringPiece(input))); + EXPECT_FALSE(DecodeHeaderBlock(SpdyStringPiece(input))); EXPECT_EQ(kDefaultHeaderTableSizeSetting, decoder_peer_.header_table_size_limit()); } @@ -497,7 +496,7 @@ TEST_P(HpackDecoder3Test, TableSizeUpdateSecondError) { // HeaderTableSizeUpdates may only appear at the beginning of the block // Any other updates should result in an error TEST_P(HpackDecoder3Test, TableSizeUpdateFirstThirdError) { - string input; + SpdyString input; { // Should reject the second table size update // if a different entry appears after the first update @@ -511,7 +510,7 @@ TEST_P(HpackDecoder3Test, TableSizeUpdateFirstThirdError) { output_stream.TakeString(&input); - EXPECT_FALSE(DecodeHeaderBlock(StringPiece(input))); + EXPECT_FALSE(DecodeHeaderBlock(SpdyStringPiece(input))); EXPECT_EQ(60u, decoder_peer_.header_table_size_limit()); } } @@ -523,7 +522,7 @@ TEST_P(HpackDecoder3Test, LiteralHeaderNoIndexing) { // name. const char input[] = "\x04\x0c/sample/path\x00\x06:path2\x0e/sample/path/2"; const SpdyHeaderBlock& header_set = - DecodeBlockExpectingSuccess(StringPiece(input, arraysize(input) - 1)); + DecodeBlockExpectingSuccess(SpdyStringPiece(input, arraysize(input) - 1)); SpdyHeaderBlock expected_header_set; expected_header_set[":path"] = "/sample/path"; @@ -536,7 +535,7 @@ TEST_P(HpackDecoder3Test, LiteralHeaderNoIndexing) { TEST_P(HpackDecoder3Test, LiteralHeaderIncrementalIndexing) { const char input[] = "\x44\x0c/sample/path\x40\x06:path2\x0e/sample/path/2"; const SpdyHeaderBlock& header_set = - DecodeBlockExpectingSuccess(StringPiece(input, arraysize(input) - 1)); + DecodeBlockExpectingSuccess(SpdyStringPiece(input, arraysize(input) - 1)); SpdyHeaderBlock expected_header_set; expected_header_set[":path"] = "/sample/path"; @@ -549,29 +548,29 @@ TEST_P(HpackDecoder3Test, LiteralHeaderWithIndexingInvalidNameIndex) { EXPECT_TRUE(EncodeAndDecodeDynamicTableSizeUpdates(0, 0)); // Name is the last static index. Works. - EXPECT_TRUE(DecodeHeaderBlock(StringPiece("\x7d\x03ooo"))); + EXPECT_TRUE(DecodeHeaderBlock(SpdyStringPiece("\x7d\x03ooo"))); // Name is one beyond the last static index. Fails. - EXPECT_FALSE(DecodeHeaderBlock(StringPiece("\x7e\x03ooo"))); + EXPECT_FALSE(DecodeHeaderBlock(SpdyStringPiece("\x7e\x03ooo"))); } TEST_P(HpackDecoder3Test, LiteralHeaderNoIndexingInvalidNameIndex) { // Name is the last static index. Works. - EXPECT_TRUE(DecodeHeaderBlock(StringPiece("\x0f\x2e\x03ooo"))); + EXPECT_TRUE(DecodeHeaderBlock(SpdyStringPiece("\x0f\x2e\x03ooo"))); // Name is one beyond the last static index. Fails. - EXPECT_FALSE(DecodeHeaderBlock(StringPiece("\x0f\x2f\x03ooo"))); + EXPECT_FALSE(DecodeHeaderBlock(SpdyStringPiece("\x0f\x2f\x03ooo"))); } TEST_P(HpackDecoder3Test, LiteralHeaderNeverIndexedInvalidNameIndex) { // Name is the last static index. Works. - EXPECT_TRUE(DecodeHeaderBlock(StringPiece("\x1f\x2e\x03ooo"))); + EXPECT_TRUE(DecodeHeaderBlock(SpdyStringPiece("\x1f\x2e\x03ooo"))); // Name is one beyond the last static index. Fails. - EXPECT_FALSE(DecodeHeaderBlock(StringPiece("\x1f\x2f\x03ooo"))); + EXPECT_FALSE(DecodeHeaderBlock(SpdyStringPiece("\x1f\x2f\x03ooo"))); } TEST_P(HpackDecoder3Test, TruncatedIndex) { // Indexed Header, varint for index requires multiple bytes, // but only one provided. - EXPECT_FALSE(DecodeHeaderBlock(StringPiece("\xff", 1))); + EXPECT_FALSE(DecodeHeaderBlock(SpdyStringPiece("\xff", 1))); } TEST_P(HpackDecoder3Test, TruncatedHuffmanLiteral) { @@ -588,7 +587,7 @@ TEST_P(HpackDecoder3Test, TruncatedHuffmanLiteral) { // | www.example.com // | -> :authority: www.example.com - string first = a2b_hex("418cf1e3c2e5f23a6ba0ab90f4ff"); + SpdyString first = a2b_hex("418cf1e3c2e5f23a6ba0ab90f4ff"); EXPECT_TRUE(DecodeHeaderBlock(first)); first = a2b_hex("418cf1e3c2e5f23a6ba0ab90f4"); EXPECT_FALSE(DecodeHeaderBlock(first)); @@ -608,7 +607,7 @@ TEST_P(HpackDecoder3Test, HuffmanEOSError) { // | www.example.com // | -> :authority: www.example.com - string first = a2b_hex("418cf1e3c2e5f23a6ba0ab90f4ff"); + SpdyString first = a2b_hex("418cf1e3c2e5f23a6ba0ab90f4ff"); EXPECT_TRUE(DecodeHeaderBlock(first)); first = a2b_hex("418df1e3c2e5f23a6ba0ab90f4ffff"); EXPECT_FALSE(DecodeHeaderBlock(first)); @@ -625,7 +624,7 @@ TEST_P(HpackDecoder3Test, BasicC31) { expected_header_set[":path"] = "/"; expected_header_set[":authority"] = "www.example.com"; - string encoded_header_set; + SpdyString encoded_header_set; EXPECT_TRUE( encoder.EncodeHeaderSet(expected_header_set, &encoded_header_set)); @@ -656,7 +655,7 @@ TEST_P(HpackDecoder3Test, SectionC4RequestHuffmanExamples) { // | Decoded: // | www.example.com // | -> :authority: www.example.com - string first = a2b_hex("828684418cf1e3c2e5f23a6ba0ab90f4ff"); + SpdyString first = a2b_hex("828684418cf1e3c2e5f23a6ba0ab90f4ff"); const SpdyHeaderBlock& first_header_set = DecodeBlockExpectingSuccess(first); EXPECT_THAT(first_header_set, @@ -693,7 +692,7 @@ TEST_P(HpackDecoder3Test, SectionC4RequestHuffmanExamples) { // | no-cache // | -> cache-control: no-cache - string second = a2b_hex("828684be5886a8eb10649cbf"); + SpdyString second = a2b_hex("828684be5886a8eb10649cbf"); const SpdyHeaderBlock& second_header_set = DecodeBlockExpectingSuccess(second); @@ -735,7 +734,8 @@ TEST_P(HpackDecoder3Test, SectionC4RequestHuffmanExamples) { // | Decoded: // | custom-value // | -> custom-key: custom-value - string third = a2b_hex("828785bf408825a849e95ba97d7f8925a849e95bb8e8b4bf"); + SpdyString third = + a2b_hex("828785bf408825a849e95ba97d7f8925a849e95bb8e8b4bf"); const SpdyHeaderBlock& third_header_set = DecodeBlockExpectingSuccess(third); EXPECT_THAT( @@ -804,7 +804,7 @@ TEST_P(HpackDecoder3Test, SectionC6ResponseHuffmanExamples) { // | -> location: https://www.e // | xample.com - string first = a2b_hex( + SpdyString first = a2b_hex( "488264025885aec3771a4b6196d07abe" "941054d444a8200595040b8166e082a6" "2d1bff6e919d29ad171863c78f0b97c8" @@ -847,7 +847,7 @@ TEST_P(HpackDecoder3Test, SectionC6ResponseHuffmanExamples) { // | idx = 63 // | -> location: // | https://www.example.com - string second = a2b_hex("4883640effc1c0bf"); + SpdyString second = a2b_hex("4883640effc1c0bf"); const SpdyHeaderBlock& second_header_set = DecodeBlockExpectingSuccess(second); @@ -919,7 +919,7 @@ TEST_P(HpackDecoder3Test, SectionC6ResponseHuffmanExamples) { // | -> set-cookie: foo=ASDJKHQ // | KBZXOQWEOPIUAXQWEOIU; // | max-age=3600; version=1 - string third = a2b_hex( + SpdyString third = a2b_hex( "88c16196d07abe941054d444a8200595" "040b8166e084a62d1bffc05a839bd9ab" "77ad94e7821dd7f2e6c7b335dfdfcd5b" @@ -960,10 +960,10 @@ TEST_P(HpackDecoder3Test, ReuseNameOfEvictedEntry) { hbb.AppendDynamicTableSizeUpdate(0); hbb.AppendDynamicTableSizeUpdate(63); - const StringPiece name("some-name"); - const StringPiece value1("some-value"); - const StringPiece value2("another-value"); - const StringPiece value3("yet-another-value"); + const SpdyStringPiece name("some-name"); + const SpdyStringPiece value1("some-value"); + const SpdyStringPiece value2("another-value"); + const SpdyStringPiece value3("yet-another-value"); // Add an entry that will become the first in the dynamic table, entry 62. hbb.AppendLiteralNameAndValue(HpackEntryType::kIndexedLiteralHeader, false, @@ -1000,7 +1000,7 @@ TEST_P(HpackDecoder3Test, ReuseNameOfEvictedEntry) { // SpdyHeaderBlock stores these 6 strings as '\0' separated values. // Make sure that is what happened. - string joined_values = expected_header_set[name].as_string(); + SpdyString joined_values = expected_header_set[name].as_string(); EXPECT_EQ(joined_values.size(), 2 * value1.size() + 2 * value2.size() + 2 * value3.size() + 5); diff --git a/chromium/net/spdy/hpack/hpack_decoder_test.cc b/chromium/net/spdy/hpack/hpack_decoder_test.cc index 5a26633a762..70eb50c776d 100644 --- a/chromium/net/spdy/hpack/hpack_decoder_test.cc +++ b/chromium/net/spdy/hpack/hpack_decoder_test.cc @@ -5,10 +5,8 @@ #include "net/spdy/hpack/hpack_decoder.h" #include <map> -#include <string> #include "base/logging.h" -#include "base/strings/string_piece.h" #include "net/spdy/hpack/hpack_encoder.h" #include "net/spdy/hpack/hpack_input_stream.h" #include "net/spdy/hpack/hpack_output_stream.h" @@ -21,28 +19,25 @@ namespace net { namespace test { -using base::StringPiece; -using std::string; - class HpackDecoderPeer { public: explicit HpackDecoderPeer(HpackDecoder* decoder) : decoder_(decoder) {} - void HandleHeaderRepresentation(StringPiece name, StringPiece value) { + void HandleHeaderRepresentation(SpdyStringPiece name, SpdyStringPiece value) { decoder_->HandleHeaderRepresentation(name, value); } - bool DecodeNextName(HpackInputStream* in, StringPiece* out) { + bool DecodeNextName(HpackInputStream* in, SpdyStringPiece* out) { return decoder_->DecodeNextName(in, out); } HpackHeaderTable* header_table() { return &decoder_->header_table_; } bool DecodeNextStringLiteral(HpackInputStream* in, bool is_header_key, - StringPiece* str) { + SpdyStringPiece* str) { return decoder_->DecodeNextStringLiteral(in, is_header_key, str); } - const string& headers_block_buffer() const { + const SpdyString& headers_block_buffer() const { return decoder_->headers_block_buffer_; } @@ -52,8 +47,6 @@ class HpackDecoderPeer { namespace { -using base::StringPiece; -using std::string; using test::a2b_hex; using testing::ElementsAre; @@ -65,7 +58,7 @@ class HpackDecoderTest : public ::testing::TestWithParam<bool> { void SetUp() override { handler_exists_ = GetParam(); } - bool DecodeHeaderBlock(StringPiece str) { + bool DecodeHeaderBlock(SpdyStringPiece str) { if (handler_exists_) { decoder_.HandleControlFrameHeadersStart(&handler_); } @@ -73,7 +66,7 @@ class HpackDecoderTest : public ::testing::TestWithParam<bool> { decoder_.HandleControlFrameHeadersComplete(nullptr); } - bool HandleControlFrameHeadersData(StringPiece str) { + bool HandleControlFrameHeadersData(SpdyStringPiece str) { return decoder_.HandleControlFrameHeadersData(str.data(), str.size()); } @@ -89,15 +82,15 @@ class HpackDecoderTest : public ::testing::TestWithParam<bool> { } } - const SpdyHeaderBlock& DecodeBlockExpectingSuccess(StringPiece str) { + const SpdyHeaderBlock& DecodeBlockExpectingSuccess(SpdyStringPiece str) { EXPECT_TRUE(DecodeHeaderBlock(str)); return decoded_block(); } void expectEntry(size_t index, size_t size, - const string& name, - const string& value) { + const SpdyString& name, + const SpdyString& value) { const HpackEntry* entry = decoder_peer_.header_table()->GetByIndex(index); EXPECT_EQ(name, entry->name()) << "index " << index; EXPECT_EQ(value, entry->value()); @@ -123,26 +116,26 @@ TEST_P(HpackDecoderTest, AddHeaderDataWithHandleControlFrameHeadersData) { decoder_.set_max_decode_buffer_size_bytes(kMaxBufferSizeBytes); // Strings under threshold are concatenated in the buffer. - string first_input; + SpdyString first_input; first_input.push_back(0x00); // Literal name and value, unindexed first_input.push_back(0x7f); // Name length = 127 ASSERT_EQ(2u, first_input.size()); EXPECT_TRUE(decoder_.HandleControlFrameHeadersData(first_input.data(), first_input.size())); // Further 38 bytes to make 40 total buffered bytes. - string second_input = string(38, 'x'); + SpdyString second_input = SpdyString(38, 'x'); EXPECT_TRUE(decoder_.HandleControlFrameHeadersData(second_input.data(), second_input.size())); // A string which would push the buffer over the threshold is refused. const int kThirdInputSize = kMaxBufferSizeBytes - (first_input.size() + second_input.size()) + 1; - string third_input = string(kThirdInputSize, 'y'); + SpdyString third_input = SpdyString(kThirdInputSize, 'y'); ASSERT_GT(first_input.size() + second_input.size() + third_input.size(), kMaxBufferSizeBytes); EXPECT_FALSE(decoder_.HandleControlFrameHeadersData(third_input.data(), third_input.size())); - string expected(first_input); + SpdyString expected(first_input); expected.append(second_input); EXPECT_EQ(expected, decoder_peer_.headers_block_buffer()); } @@ -180,7 +173,7 @@ TEST_P(HpackDecoderTest, HandleHeaderRepresentation) { // Already-delimited headers are passed through. decoder_peer_.HandleHeaderRepresentation("passed-through", - string("foo\0baz", 7)); + SpdyString("foo\0baz", 7)); // Other headers are joined on \0. Case matters. decoder_peer_.HandleHeaderRepresentation("joined", "not joined"); @@ -203,20 +196,21 @@ TEST_P(HpackDecoderTest, HandleHeaderRepresentation) { decoder_.HandleControlFrameHeadersComplete(nullptr); // Resulting decoded headers are in the same order as input. - EXPECT_THAT(decoded_block(), - ElementsAre(Pair("cookie", " part 1; part 2 ; part3; fin!"), - Pair("passed-through", StringPiece("foo\0baz", 7)), - Pair("joined", "not joined"), - Pair("joineD", StringPiece("value 1\0value 2", 15)), - Pair("empty", ""), - Pair("empty-joined", StringPiece("\0foo\0\0", 6)))); + EXPECT_THAT( + decoded_block(), + ElementsAre(Pair("cookie", " part 1; part 2 ; part3; fin!"), + Pair("passed-through", SpdyStringPiece("foo\0baz", 7)), + Pair("joined", "not joined"), + Pair("joineD", SpdyStringPiece("value 1\0value 2", 15)), + Pair("empty", ""), + Pair("empty-joined", SpdyStringPiece("\0foo\0\0", 6)))); } // Decoding an encoded name with a valid string literal should work. TEST_P(HpackDecoderTest, DecodeNextNameLiteral) { - HpackInputStream input_stream(StringPiece("\x00\x04name", 6)); + HpackInputStream input_stream(SpdyStringPiece("\x00\x04name", 6)); - StringPiece string_piece; + SpdyStringPiece string_piece; EXPECT_TRUE(decoder_peer_.DecodeNextName(&input_stream, &string_piece)); EXPECT_EQ("name", string_piece); EXPECT_FALSE(input_stream.HasMoreData()); @@ -227,9 +221,9 @@ TEST_P(HpackDecoderTest, DecodeNextNameLiteral) { // Decoding an encoded name with an incomplete string literal. TEST_P(HpackDecoderTest, DecodeNextNameLiteralWithIncompleteHeader) { - HpackInputStream input_stream(StringPiece("\x00\x04name\x00\x02g", 9)); + HpackInputStream input_stream(SpdyStringPiece("\x00\x04name\x00\x02g", 9)); - StringPiece string_piece; + SpdyStringPiece string_piece; EXPECT_TRUE(decoder_peer_.DecodeNextName(&input_stream, &string_piece)); EXPECT_FALSE(input_stream.NeedMoreData()); input_stream.MarkCurrentPosition(); @@ -242,10 +236,10 @@ TEST_P(HpackDecoderTest, DecodeNextNameLiteralWithIncompleteHeader) { } TEST_P(HpackDecoderTest, DecodeNextNameLiteralWithHuffmanEncoding) { - string input = a2b_hex("008825a849e95ba97d7f"); + SpdyString input = a2b_hex("008825a849e95ba97d7f"); HpackInputStream input_stream(input); - StringPiece string_piece; + SpdyStringPiece string_piece; EXPECT_TRUE(decoder_peer_.DecodeNextName(&input_stream, &string_piece)); EXPECT_EQ("custom-key", string_piece); EXPECT_FALSE(input_stream.HasMoreData()); @@ -259,11 +253,11 @@ TEST_P(HpackDecoderTest, DecodeNextNameLiteralWithIncompleteHuffmanEncoding) { // CHECK(huffman_table_.Initialize(kHpackHuffmanCode, // arraysize(kHpackHuffmanCode))); // Put two copies of the same huffman encoding into input. - string input = a2b_hex("008825a849e95ba97d7f008825a849e95ba97d7f"); + SpdyString input = a2b_hex("008825a849e95ba97d7f008825a849e95ba97d7f"); input.resize(input.size() - 1); // Remove the last byte. HpackInputStream input_stream(input); - StringPiece string_piece; + SpdyStringPiece string_piece; EXPECT_TRUE(decoder_peer_.DecodeNextName(&input_stream, &string_piece)); EXPECT_FALSE(input_stream.NeedMoreData()); input_stream.MarkCurrentPosition(); @@ -279,7 +273,7 @@ TEST_P(HpackDecoderTest, DecodeNextNameLiteralWithIncompleteHuffmanEncoding) { TEST_P(HpackDecoderTest, DecodeNextNameIndexed) { HpackInputStream input_stream("\x01"); - StringPiece string_piece; + SpdyStringPiece string_piece; EXPECT_TRUE(decoder_peer_.DecodeNextName(&input_stream, &string_piece)); EXPECT_EQ(":authority", string_piece); EXPECT_FALSE(input_stream.HasMoreData()); @@ -293,7 +287,7 @@ TEST_P(HpackDecoderTest, DecodeNextNameInvalidIndex) { // One more than the number of static table entries. HpackInputStream input_stream("\x3e"); - StringPiece string_piece; + SpdyStringPiece string_piece; EXPECT_FALSE(decoder_peer_.DecodeNextName(&input_stream, &string_piece)); EXPECT_FALSE(input_stream.NeedMoreData()); input_stream.MarkCurrentPosition(); @@ -348,13 +342,13 @@ TEST_P(HpackDecoderTest, IndexedHeaderDynamic) { // Test a too-large indexed header. TEST_P(HpackDecoderTest, InvalidIndexedHeader) { // High-bit set, and a prefix of one more than the number of static entries. - EXPECT_FALSE(DecodeHeaderBlock(StringPiece("\xbe", 1))); + EXPECT_FALSE(DecodeHeaderBlock(SpdyStringPiece("\xbe", 1))); } TEST_P(HpackDecoderTest, ContextUpdateMaximumSize) { EXPECT_EQ(kDefaultHeaderTableSizeSetting, decoder_peer_.header_table()->max_size()); - string input; + SpdyString input; { // Maximum-size update with size 126. Succeeds. HpackOutputStream output_stream; @@ -362,7 +356,7 @@ TEST_P(HpackDecoderTest, ContextUpdateMaximumSize) { output_stream.AppendUint32(126); output_stream.TakeString(&input); - EXPECT_TRUE(DecodeHeaderBlock(StringPiece(input))); + EXPECT_TRUE(DecodeHeaderBlock(SpdyStringPiece(input))); EXPECT_EQ(126u, decoder_peer_.header_table()->max_size()); } { @@ -372,7 +366,7 @@ TEST_P(HpackDecoderTest, ContextUpdateMaximumSize) { output_stream.AppendUint32(kDefaultHeaderTableSizeSetting); output_stream.TakeString(&input); - EXPECT_TRUE(DecodeHeaderBlock(StringPiece(input))); + EXPECT_TRUE(DecodeHeaderBlock(SpdyStringPiece(input))); EXPECT_EQ(kDefaultHeaderTableSizeSetting, decoder_peer_.header_table()->max_size()); } @@ -383,7 +377,7 @@ TEST_P(HpackDecoderTest, ContextUpdateMaximumSize) { output_stream.AppendUint32(kDefaultHeaderTableSizeSetting + 1); output_stream.TakeString(&input); - EXPECT_FALSE(DecodeHeaderBlock(StringPiece(input))); + EXPECT_FALSE(DecodeHeaderBlock(SpdyStringPiece(input))); EXPECT_EQ(kDefaultHeaderTableSizeSetting, decoder_peer_.header_table()->max_size()); } @@ -391,7 +385,7 @@ TEST_P(HpackDecoderTest, ContextUpdateMaximumSize) { // Two HeaderTableSizeUpdates may appear at the beginning of the block TEST_P(HpackDecoderTest, TwoTableSizeUpdates) { - string input; + SpdyString input; { // Should accept two table size updates, update to second one HpackOutputStream output_stream; @@ -401,14 +395,14 @@ TEST_P(HpackDecoderTest, TwoTableSizeUpdates) { output_stream.AppendUint32(122); output_stream.TakeString(&input); - EXPECT_TRUE(DecodeHeaderBlock(StringPiece(input))); + EXPECT_TRUE(DecodeHeaderBlock(SpdyStringPiece(input))); EXPECT_EQ(122u, decoder_peer_.header_table()->max_size()); } } // Three HeaderTableSizeUpdates should result in an error TEST_P(HpackDecoderTest, ThreeTableSizeUpdatesError) { - string input; + SpdyString input; { // Should reject three table size updates, update to second one HpackOutputStream output_stream; @@ -421,7 +415,7 @@ TEST_P(HpackDecoderTest, ThreeTableSizeUpdatesError) { output_stream.TakeString(&input); - EXPECT_FALSE(DecodeHeaderBlock(StringPiece(input))); + EXPECT_FALSE(DecodeHeaderBlock(SpdyStringPiece(input))); EXPECT_EQ(10u, decoder_peer_.header_table()->max_size()); } } @@ -429,7 +423,7 @@ TEST_P(HpackDecoderTest, ThreeTableSizeUpdatesError) { // HeaderTableSizeUpdates may only appear at the beginning of the block // Any other updates should result in an error TEST_P(HpackDecoderTest, TableSizeUpdateSecondError) { - string input; + SpdyString input; { // Should reject a table size update appearing after a different entry // The table size should remain as the default @@ -440,7 +434,7 @@ TEST_P(HpackDecoderTest, TableSizeUpdateSecondError) { output_stream.TakeString(&input); - EXPECT_FALSE(DecodeHeaderBlock(StringPiece(input))); + EXPECT_FALSE(DecodeHeaderBlock(SpdyStringPiece(input))); EXPECT_EQ(kDefaultHeaderTableSizeSetting, decoder_peer_.header_table()->max_size()); } @@ -449,7 +443,7 @@ TEST_P(HpackDecoderTest, TableSizeUpdateSecondError) { // HeaderTableSizeUpdates may only appear at the beginning of the block // Any other updates should result in an error TEST_P(HpackDecoderTest, TableSizeUpdateFirstThirdError) { - string input; + SpdyString input; { // Should reject the second table size update // if a different entry appears after the first update @@ -463,7 +457,7 @@ TEST_P(HpackDecoderTest, TableSizeUpdateFirstThirdError) { output_stream.TakeString(&input); - EXPECT_FALSE(DecodeHeaderBlock(StringPiece(input))); + EXPECT_FALSE(DecodeHeaderBlock(SpdyStringPiece(input))); EXPECT_EQ(60u, decoder_peer_.header_table()->max_size()); } } @@ -475,7 +469,7 @@ TEST_P(HpackDecoderTest, LiteralHeaderNoIndexing) { // name. const char input[] = "\x04\x0c/sample/path\x00\x06:path2\x0e/sample/path/2"; const SpdyHeaderBlock& header_set = - DecodeBlockExpectingSuccess(StringPiece(input, arraysize(input) - 1)); + DecodeBlockExpectingSuccess(SpdyStringPiece(input, arraysize(input) - 1)); SpdyHeaderBlock expected_header_set; expected_header_set[":path"] = "/sample/path"; @@ -488,7 +482,7 @@ TEST_P(HpackDecoderTest, LiteralHeaderNoIndexing) { TEST_P(HpackDecoderTest, LiteralHeaderIncrementalIndexing) { const char input[] = "\x44\x0c/sample/path\x40\x06:path2\x0e/sample/path/2"; const SpdyHeaderBlock& header_set = - DecodeBlockExpectingSuccess(StringPiece(input, arraysize(input) - 1)); + DecodeBlockExpectingSuccess(SpdyStringPiece(input, arraysize(input) - 1)); SpdyHeaderBlock expected_header_set; expected_header_set[":path"] = "/sample/path"; @@ -500,30 +494,30 @@ TEST_P(HpackDecoderTest, LiteralHeaderWithIndexingInvalidNameIndex) { decoder_.ApplyHeaderTableSizeSetting(0); // Name is the last static index. Works. - EXPECT_TRUE(DecodeHeaderBlock(StringPiece("\x7d\x03ooo"))); + EXPECT_TRUE(DecodeHeaderBlock(SpdyStringPiece("\x7d\x03ooo"))); // Name is one beyond the last static index. Fails. - EXPECT_FALSE(DecodeHeaderBlock(StringPiece("\x7e\x03ooo"))); + EXPECT_FALSE(DecodeHeaderBlock(SpdyStringPiece("\x7e\x03ooo"))); } TEST_P(HpackDecoderTest, LiteralHeaderNoIndexingInvalidNameIndex) { // Name is the last static index. Works. - EXPECT_TRUE(DecodeHeaderBlock(StringPiece("\x0f\x2e\x03ooo"))); + EXPECT_TRUE(DecodeHeaderBlock(SpdyStringPiece("\x0f\x2e\x03ooo"))); // Name is one beyond the last static index. Fails. - EXPECT_FALSE(DecodeHeaderBlock(StringPiece("\x0f\x2f\x03ooo"))); + EXPECT_FALSE(DecodeHeaderBlock(SpdyStringPiece("\x0f\x2f\x03ooo"))); } TEST_P(HpackDecoderTest, LiteralHeaderNeverIndexedInvalidNameIndex) { // Name is the last static index. Works. - EXPECT_TRUE(DecodeHeaderBlock(StringPiece("\x1f\x2e\x03ooo"))); + EXPECT_TRUE(DecodeHeaderBlock(SpdyStringPiece("\x1f\x2e\x03ooo"))); // Name is one beyond the last static index. Fails. - EXPECT_FALSE(DecodeHeaderBlock(StringPiece("\x1f\x2f\x03ooo"))); + EXPECT_FALSE(DecodeHeaderBlock(SpdyStringPiece("\x1f\x2f\x03ooo"))); } // Decode with incomplete string literal. TEST_P(HpackDecoderTest, StringLiteralIncomplete) { const char input[] = "\x0c/sample/path\x06:path2\x0e/sample/path/"; HpackInputStream input_stream(input); - StringPiece str; + SpdyStringPiece str; EXPECT_TRUE( decoder_peer_.DecodeNextStringLiteral(&input_stream, false, &str)); EXPECT_FALSE(input_stream.NeedMoreData()); @@ -554,7 +548,7 @@ TEST_P(HpackDecoderTest, BasicC31) { expected_header_set[":path"] = "/"; expected_header_set[":authority"] = "www.example.com"; - string encoded_header_set; + SpdyString encoded_header_set; EXPECT_TRUE( encoder.EncodeHeaderSet(expected_header_set, &encoded_header_set)); @@ -583,7 +577,7 @@ TEST_P(HpackDecoderTest, SectionC4RequestHuffmanExamples) { // | Decoded: // | www.example.com // | -> :authority: www.example.com - string first = a2b_hex("828684418cf1e3c2e5f23a6ba0ab90f4ff"); + SpdyString first = a2b_hex("828684418cf1e3c2e5f23a6ba0ab90f4ff"); const SpdyHeaderBlock& first_header_set = DecodeBlockExpectingSuccess(first); EXPECT_THAT( @@ -616,7 +610,7 @@ TEST_P(HpackDecoderTest, SectionC4RequestHuffmanExamples) { // | no-cache // | -> cache-control: no-cache - string second = a2b_hex("828684be5886a8eb10649cbf"); + SpdyString second = a2b_hex("828684be5886a8eb10649cbf"); const SpdyHeaderBlock& second_header_set = DecodeBlockExpectingSuccess(second); @@ -654,7 +648,7 @@ TEST_P(HpackDecoderTest, SectionC4RequestHuffmanExamples) { // | Decoded: // | custom-value // | -> custom-key: custom-value - string third = a2b_hex( + SpdyString third = a2b_hex( "828785bf408825a849e95ba97d7f89" "25a849e95bb8e8b4bf"); const SpdyHeaderBlock& third_header_set = DecodeBlockExpectingSuccess(third); @@ -718,7 +712,7 @@ TEST_P(HpackDecoderTest, SectionC6ResponseHuffmanExamples) { // | -> location: https://www.e // | xample.com - string first = a2b_hex( + SpdyString first = a2b_hex( "488264025885aec3771a4b6196d07abe" "941054d444a8200595040b8166e082a6" "2d1bff6e919d29ad171863c78f0b97c8" @@ -758,7 +752,7 @@ TEST_P(HpackDecoderTest, SectionC6ResponseHuffmanExamples) { // | idx = 63 // | -> location: // | https://www.example.com - string second = a2b_hex("4883640effc1c0bf"); + SpdyString second = a2b_hex("4883640effc1c0bf"); const SpdyHeaderBlock& second_header_set = DecodeBlockExpectingSuccess(second); @@ -827,7 +821,7 @@ TEST_P(HpackDecoderTest, SectionC6ResponseHuffmanExamples) { // | -> set-cookie: foo=ASDJKHQ // | KBZXOQWEOPIUAXQWEOIU; // | max-age=3600; version=1 - string third = a2b_hex( + SpdyString third = a2b_hex( "88c16196d07abe941054d444a8200595" "040b8166e084a62d1bffc05a839bd9ab" "77ad94e7821dd7f2e6c7b335dfdfcd5b" diff --git a/chromium/net/spdy/hpack/hpack_encoder.cc b/chromium/net/spdy/hpack/hpack_encoder.cc index de04d74fc15..48129d11819 100644 --- a/chromium/net/spdy/hpack/hpack_encoder.cc +++ b/chromium/net/spdy/hpack/hpack_encoder.cc @@ -17,9 +17,6 @@ namespace net { -using base::StringPiece; -using std::string; - class HpackEncoder::RepresentationIterator { public: // |pseudo_headers| and |regular_headers| must outlive the iterator. @@ -59,10 +56,10 @@ class HpackEncoder::RepresentationIterator { namespace { // The default header listener. -void NoOpListener(StringPiece /*name*/, StringPiece /*value*/) {} +void NoOpListener(SpdyStringPiece /*name*/, SpdyStringPiece /*value*/) {} // The default HPACK indexing policy. -bool DefaultPolicy(StringPiece name, StringPiece /* value */) { +bool DefaultPolicy(SpdyStringPiece name, SpdyStringPiece /* value */) { if (name.empty()) { return false; } @@ -89,13 +86,13 @@ HpackEncoder::HpackEncoder(const HpackHuffmanTable& table) HpackEncoder::~HpackEncoder() {} void HpackEncoder::EncodeHeaderSet(const Representations& representations, - string* output) { + SpdyString* output) { RepresentationIterator iter(representations); EncodeRepresentations(&iter, output); } bool HpackEncoder::EncodeHeaderSet(const SpdyHeaderBlock& header_set, - string* output) { + SpdyString* output) { // Separate header set into pseudo-headers and regular headers. Representations pseudo_headers; Representations regular_headers; @@ -140,7 +137,7 @@ size_t HpackEncoder::EstimateMemoryUsage() const { } void HpackEncoder::EncodeRepresentations(RepresentationIterator* iter, - string* output) { + SpdyString* output) { MaybeEmitTableSize(); while (iter->HasNext()) { const auto header = iter->Next(); @@ -197,7 +194,7 @@ void HpackEncoder::EmitLiteral(const Representation& representation) { EmitString(representation.second); } -void HpackEncoder::EmitString(StringPiece str) { +void HpackEncoder::EmitString(SpdyStringPiece str) { size_t encoded_size = enable_compression_ ? huffman_table_.EncodedSize(str) : str.size(); if (encoded_size < str.size()) { @@ -237,19 +234,19 @@ void HpackEncoder::CookieToCrumbs(const Representation& cookie, // See Section 8.1.2.5. "Compressing the Cookie Header Field" in the HTTP/2 // specification at https://tools.ietf.org/html/draft-ietf-httpbis-http2-14. // Cookie values are split into individually-encoded HPACK representations. - StringPiece cookie_value = cookie.second; + SpdyStringPiece cookie_value = cookie.second; // Consume leading and trailing whitespace if present. - StringPiece::size_type first = cookie_value.find_first_not_of(" \t"); - StringPiece::size_type last = cookie_value.find_last_not_of(" \t"); - if (first == StringPiece::npos) { - cookie_value = StringPiece(); + SpdyStringPiece::size_type first = cookie_value.find_first_not_of(" \t"); + SpdyStringPiece::size_type last = cookie_value.find_last_not_of(" \t"); + if (first == SpdyStringPiece::npos) { + cookie_value = SpdyStringPiece(); } else { cookie_value = cookie_value.substr(first, (last - first) + 1); } for (size_t pos = 0;;) { size_t end = cookie_value.find(";", pos); - if (end == StringPiece::npos) { + if (end == SpdyStringPiece::npos) { out->push_back(std::make_pair(cookie.first, cookie_value.substr(pos))); break; } @@ -269,12 +266,12 @@ void HpackEncoder::DecomposeRepresentation(const Representation& header_field, Representations* out) { size_t pos = 0; size_t end = 0; - while (end != StringPiece::npos) { + while (end != SpdyStringPiece::npos) { end = header_field.second.find('\0', pos); - out->push_back( - std::make_pair(header_field.first, - header_field.second.substr( - pos, end == StringPiece::npos ? end : end - pos))); + out->push_back(std::make_pair( + header_field.first, + header_field.second.substr( + pos, end == SpdyStringPiece::npos ? end : end - pos))); pos = end + 1; } } @@ -299,7 +296,7 @@ class HpackEncoder::Encoderator : public ProgressiveEncoder { // Encodes up to max_encoded_bytes of the current header block into the // given output string. - void Next(size_t max_encoded_bytes, string* output) override; + void Next(size_t max_encoded_bytes, SpdyString* output) override; private: HpackEncoder* encoder_; @@ -336,7 +333,8 @@ HpackEncoder::Encoderator::Encoderator(const SpdyHeaderBlock& header_set, encoder_->MaybeEmitTableSize(); } -void HpackEncoder::Encoderator::Next(size_t max_encoded_bytes, string* output) { +void HpackEncoder::Encoderator::Next(size_t max_encoded_bytes, + SpdyString* output) { SPDY_BUG_IF(!has_next_) << "Encoderator::Next called with nothing left to encode."; const bool use_compression = encoder_->enable_compression_; diff --git a/chromium/net/spdy/hpack/hpack_encoder.h b/chromium/net/spdy/hpack/hpack_encoder.h index 0d5f2d506ba..f9f93208d33 100644 --- a/chromium/net/spdy/hpack/hpack_encoder.h +++ b/chromium/net/spdy/hpack/hpack_encoder.h @@ -10,15 +10,15 @@ #include <functional> #include <map> #include <memory> -#include <string> #include <utility> #include <vector> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/base/net_export.h" #include "net/spdy/hpack/hpack_header_table.h" #include "net/spdy/hpack/hpack_output_stream.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/spdy_protocol.h" // An HpackEncoder encodes header sets as outlined in @@ -34,18 +34,16 @@ class HpackEncoderPeer; class NET_EXPORT_PRIVATE HpackEncoder { public: - using Representation = std::pair<base::StringPiece, base::StringPiece>; + using Representation = std::pair<SpdyStringPiece, SpdyStringPiece>; using Representations = std::vector<Representation>; // Callers may provide a HeaderListener to be informed of header name-value // pairs processed by this encoder. - typedef std::function<void(base::StringPiece, base::StringPiece)> - HeaderListener; + typedef std::function<void(SpdyStringPiece, SpdyStringPiece)> HeaderListener; // An indexing policy should return true if the provided header name-value // pair should be inserted into the HPACK dynamic table. - using IndexingPolicy = - std::function<bool(base::StringPiece, base::StringPiece)>; + using IndexingPolicy = std::function<bool(SpdyStringPiece, SpdyStringPiece)>; // |table| is an initialized HPACK Huffman table, having an // externally-managed lifetime which spans beyond HpackEncoder. @@ -54,11 +52,11 @@ class NET_EXPORT_PRIVATE HpackEncoder { // Encodes a sequence of Representations into the given string. void EncodeHeaderSet(const Representations& representations, - std::string* output); + SpdyString* output); // Encodes the given header set into the given string. Returns // whether or not the encoding was successful. - bool EncodeHeaderSet(const SpdyHeaderBlock& header_set, std::string* output); + bool EncodeHeaderSet(const SpdyHeaderBlock& header_set, SpdyString* output); class NET_EXPORT_PRIVATE ProgressiveEncoder { public: @@ -69,7 +67,7 @@ class NET_EXPORT_PRIVATE HpackEncoder { // Encodes up to max_encoded_bytes of the current header block into the // given output string. - virtual void Next(size_t max_encoded_bytes, std::string* output) = 0; + virtual void Next(size_t max_encoded_bytes, SpdyString* output) = 0; }; // Returns a ProgressiveEncoder which must be outlived by both the given @@ -111,7 +109,7 @@ class NET_EXPORT_PRIVATE HpackEncoder { class Encoderator; // Encodes a sequence of header name-value pairs as a single header block. - void EncodeRepresentations(RepresentationIterator* iter, std::string* output); + void EncodeRepresentations(RepresentationIterator* iter, SpdyString* output); // Emits a static/dynamic indexed representation (Section 7.1). void EmitIndex(const HpackEntry* entry); @@ -122,7 +120,7 @@ class NET_EXPORT_PRIVATE HpackEncoder { void EmitLiteral(const Representation& representation); // Emits a Huffman or identity string (whichever is smaller). - void EmitString(base::StringPiece str); + void EmitString(SpdyStringPiece str); // Emits the current dynamic table size if the table size was recently // updated and we have not yet emitted it (Section 6.3). diff --git a/chromium/net/spdy/hpack/hpack_encoder_test.cc b/chromium/net/spdy/hpack/hpack_encoder_test.cc index 7d008ba6309..7623f0a4b9b 100644 --- a/chromium/net/spdy/hpack/hpack_encoder_test.cc +++ b/chromium/net/spdy/hpack/hpack_encoder_test.cc @@ -5,7 +5,6 @@ #include "net/spdy/hpack/hpack_encoder.h" #include <map> -#include <string> #include "base/rand_util.h" #include "net/base/arena.h" @@ -15,8 +14,6 @@ namespace net { -using base::StringPiece; -using std::string; using testing::ElementsAre; namespace test { @@ -46,10 +43,10 @@ class HpackEncoderPeer { const HpackHuffmanTable& huffman_table() const { return encoder_->huffman_table_; } - void EmitString(StringPiece str) { encoder_->EmitString(str); } - void TakeString(string* out) { encoder_->output_stream_.TakeString(out); } - static void CookieToCrumbs(StringPiece cookie, - std::vector<StringPiece>* out) { + void EmitString(SpdyStringPiece str) { encoder_->EmitString(str); } + void TakeString(SpdyString* out) { encoder_->output_stream_.TakeString(out); } + static void CookieToCrumbs(SpdyStringPiece cookie, + std::vector<SpdyStringPiece>* out) { Representations tmp; HpackEncoder::CookieToCrumbs(std::make_pair("", cookie), &tmp); @@ -58,8 +55,8 @@ class HpackEncoderPeer { out->push_back(tmp[i].second); } } - static void DecomposeRepresentation(StringPiece value, - std::vector<StringPiece>* out) { + static void DecomposeRepresentation(SpdyStringPiece value, + std::vector<SpdyStringPiece>* out) { Representations tmp; HpackEncoder::DecomposeRepresentation(std::make_pair("foobar", value), &tmp); @@ -74,7 +71,7 @@ class HpackEncoderPeer { // non-incremental encoding path. static bool EncodeHeaderSet(HpackEncoder* encoder, const SpdyHeaderBlock& header_set, - string* output, + SpdyString* output, bool use_incremental) { if (use_incremental) { return EncodeIncremental(encoder, header_set, output); @@ -85,13 +82,13 @@ class HpackEncoderPeer { static bool EncodeIncremental(HpackEncoder* encoder, const SpdyHeaderBlock& header_set, - string* output) { + SpdyString* output) { std::unique_ptr<HpackEncoder::ProgressiveEncoder> encoderator = encoder->EncodeHeaderSet(header_set); - string output_buffer; + SpdyString output_buffer; encoderator->Next(base::RandInt(0, 15), &output_buffer); while (encoderator->HasNext()) { - string second_buffer; + SpdyString second_buffer; encoderator->Next(base::RandInt(0, 15), &second_buffer); output_buffer.append(second_buffer); } @@ -135,36 +132,37 @@ class HpackEncoderTest : public ::testing::TestWithParam<bool> { peer_.table()->SetMaxSize(peer_.table()->size()); } - void SaveHeaders(StringPiece name, StringPiece value) { - StringPiece n(headers_storage_.Memdup(name.data(), name.size()), - name.size()); - StringPiece v(headers_storage_.Memdup(value.data(), value.size()), - value.size()); - headers_observed_.push_back(make_pair(n, v)); + void SaveHeaders(SpdyStringPiece name, SpdyStringPiece value) { + SpdyStringPiece n(headers_storage_.Memdup(name.data(), name.size()), + name.size()); + SpdyStringPiece v(headers_storage_.Memdup(value.data(), value.size()), + value.size()); + headers_observed_.push_back(std::make_pair(n, v)); } void ExpectIndex(size_t index) { expected_.AppendPrefix(kIndexedOpcode); expected_.AppendUint32(index); } - void ExpectIndexedLiteral(const HpackEntry* key_entry, StringPiece value) { + void ExpectIndexedLiteral(const HpackEntry* key_entry, + SpdyStringPiece value) { expected_.AppendPrefix(kLiteralIncrementalIndexOpcode); expected_.AppendUint32(IndexOf(key_entry)); ExpectString(&expected_, value); } - void ExpectIndexedLiteral(StringPiece name, StringPiece value) { + void ExpectIndexedLiteral(SpdyStringPiece name, SpdyStringPiece value) { expected_.AppendPrefix(kLiteralIncrementalIndexOpcode); expected_.AppendUint32(0); ExpectString(&expected_, name); ExpectString(&expected_, value); } - void ExpectNonIndexedLiteral(StringPiece name, StringPiece value) { + void ExpectNonIndexedLiteral(SpdyStringPiece name, SpdyStringPiece value) { expected_.AppendPrefix(kLiteralNoIndexOpcode); expected_.AppendUint32(0); ExpectString(&expected_, name); ExpectString(&expected_, value); } - void ExpectString(HpackOutputStream* stream, StringPiece str) { + void ExpectString(HpackOutputStream* stream, SpdyStringPiece str) { const HpackHuffmanTable& huffman_table = peer_.huffman_table(); size_t encoded_size = peer_.compression_enabled() ? huffman_table.EncodedSize(str) @@ -184,7 +182,7 @@ class HpackEncoderTest : public ::testing::TestWithParam<bool> { expected_.AppendUint32(size); } void CompareWithExpectedEncoding(const SpdyHeaderBlock& header_set) { - string expected_out, actual_out; + SpdyString expected_out, actual_out; expected_.TakeString(&expected_out); EXPECT_TRUE(test::HpackEncoderPeer::EncodeHeaderSet( &encoder_, header_set, &actual_out, use_incremental_)); @@ -204,7 +202,7 @@ class HpackEncoderTest : public ::testing::TestWithParam<bool> { const HpackEntry* cookie_c_; UnsafeArena headers_storage_; - std::vector<std::pair<StringPiece, StringPiece>> headers_observed_; + std::vector<std::pair<SpdyStringPiece, SpdyStringPiece>> headers_observed_; HpackOutputStream expected_; bool use_incremental_; @@ -213,9 +211,10 @@ class HpackEncoderTest : public ::testing::TestWithParam<bool> { INSTANTIATE_TEST_CASE_P(HpackEncoderTests, HpackEncoderTest, ::testing::Bool()); TEST_P(HpackEncoderTest, SingleDynamicIndex) { - encoder_.SetHeaderListener([this](StringPiece name, StringPiece value) { - this->SaveHeaders(name, value); - }); + encoder_.SetHeaderListener( + [this](SpdyStringPiece name, SpdyStringPiece value) { + this->SaveHeaders(name, value); + }); ExpectIndex(IndexOf(key_2_)); @@ -319,16 +318,17 @@ TEST_P(HpackEncoderTest, StringsDynamicallySelectHuffmanCoding) { expected_.AppendUint32(6); expected_.AppendBytes("@@@@@@"); - string expected_out, actual_out; + SpdyString expected_out, actual_out; expected_.TakeString(&expected_out); peer_.TakeString(&actual_out); EXPECT_EQ(expected_out, actual_out); } TEST_P(HpackEncoderTest, EncodingWithoutCompression) { - encoder_.SetHeaderListener([this](StringPiece name, StringPiece value) { - this->SaveHeaders(name, value); - }); + encoder_.SetHeaderListener( + [this](SpdyStringPiece name, SpdyStringPiece value) { + this->SaveHeaders(name, value); + }); encoder_.DisableCompression(); ExpectNonIndexedLiteral(":path", "/index.html"); @@ -350,9 +350,10 @@ TEST_P(HpackEncoderTest, EncodingWithoutCompression) { } TEST_P(HpackEncoderTest, MultipleEncodingPasses) { - encoder_.SetHeaderListener([this](StringPiece name, StringPiece value) { - this->SaveHeaders(name, value); - }); + encoder_.SetHeaderListener( + [this](SpdyStringPiece name, SpdyStringPiece value) { + this->SaveHeaders(name, value); + }); // Pass 1. { @@ -446,7 +447,7 @@ TEST_P(HpackEncoderTest, PseudoHeadersFirst) { TEST_P(HpackEncoderTest, CookieToCrumbs) { test::HpackEncoderPeer peer(NULL); - std::vector<StringPiece> out; + std::vector<SpdyStringPiece> out; // Leading and trailing whitespace is consumed. A space after ';' is consumed. // All other spaces remain. ';' at beginning and end of string produce empty @@ -480,7 +481,7 @@ TEST_P(HpackEncoderTest, CookieToCrumbs) { TEST_P(HpackEncoderTest, DecomposeRepresentation) { test::HpackEncoderPeer peer(NULL); - std::vector<StringPiece> out; + std::vector<SpdyStringPiece> out; peer.DecomposeRepresentation("", &out); EXPECT_THAT(out, ElementsAre("")); @@ -488,16 +489,16 @@ TEST_P(HpackEncoderTest, DecomposeRepresentation) { peer.DecomposeRepresentation("foobar", &out); EXPECT_THAT(out, ElementsAre("foobar")); - peer.DecomposeRepresentation(StringPiece("foo\0bar", 7), &out); + peer.DecomposeRepresentation(SpdyStringPiece("foo\0bar", 7), &out); EXPECT_THAT(out, ElementsAre("foo", "bar")); - peer.DecomposeRepresentation(StringPiece("\0foo\0bar", 8), &out); + peer.DecomposeRepresentation(SpdyStringPiece("\0foo\0bar", 8), &out); EXPECT_THAT(out, ElementsAre("", "foo", "bar")); - peer.DecomposeRepresentation(StringPiece("foo\0bar\0", 8), &out); + peer.DecomposeRepresentation(SpdyStringPiece("foo\0bar\0", 8), &out); EXPECT_THAT(out, ElementsAre("foo", "bar", "")); - peer.DecomposeRepresentation(StringPiece("\0foo\0bar\0", 9), &out); + peer.DecomposeRepresentation(SpdyStringPiece("\0foo\0bar\0", 9), &out); EXPECT_THAT(out, ElementsAre("", "foo", "bar", "")); } @@ -506,7 +507,7 @@ TEST_P(HpackEncoderTest, DecomposeRepresentation) { TEST_P(HpackEncoderTest, CrumbleNullByteDelimitedValue) { SpdyHeaderBlock headers; // A header field to be crumbled: "spam: foo\0bar". - headers["spam"] = string("foo\0bar", 7); + headers["spam"] = SpdyString("foo\0bar", 7); ExpectIndexedLiteral("spam", "foo"); expected_.AppendPrefix(kLiteralIncrementalIndexOpcode); diff --git a/chromium/net/spdy/hpack/hpack_entry.cc b/chromium/net/spdy/hpack/hpack_entry.cc index 8c5d3d436f2..582d55d209d 100644 --- a/chromium/net/spdy/hpack/hpack_entry.cc +++ b/chromium/net/spdy/hpack/hpack_entry.cc @@ -10,12 +10,10 @@ namespace net { -using base::StringPiece; - const size_t HpackEntry::kSizeOverhead = 32; -HpackEntry::HpackEntry(StringPiece name, - StringPiece value, +HpackEntry::HpackEntry(SpdyStringPiece name, + SpdyStringPiece value, bool is_static, size_t insertion_index) : name_(name.data(), name.size()), @@ -26,7 +24,7 @@ HpackEntry::HpackEntry(StringPiece name, type_(is_static ? STATIC : DYNAMIC), time_added_(0) {} -HpackEntry::HpackEntry(StringPiece name, StringPiece value) +HpackEntry::HpackEntry(SpdyStringPiece name, SpdyStringPiece value) : name_ref_(name), value_ref_(value), insertion_index_(0), @@ -45,8 +43,8 @@ HpackEntry::HpackEntry(const HpackEntry& other) } else { name_ = other.name_; value_ = other.value_; - name_ref_ = StringPiece(name_.data(), name_.size()); - value_ref_ = StringPiece(value_.data(), value_.size()); + name_ref_ = SpdyStringPiece(name_.data(), name_.size()); + value_ref_ = SpdyStringPiece(value_.data(), value_.size()); } } @@ -60,15 +58,15 @@ HpackEntry& HpackEntry::operator=(const HpackEntry& other) { } name_ = other.name_; value_ = other.value_; - name_ref_ = StringPiece(name_.data(), name_.size()); - value_ref_ = StringPiece(value_.data(), value_.size()); + name_ref_ = SpdyStringPiece(name_.data(), name_.size()); + value_ref_ = SpdyStringPiece(value_.data(), value_.size()); return *this; } HpackEntry::~HpackEntry() {} // static -size_t HpackEntry::Size(StringPiece name, StringPiece value) { +size_t HpackEntry::Size(SpdyStringPiece name, SpdyStringPiece value) { return name.size() + value.size() + kSizeOverhead; } @@ -76,10 +74,10 @@ size_t HpackEntry::Size() const { return Size(name(), value()); } -std::string HpackEntry::GetDebugString() const { - return "{ name: \"" + name_ref_.as_string() + "\", value: \"" + - value_ref_.as_string() + "\", index: " + - base::SizeTToString(insertion_index_) + +SpdyString HpackEntry::GetDebugString() const { + return "{ name: \"" + SpdyString(name_ref_) + "\", value: \"" + + SpdyString(value_ref_) + + "\", index: " + base::SizeTToString(insertion_index_) + (IsStatic() ? " static" : (IsLookup() ? " lookup" : " dynamic")) + " }"; } diff --git a/chromium/net/spdy/hpack/hpack_entry.h b/chromium/net/spdy/hpack/hpack_entry.h index bb637d22c34..0d4287f04bc 100644 --- a/chromium/net/spdy/hpack/hpack_entry.h +++ b/chromium/net/spdy/hpack/hpack_entry.h @@ -7,11 +7,10 @@ #include <stddef.h> -#include <string> - #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/base/net_export.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" // All section references below are to // http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-08 @@ -35,15 +34,15 @@ class NET_EXPORT_PRIVATE HpackEntry { // The combination of |is_static| and |insertion_index| allows an // HpackEntryTable to determine the index of an HpackEntry in O(1) time. // Copies |name| and |value|. - HpackEntry(base::StringPiece name, - base::StringPiece value, + HpackEntry(SpdyStringPiece name, + SpdyStringPiece value, bool is_static, size_t insertion_index); // Create a 'lookup' entry (only) suitable for querying a HpackEntrySet. The // instance InsertionIndex() always returns 0 and IsLookup() returns true. // The memory backing |name| and |value| must outlive this object. - HpackEntry(base::StringPiece name, base::StringPiece value); + HpackEntry(SpdyStringPiece name, SpdyStringPiece value); HpackEntry(const HpackEntry& other); HpackEntry& operator=(const HpackEntry& other); @@ -54,8 +53,8 @@ class NET_EXPORT_PRIVATE HpackEntry { ~HpackEntry(); - base::StringPiece name() const { return name_ref_; } - base::StringPiece value() const { return value_ref_; } + SpdyStringPiece name() const { return name_ref_; } + SpdyStringPiece value() const { return value_ref_; } // Returns whether this entry is a member of the static (as opposed to // dynamic) table. @@ -68,10 +67,10 @@ class NET_EXPORT_PRIVATE HpackEntry { size_t InsertionIndex() const { return insertion_index_; } // Returns the size of an entry as defined in 5.1. - static size_t Size(base::StringPiece name, base::StringPiece value); + static size_t Size(SpdyStringPiece name, SpdyStringPiece value); size_t Size() const; - std::string GetDebugString() const; + SpdyString GetDebugString() const; int64_t time_added() const { return time_added_; } void set_time_added(int64_t now) { time_added_ = now; } @@ -87,13 +86,13 @@ class NET_EXPORT_PRIVATE HpackEntry { }; // These members are not used for LOOKUP entries. - std::string name_; - std::string value_; + SpdyString name_; + SpdyString value_; // These members are always valid. For DYNAMIC and STATIC entries, they // always point to |name_| and |value_|. - base::StringPiece name_ref_; - base::StringPiece value_ref_; + SpdyStringPiece name_ref_; + SpdyStringPiece value_ref_; // The entry's index in the total set of entries ever inserted into the header // table. diff --git a/chromium/net/spdy/hpack/hpack_entry_test.cc b/chromium/net/spdy/hpack/hpack_entry_test.cc index eb7de1c3bd7..eda78d0c73e 100644 --- a/chromium/net/spdy/hpack/hpack_entry_test.cc +++ b/chromium/net/spdy/hpack/hpack_entry_test.cc @@ -4,16 +4,12 @@ #include "net/spdy/hpack/hpack_entry.h" -#include <string> - #include "testing/gtest/include/gtest/gtest.h" namespace net { namespace { -using std::string; - class HpackEntryTest : public ::testing::Test { protected: HpackEntryTest() @@ -46,7 +42,7 @@ class HpackEntryTest : public ::testing::Test { return name_.size() + value_.size() + HpackEntry::kSizeOverhead; } - string name_, value_; + SpdyString name_, value_; private: // Referenced by HpackEntry instances. diff --git a/chromium/net/spdy/hpack/hpack_header_table.cc b/chromium/net/spdy/hpack/hpack_header_table.cc index 274e872a716..de4a54c80bd 100644 --- a/chromium/net/spdy/hpack/hpack_header_table.cc +++ b/chromium/net/spdy/hpack/hpack_header_table.cc @@ -14,8 +14,6 @@ namespace net { -using base::StringPiece; - size_t HpackHeaderTable::EntryHasher::operator()( const HpackEntry* entry) const { return base::StringPieceHash()(entry->name()) ^ @@ -63,7 +61,7 @@ const HpackEntry* HpackHeaderTable::GetByIndex(size_t index) { return NULL; } -const HpackEntry* HpackHeaderTable::GetByName(StringPiece name) { +const HpackEntry* HpackHeaderTable::GetByName(SpdyStringPiece name) { { NameToEntryMap::const_iterator it = static_name_index_.find(name); if (it != static_name_index_.end()) { @@ -83,8 +81,8 @@ const HpackEntry* HpackHeaderTable::GetByName(StringPiece name) { return NULL; } -const HpackEntry* HpackHeaderTable::GetByNameAndValue(StringPiece name, - StringPiece value) { +const HpackEntry* HpackHeaderTable::GetByNameAndValue(SpdyStringPiece name, + SpdyStringPiece value) { HpackEntry query(name, value); { UnorderedEntrySet::const_iterator it = static_index_.find(&query); @@ -130,8 +128,8 @@ void HpackHeaderTable::SetSettingsHeaderTableSize(size_t settings_size) { SetMaxSize(settings_size_bound_); } -void HpackHeaderTable::EvictionSet(StringPiece name, - StringPiece value, +void HpackHeaderTable::EvictionSet(SpdyStringPiece name, + SpdyStringPiece value, EntryTable::iterator* begin_out, EntryTable::iterator* end_out) { size_t eviction_count = EvictionCountForEntry(name, value); @@ -139,8 +137,8 @@ void HpackHeaderTable::EvictionSet(StringPiece name, *end_out = dynamic_entries_.end(); } -size_t HpackHeaderTable::EvictionCountForEntry(StringPiece name, - StringPiece value) const { +size_t HpackHeaderTable::EvictionCountForEntry(SpdyStringPiece name, + SpdyStringPiece value) const { size_t available_size = max_size_ - size_; size_t entry_size = HpackEntry::Size(name, value); @@ -186,8 +184,8 @@ void HpackHeaderTable::Evict(size_t count) { } } -const HpackEntry* HpackHeaderTable::TryAddEntry(StringPiece name, - StringPiece value) { +const HpackEntry* HpackHeaderTable::TryAddEntry(SpdyStringPiece name, + SpdyStringPiece value) { Evict(EvictionCountForEntry(name, value)); size_t entry_size = HpackEntry::Size(name, value); diff --git a/chromium/net/spdy/hpack/hpack_header_table.h b/chromium/net/spdy/hpack/hpack_header_table.h index a3b5744f3b8..0cbef3268d1 100644 --- a/chromium/net/spdy/hpack/hpack_header_table.h +++ b/chromium/net/spdy/hpack/hpack_header_table.h @@ -12,9 +12,9 @@ #include <unordered_set> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/base/net_export.h" #include "net/spdy/hpack/hpack_entry.h" +#include "net/spdy/platform/api/spdy_string_piece.h" // All section references below are to http://tools.ietf.org/html/rfc7541. @@ -67,9 +67,8 @@ class NET_EXPORT_PRIVATE HpackHeaderTable { using UnorderedEntrySet = std::unordered_set<HpackEntry*, EntryHasher, EntriesEq>; - using NameToEntryMap = std::unordered_map<base::StringPiece, - const HpackEntry*, - base::StringPieceHash>; + using NameToEntryMap = std:: + unordered_map<SpdyStringPiece, const HpackEntry*, base::StringPieceHash>; HpackHeaderTable(); @@ -87,11 +86,11 @@ class NET_EXPORT_PRIVATE HpackHeaderTable { const HpackEntry* GetByIndex(size_t index); // Returns the lowest-value entry having |name|, or NULL. - const HpackEntry* GetByName(base::StringPiece name); + const HpackEntry* GetByName(SpdyStringPiece name); // Returns the lowest-index matching entry, or NULL. - const HpackEntry* GetByNameAndValue(base::StringPiece name, - base::StringPiece value); + const HpackEntry* GetByNameAndValue(SpdyStringPiece name, + SpdyStringPiece value); // Returns the index of an entry within this header table. size_t IndexOf(const HpackEntry* entry) const; @@ -107,8 +106,8 @@ class NET_EXPORT_PRIVATE HpackHeaderTable { // Determine the set of entries which would be evicted by the insertion // of |name| & |value| into the table, as per section 4.4. No eviction // actually occurs. The set is returned via range [begin_out, end_out). - void EvictionSet(base::StringPiece name, - base::StringPiece value, + void EvictionSet(SpdyStringPiece name, + SpdyStringPiece value, EntryTable::iterator* begin_out, EntryTable::iterator* end_out); @@ -116,8 +115,7 @@ class NET_EXPORT_PRIVATE HpackHeaderTable { // and |value| must not be owned by an entry which could be evicted. The // added HpackEntry is returned, or NULL is returned if all entries were // evicted and the empty table is of insufficent size for the representation. - const HpackEntry* TryAddEntry(base::StringPiece name, - base::StringPiece value); + const HpackEntry* TryAddEntry(SpdyStringPiece name, SpdyStringPiece value); void DebugLogTableState() const; @@ -130,8 +128,8 @@ class NET_EXPORT_PRIVATE HpackHeaderTable { private: // Returns number of evictions required to enter |name| & |value|. - size_t EvictionCountForEntry(base::StringPiece name, - base::StringPiece value) const; + size_t EvictionCountForEntry(SpdyStringPiece name, + SpdyStringPiece value) const; // Returns number of evictions required to reclaim |reclaim_size| table size. size_t EvictionCountToReclaim(size_t reclaim_size) const; diff --git a/chromium/net/spdy/hpack/hpack_header_table_test.cc b/chromium/net/spdy/hpack/hpack_header_table_test.cc index 410e82ffc3c..f46968eaecd 100644 --- a/chromium/net/spdy/hpack/hpack_header_table_test.cc +++ b/chromium/net/spdy/hpack/hpack_header_table_test.cc @@ -6,20 +6,18 @@ #include <algorithm> #include <set> -#include <string> #include <vector> #include "base/macros.h" #include "net/spdy/hpack/hpack_constants.h" #include "net/spdy/hpack/hpack_entry.h" +#include "net/spdy/platform/api/spdy_string.h" #include "net/spdy/spdy_flags.h" #include "testing/gtest/include/gtest/gtest.h" namespace net { -using base::StringPiece; using std::distance; -using std::string; namespace test { @@ -36,7 +34,8 @@ class HpackHeaderTablePeer { size_t index_size() { return table_->static_index_.size() + table_->dynamic_index_.size(); } - std::vector<HpackEntry*> EvictionSet(StringPiece name, StringPiece value) { + std::vector<HpackEntry*> EvictionSet(SpdyStringPiece name, + SpdyStringPiece value) { HpackHeaderTable::EntryTable::iterator begin, end; table_->EvictionSet(name, value, &begin, &end); std::vector<HpackEntry*> result; @@ -47,7 +46,7 @@ class HpackHeaderTablePeer { } size_t total_insertions() { return table_->total_insertions_; } size_t dynamic_entries_count() { return table_->dynamic_entries_.size(); } - size_t EvictionCountForEntry(StringPiece name, StringPiece value) { + size_t EvictionCountForEntry(SpdyStringPiece name, SpdyStringPiece value) { return table_->EvictionCountForEntry(name, value); } size_t EvictionCountToReclaim(size_t reclaim_size) { @@ -55,7 +54,7 @@ class HpackHeaderTablePeer { } void Evict(size_t count) { return table_->Evict(count); } - void AddDynamicEntry(StringPiece name, StringPiece value) { + void AddDynamicEntry(SpdyStringPiece name, SpdyStringPiece value) { table_->dynamic_entries_.push_back( HpackEntry(name, value, false, table_->total_insertions_++)); } @@ -77,8 +76,8 @@ class HpackHeaderTableTest : public ::testing::Test { // Returns an entry whose Size() is equal to the given one. static HpackEntry MakeEntryOfSize(uint32_t size) { EXPECT_GE(size, HpackEntry::kSizeOverhead); - string name((size - HpackEntry::kSizeOverhead) / 2, 'n'); - string value(size - HpackEntry::kSizeOverhead - name.size(), 'v'); + SpdyString name((size - HpackEntry::kSizeOverhead) / 2, 'n'); + SpdyString value(size - HpackEntry::kSizeOverhead - name.size(), 'v'); HpackEntry entry(name, value, false, 0); EXPECT_EQ(size, entry.Size()); return entry; @@ -124,7 +123,7 @@ class HpackHeaderTableTest : public ::testing::Test { } } - HpackEntry DynamicEntry(string name, string value) { + HpackEntry DynamicEntry(const SpdyString& name, const SpdyString& value) { peer_.AddDynamicEntry(name, value); return peer_.dynamic_entries().back(); } @@ -259,7 +258,7 @@ TEST_F(HpackHeaderTableTest, EntryIndexing) { } TEST_F(HpackHeaderTableTest, SetSizes) { - string key = "key", value = "value"; + SpdyString key = "key", value = "value"; const HpackEntry* entry1 = table_.TryAddEntry(key, value); const HpackEntry* entry2 = table_.TryAddEntry(key, value); const HpackEntry* entry3 = table_.TryAddEntry(key, value); @@ -291,7 +290,7 @@ TEST_F(HpackHeaderTableTest, SetSizes) { } TEST_F(HpackHeaderTableTest, EvictionCountForEntry) { - string key = "key", value = "value"; + SpdyString key = "key", value = "value"; const HpackEntry* entry1 = table_.TryAddEntry(key, value); const HpackEntry* entry2 = table_.TryAddEntry(key, value); size_t entry3_size = HpackEntry::Size(key, value); @@ -308,7 +307,7 @@ TEST_F(HpackHeaderTableTest, EvictionCountForEntry) { } TEST_F(HpackHeaderTableTest, EvictionCountToReclaim) { - string key = "key", value = "value"; + SpdyString key = "key", value = "value"; const HpackEntry* entry1 = table_.TryAddEntry(key, value); const HpackEntry* entry2 = table_.TryAddEntry(key, value); diff --git a/chromium/net/spdy/hpack/hpack_huffman_decoder.cc b/chromium/net/spdy/hpack/hpack_huffman_decoder.cc index dcb512cb76a..49f9dae6ad2 100644 --- a/chromium/net/spdy/hpack/hpack_huffman_decoder.cc +++ b/chromium/net/spdy/hpack/hpack_huffman_decoder.cc @@ -298,12 +298,12 @@ char HpackHuffmanDecoder::CanonicalToSource(HuffmanWord canonical) { } // TODO(jamessynge): Maybe further refactorings, including just passing in a -// StringPiece instead of an HpackInputStream, thus avoiding the PeekBits calls, -// and also allowing us to separate the code into portions dealing with long -// strings, and a later portion dealing with the last few bytes of strings. +// SpdyStringPiece instead of an HpackInputStream, thus avoiding the PeekBits +// calls, and also allowing us to separate the code into portions dealing with +// long strings, and a later portion dealing with the last few bytes of strings. // TODO(jamessynge): Determine if that is worth it by adding some counters to // measure the distribution of string sizes seen in practice. -bool HpackHuffmanDecoder::DecodeString(HpackInputStream* in, std::string* out) { +bool HpackHuffmanDecoder::DecodeString(HpackInputStream* in, SpdyString* out) { out->clear(); // Load |bits| with the leading bits of the input stream, left justified diff --git a/chromium/net/spdy/hpack/hpack_huffman_decoder.h b/chromium/net/spdy/hpack/hpack_huffman_decoder.h index 50c3dc4c558..802701419ff 100644 --- a/chromium/net/spdy/hpack/hpack_huffman_decoder.h +++ b/chromium/net/spdy/hpack/hpack_huffman_decoder.h @@ -8,10 +8,9 @@ #include <stddef.h> #include <stdint.h> -#include <string> - #include "net/base/net_export.h" #include "net/spdy/hpack/hpack_input_stream.h" +#include "net/spdy/platform/api/spdy_string.h" namespace net { namespace test { @@ -35,7 +34,7 @@ class NET_EXPORT_PRIVATE HpackHuffmanDecoder { // DecodeString() halts when |in| runs out of input, in which case true is // returned. It also halts (returning false) if an invalid Huffman code // prefix is read. - static bool DecodeString(HpackInputStream* in, std::string* out); + static bool DecodeString(HpackInputStream* in, SpdyString* out); private: friend class test::HpackHuffmanDecoderPeer; diff --git a/chromium/net/spdy/hpack/hpack_huffman_decoder_test.cc b/chromium/net/spdy/hpack/hpack_huffman_decoder_test.cc index fa987704c0f..6b86b5fb3c1 100644 --- a/chromium/net/spdy/hpack/hpack_huffman_decoder_test.cc +++ b/chromium/net/spdy/hpack/hpack_huffman_decoder_test.cc @@ -10,16 +10,14 @@ #include "base/logging.h" #include "base/macros.h" #include "base/rand_util.h" -#include "base/strings/string_piece.h" #include "net/spdy/hpack/hpack_constants.h" #include "net/spdy/hpack/hpack_huffman_table.h" #include "net/spdy/hpack/hpack_input_stream.h" #include "net/spdy/hpack/hpack_output_stream.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/spdy_test_utils.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; - namespace net { namespace test { @@ -74,7 +72,7 @@ class HpackHuffmanDecoderTest : public ::testing::Test { HpackHuffmanDecoderPeer::CanonicalToSource(canonical)); } - void EncodeString(StringPiece input, std::string* encoded) { + void EncodeString(SpdyStringPiece input, SpdyString* encoded) { HpackOutputStream output_stream; table_.EncodeString(input, &output_stream); encoded->clear(); @@ -83,8 +81,8 @@ class HpackHuffmanDecoderTest : public ::testing::Test { EXPECT_EQ(encoded->size(), table_.EncodedSize(input)); } - std::string EncodeString(StringPiece input) { - std::string result; + SpdyString EncodeString(SpdyStringPiece input) { + SpdyString result; EncodeString(input, &result); return result; } @@ -164,8 +162,8 @@ TEST_F(HpackHuffmanDecoderTest, DecodeToSource) { } TEST_F(HpackHuffmanDecoderTest, SpecRequestExamples) { - std::string buffer; - std::string test_table[] = { + SpdyString buffer; + SpdyString test_table[] = { a2b_hex("f1e3c2e5f23a6ba0ab90f4ff"), "www.example.com", a2b_hex("a8eb10649cbf"), @@ -177,8 +175,8 @@ TEST_F(HpackHuffmanDecoderTest, SpecRequestExamples) { }; // Round-trip each test example. for (size_t i = 0; i != arraysize(test_table); i += 2) { - const std::string& encodedFixture(test_table[i]); - const std::string& decodedFixture(test_table[i + 1]); + const SpdyString& encodedFixture(test_table[i]); + const SpdyString& decodedFixture(test_table[i + 1]); HpackInputStream input_stream(encodedFixture); EXPECT_TRUE(HpackHuffmanDecoder::DecodeString(&input_stream, &buffer)); EXPECT_EQ(decodedFixture, buffer); @@ -188,9 +186,9 @@ TEST_F(HpackHuffmanDecoderTest, SpecRequestExamples) { } TEST_F(HpackHuffmanDecoderTest, SpecResponseExamples) { - std::string buffer; + SpdyString buffer; // clang-format off - std::string test_table[] = { + SpdyString test_table[] = { a2b_hex("6402"), "302", a2b_hex("aec3771a4b"), @@ -209,8 +207,8 @@ TEST_F(HpackHuffmanDecoderTest, SpecResponseExamples) { // clang-format on // Round-trip each test example. for (size_t i = 0; i != arraysize(test_table); i += 2) { - const std::string& encodedFixture(test_table[i]); - const std::string& decodedFixture(test_table[i + 1]); + const SpdyString& encodedFixture(test_table[i]); + const SpdyString& decodedFixture(test_table[i + 1]); HpackInputStream input_stream(encodedFixture); EXPECT_TRUE(HpackHuffmanDecoder::DecodeString(&input_stream, &buffer)); EXPECT_EQ(decodedFixture, buffer); @@ -223,9 +221,9 @@ TEST_F(HpackHuffmanDecoderTest, RoundTripIndividualSymbols) { for (size_t i = 0; i != 256; i++) { char c = static_cast<char>(i); char storage[3] = {c, c, c}; - StringPiece input(storage, arraysize(storage)); - std::string buffer_in = EncodeString(input); - std::string buffer_out; + SpdyStringPiece input(storage, arraysize(storage)); + SpdyString buffer_in = EncodeString(input); + SpdyString buffer_out; HpackInputStream input_stream(buffer_in); EXPECT_TRUE(HpackHuffmanDecoder::DecodeString(&input_stream, &buffer_out)); EXPECT_EQ(input, buffer_out); @@ -235,9 +233,9 @@ TEST_F(HpackHuffmanDecoderTest, RoundTripIndividualSymbols) { // Creates 256 input strings, each with a unique byte value i used to sandwich // all the other higher byte values. TEST_F(HpackHuffmanDecoderTest, RoundTripSymbolSequences) { - std::string input; - std::string encoded; - std::string decoded; + SpdyString input; + SpdyString encoded; + SpdyString decoded; for (size_t i = 0; i != 256; i++) { input.clear(); auto ic = static_cast<char>(i); diff --git a/chromium/net/spdy/hpack/hpack_huffman_table.cc b/chromium/net/spdy/hpack/hpack_huffman_table.cc index 1b83526d31d..a398d263a73 100644 --- a/chromium/net/spdy/hpack/hpack_huffman_table.cc +++ b/chromium/net/spdy/hpack/hpack_huffman_table.cc @@ -16,9 +16,6 @@ namespace net { -using base::StringPiece; -using std::string; - namespace { // How many bits to index in the root decode table. @@ -219,7 +216,7 @@ bool HpackHuffmanTable::IsInitialized() const { return !code_by_id_.empty(); } -void HpackHuffmanTable::EncodeString(StringPiece in, +void HpackHuffmanTable::EncodeString(SpdyStringPiece in, HpackOutputStream* out) const { size_t bit_remnant = 0; for (size_t i = 0; i != in.size(); i++) { @@ -252,7 +249,7 @@ void HpackHuffmanTable::EncodeString(StringPiece in, } } -size_t HpackHuffmanTable::EncodedSize(StringPiece in) const { +size_t HpackHuffmanTable::EncodedSize(SpdyStringPiece in) const { size_t bit_count = 0; for (size_t i = 0; i != in.size(); i++) { uint16_t symbol_id = static_cast<uint8_t>(in[i]); @@ -267,7 +264,7 @@ size_t HpackHuffmanTable::EncodedSize(StringPiece in) const { } bool HpackHuffmanTable::GenericDecodeString(HpackInputStream* in, - string* out) const { + SpdyString* out) const { // Number of decode iterations required for a 32-bit code. const int kDecodeIterations = static_cast<int>( std::ceil((32.f - kDecodeTableRootBits) / kDecodeTableBranchBits)); diff --git a/chromium/net/spdy/hpack/hpack_huffman_table.h b/chromium/net/spdy/hpack/hpack_huffman_table.h index 386e2aaaa3e..b2937a18ff1 100644 --- a/chromium/net/spdy/hpack/hpack_huffman_table.h +++ b/chromium/net/spdy/hpack/hpack_huffman_table.h @@ -8,12 +8,12 @@ #include <stdint.h> #include <cstddef> -#include <string> #include <vector> -#include "base/strings/string_piece.h" #include "net/base/net_export.h" #include "net/spdy/hpack/hpack_constants.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" namespace net { @@ -77,10 +77,10 @@ class NET_EXPORT_PRIVATE HpackHuffmanTable { // Encodes the input string to the output stream using the table's Huffman // context. - void EncodeString(base::StringPiece in, HpackOutputStream* out) const; + void EncodeString(SpdyStringPiece in, HpackOutputStream* out) const; // Returns the encoded size of the input string. - size_t EncodedSize(base::StringPiece in) const; + size_t EncodedSize(SpdyStringPiece in) const; // Decodes symbols from |in| into |out|, using the support for generic (any) // huffman tables, not just those defined in the HPACK spec. It is the @@ -91,8 +91,7 @@ class NET_EXPORT_PRIVATE HpackHuffmanTable { // otherwise be overflowed. // DEPRECATED: HpackHuffmanDecoder is now used for decoding strings encoded // according to the Huffman Table in the HPACK spec. - bool GenericDecodeString(HpackInputStream* in, - std::string* out) const; + bool GenericDecodeString(HpackInputStream* in, SpdyString* out) const; // Returns the estimate of dynamically allocated memory in bytes. size_t EstimateMemoryUsage() const; diff --git a/chromium/net/spdy/hpack/hpack_huffman_table_test.cc b/chromium/net/spdy/hpack/hpack_huffman_table_test.cc index adff4c683a5..3becdbb5c57 100644 --- a/chromium/net/spdy/hpack/hpack_huffman_table_test.cc +++ b/chromium/net/spdy/hpack/hpack_huffman_table_test.cc @@ -7,7 +7,6 @@ #include <stdint.h> #include <bitset> -#include <string> #include <utility> #include "base/logging.h" @@ -20,8 +19,6 @@ #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; -using std::string; using testing::ElementsAreArray; using testing::Pointwise; @@ -67,8 +64,8 @@ class GenericHuffmanTableTest : public ::testing::TestWithParam<bool> { protected: GenericHuffmanTableTest() : table_(), peer_(table_) {} - string EncodeString(StringPiece input) { - string result; + SpdyString EncodeString(SpdyStringPiece input) { + SpdyString result; HpackOutputStream output_stream; table_.EncodeString(input, &output_stream); @@ -89,10 +86,10 @@ MATCHER(DecodeEntryEq, "") { lhs.length == rhs.length && lhs.symbol_id == rhs.symbol_id; } -uint32_t bits32(const string& bitstring) { +uint32_t bits32(const SpdyString& bitstring) { return std::bitset<32>(bitstring).to_ulong(); } -char bits8(const string& bitstring) { +char bits8(const SpdyString& bitstring) { return static_cast<char>(std::bitset<8>(bitstring).to_ulong()); } @@ -229,16 +226,16 @@ TEST_F(GenericHuffmanTableTest, ValidateInternalsWithSmallCode) { EXPECT_EQ(bits8("10011000"), peer_.pad_bits()); char input_storage[] = {2, 3, 2, 7, 4}; - StringPiece input(input_storage, arraysize(input_storage)); + SpdyStringPiece input(input_storage, arraysize(input_storage)); // By symbol: (2) 00 (3) 010 (2) 00 (7) 10010 (4) 10000 (6 as pad) 1001100. char expect_storage[] = {bits8("00010001"), bits8("00101000"), bits8("01001100")}; - StringPiece expect(expect_storage, arraysize(expect_storage)); + SpdyStringPiece expect(expect_storage, arraysize(expect_storage)); - string buffer_in = EncodeString(input); + SpdyString buffer_in = EncodeString(input); EXPECT_EQ(expect, buffer_in); - string buffer_out; + SpdyString buffer_out; HpackInputStream input_stream(buffer_in); EXPECT_TRUE(table_.GenericDecodeString(&input_stream, &buffer_out)); EXPECT_EQ(buffer_out, input); @@ -297,11 +294,11 @@ TEST_F(GenericHuffmanTableTest, DecodeWithBadInput) { {bits32("10011100000000000000000000000000"), 16, 8}}; EXPECT_TRUE(table_.Initialize(code, arraysize(code))); - string buffer; + SpdyString buffer; { // This example works: (2) 00 (3) 010 (2) 00 (6) 100110 (pad) 100. char input_storage[] = {bits8("00010001"), bits8("00110100")}; - StringPiece input(input_storage, arraysize(input_storage)); + SpdyStringPiece input(input_storage, arraysize(input_storage)); HpackInputStream input_stream(input); EXPECT_TRUE(table_.GenericDecodeString(&input_stream, &buffer)); @@ -311,7 +308,7 @@ TEST_F(GenericHuffmanTableTest, DecodeWithBadInput) { // Expect to fail on an invalid code prefix. // (2) 00 (3) 010 (2) 00 (too-large) 101000 (pad) 100. char input_storage[] = {bits8("00010001"), bits8("01000111")}; - StringPiece input(input_storage, arraysize(input_storage)); + SpdyStringPiece input(input_storage, arraysize(input_storage)); HpackInputStream input_stream(input); EXPECT_FALSE(table_.GenericDecodeString(&input_stream, &buffer)); @@ -321,7 +318,7 @@ TEST_F(GenericHuffmanTableTest, DecodeWithBadInput) { // Expect to fail if more than a byte of unconsumed input remains. // (6) 100110 (8 truncated) 1001110000 char input_storage[] = {bits8("10011010"), bits8("01110000")}; - StringPiece input(input_storage, arraysize(input_storage)); + SpdyStringPiece input(input_storage, arraysize(input_storage)); HpackInputStream input_stream(input); EXPECT_FALSE(table_.GenericDecodeString(&input_stream, &buffer)); @@ -339,7 +336,7 @@ class HpackHuffmanTableTest : public GenericHuffmanTableTest { EXPECT_TRUE(table_.IsInitialized()); } - void DecodeStringTwice(const string& encoded, string* out) { + void DecodeStringTwice(const SpdyString& encoded, SpdyString* out) { // First decode with HpackHuffmanTable. { HpackInputStream input_stream(encoded); @@ -349,7 +346,7 @@ class HpackHuffmanTableTest : public GenericHuffmanTableTest { // the same. { HpackInputStream input_stream(encoded); - string buf; + SpdyString buf; EXPECT_TRUE(HpackHuffmanDecoder::DecodeString(&input_stream, &buf)); EXPECT_EQ(*out, buf); } @@ -361,8 +358,8 @@ TEST_F(HpackHuffmanTableTest, InitializeHpackCode) { } TEST_F(HpackHuffmanTableTest, SpecRequestExamples) { - string buffer; - string test_table[] = { + SpdyString buffer; + SpdyString test_table[] = { a2b_hex("f1e3c2e5f23a6ba0ab90f4ff"), "www.example.com", a2b_hex("a8eb10649cbf"), @@ -374,8 +371,8 @@ TEST_F(HpackHuffmanTableTest, SpecRequestExamples) { }; // Round-trip each test example. for (size_t i = 0; i != arraysize(test_table); i += 2) { - const string& encodedFixture(test_table[i]); - const string& decodedFixture(test_table[i + 1]); + const SpdyString& encodedFixture(test_table[i]); + const SpdyString& decodedFixture(test_table[i + 1]); DecodeStringTwice(encodedFixture, &buffer); EXPECT_EQ(decodedFixture, buffer); buffer = EncodeString(decodedFixture); @@ -384,23 +381,27 @@ TEST_F(HpackHuffmanTableTest, SpecRequestExamples) { } TEST_F(HpackHuffmanTableTest, SpecResponseExamples) { - string buffer; - string test_table[] = { - a2b_hex("6402"), "302", a2b_hex("aec3771a4b"), "private", + SpdyString buffer; + SpdyString test_table[] = { + a2b_hex("6402"), + "302", + a2b_hex("aec3771a4b"), + "private", a2b_hex("d07abe941054d444a8200595040b8166" "e082a62d1bff"), "Mon, 21 Oct 2013 20:13:21 GMT", a2b_hex("9d29ad171863c78f0b97c8e9ae82ae43" "d3"), - "https://www.example.com", a2b_hex("94e7821dd7f2e6c7b335dfdfcd5b3960" - "d5af27087f3672c1ab270fb5291f9587" - "316065c003ed4ee5b1063d5007"), + "https://www.example.com", + a2b_hex("94e7821dd7f2e6c7b335dfdfcd5b3960" + "d5af27087f3672c1ab270fb5291f9587" + "316065c003ed4ee5b1063d5007"), "foo=ASDJKHQKBZXOQWEOPIUAXQWEOIU; max-age=3600; version=1", }; // Round-trip each test example. for (size_t i = 0; i != arraysize(test_table); i += 2) { - const string& encodedFixture(test_table[i]); - const string& decodedFixture(test_table[i + 1]); + const SpdyString& encodedFixture(test_table[i]); + const SpdyString& decodedFixture(test_table[i + 1]); DecodeStringTwice(encodedFixture, &buffer); EXPECT_EQ(decodedFixture, buffer); buffer = EncodeString(decodedFixture); @@ -412,9 +413,9 @@ TEST_F(HpackHuffmanTableTest, RoundTripIndividualSymbols) { for (size_t i = 0; i != 256; i++) { char c = static_cast<char>(i); char storage[3] = {c, c, c}; - StringPiece input(storage, arraysize(storage)); - string buffer_in = EncodeString(input); - string buffer_out; + SpdyStringPiece input(storage, arraysize(storage)); + SpdyString buffer_in = EncodeString(input); + SpdyString buffer_out; DecodeStringTwice(buffer_in, &buffer_out); EXPECT_EQ(input, buffer_out); } @@ -426,23 +427,23 @@ TEST_F(HpackHuffmanTableTest, RoundTripSymbolSequence) { storage[i] = static_cast<char>(i); storage[511 - i] = static_cast<char>(i); } - StringPiece input(storage, arraysize(storage)); + SpdyStringPiece input(storage, arraysize(storage)); - string buffer_in = EncodeString(input); - string buffer_out; + SpdyString buffer_in = EncodeString(input); + SpdyString buffer_out; DecodeStringTwice(buffer_in, &buffer_out); EXPECT_EQ(input, buffer_out); } TEST_F(HpackHuffmanTableTest, EncodedSizeAgreesWithEncodeString) { - string test_table[] = { + SpdyString test_table[] = { "", "Mon, 21 Oct 2013 20:13:21 GMT", "https://www.example.com", "foo=ASDJKHQKBZXOQWEOPIUAXQWEOIU; max-age=3600; version=1", - string(1, '\0'), - string("foo\0bar", 7), - string(256, '\0'), + SpdyString(1, '\0'), + SpdyString("foo\0bar", 7), + SpdyString(256, '\0'), }; for (size_t i = 0; i != 256; ++i) { // Expand last |test_table| entry to cover all codes. @@ -450,7 +451,7 @@ TEST_F(HpackHuffmanTableTest, EncodedSizeAgreesWithEncodeString) { } HpackOutputStream output_stream; - string encoding; + SpdyString encoding; for (size_t i = 0; i != arraysize(test_table); ++i) { table_.EncodeString(test_table[i], &output_stream); output_stream.TakeString(&encoding); diff --git a/chromium/net/spdy/hpack/hpack_input_stream.cc b/chromium/net/spdy/hpack/hpack_input_stream.cc index 6008d5cdbc7..9cc27f5ae7e 100644 --- a/chromium/net/spdy/hpack/hpack_input_stream.cc +++ b/chromium/net/spdy/hpack/hpack_input_stream.cc @@ -12,10 +12,7 @@ namespace net { -using base::StringPiece; -using std::string; - -HpackInputStream::HpackInputStream(StringPiece buffer) +HpackInputStream::HpackInputStream(SpdyStringPiece buffer) : buffer_(buffer), bit_offset_(0), parsed_bytes_(0), @@ -119,7 +116,7 @@ bool HpackInputStream::DecodeNextUint32(uint32_t* I) { return !has_more; } -bool HpackInputStream::DecodeNextIdentityString(StringPiece* str) { +bool HpackInputStream::DecodeNextIdentityString(SpdyStringPiece* str) { uint32_t size = 0; if (!DecodeNextUint32(&size)) { return false; @@ -130,13 +127,13 @@ bool HpackInputStream::DecodeNextIdentityString(StringPiece* str) { return false; } - *str = StringPiece(buffer_.data(), size); + *str = SpdyStringPiece(buffer_.data(), size); buffer_.remove_prefix(size); parsed_bytes_current_ += size; return true; } -bool HpackInputStream::DecodeNextHuffmanString(string* str) { +bool HpackInputStream::DecodeNextHuffmanString(SpdyString* str) { uint32_t encoded_size = 0; if (!DecodeNextUint32(&encoded_size)) { if (!need_more_data_) { diff --git a/chromium/net/spdy/hpack/hpack_input_stream.h b/chromium/net/spdy/hpack/hpack_input_stream.h index 95791bb84cc..5eff5627be2 100644 --- a/chromium/net/spdy/hpack/hpack_input_stream.h +++ b/chromium/net/spdy/hpack/hpack_input_stream.h @@ -8,14 +8,14 @@ #include <stddef.h> #include <stdint.h> -#include <string> #include <utility> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/base/net_export.h" #include "net/spdy/hpack/hpack_constants.h" #include "net/spdy/hpack/hpack_huffman_table.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" // All section references below are to // http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-08 @@ -34,7 +34,7 @@ class NET_EXPORT_PRIVATE HpackInputStream { public: friend class test::HpackInputStreamPeer; - explicit HpackInputStream(base::StringPiece buffer); + explicit HpackInputStream(SpdyStringPiece buffer); ~HpackInputStream(); // Returns whether or not there is more data to process. @@ -48,8 +48,8 @@ class NET_EXPORT_PRIVATE HpackInputStream { // decoding was successful, or false if an error was encountered. bool DecodeNextUint32(uint32_t* I); - bool DecodeNextIdentityString(base::StringPiece* str); - bool DecodeNextHuffmanString(std::string* str); + bool DecodeNextIdentityString(SpdyStringPiece* str); + bool DecodeNextHuffmanString(SpdyString* str); // Stores input bits into the most-significant, unfilled bits of |out|. // |peeked_count| is the number of filled bits in |out| which have been @@ -90,7 +90,7 @@ class NET_EXPORT_PRIVATE HpackInputStream { bool NeedMoreData() const; private: - base::StringPiece buffer_; + SpdyStringPiece buffer_; size_t bit_offset_; // Total number of bytes parsed successfully. Only get updated when an // opcode is parsed successfully. diff --git a/chromium/net/spdy/hpack/hpack_input_stream_test.cc b/chromium/net/spdy/hpack/hpack_input_stream_test.cc index 1f3627566c9..7f1df8058aa 100644 --- a/chromium/net/spdy/hpack/hpack_input_stream_test.cc +++ b/chromium/net/spdy/hpack/hpack_input_stream_test.cc @@ -5,11 +5,9 @@ #include "net/spdy/hpack/hpack_input_stream.h" #include <bitset> -#include <string> #include <vector> #include "base/logging.h" -#include "base/strings/string_piece.h" #include "net/spdy/hpack/hpack_constants.h" #include "net/spdy/spdy_test_utils.h" #include "net/test/gtest_util.h" @@ -19,8 +17,6 @@ namespace net { namespace test { -using base::StringPiece; -using std::string; using test::a2b_hex; // Hex representation of encoded length and Huffman string. @@ -50,7 +46,7 @@ class HpackInputStreamPeer { // Utility function to decode an assumed-valid uint32_t with an N-bit // prefix. -uint32_t DecodeValidUint32(uint8_t N, StringPiece str) { +uint32_t DecodeValidUint32(uint8_t N, SpdyStringPiece str) { EXPECT_GT(N, 0); EXPECT_LE(N, 8); HpackInputStream input_stream(str); @@ -65,7 +61,7 @@ uint32_t DecodeValidUint32(uint8_t N, StringPiece str) { // Utility function to decode an assumed-invalid uint32_t with an N-bit // prefix. -void ExpectDecodeUint32Invalid(uint8_t N, StringPiece str) { +void ExpectDecodeUint32Invalid(uint8_t N, SpdyStringPiece str) { EXPECT_GT(N, 0); EXPECT_LE(N, 8); HpackInputStream input_stream(str); @@ -75,7 +71,7 @@ void ExpectDecodeUint32Invalid(uint8_t N, StringPiece str) { EXPECT_FALSE(input_stream.DecodeNextUint32(&I)); } -uint32_t bits32(const string& bitstring) { +uint32_t bits32(const SpdyString& bitstring) { return std::bitset<32>(bitstring).to_ulong(); } @@ -85,7 +81,7 @@ uint32_t bits32(const string& bitstring) { TEST(HpackInputStreamTest, OneByteIntegersEightBitPrefix) { // Minimum. - EXPECT_EQ(0x00u, DecodeValidUint32(8, string("\x00", 1))); + EXPECT_EQ(0x00u, DecodeValidUint32(8, SpdyString("\x00", 1))); EXPECT_EQ(0x7fu, DecodeValidUint32(8, "\x7f")); // Maximum. EXPECT_EQ(0xfeu, DecodeValidUint32(8, "\xfe")); @@ -95,7 +91,7 @@ TEST(HpackInputStreamTest, OneByteIntegersEightBitPrefix) { TEST(HpackInputStreamTest, TwoByteIntegersEightBitPrefix) { // Minimum. - EXPECT_EQ(0xffu, DecodeValidUint32(8, string("\xff\x00", 2))); + EXPECT_EQ(0xffu, DecodeValidUint32(8, SpdyString("\xff\x00", 2))); EXPECT_EQ(0x0100u, DecodeValidUint32(8, "\xff\x01")); // Maximum. EXPECT_EQ(0x017eu, DecodeValidUint32(8, "\xff\x7f")); @@ -168,19 +164,19 @@ TEST(HpackInputStreamTest, SevenByteIntegersEightBitPrefix) { TEST(HpackInputStreamTest, OneByteIntegersOneToSevenBitPrefixes) { // Minimums. - EXPECT_EQ(0x00u, DecodeValidUint32(7, string("\x00", 1))); + EXPECT_EQ(0x00u, DecodeValidUint32(7, SpdyString("\x00", 1))); EXPECT_EQ(0x00u, DecodeValidUint32(7, "\x80")); - EXPECT_EQ(0x00u, DecodeValidUint32(6, string("\x00", 1))); + EXPECT_EQ(0x00u, DecodeValidUint32(6, SpdyString("\x00", 1))); EXPECT_EQ(0x00u, DecodeValidUint32(6, "\xc0")); - EXPECT_EQ(0x00u, DecodeValidUint32(5, string("\x00", 1))); + EXPECT_EQ(0x00u, DecodeValidUint32(5, SpdyString("\x00", 1))); EXPECT_EQ(0x00u, DecodeValidUint32(5, "\xe0")); - EXPECT_EQ(0x00u, DecodeValidUint32(4, string("\x00", 1))); + EXPECT_EQ(0x00u, DecodeValidUint32(4, SpdyString("\x00", 1))); EXPECT_EQ(0x00u, DecodeValidUint32(4, "\xf0")); - EXPECT_EQ(0x00u, DecodeValidUint32(3, string("\x00", 1))); + EXPECT_EQ(0x00u, DecodeValidUint32(3, SpdyString("\x00", 1))); EXPECT_EQ(0x00u, DecodeValidUint32(3, "\xf8")); - EXPECT_EQ(0x00u, DecodeValidUint32(2, string("\x00", 1))); + EXPECT_EQ(0x00u, DecodeValidUint32(2, SpdyString("\x00", 1))); EXPECT_EQ(0x00u, DecodeValidUint32(2, "\xfc")); - EXPECT_EQ(0x00u, DecodeValidUint32(1, string("\x00", 1))); + EXPECT_EQ(0x00u, DecodeValidUint32(1, SpdyString("\x00", 1))); EXPECT_EQ(0x00u, DecodeValidUint32(1, "\xfe")); // Maximums. @@ -196,7 +192,7 @@ TEST(HpackInputStreamTest, OneByteIntegersOneToSevenBitPrefixes) { EXPECT_EQ(0x06u, DecodeValidUint32(3, "\xfe")); EXPECT_EQ(0x02u, DecodeValidUint32(2, "\x02")); EXPECT_EQ(0x02u, DecodeValidUint32(2, "\xfe")); - EXPECT_EQ(0x00u, DecodeValidUint32(1, string("\x00", 1))); + EXPECT_EQ(0x00u, DecodeValidUint32(1, SpdyString("\x00", 1))); EXPECT_EQ(0x00u, DecodeValidUint32(1, "\xfe")); // Invalid. @@ -218,20 +214,20 @@ TEST(HpackInputStreamTest, OneByteIntegersOneToSevenBitPrefixes) { TEST(HpackInputStreamTest, TwoByteIntegersOneToSevenBitPrefixes) { // Minimums. - EXPECT_EQ(0x7fu, DecodeValidUint32(7, string("\x7f\x00", 2))); - EXPECT_EQ(0x7fu, DecodeValidUint32(7, string("\xff\x00", 2))); - EXPECT_EQ(0x3fu, DecodeValidUint32(6, string("\x3f\x00", 2))); - EXPECT_EQ(0x3fu, DecodeValidUint32(6, string("\xff\x00", 2))); - EXPECT_EQ(0x1fu, DecodeValidUint32(5, string("\x1f\x00", 2))); - EXPECT_EQ(0x1fu, DecodeValidUint32(5, string("\xff\x00", 2))); - EXPECT_EQ(0x0fu, DecodeValidUint32(4, string("\x0f\x00", 2))); - EXPECT_EQ(0x0fu, DecodeValidUint32(4, string("\xff\x00", 2))); - EXPECT_EQ(0x07u, DecodeValidUint32(3, string("\x07\x00", 2))); - EXPECT_EQ(0x07u, DecodeValidUint32(3, string("\xff\x00", 2))); - EXPECT_EQ(0x03u, DecodeValidUint32(2, string("\x03\x00", 2))); - EXPECT_EQ(0x03u, DecodeValidUint32(2, string("\xff\x00", 2))); - EXPECT_EQ(0x01u, DecodeValidUint32(1, string("\x01\x00", 2))); - EXPECT_EQ(0x01u, DecodeValidUint32(1, string("\xff\x00", 2))); + EXPECT_EQ(0x7fu, DecodeValidUint32(7, SpdyString("\x7f\x00", 2))); + EXPECT_EQ(0x7fu, DecodeValidUint32(7, SpdyString("\xff\x00", 2))); + EXPECT_EQ(0x3fu, DecodeValidUint32(6, SpdyString("\x3f\x00", 2))); + EXPECT_EQ(0x3fu, DecodeValidUint32(6, SpdyString("\xff\x00", 2))); + EXPECT_EQ(0x1fu, DecodeValidUint32(5, SpdyString("\x1f\x00", 2))); + EXPECT_EQ(0x1fu, DecodeValidUint32(5, SpdyString("\xff\x00", 2))); + EXPECT_EQ(0x0fu, DecodeValidUint32(4, SpdyString("\x0f\x00", 2))); + EXPECT_EQ(0x0fu, DecodeValidUint32(4, SpdyString("\xff\x00", 2))); + EXPECT_EQ(0x07u, DecodeValidUint32(3, SpdyString("\x07\x00", 2))); + EXPECT_EQ(0x07u, DecodeValidUint32(3, SpdyString("\xff\x00", 2))); + EXPECT_EQ(0x03u, DecodeValidUint32(2, SpdyString("\x03\x00", 2))); + EXPECT_EQ(0x03u, DecodeValidUint32(2, SpdyString("\xff\x00", 2))); + EXPECT_EQ(0x01u, DecodeValidUint32(1, SpdyString("\x01\x00", 2))); + EXPECT_EQ(0x01u, DecodeValidUint32(1, SpdyString("\xff\x00", 2))); // Maximums. EXPECT_EQ(0xfeu, DecodeValidUint32(7, "\x7f\x7f")); @@ -498,7 +494,7 @@ TEST(HpackInputStreamTest, DecodeNextIdentityString) { HpackInputStreamPeer input_stream_peer(&input_stream); EXPECT_TRUE(input_stream.HasMoreData()); - StringPiece string_piece; + SpdyStringPiece string_piece; EXPECT_TRUE(input_stream.DecodeNextIdentityString(&string_piece)); EXPECT_EQ("string literal", string_piece); EXPECT_FALSE(input_stream.HasMoreData()); @@ -513,13 +509,13 @@ TEST(HpackInputStreamTest, DecodeNextIdentityStringNotEnoughInput) { HpackInputStream input_stream("\x0fstring literal"); EXPECT_TRUE(input_stream.HasMoreData()); - StringPiece string_piece; + SpdyStringPiece string_piece; EXPECT_FALSE(input_stream.DecodeNextIdentityString(&string_piece)); EXPECT_TRUE(input_stream.NeedMoreData()); } TEST(HpackInputStreamTest, DecodeNextHuffmanString) { - string output, input(a2b_hex(kEncodedHuffmanFixture)); + SpdyString output, input(a2b_hex(kEncodedHuffmanFixture)); HpackInputStream input_stream(input); HpackInputStreamPeer input_stream_peer(&input_stream); @@ -532,7 +528,7 @@ TEST(HpackInputStreamTest, DecodeNextHuffmanString) { } TEST(HpackInputStreamTest, DecodeNextHuffmanStringNotEnoughInput) { - string output, input(a2b_hex(kEncodedHuffmanFixture)); + SpdyString output, input(a2b_hex(kEncodedHuffmanFixture)); input[0]++; // Input prefix is one byte larger than available input. HpackInputStream input_stream(input); @@ -748,7 +744,7 @@ TEST(HpackInputStreamTest, IncompleteHeaderDecodeNextUint32) { TEST(HpackInputStreamTest, IncompleteHeaderDecodeNextIdentityString) { HpackInputStream input_stream1("\x0estring litera"); HpackInputStreamPeer input_stream1_peer(&input_stream1); - StringPiece string_piece; + SpdyStringPiece string_piece; EXPECT_FALSE(input_stream1.DecodeNextIdentityString(&string_piece)); // Only parsed first byte. EXPECT_EQ(1u, input_stream1_peer.ParsedBytesCurrent()); @@ -763,7 +759,7 @@ TEST(HpackInputStreamTest, IncompleteHeaderDecodeNextIdentityString) { } TEST(HpackInputStreamTest, IncompleteHeaderDecodeNextHuffmanString) { - string output, input(a2b_hex(kEncodedHuffmanFixture)); + SpdyString output, input(a2b_hex(kEncodedHuffmanFixture)); input.resize(input.size() - 1); // Remove last byte. HpackInputStream input_stream1(input); HpackInputStreamPeer input_stream1_peer(&input_stream1); diff --git a/chromium/net/spdy/hpack/hpack_output_stream.cc b/chromium/net/spdy/hpack/hpack_output_stream.cc index a93965d1f10..c3673cb27e1 100644 --- a/chromium/net/spdy/hpack/hpack_output_stream.cc +++ b/chromium/net/spdy/hpack/hpack_output_stream.cc @@ -11,9 +11,6 @@ namespace net { -using base::StringPiece; -using std::string; - HpackOutputStream::HpackOutputStream() : bit_offset_(0) {} HpackOutputStream::~HpackOutputStream() {} @@ -44,7 +41,7 @@ void HpackOutputStream::AppendPrefix(HpackPrefix prefix) { AppendBits(prefix.bits, prefix.bit_size); } -void HpackOutputStream::AppendBytes(StringPiece buffer) { +void HpackOutputStream::AppendBytes(SpdyStringPiece buffer) { DCHECK_EQ(bit_offset_, 0u); buffer_.append(buffer.data(), buffer.size()); } @@ -66,7 +63,7 @@ void HpackOutputStream::AppendUint32(uint32_t I) { } } -void HpackOutputStream::TakeString(string* output) { +void HpackOutputStream::TakeString(SpdyString* output) { // This must hold, since all public functions cause the buffer to // end on a byte boundary. DCHECK_EQ(bit_offset_, 0u); @@ -75,10 +72,10 @@ void HpackOutputStream::TakeString(string* output) { bit_offset_ = 0; } -void HpackOutputStream::BoundedTakeString(size_t max_size, string* output) { +void HpackOutputStream::BoundedTakeString(size_t max_size, SpdyString* output) { if (buffer_.size() > max_size) { // Save off overflow bytes to temporary string (causes a copy). - string overflow(buffer_.data() + max_size, buffer_.size() - max_size); + SpdyString overflow(buffer_.data() + max_size, buffer_.size() - max_size); // Resize buffer down to the given limit. buffer_.resize(max_size); diff --git a/chromium/net/spdy/hpack/hpack_output_stream.h b/chromium/net/spdy/hpack/hpack_output_stream.h index 965cea797a3..2748540565a 100644 --- a/chromium/net/spdy/hpack/hpack_output_stream.h +++ b/chromium/net/spdy/hpack/hpack_output_stream.h @@ -9,12 +9,12 @@ #include <stdint.h> #include <map> -#include <string> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/base/net_export.h" #include "net/spdy/hpack/hpack_constants.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" // All section references below are to // http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-08 @@ -25,7 +25,7 @@ namespace net { // header fields. class NET_EXPORT_PRIVATE HpackOutputStream { public: - explicit HpackOutputStream(); + HpackOutputStream(); ~HpackOutputStream(); // Appends the lower |bit_size| bits of |bits| to the internal buffer. @@ -38,7 +38,7 @@ class NET_EXPORT_PRIVATE HpackOutputStream { void AppendPrefix(HpackPrefix prefix); // Directly appends |buffer|. - void AppendBytes(base::StringPiece buffer); + void AppendBytes(SpdyStringPiece buffer); // Appends the given integer using the representation described in // 6.1. If the internal buffer ends on a byte boundary, the prefix @@ -50,11 +50,11 @@ class NET_EXPORT_PRIVATE HpackOutputStream { void AppendUint32(uint32_t I); // Swaps the internal buffer with |output|, then resets state. - void TakeString(std::string* output); + void TakeString(SpdyString* output); // Gives up to |max_size| bytes of the internal buffer to |output|. Resets // internal state with the overflow. - void BoundedTakeString(size_t max_size, std::string* output); + void BoundedTakeString(size_t max_size, SpdyString* output); // Size in bytes of stream's internal buffer. size_t size() const { return buffer_.size(); } @@ -64,7 +64,7 @@ class NET_EXPORT_PRIVATE HpackOutputStream { private: // The internal bit buffer. - std::string buffer_; + SpdyString buffer_; // If 0, the buffer ends on a byte boundary. If non-zero, the buffer // ends on the nth most significant bit. Guaranteed to be < 8. diff --git a/chromium/net/spdy/hpack/hpack_output_stream_test.cc b/chromium/net/spdy/hpack/hpack_output_stream_test.cc index aa0964048b2..13af4e4739c 100644 --- a/chromium/net/spdy/hpack/hpack_output_stream_test.cc +++ b/chromium/net/spdy/hpack/hpack_output_stream_test.cc @@ -12,13 +12,11 @@ namespace net { namespace { -using std::string; - // Make sure that AppendBits() appends bits starting from the most // significant bit, and that it can handle crossing a byte boundary. TEST(HpackOutputStreamTest, AppendBits) { HpackOutputStream output_stream; - string expected_str; + SpdyString expected_str; output_stream.AppendBits(0x1, 1); expected_str.append(1, 0x00); @@ -39,20 +37,20 @@ TEST(HpackOutputStreamTest, AppendBits) { output_stream.AppendBits(0x0, 7); - string str; + SpdyString str; output_stream.TakeString(&str); EXPECT_EQ(expected_str, str); } // Utility function to return I as a string encoded with an N-bit // prefix. -string EncodeUint32(uint8_t N, uint32_t I) { +SpdyString EncodeUint32(uint8_t N, uint32_t I) { HpackOutputStream output_stream; if (N < 8) { output_stream.AppendBits(0x00, 8 - N); } output_stream.AppendUint32(I); - string str; + SpdyString str; output_stream.TakeString(&str); return str; } @@ -63,7 +61,7 @@ string EncodeUint32(uint8_t N, uint32_t I) { TEST(HpackOutputStreamTest, OneByteIntegersEightBitPrefix) { // Minimum. - EXPECT_EQ(string("\x00", 1), EncodeUint32(8, 0x00)); + EXPECT_EQ(SpdyString("\x00", 1), EncodeUint32(8, 0x00)); EXPECT_EQ("\x7f", EncodeUint32(8, 0x7f)); // Maximum. EXPECT_EQ("\xfe", EncodeUint32(8, 0xfe)); @@ -71,7 +69,7 @@ TEST(HpackOutputStreamTest, OneByteIntegersEightBitPrefix) { TEST(HpackOutputStreamTest, TwoByteIntegersEightBitPrefix) { // Minimum. - EXPECT_EQ(string("\xff\x00", 2), EncodeUint32(8, 0xff)); + EXPECT_EQ(SpdyString("\xff\x00", 2), EncodeUint32(8, 0xff)); EXPECT_EQ("\xff\x01", EncodeUint32(8, 0x0100)); // Maximum. EXPECT_EQ("\xff\x7f", EncodeUint32(8, 0x017e)); @@ -114,13 +112,13 @@ TEST(HpackOutputStreamTest, SixByteIntegersEightBitPrefix) { TEST(HpackOutputStreamTest, OneByteIntegersOneToSevenBitPrefixes) { // Minimums. - EXPECT_EQ(string("\x00", 1), EncodeUint32(7, 0x00)); - EXPECT_EQ(string("\x00", 1), EncodeUint32(6, 0x00)); - EXPECT_EQ(string("\x00", 1), EncodeUint32(5, 0x00)); - EXPECT_EQ(string("\x00", 1), EncodeUint32(4, 0x00)); - EXPECT_EQ(string("\x00", 1), EncodeUint32(3, 0x00)); - EXPECT_EQ(string("\x00", 1), EncodeUint32(2, 0x00)); - EXPECT_EQ(string("\x00", 1), EncodeUint32(1, 0x00)); + EXPECT_EQ(SpdyString("\x00", 1), EncodeUint32(7, 0x00)); + EXPECT_EQ(SpdyString("\x00", 1), EncodeUint32(6, 0x00)); + EXPECT_EQ(SpdyString("\x00", 1), EncodeUint32(5, 0x00)); + EXPECT_EQ(SpdyString("\x00", 1), EncodeUint32(4, 0x00)); + EXPECT_EQ(SpdyString("\x00", 1), EncodeUint32(3, 0x00)); + EXPECT_EQ(SpdyString("\x00", 1), EncodeUint32(2, 0x00)); + EXPECT_EQ(SpdyString("\x00", 1), EncodeUint32(1, 0x00)); // Maximums. EXPECT_EQ("\x7e", EncodeUint32(7, 0x7e)); @@ -129,18 +127,18 @@ TEST(HpackOutputStreamTest, OneByteIntegersOneToSevenBitPrefixes) { EXPECT_EQ("\x0e", EncodeUint32(4, 0x0e)); EXPECT_EQ("\x06", EncodeUint32(3, 0x06)); EXPECT_EQ("\x02", EncodeUint32(2, 0x02)); - EXPECT_EQ(string("\x00", 1), EncodeUint32(1, 0x00)); + EXPECT_EQ(SpdyString("\x00", 1), EncodeUint32(1, 0x00)); } TEST(HpackOutputStreamTest, TwoByteIntegersOneToSevenBitPrefixes) { // Minimums. - EXPECT_EQ(string("\x7f\x00", 2), EncodeUint32(7, 0x7f)); - EXPECT_EQ(string("\x3f\x00", 2), EncodeUint32(6, 0x3f)); - EXPECT_EQ(string("\x1f\x00", 2), EncodeUint32(5, 0x1f)); - EXPECT_EQ(string("\x0f\x00", 2), EncodeUint32(4, 0x0f)); - EXPECT_EQ(string("\x07\x00", 2), EncodeUint32(3, 0x07)); - EXPECT_EQ(string("\x03\x00", 2), EncodeUint32(2, 0x03)); - EXPECT_EQ(string("\x01\x00", 2), EncodeUint32(1, 0x01)); + EXPECT_EQ(SpdyString("\x7f\x00", 2), EncodeUint32(7, 0x7f)); + EXPECT_EQ(SpdyString("\x3f\x00", 2), EncodeUint32(6, 0x3f)); + EXPECT_EQ(SpdyString("\x1f\x00", 2), EncodeUint32(5, 0x1f)); + EXPECT_EQ(SpdyString("\x0f\x00", 2), EncodeUint32(4, 0x0f)); + EXPECT_EQ(SpdyString("\x07\x00", 2), EncodeUint32(3, 0x07)); + EXPECT_EQ(SpdyString("\x03\x00", 2), EncodeUint32(2, 0x03)); + EXPECT_EQ(SpdyString("\x01\x00", 2), EncodeUint32(1, 0x01)); // Maximums. EXPECT_EQ("\x7f\x7f", EncodeUint32(7, 0xfe)); @@ -238,9 +236,9 @@ TEST(HpackOutputStreamTest, AppendUint32PreservesUpperBits) { HpackOutputStream output_stream; output_stream.AppendBits(0x7f, 7); output_stream.AppendUint32(0x01); - string str; + SpdyString str; output_stream.TakeString(&str); - EXPECT_EQ(string("\xff\x00", 2), str); + EXPECT_EQ(SpdyString("\xff\x00", 2), str); } TEST(HpackOutputStreamTest, AppendBytes) { @@ -249,7 +247,7 @@ TEST(HpackOutputStreamTest, AppendBytes) { output_stream.AppendBytes("buffer1"); output_stream.AppendBytes("buffer2"); - string str; + SpdyString str; output_stream.TakeString(&str); EXPECT_EQ("buffer1buffer2", str); } @@ -260,7 +258,7 @@ TEST(HpackOutputStreamTest, BoundedTakeString) { output_stream.AppendBytes("buffer12"); output_stream.AppendBytes("buffer456"); - string str; + SpdyString str; output_stream.BoundedTakeString(9, &str); EXPECT_EQ("buffer12b", str); diff --git a/chromium/net/spdy/hpack/hpack_round_trip_test.cc b/chromium/net/spdy/hpack/hpack_round_trip_test.cc index b932cffa99b..e8756dbf6b7 100644 --- a/chromium/net/spdy/hpack/hpack_round_trip_test.cc +++ b/chromium/net/spdy/hpack/hpack_round_trip_test.cc @@ -4,21 +4,19 @@ #include <cmath> #include <ctime> -#include <string> #include <vector> #include "base/rand_util.h" #include "net/spdy/hpack/hpack_constants.h" #include "net/spdy/hpack/hpack_decoder.h" #include "net/spdy/hpack/hpack_encoder.h" +#include "net/spdy/platform/api/spdy_string.h" #include "net/spdy/spdy_test_utils.h" #include "testing/gtest/include/gtest/gtest.h" namespace net { namespace test { -using std::string; - namespace { // Supports testing with the input split at every byte boundary. @@ -35,7 +33,7 @@ class HpackRoundTripTest : public ::testing::TestWithParam<InputSizeParam> { } bool RoundTrip(const SpdyHeaderBlock& header_set) { - string encoded; + SpdyString encoded; encoder_.EncodeHeaderSet(header_set, &encoded); bool success = true; @@ -110,7 +108,7 @@ TEST_P(HpackRoundTripTest, ResponseFixtures) { headers["set-cookie"] = "foo=ASDJKHQKBZXOQWEOPIUAXQWEOIU;" " max-age=3600; version=1"; - headers["multivalue"] = string("foo\0bar", 7); + headers["multivalue"] = SpdyString("foo\0bar", 7); EXPECT_TRUE(RoundTrip(headers)); } } @@ -143,7 +141,7 @@ TEST_P(HpackRoundTripTest, RequestFixtures) { headers[":scheme"] = "https"; headers["custom-key"] = "custom-value"; headers["cookie"] = "baz=bing; fizzle=fazzle; garbage"; - headers["multivalue"] = string("foo\0bar", 7); + headers["multivalue"] = SpdyString("foo\0bar", 7); EXPECT_TRUE(RoundTrip(headers)); } } @@ -152,7 +150,7 @@ TEST_P(HpackRoundTripTest, RandomizedExamples) { // Grow vectors of names & values, which are seeded with fixtures and then // expanded with dynamically generated data. Samples are taken using the // exponential distribution. - std::vector<string> pseudo_header_names, random_header_names; + std::vector<SpdyString> pseudo_header_names, random_header_names; pseudo_header_names.push_back(":authority"); pseudo_header_names.push_back(":path"); pseudo_header_names.push_back(":status"); @@ -160,7 +158,7 @@ TEST_P(HpackRoundTripTest, RandomizedExamples) { // TODO(jgraettinger): Enable "cookie" as a name fixture. Crumbs may be // reconstructed in any order, which breaks the simple validation used here. - std::vector<string> values; + std::vector<SpdyString> values; values.push_back("/"); values.push_back("/index.html"); values.push_back("200"); @@ -183,7 +181,7 @@ TEST_P(HpackRoundTripTest, RandomizedExamples) { std::min(header_count, 1 + SampleExponential(7, 50)); EXPECT_LE(pseudo_header_count, header_count); for (size_t j = 0; j != header_count; ++j) { - string name, value; + SpdyString name, value; // Pseudo headers must be added before regular headers. if (j < pseudo_header_count) { // Choose one of the defined pseudo headers at random. @@ -207,7 +205,7 @@ TEST_P(HpackRoundTripTest, RandomizedExamples) { // Randomly reuse an existing value, or generate a new one. size_t value_index = SampleExponential(20, 200); if (value_index >= values.size()) { - string newvalue = + SpdyString newvalue = base::RandBytesAsString(1 + SampleExponential(15, 75)); // Currently order is not preserved in the encoder. In particular, // when a value is decomposed at \0 delimiters, its parts might get diff --git a/chromium/net/spdy/hpack/hpack_static_table.cc b/chromium/net/spdy/hpack/hpack_static_table.cc index 626bd92b01a..cc82985974d 100644 --- a/chromium/net/spdy/hpack/hpack_static_table.cc +++ b/chromium/net/spdy/hpack/hpack_static_table.cc @@ -8,6 +8,7 @@ #include "net/spdy/hpack/hpack_constants.h" #include "net/spdy/hpack/hpack_entry.h" #include "net/spdy/platform/api/spdy_estimate_memory_usage.h" +#include "net/spdy/platform/api/spdy_string_piece.h" namespace net { @@ -23,8 +24,8 @@ void HpackStaticTable::Initialize(const HpackStaticEntry* static_entry_table, for (const HpackStaticEntry* it = static_entry_table; it != static_entry_table + static_entry_count; ++it) { static_entries_.push_back( - HpackEntry(base::StringPiece(it->name, it->name_len), - base::StringPiece(it->value, it->value_len), + HpackEntry(SpdyStringPiece(it->name, it->name_len), + SpdyStringPiece(it->value, it->value_len), true, // is_static total_insertions)); HpackEntry* entry = &static_entries_.back(); diff --git a/chromium/net/spdy/hpack/hpack_static_table_test.cc b/chromium/net/spdy/hpack/hpack_static_table_test.cc index 00d397868aa..6f39f9e7f00 100644 --- a/chromium/net/spdy/hpack/hpack_static_table_test.cc +++ b/chromium/net/spdy/hpack/hpack_static_table_test.cc @@ -8,6 +8,7 @@ #include <vector> #include "net/spdy/hpack/hpack_constants.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "testing/gtest/include/gtest/gtest.h" namespace net { @@ -38,7 +39,7 @@ TEST_F(HpackStaticTableTest, Initialize) { HpackHeaderTable::NameToEntryMap static_name_index = table_.GetStaticNameIndex(); - std::set<base::StringPiece> names; + std::set<SpdyStringPiece> names; for (auto* entry : static_index) { names.insert(entry->name()); } diff --git a/chromium/net/spdy/http2_frame_decoder_adapter.cc b/chromium/net/spdy/http2_frame_decoder_adapter.cc index 94741a25ff6..8b74e6ec385 100644 --- a/chromium/net/spdy/http2_frame_decoder_adapter.cc +++ b/chromium/net/spdy/http2_frame_decoder_adapter.cc @@ -13,12 +13,10 @@ #include <cstdint> #include <cstring> -#include <string> #include <utility> #include "base/logging.h" #include "base/optional.h" -#include "base/strings/string_piece.h" #include "base/sys_byteorder.h" #include "net/http2/decoder/decode_buffer.h" #include "net/http2/decoder/decode_status.h" @@ -29,6 +27,7 @@ #include "net/spdy/hpack/hpack_decoder_interface.h" #include "net/spdy/hpack/hpack_header_table.h" #include "net/spdy/platform/api/spdy_estimate_memory_usage.h" +#include "net/spdy/platform/api/spdy_string.h" #include "net/spdy/spdy_alt_svc_wire_format.h" #include "net/spdy/spdy_bug_tracker.h" #include "net/spdy/spdy_frame_builder.h" @@ -36,8 +35,6 @@ #include "net/spdy/spdy_headers_handler_interface.h" #include "net/spdy/spdy_protocol.h" -using std::string; - namespace net { namespace { @@ -45,8 +42,6 @@ namespace { const bool kHasPriorityFields = true; const bool kNotHasPriorityFields = false; -const Http2FrameType kFrameTypeBlocked = Http2FrameType(11); - bool IsPaddable(Http2FrameType type) { return type == Http2FrameType::DATA || type == Http2FrameType::HEADERS || type == Http2FrameType::PUSH_PROMISE; @@ -98,6 +93,10 @@ class Http2DecoderAdapter : public SpdyFramerDecoderAdapter, // the other virtual methods of SpdyFramerDecoderAdapter have satsifactory // default implementations. + void set_extension_visitor(ExtensionVisitorInterface* visitor) override { + extension_ = visitor; + } + // Passes the call on to the HPACK decoder. void SetDecoderHeaderTableDebugVisitor( std::unique_ptr<HpackHeaderTable::DebugVisitorInterface> visitor) @@ -165,24 +164,28 @@ class Http2DecoderAdapter : public SpdyFramerDecoderAdapter, const uint8_t raw_frame_type = static_cast<uint8_t>(header.type); visitor()->OnCommonHeader(header.stream_id, header.payload_length, raw_frame_type, header.flags); - if (!IsSupportedHttp2FrameType(header.type) && - header.type != kFrameTypeBlocked) { + if (has_expected_frame_type_ && header.type != expected_frame_type_) { + // Report an unexpected frame error and close the connection if we + // expect a known frame type (probably CONTINUATION) and receive an + // unknown frame. + VLOG(1) << "The framer was expecting to receive a " + << expected_frame_type_ + << " frame, but instead received an unknown frame of type " + << header.type; + SetSpdyErrorAndNotify(SpdyFramerError::SPDY_UNEXPECTED_FRAME); + return false; + } + if (!IsSupportedHttp2FrameType(header.type)) { + if (extension_ != nullptr) { + // Unknown frames will be passed to the registered extension. + return true; + } // In HTTP2 we ignore unknown frame types for extensibility, as long as // the rest of the control frame header is valid. // We rely on the visitor to check validity of stream_id. bool valid_stream = visitor()->OnUnknownFrame(header.stream_id, raw_frame_type); - if (has_expected_frame_type_ && header.type != expected_frame_type_) { - // Report an unexpected frame error and close the connection if we - // expect a known frame type (probably CONTINUATION) and receive an - // unknown frame. - VLOG(1) << "The framer was expecting to receive a " - << expected_frame_type_ - << " frame, but instead received an unknown frame of type " - << header.type; - SetSpdyErrorAndNotify(SpdyFramerError::SPDY_UNEXPECTED_FRAME); - return false; - } else if (!valid_stream) { + if (!valid_stream) { // Report an invalid frame error if the stream_id is not valid. VLOG(1) << "Unknown control frame type " << header.type << " received on invalid stream " << header.stream_id; @@ -378,10 +381,14 @@ class Http2DecoderAdapter : public SpdyFramerDecoderAdapter, void OnSetting(const Http2SettingFields& setting_fields) override { DVLOG(1) << "OnSetting: " << setting_fields; + const uint16_t parameter = static_cast<uint16_t>(setting_fields.parameter); SpdySettingsIds setting_id; - if (!ParseSettingsId(static_cast<uint16_t>(setting_fields.parameter), - &setting_id)) { - DVLOG(1) << "Ignoring invalid setting id: " << setting_fields; + if (!ParseSettingsId(parameter, &setting_id)) { + if (extension_ == nullptr) { + DVLOG(1) << "Ignoring unknown setting id: " << setting_fields; + } else { + extension_->OnSetting(parameter, setting_fields.value); + } return; } visitor()->OnSetting(setting_id, setting_fields.value); @@ -520,22 +527,32 @@ class Http2DecoderAdapter : public SpdyFramerDecoderAdapter, alt_svc_value_.shrink_to_fit(); } - // Except for BLOCKED frames, all other unknown frames are - // effectively dropped. + // Except for BLOCKED frames, all other unknown frames are either dropped or + // passed to a registered extension. void OnUnknownStart(const Http2FrameHeader& header) override { DVLOG(1) << "OnUnknownStart: " << header; if (IsOkToStartFrame(header)) { - if (header.type == kFrameTypeBlocked) { - visitor()->OnBlocked(header.stream_id); + if (extension_ != nullptr) { + const uint8_t type = static_cast<uint8_t>(header.type); + const uint8_t flags = static_cast<uint8_t>(header.flags); + handling_extension_payload_ = extension_->OnFrameHeader( + header.stream_id, header.payload_length, type, flags); } } } void OnUnknownPayload(const char* data, size_t len) override { - DVLOG(1) << "OnUnknownPayload: len=" << len; + if (handling_extension_payload_) { + extension_->OnFramePayload(data, len); + } else { + DVLOG(1) << "OnUnknownPayload: len=" << len; + } } - void OnUnknownEnd() override { DVLOG(1) << "OnUnknownEnd"; } + void OnUnknownEnd() override { + DVLOG(1) << "OnUnknownEnd"; + handling_extension_payload_ = false; + } void OnPaddingTooLong(const Http2FrameHeader& header, size_t missing_length) override { @@ -897,6 +914,9 @@ class Http2DecoderAdapter : public SpdyFramerDecoderAdapter, // The SpdyFramer that created this Http2FrameDecoderAdapter. SpdyFramer* const outer_framer_; + // If non-null, unknown frames and settings are passed to the extension. + ExtensionVisitorInterface* extension_ = nullptr; + // The HPACK decoder that we're using for the HPACK block that is currently // being decoded. Cleared at the end of the block. Owned by the SpdyFramer. HpackDecoderInterface* hpack_decoder_ = nullptr; @@ -918,8 +938,8 @@ class Http2DecoderAdapter : public SpdyFramerDecoderAdapter, base::Optional<size_t> opt_pad_length_; // Temporary buffers for the AltSvc fields. - string alt_svc_origin_; - string alt_svc_value_; + SpdyString alt_svc_origin_; + SpdyString alt_svc_value_; // Listener used if we transition to an error state; the listener ignores all // the callbacks. @@ -966,6 +986,9 @@ class Http2DecoderAdapter : public SpdyFramerDecoderAdapter, // Is expected_frame_type_ set? bool has_expected_frame_type_ = false; + + // Is the current frame payload destined for |extension_|? + bool handling_extension_payload_ = false; }; } // namespace diff --git a/chromium/net/spdy/http2_write_scheduler.h b/chromium/net/spdy/http2_write_scheduler.h deleted file mode 100644 index 741169edb50..00000000000 --- a/chromium/net/spdy/http2_write_scheduler.h +++ /dev/null @@ -1,752 +0,0 @@ -// Copyright 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_SPDY_HTTP2_WRITE_SCHEDULER_H_ -#define NET_SPDY_HTTP2_WRITE_SCHEDULER_H_ - -#include <stdint.h> - -#include <algorithm> -#include <cmath> -#include <deque> -#include <map> -#include <memory> -#include <queue> -#include <set> -#include <tuple> -#include <unordered_map> -#include <utility> -#include <vector> - -#include "base/containers/linked_list.h" -#include "base/containers/small_map.h" -#include "base/logging.h" -#include "base/macros.h" -#include "base/memory/ptr_util.h" -#include "base/stl_util.h" -#include "net/spdy/spdy_bug_tracker.h" -#include "net/spdy/spdy_protocol.h" -#include "net/spdy/write_scheduler.h" - -namespace net { - -namespace test { -template <typename StreamIdType> -class Http2PriorityWriteSchedulerPeer; -} - -// This data structure implements the HTTP/2 stream priority tree defined in -// section 5.3 of RFC 7540: -// http://tools.ietf.org/html/rfc7540#section-5.3 -// -// Streams can be added and removed, and dependencies between them defined. -// Streams constitute a tree rooted at stream ID 0: each stream has a single -// parent stream, and 0 or more child streams. Individual streams can be -// marked as ready to read/write, and then the whole structure can be queried -// to pick the next stream to read/write out of those that are ready. -template <typename StreamIdType> -class Http2PriorityWriteScheduler : public WriteScheduler<StreamIdType> { - public: - using typename WriteScheduler<StreamIdType>::StreamPrecedenceType; - - Http2PriorityWriteScheduler(); - - // WriteScheduler methods - void RegisterStream(StreamIdType stream_id, - const StreamPrecedenceType& precedence) override; - void UnregisterStream(StreamIdType stream_id) override; - bool StreamRegistered(StreamIdType stream_id) const override; - StreamPrecedenceType GetStreamPrecedence( - StreamIdType stream_id) const override; - void UpdateStreamPrecedence(StreamIdType stream_id, - const StreamPrecedenceType& precedence) override; - std::vector<StreamIdType> GetStreamChildren( - StreamIdType stream_id) const override; - void RecordStreamEventTime(StreamIdType stream_id, - int64_t now_in_usec) override; - int64_t GetLatestEventWithPrecedence(StreamIdType stream_id) const override; - bool ShouldYield(StreamIdType stream_id) const override; - void MarkStreamReady(StreamIdType stream_id, bool add_to_front) override; - void MarkStreamNotReady(StreamIdType stream_id) override; - bool HasReadyStreams() const override; - StreamIdType PopNextReadyStream() override; - std::tuple<StreamIdType, StreamPrecedenceType> - PopNextReadyStreamAndPrecedence() override; - size_t NumReadyStreams() const override; - - // Return the number of streams currently in the tree. - int num_streams() const; - - private: - friend class test::Http2PriorityWriteSchedulerPeer<StreamIdType>; - - struct StreamInfo; - using StreamInfoVector = std::vector<StreamInfo*>; - - struct StreamInfo : public base::LinkNode<StreamInfo> { - // ID for this stream. - StreamIdType id; - // StreamInfo for parent stream. - StreamInfo* parent = nullptr; - // Weights can range between 1 and 256 (inclusive). - int weight = kHttp2DefaultStreamWeight; - // The total weight of this stream's direct descendants. - int total_child_weights = 0; - // Pointers to StreamInfos for children, if any. - StreamInfoVector children; - // Whether the stream is ready for writing. The stream is present in - // scheduling_queue_ iff true. - bool ready = false; - // The scheduling priority of this stream. Streams with higher priority - // values are scheduled first. - // TODO(mpw): rename to avoid confusion with SPDY priorities, - // which this is not. - float priority = 0; - // Ordinal value for this stream, used to ensure round-robin scheduling: - // among streams with the same scheduling priority, streams with lower - // ordinal are scheduled first. - int64_t ordinal = 0; - // Time of latest write event for stream of this priority, in microseconds. - int64_t last_event_time_usec = 0; - - // Whether this stream should be scheduled ahead of another stream. - bool SchedulesBefore(const StreamInfo& other) const { - return (priority != other.priority) ? priority > other.priority - : ordinal < other.ordinal; - } - - // Returns the StreamPrecedenceType for this StreamInfo. - StreamPrecedenceType ToStreamPrecedence() const { - StreamIdType parent_id = - parent == nullptr ? kHttp2RootStreamId : parent->id; - bool exclusive = parent != nullptr && parent->children.size() == 1; - return StreamPrecedenceType(parent_id, weight, exclusive); - } - }; - - static bool Remove(StreamInfoVector* stream_infos, - const StreamInfo* stream_info); - - // Returns true iff any direct or transitive parent of the given stream is - // currently ready. - static bool HasReadyAncestor(const StreamInfo& stream_info); - - // Returns StreamInfo for the given stream, or nullptr if it isn't - // registered. - const StreamInfo* FindStream(StreamIdType stream_id) const; - StreamInfo* FindStream(StreamIdType stream_id); - - // Helpers for UpdateStreamPrecedence(). - void UpdateStreamParent(StreamInfo* stream_info, - StreamIdType parent_id, - bool exclusive); - void UpdateStreamWeight(StreamInfo* stream_info, int weight); - - // Update all priority values in the subtree rooted at the given stream, not - // including the stream itself. If this results in priority value changes for - // scheduled streams, those streams are rescheduled to ensure proper ordering - // of scheduling_queue_. - // TODO(mpw): rename to avoid confusion with SPDY priorities. - void UpdatePrioritiesUnder(StreamInfo* stream_info); - - // Inserts stream into scheduling_queue_ at the appropriate location given - // its priority and ordinal. Time complexity is O(scheduling_queue.size()). - void Schedule(StreamInfo* stream_info); - - // Removes stream from scheduling_queue_. - void Unschedule(StreamInfo* stream_info); - - // Return true if all internal invariants hold (useful for unit tests). - // Unless there are bugs, this should always return true. - bool ValidateInvariantsForTests() const; - - // Returns true if the parent stream has the given stream in its children. - bool StreamHasChild(const StreamInfo& parent_info, - const StreamInfo* child_info) const; - - // Pointee owned by all_stream_infos_. - StreamInfo* root_stream_info_; - // Maps from stream IDs to StreamInfo objects. - base::SmallMap<std::unordered_map<StreamIdType, std::unique_ptr<StreamInfo>>, - 10> - all_stream_infos_; - // Queue containing all ready streams, ordered with streams of higher - // priority before streams of lower priority, and, among streams of equal - // priority, streams with lower ordinal before those with higher - // ordinal. Note that not all streams in scheduling_queue_ are eligible to be - // picked as the next stream: some may have ancestor stream(s) that are ready - // and unblocked. In these situations the occluded child streams are left in - // the queue, to reduce churn. - base::LinkedList<StreamInfo> scheduling_queue_; - // Ordinal value to assign to next node inserted into scheduling_queue_ when - // |add_to_front == true|. Decremented after each assignment. - int64_t head_ordinal_ = -1; - // Ordinal value to assign to next node inserted into scheduling_queue_ when - // |add_to_front == false|. Incremented after each assignment. - int64_t tail_ordinal_ = 0; - - DISALLOW_COPY_AND_ASSIGN(Http2PriorityWriteScheduler); -}; - -template <typename StreamIdType> -Http2PriorityWriteScheduler<StreamIdType>::Http2PriorityWriteScheduler() { - std::unique_ptr<StreamInfo> root_stream_info = base::MakeUnique<StreamInfo>(); - root_stream_info_ = root_stream_info.get(); - root_stream_info->id = kHttp2RootStreamId; - root_stream_info->weight = kHttp2DefaultStreamWeight; - root_stream_info->parent = nullptr; - root_stream_info->priority = 1.0; - root_stream_info->ready = false; - all_stream_infos_[kHttp2RootStreamId] = std::move(root_stream_info); -} - -template <typename StreamIdType> -int Http2PriorityWriteScheduler<StreamIdType>::num_streams() const { - return all_stream_infos_.size(); -} - -template <typename StreamIdType> -bool Http2PriorityWriteScheduler<StreamIdType>::StreamRegistered( - StreamIdType stream_id) const { - return base::ContainsKey(all_stream_infos_, stream_id); -} - -template <typename StreamIdType> -void Http2PriorityWriteScheduler<StreamIdType>::RegisterStream( - StreamIdType stream_id, - const StreamPrecedenceType& precedence) { - SPDY_BUG_IF(precedence.is_spdy3_priority()) - << "Expected HTTP/2 stream dependency"; - - if (StreamRegistered(stream_id)) { - SPDY_BUG << "Stream " << stream_id << " already registered"; - return; - } - - StreamInfo* parent = FindStream(precedence.parent_id()); - if (parent == nullptr) { - // parent_id may legitimately not be registered yet--see b/15676312. - DVLOG(1) << "Parent stream " << precedence.parent_id() << " not registered"; - parent = root_stream_info_; - } - - std::unique_ptr<StreamInfo> new_stream_info = base::MakeUnique<StreamInfo>(); - StreamInfo* new_stream_info_ptr = new_stream_info.get(); - new_stream_info_ptr->id = stream_id; - new_stream_info_ptr->weight = precedence.weight(); - new_stream_info_ptr->parent = parent; - all_stream_infos_[stream_id] = std::move(new_stream_info); - if (precedence.is_exclusive()) { - // Move the parent's current children below the new stream. - using std::swap; - swap(new_stream_info_ptr->children, parent->children); - new_stream_info_ptr->total_child_weights = parent->total_child_weights; - // Update each child's parent. - for (StreamInfo* child : new_stream_info_ptr->children) { - child->parent = new_stream_info_ptr; - } - // Clear parent's old child data. - DCHECK(parent->children.empty()); - parent->total_child_weights = 0; - } - // Add new stream to parent. - parent->children.push_back(new_stream_info_ptr); - parent->total_child_weights += precedence.weight(); - - // Update all priorities under parent, since addition of a stream affects - // sibling priorities as well. - UpdatePrioritiesUnder(parent); - - // Stream starts with ready == false, so no need to schedule it yet. - DCHECK(!new_stream_info_ptr->ready); -} - -template <typename StreamIdType> -void Http2PriorityWriteScheduler<StreamIdType>::UnregisterStream( - StreamIdType stream_id) { - if (stream_id == kHttp2RootStreamId) { - SPDY_BUG << "Cannot unregister root stream"; - return; - } - // Remove the stream from table. - auto it = all_stream_infos_.find(stream_id); - if (it == all_stream_infos_.end()) { - SPDY_BUG << "Stream " << stream_id << " not registered"; - return; - } - std::unique_ptr<StreamInfo> stream_info(std::move(it->second)); - all_stream_infos_.erase(it); - // If ready (and hence scheduled), unschedule. - if (stream_info->ready) { - Unschedule(stream_info.get()); - } - - StreamInfo* parent = stream_info->parent; - // Remove the stream from parent's child list. - Remove(&parent->children, stream_info.get()); - parent->total_child_weights -= stream_info->weight; - - // Move the stream's children to the parent's child list. - // Update each child's parent and weight. - for (StreamInfo* child : stream_info->children) { - child->parent = parent; - parent->children.push_back(child); - // Divide the removed stream's weight among its children, rounding to the - // nearest valid weight. - float float_weight = stream_info->weight * - static_cast<float>(child->weight) / - static_cast<float>(stream_info->total_child_weights); - int new_weight = floor(float_weight + 0.5); - if (new_weight == 0) { - new_weight = 1; - } - child->weight = new_weight; - parent->total_child_weights += child->weight; - } - UpdatePrioritiesUnder(parent); -} - -template <typename StreamIdType> -typename Http2PriorityWriteScheduler<StreamIdType>::StreamPrecedenceType -Http2PriorityWriteScheduler<StreamIdType>::GetStreamPrecedence( - StreamIdType stream_id) const { - const StreamInfo* stream_info = FindStream(stream_id); - if (stream_info == nullptr) { - // Unknown streams tolerated due to b/15676312. However, return lowest - // weight. - DVLOG(1) << "Stream " << stream_id << " not registered"; - return StreamPrecedenceType(kHttp2RootStreamId, kHttp2MinStreamWeight, - false); - } - return stream_info->ToStreamPrecedence(); -} - -template <typename StreamIdType> -std::vector<StreamIdType> Http2PriorityWriteScheduler< - StreamIdType>::GetStreamChildren(StreamIdType stream_id) const { - std::vector<StreamIdType> child_vec; - const StreamInfo* stream_info = FindStream(stream_id); - if (stream_info == nullptr) { - SPDY_BUG << "Stream " << stream_id << " not registered"; - } else { - child_vec.reserve(stream_info->children.size()); - for (StreamInfo* child : stream_info->children) { - child_vec.push_back(child->id); - } - } - return child_vec; -} - -template <typename StreamIdType> -void Http2PriorityWriteScheduler<StreamIdType>::UpdateStreamPrecedence( - StreamIdType stream_id, - const StreamPrecedenceType& precedence) { - SPDY_BUG_IF(precedence.is_spdy3_priority()) - << "Expected HTTP/2 stream dependency"; - if (stream_id == kHttp2RootStreamId) { - SPDY_BUG << "Cannot set precedence of root stream"; - return; - } - - StreamInfo* stream_info = FindStream(stream_id); - if (stream_info == nullptr) { - // TODO(mpw): add to all_stream_infos_ on demand--see b/15676312. - DVLOG(1) << "Stream " << stream_id << " not registered"; - return; - } - UpdateStreamParent(stream_info, precedence.parent_id(), - precedence.is_exclusive()); - UpdateStreamWeight(stream_info, precedence.weight()); -} - -template <typename StreamIdType> -void Http2PriorityWriteScheduler<StreamIdType>::UpdateStreamWeight( - StreamInfo* stream_info, - int weight) { - if (weight == stream_info->weight) { - return; - } - if (stream_info->parent != nullptr) { - stream_info->parent->total_child_weights += (weight - stream_info->weight); - } - stream_info->weight = weight; - - // Change in weight also affects sibling priorities. - UpdatePrioritiesUnder(stream_info->parent); -} - -template <typename StreamIdType> -void Http2PriorityWriteScheduler<StreamIdType>::UpdateStreamParent( - StreamInfo* stream_info, - StreamIdType parent_id, - bool exclusive) { - if (stream_info->id == parent_id) { - SPDY_BUG << "Cannot set stream to be its own parent"; - return; - } - StreamInfo* new_parent = FindStream(parent_id); - if (new_parent == nullptr) { - // parent_id may legitimately not be registered yet--see b/15676312. - DVLOG(1) << "Parent stream " << parent_id << " not registered"; - return; - } - - // If the new parent is already the stream's parent, we're done. - if (stream_info->parent == new_parent) { - return; - } - - // Next, check to see if the new parent is currently a descendant - // of the stream. - StreamInfo* last = new_parent->parent; - bool cycle_exists = false; - while (last != nullptr) { - if (last == stream_info) { - cycle_exists = true; - break; - } - last = last->parent; - } - - if (cycle_exists) { - // The new parent moves to the level of the current stream. - UpdateStreamParent(new_parent, stream_info->parent->id, false); - } - - // Remove stream from old parent's child list. - StreamInfo* old_parent = stream_info->parent; - Remove(&old_parent->children, stream_info); - old_parent->total_child_weights -= stream_info->weight; - UpdatePrioritiesUnder(old_parent); - - if (exclusive) { - // Move the new parent's current children below the current stream. - for (StreamInfo* child : new_parent->children) { - child->parent = stream_info; - stream_info->children.push_back(child); - } - stream_info->total_child_weights += new_parent->total_child_weights; - // Clear new parent's old child data. - new_parent->children.clear(); - new_parent->total_child_weights = 0; - } - - // Make the change. - stream_info->parent = new_parent; - new_parent->children.push_back(stream_info); - new_parent->total_child_weights += stream_info->weight; - UpdatePrioritiesUnder(new_parent); -} - -template <typename StreamIdType> -void Http2PriorityWriteScheduler<StreamIdType>::RecordStreamEventTime( - StreamIdType stream_id, - int64_t now_in_usec) { - if (stream_id == kHttp2RootStreamId) { - SPDY_BUG << "Cannot record event time for root stream"; - return; - } - StreamInfo* stream_info = FindStream(stream_id); - if (stream_info == nullptr) { - SPDY_BUG << "Stream " << stream_id << " not registered"; - return; - } - stream_info->last_event_time_usec = now_in_usec; -} - -// O(n) in the number of streams, which isn't great. However, this method will -// soon be superseded by -// Http2WeightedWriteScheduler::GetLatestEventWithPrecedence(), for which an -// efficient implementation is straightforward. Also, this method is only -// called when calculating idle timeouts, so performance isn't key. -template <typename StreamIdType> -int64_t Http2PriorityWriteScheduler<StreamIdType>::GetLatestEventWithPrecedence( - StreamIdType stream_id) const { - if (stream_id == kHttp2RootStreamId) { - SPDY_BUG << "Invalid argument: root stream"; - return 0; - } - const StreamInfo* stream_info = FindStream(stream_id); - if (stream_info == nullptr) { - SPDY_BUG << "Stream " << stream_id << " not registered"; - return 0; - } - int64_t last_event_time_usec = 0; - for (const auto& kv : all_stream_infos_) { - const StreamInfo& other = *kv.second; - if (other.priority > stream_info->priority) { - last_event_time_usec = - std::max(last_event_time_usec, other.last_event_time_usec); - } - } - return last_event_time_usec; -} - -// Worst-case time complexity of O(n*d), where n is scheduling queue length and -// d is tree depth. In practice, should be much shorter, since loop terminates -// at first writable stream or |stream_id| (whichever is first). -template <typename StreamIdType> -bool Http2PriorityWriteScheduler<StreamIdType>::ShouldYield( - StreamIdType stream_id) const { - if (stream_id == kHttp2RootStreamId) { - SPDY_BUG << "Invalid argument: root stream"; - return false; - } - const StreamInfo* stream_info = FindStream(stream_id); - if (stream_info == nullptr) { - SPDY_BUG << "Stream " << stream_id << " not registered"; - return false; - } - for (base::LinkNode<StreamInfo>* s = scheduling_queue_.head(); - s != scheduling_queue_.end(); s = s->next()) { - if (stream_info == s->value()) { - return false; - } - if (!HasReadyAncestor(*s->value())) { - return true; - } - } - return false; -} - -template <typename StreamIdType> -void Http2PriorityWriteScheduler<StreamIdType>::MarkStreamReady( - StreamIdType stream_id, - bool add_to_front) { - if (stream_id == kHttp2RootStreamId) { - SPDY_BUG << "Cannot mark root stream ready"; - return; - } - StreamInfo* stream_info = FindStream(stream_id); - if (stream_info == nullptr) { - SPDY_BUG << "Stream " << stream_id << " not registered"; - return; - } - if (stream_info->ready) { - return; - } - stream_info->ordinal = add_to_front ? head_ordinal_-- : tail_ordinal_++; - Schedule(stream_info); -} - -template <typename StreamIdType> -void Http2PriorityWriteScheduler<StreamIdType>::MarkStreamNotReady( - StreamIdType stream_id) { - if (stream_id == kHttp2RootStreamId) { - SPDY_BUG << "Cannot mark root stream unready"; - return; - } - StreamInfo* stream_info = FindStream(stream_id); - if (stream_info == nullptr) { - SPDY_BUG << "Stream " << stream_id << " not registered"; - return; - } - if (!stream_info->ready) { - return; - } - Unschedule(stream_info); -} - -template <typename StreamIdType> -bool Http2PriorityWriteScheduler<StreamIdType>::Remove( - StreamInfoVector* stream_infos, - const StreamInfo* stream_info) { - for (typename StreamInfoVector::iterator it = stream_infos->begin(); - it != stream_infos->end(); ++it) { - if (*it == stream_info) { - stream_infos->erase(it); - return true; - } - } - return false; -} - -template <typename StreamIdType> -bool Http2PriorityWriteScheduler<StreamIdType>::HasReadyAncestor( - const StreamInfo& stream_info) { - for (const StreamInfo* parent = stream_info.parent; parent != nullptr; - parent = parent->parent) { - if (parent->ready) { - return true; - } - } - return false; -} - -template <typename StreamIdType> -const typename Http2PriorityWriteScheduler<StreamIdType>::StreamInfo* -Http2PriorityWriteScheduler<StreamIdType>::FindStream( - StreamIdType stream_id) const { - auto it = all_stream_infos_.find(stream_id); - return it == all_stream_infos_.end() ? nullptr : it->second.get(); -} - -template <typename StreamIdType> -typename Http2PriorityWriteScheduler<StreamIdType>::StreamInfo* -Http2PriorityWriteScheduler<StreamIdType>::FindStream(StreamIdType stream_id) { - auto it = all_stream_infos_.find(stream_id); - return it == all_stream_infos_.end() ? nullptr : it->second.get(); -} - -template <typename StreamIdType> -void Http2PriorityWriteScheduler<StreamIdType>::UpdatePrioritiesUnder( - StreamInfo* stream_info) { - for (StreamInfo* child : stream_info->children) { - child->priority = stream_info->priority * - (static_cast<float>(child->weight) / - static_cast<float>(stream_info->total_child_weights)); - if (child->ready) { - // Reposition in scheduling_queue_. Use post-order for scheduling, to - // benefit from the fact that children have priority <= parent priority. - Unschedule(child); - UpdatePrioritiesUnder(child); - Schedule(child); - } else { - UpdatePrioritiesUnder(child); - } - } -} - -template <typename StreamIdType> -void Http2PriorityWriteScheduler<StreamIdType>::Schedule( - StreamInfo* stream_info) { - DCHECK(!stream_info->ready); - for (base::LinkNode<StreamInfo>* s = scheduling_queue_.head(); - s != scheduling_queue_.end(); s = s->next()) { - if (stream_info->SchedulesBefore(*s->value())) { - stream_info->InsertBefore(s); - stream_info->ready = true; - return; - } - } - stream_info->InsertAfter(scheduling_queue_.tail()); - stream_info->ready = true; -} - -template <typename StreamIdType> -void Http2PriorityWriteScheduler<StreamIdType>::Unschedule( - StreamInfo* stream_info) { - DCHECK(stream_info->ready); - stream_info->RemoveFromList(); - stream_info->ready = false; -} - -template <typename StreamIdType> -bool Http2PriorityWriteScheduler<StreamIdType>::StreamHasChild( - const StreamInfo& parent_info, - const StreamInfo* child_info) const { - auto found = std::find(parent_info.children.begin(), - parent_info.children.end(), child_info); - return found != parent_info.children.end(); -} - -template <typename StreamIdType> -bool Http2PriorityWriteScheduler<StreamIdType>::HasReadyStreams() const { - return !scheduling_queue_.empty(); -} - -template <typename StreamIdType> -StreamIdType Http2PriorityWriteScheduler<StreamIdType>::PopNextReadyStream() { - return std::get<0>(PopNextReadyStreamAndPrecedence()); -} - -template <typename StreamIdType> -std::tuple< - StreamIdType, - typename Http2PriorityWriteScheduler<StreamIdType>::StreamPrecedenceType> -Http2PriorityWriteScheduler<StreamIdType>::PopNextReadyStreamAndPrecedence() { - for (base::LinkNode<StreamInfo>* s = scheduling_queue_.head(); - s != scheduling_queue_.end(); s = s->next()) { - StreamInfo* stream_info = s->value(); - if (!HasReadyAncestor(*stream_info)) { - Unschedule(stream_info); - return std::make_tuple(stream_info->id, - stream_info->ToStreamPrecedence()); - } - } - SPDY_BUG << "No ready streams"; - return std::make_tuple( - kHttp2RootStreamId, - StreamPrecedenceType(kHttp2RootStreamId, kHttp2MinStreamWeight, false)); -} - -template <typename StreamIdType> -size_t Http2PriorityWriteScheduler<StreamIdType>::NumReadyStreams() const { - base::LinkNode<StreamInfo>* node = scheduling_queue_.head(); - size_t size = 0; - while (node != scheduling_queue_.end()) - ++size; - return size; -} - -template <typename StreamIdType> -bool Http2PriorityWriteScheduler<StreamIdType>::ValidateInvariantsForTests() - const { - int total_streams = 0; - int streams_visited = 0; - // Iterate through all streams in the map. - for (const auto& kv : all_stream_infos_) { - ++total_streams; - ++streams_visited; - StreamIdType stream_id = kv.first; - const StreamInfo& stream_info = *kv.second.get(); - - // Verify each StreamInfo mapped under the proper stream ID. - if (stream_id != stream_info.id) { - DLOG(INFO) << "Stream ID " << stream_id << " maps to StreamInfo with ID " - << stream_info.id; - return false; - } - - // All streams except the root should have a parent, and should appear in - // the children of that parent. - if (stream_info.id != kHttp2RootStreamId && - !StreamHasChild(*stream_info.parent, &stream_info)) { - DLOG(INFO) << "Parent stream " << stream_info.parent->id - << " is not registered, or does not list stream " - << stream_info.id << " as its child."; - return false; - } - - if (!stream_info.children.empty()) { - int total_child_weights = 0; - // Iterate through the stream's children. - for (StreamInfo* child : stream_info.children) { - ++streams_visited; - // Each stream in the list should exist and should have this stream - // set as its parent. - if (!StreamRegistered(child->id) || child->parent != &stream_info) { - DLOG(INFO) << "Child stream " << child->id << " is not registered, " - << "or does not list " << stream_info.id - << " as its parent."; - return false; - } - total_child_weights += child->weight; - } - // Verify that total_child_weights is correct. - if (total_child_weights != stream_info.total_child_weights) { - DLOG(INFO) << "Child weight totals do not agree. For stream " - << stream_info.id << " total_child_weights has value " - << stream_info.total_child_weights << ", expected " - << total_child_weights; - return false; - } - } - } - - // Make sure num_streams reflects the total number of streams the map - // contains. - if (total_streams != num_streams()) { - DLOG(INFO) << "Map contains incorrect number of streams."; - return false; - } - // Validate the validation function; we should have visited each stream twice - // (except for the root) - DCHECK(streams_visited == 2 * num_streams() - 1); - return true; -} - -} // namespace net - -#endif // NET_SPDY_HTTP2_WRITE_SCHEDULER_H_ diff --git a/chromium/net/spdy/http2_write_scheduler_test.cc b/chromium/net/spdy/http2_write_scheduler_test.cc deleted file mode 100644 index 62fc4e902d4..00000000000 --- a/chromium/net/spdy/http2_write_scheduler_test.cc +++ /dev/null @@ -1,799 +0,0 @@ -// Copyright 2014 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/spdy/http2_write_scheduler.h" - -#include "net/spdy/spdy_test_utils.h" -#include "net/test/gtest_util.h" -#include "testing/gmock/include/gmock/gmock.h" -#include "testing/gtest/include/gtest/gtest.h" - -namespace net { - -using ::testing::AssertionFailure; -using ::testing::AssertionResult; -using ::testing::AssertionSuccess; -using ::testing::ElementsAre; -using ::testing::IsEmpty; -using ::testing::UnorderedElementsAre; - -namespace test { - -template <typename StreamIdType> -class Http2PriorityWriteSchedulerPeer { - public: - explicit Http2PriorityWriteSchedulerPeer( - Http2PriorityWriteScheduler<StreamIdType>* scheduler) - : scheduler_(scheduler) {} - - int TotalChildWeights(StreamIdType stream_id) const { - return scheduler_->FindStream(stream_id)->total_child_weights; - } - - bool ValidateInvariants() const { - return scheduler_->ValidateInvariantsForTests(); - } - - private: - Http2PriorityWriteScheduler<StreamIdType>* scheduler_; -}; - -class Http2PriorityWriteSchedulerTest : public ::testing::Test { - protected: - using SpdyStreamId = uint32_t; - - Http2PriorityWriteSchedulerTest() : peer_(&scheduler_) {} - - Http2PriorityWriteScheduler<SpdyStreamId> scheduler_; - Http2PriorityWriteSchedulerPeer<SpdyStreamId> peer_; -}; - -TEST_F(Http2PriorityWriteSchedulerTest, RegisterAndUnregisterStreams) { - EXPECT_EQ(1, scheduler_.num_streams()); - EXPECT_TRUE(scheduler_.StreamRegistered(0)); - EXPECT_FALSE(scheduler_.StreamRegistered(1)); - - scheduler_.RegisterStream(1, SpdyStreamPrecedence(0, 100, false)); - EXPECT_EQ(2, scheduler_.num_streams()); - ASSERT_TRUE(scheduler_.StreamRegistered(1)); - EXPECT_EQ(100, scheduler_.GetStreamPrecedence(1).weight()); - EXPECT_FALSE(scheduler_.StreamRegistered(5)); - EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(1)); - - scheduler_.RegisterStream(5, SpdyStreamPrecedence(0, 50, false)); - // Should not be able to add a stream with an id that already exists. - EXPECT_SPDY_BUG( - scheduler_.RegisterStream(5, SpdyStreamPrecedence(1, 50, false)), - "Stream 5 already registered"); - EXPECT_EQ(3, scheduler_.num_streams()); - EXPECT_TRUE(scheduler_.StreamRegistered(1)); - ASSERT_TRUE(scheduler_.StreamRegistered(5)); - EXPECT_EQ(50, scheduler_.GetStreamPrecedence(5).weight()); - EXPECT_FALSE(scheduler_.StreamRegistered(13)); - - scheduler_.RegisterStream(13, SpdyStreamPrecedence(5, 130, true)); - EXPECT_EQ(4, scheduler_.num_streams()); - EXPECT_TRUE(scheduler_.StreamRegistered(1)); - EXPECT_TRUE(scheduler_.StreamRegistered(5)); - ASSERT_TRUE(scheduler_.StreamRegistered(13)); - EXPECT_EQ(130, scheduler_.GetStreamPrecedence(13).weight()); - EXPECT_EQ(5u, scheduler_.GetStreamPrecedence(13).parent_id()); - - scheduler_.UnregisterStream(5); - // Cannot remove a stream that has already been removed. - EXPECT_SPDY_BUG(scheduler_.UnregisterStream(5), "Stream 5 not registered"); - EXPECT_EQ(3, scheduler_.num_streams()); - EXPECT_TRUE(scheduler_.StreamRegistered(1)); - EXPECT_FALSE(scheduler_.StreamRegistered(5)); - EXPECT_TRUE(scheduler_.StreamRegistered(13)); - EXPECT_EQ(kHttp2RootStreamId, scheduler_.GetStreamPrecedence(13).parent_id()); - - // The parent stream 19 doesn't exist, so this should use 0 as parent stream: - scheduler_.RegisterStream(7, SpdyStreamPrecedence(19, 70, false)); - EXPECT_TRUE(scheduler_.StreamRegistered(7)); - EXPECT_EQ(0u, scheduler_.GetStreamPrecedence(7).parent_id()); - // Now stream 7 already exists, so this should fail: - EXPECT_SPDY_BUG( - scheduler_.RegisterStream(7, SpdyStreamPrecedence(1, 70, false)), - "Stream 7 already registered"); - // Try adding a second child to stream 13: - scheduler_.RegisterStream(17, SpdyStreamPrecedence(13, 170, false)); - - scheduler_.UpdateStreamPrecedence(17, SpdyStreamPrecedence(13, 150, false)); - EXPECT_EQ(150, scheduler_.GetStreamPrecedence(17).weight()); - - ASSERT_TRUE(peer_.ValidateInvariants()); -} - -TEST_F(Http2PriorityWriteSchedulerTest, RegisterStreamWithSpdy3Priority) { - EXPECT_FALSE(scheduler_.StreamRegistered(1)); - EXPECT_SPDY_BUG(scheduler_.RegisterStream(1, SpdyStreamPrecedence(3)), - "Expected HTTP/2 stream dependency"); - EXPECT_EQ(0u, scheduler_.NumReadyStreams()); - EXPECT_TRUE(scheduler_.StreamRegistered(1)); - EXPECT_EQ(3, scheduler_.GetStreamPrecedence(1).spdy3_priority()); - EXPECT_EQ(147, scheduler_.GetStreamPrecedence(1).weight()); - EXPECT_EQ(kHttp2RootStreamId, scheduler_.GetStreamPrecedence(1).parent_id()); - EXPECT_THAT(scheduler_.GetStreamChildren(1), IsEmpty()); - - EXPECT_SPDY_BUG(scheduler_.RegisterStream(1, SpdyStreamPrecedence(4)), - "Stream 1 already registered"); - EXPECT_EQ(3, scheduler_.GetStreamPrecedence(1).spdy3_priority()); -} - -TEST_F(Http2PriorityWriteSchedulerTest, GetStreamWeight) { - // Unknown streams tolerated due to b/15676312. - EXPECT_EQ(kHttp2MinStreamWeight, scheduler_.GetStreamPrecedence(3).weight()); - scheduler_.RegisterStream(3, SpdyStreamPrecedence(0, 130, true)); - EXPECT_EQ(130, scheduler_.GetStreamPrecedence(3).weight()); - scheduler_.UpdateStreamPrecedence(3, SpdyStreamPrecedence(0, 50, true)); - EXPECT_EQ(50, scheduler_.GetStreamPrecedence(3).weight()); - scheduler_.UnregisterStream(3); - EXPECT_EQ(kHttp2MinStreamWeight, scheduler_.GetStreamPrecedence(3).weight()); -} - -TEST_F(Http2PriorityWriteSchedulerTest, GetStreamPriority) { - // Unknown streams tolerated due to b/15676312. - EXPECT_EQ(kV3LowestPriority, - scheduler_.GetStreamPrecedence(3).spdy3_priority()); - scheduler_.RegisterStream(3, SpdyStreamPrecedence(0, 130, true)); - EXPECT_EQ(3, scheduler_.GetStreamPrecedence(3).spdy3_priority()); - scheduler_.UpdateStreamPrecedence(3, SpdyStreamPrecedence(0, 50, true)); - EXPECT_EQ(5, scheduler_.GetStreamPrecedence(3).spdy3_priority()); - scheduler_.UnregisterStream(3); - EXPECT_EQ(kV3LowestPriority, - scheduler_.GetStreamPrecedence(3).spdy3_priority()); -} - -TEST_F(Http2PriorityWriteSchedulerTest, GetStreamParent) { - // Unknown streams tolerated due to b/15676312. - EXPECT_EQ(kHttp2RootStreamId, scheduler_.GetStreamPrecedence(3).parent_id()); - scheduler_.RegisterStream(2, SpdyStreamPrecedence(0, 20, false)); - scheduler_.RegisterStream(3, SpdyStreamPrecedence(2, 30, false)); - EXPECT_EQ(2u, scheduler_.GetStreamPrecedence(3).parent_id()); - scheduler_.UnregisterStream(3); - EXPECT_EQ(kHttp2RootStreamId, scheduler_.GetStreamPrecedence(3).parent_id()); -} - -TEST_F(Http2PriorityWriteSchedulerTest, GetStreamChildren) { - EXPECT_SPDY_BUG(EXPECT_THAT(scheduler_.GetStreamChildren(7), IsEmpty()), - "Stream 7 not registered"); - scheduler_.RegisterStream(7, SpdyStreamPrecedence(0, 70, false)); - EXPECT_THAT(scheduler_.GetStreamChildren(7), IsEmpty()); - scheduler_.RegisterStream(9, SpdyStreamPrecedence(7, 90, false)); - scheduler_.RegisterStream(15, SpdyStreamPrecedence(7, 150, false)); - EXPECT_THAT(scheduler_.GetStreamChildren(7), UnorderedElementsAre(9, 15)); - scheduler_.UnregisterStream(7); - EXPECT_SPDY_BUG(EXPECT_THAT(scheduler_.GetStreamChildren(7), IsEmpty()), - "Stream 7 not registered"); -} - -TEST_F(Http2PriorityWriteSchedulerTest, UpdateStreamWeight) { - EXPECT_SPDY_BUG( - scheduler_.UpdateStreamPrecedence(0, SpdyStreamPrecedence(0, 10, false)), - "Cannot set precedence of root stream"); - - // For the moment, updating stream precedence on a non-registered stream - // should have no effect. In the future, it will lazily cause the stream to - // be registered (b/15676312). - scheduler_.UpdateStreamPrecedence(3, SpdyStreamPrecedence(0, 10, false)); - EXPECT_FALSE(scheduler_.StreamRegistered(3)); - - scheduler_.RegisterStream(3, SpdyStreamPrecedence(0, 10, false)); - scheduler_.UpdateStreamPrecedence(3, SpdyStreamPrecedence(0, 20, false)); - EXPECT_EQ(20, scheduler_.GetStreamPrecedence(3).weight()); - ASSERT_TRUE(peer_.ValidateInvariants()); - - EXPECT_SPDY_BUG( - scheduler_.UpdateStreamPrecedence(3, SpdyStreamPrecedence(0, 500, false)), - "Invalid weight: 500"); - EXPECT_EQ(kHttp2MaxStreamWeight, scheduler_.GetStreamPrecedence(3).weight()); - EXPECT_SPDY_BUG( - scheduler_.UpdateStreamPrecedence(3, SpdyStreamPrecedence(0, 0, false)), - "Invalid weight: 0"); - EXPECT_EQ(kHttp2MinStreamWeight, scheduler_.GetStreamPrecedence(3).weight()); - ASSERT_TRUE(peer_.ValidateInvariants()); - - scheduler_.UnregisterStream(3); -} - -// Basic case of reparenting a subtree. -TEST_F(Http2PriorityWriteSchedulerTest, UpdateStreamParentBasicNonExclusive) { - /* Tree: - 0 - / \ - 1 2 - / \ - 3 4 - */ - scheduler_.RegisterStream(1, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(2, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(3, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(4, SpdyStreamPrecedence(1, 100, false)); - scheduler_.UpdateStreamPrecedence(1, SpdyStreamPrecedence(2, 100, false)); - EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(2)); - EXPECT_THAT(scheduler_.GetStreamChildren(1), UnorderedElementsAre(3, 4)); - EXPECT_THAT(scheduler_.GetStreamChildren(2), ElementsAre(1)); - EXPECT_THAT(scheduler_.GetStreamChildren(3), IsEmpty()); - EXPECT_THAT(scheduler_.GetStreamChildren(4), IsEmpty()); - ASSERT_TRUE(peer_.ValidateInvariants()); -} - -// Basic case of reparenting a subtree. Result here is the same as the -// non-exclusive case. -TEST_F(Http2PriorityWriteSchedulerTest, UpdateStreamParentBasicExclusive) { - /* Tree: - 0 - / \ - 1 2 - / \ - 3 4 - */ - scheduler_.RegisterStream(1, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(2, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(3, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(4, SpdyStreamPrecedence(1, 100, false)); - scheduler_.UpdateStreamPrecedence(1, SpdyStreamPrecedence(2, 100, true)); - EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(2)); - EXPECT_THAT(scheduler_.GetStreamChildren(1), UnorderedElementsAre(3, 4)); - EXPECT_THAT(scheduler_.GetStreamChildren(2), ElementsAre(1)); - EXPECT_THAT(scheduler_.GetStreamChildren(3), IsEmpty()); - EXPECT_THAT(scheduler_.GetStreamChildren(4), IsEmpty()); - ASSERT_TRUE(peer_.ValidateInvariants()); -} - -// We can't set the parent of a nonexistent stream, or set the parent to a -// nonexistent stream. -TEST_F(Http2PriorityWriteSchedulerTest, UpdateStreamParentNonexistent) { - scheduler_.RegisterStream(1, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(2, SpdyStreamPrecedence(0, 100, false)); - for (bool exclusive : {true, false}) { - // For the moment, updating stream precedence on a non-registered stream or - // attempting to set parent to a nonexistent stream should have no - // effect. In the future, it will lazily cause the stream(s) to be - // registered (b/15676312). - - // No-op: parent stream 3 not registered - scheduler_.UpdateStreamPrecedence(1, - SpdyStreamPrecedence(3, 100, exclusive)); - - // No-op: stream 4 not registered - scheduler_.UpdateStreamPrecedence(4, - SpdyStreamPrecedence(2, 100, exclusive)); - - // No-op: stream 3 not registered - scheduler_.UpdateStreamPrecedence(3, - SpdyStreamPrecedence(4, 100, exclusive)); - - EXPECT_THAT(scheduler_.GetStreamChildren(0), UnorderedElementsAre(1, 2)); - EXPECT_THAT(scheduler_.GetStreamChildren(1), IsEmpty()); - EXPECT_THAT(scheduler_.GetStreamChildren(2), IsEmpty()); - EXPECT_FALSE(scheduler_.StreamRegistered(3)); - EXPECT_FALSE(scheduler_.StreamRegistered(4)); - } - ASSERT_TRUE(peer_.ValidateInvariants()); -} - -// We should be able to add multiple children to streams. -TEST_F(Http2PriorityWriteSchedulerTest, - UpdateStreamParentMultipleChildrenNonExclusive) { - /* Tree: - 0 - / \ - 1 2 - / \ \ - 3 4 5 - */ - scheduler_.RegisterStream(1, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(2, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(3, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(4, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(5, SpdyStreamPrecedence(2, 100, false)); - scheduler_.UpdateStreamPrecedence(2, SpdyStreamPrecedence(1, 100, false)); - EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(1)); - EXPECT_THAT(scheduler_.GetStreamChildren(1), UnorderedElementsAre(2, 3, 4)); - EXPECT_THAT(scheduler_.GetStreamChildren(2), ElementsAre(5)); - EXPECT_THAT(scheduler_.GetStreamChildren(3), IsEmpty()); - EXPECT_THAT(scheduler_.GetStreamChildren(4), IsEmpty()); - EXPECT_THAT(scheduler_.GetStreamChildren(5), IsEmpty()); - ASSERT_TRUE(peer_.ValidateInvariants()); -} - -TEST_F(Http2PriorityWriteSchedulerTest, - UpdateStreamParentMultipleChildrenExclusive) { - /* Tree: - 0 - / \ - 1 2 - / \ \ - 3 4 5 - */ - scheduler_.RegisterStream(1, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(2, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(3, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(4, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(5, SpdyStreamPrecedence(2, 100, false)); - scheduler_.UpdateStreamPrecedence(2, SpdyStreamPrecedence(1, 100, true)); - EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(1)); - EXPECT_THAT(scheduler_.GetStreamChildren(1), ElementsAre(2)); - EXPECT_THAT(scheduler_.GetStreamChildren(2), UnorderedElementsAre(3, 4, 5)); - EXPECT_THAT(scheduler_.GetStreamChildren(3), IsEmpty()); - EXPECT_THAT(scheduler_.GetStreamChildren(4), IsEmpty()); - EXPECT_THAT(scheduler_.GetStreamChildren(5), IsEmpty()); - ASSERT_TRUE(peer_.ValidateInvariants()); -} - -TEST_F(Http2PriorityWriteSchedulerTest, UpdateStreamParentToChildNonExclusive) { - /* Tree: - 0 - | - 1 - / \ - 2 3 - | - 4 - */ - scheduler_.RegisterStream(1, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(2, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(3, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(4, SpdyStreamPrecedence(2, 100, false)); - scheduler_.UpdateStreamPrecedence(1, SpdyStreamPrecedence(2, 100, false)); - EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(2)); - EXPECT_THAT(scheduler_.GetStreamChildren(1), ElementsAre(3)); - EXPECT_THAT(scheduler_.GetStreamChildren(2), UnorderedElementsAre(1, 4)); - EXPECT_THAT(scheduler_.GetStreamChildren(3), IsEmpty()); - EXPECT_THAT(scheduler_.GetStreamChildren(4), IsEmpty()); - ASSERT_TRUE(peer_.ValidateInvariants()); -} - -TEST_F(Http2PriorityWriteSchedulerTest, UpdateStreamParentToChildExclusive) { - /* Tree: - 0 - | - 1 - / \ - 2 3 - | - 4 - */ - scheduler_.RegisterStream(1, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(2, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(3, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(4, SpdyStreamPrecedence(2, 100, false)); - scheduler_.UpdateStreamPrecedence(1, SpdyStreamPrecedence(2, 100, true)); - EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(2)); - EXPECT_THAT(scheduler_.GetStreamChildren(1), UnorderedElementsAre(3, 4)); - EXPECT_THAT(scheduler_.GetStreamChildren(2), ElementsAre(1)); - EXPECT_THAT(scheduler_.GetStreamChildren(3), IsEmpty()); - EXPECT_THAT(scheduler_.GetStreamChildren(4), IsEmpty()); - ASSERT_TRUE(peer_.ValidateInvariants()); -} - -TEST_F(Http2PriorityWriteSchedulerTest, - UpdateStreamParentToGrandchildNonExclusive) { - /* Tree: - 0 - | - 1 - / \ - 2 3 - / \ - 4 5 - | - 6 - */ - scheduler_.RegisterStream(1, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(2, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(3, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(4, SpdyStreamPrecedence(2, 100, false)); - scheduler_.RegisterStream(5, SpdyStreamPrecedence(2, 100, false)); - scheduler_.RegisterStream(6, SpdyStreamPrecedence(4, 100, false)); - scheduler_.UpdateStreamPrecedence(1, SpdyStreamPrecedence(4, 100, false)); - EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(4)); - EXPECT_THAT(scheduler_.GetStreamChildren(1), UnorderedElementsAre(2, 3)); - EXPECT_THAT(scheduler_.GetStreamChildren(2), ElementsAre(5)); - EXPECT_THAT(scheduler_.GetStreamChildren(3), IsEmpty()); - EXPECT_THAT(scheduler_.GetStreamChildren(4), UnorderedElementsAre(1, 6)); - EXPECT_THAT(scheduler_.GetStreamChildren(5), IsEmpty()); - EXPECT_THAT(scheduler_.GetStreamChildren(6), IsEmpty()); - ASSERT_TRUE(peer_.ValidateInvariants()); -} - -TEST_F(Http2PriorityWriteSchedulerTest, - UpdateStreamParentToGrandchildExclusive) { - /* Tree: - 0 - | - 1 - / \ - 2 3 - / \ - 4 5 - | - 6 - */ - scheduler_.RegisterStream(1, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(2, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(3, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(4, SpdyStreamPrecedence(2, 100, false)); - scheduler_.RegisterStream(5, SpdyStreamPrecedence(2, 100, false)); - scheduler_.RegisterStream(6, SpdyStreamPrecedence(4, 100, false)); - scheduler_.UpdateStreamPrecedence(1, SpdyStreamPrecedence(4, 100, true)); - EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(4)); - EXPECT_THAT(scheduler_.GetStreamChildren(1), UnorderedElementsAre(2, 3, 6)); - EXPECT_THAT(scheduler_.GetStreamChildren(2), ElementsAre(5)); - EXPECT_THAT(scheduler_.GetStreamChildren(3), IsEmpty()); - EXPECT_THAT(scheduler_.GetStreamChildren(4), ElementsAre(1)); - EXPECT_THAT(scheduler_.GetStreamChildren(5), IsEmpty()); - EXPECT_THAT(scheduler_.GetStreamChildren(6), IsEmpty()); - ASSERT_TRUE(peer_.ValidateInvariants()); -} - -TEST_F(Http2PriorityWriteSchedulerTest, UpdateStreamParentToParent) { - scheduler_.RegisterStream(1, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(2, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(3, SpdyStreamPrecedence(1, 100, false)); - for (bool exclusive : {true, false}) { - scheduler_.UpdateStreamPrecedence(2, - SpdyStreamPrecedence(1, 100, exclusive)); - EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(1)); - EXPECT_THAT(scheduler_.GetStreamChildren(1), UnorderedElementsAre(2, 3)); - EXPECT_THAT(scheduler_.GetStreamChildren(2), IsEmpty()); - EXPECT_THAT(scheduler_.GetStreamChildren(3), IsEmpty()); - } - ASSERT_TRUE(peer_.ValidateInvariants()); -} - -TEST_F(Http2PriorityWriteSchedulerTest, UpdateStreamParentToSelf) { - scheduler_.RegisterStream(1, SpdyStreamPrecedence(0, 100, false)); - EXPECT_SPDY_BUG( - scheduler_.UpdateStreamPrecedence(1, SpdyStreamPrecedence(1, 100, false)), - "Cannot set stream to be its own parent"); - EXPECT_SPDY_BUG( - scheduler_.UpdateStreamPrecedence(1, SpdyStreamPrecedence(1, 100, true)), - "Cannot set stream to be its own parent"); - EXPECT_THAT(scheduler_.GetStreamChildren(0), ElementsAre(1)); - EXPECT_THAT(scheduler_.GetStreamChildren(1), IsEmpty()); - ASSERT_TRUE(peer_.ValidateInvariants()); -} - -TEST_F(Http2PriorityWriteSchedulerTest, BlockAndUnblock) { - /* Create the tree. - - 0 - / | \ - / | \ - 1 2 3 - / \ \ \ - 4 5 6 7 - /| / \ | |\ - 8 9 10 11 12 13 14 - / \ - 15 16 - - */ - scheduler_.RegisterStream(1, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(2, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(3, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(4, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(5, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(8, SpdyStreamPrecedence(4, 100, false)); - scheduler_.RegisterStream(9, SpdyStreamPrecedence(4, 100, false)); - scheduler_.RegisterStream(10, SpdyStreamPrecedence(5, 100, false)); - scheduler_.RegisterStream(11, SpdyStreamPrecedence(5, 100, false)); - scheduler_.RegisterStream(15, SpdyStreamPrecedence(8, 100, false)); - scheduler_.RegisterStream(16, SpdyStreamPrecedence(8, 100, false)); - scheduler_.RegisterStream(12, SpdyStreamPrecedence(2, 100, false)); - scheduler_.RegisterStream(6, SpdyStreamPrecedence(2, 100, true)); - scheduler_.RegisterStream(7, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(13, SpdyStreamPrecedence(7, 100, true)); - scheduler_.RegisterStream(14, SpdyStreamPrecedence(7, 100, false)); - scheduler_.UpdateStreamPrecedence(7, SpdyStreamPrecedence(3, 100, false)); - EXPECT_EQ(0u, scheduler_.GetStreamPrecedence(1).parent_id()); - EXPECT_EQ(0u, scheduler_.GetStreamPrecedence(2).parent_id()); - EXPECT_EQ(0u, scheduler_.GetStreamPrecedence(3).parent_id()); - EXPECT_EQ(1u, scheduler_.GetStreamPrecedence(4).parent_id()); - EXPECT_EQ(1u, scheduler_.GetStreamPrecedence(5).parent_id()); - EXPECT_EQ(2u, scheduler_.GetStreamPrecedence(6).parent_id()); - EXPECT_EQ(3u, scheduler_.GetStreamPrecedence(7).parent_id()); - EXPECT_EQ(4u, scheduler_.GetStreamPrecedence(8).parent_id()); - EXPECT_EQ(4u, scheduler_.GetStreamPrecedence(9).parent_id()); - EXPECT_EQ(5u, scheduler_.GetStreamPrecedence(10).parent_id()); - EXPECT_EQ(5u, scheduler_.GetStreamPrecedence(11).parent_id()); - EXPECT_EQ(6u, scheduler_.GetStreamPrecedence(12).parent_id()); - EXPECT_EQ(7u, scheduler_.GetStreamPrecedence(13).parent_id()); - EXPECT_EQ(7u, scheduler_.GetStreamPrecedence(14).parent_id()); - EXPECT_EQ(8u, scheduler_.GetStreamPrecedence(15).parent_id()); - EXPECT_EQ(8u, scheduler_.GetStreamPrecedence(16).parent_id()); - ASSERT_TRUE(peer_.ValidateInvariants()); - - EXPECT_EQ(peer_.TotalChildWeights(0), - scheduler_.GetStreamPrecedence(1).weight() + - scheduler_.GetStreamPrecedence(2).weight() + - scheduler_.GetStreamPrecedence(3).weight()); - EXPECT_EQ(peer_.TotalChildWeights(3), - scheduler_.GetStreamPrecedence(7).weight()); - EXPECT_EQ(peer_.TotalChildWeights(7), - scheduler_.GetStreamPrecedence(13).weight() + - scheduler_.GetStreamPrecedence(14).weight()); - EXPECT_EQ(peer_.TotalChildWeights(13), 0); - EXPECT_EQ(peer_.TotalChildWeights(14), 0); - - ASSERT_TRUE(peer_.ValidateInvariants()); -} - -TEST_F(Http2PriorityWriteSchedulerTest, HasReadyStreams) { - EXPECT_FALSE(scheduler_.HasReadyStreams()); - scheduler_.RegisterStream(1, SpdyStreamPrecedence(0, 10, false)); - EXPECT_FALSE(scheduler_.HasReadyStreams()); - scheduler_.MarkStreamReady(1, false); - EXPECT_TRUE(scheduler_.HasReadyStreams()); - scheduler_.MarkStreamNotReady(1); - EXPECT_FALSE(scheduler_.HasReadyStreams()); - scheduler_.MarkStreamReady(1, true); - EXPECT_TRUE(scheduler_.HasReadyStreams()); - scheduler_.UnregisterStream(1); - EXPECT_FALSE(scheduler_.HasReadyStreams()); - ASSERT_TRUE(peer_.ValidateInvariants()); -} - -TEST_F(Http2PriorityWriteSchedulerTest, CalculateRoundedWeights) { - /* Create the tree. - - 0 - / \ - 1 2 - /| |\ |\ - 8 3 4 5 6 7 - */ - scheduler_.RegisterStream(3, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(4, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(5, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(1, SpdyStreamPrecedence(0, 10, true)); - scheduler_.RegisterStream(2, SpdyStreamPrecedence(0, 5, false)); - scheduler_.RegisterStream(6, SpdyStreamPrecedence(2, 1, false)); - scheduler_.RegisterStream(7, SpdyStreamPrecedence(2, 1, false)); - scheduler_.RegisterStream(8, SpdyStreamPrecedence(1, 1, false)); - - // Remove higher-level streams. - scheduler_.UnregisterStream(1); - scheduler_.UnregisterStream(2); - - // 3.3 rounded down = 3. - EXPECT_EQ(3, scheduler_.GetStreamPrecedence(3).weight()); - EXPECT_EQ(3, scheduler_.GetStreamPrecedence(4).weight()); - EXPECT_EQ(3, scheduler_.GetStreamPrecedence(5).weight()); - // 2.5 rounded up = 3. - EXPECT_EQ(3, scheduler_.GetStreamPrecedence(6).weight()); - EXPECT_EQ(3, scheduler_.GetStreamPrecedence(7).weight()); - // 0 is not a valid weight, so round up to 1. - EXPECT_EQ(1, scheduler_.GetStreamPrecedence(8).weight()); - ASSERT_TRUE(peer_.ValidateInvariants()); -} - -TEST_F(Http2PriorityWriteSchedulerTest, GetLatestEventWithPrecedence) { - EXPECT_SPDY_BUG(scheduler_.RecordStreamEventTime(3, 5), - "Stream 3 not registered"); - EXPECT_SPDY_BUG(EXPECT_EQ(0, scheduler_.GetLatestEventWithPrecedence(4)), - "Stream 4 not registered"); - - for (int i = 1; i < 5; ++i) { - int weight = SpdyStreamPrecedence(i).weight(); - scheduler_.RegisterStream(i, SpdyStreamPrecedence(0, weight, false)); - } - for (int i = 1; i < 5; ++i) { - EXPECT_EQ(0, scheduler_.GetLatestEventWithPrecedence(i)); - } - for (int i = 1; i < 5; ++i) { - scheduler_.RecordStreamEventTime(i, i * 100); - } - for (int i = 1; i < 5; ++i) { - EXPECT_EQ((i - 1) * 100, scheduler_.GetLatestEventWithPrecedence(i)); - } -} - -// Add ready streams at front and back. -TEST_F(Http2PriorityWriteSchedulerTest, MarkReadyFrontAndBack) { - scheduler_.RegisterStream(1, SpdyStreamPrecedence(0, 10, false)); - scheduler_.RegisterStream(2, SpdyStreamPrecedence(0, 20, false)); - scheduler_.RegisterStream(3, SpdyStreamPrecedence(0, 20, false)); - scheduler_.RegisterStream(4, SpdyStreamPrecedence(0, 20, false)); - scheduler_.RegisterStream(5, SpdyStreamPrecedence(0, 30, false)); - - for (int i = 1; i < 6; ++i) { - scheduler_.MarkStreamReady(i, false); - } - EXPECT_EQ(5u, scheduler_.PopNextReadyStream()); - EXPECT_EQ(2u, scheduler_.PopNextReadyStream()); - scheduler_.MarkStreamReady(2, false); - EXPECT_EQ(3u, scheduler_.PopNextReadyStream()); - scheduler_.MarkStreamReady(3, false); - EXPECT_EQ(4u, scheduler_.PopNextReadyStream()); - scheduler_.MarkStreamReady(4, false); - EXPECT_EQ(2u, scheduler_.PopNextReadyStream()); - scheduler_.MarkStreamReady(2, true); - EXPECT_EQ(2u, scheduler_.PopNextReadyStream()); - scheduler_.MarkStreamReady(5, false); - scheduler_.MarkStreamReady(2, true); - EXPECT_EQ(5u, scheduler_.PopNextReadyStream()); -} - -// Add ready streams at front and back and pop them with -// PopNextReadyStreamAndPrecedence. -TEST_F(Http2PriorityWriteSchedulerTest, PopNextReadyStreamAndPrecedence) { - scheduler_.RegisterStream(1, SpdyStreamPrecedence(0, 10, false)); - scheduler_.RegisterStream(2, SpdyStreamPrecedence(0, 20, false)); - scheduler_.RegisterStream(3, SpdyStreamPrecedence(0, 20, false)); - scheduler_.RegisterStream(4, SpdyStreamPrecedence(0, 20, false)); - scheduler_.RegisterStream(5, SpdyStreamPrecedence(0, 30, false)); - - for (int i = 1; i < 6; ++i) { - scheduler_.MarkStreamReady(i, false); - } - EXPECT_EQ(std::make_tuple(5u, SpdyStreamPrecedence(0, 30, false)), - scheduler_.PopNextReadyStreamAndPrecedence()); - EXPECT_EQ(std::make_tuple(2u, SpdyStreamPrecedence(0, 20, false)), - scheduler_.PopNextReadyStreamAndPrecedence()); - scheduler_.MarkStreamReady(2, false); - EXPECT_EQ(std::make_tuple(3u, SpdyStreamPrecedence(0, 20, false)), - scheduler_.PopNextReadyStreamAndPrecedence()); - scheduler_.MarkStreamReady(3, false); - EXPECT_EQ(std::make_tuple(4u, SpdyStreamPrecedence(0, 20, false)), - scheduler_.PopNextReadyStreamAndPrecedence()); - scheduler_.MarkStreamReady(4, false); - EXPECT_EQ(std::make_tuple(2u, SpdyStreamPrecedence(0, 20, false)), - scheduler_.PopNextReadyStreamAndPrecedence()); - scheduler_.MarkStreamReady(2, true); - EXPECT_EQ(std::make_tuple(2u, SpdyStreamPrecedence(0, 20, false)), - scheduler_.PopNextReadyStreamAndPrecedence()); - scheduler_.MarkStreamReady(5, false); - scheduler_.MarkStreamReady(2, true); - EXPECT_EQ(std::make_tuple(5u, SpdyStreamPrecedence(0, 30, false)), - scheduler_.PopNextReadyStreamAndPrecedence()); -} - -class PopNextReadyStreamTest : public Http2PriorityWriteSchedulerTest { - protected: - void SetUp() override { - /* Create the tree. - - 0 - /|\ - 1 2 3 - /| |\ - 4 5 6 7 - / - 8 - - */ - scheduler_.RegisterStream(1, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(2, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(3, SpdyStreamPrecedence(0, 100, false)); - scheduler_.RegisterStream(4, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(5, SpdyStreamPrecedence(1, 100, false)); - scheduler_.RegisterStream(6, SpdyStreamPrecedence(2, 100, false)); - scheduler_.RegisterStream(7, SpdyStreamPrecedence(2, 100, false)); - scheduler_.RegisterStream(8, SpdyStreamPrecedence(4, 100, false)); - - // Set all nodes ready to write. - for (SpdyStreamId id = 1; id <= 8; ++id) { - scheduler_.MarkStreamReady(id, false); - } - } - - AssertionResult PopNextReturnsCycle( - std::initializer_list<SpdyStreamId> stream_ids) { - int count = 0; - const int kNumCyclesToCheck = 2; - for (int i = 0; i < kNumCyclesToCheck; i++) { - for (SpdyStreamId expected_id : stream_ids) { - SpdyStreamId next_id = scheduler_.PopNextReadyStream(); - scheduler_.MarkStreamReady(next_id, false); - if (next_id != expected_id) { - return AssertionFailure() << "Pick " << count << ": expected stream " - << expected_id << " instead of " << next_id; - } - if (!peer_.ValidateInvariants()) { - return AssertionFailure() << "ValidateInvariants failed"; - } - ++count; - } - } - return AssertionSuccess(); - } -}; - -// When all streams are schedulable, only top-level streams should be returned. -TEST_F(PopNextReadyStreamTest, NoneBlocked) { - EXPECT_TRUE(PopNextReturnsCycle({1, 2, 3})); -} - -// When a parent stream is blocked, its children should be scheduled, if -// priorities allow. -TEST_F(PopNextReadyStreamTest, SingleStreamBlocked) { - scheduler_.MarkStreamNotReady(1); - - // Round-robin only across 2 and 3, since children of 1 have lower priority. - EXPECT_TRUE(PopNextReturnsCycle({2, 3})); - - // Make children of 1 have equal priority as 2 and 3, after which they should - // be returned as well. - scheduler_.UpdateStreamPrecedence(1, SpdyStreamPrecedence(0, 200, false)); - EXPECT_TRUE(PopNextReturnsCycle({4, 5, 2, 3})); -} - -// Block multiple levels of streams. -TEST_F(PopNextReadyStreamTest, MultiLevelBlocked) { - for (SpdyStreamId stream_id : {1, 4, 5}) { - scheduler_.MarkStreamNotReady(stream_id); - } - // Round-robin only across 2 and 3, since children of 1 have lower priority. - EXPECT_TRUE(PopNextReturnsCycle({2, 3})); - - // Make 8 have equal priority as 2 and 3. - scheduler_.UpdateStreamPrecedence(1, SpdyStreamPrecedence(0, 200, false)); - EXPECT_TRUE(PopNextReturnsCycle({8, 2, 3})); -} - -// A removed stream shouldn't be scheduled. -TEST_F(PopNextReadyStreamTest, RemoveStream) { - scheduler_.UnregisterStream(1); - - // Round-robin only across 2 and 3, since previous children of 1 have lower - // priority (the weight of 4 and 5 is scaled down when they are elevated to - // siblings of 2 and 3). - EXPECT_TRUE(PopNextReturnsCycle({2, 3})); - - // Make previous children of 1 have equal priority as 2 and 3. - scheduler_.UpdateStreamPrecedence(4, SpdyStreamPrecedence(0, 100, false)); - scheduler_.UpdateStreamPrecedence(5, SpdyStreamPrecedence(0, 100, false)); - EXPECT_TRUE(PopNextReturnsCycle({4, 5, 2, 3})); -} - -// Block an entire subtree. -TEST_F(PopNextReadyStreamTest, SubtreeBlocked) { - for (SpdyStreamId stream_id : {1, 4, 5, 8}) { - scheduler_.MarkStreamNotReady(stream_id); - } - EXPECT_TRUE(PopNextReturnsCycle({2, 3})); -} - -// If all parent streams are blocked, children should be returned. -TEST_F(PopNextReadyStreamTest, ParentsBlocked) { - for (SpdyStreamId stream_id : {1, 2, 3}) { - scheduler_.MarkStreamNotReady(stream_id); - } - EXPECT_TRUE(PopNextReturnsCycle({4, 5, 6, 7})); -} - -// Unblocking streams should make them schedulable. -TEST_F(PopNextReadyStreamTest, BlockAndUnblock) { - EXPECT_TRUE(PopNextReturnsCycle({1, 2, 3})); - scheduler_.MarkStreamNotReady(2); - EXPECT_TRUE(PopNextReturnsCycle({1, 3})); - scheduler_.MarkStreamReady(2, false); - // Cycle order permuted since 2 effectively appended at tail. - EXPECT_TRUE(PopNextReturnsCycle({1, 3, 2})); -} - -// Block nodes in multiple subtrees. -TEST_F(PopNextReadyStreamTest, ScatteredBlocked) { - for (SpdyStreamId stream_id : {1, 2, 6, 7}) { - scheduler_.MarkStreamNotReady(stream_id); - } - // Only 3 returned, since of remaining streams it has highest priority. - EXPECT_TRUE(PopNextReturnsCycle({3})); - - // Make children of 1 have priority equal to 3. - scheduler_.UpdateStreamPrecedence(1, SpdyStreamPrecedence(0, 200, false)); - EXPECT_TRUE(PopNextReturnsCycle({4, 5, 3})); - - // When 4 is blocked, its child 8 should take its place, since it has same - // priority. - scheduler_.MarkStreamNotReady(4); - EXPECT_TRUE(PopNextReturnsCycle({8, 5, 3})); -} - -} // namespace test -} // namespace net diff --git a/chromium/net/spdy/mock_spdy_framer_visitor.h b/chromium/net/spdy/mock_spdy_framer_visitor.h index 0c5bcd5be5d..4b797eebec9 100644 --- a/chromium/net/spdy/mock_spdy_framer_visitor.h +++ b/chromium/net/spdy/mock_spdy_framer_visitor.h @@ -11,7 +11,7 @@ #include <cstdint> #include <memory> -#include "base/strings/string_piece.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/spdy_framer.h" #include "net/spdy/spdy_test_utils.h" #include "testing/gmock/include/gmock/gmock.h" @@ -54,14 +54,13 @@ class MockSpdyFramerVisitor : public SpdyFramerVisitorInterface { bool end)); MOCK_METHOD2(OnWindowUpdate, void(SpdyStreamId stream_id, int delta_window_size)); - MOCK_METHOD1(OnBlocked, void(SpdyStreamId stream_id)); MOCK_METHOD3(OnPushPromise, void(SpdyStreamId stream_id, SpdyStreamId promised_stream_id, bool end)); MOCK_METHOD2(OnContinuation, void(SpdyStreamId stream_id, bool end)); MOCK_METHOD3(OnAltSvc, void(SpdyStreamId stream_id, - base::StringPiece origin, + SpdyStringPiece origin, const SpdyAltSvcWireFormat::AlternativeServiceVector& altsvc_vector)); MOCK_METHOD4(OnPriority, diff --git a/chromium/net/spdy/platform/api/spdy_string.h b/chromium/net/spdy/platform/api/spdy_string.h new file mode 100644 index 00000000000..59089a50b6e --- /dev/null +++ b/chromium/net/spdy/platform/api/spdy_string.h @@ -0,0 +1,16 @@ +// Copyright (c) 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_SPDY_PLATFORM_API_SPDY_STRING_H_ +#define NET_SPDY_PLATFORM_API_SPDY_STRING_H_ + +#include "net/spdy/platform/impl/spdy_string_impl.h" + +namespace net { + +using SpdyString = SpdyStringImpl; + +} // namespace net + +#endif // NET_SPDY_PLATFORM_API_SPDY_STRING_H_ diff --git a/chromium/net/spdy/platform/api/spdy_string_piece.h b/chromium/net/spdy/platform/api/spdy_string_piece.h new file mode 100644 index 00000000000..d852d10a91c --- /dev/null +++ b/chromium/net/spdy/platform/api/spdy_string_piece.h @@ -0,0 +1,16 @@ +// Copyright (c) 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_SPDY_PLATFORM_API_SPDY_STRING_PIECE_H_ +#define NET_SPDY_PLATFORM_API_SPDY_STRING_PIECE_H_ + +#include "net/spdy/platform/impl/spdy_string_piece_impl.h" + +namespace net { + +using SpdyStringPiece = SpdyStringPieceImpl; + +} // namespace net + +#endif // NET_SPDY_PLATFORM_API_SPDY_STRING_PIECE_H_ diff --git a/chromium/net/spdy/platform/api/spdy_string_utils.h b/chromium/net/spdy/platform/api/spdy_string_utils.h new file mode 100644 index 00000000000..4f986ff2fb0 --- /dev/null +++ b/chromium/net/spdy/platform/api/spdy_string_utils.h @@ -0,0 +1,41 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_SPDY_PLATFORM_API_SPDY_STRING_UTILS_H_ +#define NET_SPDY_PLATFORM_API_SPDY_STRING_UTILS_H_ + +#include <utility> + +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/impl/spdy_string_utils_impl.h" + +namespace net { + +template <typename... Args> +inline SpdyString SpdyStrCat(const Args&... args) { + return SpdyStrCatImpl(std::forward<const Args&>(args)...); +} + +template <typename... Args> +inline void SpdyStrAppend(SpdyString* output, const Args&... args) { + SpdyStrAppendImpl(output, std::forward<const Args&>(args)...); +} + +template <typename... Args> +inline SpdyString SpdyStringPrintf(const Args&... args) { + return SpdyStringPrintfImpl(std::forward<const Args&>(args)...); +} + +template <typename... Args> +inline void SpdyStringAppendF(const Args&... args) { + SpdyStringAppendFImpl(std::forward<const Args&>(args)...); +} + +inline char SpdyHexDigitToInt(char c) { + return SpdyHexDigitToIntImpl(c); +} + +} // namespace net + +#endif // NET_SPDY_PLATFORM_API_SPDY_STRING_UTILS_H_ diff --git a/chromium/net/spdy/platform/api/spdy_string_utils_test.cc b/chromium/net/spdy/platform/api/spdy_string_utils_test.cc new file mode 100644 index 00000000000..20992f998ce --- /dev/null +++ b/chromium/net/spdy/platform/api/spdy_string_utils_test.cc @@ -0,0 +1,220 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/spdy/platform/api/spdy_string_utils.h" + +#include <cstdint> + +#include "net/spdy/platform/api/spdy_string_piece.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { +namespace test { +namespace { + +TEST(SpdyStringUtilsTest, SpdyStrCat) { + // No arguments. + EXPECT_EQ("", SpdyStrCat()); + + // Single string-like argument. + const char kFoo[] = "foo"; + const SpdyString string_foo(kFoo); + const SpdyStringPiece stringpiece_foo(string_foo); + EXPECT_EQ("foo", SpdyStrCat(kFoo)); + EXPECT_EQ("foo", SpdyStrCat(string_foo)); + EXPECT_EQ("foo", SpdyStrCat(stringpiece_foo)); + + // Two string-like arguments. + const char kBar[] = "bar"; + const SpdyStringPiece stringpiece_bar(kBar); + const SpdyString string_bar(kBar); + EXPECT_EQ("foobar", SpdyStrCat(kFoo, kBar)); + EXPECT_EQ("foobar", SpdyStrCat(kFoo, string_bar)); + EXPECT_EQ("foobar", SpdyStrCat(kFoo, stringpiece_bar)); + EXPECT_EQ("foobar", SpdyStrCat(string_foo, kBar)); + EXPECT_EQ("foobar", SpdyStrCat(string_foo, string_bar)); + EXPECT_EQ("foobar", SpdyStrCat(string_foo, stringpiece_bar)); + EXPECT_EQ("foobar", SpdyStrCat(stringpiece_foo, kBar)); + EXPECT_EQ("foobar", SpdyStrCat(stringpiece_foo, string_bar)); + EXPECT_EQ("foobar", SpdyStrCat(stringpiece_foo, stringpiece_bar)); + + // Many-many arguments. + EXPECT_EQ( + "foobarbazquxquuxquuzcorgegraultgarplywaldofredplughxyzzythud", + SpdyStrCat("foo", "bar", "baz", "qux", "quux", "quuz", "corge", "grault", + "garply", "waldo", "fred", "plugh", "xyzzy", "thud")); + + // Numerical arguments. + const int16_t i = 1; + const uint64_t u = 8; + const double d = 3.1415; + + EXPECT_EQ("1 8", SpdyStrCat(i, " ", u)); + EXPECT_EQ("3.14151181", SpdyStrCat(d, i, i, u, i)); + EXPECT_EQ("i: 1, u: 8, d: 3.1415", + SpdyStrCat("i: ", i, ", u: ", u, ", d: ", d)); + + // Boolean arguments. + const bool t = true; + const bool f = false; + + EXPECT_EQ("1", SpdyStrCat(t)); + EXPECT_EQ("0", SpdyStrCat(f)); + EXPECT_EQ("0110", SpdyStrCat(f, t, t, f)); + + // Mixed string-like, numerical, and Boolean arguments. + EXPECT_EQ("foo1foo081bar3.14151", + SpdyStrCat(kFoo, i, string_foo, f, u, t, stringpiece_bar, d, t)); + EXPECT_EQ("3.141511bar18bar13.14150", + SpdyStrCat(d, t, t, string_bar, i, u, kBar, t, d, f)); +} + +TEST(SpdyStringUtilsTest, SpdyStrAppend) { + // No arguments on empty string. + SpdyString output; + SpdyStrAppend(&output); + EXPECT_TRUE(output.empty()); + + // Single string-like argument. + const char kFoo[] = "foo"; + const SpdyString string_foo(kFoo); + const SpdyStringPiece stringpiece_foo(string_foo); + SpdyStrAppend(&output, kFoo); + EXPECT_EQ("foo", output); + SpdyStrAppend(&output, string_foo); + EXPECT_EQ("foofoo", output); + SpdyStrAppend(&output, stringpiece_foo); + EXPECT_EQ("foofoofoo", output); + + // No arguments on non-empty string. + SpdyStrAppend(&output); + EXPECT_EQ("foofoofoo", output); + + output.clear(); + + // Two string-like arguments. + const char kBar[] = "bar"; + const SpdyStringPiece stringpiece_bar(kBar); + const SpdyString string_bar(kBar); + SpdyStrAppend(&output, kFoo, kBar); + EXPECT_EQ("foobar", output); + SpdyStrAppend(&output, kFoo, string_bar); + EXPECT_EQ("foobarfoobar", output); + SpdyStrAppend(&output, kFoo, stringpiece_bar); + EXPECT_EQ("foobarfoobarfoobar", output); + SpdyStrAppend(&output, string_foo, kBar); + EXPECT_EQ("foobarfoobarfoobarfoobar", output); + + output.clear(); + + SpdyStrAppend(&output, string_foo, string_bar); + EXPECT_EQ("foobar", output); + SpdyStrAppend(&output, string_foo, stringpiece_bar); + EXPECT_EQ("foobarfoobar", output); + SpdyStrAppend(&output, stringpiece_foo, kBar); + EXPECT_EQ("foobarfoobarfoobar", output); + SpdyStrAppend(&output, stringpiece_foo, string_bar); + EXPECT_EQ("foobarfoobarfoobarfoobar", output); + + output.clear(); + + SpdyStrAppend(&output, stringpiece_foo, stringpiece_bar); + EXPECT_EQ("foobar", output); + + // Many-many arguments. + SpdyStrAppend(&output, "foo", "bar", "baz", "qux", "quux", "quuz", "corge", + "grault", "garply", "waldo", "fred", "plugh", "xyzzy", "thud"); + EXPECT_EQ( + "foobarfoobarbazquxquuxquuzcorgegraultgarplywaldofredplughxyzzythud", + output); + + output.clear(); + + // Numerical arguments. + const int16_t i = 1; + const uint64_t u = 8; + const double d = 3.1415; + + SpdyStrAppend(&output, i, " ", u); + EXPECT_EQ("1 8", output); + SpdyStrAppend(&output, d, i, i, u, i); + EXPECT_EQ("1 83.14151181", output); + SpdyStrAppend(&output, "i: ", i, ", u: ", u, ", d: ", d); + EXPECT_EQ("1 83.14151181i: 1, u: 8, d: 3.1415", output); + + output.clear(); + + // Boolean arguments. + const bool t = true; + const bool f = false; + + SpdyStrAppend(&output, t); + EXPECT_EQ("1", output); + SpdyStrAppend(&output, f); + EXPECT_EQ("10", output); + SpdyStrAppend(&output, f, t, t, f); + EXPECT_EQ("100110", output); + + output.clear(); + + // Mixed string-like, numerical, and Boolean arguments. + SpdyStrAppend(&output, kFoo, i, string_foo, f, u, t, stringpiece_bar, d, t); + EXPECT_EQ("foo1foo081bar3.14151", output); + SpdyStrAppend(&output, d, t, t, string_bar, i, u, kBar, t, d, f); + EXPECT_EQ("foo1foo081bar3.141513.141511bar18bar13.14150", output); +} + +TEST(SpdyStringUtilsTest, SpdyStringPrintf) { + EXPECT_EQ("", SpdyStringPrintf("%s", "")); + EXPECT_EQ("foobar", SpdyStringPrintf("%sbar", "foo")); + EXPECT_EQ("foobar", SpdyStringPrintf("%s%s", "foo", "bar")); + EXPECT_EQ("foo: 1, bar: 2.0", SpdyStringPrintf("foo: %d, bar: %.1f", 1, 2.0)); +} + +TEST(SpdyStringUtilsTest, SpdyStringAppendF) { + SpdyString output; + + SpdyStringAppendF(&output, "%s", ""); + EXPECT_TRUE(output.empty()); + + SpdyStringAppendF(&output, "%sbar", "foo"); + EXPECT_EQ("foobar", output); + + SpdyStringAppendF(&output, "%s%s", "foo", "bar"); + EXPECT_EQ("foobarfoobar", output); + + SpdyStringAppendF(&output, "foo: %d, bar: %.1f", 1, 2.0); + EXPECT_EQ("foobarfoobarfoo: 1, bar: 2.0", output); +} + +TEST(SpdyStringUtilsTest, SpdyHexDigitToInt) { + EXPECT_EQ(0, SpdyHexDigitToInt('0')); + EXPECT_EQ(1, SpdyHexDigitToInt('1')); + EXPECT_EQ(2, SpdyHexDigitToInt('2')); + EXPECT_EQ(3, SpdyHexDigitToInt('3')); + EXPECT_EQ(4, SpdyHexDigitToInt('4')); + EXPECT_EQ(5, SpdyHexDigitToInt('5')); + EXPECT_EQ(6, SpdyHexDigitToInt('6')); + EXPECT_EQ(7, SpdyHexDigitToInt('7')); + EXPECT_EQ(8, SpdyHexDigitToInt('8')); + EXPECT_EQ(9, SpdyHexDigitToInt('9')); + + EXPECT_EQ(10, SpdyHexDigitToInt('a')); + EXPECT_EQ(11, SpdyHexDigitToInt('b')); + EXPECT_EQ(12, SpdyHexDigitToInt('c')); + EXPECT_EQ(13, SpdyHexDigitToInt('d')); + EXPECT_EQ(14, SpdyHexDigitToInt('e')); + EXPECT_EQ(15, SpdyHexDigitToInt('f')); + + EXPECT_EQ(10, SpdyHexDigitToInt('A')); + EXPECT_EQ(11, SpdyHexDigitToInt('B')); + EXPECT_EQ(12, SpdyHexDigitToInt('C')); + EXPECT_EQ(13, SpdyHexDigitToInt('D')); + EXPECT_EQ(14, SpdyHexDigitToInt('E')); + EXPECT_EQ(15, SpdyHexDigitToInt('F')); +} + +} // namespace +} // namespace test +} // namespace net diff --git a/chromium/net/spdy/platform/impl/spdy_string_impl.h b/chromium/net/spdy/platform/impl/spdy_string_impl.h new file mode 100644 index 00000000000..91a63367b14 --- /dev/null +++ b/chromium/net/spdy/platform/impl/spdy_string_impl.h @@ -0,0 +1,16 @@ +// Copyright (c) 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_SPDY_PLATFORM_IMPL_SPDY_STRING_IMPL_H_ +#define NET_SPDY_PLATFORM_IMPL_SPDY_STRING_IMPL_H_ + +#include <string> + +namespace net { + +using SpdyStringImpl = std::string; + +} // namespace net + +#endif // NET_SPDY_PLATFORM_IMPL_SPDY_STRING_IMPL_H_ diff --git a/chromium/net/spdy/platform/impl/spdy_string_piece_impl.h b/chromium/net/spdy/platform/impl/spdy_string_piece_impl.h new file mode 100644 index 00000000000..add0d55bc92 --- /dev/null +++ b/chromium/net/spdy/platform/impl/spdy_string_piece_impl.h @@ -0,0 +1,16 @@ +// Copyright (c) 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_SPDY_PLATFORM_IMPL_SPDY_STRING_PIECE_IMPL_H_ +#define NET_SPDY_PLATFORM_IMPL_SPDY_STRING_PIECE_IMPL_H_ + +#include "base/strings/string_piece.h" + +namespace net { + +using SpdyStringPieceImpl = base::StringPiece; + +} // namespace net + +#endif // NET_SPDY_PLATFORM_IMPL_SPDY_STRING_PIECE_IMPL_H_ diff --git a/chromium/net/spdy/platform/impl/spdy_string_utils_impl.h b/chromium/net/spdy/platform/impl/spdy_string_utils_impl.h new file mode 100644 index 00000000000..8792285351f --- /dev/null +++ b/chromium/net/spdy/platform/impl/spdy_string_utils_impl.h @@ -0,0 +1,46 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_SPDY_PLATFORM_IMPL_SPDY_STRING_UTILS_IMPL_H_ +#define NET_SPDY_PLATFORM_IMPL_SPDY_STRING_UTILS_IMPL_H_ + +#include <sstream> +#include <utility> + +#include "base/strings/string_util.h" +#include "base/strings/stringprintf.h" +#include "net/spdy/platform/api/spdy_string.h" + +namespace net { + +template <typename... Args> +inline SpdyString SpdyStrCatImpl(const Args&... args) { + std::ostringstream oss; + int dummy[] = {1, (oss << args, 0)...}; + static_cast<void>(dummy); + return oss.str(); +} + +template <typename... Args> +inline void SpdyStrAppendImpl(SpdyString* output, Args... args) { + output->append(SpdyStrCatImpl(args...)); +} + +template <typename... Args> +inline SpdyString SpdyStringPrintfImpl(const Args&... args) { + return base::StringPrintf(std::forward<const Args&>(args)...); +} + +template <typename... Args> +inline void SpdyStringAppendFImpl(const Args&... args) { + base::StringAppendF(std::forward<const Args&>(args)...); +} + +inline char SpdyHexDigitToIntImpl(char c) { + return base::HexDigitToInt(c); +} + +} // namespace net + +#endif // NET_SPDY_PLATFORM_IMPL_SPDY_STRING_UTILS_IMPL_H_ diff --git a/chromium/net/spdy/spdy_alt_svc_wire_format.cc b/chromium/net/spdy/spdy_alt_svc_wire_format.cc index df4e84dded5..803fb7bc3d4 100644 --- a/chromium/net/spdy/spdy_alt_svc_wire_format.cc +++ b/chromium/net/spdy/spdy_alt_svc_wire_format.cc @@ -5,26 +5,22 @@ #include "net/spdy/spdy_alt_svc_wire_format.h" #include <algorithm> +#include <cctype> #include <limits> -#include <string> #include "base/logging.h" -#include "base/strings/string_util.h" -#include "base/strings/stringprintf.h" +#include "net/spdy/platform/api/spdy_string_utils.h" namespace net { -using base::StringPiece; - namespace { template <class T> -bool ParsePositiveIntegerImpl(StringPiece::const_iterator c, - StringPiece::const_iterator end, +bool ParsePositiveIntegerImpl(SpdyStringPiece::const_iterator c, + SpdyStringPiece::const_iterator end, T* value) { *value = 0; - // TODO(mmenke): This really should be using methods in parse_number.h. - for (; c != end && '0' <= *c && *c <= '9'; ++c) { + for (; c != end && std::isdigit(*c); ++c) { if (*value > std::numeric_limits<T>::max() / 10) { return false; } @@ -42,8 +38,8 @@ bool ParsePositiveIntegerImpl(StringPiece::const_iterator c, SpdyAltSvcWireFormat::AlternativeService::AlternativeService() {} SpdyAltSvcWireFormat::AlternativeService::AlternativeService( - const std::string& protocol_id, - const std::string& host, + const SpdyString& protocol_id, + const SpdyString& host, uint16_t port, uint32_t max_age, VersionVector version) @@ -60,22 +56,22 @@ SpdyAltSvcWireFormat::AlternativeService::AlternativeService( // static bool SpdyAltSvcWireFormat::ParseHeaderFieldValue( - StringPiece value, + SpdyStringPiece value, AlternativeServiceVector* altsvc_vector) { // Empty value is invalid according to the specification. if (value.empty()) { return false; } altsvc_vector->clear(); - if (value == StringPiece("clear")) { + if (value == SpdyStringPiece("clear")) { return true; } - StringPiece::const_iterator c = value.begin(); + SpdyStringPiece::const_iterator c = value.begin(); while (c != value.end()) { // Parse protocol-id. - StringPiece::const_iterator percent_encoded_protocol_id_end = + SpdyStringPiece::const_iterator percent_encoded_protocol_id_end = std::find(c, value.end(), '='); - std::string protocol_id; + SpdyString protocol_id; if (percent_encoded_protocol_id_end == c || !PercentDecode(c, percent_encoded_protocol_id_end, &protocol_id)) { return false; @@ -91,7 +87,7 @@ bool SpdyAltSvcWireFormat::ParseHeaderFieldValue( return false; } ++c; - StringPiece::const_iterator alt_authority_begin = c; + SpdyStringPiece::const_iterator alt_authority_begin = c; for (; c != value.end() && *c != '"'; ++c) { // Decode backslash encoding. if (*c != '\\') { @@ -106,7 +102,7 @@ bool SpdyAltSvcWireFormat::ParseHeaderFieldValue( return false; } DCHECK_EQ('"', *c); - std::string host; + SpdyString host; uint16_t port; if (!ParseAltAuthority(alt_authority_begin, c, &host, &port)) { return false; @@ -115,7 +111,8 @@ bool SpdyAltSvcWireFormat::ParseHeaderFieldValue( // Parse parameters. uint32_t max_age = 86400; VersionVector version; - StringPiece::const_iterator parameters_end = std::find(c, value.end(), ','); + SpdyStringPiece::const_iterator parameters_end = + std::find(c, value.end(), ','); while (c != parameters_end) { SkipWhiteSpace(&c, parameters_end); if (c == parameters_end) { @@ -129,7 +126,7 @@ bool SpdyAltSvcWireFormat::ParseHeaderFieldValue( if (c == parameters_end) { break; } - std::string parameter_name; + SpdyString parameter_name; for (; c != parameters_end && *c != '=' && *c != ' ' && *c != '\t'; ++c) { parameter_name.push_back(tolower(*c)); } @@ -139,7 +136,7 @@ bool SpdyAltSvcWireFormat::ParseHeaderFieldValue( } ++c; SkipWhiteSpace(&c, parameters_end); - StringPiece::const_iterator parameter_value_begin = c; + SpdyStringPiece::const_iterator parameter_value_begin = c; for (; c != parameters_end && *c != ';' && *c != ' ' && *c != '\t'; ++c) { } if (c == parameter_value_begin) { @@ -163,9 +160,9 @@ bool SpdyAltSvcWireFormat::ParseHeaderFieldValue( } ++c; parameters_end = std::find(c, value.end(), ','); - StringPiece::const_iterator v_begin = parameter_value_begin + 1; + SpdyStringPiece::const_iterator v_begin = parameter_value_begin + 1; while (v_begin < c) { - StringPiece::const_iterator v_end = v_begin; + SpdyStringPiece::const_iterator v_end = v_begin; while (v_end < c - 1 && *v_end != ',') { ++v_end; } @@ -190,13 +187,13 @@ bool SpdyAltSvcWireFormat::ParseHeaderFieldValue( } // static -std::string SpdyAltSvcWireFormat::SerializeHeaderFieldValue( +SpdyString SpdyAltSvcWireFormat::SerializeHeaderFieldValue( const AlternativeServiceVector& altsvc_vector) { if (altsvc_vector.empty()) { - return std::string("clear"); + return SpdyString("clear"); } const char kNibbleToHex[] = "0123456789ABCDEF"; - std::string value; + SpdyString value; for (const AlternativeService& altsvc : altsvc_vector) { if (!value.empty()) { value.push_back(','); @@ -241,9 +238,9 @@ std::string SpdyAltSvcWireFormat::SerializeHeaderFieldValue( } value.push_back(c); } - base::StringAppendF(&value, ":%d\"", altsvc.port); + SpdyStringAppendF(&value, ":%d\"", altsvc.port); if (altsvc.max_age != 86400) { - base::StringAppendF(&value, "; ma=%d", altsvc.max_age); + SpdyStringAppendF(&value, "; ma=%d", altsvc.max_age); } if (!altsvc.version.empty()) { value.append("; v=\""); @@ -252,7 +249,7 @@ std::string SpdyAltSvcWireFormat::SerializeHeaderFieldValue( if (it != altsvc.version.begin()) { value.append(","); } - base::StringAppendF(&value, "%d", *it); + SpdyStringAppendF(&value, "%d", *it); } value.append("\""); } @@ -261,16 +258,16 @@ std::string SpdyAltSvcWireFormat::SerializeHeaderFieldValue( } // static -void SpdyAltSvcWireFormat::SkipWhiteSpace(StringPiece::const_iterator* c, - StringPiece::const_iterator end) { +void SpdyAltSvcWireFormat::SkipWhiteSpace(SpdyStringPiece::const_iterator* c, + SpdyStringPiece::const_iterator end) { for (; *c != end && (**c == ' ' || **c == '\t'); ++*c) { } } // static -bool SpdyAltSvcWireFormat::PercentDecode(StringPiece::const_iterator c, - StringPiece::const_iterator end, - std::string* output) { +bool SpdyAltSvcWireFormat::PercentDecode(SpdyStringPiece::const_iterator c, + SpdyStringPiece::const_iterator end, + SpdyString* output) { output->clear(); for (; c != end; ++c) { if (*c != '%') { @@ -279,29 +276,27 @@ bool SpdyAltSvcWireFormat::PercentDecode(StringPiece::const_iterator c, } DCHECK_EQ('%', *c); ++c; - if (c == end || !base::IsHexDigit(*c)) { + if (c == end || !std::isxdigit(*c)) { return false; } // Network byte order is big-endian. - int decoded = base::HexDigitToInt(*c) << 4; - + char decoded = SpdyHexDigitToInt(*c) << 4; ++c; - if (c == end || !base::IsHexDigit(*c)) { + if (c == end || !std::isxdigit(*c)) { return false; } - // Network byte order is big-endian. - decoded += base::HexDigitToInt(*c); - - output->push_back(static_cast<char>(decoded)); + decoded += SpdyHexDigitToInt(*c); + output->push_back(decoded); } return true; } // static -bool SpdyAltSvcWireFormat::ParseAltAuthority(StringPiece::const_iterator c, - StringPiece::const_iterator end, - std::string* host, - uint16_t* port) { +bool SpdyAltSvcWireFormat::ParseAltAuthority( + SpdyStringPiece::const_iterator c, + SpdyStringPiece::const_iterator end, + SpdyString* host, + uint16_t* port) { host->clear(); if (c == end) { return false; @@ -345,16 +340,16 @@ bool SpdyAltSvcWireFormat::ParseAltAuthority(StringPiece::const_iterator c, // static bool SpdyAltSvcWireFormat::ParsePositiveInteger16( - StringPiece::const_iterator c, - StringPiece::const_iterator end, + SpdyStringPiece::const_iterator c, + SpdyStringPiece::const_iterator end, uint16_t* value) { return ParsePositiveIntegerImpl<uint16_t>(c, end, value); } // static bool SpdyAltSvcWireFormat::ParsePositiveInteger32( - StringPiece::const_iterator c, - StringPiece::const_iterator end, + SpdyStringPiece::const_iterator c, + SpdyStringPiece::const_iterator end, uint32_t* value) { return ParsePositiveIntegerImpl<uint32_t>(c, end, value); } diff --git a/chromium/net/spdy/spdy_alt_svc_wire_format.h b/chromium/net/spdy/spdy_alt_svc_wire_format.h index 03eca99cc66..b6b8ee1bff7 100644 --- a/chromium/net/spdy/spdy_alt_svc_wire_format.h +++ b/chromium/net/spdy/spdy_alt_svc_wire_format.h @@ -10,12 +10,12 @@ #ifndef NET_SPDY_SPDY_ALT_SVC_WIRE_FORMAT_H_ #define NET_SPDY_SPDY_ALT_SVC_WIRE_FORMAT_H_ -#include <stdint.h> - +#include <cstdint> #include <vector> -#include "base/strings/string_piece.h" #include "net/base/net_export.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" namespace net { @@ -28,8 +28,8 @@ class NET_EXPORT_PRIVATE SpdyAltSvcWireFormat { using VersionVector = std::vector<uint16_t>; struct NET_EXPORT_PRIVATE AlternativeService { - std::string protocol_id; - std::string host; + SpdyString protocol_id; + SpdyString host; // Default is 0: invalid port. uint16_t port = 0; @@ -39,8 +39,8 @@ class NET_EXPORT_PRIVATE SpdyAltSvcWireFormat { VersionVector version; AlternativeService(); - AlternativeService(const std::string& protocol_id, - const std::string& host, + AlternativeService(const SpdyString& protocol_id, + const SpdyString& host, uint16_t port, uint32_t max_age, VersionVector version); @@ -59,26 +59,26 @@ class NET_EXPORT_PRIVATE SpdyAltSvcWireFormat { typedef std::vector<AlternativeService> AlternativeServiceVector; friend class test::SpdyAltSvcWireFormatPeer; - static bool ParseHeaderFieldValue(base::StringPiece value, + static bool ParseHeaderFieldValue(SpdyStringPiece value, AlternativeServiceVector* altsvc_vector); - static std::string SerializeHeaderFieldValue( + static SpdyString SerializeHeaderFieldValue( const AlternativeServiceVector& altsvc_vector); private: - static void SkipWhiteSpace(base::StringPiece::const_iterator* c, - base::StringPiece::const_iterator end); - static bool PercentDecode(base::StringPiece::const_iterator c, - base::StringPiece::const_iterator end, - std::string* output); - static bool ParseAltAuthority(base::StringPiece::const_iterator c, - base::StringPiece::const_iterator end, - std::string* host, + static void SkipWhiteSpace(SpdyStringPiece::const_iterator* c, + SpdyStringPiece::const_iterator end); + static bool PercentDecode(SpdyStringPiece::const_iterator c, + SpdyStringPiece::const_iterator end, + SpdyString* output); + static bool ParseAltAuthority(SpdyStringPiece::const_iterator c, + SpdyStringPiece::const_iterator end, + SpdyString* host, uint16_t* port); - static bool ParsePositiveInteger16(base::StringPiece::const_iterator c, - base::StringPiece::const_iterator end, + static bool ParsePositiveInteger16(SpdyStringPiece::const_iterator c, + SpdyStringPiece::const_iterator end, uint16_t* value); - static bool ParsePositiveInteger32(base::StringPiece::const_iterator c, - base::StringPiece::const_iterator end, + static bool ParsePositiveInteger32(SpdyStringPiece::const_iterator c, + SpdyStringPiece::const_iterator end, uint32_t* value); }; diff --git a/chromium/net/spdy/spdy_alt_svc_wire_format_test.cc b/chromium/net/spdy/spdy_alt_svc_wire_format_test.cc index 9b559b51f54..1650c350987 100644 --- a/chromium/net/spdy/spdy_alt_svc_wire_format_test.cc +++ b/chromium/net/spdy/spdy_alt_svc_wire_format_test.cc @@ -9,7 +9,6 @@ #include "testing/platform_test.h" using ::testing::_; -using base::StringPiece; namespace net { @@ -18,28 +17,28 @@ namespace test { // Expose all private methods of class SpdyAltSvcWireFormat. class SpdyAltSvcWireFormatPeer { public: - static void SkipWhiteSpace(StringPiece::const_iterator* c, - StringPiece::const_iterator end) { + static void SkipWhiteSpace(SpdyStringPiece::const_iterator* c, + SpdyStringPiece::const_iterator end) { SpdyAltSvcWireFormat::SkipWhiteSpace(c, end); } - static bool PercentDecode(StringPiece::const_iterator c, - StringPiece::const_iterator end, - std::string* output) { + static bool PercentDecode(SpdyStringPiece::const_iterator c, + SpdyStringPiece::const_iterator end, + SpdyString* output) { return SpdyAltSvcWireFormat::PercentDecode(c, end, output); } - static bool ParseAltAuthority(StringPiece::const_iterator c, - StringPiece::const_iterator end, - std::string* host, + static bool ParseAltAuthority(SpdyStringPiece::const_iterator c, + SpdyStringPiece::const_iterator end, + SpdyString* host, uint16_t* port) { return SpdyAltSvcWireFormat::ParseAltAuthority(c, end, host, port); } - static bool ParsePositiveInteger16(StringPiece::const_iterator c, - StringPiece::const_iterator end, + static bool ParsePositiveInteger16(SpdyStringPiece::const_iterator c, + SpdyStringPiece::const_iterator end, uint16_t* max_age) { return SpdyAltSvcWireFormat::ParsePositiveInteger16(c, end, max_age); } - static bool ParsePositiveInteger32(StringPiece::const_iterator c, - StringPiece::const_iterator end, + static bool ParsePositiveInteger32(SpdyStringPiece::const_iterator c, + SpdyStringPiece::const_iterator end, uint32_t* max_age) { return SpdyAltSvcWireFormat::ParsePositiveInteger32(c, end, max_age); } @@ -53,7 +52,7 @@ namespace { // random case, and corresponding AlternativeService entries. void FuzzHeaderFieldValue( int i, - std::string* header_field_value, + SpdyString* header_field_value, SpdyAltSvcWireFormat::AlternativeService* expected_altsvc) { if (!header_field_value->empty()) { header_field_value->push_back(','); @@ -110,7 +109,7 @@ void FuzzHeaderFieldValue( // canonical form, that is, what SerializeHeaderFieldValue() should output. void FuzzAlternativeService(int i, SpdyAltSvcWireFormat::AlternativeService* altsvc, - std::string* expected_header_field_value) { + SpdyString* expected_header_field_value) { if (!expected_header_field_value->empty()) { expected_header_field_value->push_back(','); } @@ -163,7 +162,7 @@ TEST(SpdyAltSvcWireFormatTest, ParseHeaderFieldValueClear) { // separator, etc. Single alternative service at a time. TEST(SpdyAltSvcWireFormatTest, ParseHeaderFieldValue) { for (int i = 0; i < 1 << 11; ++i) { - std::string header_field_value; + SpdyString header_field_value; SpdyAltSvcWireFormat::AlternativeService expected_altsvc; FuzzHeaderFieldValue(i, &header_field_value, &expected_altsvc); SpdyAltSvcWireFormat::AlternativeServiceVector altsvc_vector; @@ -177,7 +176,7 @@ TEST(SpdyAltSvcWireFormatTest, ParseHeaderFieldValue) { EXPECT_EQ(expected_altsvc.version, altsvc_vector[0].version); // Roundtrip test starting with |altsvc_vector|. - std::string reserialized_header_field_value = + SpdyString reserialized_header_field_value = SpdyAltSvcWireFormat::SerializeHeaderFieldValue(altsvc_vector); SpdyAltSvcWireFormat::AlternativeServiceVector roundtrip_altsvc_vector; ASSERT_TRUE(SpdyAltSvcWireFormat::ParseHeaderFieldValue( @@ -197,7 +196,7 @@ TEST(SpdyAltSvcWireFormatTest, ParseHeaderFieldValue) { // separator, etc. Possibly multiple alternative service at a time. TEST(SpdyAltSvcWireFormatTest, ParseHeaderFieldValueMultiple) { for (int i = 0; i < 1 << 11;) { - std::string header_field_value; + SpdyString header_field_value; SpdyAltSvcWireFormat::AlternativeServiceVector expected_altsvc_vector; // This will generate almost two hundred header field values with two, // three, four, five, six, and seven alternative services each, and @@ -222,7 +221,7 @@ TEST(SpdyAltSvcWireFormatTest, ParseHeaderFieldValueMultiple) { } // Roundtrip test starting with |altsvc_vector|. - std::string reserialized_header_field_value = + SpdyString reserialized_header_field_value = SpdyAltSvcWireFormat::SerializeHeaderFieldValue(altsvc_vector); SpdyAltSvcWireFormat::AlternativeServiceVector roundtrip_altsvc_vector; ASSERT_TRUE(SpdyAltSvcWireFormat::ParseHeaderFieldValue( @@ -256,7 +255,7 @@ TEST(SpdyAltSvcWireFormatTest, SerializeEmptyHeaderFieldValue) { TEST(SpdyAltSvcWireFormatTest, RoundTrip) { for (int i = 0; i < 1 << 3; ++i) { SpdyAltSvcWireFormat::AlternativeService altsvc; - std::string expected_header_field_value; + SpdyString expected_header_field_value; FuzzAlternativeService(i, &altsvc, &expected_header_field_value); // Test ParseHeaderFieldValue(). @@ -284,7 +283,7 @@ TEST(SpdyAltSvcWireFormatTest, RoundTrip) { // parameter. Multiple alternative services at a time. TEST(SpdyAltSvcWireFormatTest, RoundTripMultiple) { SpdyAltSvcWireFormat::AlternativeServiceVector altsvc_vector; - std::string expected_header_field_value; + SpdyString expected_header_field_value; for (int i = 0; i < 1 << 3; ++i) { SpdyAltSvcWireFormat::AlternativeService altsvc; FuzzAlternativeService(i, &altsvc, &expected_header_field_value); @@ -356,7 +355,7 @@ TEST(SpdyAltSvcWireFormatTest, ParseTruncatedHeaderFieldValue) { SpdyAltSvcWireFormat::AlternativeServiceVector altsvc_vector; const char* field_value_array[] = {"a=\":137\"", "a=\"foo:137\"", "a%25=\"foo\\\"bar\\\\baz:137\""}; - for (const std::string& field_value : field_value_array) { + for (const SpdyString& field_value : field_value_array) { for (size_t len = 1; len < field_value.size(); ++len) { EXPECT_FALSE(SpdyAltSvcWireFormat::ParseHeaderFieldValue( field_value.substr(0, len), &altsvc_vector)) @@ -369,8 +368,8 @@ TEST(SpdyAltSvcWireFormatTest, ParseTruncatedHeaderFieldValue) { // Test SkipWhiteSpace(). TEST(SpdyAltSvcWireFormatTest, SkipWhiteSpace) { - StringPiece input("a \tb "); - StringPiece::const_iterator c = input.begin(); + SpdyStringPiece input("a \tb "); + SpdyStringPiece::const_iterator c = input.begin(); test::SpdyAltSvcWireFormatPeer::SkipWhiteSpace(&c, input.end()); ASSERT_EQ(input.begin(), c); ++c; @@ -383,19 +382,19 @@ TEST(SpdyAltSvcWireFormatTest, SkipWhiteSpace) { // Test PercentDecode() on valid input. TEST(SpdyAltSvcWireFormatTest, PercentDecodeValid) { - StringPiece input(""); - std::string output; + SpdyStringPiece input(""); + SpdyString output; ASSERT_TRUE(test::SpdyAltSvcWireFormatPeer::PercentDecode( input.begin(), input.end(), &output)); EXPECT_EQ("", output); - input = StringPiece("foo"); + input = SpdyStringPiece("foo"); output.clear(); ASSERT_TRUE(test::SpdyAltSvcWireFormatPeer::PercentDecode( input.begin(), input.end(), &output)); EXPECT_EQ("foo", output); - input = StringPiece("%2ca%5Cb"); + input = SpdyStringPiece("%2ca%5Cb"); output.clear(); ASSERT_TRUE(test::SpdyAltSvcWireFormatPeer::PercentDecode( input.begin(), input.end(), &output)); @@ -406,8 +405,8 @@ TEST(SpdyAltSvcWireFormatTest, PercentDecodeValid) { TEST(SpdyAltSvcWireFormatTest, PercentDecodeInvalid) { const char* invalid_input_array[] = {"a%", "a%x", "a%b", "%J22", "%9z"}; for (const char* invalid_input : invalid_input_array) { - StringPiece input(invalid_input); - std::string output; + SpdyStringPiece input(invalid_input); + SpdyString output; EXPECT_FALSE(test::SpdyAltSvcWireFormatPeer::PercentDecode( input.begin(), input.end(), &output)) << input; @@ -416,21 +415,21 @@ TEST(SpdyAltSvcWireFormatTest, PercentDecodeInvalid) { // Test ParseAltAuthority() on valid input. TEST(SpdyAltSvcWireFormatTest, ParseAltAuthorityValid) { - StringPiece input(":42"); - std::string host; + SpdyStringPiece input(":42"); + SpdyString host; uint16_t port; ASSERT_TRUE(test::SpdyAltSvcWireFormatPeer::ParseAltAuthority( input.begin(), input.end(), &host, &port)); EXPECT_TRUE(host.empty()); EXPECT_EQ(42, port); - input = StringPiece("foo:137"); + input = SpdyStringPiece("foo:137"); ASSERT_TRUE(test::SpdyAltSvcWireFormatPeer::ParseAltAuthority( input.begin(), input.end(), &host, &port)); EXPECT_EQ("foo", host); EXPECT_EQ(137, port); - input = StringPiece("[2003:8:0:16::509d:9615]:443"); + input = SpdyStringPiece("[2003:8:0:16::509d:9615]:443"); ASSERT_TRUE(test::SpdyAltSvcWireFormatPeer::ParseAltAuthority( input.begin(), input.end(), &host, &port)); EXPECT_EQ("[2003:8:0:16::509d:9615]", host); @@ -457,8 +456,8 @@ TEST(SpdyAltSvcWireFormatTest, ParseAltAuthorityInvalid) { "[2003:8:0:16::509d:9615:443", "2003:8:0:16::509d:9615]:443"}; for (const char* invalid_input : invalid_input_array) { - StringPiece input(invalid_input); - std::string host; + SpdyStringPiece input(invalid_input); + SpdyString host; uint16_t port; EXPECT_FALSE(test::SpdyAltSvcWireFormatPeer::ParseAltAuthority( input.begin(), input.end(), &host, &port)) @@ -468,13 +467,13 @@ TEST(SpdyAltSvcWireFormatTest, ParseAltAuthorityInvalid) { // Test ParseInteger() on valid input. TEST(SpdyAltSvcWireFormatTest, ParseIntegerValid) { - StringPiece input("3"); + SpdyStringPiece input("3"); uint16_t value; ASSERT_TRUE(test::SpdyAltSvcWireFormatPeer::ParsePositiveInteger16( input.begin(), input.end(), &value)); EXPECT_EQ(3, value); - input = StringPiece("1337"); + input = SpdyStringPiece("1337"); ASSERT_TRUE(test::SpdyAltSvcWireFormatPeer::ParsePositiveInteger16( input.begin(), input.end(), &value)); EXPECT_EQ(1337, value); @@ -485,7 +484,7 @@ TEST(SpdyAltSvcWireFormatTest, ParseIntegerValid) { TEST(SpdyAltSvcWireFormatTest, ParseIntegerInvalid) { const char* invalid_input_array[] = {"", " ", "a", "0", "00", "1 ", "12b"}; for (const char* invalid_input : invalid_input_array) { - StringPiece input(invalid_input); + SpdyStringPiece input(invalid_input); uint16_t value; EXPECT_FALSE(test::SpdyAltSvcWireFormatPeer::ParsePositiveInteger16( input.begin(), input.end(), &value)) @@ -496,39 +495,39 @@ TEST(SpdyAltSvcWireFormatTest, ParseIntegerInvalid) { // Test ParseIntegerValid() around overflow limit. TEST(SpdyAltSvcWireFormatTest, ParseIntegerOverflow) { // Largest possible uint16_t value. - StringPiece input("65535"); + SpdyStringPiece input("65535"); uint16_t value16; ASSERT_TRUE(test::SpdyAltSvcWireFormatPeer::ParsePositiveInteger16( input.begin(), input.end(), &value16)); EXPECT_EQ(65535, value16); // Overflow uint16_t, ParsePositiveInteger16() should return false. - input = StringPiece("65536"); + input = SpdyStringPiece("65536"); ASSERT_FALSE(test::SpdyAltSvcWireFormatPeer::ParsePositiveInteger16( input.begin(), input.end(), &value16)); // However, even if overflow is not checked for, 65536 overflows to 0, which // returns false anyway. Check for a larger number which overflows to 1. - input = StringPiece("65537"); + input = SpdyStringPiece("65537"); ASSERT_FALSE(test::SpdyAltSvcWireFormatPeer::ParsePositiveInteger16( input.begin(), input.end(), &value16)); // Largest possible uint32_t value. - input = StringPiece("4294967295"); + input = SpdyStringPiece("4294967295"); uint32_t value32; ASSERT_TRUE(test::SpdyAltSvcWireFormatPeer::ParsePositiveInteger32( input.begin(), input.end(), &value32)); EXPECT_EQ(4294967295, value32); // Overflow uint32_t, ParsePositiveInteger32() should return false. - input = StringPiece("4294967296"); + input = SpdyStringPiece("4294967296"); ASSERT_FALSE(test::SpdyAltSvcWireFormatPeer::ParsePositiveInteger32( input.begin(), input.end(), &value32)); // However, even if overflow is not checked for, 4294967296 overflows to 0, // which returns false anyway. Check for a larger number which overflows to // 1. - input = StringPiece("4294967297"); + input = SpdyStringPiece("4294967297"); ASSERT_FALSE(test::SpdyAltSvcWireFormatPeer::ParsePositiveInteger32( input.begin(), input.end(), &value32)); } diff --git a/chromium/net/spdy/spdy_buffer_unittest.cc b/chromium/net/spdy/spdy_buffer_unittest.cc index 3dd49420b23..f46f083b6b3 100644 --- a/chromium/net/spdy/spdy_buffer_unittest.cc +++ b/chromium/net/spdy/spdy_buffer_unittest.cc @@ -7,11 +7,11 @@ #include <cstddef> #include <cstring> #include <memory> -#include <string> #include "base/bind.h" #include "base/memory/ref_counted.h" #include "net/base/io_buffer.h" +#include "net/spdy/platform/api/spdy_string.h" #include "net/spdy/spdy_protocol.h" #include "testing/gtest/include/gtest/gtest.h" @@ -25,8 +25,8 @@ const size_t kDataSize = arraysize(kData); class SpdyBufferTest : public ::testing::Test {}; // Make a string from the data remaining in |buffer|. -std::string BufferToString(const SpdyBuffer& buffer) { - return std::string(buffer.GetRemainingData(), buffer.GetRemainingSize()); +SpdyString BufferToString(const SpdyBuffer& buffer) { + return SpdyString(buffer.GetRemainingData(), buffer.GetRemainingSize()); } // Construct a SpdyBuffer from a SpdySerializedFrame and make sure its data @@ -43,14 +43,14 @@ TEST_F(SpdyBufferTest, FrameConstructor) { // Construct a SpdyBuffer from a const char*/size_t pair and make sure // it makes a copy of the data. TEST_F(SpdyBufferTest, DataConstructor) { - std::string data(kData, kDataSize); + SpdyString data(kData, kDataSize); SpdyBuffer buffer(data.data(), data.size()); // This mutation shouldn't affect |buffer|'s data. data[0] = 'H'; EXPECT_NE(kData, buffer.GetRemainingData()); EXPECT_EQ(kDataSize, buffer.GetRemainingSize()); - EXPECT_EQ(std::string(kData, kDataSize), BufferToString(buffer)); + EXPECT_EQ(SpdyString(kData, kDataSize), BufferToString(buffer)); } void IncrementBy(size_t* x, @@ -74,10 +74,10 @@ TEST_F(SpdyBufferTest, Consume) { buffer.AddConsumeCallback( base::Bind(&IncrementBy, &x2, SpdyBuffer::CONSUME)); - EXPECT_EQ(std::string(kData, kDataSize), BufferToString(buffer)); + EXPECT_EQ(SpdyString(kData, kDataSize), BufferToString(buffer)); buffer.Consume(5); - EXPECT_EQ(std::string(kData + 5, kDataSize - 5), BufferToString(buffer)); + EXPECT_EQ(SpdyString(kData + 5, kDataSize - 5), BufferToString(buffer)); EXPECT_EQ(5u, x1); EXPECT_EQ(5u, x2); @@ -110,11 +110,11 @@ TEST_F(SpdyBufferTest, GetIOBufferForRemainingData) { buffer.Consume(5); scoped_refptr<IOBuffer> io_buffer = buffer.GetIOBufferForRemainingData(); size_t io_buffer_size = buffer.GetRemainingSize(); - const std::string expectedData(kData + 5, kDataSize - 5); - EXPECT_EQ(expectedData, std::string(io_buffer->data(), io_buffer_size)); + const SpdyString expectedData(kData + 5, kDataSize - 5); + EXPECT_EQ(expectedData, SpdyString(io_buffer->data(), io_buffer_size)); buffer.Consume(kDataSize - 5); - EXPECT_EQ(expectedData, std::string(io_buffer->data(), io_buffer_size)); + EXPECT_EQ(expectedData, SpdyString(io_buffer->data(), io_buffer_size)); } // Make sure the IOBuffer returned by GetIOBufferForRemainingData() diff --git a/chromium/net/spdy/spdy_deframer_visitor.cc b/chromium/net/spdy/spdy_deframer_visitor.cc index f5ebc21e99d..c6075c962df 100644 --- a/chromium/net/spdy/spdy_deframer_visitor.cc +++ b/chromium/net/spdy/spdy_deframer_visitor.cc @@ -5,7 +5,6 @@ #include "net/spdy/spdy_deframer_visitor.h" #include <stdlib.h> -#include <string.h> #include <algorithm> #include <cstdint> @@ -21,8 +20,6 @@ #include "net/spdy/spdy_test_utils.h" using ::base::MakeUnique; -using ::base::StringPiece; -using ::std::string; using ::testing::AssertionFailure; using ::testing::AssertionResult; using ::testing::AssertionSuccess; @@ -138,10 +135,9 @@ class SpdyTestDeframerImpl : public SpdyTestDeframer, // alphabetical order for ease of navigation, and are not in same order // as in SpdyFramerVisitorInterface. void OnAltSvc(SpdyStreamId stream_id, - StringPiece origin, + SpdyStringPiece origin, const SpdyAltSvcWireFormat::AlternativeServiceVector& altsvc_vector) override; - void OnBlocked(SpdyStreamId stream_id) override; void OnContinuation(SpdyStreamId stream_id, bool end) override; SpdyHeadersHandlerInterface* OnHeaderFrameStart( SpdyStreamId stream_id) override; @@ -184,7 +180,7 @@ class SpdyTestDeframerImpl : public SpdyTestDeframer, // Callbacks defined in SpdyHeadersHandlerInterface. void OnHeaderBlockStart() override; - void OnHeader(StringPiece key, StringPiece value) override; + void OnHeader(SpdyStringPiece key, SpdyStringPiece value) override; void OnHeaderBlockEnd(size_t header_bytes_parsed) override; void OnHeaderBlockEnd(size_t header_bytes_parsed, size_t compressed_header_bytes_parsed) override; @@ -214,7 +210,7 @@ class SpdyTestDeframerImpl : public SpdyTestDeframer, bool fin_ = false; bool got_hpack_end_ = false; - std::unique_ptr<string> data_; + std::unique_ptr<SpdyString> data_; // Total length of the data frame. size_t data_len_ = 0; @@ -223,7 +219,7 @@ class SpdyTestDeframerImpl : public SpdyTestDeframer, // Length field). size_t padding_len_ = 0; - std::unique_ptr<string> goaway_description_; + std::unique_ptr<SpdyString> goaway_description_; std::unique_ptr<StringPairVector> headers_; std::unique_ptr<SettingVector> settings_; std::unique_ptr<TestHeadersHandler> headers_handler_; @@ -413,36 +409,20 @@ bool SpdyTestDeframerImpl::AtFrameEnd() { void SpdyTestDeframerImpl::OnAltSvc( SpdyStreamId stream_id, - StringPiece origin, + SpdyStringPiece origin, const SpdyAltSvcWireFormat::AlternativeServiceVector& altsvc_vector) { DVLOG(1) << "OnAltSvc stream_id: " << stream_id; CHECK_EQ(frame_type_, UNSET) << " frame_type_=" << Http2FrameTypeToString(frame_type_); CHECK_GT(stream_id, 0u); auto ptr = MakeUnique<SpdyAltSvcIR>(stream_id); - ptr->set_origin(origin.as_string()); + ptr->set_origin(SpdyString(origin)); for (auto& altsvc : altsvc_vector) { ptr->add_altsvc(altsvc); } listener_->OnAltSvc(std::move(ptr)); } -// Frame type BLOCKED was removed in draft 12 of HTTP/2. The intent appears to -// have been to support debugging; it is not expected to be seen except if the -// peer "thinks" that a bug exists in the flow control such that the peer can't -// send because the receiver hasn't sent WINDOW_UPDATE frames. Since we might -// be talking to multiple backends, it is quite plausible that one backend -// is unable to take more input from the client (hence no WINDOW_UPDATE), yet -// other backends can take more input. -void SpdyTestDeframerImpl::OnBlocked(SpdyStreamId stream_id) { - LOG(FATAL) << "OnBlocked stream_id: " << stream_id; - CHECK_EQ(frame_type_, UNSET) << " frame_type_=" - << Http2FrameTypeToString(frame_type_); - CHECK_GT(stream_id, 0u); - frame_type_ = UNSET; - stream_id_ = stream_id; -} - // A CONTINUATION frame contains a Header Block Fragment, and immediately // follows another frame that contains a Header Block Fragment (HEADERS, // PUSH_PROMISE or CONTINUATION). The last such frame has the END flag set. @@ -475,7 +455,7 @@ void SpdyTestDeframerImpl::OnDataFrameHeader(SpdyStreamId stream_id, stream_id_ = stream_id; fin_ = fin; data_len_ = length; - data_.reset(new string()); + data_.reset(new SpdyString()); } // The SpdyFramer will not process any more data at this point. @@ -499,7 +479,7 @@ void SpdyTestDeframerImpl::OnGoAway(SpdyStreamId last_good_stream_id, << Http2FrameTypeToString(frame_type_); frame_type_ = GOAWAY; goaway_ir_ = MakeUnique<SpdyGoAwayIR>(last_good_stream_id, error_code, ""); - goaway_description_.reset(new string()); + goaway_description_.reset(new SpdyString()); } // If len==0 then we've reached the end of the GOAWAY frame. @@ -755,13 +735,14 @@ void SpdyTestDeframerImpl::OnHeaderBlockStart() { got_hpack_end_ = false; } -void SpdyTestDeframerImpl::OnHeader(StringPiece key, StringPiece value) { +void SpdyTestDeframerImpl::OnHeader(SpdyStringPiece key, + SpdyStringPiece value) { CHECK(frame_type_ == HEADERS || frame_type_ == CONTINUATION || frame_type_ == PUSH_PROMISE) << " frame_type_=" << Http2FrameTypeToString(frame_type_); CHECK(!got_hpack_end_); CHECK(headers_); - headers_->emplace_back(key.as_string(), value.as_string()); + headers_->emplace_back(SpdyString(key), SpdyString(value)); CHECK(headers_handler_); headers_handler_->OnHeader(key, value); } diff --git a/chromium/net/spdy/spdy_deframer_visitor.h b/chromium/net/spdy/spdy_deframer_visitor.h index 66c3c777f7c..9727d37ddd8 100644 --- a/chromium/net/spdy/spdy_deframer_visitor.h +++ b/chromium/net/spdy/spdy_deframer_visitor.h @@ -45,7 +45,7 @@ // framer.set_visitor(the_deframer.get()); // // // Process frames. -// StringPiece input = ... +// SpdyStringPiece input = ... // while (!input.empty() && !framer.HasError()) { // size_t consumed = framer.ProcessInput(input.data(), input.size()); // input.remove_prefix(consumed); @@ -70,13 +70,13 @@ #include <stdint.h> #include <memory> -#include <string> #include <type_traits> #include <utility> #include <vector> #include "base/logging.h" #include "base/macros.h" +#include "net/spdy/platform/api/spdy_string.h" #include "net/spdy/spdy_framer.h" #include "net/spdy/spdy_protocol.h" #include "net/spdy/spdy_protocol_test_utils.h" @@ -92,7 +92,7 @@ typedef std::vector<std::pair<SpdySettingsIds, uint32_t>> SettingVector; // particular the order of each header entry, though it doesn't expose the // inner details of the HPACK block, such as the type of encoding selected // for each header entry, nor dynamic table size changes. -typedef std::pair<std::string, std::string> StringPair; +typedef std::pair<SpdyString, SpdyString> StringPair; typedef std::vector<StringPair> StringPairVector; // Forward decl. diff --git a/chromium/net/spdy/spdy_deframer_visitor_test.cc b/chromium/net/spdy/spdy_deframer_visitor_test.cc index be09409bdf3..885062d54eb 100644 --- a/chromium/net/spdy/spdy_deframer_visitor_test.cc +++ b/chromium/net/spdy/spdy_deframer_visitor_test.cc @@ -5,7 +5,6 @@ #include "net/spdy/spdy_deframer_visitor.h" #include <stdlib.h> -#include <string.h> #include <algorithm> #include <limits> @@ -13,7 +12,6 @@ #include "base/logging.h" #include "base/memory/ptr_util.h" #include "base/rand_util.h" -#include "base/strings/string_piece.h" #include "net/spdy/hpack/hpack_constants.h" #include "net/spdy/mock_spdy_framer_visitor.h" #include "net/spdy/spdy_frame_builder.h" @@ -23,7 +21,6 @@ #include "net/spdy/spdy_test_utils.h" using ::base::MakeUnique; -using ::std::string; namespace net { namespace test { @@ -67,9 +64,9 @@ class SpdyDeframerVisitorTest : public ::testing::Test { return encoder_.SerializeFrame(frame); } - string SerializeFrames( + SpdyString SerializeFrames( const std::vector<std::unique_ptr<SpdyFrameIR>>& frames) { - string result; + SpdyString result; for (const auto& frame_ptr : frames) { auto sf = SerializeFrame(*frame_ptr); result.append(sf.data(), sf.size()); diff --git a/chromium/net/spdy/spdy_flags.cc b/chromium/net/spdy/spdy_flags.cc index 4ff63c5f9e1..23956d6a5c1 100644 --- a/chromium/net/spdy/spdy_flags.cc +++ b/chromium/net/spdy/spdy_flags.cc @@ -12,15 +12,12 @@ bool FLAGS_chromium_http2_flag_log_compressed_size = true; // If true, remove use of SpdyFrameBuilder::OverwriteLength(). bool FLAGS_chromium_http2_flag_remove_rewritelength = true; -// Use //net/http2/hpack/decoder as HPACK entry decoder. -bool FLAGS_chromium_http2_flag_spdy_use_hpack_decoder2 = false; - // Use //net/http2/hpack/decoder as complete HPACK decoder. bool FLAGS_chromium_http2_flag_spdy_use_hpack_decoder3 = true; // Use Http2FrameDecoderAdapter. // TODO(jamessynge): Remove flag once no longer set by scripts. -bool FLAGS_chromium_http2_flag_spdy_use_http2_frame_decoder_adapter = false; +bool FLAGS_chromium_http2_flag_spdy_use_http2_frame_decoder_adapter = true; // Use NestedSpdyFramerDecoder. bool FLAGS_use_nested_spdy_framer_decoder = false; diff --git a/chromium/net/spdy/spdy_flags.h b/chromium/net/spdy/spdy_flags.h index a660235bf49..a380a236ce0 100644 --- a/chromium/net/spdy/spdy_flags.h +++ b/chromium/net/spdy/spdy_flags.h @@ -12,10 +12,7 @@ namespace net { NET_EXPORT_PRIVATE extern bool FLAGS_chromium_http2_flag_log_compressed_size; NET_EXPORT_PRIVATE extern bool FLAGS_chromium_http2_flag_remove_rewritelength; NET_EXPORT_PRIVATE extern bool - FLAGS_chromium_http2_flag_spdy_use_hpack_decoder2; -NET_EXPORT_PRIVATE extern bool FLAGS_chromium_http2_flag_spdy_use_hpack_decoder3; -NET_EXPORT_PRIVATE extern bool FLAGS_use_http2_frame_decoder_adapter; NET_EXPORT_PRIVATE extern bool FLAGS_use_nested_spdy_framer_decoder; NET_EXPORT_PRIVATE extern bool FLAGS_chromium_http2_flag_spdy_use_http2_frame_decoder_adapter; diff --git a/chromium/net/spdy/spdy_frame_builder.cc b/chromium/net/spdy/spdy_frame_builder.cc index cb31ee29d1b..fe6ae6034dc 100644 --- a/chromium/net/spdy/spdy_frame_builder.cc +++ b/chromium/net/spdy/spdy_frame_builder.cc @@ -66,7 +66,8 @@ bool SpdyFrameBuilder::BeginNewFrame(const SpdyFramer& framer, SpdyFrameType type, uint8_t flags, SpdyStreamId stream_id) { - DCHECK(IsDefinedFrameType(type)); + uint8_t raw_frame_type = SerializeFrameType(type); + DCHECK(IsDefinedFrameType(raw_frame_type)); DCHECK_EQ(0u, stream_id & ~kStreamIdMask); bool success = true; if (length_ > 0) { @@ -80,12 +81,43 @@ bool SpdyFrameBuilder::BeginNewFrame(const SpdyFramer& framer, offset_ += length_; length_ = 0; + // TODO(yasong): remove after OverwriteLength() is deleted. + bool length_written = false; + // Remember where the length field is written. Used for OverwriteLength(). + if (output_ != nullptr && CanWrite(kLengthFieldLength)) { + // Can write the length field. + char* dest = nullptr; + // |size| is the available bytes in the current memory block. + int size = 0; + output_->Next(&dest, &size); + start_of_current_frame_ = dest; + bytes_of_length_written_in_first_block_ = + size > (int)kLengthFieldLength ? kLengthFieldLength : size; + // If the current block is not enough for the length field, write the + // length field here, and remember the pointer to the next block. + if (size < (int)kLengthFieldLength) { + // Write the first portion of the length field. + int value = base::HostToNet32(capacity_ - offset_ - kFrameHeaderSize); + memcpy(dest, reinterpret_cast<char*>(&value) + 1, size); + Seek(size); + output_->Next(&dest, &size); + start_of_current_frame_in_next_block_ = dest; + int size_left = + kLengthFieldLength - bytes_of_length_written_in_first_block_; + memcpy(dest, reinterpret_cast<char*>(&value) + 1 + size, size_left); + Seek(size_left); + length_written = true; + } + } + // Assume all remaining capacity will be used for this frame. If not, // the length will get overwritten when we begin the next frame. // Don't check for length limits here because this may be larger than the // actual frame length. - success &= WriteUInt24(capacity_ - offset_ - kFrameHeaderSize); - success &= WriteUInt8(type); + if (!length_written) { + success &= WriteUInt24(capacity_ - offset_ - kFrameHeaderSize); + } + success &= WriteUInt8(raw_frame_type); success &= WriteUInt8(flags); success &= WriteUInt32(stream_id); DCHECK_EQ(framer.GetDataFrameMinimumSize(), length_); @@ -97,7 +129,27 @@ bool SpdyFrameBuilder::BeginNewFrame(const SpdyFramer& framer, uint8_t flags, SpdyStreamId stream_id, size_t length) { - DCHECK(IsDefinedFrameType(type)); + uint8_t raw_frame_type = SerializeFrameType(type); + DCHECK(IsDefinedFrameType(raw_frame_type)); + return BeginNewFrameInternal(framer, raw_frame_type, flags, stream_id, + length); +} + +bool SpdyFrameBuilder::BeginNewExtensionFrame(const SpdyFramer& framer, + uint8_t raw_frame_type, + uint8_t flags, + SpdyStreamId stream_id, + size_t length) { + DCHECK(!IsDefinedFrameType(raw_frame_type)); + return BeginNewFrameInternal(framer, raw_frame_type, flags, stream_id, + length); +} + +bool SpdyFrameBuilder::BeginNewFrameInternal(const SpdyFramer& framer, + uint8_t raw_frame_type, + uint8_t flags, + SpdyStreamId stream_id, + size_t length) { DCHECK_EQ(0u, stream_id & ~kStreamIdMask); bool success = true; SPDY_BUG_IF(framer.GetFrameMaximumSize() < length_) @@ -108,14 +160,14 @@ bool SpdyFrameBuilder::BeginNewFrame(const SpdyFramer& framer, length_ = 0; success &= WriteUInt24(length); - success &= WriteUInt8(type); + success &= WriteUInt8(raw_frame_type); success &= WriteUInt8(flags); success &= WriteUInt32(stream_id); DCHECK_EQ(framer.GetDataFrameMinimumSize(), length_); return success; } -bool SpdyFrameBuilder::WriteStringPiece16(const base::StringPiece& value) { +bool SpdyFrameBuilder::WriteStringPiece16(const SpdyStringPiece& value) { if (value.size() > 0xffff) { DCHECK(false) << "Tried to write string with length > 16bit."; return false; @@ -128,7 +180,7 @@ bool SpdyFrameBuilder::WriteStringPiece16(const base::StringPiece& value) { return WriteBytes(value.data(), static_cast<uint16_t>(value.size())); } -bool SpdyFrameBuilder::WriteStringPiece32(const base::StringPiece& value) { +bool SpdyFrameBuilder::WriteStringPiece32(const SpdyStringPiece& value) { if (!WriteUInt32(value.size())) { return false; } @@ -156,7 +208,7 @@ bool SpdyFrameBuilder::WriteBytes(const void* data, uint32_t data_len) { // Unable to make progress. return false; } - uint32_t to_copy = std::min((size_t)data_len, size); + uint32_t to_copy = std::min<uint32_t>(data_len, size); const char* src = data_ptr + total_written; memcpy(dest, src, to_copy); Seek(to_copy); @@ -169,6 +221,30 @@ bool SpdyFrameBuilder::WriteBytes(const void* data, uint32_t data_len) { bool SpdyFrameBuilder::OverwriteLength(const SpdyFramer& framer, size_t length) { + if (output_ != nullptr) { + size_t value = base::HostToNet32(length); + if (start_of_current_frame_ != nullptr && + bytes_of_length_written_in_first_block_ == kLengthFieldLength) { + // Length field of the current frame is within one memory block. + memcpy(start_of_current_frame_, reinterpret_cast<char*>(&value) + 1, + kLengthFieldLength); + return true; + } else if (start_of_current_frame_ != nullptr && + start_of_current_frame_in_next_block_ != nullptr && + bytes_of_length_written_in_first_block_ < kLengthFieldLength) { + // Length field of the current frame crosses two memory blocks. + memcpy(start_of_current_frame_, reinterpret_cast<char*>(&value) + 1, + bytes_of_length_written_in_first_block_); + memcpy(start_of_current_frame_in_next_block_, + reinterpret_cast<char*>(&value) + 1 + + bytes_of_length_written_in_first_block_, + kLengthFieldLength - bytes_of_length_written_in_first_block_); + return true; + } else { + return false; + } + } + DCHECK_GE(framer.GetFrameMaximumSize(), length); bool success = false; const size_t old_length = length_; diff --git a/chromium/net/spdy/spdy_frame_builder.h b/chromium/net/spdy/spdy_frame_builder.h index c5973ca5c2d..689fbcd4a64 100644 --- a/chromium/net/spdy/spdy_frame_builder.h +++ b/chromium/net/spdy/spdy_frame_builder.h @@ -9,12 +9,11 @@ #include <stdint.h> #include <memory> -#include <string> #include "base/gtest_prod_util.h" -#include "base/strings/string_piece.h" #include "base/sys_byteorder.h" #include "net/base/net_export.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/spdy_bug_tracker.h" #include "net/spdy/spdy_protocol.h" #include "net/spdy/zero_copy_output_buffer.h" @@ -54,14 +53,22 @@ class NET_EXPORT_PRIVATE SpdyFrameBuilder { uint8_t flags, SpdyStreamId stream_id); - // Populates this frame with a HTTP2 frame prefix with length information. - // The given type must be a control frame type. + // Populates this frame with a HTTP2 frame prefix with type and length + // information. |type| must be a defined type. bool BeginNewFrame(const SpdyFramer& framer, SpdyFrameType type, uint8_t flags, SpdyStreamId stream_id, size_t length); + // Populates this frame with a HTTP2 frame prefix with type and length + // information. |raw_frame_type| must not be a defined frame type. + bool BeginNewExtensionFrame(const SpdyFramer& framer, + uint8_t raw_frame_type, + uint8_t flags, + SpdyStreamId stream_id, + size_t length); + // Takes the buffer from the SpdyFrameBuilder. SpdySerializedFrame take() { SPDY_BUG_IF(output_ != nullptr) << "ZeroCopyOutputBuffer is used to build " @@ -99,8 +106,8 @@ class NET_EXPORT_PRIVATE SpdyFrameBuilder { return (WriteBytes(&upper, sizeof(upper)) && WriteBytes(&lower, sizeof(lower))); } - bool WriteStringPiece16(const base::StringPiece& value); - bool WriteStringPiece32(const base::StringPiece& value); + bool WriteStringPiece16(const SpdyStringPiece& value); + bool WriteStringPiece32(const SpdyStringPiece& value); bool WriteBytes(const void* data, uint32_t data_len); // Update (in-place) the length field in the frame being built to reflect the @@ -115,6 +122,14 @@ class NET_EXPORT_PRIVATE SpdyFrameBuilder { FRIEND_TEST_ALL_PREFIXES(SpdyFrameBuilderTest, GetWritableOutput); FRIEND_TEST_ALL_PREFIXES(SpdyFrameBuilderTest, GetWritableOutputNegative); + // Populates this frame with a HTTP2 frame prefix with type and length + // information. + bool BeginNewFrameInternal(const SpdyFramer& framer, + uint8_t raw_frame_type, + uint8_t flags, + SpdyStreamId stream_id, + size_t length); + // Returns a writeable buffer of given size in bytes, to be appended to the // currently written frame. Does bounds checking on length but does not // increment the underlying iterator. To do so, consumers should subsequently @@ -138,6 +153,14 @@ class NET_EXPORT_PRIVATE SpdyFrameBuilder { size_t capacity_; // Allocation size of payload, set by constructor. size_t length_; // Length of the latest frame in the buffer. size_t offset_; // Position at which the latest frame begins. + + // Remove all four below after + // FLAGS_chromium_http2_flag_remove_rewritelength deprecates. + const size_t kLengthFieldLength = 3; + char* start_of_current_frame_ = nullptr; + size_t bytes_of_length_written_in_first_block_ = kLengthFieldLength; + // In case length of a new frame is cross blocks. + char* start_of_current_frame_in_next_block_ = nullptr; }; } // namespace net diff --git a/chromium/net/spdy/spdy_frame_builder_test.cc b/chromium/net/spdy/spdy_frame_builder_test.cc index 56016bc0fcb..507f58a2ca4 100644 --- a/chromium/net/spdy/spdy_frame_builder_test.cc +++ b/chromium/net/spdy/spdy_frame_builder_test.cc @@ -29,8 +29,8 @@ TEST(SpdyFrameBuilderTest, GetWritableBuffer) { SpdySerializedFrame frame(builder.take()); char expected[kBuilderSize]; memset(expected, ~1, kBuilderSize); - EXPECT_EQ(base::StringPiece(expected, kBuilderSize), - base::StringPiece(frame.data(), kBuilderSize)); + EXPECT_EQ(SpdyStringPiece(expected, kBuilderSize), + SpdyStringPiece(frame.data(), kBuilderSize)); } // Verifies that SpdyFrameBuilder::GetWritableBuffer() can be used to build a @@ -46,8 +46,8 @@ TEST(SpdyFrameBuilderTest, GetWritableOutput) { SpdySerializedFrame frame(output.Begin(), kBuilderSize, false); char expected[kBuilderSize]; memset(expected, ~1, kBuilderSize); - EXPECT_EQ(base::StringPiece(expected, kBuilderSize), - base::StringPiece(frame.data(), kBuilderSize)); + EXPECT_EQ(SpdyStringPiece(expected, kBuilderSize), + SpdyStringPiece(frame.data(), kBuilderSize)); } // Verifies the case that the buffer's capacity is too small. diff --git a/chromium/net/spdy/spdy_frame_reader.cc b/chromium/net/spdy/spdy_frame_reader.cc index 7e9ded5321c..08fcfdb8410 100644 --- a/chromium/net/spdy/spdy_frame_reader.cc +++ b/chromium/net/spdy/spdy_frame_reader.cc @@ -10,8 +10,6 @@ namespace net { -using base::StringPiece; - SpdyFrameReader::SpdyFrameReader(const char* data, const size_t len) : data_(data), len_(len), @@ -117,7 +115,7 @@ bool SpdyFrameReader::ReadUInt24(uint32_t* result) { return true; } -bool SpdyFrameReader::ReadStringPiece16(StringPiece* result) { +bool SpdyFrameReader::ReadStringPiece16(SpdyStringPiece* result) { // Read resultant length. uint16_t result_len; if (!ReadUInt16(&result_len)) { @@ -132,7 +130,7 @@ bool SpdyFrameReader::ReadStringPiece16(StringPiece* result) { } // Set result. - *result = StringPiece(data_ + ofs_, result_len); + *result = SpdyStringPiece(data_ + ofs_, result_len); // Iterate. ofs_ += result_len; @@ -140,7 +138,7 @@ bool SpdyFrameReader::ReadStringPiece16(StringPiece* result) { return true; } -bool SpdyFrameReader::ReadStringPiece32(StringPiece* result) { +bool SpdyFrameReader::ReadStringPiece32(SpdyStringPiece* result) { // Read resultant length. uint32_t result_len; if (!ReadUInt32(&result_len)) { @@ -155,7 +153,7 @@ bool SpdyFrameReader::ReadStringPiece32(StringPiece* result) { } // Set result. - *result = StringPiece(data_ + ofs_, result_len); + *result = SpdyStringPiece(data_ + ofs_, result_len); // Iterate. ofs_ += result_len; diff --git a/chromium/net/spdy/spdy_frame_reader.h b/chromium/net/spdy/spdy_frame_reader.h index c1752180ca2..0037c460aeb 100644 --- a/chromium/net/spdy/spdy_frame_reader.h +++ b/chromium/net/spdy/spdy_frame_reader.h @@ -8,8 +8,8 @@ #include <stddef.h> #include <stdint.h> -#include "base/strings/string_piece.h" #include "net/base/net_export.h" +#include "net/spdy/platform/api/spdy_string_piece.h" namespace net { @@ -74,7 +74,7 @@ class NET_EXPORT_PRIVATE SpdyFrameReader { // // Forwards the internal iterator on success. // Returns true on success, false otherwise. - bool ReadStringPiece16(base::StringPiece* result); + bool ReadStringPiece16(SpdyStringPiece* result); // Reads a string prefixed with 32-bit length into the given output parameter. // @@ -83,7 +83,7 @@ class NET_EXPORT_PRIVATE SpdyFrameReader { // // Forwards the internal iterator on success. // Returns true on success, false otherwise. - bool ReadStringPiece32(base::StringPiece* result); + bool ReadStringPiece32(SpdyStringPiece* result); // Reads a given number of bytes into the given buffer. The buffer // must be of adequate size. diff --git a/chromium/net/spdy/spdy_frame_reader_test.cc b/chromium/net/spdy/spdy_frame_reader_test.cc index c68f3f42cf4..1c5764d2148 100644 --- a/chromium/net/spdy/spdy_frame_reader_test.cc +++ b/chromium/net/spdy/spdy_frame_reader_test.cc @@ -66,7 +66,7 @@ TEST(SpdyFrameReaderTest, ReadStringPiece16) { SpdyFrameReader frame_reader(kFrameData, arraysize(kFrameData)); EXPECT_FALSE(frame_reader.IsDoneReading()); - base::StringPiece stringpiece_val; + SpdyStringPiece stringpiece_val; EXPECT_TRUE(frame_reader.ReadStringPiece16(&stringpiece_val)); EXPECT_FALSE(frame_reader.IsDoneReading()); EXPECT_EQ(0, stringpiece_val.compare("Hi")); @@ -89,7 +89,7 @@ TEST(SpdyFrameReaderTest, ReadStringPiece32) { SpdyFrameReader frame_reader(kFrameData, arraysize(kFrameData)); EXPECT_FALSE(frame_reader.IsDoneReading()); - base::StringPiece stringpiece_val; + SpdyStringPiece stringpiece_val; EXPECT_TRUE(frame_reader.ReadStringPiece32(&stringpiece_val)); EXPECT_FALSE(frame_reader.IsDoneReading()); EXPECT_EQ(0, stringpiece_val.compare("foo")); @@ -142,7 +142,7 @@ TEST(SpdyFrameReaderTest, ReadStringPiece16WithBufferTooSmall) { SpdyFrameReader frame_reader(kFrameData, arraysize(kFrameData)); EXPECT_FALSE(frame_reader.IsDoneReading()); - base::StringPiece stringpiece_val; + SpdyStringPiece stringpiece_val; EXPECT_FALSE(frame_reader.ReadStringPiece16(&stringpiece_val)); // Also make sure that trying to read a uint16_t, which technically could @@ -162,7 +162,7 @@ TEST(SpdyFrameReaderTest, ReadStringPiece16WithBufferWayTooSmall) { SpdyFrameReader frame_reader(kFrameData, arraysize(kFrameData)); EXPECT_FALSE(frame_reader.IsDoneReading()); - base::StringPiece stringpiece_val; + SpdyStringPiece stringpiece_val; EXPECT_FALSE(frame_reader.ReadStringPiece16(&stringpiece_val)); // Also make sure that trying to read a uint16_t, which technically could @@ -183,7 +183,7 @@ TEST(SpdyFrameReaderTest, ReadStringPiece32WithBufferTooSmall) { SpdyFrameReader frame_reader(kFrameData, arraysize(kFrameData)); EXPECT_FALSE(frame_reader.IsDoneReading()); - base::StringPiece stringpiece_val; + SpdyStringPiece stringpiece_val; EXPECT_FALSE(frame_reader.ReadStringPiece32(&stringpiece_val)); // Also make sure that trying to read a uint16_t, which technically could @@ -203,7 +203,7 @@ TEST(SpdyFrameReaderTest, ReadStringPiece32WithBufferWayTooSmall) { SpdyFrameReader frame_reader(kFrameData, arraysize(kFrameData)); EXPECT_FALSE(frame_reader.IsDoneReading()); - base::StringPiece stringpiece_val; + SpdyStringPiece stringpiece_val; EXPECT_FALSE(frame_reader.ReadStringPiece32(&stringpiece_val)); // Also make sure that trying to read a uint16_t, which technically could @@ -226,12 +226,12 @@ TEST(SpdyFrameReaderTest, ReadBytes) { char dest1[3] = {}; EXPECT_TRUE(frame_reader.ReadBytes(&dest1, arraysize(dest1))); EXPECT_FALSE(frame_reader.IsDoneReading()); - EXPECT_EQ("foo", base::StringPiece(dest1, arraysize(dest1))); + EXPECT_EQ("foo", SpdyStringPiece(dest1, arraysize(dest1))); char dest2[2] = {}; EXPECT_TRUE(frame_reader.ReadBytes(&dest2, arraysize(dest2))); EXPECT_TRUE(frame_reader.IsDoneReading()); - EXPECT_EQ("Hi", base::StringPiece(dest2, arraysize(dest2))); + EXPECT_EQ("Hi", SpdyStringPiece(dest2, arraysize(dest2))); } TEST(SpdyFrameReaderTest, ReadBytesWithBufferTooSmall) { diff --git a/chromium/net/spdy/spdy_framer.cc b/chromium/net/spdy/spdy_framer.cc index c8471bf5905..c7411471265 100644 --- a/chromium/net/spdy/spdy_framer.cc +++ b/chromium/net/spdy/spdy_framer.cc @@ -13,7 +13,6 @@ #include <list> #include <memory> #include <new> -#include <string> #include <vector> #include "base/lazy_instance.h" @@ -21,14 +20,13 @@ #include "base/memory/ptr_util.h" #include "base/metrics/histogram_macros.h" #include "base/strings/string_util.h" -#include "base/strings/stringprintf.h" #include "net/quic/core/quic_flags.h" #include "net/spdy/hpack/hpack_constants.h" #include "net/spdy/hpack/hpack_decoder.h" -#include "net/spdy/hpack/hpack_decoder2.h" #include "net/spdy/hpack/hpack_decoder3.h" #include "net/spdy/http2_frame_decoder_adapter.h" #include "net/spdy/platform/api/spdy_estimate_memory_usage.h" +#include "net/spdy/platform/api/spdy_string_utils.h" #include "net/spdy/spdy_bitmasks.h" #include "net/spdy/spdy_bug_tracker.h" #include "net/spdy/spdy_flags.h" @@ -36,9 +34,6 @@ #include "net/spdy/spdy_frame_reader.h" #include "net/spdy/spdy_framer_decoder_adapter.h" -using base::StringPiece; -using std::hex; -using std::string; using std::vector; namespace net { @@ -114,6 +109,7 @@ const size_t SpdyFramer::kMaxDataPayloadSendSize = 1 << 14; // The size of the control frame buffer. Must be >= the minimum size of the // largest control frame. const size_t SpdyFramer::kControlFrameBufferSize = 19; +const size_t SpdyFramer::kOneSettingParameterSize = 6; #ifdef DEBUG_SPDY_STATE_CHANGES #define CHANGE_STATE(newstate) \ @@ -178,7 +174,7 @@ void SpdyFramer::Reset() { remaining_data_length_ = 0; remaining_control_header_ = 0; current_frame_buffer_.Rewind(); - current_frame_type_ = DATA; + current_frame_type_ = SpdyFrameType::DATA; current_frame_flags_ = 0; current_frame_length_ = 0; current_frame_stream_id_ = kInvalidStream; @@ -195,6 +191,9 @@ void SpdyFramer::set_visitor(SpdyFramerVisitorInterface* visitor) { } void SpdyFramer::set_extension_visitor(ExtensionVisitorInterface* extension) { + if (decoder_adapter_ != nullptr) { + decoder_adapter_->set_extension_visitor(extension); + } extension_ = extension; } @@ -282,12 +281,6 @@ size_t SpdyFramer::GetWindowUpdateSize() const { return GetFrameHeaderSize() + 4; } -size_t SpdyFramer::GetBlockedSize() const { - // Size, in bytes, of a BLOCKED frame. - // The BLOCKED frame has no payload beyond the control frame header. - return GetFrameHeaderSize(); -} - size_t SpdyFramer::GetPushPromiseMinimumSize() const { // Size, in bytes, of a PUSH_PROMISE frame, sans the embedded header block. // Calculated as frame prefix + 4 (promised stream id) @@ -606,15 +599,15 @@ SpdyFrameType SpdyFramer::ValidateFrameHeader(bool is_control_frame, // if we expect a continuation and receive an unknown frame. DLOG(ERROR) << "The framer was expecting to receive a CONTINUATION " << "frame, but instead received an unknown frame of type " - << base::StringPrintf("%x", frame_type_field); + << SpdyStringPrintf("%x", frame_type_field); set_error(SPDY_UNEXPECTED_FRAME); - return DATA; + return SpdyFrameType::DATA; } if (extension_ != nullptr) { if (extension_->OnFrameHeader(current_frame_stream_id_, payload_length_field, frame_type_field, current_frame_flags_)) { - return EXTENSION; + return SpdyFrameType::EXTENSION; } } // We ignore unknown frame types for extensibility, as long as @@ -626,7 +619,7 @@ SpdyFrameType SpdyFramer::ValidateFrameHeader(bool is_control_frame, // Report an invalid frame error and close the stream if the // stream_id is not valid. DLOG(WARNING) << "Unknown control frame type " - << base::StringPrintf("%x", frame_type_field) + << SpdyStringPrintf("%x", frame_type_field) << " received on invalid stream " << current_frame_stream_id_; set_error(SPDY_INVALID_CONTROL_FRAME); @@ -634,7 +627,7 @@ SpdyFrameType SpdyFramer::ValidateFrameHeader(bool is_control_frame, DVLOG(1) << "Ignoring unknown frame type."; CHANGE_STATE(SPDY_IGNORE_REMAINING_PAYLOAD); } - return DATA; + return SpdyFrameType::DATA; } SpdyFrameType frame_type = ParseFrameType(frame_type_field); @@ -648,7 +641,8 @@ SpdyFrameType SpdyFramer::ValidateFrameHeader(bool is_control_frame, } // Ensure that we see a CONTINUATION frame iff we expect to. - if ((frame_type == CONTINUATION) != (expect_continuation_ != 0)) { + if ((frame_type == SpdyFrameType::CONTINUATION) != + (expect_continuation_ != 0)) { if (expect_continuation_ != 0) { DLOG(ERROR) << "The framer was expecting to receive a CONTINUATION " << "frame, but instead received a frame of type " @@ -698,7 +692,8 @@ size_t SpdyFramer::ProcessCommonHeader(const char* data, size_t len) { DCHECK(successful_read); // We check control_frame_type_field's validity in // ValidateFrameHeader(). - is_control_frame = control_frame_type_field != DATA; + is_control_frame = + control_frame_type_field != SerializeFrameType(SpdyFrameType::DATA); current_frame_length_ = length_field + GetFrameHeaderSize(); @@ -766,22 +761,22 @@ void SpdyFramer::ProcessControlFrameHeader() { // Do some sanity checking on the control frame sizes and flags. switch (current_frame_type_) { - case RST_STREAM: + case SpdyFrameType::RST_STREAM: if (current_frame_length_ != GetRstStreamSize()) { set_error(SPDY_INVALID_CONTROL_FRAME_SIZE); } else if (current_frame_flags_ != 0) { - VLOG(1) << "Undefined frame flags for RST_STREAM frame: " << hex + VLOG(1) << "Undefined frame flags for RST_STREAM frame: " << std::hex << static_cast<int>(current_frame_flags_); current_frame_flags_ = 0; } break; - case SETTINGS: - { + case SpdyFrameType::SETTINGS: { // Make sure that we have an integral number of 8-byte key/value pairs, // Size of each key/value pair in bytes. - int setting_size = 6; if (current_frame_length_ < GetSettingsMinimumSize() || - (current_frame_length_ - GetFrameHeaderSize()) % setting_size != 0) { + (current_frame_length_ - GetFrameHeaderSize()) % + kOneSettingParameterSize != + 0) { DLOG(WARNING) << "Invalid length for SETTINGS frame: " << current_frame_length_; set_error(SPDY_INVALID_CONTROL_FRAME_SIZE); @@ -789,120 +784,109 @@ void SpdyFramer::ProcessControlFrameHeader() { current_frame_length_ > GetSettingsMinimumSize()) { set_error(SPDY_INVALID_CONTROL_FRAME_SIZE); } else if (current_frame_flags_ & ~SETTINGS_FLAG_ACK) { - VLOG(1) << "Undefined frame flags for SETTINGS frame: " << hex + VLOG(1) << "Undefined frame flags for SETTINGS frame: " << std::hex << static_cast<int>(current_frame_flags_); current_frame_flags_ &= SETTINGS_FLAG_ACK; } break; } - case PING: + case SpdyFrameType::PING: if (current_frame_length_ != GetPingSize()) { set_error(SPDY_INVALID_CONTROL_FRAME_SIZE); } else { if (current_frame_flags_ & ~PING_FLAG_ACK) { - VLOG(1) << "Undefined frame flags for PING frame: " << hex + VLOG(1) << "Undefined frame flags for PING frame: " << std::hex << static_cast<int>(current_frame_flags_); current_frame_flags_ &= PING_FLAG_ACK; } } break; - case GOAWAY: - { + case SpdyFrameType::GOAWAY: { // For HTTP/2, optional opaque data may be appended to the // GOAWAY frame, thus there is only a minimal length restriction. if (current_frame_length_ < GetGoAwayMinimumSize()) { set_error(SPDY_INVALID_CONTROL_FRAME); - } else if (current_frame_flags_ != 0) { - VLOG(1) << "Undefined frame flags for GOAWAY frame: " << hex - << static_cast<int>(current_frame_flags_); - current_frame_flags_ = 0; - } - break; - } - case HEADERS: - { - size_t min_size = GetHeadersMinimumSize(); - if (current_frame_flags_ & HEADERS_FLAG_PRIORITY) { - min_size += 4; - } - if (current_frame_length_ < min_size) { - // TODO(mlavan): check here for HEADERS with no payload? - // (not allowed in HTTP2) - set_error(SPDY_INVALID_CONTROL_FRAME); - } else if (current_frame_flags_ & - ~(CONTROL_FLAG_FIN | HEADERS_FLAG_PRIORITY | - HEADERS_FLAG_END_HEADERS | HEADERS_FLAG_PADDED)) { - VLOG(1) << "Undefined frame flags for HEADERS frame: " << hex - << static_cast<int>(current_frame_flags_); - current_frame_flags_ &= - (CONTROL_FLAG_FIN | HEADERS_FLAG_PRIORITY | - HEADERS_FLAG_END_HEADERS | HEADERS_FLAG_PADDED); - } - } - break; - case WINDOW_UPDATE: - if (current_frame_length_ != GetWindowUpdateSize()) { - set_error(SPDY_INVALID_CONTROL_FRAME_SIZE); } else if (current_frame_flags_ != 0) { - VLOG(1) << "Undefined frame flags for WINDOW_UPDATE frame: " << hex + VLOG(1) << "Undefined frame flags for GOAWAY frame: " << std::hex << static_cast<int>(current_frame_flags_); current_frame_flags_ = 0; } break; - case BLOCKED: - if (current_frame_length_ != GetBlockedSize()) { + } + case SpdyFrameType::HEADERS: { + size_t min_size = GetHeadersMinimumSize(); + if (current_frame_flags_ & HEADERS_FLAG_PRIORITY) { + min_size += 4; + } + if (current_frame_length_ < min_size) { + // TODO(mlavan): check here for HEADERS with no payload? + // (not allowed in HTTP2) set_error(SPDY_INVALID_CONTROL_FRAME); + } else if (current_frame_flags_ & + ~(CONTROL_FLAG_FIN | HEADERS_FLAG_PRIORITY | + HEADERS_FLAG_END_HEADERS | HEADERS_FLAG_PADDED)) { + VLOG(1) << "Undefined frame flags for HEADERS frame: " << std::hex + << static_cast<int>(current_frame_flags_); + current_frame_flags_ &= + (CONTROL_FLAG_FIN | HEADERS_FLAG_PRIORITY | + HEADERS_FLAG_END_HEADERS | HEADERS_FLAG_PADDED); + } + break; + } + case SpdyFrameType::WINDOW_UPDATE: + if (current_frame_length_ != GetWindowUpdateSize()) { + set_error(SPDY_INVALID_CONTROL_FRAME_SIZE); } else if (current_frame_flags_ != 0) { - VLOG(1) << "Undefined frame flags for BLOCKED frame: " << hex + VLOG(1) << "Undefined frame flags for WINDOW_UPDATE frame: " << std::hex << static_cast<int>(current_frame_flags_); current_frame_flags_ = 0; } break; - case PUSH_PROMISE: + case SpdyFrameType::PUSH_PROMISE: if (current_frame_length_ < GetPushPromiseMinimumSize()) { set_error(SPDY_INVALID_CONTROL_FRAME); } else if (current_frame_flags_ & ~(PUSH_PROMISE_FLAG_END_PUSH_PROMISE | HEADERS_FLAG_PADDED)) { - VLOG(1) << "Undefined frame flags for PUSH_PROMISE frame: " << hex + VLOG(1) << "Undefined frame flags for PUSH_PROMISE frame: " << std::hex << static_cast<int>(current_frame_flags_); current_frame_flags_ &= (PUSH_PROMISE_FLAG_END_PUSH_PROMISE | HEADERS_FLAG_PADDED); } break; - case CONTINUATION: + case SpdyFrameType::CONTINUATION: if (current_frame_length_ < GetContinuationMinimumSize()) { set_error(SPDY_INVALID_CONTROL_FRAME); } else if (current_frame_flags_ & ~HEADERS_FLAG_END_HEADERS) { - VLOG(1) << "Undefined frame flags for CONTINUATION frame: " << hex + VLOG(1) << "Undefined frame flags for CONTINUATION frame: " << std::hex << static_cast<int>(current_frame_flags_); current_frame_flags_ &= HEADERS_FLAG_END_HEADERS; } break; - case ALTSVC: + case SpdyFrameType::ALTSVC: if (current_frame_length_ <= GetAltSvcMinimumSize()) { set_error(SPDY_INVALID_CONTROL_FRAME); } else if (current_frame_flags_ != 0) { - VLOG(1) << "Undefined frame flags for ALTSVC frame: " << hex + VLOG(1) << "Undefined frame flags for ALTSVC frame: " << std::hex << static_cast<int>(current_frame_flags_); current_frame_flags_ = 0; } break; - case PRIORITY: + case SpdyFrameType::PRIORITY: if (current_frame_length_ != GetPrioritySize()) { set_error(SPDY_INVALID_CONTROL_FRAME_SIZE); } else if (current_frame_flags_ != 0) { - VLOG(1) << "Undefined frame flags for PRIORITY frame: " << hex + VLOG(1) << "Undefined frame flags for PRIORITY frame: " << std::hex << static_cast<int>(current_frame_flags_); current_frame_flags_ = 0; } break; - case EXTENSION: + case SpdyFrameType::EXTENSION: // No particular requirements on frames handled by the registered // extension. break; default: LOG(WARNING) << "Valid control frame with unhandled type: " - << current_frame_type_; + << SerializeFrameType(current_frame_type_); // This branch should be unreachable because of the frame type bounds // check above. However, we DLOG(FATAL) here in an effort to painfully // club the head of the developer who failed to keep this file in sync @@ -916,22 +900,22 @@ void SpdyFramer::ProcessControlFrameHeader() { return; } - if (current_frame_type_ == GOAWAY) { + if (current_frame_type_ == SpdyFrameType::GOAWAY) { CHANGE_STATE(SPDY_GOAWAY_FRAME_PAYLOAD); return; } - if (current_frame_type_ == ALTSVC) { + if (current_frame_type_ == SpdyFrameType::ALTSVC) { CHANGE_STATE(SPDY_ALTSVC_FRAME_PAYLOAD); return; } // Determine the frame size without variable-length data. int32_t frame_size_without_variable_data; switch (current_frame_type_) { - case SETTINGS: + case SpdyFrameType::SETTINGS: frame_size_without_variable_data = GetSettingsMinimumSize(); break; - case HEADERS: + case SpdyFrameType::HEADERS: frame_size_without_variable_data = GetHeadersMinimumSize(); if (current_frame_flags_ & HEADERS_FLAG_PADDED) { frame_size_without_variable_data += kPadLengthFieldSize; @@ -941,16 +925,16 @@ void SpdyFramer::ProcessControlFrameHeader() { kPriorityDependencyPayloadSize + kPriorityWeightPayloadSize; } break; - case PUSH_PROMISE: + case SpdyFrameType::PUSH_PROMISE: frame_size_without_variable_data = GetPushPromiseMinimumSize(); if (current_frame_flags_ & PUSH_PROMISE_FLAG_PADDED) { frame_size_without_variable_data += kPadLengthFieldSize; } break; - case CONTINUATION: + case SpdyFrameType::CONTINUATION: frame_size_without_variable_data = GetContinuationMinimumSize(); break; - case EXTENSION: + case SpdyFrameType::EXTENSION: frame_size_without_variable_data = GetFrameHeaderSize(); break; default: @@ -978,9 +962,9 @@ void SpdyFramer::ProcessControlFrameHeader() { remaining_control_header_ = frame_size_without_variable_data - current_frame_buffer_.len(); - if (current_frame_type_ == SETTINGS) { + if (current_frame_type_ == SpdyFrameType::SETTINGS) { CHANGE_STATE(SPDY_SETTINGS_FRAME_HEADER); - } else if (current_frame_type_ == EXTENSION) { + } else if (current_frame_type_ == SpdyFrameType::EXTENSION) { CHANGE_STATE(SPDY_EXTENSION_FRAME_PAYLOAD); } else { CHANGE_STATE(SPDY_CONTROL_FRAME_BEFORE_HEADER_BLOCK); @@ -1036,61 +1020,58 @@ size_t SpdyFramer::ProcessControlFrameBeforeHeaderBlock(const char* data, reader.Seek(GetFrameHeaderSize()); // Seek past frame header. switch (current_frame_type_) { - case HEADERS: - { - bool successful_read = true; - if (current_frame_stream_id_ == 0) { - set_error(SPDY_INVALID_CONTROL_FRAME); - return original_len - len; - } - if (!(current_frame_flags_ & HEADERS_FLAG_END_HEADERS) && - current_frame_type_ == HEADERS) { - expect_continuation_ = current_frame_stream_id_; - end_stream_when_done_ = current_frame_flags_ & CONTROL_FLAG_FIN; - } - if (current_frame_flags_ & HEADERS_FLAG_PADDED) { - uint8_t pad_payload_len = 0; - DCHECK_EQ(remaining_padding_payload_length_, 0u); - successful_read = reader.ReadUInt8(&pad_payload_len); - DCHECK(successful_read); - remaining_padding_payload_length_ = pad_payload_len; - } - const bool has_priority = - (current_frame_flags_ & HEADERS_FLAG_PRIORITY) != 0; - int weight = 0; - uint32_t parent_stream_id = 0; - bool exclusive = false; - if (has_priority) { - uint32_t stream_dependency; - successful_read = reader.ReadUInt32(&stream_dependency); - DCHECK(successful_read); - UnpackStreamDependencyValues(stream_dependency, &exclusive, - &parent_stream_id); - - uint8_t serialized_weight = 0; - successful_read = reader.ReadUInt8(&serialized_weight); - if (successful_read) { - // Per RFC 7540 section 6.3, serialized weight value is actual - // value - 1. - weight = serialized_weight + 1; - } - } - DCHECK(reader.IsDoneReading()); - if (debug_visitor_) { - debug_visitor_->OnReceiveCompressedFrame(current_frame_stream_id_, - current_frame_type_, - current_frame_length_); + case SpdyFrameType::HEADERS: { + bool successful_read = true; + if (current_frame_stream_id_ == 0) { + set_error(SPDY_INVALID_CONTROL_FRAME); + return original_len - len; + } + if (!(current_frame_flags_ & HEADERS_FLAG_END_HEADERS) && + current_frame_type_ == SpdyFrameType::HEADERS) { + expect_continuation_ = current_frame_stream_id_; + end_stream_when_done_ = current_frame_flags_ & CONTROL_FLAG_FIN; + } + if (current_frame_flags_ & HEADERS_FLAG_PADDED) { + uint8_t pad_payload_len = 0; + DCHECK_EQ(remaining_padding_payload_length_, 0u); + successful_read = reader.ReadUInt8(&pad_payload_len); + DCHECK(successful_read); + remaining_padding_payload_length_ = pad_payload_len; + } + const bool has_priority = + (current_frame_flags_ & HEADERS_FLAG_PRIORITY) != 0; + int weight = 0; + uint32_t parent_stream_id = 0; + bool exclusive = false; + if (has_priority) { + uint32_t stream_dependency; + successful_read = reader.ReadUInt32(&stream_dependency); + DCHECK(successful_read); + UnpackStreamDependencyValues(stream_dependency, &exclusive, + &parent_stream_id); + + uint8_t serialized_weight = 0; + successful_read = reader.ReadUInt8(&serialized_weight); + if (successful_read) { + // Per RFC 7540 section 6.3, serialized weight value is actual + // value - 1. + weight = serialized_weight + 1; } - visitor_->OnHeaders( - current_frame_stream_id_, - (current_frame_flags_ & HEADERS_FLAG_PRIORITY) != 0, weight, - parent_stream_id, exclusive, - (current_frame_flags_ & CONTROL_FLAG_FIN) != 0, - expect_continuation_ == 0); + } + DCHECK(reader.IsDoneReading()); + if (debug_visitor_) { + debug_visitor_->OnReceiveCompressedFrame(current_frame_stream_id_, + current_frame_type_, + current_frame_length_); + } + visitor_->OnHeaders(current_frame_stream_id_, + (current_frame_flags_ & HEADERS_FLAG_PRIORITY) != 0, + weight, parent_stream_id, exclusive, + (current_frame_flags_ & CONTROL_FLAG_FIN) != 0, + expect_continuation_ == 0); } break; - case PUSH_PROMISE: - { + case SpdyFrameType::PUSH_PROMISE: { if (current_frame_stream_id_ == 0) { set_error(SPDY_INVALID_CONTROL_FRAME); return original_len - len; @@ -1128,8 +1109,7 @@ size_t SpdyFramer::ProcessControlFrameBeforeHeaderBlock(const char* data, PUSH_PROMISE_FLAG_END_PUSH_PROMISE) != 0); } break; - case CONTINUATION: - { + case SpdyFrameType::CONTINUATION: { // Check to make sure the stream id of the current frame is // the same as that of the preceding frame. // If we're at this point we should already know that @@ -1162,7 +1142,7 @@ size_t SpdyFramer::ProcessControlFrameBeforeHeaderBlock(const char* data, #endif } - if (current_frame_type_ != CONTINUATION) { + if (current_frame_type_ != SpdyFrameType::CONTINUATION) { header_handler_ = visitor_->OnHeaderFrameStart(current_frame_stream_id_); if (header_handler_ == nullptr) { SPDY_BUG << "visitor_->OnHeaderFrameStart returned nullptr"; @@ -1183,8 +1163,9 @@ size_t SpdyFramer::ProcessControlFrameHeaderBlock(const char* data, DCHECK_EQ(SPDY_CONTROL_FRAME_HEADER_BLOCK, state_); bool processed_successfully = true; - if (current_frame_type_ != HEADERS && current_frame_type_ != PUSH_PROMISE && - current_frame_type_ != CONTINUATION) { + if (current_frame_type_ != SpdyFrameType::HEADERS && + current_frame_type_ != SpdyFrameType::PUSH_PROMISE && + current_frame_type_ != SpdyFrameType::CONTINUATION) { SPDY_BUG << "Unhandled frame type in ProcessControlFrameHeaderBlock."; } @@ -1259,20 +1240,19 @@ size_t SpdyFramer::ProcessSettingsFrameHeader(const char* data, size_t len) { size_t SpdyFramer::ProcessSettingsFramePayload(const char* data, size_t data_len) { DCHECK_EQ(SPDY_SETTINGS_FRAME_PAYLOAD, state_); - DCHECK_EQ(SETTINGS, current_frame_type_); + DCHECK_EQ(SpdyFrameType::SETTINGS, current_frame_type_); size_t unprocessed_bytes = std::min(data_len, remaining_data_length_); size_t processed_bytes = 0; - size_t setting_size = 6; - // Loop over our incoming data. while (unprocessed_bytes > 0) { // Process up to one setting at a time. - size_t processing = std::min(unprocessed_bytes, - setting_size - settings_scratch_.buffer.len()); + size_t processing = + std::min(unprocessed_bytes, + kOneSettingParameterSize - settings_scratch_.buffer.len()); // Check if we have a complete setting in our input. - if (processing == setting_size) { + if (processing == kOneSettingParameterSize) { // Parse the setting directly out of the input without buffering. if (!ProcessSetting(data + processed_bytes)) { set_error(SPDY_INVALID_CONTROL_FRAME); @@ -1283,7 +1263,7 @@ size_t SpdyFramer::ProcessSettingsFramePayload(const char* data, settings_scratch_.buffer.CopyFrom(data + processed_bytes, processing); // Check if we have a complete setting buffered. - if (settings_scratch_.buffer.len() == setting_size) { + if (settings_scratch_.buffer.len() == kOneSettingParameterSize) { if (!ProcessSetting(settings_scratch_.buffer.data())) { set_error(SPDY_INVALID_CONTROL_FRAME); return processed_bytes; @@ -1345,7 +1325,7 @@ size_t SpdyFramer::ProcessControlFramePayload(const char* data, size_t len) { // Use frame-specific handlers. switch (current_frame_type_) { - case RST_STREAM: { + case SpdyFrameType::RST_STREAM: { uint32_t error_code = ERROR_CODE_NO_ERROR; bool successful_read = reader.ReadUInt32(&error_code); DCHECK(successful_read); @@ -1353,7 +1333,7 @@ size_t SpdyFramer::ProcessControlFramePayload(const char* data, size_t len) { visitor_->OnRstStream(current_frame_stream_id_, ParseErrorCode(error_code)); } break; - case PING: { + case SpdyFrameType::PING: { SpdyPingId id = 0; bool is_ack = current_frame_flags_ & PING_FLAG_ACK; bool successful_read = true; @@ -1362,7 +1342,7 @@ size_t SpdyFramer::ProcessControlFramePayload(const char* data, size_t len) { DCHECK(reader.IsDoneReading()); visitor_->OnPing(id, is_ack); } break; - case WINDOW_UPDATE: { + case SpdyFrameType::WINDOW_UPDATE: { uint32_t delta_window_size = 0; bool successful_read = true; successful_read = reader.ReadUInt32(&delta_window_size); @@ -1370,11 +1350,7 @@ size_t SpdyFramer::ProcessControlFramePayload(const char* data, size_t len) { DCHECK(reader.IsDoneReading()); visitor_->OnWindowUpdate(current_frame_stream_id_, delta_window_size); } break; - case BLOCKED: { - DCHECK(reader.IsDoneReading()); - visitor_->OnBlocked(current_frame_stream_id_); - } break; - case PRIORITY: { + case SpdyFrameType::PRIORITY: { uint32_t stream_dependency; uint32_t parent_stream_id; bool exclusive; @@ -1393,7 +1369,7 @@ size_t SpdyFramer::ProcessControlFramePayload(const char* data, size_t len) { visitor_->OnPriority(current_frame_stream_id_, parent_stream_id, weight, exclusive); } break; - case EXTENSION: + case SpdyFrameType::EXTENSION: if (extension_ == nullptr) { SPDY_BUG << "Reached EXTENSION frame processing with a null " << "extension!"; @@ -1483,14 +1459,14 @@ size_t SpdyFramer::ProcessAltSvcFramePayload(const char* data, size_t len) { } SpdyFrameReader reader(altsvc_scratch_->data(), altsvc_scratch_->len()); - StringPiece origin; + SpdyStringPiece origin; bool successful_read = reader.ReadStringPiece16(&origin); if (!successful_read) { set_error(SPDY_INVALID_CONTROL_FRAME); return 0; } - StringPiece value(altsvc_scratch_->data() + reader.GetBytesConsumed(), - altsvc_scratch_->len() - reader.GetBytesConsumed()); + SpdyStringPiece value(altsvc_scratch_->data() + reader.GetBytesConsumed(), + altsvc_scratch_->len() - reader.GetBytesConsumed()); SpdyAltSvcWireFormat::AlternativeServiceVector altsvc_vector; bool success = @@ -1508,7 +1484,7 @@ size_t SpdyFramer::ProcessAltSvcFramePayload(const char* data, size_t len) { size_t SpdyFramer::ProcessDataFramePaddingLength(const char* data, size_t len) { DCHECK_EQ(SPDY_READ_DATA_FRAME_PADDING_LENGTH, state_); DCHECK_EQ(0u, remaining_padding_payload_length_); - DCHECK_EQ(DATA, current_frame_type_); + DCHECK_EQ(SpdyFrameType::DATA, current_frame_type_); size_t original_len = len; if (current_frame_flags_ & DATA_FLAG_PADDED) { @@ -1548,7 +1524,7 @@ size_t SpdyFramer::ProcessFramePadding(const char* data, size_t len) { if (remaining_padding_payload_length_ > 0) { DCHECK_EQ(remaining_padding_payload_length_, remaining_data_length_); size_t amount_to_discard = std::min(remaining_padding_payload_length_, len); - if (current_frame_type_ == DATA && amount_to_discard > 0) { + if (current_frame_type_ == SpdyFrameType::DATA && amount_to_discard > 0) { visitor_->OnStreamPadding(current_frame_stream_id_, amount_to_discard); } data += amount_to_discard; @@ -1643,7 +1619,7 @@ bool SpdyFramer::ParseHeaderBlockInBuffer(const char* header_data, // Read each header. for (uint32_t index = 0; index < num_headers; ++index) { - base::StringPiece temp; + SpdyStringPiece temp; // Read header name. if (!reader.ReadStringPiece32(&temp)) { @@ -1659,7 +1635,7 @@ bool SpdyFramer::ParseHeaderBlockInBuffer(const char* header_data, << " contains upper-case characters."; return false; } - std::string name = temp.as_string(); + SpdyString name(temp); // Read header value. if (!reader.ReadStringPiece32(&temp)) { @@ -1667,7 +1643,7 @@ bool SpdyFramer::ParseHeaderBlockInBuffer(const char* header_data, << num_headers << ")."; return false; } - std::string value = temp.as_string(); + SpdyString value(temp); // Ensure no duplicates. if (block->find(name) != block->end()) { @@ -1713,7 +1689,7 @@ SpdySerializedFrame SpdyFramer::SpdyHeaderFrameIterator::NextFrame() { size_t size_without_block = is_first_frame_ ? framer_->GetHeaderFrameSizeSansBlock(*headers_ir_) : framer_->GetContinuationMinimumSize(); - auto encoding = base::MakeUnique<string>(); + auto encoding = base::MakeUnique<SpdyString>(); encoder_->Next(kMaxControlFrameSize - size_without_block, encoding.get()); has_next_frame_ = encoder_->HasNext(); @@ -1727,9 +1703,9 @@ SpdySerializedFrame SpdyFramer::SpdyHeaderFrameIterator::NextFrame() { // compression performance between HPACK and SPDY w/ deflate. size_t debug_payload_len = framer_->GetSerializedLength(&headers_ir_->header_block()); - framer_->debug_visitor_->OnSendCompressedFrame(headers_ir_->stream_id(), - HEADERS, debug_payload_len, - debug_total_size_); + framer_->debug_visitor_->OnSendCompressedFrame( + headers_ir_->stream_id(), SpdyFrameType::HEADERS, debug_payload_len, + debug_total_size_); } } @@ -1745,60 +1721,83 @@ SpdySerializedFrame SpdyFramer::SpdyHeaderFrameIterator::NextFrame() { } } -SpdySerializedFrame SpdyFramer::SerializeData(const SpdyDataIR& data_ir) const { - uint8_t flags = DATA_FLAG_NONE; +void SpdyFramer::SerializeDataBuilderHelper(const SpdyDataIR& data_ir, + uint8_t* flags, + int* num_padding_fields, + size_t* size_with_padding) const { if (data_ir.fin()) { - flags = DATA_FLAG_FIN; + *flags = DATA_FLAG_FIN; } - int num_padding_fields = 0; if (data_ir.padded()) { - flags |= DATA_FLAG_PADDED; - ++num_padding_fields; + *flags = *flags | DATA_FLAG_PADDED; + ++*num_padding_fields; } - const size_t size_with_padding = num_padding_fields + data_ir.data_len() + - data_ir.padding_payload_len() + - GetDataFrameMinimumSize(); + *size_with_padding = *num_padding_fields + data_ir.data_len() + + data_ir.padding_payload_len() + + GetDataFrameMinimumSize(); +} + +SpdySerializedFrame SpdyFramer::SerializeData(const SpdyDataIR& data_ir) const { + uint8_t flags = DATA_FLAG_NONE; + int num_padding_fields = 0; + size_t size_with_padding = 0; + SerializeDataBuilderHelper(data_ir, &flags, &num_padding_fields, + &size_with_padding); + SpdyFrameBuilder builder(size_with_padding); - builder.BeginNewFrame(*this, DATA, flags, data_ir.stream_id()); + builder.BeginNewFrame(*this, SpdyFrameType::DATA, flags, data_ir.stream_id()); if (data_ir.padded()) { builder.WriteUInt8(data_ir.padding_payload_len() & 0xff); } builder.WriteBytes(data_ir.data(), data_ir.data_len()); if (data_ir.padding_payload_len() > 0) { - string padding(data_ir.padding_payload_len(), 0); + SpdyString padding(data_ir.padding_payload_len(), 0); builder.WriteBytes(padding.data(), padding.length()); } DCHECK_EQ(size_with_padding, builder.length()); return builder.take(); } -SpdySerializedFrame SpdyFramer::SerializeDataFrameHeaderWithPaddingLengthField( - const SpdyDataIR& data_ir) const { - uint8_t flags = DATA_FLAG_NONE; +void SpdyFramer::SerializeDataFrameHeaderWithPaddingLengthFieldBuilderHelper( + const SpdyDataIR& data_ir, + uint8_t* flags, + size_t* frame_size, + size_t* num_padding_fields) const { + *flags = DATA_FLAG_NONE; if (data_ir.fin()) { - flags = DATA_FLAG_FIN; + *flags = DATA_FLAG_FIN; } - size_t frame_size = GetDataFrameMinimumSize(); - size_t num_padding_fields = 0; + *frame_size = GetDataFrameMinimumSize(); if (data_ir.padded()) { - flags |= DATA_FLAG_PADDED; - ++num_padding_fields; - frame_size += num_padding_fields; + *flags = *flags | DATA_FLAG_PADDED; + ++(*num_padding_fields); + *frame_size = *frame_size + *num_padding_fields; } +} + +SpdySerializedFrame SpdyFramer::SerializeDataFrameHeaderWithPaddingLengthField( + const SpdyDataIR& data_ir) const { + uint8_t flags = DATA_FLAG_NONE; + size_t frame_size = 0; + size_t num_padding_fields = 0; + SerializeDataFrameHeaderWithPaddingLengthFieldBuilderHelper( + data_ir, &flags, &frame_size, &num_padding_fields); SpdyFrameBuilder builder(frame_size); if (!skip_rewritelength_) { - builder.BeginNewFrame(*this, DATA, flags, data_ir.stream_id()); + builder.BeginNewFrame(*this, SpdyFrameType::DATA, flags, + data_ir.stream_id()); if (data_ir.padded()) { builder.WriteUInt8(data_ir.padding_payload_len() & 0xff); } builder.OverwriteLength(*this, num_padding_fields + data_ir.data_len() + data_ir.padding_payload_len()); } else { - builder.BeginNewFrame(*this, DATA, flags, data_ir.stream_id(), + builder.BeginNewFrame(*this, SpdyFrameType::DATA, flags, + data_ir.stream_id(), num_padding_fields + data_ir.data_len() + data_ir.padding_payload_len()); if (data_ir.padded()) { @@ -1814,7 +1813,8 @@ SpdySerializedFrame SpdyFramer::SerializeRstStream( size_t expected_length = GetRstStreamSize(); SpdyFrameBuilder builder(expected_length); - builder.BeginNewFrame(*this, RST_STREAM, 0, rst_stream.stream_id()); + builder.BeginNewFrame(*this, SpdyFrameType::RST_STREAM, 0, + rst_stream.stream_id()); builder.WriteUInt32(rst_stream.error_code()); @@ -1822,21 +1822,26 @@ SpdySerializedFrame SpdyFramer::SerializeRstStream( return builder.take(); } -SpdySerializedFrame SpdyFramer::SerializeSettings( - const SpdySettingsIR& settings) const { - uint8_t flags = 0; - +void SpdyFramer::SerializeSettingsBuilderHelper(const SpdySettingsIR& settings, + uint8_t* flags, + const SettingsMap* values, + size_t* size) const { if (settings.is_ack()) { - flags |= SETTINGS_FLAG_ACK; + *flags = *flags | SETTINGS_FLAG_ACK; } - const SettingsMap* values = &(settings.values()); + *size = + GetSettingsMinimumSize() + (values->size() * kOneSettingParameterSize); +} - int setting_size = 6; +SpdySerializedFrame SpdyFramer::SerializeSettings( + const SpdySettingsIR& settings) const { + uint8_t flags = 0; // Size, in bytes, of this SETTINGS frame. - const size_t size = GetSettingsMinimumSize() + - (values->size() * setting_size); + size_t size = 0; + const SettingsMap* values = &(settings.values()); + SerializeSettingsBuilderHelper(settings, &flags, values, &size); SpdyFrameBuilder builder(size); - builder.BeginNewFrame(*this, SETTINGS, flags, 0); + builder.BeginNewFrame(*this, SpdyFrameType::SETTINGS, flags, 0); // If this is an ACK, payload should be empty. if (settings.is_ack()) { @@ -1861,7 +1866,7 @@ SpdySerializedFrame SpdyFramer::SerializePing(const SpdyPingIR& ping) const { if (ping.is_ack()) { flags |= PING_FLAG_ACK; } - builder.BeginNewFrame(*this, PING, flags, 0); + builder.BeginNewFrame(*this, SpdyFrameType::PING, flags, 0); builder.WriteUInt64(ping.id()); DCHECK_EQ(GetPingSize(), builder.length()); return builder.take(); @@ -1875,7 +1880,7 @@ SpdySerializedFrame SpdyFramer::SerializeGoAway( SpdyFrameBuilder builder(expected_length); // Serialize the GOAWAY frame. - builder.BeginNewFrame(*this, GOAWAY, 0, 0); + builder.BeginNewFrame(*this, SpdyFrameType::GOAWAY, 0, 0); // GOAWAY frames specify the last good stream id. builder.WriteUInt32(goaway.last_good_stream_id()); @@ -1893,67 +1898,79 @@ SpdySerializedFrame SpdyFramer::SerializeGoAway( return builder.take(); } -SpdySerializedFrame SpdyFramer::SerializeHeaders(const SpdyHeadersIR& headers) { - uint8_t flags = 0; +void SpdyFramer::SerializeHeadersBuilderHelper(const SpdyHeadersIR& headers, + uint8_t* flags, + size_t* size, + SpdyString* hpack_encoding, + int* weight, + size_t* length_field) { if (headers.fin()) { - flags |= CONTROL_FLAG_FIN; + *flags = *flags | CONTROL_FLAG_FIN; } // This will get overwritten if we overflow into a CONTINUATION frame. - flags |= HEADERS_FLAG_END_HEADERS; + *flags = *flags | HEADERS_FLAG_END_HEADERS; if (headers.has_priority()) { - flags |= HEADERS_FLAG_PRIORITY; + *flags = *flags | HEADERS_FLAG_PRIORITY; } if (headers.padded()) { - flags |= HEADERS_FLAG_PADDED; + *flags = *flags | HEADERS_FLAG_PADDED; } - // The size of this frame, including padding (if there is any) and - // variable-length header block. - size_t size = GetHeadersMinimumSize(); + *size = GetHeadersMinimumSize(); if (headers.padded()) { - size += kPadLengthFieldSize; - size += headers.padding_payload_len(); + *size = *size + kPadLengthFieldSize; + *size = *size + headers.padding_payload_len(); } - int weight = 0; if (headers.has_priority()) { - weight = ClampHttp2Weight(headers.weight()); - size += 5; + *weight = ClampHttp2Weight(headers.weight()); + *size = *size + 5; } - string hpack_encoding; - GetHpackEncoder()->EncodeHeaderSet(headers.header_block(), &hpack_encoding); - size += hpack_encoding.size(); - if (size > kMaxControlFrameSize) { - size += GetNumberRequiredContinuationFrames(size) * - GetContinuationMinimumSize(); - flags &= ~HEADERS_FLAG_END_HEADERS; + GetHpackEncoder()->EncodeHeaderSet(headers.header_block(), hpack_encoding); + *size = *size + hpack_encoding->size(); + if (*size > kMaxControlFrameSize) { + *size = *size + GetNumberRequiredContinuationFrames(*size) * + GetContinuationMinimumSize(); + *flags = *flags & ~HEADERS_FLAG_END_HEADERS; } + // Compute frame length field. + if (headers.padded()) { + *length_field = *length_field + 1; // Padding length field. + } + if (headers.has_priority()) { + *length_field = *length_field + 4; // Dependency field. + *length_field = *length_field + 1; // Weight field. + } + *length_field = *length_field + headers.padding_payload_len(); + *length_field = *length_field + hpack_encoding->size(); + // If the HEADERS frame with payload would exceed the max frame size, then + // WritePayloadWithContinuation() will serialize CONTINUATION frames as + // necessary. + *length_field = + std::min(*length_field, kMaxControlFrameSize - GetFrameHeaderSize()); +} + +SpdySerializedFrame SpdyFramer::SerializeHeaders(const SpdyHeadersIR& headers) { + uint8_t flags = 0; + // The size of this frame, including padding (if there is any) and + // variable-length header block. + size_t size = 0; + SpdyString hpack_encoding; + int weight = 0; + size_t length_field = 0; + SerializeHeadersBuilderHelper(headers, &flags, &size, &hpack_encoding, + &weight, &length_field); SpdyFrameBuilder builder(size); if (!skip_rewritelength_) { - builder.BeginNewFrame(*this, HEADERS, flags, headers.stream_id()); + builder.BeginNewFrame(*this, SpdyFrameType::HEADERS, flags, + headers.stream_id()); } else { - // Compute frame length field. - size_t length_field = 0; - if (headers.padded()) { - length_field += 1; // Padding length field. - } - if (headers.has_priority()) { - length_field += 4; // Dependency field. - length_field += 1; // Weight field. - } - length_field += headers.padding_payload_len(); - length_field += hpack_encoding.size(); - // If the HEADERS frame with payload would exceed the max frame size, then - // WritePayloadWithContinuation() will serialize CONTINUATION frames as - // necessary. - length_field = - std::min(length_field, kMaxControlFrameSize - GetFrameHeaderSize()); - builder.BeginNewFrame(*this, HEADERS, flags, headers.stream_id(), - length_field); + builder.BeginNewFrame(*this, SpdyFrameType::HEADERS, flags, + headers.stream_id(), length_field); } DCHECK_EQ(GetHeadersMinimumSize(), builder.length()); @@ -1969,7 +1986,7 @@ SpdySerializedFrame SpdyFramer::SerializeHeaders(const SpdyHeadersIR& headers) { builder.WriteUInt8(weight - 1); } WritePayloadWithContinuation(&builder, hpack_encoding, headers.stream_id(), - HEADERS, padding_payload_len); + SpdyFrameType::HEADERS, padding_payload_len); if (debug_visitor_) { // HTTP2 uses HPACK for header compression. However, continue to @@ -1977,8 +1994,7 @@ SpdySerializedFrame SpdyFramer::SerializeHeaders(const SpdyHeadersIR& headers) { // compression performance between HPACK and SPDY w/ deflate. const size_t payload_len = GetSerializedLength(&(headers.header_block())); debug_visitor_->OnSendCompressedFrame(headers.stream_id(), - HEADERS, - payload_len, + SpdyFrameType::HEADERS, payload_len, builder.length()); } @@ -1988,51 +2004,56 @@ SpdySerializedFrame SpdyFramer::SerializeHeaders(const SpdyHeadersIR& headers) { SpdySerializedFrame SpdyFramer::SerializeWindowUpdate( const SpdyWindowUpdateIR& window_update) const { SpdyFrameBuilder builder(GetWindowUpdateSize()); - builder.BeginNewFrame(*this, WINDOW_UPDATE, kNoFlags, + builder.BeginNewFrame(*this, SpdyFrameType::WINDOW_UPDATE, kNoFlags, window_update.stream_id()); builder.WriteUInt32(window_update.delta()); DCHECK_EQ(GetWindowUpdateSize(), builder.length()); return builder.take(); } -SpdySerializedFrame SpdyFramer::SerializeBlocked( - const SpdyBlockedIR& blocked) const { - SpdyFrameBuilder builder(GetBlockedSize()); - builder.BeginNewFrame(*this, BLOCKED, kNoFlags, blocked.stream_id()); - return builder.take(); -} - -SpdySerializedFrame SpdyFramer::SerializePushPromise( - const SpdyPushPromiseIR& push_promise) { - uint8_t flags = 0; +void SpdyFramer::SerializePushPromiseBuilderHelper( + const SpdyPushPromiseIR& push_promise, + uint8_t* flags, + SpdyString* hpack_encoding, + size_t* size) { + *flags = 0; // This will get overwritten if we overflow into a CONTINUATION frame. - flags |= PUSH_PROMISE_FLAG_END_PUSH_PROMISE; + *flags = *flags | PUSH_PROMISE_FLAG_END_PUSH_PROMISE; // The size of this frame, including variable-length name-value block. - size_t size = GetPushPromiseMinimumSize(); + *size = GetPushPromiseMinimumSize(); if (push_promise.padded()) { - flags |= PUSH_PROMISE_FLAG_PADDED; - size += kPadLengthFieldSize; - size += push_promise.padding_payload_len(); + *flags = *flags | PUSH_PROMISE_FLAG_PADDED; + *size = *size + kPadLengthFieldSize; + *size = *size + push_promise.padding_payload_len(); } - string hpack_encoding; GetHpackEncoder()->EncodeHeaderSet(push_promise.header_block(), - &hpack_encoding); - size += hpack_encoding.size(); - if (size > kMaxControlFrameSize) { - size += GetNumberRequiredContinuationFrames(size) * - GetContinuationMinimumSize(); - flags &= ~PUSH_PROMISE_FLAG_END_PUSH_PROMISE; + hpack_encoding); + *size = *size + hpack_encoding->size(); + if (*size > kMaxControlFrameSize) { + *size = *size + GetNumberRequiredContinuationFrames(*size) * + GetContinuationMinimumSize(); + *flags = *flags & ~PUSH_PROMISE_FLAG_END_PUSH_PROMISE; } +} + +SpdySerializedFrame SpdyFramer::SerializePushPromise( + const SpdyPushPromiseIR& push_promise) { + uint8_t flags = 0; + size_t size = 0; + SpdyString hpack_encoding; + SerializePushPromiseBuilderHelper(push_promise, &flags, &hpack_encoding, + &size); SpdyFrameBuilder builder(size); if (!skip_rewritelength_) { - builder.BeginNewFrame(*this, PUSH_PROMISE, flags, push_promise.stream_id()); + builder.BeginNewFrame(*this, SpdyFrameType::PUSH_PROMISE, flags, + push_promise.stream_id()); } else { size_t length = std::min(size, kMaxControlFrameSize) - GetFrameHeaderSize(); - builder.BeginNewFrame(*this, PUSH_PROMISE, flags, push_promise.stream_id(), - length); + builder.BeginNewFrame(*this, SpdyFrameType::PUSH_PROMISE, flags, + push_promise.stream_id(), length); } int padding_payload_len = 0; if (push_promise.padded()) { @@ -2047,11 +2068,9 @@ SpdySerializedFrame SpdyFramer::SerializePushPromise( DCHECK_EQ(GetPushPromiseMinimumSize(), builder.length()); } - WritePayloadWithContinuation(&builder, - hpack_encoding, - push_promise.stream_id(), - PUSH_PROMISE, - padding_payload_len); + WritePayloadWithContinuation( + &builder, hpack_encoding, push_promise.stream_id(), + SpdyFrameType::PUSH_PROMISE, padding_payload_len); if (debug_visitor_) { // HTTP2 uses HPACK for header compression. However, continue to @@ -2060,9 +2079,8 @@ SpdySerializedFrame SpdyFramer::SerializePushPromise( const size_t payload_len = GetSerializedLength(&(push_promise.header_block())); debug_visitor_->OnSendCompressedFrame(push_promise.stream_id(), - PUSH_PROMISE, - payload_len, - builder.length()); + SpdyFrameType::PUSH_PROMISE, + payload_len, builder.length()); } return builder.take(); @@ -2070,10 +2088,11 @@ SpdySerializedFrame SpdyFramer::SerializePushPromise( SpdySerializedFrame SpdyFramer::SerializeHeadersGivenEncoding( const SpdyHeadersIR& headers, - const string& encoding) const { + const SpdyString& encoding) const { size_t frame_size = GetHeaderFrameSizeSansBlock(headers) + encoding.size(); SpdyFrameBuilder builder(frame_size); - builder.BeginNewFrame(*this, HEADERS, SerializeHeaderFrameFlags(headers), + builder.BeginNewFrame(*this, SpdyFrameType::HEADERS, + SerializeHeaderFrameFlags(headers), headers.stream_id()); DCHECK_EQ(GetFrameHeaderSize(), builder.length()); @@ -2092,7 +2111,7 @@ SpdySerializedFrame SpdyFramer::SerializeHeadersGivenEncoding( builder.WriteBytes(&encoding[0], encoding.size()); if (headers.padding_payload_len() > 0) { - string padding(headers.padding_payload_len(), 0); + SpdyString padding(headers.padding_payload_len(), 0); builder.WriteBytes(padding.data(), padding.length()); } return builder.take(); @@ -2100,26 +2119,35 @@ SpdySerializedFrame SpdyFramer::SerializeHeadersGivenEncoding( SpdySerializedFrame SpdyFramer::SerializeContinuation( const SpdyContinuationIR& continuation) const { - const string& encoding = continuation.encoding(); + const SpdyString& encoding = continuation.encoding(); size_t frame_size = GetContinuationMinimumSize() + encoding.size(); SpdyFrameBuilder builder(frame_size); uint8_t flags = continuation.end_headers() ? HEADERS_FLAG_END_HEADERS : 0; - builder.BeginNewFrame(*this, CONTINUATION, flags, continuation.stream_id()); + builder.BeginNewFrame(*this, SpdyFrameType::CONTINUATION, flags, + continuation.stream_id()); DCHECK_EQ(GetFrameHeaderSize(), builder.length()); - builder.WriteBytes(&encoding[0], encoding.size()); + builder.WriteBytes(encoding.data(), encoding.size()); return builder.take(); } -SpdySerializedFrame SpdyFramer::SerializeAltSvc(const SpdyAltSvcIR& altsvc_ir) { - size_t size = GetAltSvcMinimumSize(); - size += altsvc_ir.origin().length(); - string value = SpdyAltSvcWireFormat::SerializeHeaderFieldValue( +void SpdyFramer::SerializeAltSvcBuilderHelper(const SpdyAltSvcIR& altsvc_ir, + SpdyString* value, + size_t* size) const { + *size = GetAltSvcMinimumSize(); + *size = *size + altsvc_ir.origin().length(); + *value = SpdyAltSvcWireFormat::SerializeHeaderFieldValue( altsvc_ir.altsvc_vector()); - size += value.length(); + *size = *size + value->length(); +} +SpdySerializedFrame SpdyFramer::SerializeAltSvc(const SpdyAltSvcIR& altsvc_ir) { + SpdyString value; + size_t size = 0; + SerializeAltSvcBuilderHelper(altsvc_ir, &value, &size); SpdyFrameBuilder builder(size); - builder.BeginNewFrame(*this, ALTSVC, kNoFlags, altsvc_ir.stream_id()); + builder.BeginNewFrame(*this, SpdyFrameType::ALTSVC, kNoFlags, + altsvc_ir.stream_id()); builder.WriteUInt16(altsvc_ir.origin().length()); builder.WriteBytes(altsvc_ir.origin().data(), altsvc_ir.origin().length()); @@ -2133,7 +2161,8 @@ SpdySerializedFrame SpdyFramer::SerializePriority( size_t size = GetPrioritySize(); SpdyFrameBuilder builder(size); - builder.BeginNewFrame(*this, PRIORITY, kNoFlags, priority.stream_id()); + builder.BeginNewFrame(*this, SpdyFrameType::PRIORITY, kNoFlags, + priority.stream_id()); builder.WriteUInt32(PackStreamDependencyValues(priority.exclusive(), priority.parent_stream_id())); @@ -2174,9 +2203,6 @@ class FrameSerializationVisitor : public SpdyFrameVisitor { void VisitWindowUpdate(const SpdyWindowUpdateIR& window_update) override { frame_ = framer_->SerializeWindowUpdate(window_update); } - void VisitBlocked(const SpdyBlockedIR& blocked) override { - frame_ = framer_->SerializeBlocked(blocked); - } void VisitPushPromise(const SpdyPushPromiseIR& push_promise) override { frame_ = framer_->SerializePushPromise(push_promise); } @@ -2247,10 +2273,6 @@ class FlagsSerializationVisitor : public SpdyFrameVisitor { flags_ = kNoFlags; } - void VisitBlocked(const SpdyBlockedIR& blocked) override { - flags_ = kNoFlags; - } - // TODO(diannahu): The END_PUSH_PROMISE flag is incorrect for PUSH_PROMISEs // that require CONTINUATION frames. void VisitPushPromise(const SpdyPushPromiseIR& push_promise) override { @@ -2292,6 +2314,361 @@ uint8_t SpdyFramer::GetSerializedFlags(const SpdyFrameIR& frame) { return visitor.flags(); } +bool SpdyFramer::SerializeData(const SpdyDataIR& data_ir, + ZeroCopyOutputBuffer* output) const { + uint8_t flags = DATA_FLAG_NONE; + int num_padding_fields = 0; + size_t size_with_padding = 0; + SerializeDataBuilderHelper(data_ir, &flags, &num_padding_fields, + &size_with_padding); + SpdyFrameBuilder builder(size_with_padding, output); + + bool ok = builder.BeginNewFrame(*this, SpdyFrameType::DATA, flags, + data_ir.stream_id()); + + if (data_ir.padded()) { + ok = ok && builder.WriteUInt8(data_ir.padding_payload_len() & 0xff); + } + + ok = ok && builder.WriteBytes(data_ir.data(), data_ir.data_len()); + if (data_ir.padding_payload_len() > 0) { + SpdyString padding; + padding = SpdyString(data_ir.padding_payload_len(), 0); + ok = ok && builder.WriteBytes(padding.data(), padding.length()); + } + DCHECK_EQ(size_with_padding, builder.length()); + return ok; +} + +bool SpdyFramer::SerializeDataFrameHeaderWithPaddingLengthField( + const SpdyDataIR& data_ir, + ZeroCopyOutputBuffer* output) const { + uint8_t flags = DATA_FLAG_NONE; + size_t frame_size = 0; + size_t num_padding_fields = 0; + SerializeDataFrameHeaderWithPaddingLengthFieldBuilderHelper( + data_ir, &flags, &frame_size, &num_padding_fields); + + SpdyFrameBuilder builder(frame_size, output); + bool ok = true; + if (!skip_rewritelength_) { + ok = builder.BeginNewFrame(*this, SpdyFrameType::DATA, flags, + data_ir.stream_id()); + if (data_ir.padded()) { + ok = ok && builder.WriteUInt8(data_ir.padding_payload_len() & 0xff); + } + ok = ok && builder.OverwriteLength(*this, + num_padding_fields + data_ir.data_len() + + data_ir.padding_payload_len()); + } else { + ok = ok && builder.BeginNewFrame(*this, SpdyFrameType::DATA, flags, + data_ir.stream_id(), + num_padding_fields + data_ir.data_len() + + data_ir.padding_payload_len()); + if (data_ir.padded()) { + ok = ok && builder.WriteUInt8(data_ir.padding_payload_len() & 0xff); + } + } + DCHECK_EQ(frame_size, builder.length()); + return ok; +} + +bool SpdyFramer::SerializeRstStream(const SpdyRstStreamIR& rst_stream, + ZeroCopyOutputBuffer* output) const { + size_t expected_length = GetRstStreamSize(); + SpdyFrameBuilder builder(expected_length, output); + bool ok = builder.BeginNewFrame(*this, SpdyFrameType::RST_STREAM, 0, + rst_stream.stream_id()); + ok = ok && builder.WriteUInt32(rst_stream.error_code()); + + DCHECK_EQ(expected_length, builder.length()); + return ok; +} + +bool SpdyFramer::SerializeSettings(const SpdySettingsIR& settings, + ZeroCopyOutputBuffer* output) const { + uint8_t flags = 0; + // Size, in bytes, of this SETTINGS frame. + size_t size = 0; + const SettingsMap* values = &(settings.values()); + SerializeSettingsBuilderHelper(settings, &flags, values, &size); + SpdyFrameBuilder builder(size, output); + bool ok = builder.BeginNewFrame(*this, SpdyFrameType::SETTINGS, flags, 0); + + // If this is an ACK, payload should be empty. + if (settings.is_ack()) { + return ok; + } + + DCHECK_EQ(GetSettingsMinimumSize(), builder.length()); + for (SettingsMap::const_iterator it = values->begin(); it != values->end(); + ++it) { + int setting_id = it->first; + DCHECK_GE(setting_id, 0); + ok = ok && builder.WriteUInt16(static_cast<uint16_t>(setting_id)) && + builder.WriteUInt32(it->second); + } + DCHECK_EQ(size, builder.length()); + return ok; +} + +bool SpdyFramer::SerializePing(const SpdyPingIR& ping, + ZeroCopyOutputBuffer* output) const { + SpdyFrameBuilder builder(GetPingSize(), output); + uint8_t flags = 0; + if (ping.is_ack()) { + flags |= PING_FLAG_ACK; + } + bool ok = builder.BeginNewFrame(*this, SpdyFrameType::PING, flags, 0); + ok = ok && builder.WriteUInt64(ping.id()); + DCHECK_EQ(GetPingSize(), builder.length()); + return ok; +} + +bool SpdyFramer::SerializeGoAway(const SpdyGoAwayIR& goaway, + ZeroCopyOutputBuffer* output) const { + // Compute the output buffer size, take opaque data into account. + size_t expected_length = GetGoAwayMinimumSize(); + expected_length += goaway.description().size(); + SpdyFrameBuilder builder(expected_length, output); + + // Serialize the GOAWAY frame. + bool ok = builder.BeginNewFrame(*this, SpdyFrameType::GOAWAY, 0, 0); + + // GOAWAY frames specify the last good stream id. + ok = ok && builder.WriteUInt32(goaway.last_good_stream_id()) && + // GOAWAY frames also specify the error status code. + builder.WriteUInt32(goaway.error_code()); + + // GOAWAY frames may also specify opaque data. + if (!goaway.description().empty()) { + ok = ok && builder.WriteBytes(goaway.description().data(), + goaway.description().size()); + } + + DCHECK_EQ(expected_length, builder.length()); + return ok; +} + +bool SpdyFramer::SerializeHeaders(const SpdyHeadersIR& headers, + ZeroCopyOutputBuffer* output) { + uint8_t flags = 0; + // The size of this frame, including padding (if there is any) and + // variable-length header block. + size_t size = 0; + SpdyString hpack_encoding; + int weight = 0; + size_t length_field = 0; + SerializeHeadersBuilderHelper(headers, &flags, &size, &hpack_encoding, + &weight, &length_field); + + bool ok = true; + SpdyFrameBuilder builder(size, output); + if (!skip_rewritelength_) { + ok = builder.BeginNewFrame(*this, SpdyFrameType::HEADERS, flags, + headers.stream_id()); + } else { + ok = ok && builder.BeginNewFrame(*this, SpdyFrameType::HEADERS, flags, + headers.stream_id(), length_field); + } + DCHECK_EQ(GetHeadersMinimumSize(), builder.length()); + + int padding_payload_len = 0; + if (headers.padded()) { + ok = ok && builder.WriteUInt8(headers.padding_payload_len()); + padding_payload_len = headers.padding_payload_len(); + } + if (headers.has_priority()) { + ok = ok && + builder.WriteUInt32(PackStreamDependencyValues( + headers.exclusive(), headers.parent_stream_id())) && + // Per RFC 7540 section 6.3, serialized weight value is weight - 1. + builder.WriteUInt8(weight - 1); + } + ok = ok && WritePayloadWithContinuation( + &builder, hpack_encoding, headers.stream_id(), + SpdyFrameType::HEADERS, padding_payload_len); + + if (debug_visitor_) { + // HTTP2 uses HPACK for header compression. However, continue to + // use GetSerializedLength() for an apples-to-apples comparision of + // compression performance between HPACK and SPDY w/ deflate. + const size_t payload_len = GetSerializedLength(&(headers.header_block())); + debug_visitor_->OnSendCompressedFrame(headers.stream_id(), + SpdyFrameType::HEADERS, payload_len, + builder.length()); + } + + return ok; +} + +bool SpdyFramer::SerializeWindowUpdate(const SpdyWindowUpdateIR& window_update, + ZeroCopyOutputBuffer* output) const { + SpdyFrameBuilder builder(GetWindowUpdateSize(), output); + bool ok = builder.BeginNewFrame(*this, SpdyFrameType::WINDOW_UPDATE, kNoFlags, + window_update.stream_id()); + ok = ok && builder.WriteUInt32(window_update.delta()); + DCHECK_EQ(GetWindowUpdateSize(), builder.length()); + return ok; +} + +bool SpdyFramer::SerializePushPromise(const SpdyPushPromiseIR& push_promise, + ZeroCopyOutputBuffer* output) { + uint8_t flags = 0; + size_t size = 0; + SpdyString hpack_encoding; + SerializePushPromiseBuilderHelper(push_promise, &flags, &hpack_encoding, + &size); + + bool ok = true; + SpdyFrameBuilder builder(size, output); + if (!skip_rewritelength_) { + ok = builder.BeginNewFrame(*this, SpdyFrameType::PUSH_PROMISE, flags, + push_promise.stream_id()); + } else { + size_t length = std::min(size, kMaxControlFrameSize) - GetFrameHeaderSize(); + ok = builder.BeginNewFrame(*this, SpdyFrameType::PUSH_PROMISE, flags, + push_promise.stream_id(), length); + } + + int padding_payload_len = 0; + if (push_promise.padded()) { + ok = ok && builder.WriteUInt8(push_promise.padding_payload_len()) && + builder.WriteUInt32(push_promise.promised_stream_id()); + DCHECK_EQ(GetPushPromiseMinimumSize() + kPadLengthFieldSize, + builder.length()); + + padding_payload_len = push_promise.padding_payload_len(); + } else { + ok = ok && builder.WriteUInt32(push_promise.promised_stream_id()); + DCHECK_EQ(GetPushPromiseMinimumSize(), builder.length()); + } + + ok = ok && WritePayloadWithContinuation( + &builder, hpack_encoding, push_promise.stream_id(), + SpdyFrameType::PUSH_PROMISE, padding_payload_len); + + if (debug_visitor_) { + // HTTP2 uses HPACK for header compression. However, continue to + // use GetSerializedLength() for an apples-to-apples comparision of + // compression performance between HPACK and SPDY w/ deflate. + const size_t payload_len = + GetSerializedLength(&(push_promise.header_block())); + debug_visitor_->OnSendCompressedFrame(push_promise.stream_id(), + SpdyFrameType::PUSH_PROMISE, + payload_len, builder.length()); + } + + return ok; +} + +bool SpdyFramer::SerializeContinuation(const SpdyContinuationIR& continuation, + ZeroCopyOutputBuffer* output) const { + const SpdyString& encoding = continuation.encoding(); + size_t frame_size = GetContinuationMinimumSize() + encoding.size(); + SpdyFrameBuilder builder(frame_size, output); + uint8_t flags = continuation.end_headers() ? HEADERS_FLAG_END_HEADERS : 0; + bool ok = builder.BeginNewFrame(*this, SpdyFrameType::CONTINUATION, flags, + continuation.stream_id()); + DCHECK_EQ(GetFrameHeaderSize(), builder.length()); + + ok = ok && builder.WriteBytes(encoding.data(), encoding.size()); + return ok; +} + +bool SpdyFramer::SerializeAltSvc(const SpdyAltSvcIR& altsvc_ir, + ZeroCopyOutputBuffer* output) { + SpdyString value; + size_t size = 0; + SerializeAltSvcBuilderHelper(altsvc_ir, &value, &size); + SpdyFrameBuilder builder(size, output); + bool ok = builder.BeginNewFrame(*this, SpdyFrameType::ALTSVC, kNoFlags, + altsvc_ir.stream_id()) && + builder.WriteUInt16(altsvc_ir.origin().length()) && + builder.WriteBytes(altsvc_ir.origin().data(), + altsvc_ir.origin().length()) && + builder.WriteBytes(value.data(), value.length()); + DCHECK_LT(GetAltSvcMinimumSize(), builder.length()); + return ok; +} + +bool SpdyFramer::SerializePriority(const SpdyPriorityIR& priority, + ZeroCopyOutputBuffer* output) const { + size_t size = GetPrioritySize(); + + SpdyFrameBuilder builder(size, output); + bool ok = builder.BeginNewFrame(*this, SpdyFrameType::PRIORITY, kNoFlags, + priority.stream_id()); + ok = ok && + builder.WriteUInt32(PackStreamDependencyValues( + priority.exclusive(), priority.parent_stream_id())) && + // Per RFC 7540 section 6.3, serialized weight value is actual value + // - 1. + builder.WriteUInt8(priority.weight() - 1); + DCHECK_EQ(GetPrioritySize(), builder.length()); + return ok; +} + +namespace { + +class FrameSerializationVisitorWithOutput : public SpdyFrameVisitor { + public: + explicit FrameSerializationVisitorWithOutput(SpdyFramer* framer, + ZeroCopyOutputBuffer* output) + : framer_(framer), output_(output), result_(false) {} + ~FrameSerializationVisitorWithOutput() override {} + + bool Result() { return result_; } + + void VisitData(const SpdyDataIR& data) override { + result_ = framer_->SerializeData(data, output_); + } + void VisitRstStream(const SpdyRstStreamIR& rst_stream) override { + result_ = framer_->SerializeRstStream(rst_stream, output_); + } + void VisitSettings(const SpdySettingsIR& settings) override { + result_ = framer_->SerializeSettings(settings, output_); + } + void VisitPing(const SpdyPingIR& ping) override { + result_ = framer_->SerializePing(ping, output_); + } + void VisitGoAway(const SpdyGoAwayIR& goaway) override { + result_ = framer_->SerializeGoAway(goaway, output_); + } + void VisitHeaders(const SpdyHeadersIR& headers) override { + result_ = framer_->SerializeHeaders(headers, output_); + } + void VisitWindowUpdate(const SpdyWindowUpdateIR& window_update) override { + result_ = framer_->SerializeWindowUpdate(window_update, output_); + } + void VisitPushPromise(const SpdyPushPromiseIR& push_promise) override { + result_ = framer_->SerializePushPromise(push_promise, output_); + } + void VisitContinuation(const SpdyContinuationIR& continuation) override { + result_ = framer_->SerializeContinuation(continuation, output_); + } + void VisitAltSvc(const SpdyAltSvcIR& altsvc) override { + result_ = framer_->SerializeAltSvc(altsvc, output_); + } + void VisitPriority(const SpdyPriorityIR& priority) override { + result_ = framer_->SerializePriority(priority, output_); + } + + private: + SpdyFramer* framer_; + ZeroCopyOutputBuffer* output_; + bool result_; +}; + +} // namespace + +bool SpdyFramer::SerializeFrame(const SpdyFrameIR& frame, + ZeroCopyOutputBuffer* output) { + FrameSerializationVisitorWithOutput visitor(this, output); + frame.Visit(&visitor); + return visitor.Result(); +} + size_t SpdyFramer::GetNumberRequiredContinuationFrames(size_t size) { DCHECK_GT(size, kMaxControlFrameSize); size_t overflow = size - kMaxControlFrameSize; @@ -2334,42 +2711,42 @@ uint8_t SpdyFramer::SerializeHeaderFrameFlags( return flags; } -void SpdyFramer::WritePayloadWithContinuation(SpdyFrameBuilder* builder, - const string& hpack_encoding, +bool SpdyFramer::WritePayloadWithContinuation(SpdyFrameBuilder* builder, + const SpdyString& hpack_encoding, SpdyStreamId stream_id, SpdyFrameType type, int padding_payload_len) { uint8_t end_flag = 0; uint8_t flags = 0; - if (type == HEADERS) { + if (type == SpdyFrameType::HEADERS) { end_flag = HEADERS_FLAG_END_HEADERS; - } else if (type == PUSH_PROMISE) { + } else if (type == SpdyFrameType::PUSH_PROMISE) { end_flag = PUSH_PROMISE_FLAG_END_PUSH_PROMISE; } else { DLOG(FATAL) << "CONTINUATION frames cannot be used with frame type " << FrameTypeToString(type); } - // Write all the padding payload and as much of the data payload as possible - // into the initial frame. + // Write all the padding payload and as much of the data payload as + // possible into the initial frame. size_t bytes_remaining = 0; bytes_remaining = hpack_encoding.size() - std::min(hpack_encoding.size(), kMaxControlFrameSize - builder->length() - padding_payload_len); - builder->WriteBytes(&hpack_encoding[0], - hpack_encoding.size() - bytes_remaining); + bool ret = builder->WriteBytes(&hpack_encoding[0], + hpack_encoding.size() - bytes_remaining); if (padding_payload_len > 0) { - string padding = string(padding_payload_len, 0); - builder->WriteBytes(padding.data(), padding.length()); + SpdyString padding = SpdyString(padding_payload_len, 0); + ret &= builder->WriteBytes(padding.data(), padding.length()); } if (bytes_remaining > 0 && !skip_rewritelength_) { - builder->OverwriteLength(*this, - kMaxControlFrameSize - GetFrameHeaderSize()); + ret &= builder->OverwriteLength( + *this, kMaxControlFrameSize - GetFrameHeaderSize()); } // Tack on CONTINUATION frames for the overflow. - while (bytes_remaining > 0) { + while (bytes_remaining > 0 && ret) { size_t bytes_to_write = std::min( bytes_remaining, kMaxControlFrameSize - GetContinuationMinimumSize()); // Write CONTINUATION frame prefix. @@ -2377,17 +2754,19 @@ void SpdyFramer::WritePayloadWithContinuation(SpdyFrameBuilder* builder, flags |= end_flag; } if (!skip_rewritelength_) { - builder->BeginNewFrame(*this, CONTINUATION, flags, stream_id); + ret &= builder->BeginNewFrame(*this, SpdyFrameType::CONTINUATION, flags, + stream_id); } else { - builder->BeginNewFrame(*this, CONTINUATION, flags, stream_id, - bytes_to_write); + ret &= builder->BeginNewFrame(*this, SpdyFrameType::CONTINUATION, flags, + stream_id, bytes_to_write); } // Write payload fragment. - builder->WriteBytes( + ret &= builder->WriteBytes( &hpack_encoding[hpack_encoding.size() - bytes_remaining], bytes_to_write); bytes_remaining -= bytes_to_write; } + return ret; } HpackEncoder* SpdyFramer::GetHpackEncoder() { @@ -2403,11 +2782,7 @@ HpackEncoder* SpdyFramer::GetHpackEncoder() { HpackDecoderInterface* SpdyFramer::GetHpackDecoder() { if (hpack_decoder_.get() == nullptr) { if (FLAGS_chromium_http2_flag_spdy_use_hpack_decoder3) { - SPDY_BUG_IF(FLAGS_chromium_http2_flag_spdy_use_hpack_decoder2) - << "Both alternate decoders are enabled."; hpack_decoder_.reset(new HpackDecoder3()); - } else if (FLAGS_chromium_http2_flag_spdy_use_hpack_decoder2) { - hpack_decoder_.reset(new HpackDecoder2()); } else { hpack_decoder_.reset(new HpackDecoder()); } diff --git a/chromium/net/spdy/spdy_framer.h b/chromium/net/spdy/spdy_framer.h index ff7140669e6..c08a57d033b 100644 --- a/chromium/net/spdy/spdy_framer.h +++ b/chromium/net/spdy/spdy_framer.h @@ -11,19 +11,20 @@ #include <cstdint> #include <map> #include <memory> -#include <string> #include <utility> -#include "base/strings/string_piece.h" #include "base/sys_byteorder.h" #include "net/base/net_export.h" #include "net/spdy/hpack/hpack_decoder_interface.h" #include "net/spdy/hpack/hpack_encoder.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/spdy_alt_svc_wire_format.h" #include "net/spdy/spdy_flags.h" #include "net/spdy/spdy_header_block.h" #include "net/spdy/spdy_headers_handler_interface.h" #include "net/spdy/spdy_protocol.h" +#include "net/spdy/zero_copy_output_buffer.h" namespace net { @@ -175,9 +176,6 @@ class NET_EXPORT_PRIVATE SpdyFramerVisitorInterface { // occurred while processing the data. Default implementation returns true. virtual bool OnGoAwayFrameData(const char* goaway_data, size_t len); - // Called when a BLOCKED frame has been parsed. - virtual void OnBlocked(SpdyStreamId stream_id) {} - // Called when a PUSH_PROMISE frame is received. // Note that header block data is not included. See OnHeaderFrameStart(). virtual void OnPushPromise(SpdyStreamId stream_id, @@ -191,7 +189,7 @@ class NET_EXPORT_PRIVATE SpdyFramerVisitorInterface { // Called when an ALTSVC frame has been parsed. virtual void OnAltSvc( SpdyStreamId stream_id, - base::StringPiece origin, + SpdyStringPiece origin, const SpdyAltSvcWireFormat::AlternativeServiceVector& altsvc_vector) {} // Called when a PRIORITY frame is received. @@ -212,6 +210,18 @@ class NET_EXPORT_PRIVATE SpdyFramerVisitorInterface { virtual bool OnUnknownFrame(SpdyStreamId stream_id, uint8_t frame_type) = 0; }; +class SpdyFrameSequence { + public: + virtual ~SpdyFrameSequence() {} + + // Serializes the next frame in the sequence to |output|. Returns the number + // of bytes written to |output|. + virtual size_t NextFrame(ZeroCopyOutputBuffer* output) = 0; + + // Returns true iff there is at least one more frame in the sequence. + virtual bool HasNextFrame() const = 0; +}; + class ExtensionVisitorInterface { public: virtual ~ExtensionVisitorInterface() {} @@ -441,12 +451,6 @@ class NET_EXPORT_PRIVATE SpdyFramer { SpdySerializedFrame SerializeWindowUpdate( const SpdyWindowUpdateIR& window_update) const; - // Serializes a BLOCKED frame. The BLOCKED frame is used to - // indicate to the remote endpoint that this endpoint believes itself to be - // flow-control blocked but otherwise ready to send data. The BLOCKED frame - // is purely advisory and optional. - SpdySerializedFrame SerializeBlocked(const SpdyBlockedIR& blocked) const; - // Serializes a PUSH_PROMISE frame. The PUSH_PROMISE frame is used // to inform the client that it will be receiving an additional stream // in response to the original request. The frame includes synthesized @@ -470,6 +474,71 @@ class NET_EXPORT_PRIVATE SpdyFramer { // Serialize a frame of unknown type. SpdySerializedFrame SerializeFrame(const SpdyFrameIR& frame); + // Serialize a data frame. + bool SerializeData(const SpdyDataIR& data, + ZeroCopyOutputBuffer* output) const; + + // Serializes the data frame header and optionally padding length fields, + // excluding actual data payload and padding. + bool SerializeDataFrameHeaderWithPaddingLengthField( + const SpdyDataIR& data, + ZeroCopyOutputBuffer* output) const; + + bool SerializeRstStream(const SpdyRstStreamIR& rst_stream, + ZeroCopyOutputBuffer* output) const; + + // Serializes a SETTINGS frame. The SETTINGS frame is + // used to communicate name/value pairs relevant to the communication channel. + bool SerializeSettings(const SpdySettingsIR& settings, + ZeroCopyOutputBuffer* output) const; + + // Serializes a PING frame. The unique_id is used to + // identify the ping request/response. + bool SerializePing(const SpdyPingIR& ping, + ZeroCopyOutputBuffer* output) const; + + // Serializes a GOAWAY frame. The GOAWAY frame is used + // prior to the shutting down of the TCP connection, and includes the + // stream_id of the last stream the sender of the frame is willing to process + // to completion. + bool SerializeGoAway(const SpdyGoAwayIR& goaway, + ZeroCopyOutputBuffer* output) const; + + // Serializes a HEADERS frame. The HEADERS frame is used + // for sending headers. + bool SerializeHeaders(const SpdyHeadersIR& headers, + ZeroCopyOutputBuffer* output); + + // Serializes a WINDOW_UPDATE frame. The WINDOW_UPDATE + // frame is used to implement per stream flow control. + bool SerializeWindowUpdate(const SpdyWindowUpdateIR& window_update, + ZeroCopyOutputBuffer* output) const; + + // Serializes a PUSH_PROMISE frame. The PUSH_PROMISE frame is used + // to inform the client that it will be receiving an additional stream + // in response to the original request. The frame includes synthesized + // headers to explain the upcoming data. + bool SerializePushPromise(const SpdyPushPromiseIR& push_promise, + ZeroCopyOutputBuffer* output); + + // Serializes a CONTINUATION frame. The CONTINUATION frame is used + // to continue a sequence of header block fragments. + bool SerializeContinuation(const SpdyContinuationIR& continuation, + ZeroCopyOutputBuffer* output) const; + + // Serializes an ALTSVC frame. The ALTSVC frame advertises the + // availability of an alternative service to the client. + bool SerializeAltSvc(const SpdyAltSvcIR& altsvc, + ZeroCopyOutputBuffer* output); + + // Serializes a PRIORITY frame. The PRIORITY frame advises a change in + // the relative priority of the given stream. + bool SerializePriority(const SpdyPriorityIR& priority, + ZeroCopyOutputBuffer* output) const; + + // Serialize a frame of unknown type. + bool SerializeFrame(const SpdyFrameIR& frame, ZeroCopyOutputBuffer* output); + // Returns whether this SpdyFramer will compress header blocks using HPACK. bool compression_enabled() const { return compression_option_ == ENABLE_COMPRESSION; @@ -488,7 +557,6 @@ class NET_EXPORT_PRIVATE SpdyFramer { size_t GetGoAwayMinimumSize() const; size_t GetHeadersMinimumSize() const; size_t GetWindowUpdateSize() const; - size_t GetBlockedSize() const; size_t GetPushPromiseMinimumSize() const; size_t GetContinuationMinimumSize() const; size_t GetAltSvcMinimumSize() const; @@ -646,8 +714,8 @@ class NET_EXPORT_PRIVATE SpdyFramer { size_t GetNumberRequiredContinuationFrames(size_t size); - void WritePayloadWithContinuation(SpdyFrameBuilder* builder, - const std::string& hpack_encoding, + bool WritePayloadWithContinuation(SpdyFrameBuilder* builder, + const SpdyString& hpack_encoding, SpdyStreamId stream_id, SpdyFrameType type, int padding_payload_len); @@ -665,7 +733,7 @@ class NET_EXPORT_PRIVATE SpdyFramer { // block. Does not need or use the SpdyHeaderBlock inside SpdyHeadersIR. SpdySerializedFrame SerializeHeadersGivenEncoding( const SpdyHeadersIR& headers, - const std::string& encoding) const; + const SpdyString& encoding) const; // Calculates the number of bytes required to serialize a SpdyHeadersIR, not // including the bytes to be used for the encoded header set. @@ -677,6 +745,34 @@ class NET_EXPORT_PRIVATE SpdyFramer { // Set the error code and moves the framer into the error state. void set_error(SpdyFramerError error); + // Helper functions to prepare the input for SpdyFrameBuilder. + void SerializeDataBuilderHelper(const SpdyDataIR& data_ir, + uint8_t* flags, + int* num_padding_fields, + size_t* size_with_padding) const; + void SerializeDataFrameHeaderWithPaddingLengthFieldBuilderHelper( + const SpdyDataIR& data_ir, + uint8_t* flags, + size_t* frame_size, + size_t* num_padding_fields) const; + void SerializeSettingsBuilderHelper(const SpdySettingsIR& settings, + uint8_t* flags, + const SettingsMap* values, + size_t* size) const; + void SerializeAltSvcBuilderHelper(const SpdyAltSvcIR& altsvc_ir, + SpdyString* value, + size_t* size) const; + void SerializeHeadersBuilderHelper(const SpdyHeadersIR& headers, + uint8_t* flags, + size_t* size, + SpdyString* hpack_encoding, + int* weight, + size_t* length_field); + void SerializePushPromiseBuilderHelper(const SpdyPushPromiseIR& push_promise, + uint8_t* flags, + SpdyString* hpack_encoding, + size_t* size); + // The size of the control frame buffer. // Since this is only used for control frame headers, the maximum control // frame header size is sufficient; all remaining control @@ -691,6 +787,8 @@ class NET_EXPORT_PRIVATE SpdyFramer { static const size_t kMaxControlFrameSize; // The maximum size for the payload of DATA frames to send. static const size_t kMaxDataPayloadSendSize; + // The size of one parameter in SETTINGS frame. + static const size_t kOneSettingParameterSize; SpdyState state_; SpdyState previous_state_; diff --git a/chromium/net/spdy/spdy_framer_decoder_adapter.cc b/chromium/net/spdy/spdy_framer_decoder_adapter.cc index 603f2a0c7d4..9b7feb56975 100644 --- a/chromium/net/spdy/spdy_framer_decoder_adapter.cc +++ b/chromium/net/spdy/spdy_framer_decoder_adapter.cc @@ -5,20 +5,19 @@ #include "net/spdy/spdy_framer_decoder_adapter.h" #include <memory> -#include <string> #include <utility> #include "base/format_macros.h" #include "base/logging.h" -#include "base/strings/stringprintf.h" #include "net/spdy/platform/api/spdy_estimate_memory_usage.h" +#include "net/spdy/platform/api/spdy_string_utils.h" #if defined(COMPILER_GCC) -#define PRETTY_THIS base::StringPrintf("%s@%p ", __PRETTY_FUNCTION__, this) +#define PRETTY_THIS SpdyStringPrintf("%s@%p ", __PRETTY_FUNCTION__, this) #elif defined(COMPILER_MSVC) -#define PRETTY_THIS base::StringPrintf("%s@%p ", __FUNCSIG__, this) +#define PRETTY_THIS SpdyStringPrintf("%s@%p ", __FUNCSIG__, this) #else -#define PRETTY_THIS base::StringPrintf("%s@%p ", __func__, this) +#define PRETTY_THIS SpdyStringPrintf("%s@%p ", __func__, this) #endif namespace net { @@ -139,10 +138,6 @@ bool SpdyFramerVisitorAdapter::OnGoAwayFrameData(const char* goaway_data, return visitor_->OnGoAwayFrameData(goaway_data, len); } -void SpdyFramerVisitorAdapter::OnBlocked(SpdyStreamId stream_id) { - visitor_->OnBlocked(stream_id); -} - void SpdyFramerVisitorAdapter::OnPushPromise(SpdyStreamId stream_id, SpdyStreamId promised_stream_id, bool end) { @@ -163,7 +158,7 @@ void SpdyFramerVisitorAdapter::OnPriority(SpdyStreamId stream_id, void SpdyFramerVisitorAdapter::OnAltSvc( SpdyStreamId stream_id, - base::StringPiece origin, + SpdyStringPiece origin, const SpdyAltSvcWireFormat::AlternativeServiceVector& altsvc_vector) { visitor_->OnAltSvc(stream_id, origin, altsvc_vector); } @@ -196,6 +191,10 @@ class NestedSpdyFramerDecoder : public SpdyFramerDecoderAdapter { framer_.set_visitor(visitor_adapter_.get()); } + void set_extension_visitor(ExtensionVisitorInterface* visitor) override { + framer_.set_extension_visitor(visitor); + } + // Passes the call on to the base adapter class and wrapped SpdyFramer. void set_debug_visitor( SpdyFramerDebugVisitorInterface* debug_visitor) override { diff --git a/chromium/net/spdy/spdy_framer_decoder_adapter.h b/chromium/net/spdy/spdy_framer_decoder_adapter.h index 84f709dd02d..cbe0788202d 100644 --- a/chromium/net/spdy/spdy_framer_decoder_adapter.h +++ b/chromium/net/spdy/spdy_framer_decoder_adapter.h @@ -10,8 +10,8 @@ #include <cstdint> #include <memory> -#include "base/strings/string_piece.h" #include "net/spdy/hpack/hpack_header_table.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/spdy_alt_svc_wire_format.h" #include "net/spdy/spdy_framer.h" #include "net/spdy/spdy_headers_handler_interface.h" @@ -32,6 +32,10 @@ class SpdyFramerDecoderAdapter { virtual void set_visitor(SpdyFramerVisitorInterface* visitor); SpdyFramerVisitorInterface* visitor() const { return visitor_; } + // Set extension callbacks to be called from the framer or decoder. Optional. + // If called multiple times, only the last visitor will be used. + virtual void set_extension_visitor(ExtensionVisitorInterface* visitor) = 0; + // Set debug callbacks to be called from the framer. The debug visitor is // completely optional and need not be set in order for normal operation. // If this is called multiple times, only the last visitor will be used. @@ -136,7 +140,6 @@ class SpdyFramerVisitorAdapter : public SpdyFramerVisitorInterface { bool end) override; void OnWindowUpdate(SpdyStreamId stream_id, int delta_window_size) override; bool OnGoAwayFrameData(const char* goaway_data, size_t len) override; - void OnBlocked(SpdyStreamId stream_id) override; void OnPushPromise(SpdyStreamId stream_id, SpdyStreamId promised_stream_id, bool end) override; @@ -146,7 +149,7 @@ class SpdyFramerVisitorAdapter : public SpdyFramerVisitorInterface { int weight, bool exclusive) override; void OnAltSvc(SpdyStreamId stream_id, - base::StringPiece origin, + SpdyStringPiece origin, const SpdyAltSvcWireFormat::AlternativeServiceVector& altsvc_vector) override; bool OnUnknownFrame(SpdyStreamId stream_id, uint8_t frame_type) override; diff --git a/chromium/net/spdy/spdy_framer_test.cc b/chromium/net/spdy/spdy_framer_test.cc index 5072e929a54..1e30cd1f0ff 100644 --- a/chromium/net/spdy/spdy_framer_test.cc +++ b/chromium/net/spdy/spdy_framer_test.cc @@ -11,8 +11,8 @@ #include <cstdint> #include <limits> #include <memory> -#include <string> #include <tuple> +#include <utility> #include <vector> #include "base/compiler_specific.h" @@ -21,6 +21,7 @@ #include "base/memory/ptr_util.h" #include "base/strings/string_number_conversions.h" #include "net/quic/core/quic_flags.h" +#include "net/spdy/array_output_buffer.h" #include "net/spdy/hpack/hpack_constants.h" #include "net/spdy/mock_spdy_framer_visitor.h" #include "net/spdy/spdy_flags.h" @@ -32,14 +33,18 @@ #include "testing/gtest/include/gtest/gtest.h" #include "testing/platform_test.h" -using base::StringPiece; -using std::string; using testing::_; namespace net { namespace test { +namespace { + +const int64_t kSize = 64 * 1024; +char output_buffer[kSize] = ""; +} + class MockDebugVisitor : public SpdyFramerDebugVisitorInterface { public: MOCK_METHOD4(OnSendCompressedFrame, @@ -86,7 +91,7 @@ class SpdyFramerTestUtil { SpdyHeadersHandlerInterface* OnHeaderFrameStart( SpdyStreamId stream_id) override { if (headers_handler_ == nullptr) { - headers_handler_.reset(new TestHeadersHandler); + headers_handler_ = base::MakeUnique<TestHeadersHandler>(); } return headers_handler_.get(); } @@ -107,21 +112,20 @@ class SpdyFramerTestUtil { bool exclusive, bool fin, bool end) override { - SpdyHeadersIR* headers = new SpdyHeadersIR(stream_id); + auto headers = base::MakeUnique<SpdyHeadersIR>(stream_id); headers->set_has_priority(has_priority); headers->set_weight(weight); headers->set_parent_stream_id(parent_stream_id); headers->set_exclusive(exclusive); headers->set_fin(fin); - frame_.reset(headers); + frame_ = std::move(headers); } void OnPushPromise(SpdyStreamId stream_id, SpdyStreamId promised_stream_id, bool end) override { - SpdyPushPromiseIR* push_promise = - new SpdyPushPromiseIR(stream_id, promised_stream_id); - frame_.reset(push_promise); + frame_ = + base::MakeUnique<SpdyPushPromiseIR>(stream_id, promised_stream_id); } // TODO(birenroy): Add support for CONTINUATION. @@ -192,22 +196,20 @@ class SpdyFramerTestUtil { MATCHER_P(IsFrameUnionOf, frame_list, "") { size_t size_verified = 0; for (const auto& frame : *frame_list) { - if (arg.size() >= size_verified + frame.size()) { - if (!memcmp(arg.data() + size_verified, frame.data(), frame.size())) { - size_verified += frame.size(); - } else { - CompareCharArraysWithHexError( - "Header serialization methods should be equivalent: ", - reinterpret_cast<unsigned char*>(arg.data() + size_verified), - frame.size(), reinterpret_cast<unsigned char*>(frame.data()), - frame.size()); - return false; - } - } else { + if (arg.size() < size_verified + frame.size()) { LOG(FATAL) << "Incremental header serialization should not lead to a " << "higher total frame length than non-incremental method."; return false; } + if (memcmp(arg.data() + size_verified, frame.data(), frame.size())) { + CompareCharArraysWithHexError( + "Header serialization methods should be equivalent: ", + reinterpret_cast<unsigned char*>(arg.data() + size_verified), + frame.size(), reinterpret_cast<unsigned char*>(frame.data()), + frame.size()); + return false; + } + size_verified += frame.size(); } return size_verified == arg.size(); } @@ -261,6 +263,31 @@ class SpdyFramerPeer { EXPECT_THAT(serialized_headers_old_version, IsFrameUnionOf(&frame_list)); return serialized_headers_old_version; } + + static SpdySerializedFrame SerializeHeaders(SpdyFramer* framer, + const SpdyHeadersIR& headers, + ArrayOutputBuffer* output) { + if (output == nullptr) { + return SerializeHeaders(framer, headers); + } + output->Reset(); + EXPECT_TRUE(framer->SerializeHeaders(headers, output)); + SpdySerializedFrame serialized_headers_old_version(output->Begin(), + output->Size(), false); + framer->hpack_encoder_.reset(nullptr); + auto* saved_debug_visitor = framer->debug_visitor_; + framer->debug_visitor_ = nullptr; + + std::vector<SpdySerializedFrame> frame_list; + SpdyFramer::SpdyHeaderFrameIterator it(framer, CloneSpdyHeadersIR(headers)); + while (it.HasNextFrame()) { + frame_list.push_back(it.NextFrame()); + } + framer->debug_visitor_ = saved_debug_visitor; + + EXPECT_THAT(serialized_headers_old_version, IsFrameUnionOf(&frame_list)); + return serialized_headers_old_version; + } }; class TestSpdyVisitor : public SpdyFramerVisitorInterface, @@ -297,11 +324,10 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface, data_frame_count_(0), last_payload_len_(0), last_frame_len_(0), - header_buffer_(new char[kDefaultHeaderBufferSize]), + header_buffer_(kDefaultHeaderBufferSize), header_buffer_length_(0), - header_buffer_size_(kDefaultHeaderBufferSize), header_stream_id_(static_cast<SpdyStreamId>(-1)), - header_control_type_(DATA), + header_control_type_(SpdyFrameType::DATA), header_buffer_valid_(false) {} void OnError(SpdyFramer* f) override { @@ -344,7 +370,7 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface, SpdyHeadersHandlerInterface* OnHeaderFrameStart( SpdyStreamId stream_id) override { if (headers_handler_ == nullptr) { - headers_handler_.reset(new TestHeadersHandler); + headers_handler_ = base::MakeUnique<TestHeadersHandler>(); } return headers_handler_.get(); } @@ -400,7 +426,7 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface, << weight << ", " << parent_stream_id << ", " << exclusive << ", " << fin << ", " << end << ")"; ++headers_frame_count_; - InitHeaderStreaming(HEADERS, stream_id); + InitHeaderStreaming(SpdyFrameType::HEADERS, stream_id); if (fin) { ++fin_flag_count_; } @@ -422,7 +448,7 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface, VLOG(1) << "OnPushPromise(" << stream_id << ", " << promised_stream_id << ", " << end << ")"; ++push_promise_frame_count_; - InitHeaderStreaming(PUSH_PROMISE, stream_id); + InitHeaderStreaming(SpdyFrameType::PUSH_PROMISE, stream_id); last_push_promise_stream_ = stream_id; last_push_promise_promised_stream_ = promised_stream_id; } @@ -433,17 +459,16 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface, } void OnAltSvc(SpdyStreamId stream_id, - StringPiece origin, + SpdyStringPiece origin, const SpdyAltSvcWireFormat::AlternativeServiceVector& altsvc_vector) override { VLOG(1) << "OnAltSvc(" << stream_id << ", \"" << origin << "\", altsvc_vector)"; test_altsvc_ir_.set_stream_id(stream_id); if (origin.length() > 0) { - test_altsvc_ir_.set_origin(origin.as_string()); + test_altsvc_ir_.set_origin(SpdyString(origin)); } - for (const SpdyAltSvcWireFormat::AlternativeService& altsvc : - altsvc_vector) { + for (const auto& altsvc : altsvc_vector) { test_altsvc_ir_.add_altsvc(altsvc); } ++altsvc_count_; @@ -502,11 +527,11 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface, void InitHeaderStreaming(SpdyFrameType header_control_type, SpdyStreamId stream_id) { - if (!IsDefinedFrameType(header_control_type)) { + if (!IsDefinedFrameType(SerializeFrameType(header_control_type))) { DLOG(FATAL) << "Attempted to init header streaming with " << "invalid control frame type: " << header_control_type; } - memset(header_buffer_.get(), 0, header_buffer_size_); + std::fill(header_buffer_.begin(), header_buffer_.end(), 0); header_buffer_length_ = 0; header_stream_id_ = stream_id; header_control_type_ = header_control_type; @@ -520,8 +545,7 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface, // Override the default buffer size (16K). Call before using the framer! void set_header_buffer_size(size_t header_buffer_size) { - header_buffer_size_ = header_buffer_size; - header_buffer_.reset(new char[header_buffer_size]); + header_buffer_.resize(header_buffer_size); } // Largest control frame that the SPDY implementation sends, including the @@ -571,9 +595,8 @@ class TestSpdyVisitor : public SpdyFramerVisitorInterface, size_t last_frame_len_; // Header block streaming state: - std::unique_ptr<char[]> header_buffer_; + std::vector<char> header_buffer_; size_t header_buffer_length_; - size_t header_buffer_size_; size_t header_bytes_received_; SpdyStreamId header_stream_id_; SpdyFrameType header_control_type_; @@ -614,12 +637,12 @@ class TestExtension : public ExtensionVisitorInterface { size_t length_ = 0; uint8_t type_ = 0; uint8_t flags_ = 0; - string payload_; + SpdyString payload_; }; // Retrieves serialized headers from a HEADERS frame. -StringPiece GetSerializedHeaders(const SpdySerializedFrame& frame, - const SpdyFramer& framer) { +SpdyStringPiece GetSerializedHeaders(const SpdySerializedFrame& frame, + const SpdyFramer& framer) { SpdyFrameReader reader(frame.data(), frame.size()); reader.Seek(3); // Seek past the frame length. @@ -627,19 +650,23 @@ StringPiece GetSerializedHeaders(const SpdySerializedFrame& frame, reader.ReadUInt8(&serialized_type); SpdyFrameType type = ParseFrameType(serialized_type); - DCHECK_EQ(HEADERS, type); + DCHECK_EQ(SpdyFrameType::HEADERS, type); uint8_t flags; reader.ReadUInt8(&flags); - return StringPiece(frame.data() + framer.GetHeadersMinimumSize(), - frame.size() - framer.GetHeadersMinimumSize()); + return SpdyStringPiece(frame.data() + framer.GetHeadersMinimumSize(), + frame.size() - framer.GetHeadersMinimumSize()); } enum DecoderChoice { DECODER_SELF, DECODER_NESTED, DECODER_HTTP2 }; -enum HpackChoice { HPACK_DECODER_1, HPACK_DECODER_2, HPACK_DECODER_3 }; +enum HpackChoice { HPACK_DECODER_1, HPACK_DECODER_3 }; +enum Output { USE, NOT_USE }; + +class SpdyFramerTest : public ::testing::TestWithParam< + std::tuple<DecoderChoice, HpackChoice, Output>> { + public: + SpdyFramerTest() : output_(output_buffer, kSize) {} -class SpdyFramerTest - : public ::testing::TestWithParam<std::tuple<DecoderChoice, HpackChoice>> { protected: void SetUp() override { auto param = GetParam(); @@ -659,21 +686,25 @@ class SpdyFramerTest } switch (std::get<1>(param)) { case HPACK_DECODER_1: - FLAGS_chromium_http2_flag_spdy_use_hpack_decoder2 = false; - FLAGS_chromium_http2_flag_spdy_use_hpack_decoder3 = false; - break; - case HPACK_DECODER_2: - FLAGS_chromium_http2_flag_spdy_use_hpack_decoder2 = true; FLAGS_chromium_http2_flag_spdy_use_hpack_decoder3 = false; break; case HPACK_DECODER_3: - FLAGS_chromium_http2_flag_spdy_use_hpack_decoder2 = false; FLAGS_chromium_http2_flag_spdy_use_hpack_decoder3 = true; break; } + switch (std::get<2>(param)) { + case USE: + use_output_ = true; + break; + case NOT_USE: + // TODO(yasong): remove this case after + // FLAGS_chromium_http2_flag_remove_rewritelength deprecates. + use_output_ = false; + break; + } } - void CompareFrame(const string& description, + void CompareFrame(const SpdyString& description, const SpdySerializedFrame& actual_frame, const unsigned char* expected, const int expected_len) { @@ -683,7 +714,7 @@ class SpdyFramerTest expected, expected_len); } - void CompareFrames(const string& description, + void CompareFrames(const SpdyString& description, const SpdySerializedFrame& expected_frame, const SpdySerializedFrame& actual_frame) { CompareCharArraysWithHexError( @@ -693,14 +724,19 @@ class SpdyFramerTest reinterpret_cast<const unsigned char*>(actual_frame.data()), actual_frame.size()); } + + bool use_output_ = false; + ArrayOutputBuffer output_; }; -INSTANTIATE_TEST_CASE_P( - SpdyFramerTests, - SpdyFramerTest, - ::testing::Combine( - ::testing::Values(DECODER_SELF, DECODER_NESTED, DECODER_HTTP2), - ::testing::Values(HPACK_DECODER_1, HPACK_DECODER_2, HPACK_DECODER_3))); +INSTANTIATE_TEST_CASE_P(SpdyFramerTests, + SpdyFramerTest, + ::testing::Combine(::testing::Values(DECODER_SELF, + DECODER_NESTED, + DECODER_HTTP2), + ::testing::Values(HPACK_DECODER_1, + HPACK_DECODER_3), + ::testing::Values(USE, NOT_USE))); // Test that we can encode and decode a SpdyHeaderBlock in serialized form. TEST_P(SpdyFramerTest, HeaderBlockInBuffer) { @@ -711,7 +747,8 @@ TEST_P(SpdyFramerTest, HeaderBlockInBuffer) { headers.SetHeader("alpha", "beta"); headers.SetHeader("gamma", "charlie"); headers.SetHeader("cookie", "key1=value1; key2=value2"); - SpdySerializedFrame frame(SpdyFramerPeer::SerializeHeaders(&framer, headers)); + SpdySerializedFrame frame(SpdyFramerPeer::SerializeHeaders( + &framer, headers, use_output_ ? &output_ : nullptr)); TestSpdyVisitor visitor(SpdyFramer::DISABLE_COMPRESSION); visitor.SimulateInFramer(reinterpret_cast<unsigned char*>(frame.data()), @@ -729,7 +766,8 @@ TEST_P(SpdyFramerTest, UndersizedHeaderBlockInBuffer) { SpdyHeadersIR headers(1); headers.SetHeader("alpha", "beta"); headers.SetHeader("gamma", "charlie"); - SpdySerializedFrame frame(SpdyFramerPeer::SerializeHeaders(&framer, headers)); + SpdySerializedFrame frame(SpdyFramerPeer::SerializeHeaders( + &framer, headers, use_output_ ? &output_ : nullptr)); TestSpdyVisitor visitor(SpdyFramer::DISABLE_COMPRESSION); visitor.SimulateInFramer(reinterpret_cast<unsigned char*>(frame.data()), @@ -745,14 +783,14 @@ TEST_P(SpdyFramerTest, RejectUpperCaseHeaderBlockValue) { SpdyFramer framer(SpdyFramer::DISABLE_COMPRESSION); SpdyFrameBuilder frame(1024); - frame.BeginNewFrame(framer, HEADERS, 0, 1); + frame.BeginNewFrame(framer, SpdyFrameType::HEADERS, 0, 1); frame.WriteUInt32(1); frame.WriteStringPiece32("Name1"); frame.WriteStringPiece32("value1"); frame.OverwriteLength(framer, frame.length() - framer.GetFrameHeaderSize()); SpdyFrameBuilder frame2(1024); - frame2.BeginNewFrame(framer, HEADERS, 0, 1); + frame2.BeginNewFrame(framer, SpdyFrameType::HEADERS, 0, 1); frame2.WriteUInt32(2); frame2.WriteStringPiece32("name1"); frame2.WriteStringPiece32("value1"); @@ -761,9 +799,10 @@ TEST_P(SpdyFramerTest, RejectUpperCaseHeaderBlockValue) { frame.OverwriteLength(framer, frame2.length() - framer.GetFrameHeaderSize()); SpdySerializedFrame control_frame(frame.take()); - StringPiece serialized_headers = GetSerializedHeaders(control_frame, framer); + SpdyStringPiece serialized_headers = + GetSerializedHeaders(control_frame, framer); SpdySerializedFrame control_frame2(frame2.take()); - StringPiece serialized_headers2 = + SpdyStringPiece serialized_headers2 = GetSerializedHeaders(control_frame2, framer); SpdyHeaderBlock new_headers; @@ -786,8 +825,8 @@ TEST_P(SpdyFramerTest, HeaderStreamDependencyValues) { headers.set_has_priority(true); headers.set_parent_stream_id(parent_stream_id); headers.set_exclusive(exclusive); - SpdySerializedFrame frame( - SpdyFramerPeer::SerializeHeaders(&framer, headers)); + SpdySerializedFrame frame(SpdyFramerPeer::SerializeHeaders( + &framer, headers, use_output_ ? &output_ : nullptr)); TestSpdyVisitor visitor(SpdyFramer::DISABLE_COMPRESSION); visitor.SimulateInFramer(reinterpret_cast<unsigned char*>(frame.data()), @@ -1008,7 +1047,8 @@ TEST_P(SpdyFramerTest, HeadersWithStreamIdZero) { SpdyHeadersIR headers(0); headers.SetHeader("alpha", "beta"); - SpdySerializedFrame frame(SpdyFramerPeer::SerializeHeaders(&framer, headers)); + SpdySerializedFrame frame(SpdyFramerPeer::SerializeHeaders( + &framer, headers, use_output_ ? &output_ : nullptr)); // We shouldn't have to read the whole frame before we signal an error. EXPECT_CALL(visitor, OnError(testing::Eq(&framer))); @@ -1027,6 +1067,10 @@ TEST_P(SpdyFramerTest, PriorityWithStreamIdZero) { SpdyPriorityIR priority_ir(0, 1, 16, true); SpdySerializedFrame frame(framer.SerializeFrame(priority_ir)); + if (use_output_) { + ASSERT_TRUE(framer.SerializeFrame(priority_ir, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } // We shouldn't have to read the whole frame before we signal an error. EXPECT_CALL(visitor, OnError(testing::Eq(&framer))); @@ -1045,6 +1089,10 @@ TEST_P(SpdyFramerTest, RstStreamWithStreamIdZero) { SpdyRstStreamIR rst_stream_ir(0, ERROR_CODE_PROTOCOL_ERROR); SpdySerializedFrame frame(framer.SerializeRstStream(rst_stream_ir)); + if (use_output_) { + ASSERT_TRUE(framer.SerializeRstStream(rst_stream_ir, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } // We shouldn't have to read the whole frame before we signal an error. EXPECT_CALL(visitor, OnError(testing::Eq(&framer))); @@ -1118,10 +1166,14 @@ TEST_P(SpdyFramerTest, ContinuationWithStreamIdZero) { SpdyContinuationIR continuation(0); auto some_nonsense_encoding = - base::MakeUnique<string>("some nonsense encoding"); + base::MakeUnique<SpdyString>("some nonsense encoding"); continuation.take_encoding(std::move(some_nonsense_encoding)); continuation.set_end_headers(true); SpdySerializedFrame frame(framer.SerializeContinuation(continuation)); + if (use_output_) { + ASSERT_TRUE(framer.SerializeContinuation(continuation, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } // We shouldn't have to read the whole frame before we signal an error. EXPECT_CALL(visitor, OnError(testing::Eq(&framer))); @@ -1141,6 +1193,10 @@ TEST_P(SpdyFramerTest, PushPromiseWithStreamIdZero) { SpdyPushPromiseIR push_promise(0, 4); push_promise.SetHeader("alpha", "beta"); SpdySerializedFrame frame(framer.SerializePushPromise(push_promise)); + if (use_output_) { + ASSERT_TRUE(framer.SerializePushPromise(push_promise, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } // We shouldn't have to read the whole frame before we signal an error. EXPECT_CALL(visitor, OnError(testing::Eq(&framer))); @@ -1160,6 +1216,10 @@ TEST_P(SpdyFramerTest, PushPromiseWithPromisedStreamIdZero) { SpdyPushPromiseIR push_promise(3, 0); push_promise.SetHeader("alpha", "beta"); SpdySerializedFrame frame(framer.SerializePushPromise(push_promise)); + if (use_output_) { + ASSERT_TRUE(framer.SerializePushPromise(push_promise, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } EXPECT_CALL(visitor, OnError(testing::Eq(&framer))); framer.ProcessInput(frame.data(), frame.size()); @@ -1172,7 +1232,7 @@ TEST_P(SpdyFramerTest, DuplicateHeader) { SpdyFramer framer(SpdyFramer::DISABLE_COMPRESSION); // Frame builder with plentiful buffer size. SpdyFrameBuilder frame(1024); - frame.BeginNewFrame(framer, HEADERS, 0, 3); + frame.BeginNewFrame(framer, SpdyFrameType::HEADERS, 0, 3); frame.WriteUInt32(2); // Number of headers. frame.WriteStringPiece32("name"); @@ -1184,7 +1244,8 @@ TEST_P(SpdyFramerTest, DuplicateHeader) { SpdyHeaderBlock new_headers; SpdySerializedFrame control_frame(frame.take()); - StringPiece serialized_headers = GetSerializedHeaders(control_frame, framer); + SpdyStringPiece serialized_headers = + GetSerializedHeaders(control_frame, framer); // This should fail because duplicate headers are verboten by the spec. EXPECT_FALSE(framer.ParseHeaderBlockInBuffer( serialized_headers.data(), serialized_headers.size(), &new_headers)); @@ -1194,16 +1255,16 @@ TEST_P(SpdyFramerTest, MultiValueHeader) { SpdyFramer framer(SpdyFramer::DISABLE_COMPRESSION); // Frame builder with plentiful buffer size. SpdyFrameBuilder frame(1024); - frame.BeginNewFrame(framer, HEADERS, + frame.BeginNewFrame(framer, SpdyFrameType::HEADERS, HEADERS_FLAG_PRIORITY | HEADERS_FLAG_END_HEADERS, 3); frame.WriteUInt32(0); // Priority exclusivity and dependent stream. frame.WriteUInt8(255); // Priority weight. - string value("value1\0value2", 13); + SpdyString value("value1\0value2", 13); // TODO(jgraettinger): If this pattern appears again, move to test class. SpdyHeaderBlock header_set; header_set["name"] = value; - string buffer; + SpdyString buffer; HpackEncoder encoder(ObtainHpackHuffmanTable()); encoder.DisableCompression(); encoder.EncodeHeaderSet(header_set, &buffer); @@ -1218,8 +1279,8 @@ TEST_P(SpdyFramerTest, MultiValueHeader) { reinterpret_cast<unsigned char*>(control_frame.data()), control_frame.size()); - EXPECT_THAT(visitor.headers_, - testing::ElementsAre(testing::Pair("name", StringPiece(value)))); + EXPECT_THAT(visitor.headers_, testing::ElementsAre(testing::Pair( + "name", SpdyStringPiece(value)))); } TEST_P(SpdyFramerTest, CompressEmptyHeaders) { @@ -1406,11 +1467,11 @@ TEST_P(SpdyFramerTest, UnclosedStreamDataCompressorsOneByteAtATime) { SpdyHeadersIR headers(1); headers.SetHeader(kHeader1, kValue1); headers.SetHeader(kHeader2, kValue2); - SpdySerializedFrame headers_frame( - SpdyFramerPeer::SerializeHeaders(&framer, headers)); + SpdySerializedFrame headers_frame(SpdyFramerPeer::SerializeHeaders( + &framer, headers, use_output_ ? &output_ : nullptr)); const char bytes[] = "this is a test test test test test!"; - SpdyDataIR data_ir(1, StringPiece(bytes, arraysize(bytes))); + SpdyDataIR data_ir(1, SpdyStringPiece(bytes, arraysize(bytes))); data_ir.set_fin(true); SpdySerializedFrame send_frame(framer.SerializeData(data_ir)); @@ -1439,8 +1500,12 @@ TEST_P(SpdyFramerTest, UnclosedStreamDataCompressorsOneByteAtATime) { TEST_P(SpdyFramerTest, WindowUpdateFrame) { SpdyFramer framer(SpdyFramer::ENABLE_COMPRESSION); - SpdySerializedFrame frame( - framer.SerializeWindowUpdate(SpdyWindowUpdateIR(1, 0x12345678))); + SpdyWindowUpdateIR window_update(1, 0x12345678); + SpdySerializedFrame frame(framer.SerializeWindowUpdate(window_update)); + if (use_output_) { + ASSERT_TRUE(framer.SerializeWindowUpdate(window_update, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } const char kDescription[] = "WINDOW_UPDATE frame, stream 1, delta 0x12345678"; const unsigned char kH2FrameData[] = { @@ -1670,6 +1735,10 @@ TEST_P(SpdyFramerTest, CreateRstStream) { }; SpdyRstStreamIR rst_stream(1, ERROR_CODE_PROTOCOL_ERROR); SpdySerializedFrame frame(framer.SerializeRstStream(rst_stream)); + if (use_output_) { + ASSERT_TRUE(framer.SerializeRstStream(rst_stream, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } CompareFrame(kDescription, frame, kH2FrameData, arraysize(kH2FrameData)); } @@ -1684,6 +1753,11 @@ TEST_P(SpdyFramerTest, CreateRstStream) { }; SpdyRstStreamIR rst_stream(0x7FFFFFFF, ERROR_CODE_PROTOCOL_ERROR); SpdySerializedFrame frame(framer.SerializeRstStream(rst_stream)); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE(framer.SerializeRstStream(rst_stream, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } CompareFrame(kDescription, frame, kH2FrameData, arraysize(kH2FrameData)); } @@ -1698,6 +1772,11 @@ TEST_P(SpdyFramerTest, CreateRstStream) { }; SpdyRstStreamIR rst_stream(0x7FFFFFFF, ERROR_CODE_INTERNAL_ERROR); SpdySerializedFrame frame(framer.SerializeRstStream(rst_stream)); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE(framer.SerializeRstStream(rst_stream, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } CompareFrame(kDescription, frame, kH2FrameData, arraysize(kH2FrameData)); } } @@ -1724,6 +1803,10 @@ TEST_P(SpdyFramerTest, CreateSettings) { settings_ir.AddSetting(kId, kValue); SpdySerializedFrame frame(framer.SerializeSettings(settings_ir)); + if (use_output_) { + ASSERT_TRUE(framer.SerializeSettings(settings_ir, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } CompareFrame(kDescription, frame, kH2FrameData, arraysize(kH2FrameData)); } @@ -1753,6 +1836,11 @@ TEST_P(SpdyFramerTest, CreateSettings) { settings_ir.AddSetting(SETTINGS_MAX_CONCURRENT_STREAMS, 7); settings_ir.AddSetting(SETTINGS_INITIAL_WINDOW_SIZE, 8); SpdySerializedFrame frame(framer.SerializeSettings(settings_ir)); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE(framer.SerializeSettings(settings_ir, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } CompareFrame(kDescription, frame, kH2FrameData, arraysize(kH2FrameData)); } @@ -1768,6 +1856,12 @@ TEST_P(SpdyFramerTest, CreateSettings) { }; SpdySettingsIR settings_ir; SpdySerializedFrame frame(framer.SerializeSettings(settings_ir)); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE(framer.SerializeSettings(settings_ir, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } + CompareFrame(kDescription, frame, kH2FrameData, arraysize(kH2FrameData)); } } @@ -1799,11 +1893,20 @@ TEST_P(SpdyFramerTest, CreatePingFrame) { // Tests SpdyPingIR when the ping is not an ack. ASSERT_FALSE(ping_ir.is_ack()); frame = framer.SerializePing(ping_ir); + if (use_output_) { + ASSERT_TRUE(framer.SerializePing(ping_ir, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } CompareFrame(kDescription, frame, kH2FrameData, arraysize(kH2FrameData)); // Tests SpdyPingIR when the ping is an ack. ping_ir.set_is_ack(true); frame = framer.SerializePing(ping_ir); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE(framer.SerializePing(ping_ir, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } CompareFrame(kDescription, frame, kH2FrameDataWithAck, arraysize(kH2FrameDataWithAck)); } @@ -1825,6 +1928,10 @@ TEST_P(SpdyFramerTest, CreateGoAway) { }; SpdyGoAwayIR goaway_ir(0, ERROR_CODE_NO_ERROR, "GA"); SpdySerializedFrame frame(framer.SerializeGoAway(goaway_ir)); + if (use_output_) { + ASSERT_TRUE(framer.SerializeGoAway(goaway_ir, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } CompareFrame(kDescription, frame, kH2FrameData, arraysize(kH2FrameData)); } @@ -1841,6 +1948,11 @@ TEST_P(SpdyFramerTest, CreateGoAway) { }; SpdyGoAwayIR goaway_ir(0x7FFFFFFF, ERROR_CODE_INTERNAL_ERROR, "GA"); SpdySerializedFrame frame(framer.SerializeGoAway(goaway_ir)); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE(framer.SerializeGoAway(goaway_ir, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } CompareFrame(kDescription, frame, kH2FrameData, arraysize(kH2FrameData)); } } @@ -1874,8 +1986,8 @@ TEST_P(SpdyFramerTest, CreateHeadersUncompressed) { SpdyHeadersIR headers(1); headers.SetHeader("bar", "foo"); headers.SetHeader("foo", "bar"); - SpdySerializedFrame frame( - SpdyFramerPeer::SerializeHeaders(&framer, headers)); + SpdySerializedFrame frame(SpdyFramerPeer::SerializeHeaders( + &framer, headers, use_output_ ? &output_ : nullptr)); CompareFrame(kDescription, frame, kH2FrameData, arraysize(kH2FrameData)); } @@ -1905,8 +2017,8 @@ TEST_P(SpdyFramerTest, CreateHeadersUncompressed) { headers.set_fin(true); headers.SetHeader("", "foo"); headers.SetHeader("foo", "bar"); - SpdySerializedFrame frame( - SpdyFramerPeer::SerializeHeaders(&framer, headers)); + SpdySerializedFrame frame(SpdyFramerPeer::SerializeHeaders( + &framer, headers, use_output_ ? &output_ : nullptr)); CompareFrame(kDescription, frame, kH2FrameData, arraysize(kH2FrameData)); } @@ -1936,8 +2048,8 @@ TEST_P(SpdyFramerTest, CreateHeadersUncompressed) { headers_ir.set_fin(true); headers_ir.SetHeader("bar", "foo"); headers_ir.SetHeader("foo", ""); - SpdySerializedFrame frame( - SpdyFramerPeer::SerializeHeaders(&framer, headers_ir)); + SpdySerializedFrame frame(SpdyFramerPeer::SerializeHeaders( + &framer, headers_ir, use_output_ ? &output_ : nullptr)); CompareFrame(kDescription, frame, kH2FrameData, arraysize(kH2FrameData)); } @@ -1972,8 +2084,8 @@ TEST_P(SpdyFramerTest, CreateHeadersUncompressed) { headers_ir.set_weight(220); headers_ir.SetHeader("bar", "foo"); headers_ir.SetHeader("foo", ""); - SpdySerializedFrame frame( - SpdyFramerPeer::SerializeHeaders(&framer, headers_ir)); + SpdySerializedFrame frame(SpdyFramerPeer::SerializeHeaders( + &framer, headers_ir, use_output_ ? &output_ : nullptr)); CompareFrame(kDescription, frame, kH2FrameData, arraysize(kH2FrameData)); } @@ -2011,8 +2123,8 @@ TEST_P(SpdyFramerTest, CreateHeadersUncompressed) { headers_ir.set_parent_stream_id(0); headers_ir.SetHeader("bar", "foo"); headers_ir.SetHeader("foo", ""); - SpdySerializedFrame frame( - SpdyFramerPeer::SerializeHeaders(&framer, headers_ir)); + SpdySerializedFrame frame(SpdyFramerPeer::SerializeHeaders( + &framer, headers_ir, use_output_ ? &output_ : nullptr)); CompareFrame(kDescription, frame, kV4FrameData, arraysize(kV4FrameData)); } @@ -2050,8 +2162,8 @@ TEST_P(SpdyFramerTest, CreateHeadersUncompressed) { headers_ir.set_parent_stream_id(0x7fffffff); headers_ir.SetHeader("bar", "foo"); headers_ir.SetHeader("foo", ""); - SpdySerializedFrame frame( - SpdyFramerPeer::SerializeHeaders(&framer, headers_ir)); + SpdySerializedFrame frame(SpdyFramerPeer::SerializeHeaders( + &framer, headers_ir, use_output_ ? &output_ : nullptr)); CompareFrame(kDescription, frame, kV4FrameData, arraysize(kV4FrameData)); } @@ -2087,29 +2199,12 @@ TEST_P(SpdyFramerTest, CreateHeadersUncompressed) { headers_ir.SetHeader("", "foo"); headers_ir.SetHeader("foo", "bar"); headers_ir.set_padding_len(6); - SpdySerializedFrame frame( - SpdyFramerPeer::SerializeHeaders(&framer, headers_ir)); + SpdySerializedFrame frame(SpdyFramerPeer::SerializeHeaders( + &framer, headers_ir, use_output_ ? &output_ : nullptr)); CompareFrame(kDescription, frame, kH2FrameData, arraysize(kH2FrameData)); } } -// TODO(phajdan.jr): Clean up after we no longer need -// to workaround http://crbug.com/139744. -#if !defined(USE_SYSTEM_ZLIB) -TEST_P(SpdyFramerTest, CreateHeadersCompressed) { - SpdyFramer framer(SpdyFramer::ENABLE_COMPRESSION); - - { - SpdyHeadersIR headers_ir(1); - headers_ir.SetHeader("bar", "foo"); - headers_ir.SetHeader("foo", "bar"); - SpdySerializedFrame frame( - SpdyFramerPeer::SerializeHeaders(&framer, headers_ir)); - // Deflate compression doesn't apply to HPACK. - } -} -#endif // !defined(USE_SYSTEM_ZLIB) - TEST_P(SpdyFramerTest, CreateWindowUpdate) { SpdyFramer framer(SpdyFramer::ENABLE_COMPRESSION); @@ -2124,6 +2219,12 @@ TEST_P(SpdyFramerTest, CreateWindowUpdate) { }; SpdySerializedFrame frame( framer.SerializeWindowUpdate(SpdyWindowUpdateIR(1, 1))); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE( + framer.SerializeWindowUpdate(SpdyWindowUpdateIR(1, 1), &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } CompareFrame(kDescription, frame, kH2FrameData, arraysize(kH2FrameData)); } @@ -2138,6 +2239,12 @@ TEST_P(SpdyFramerTest, CreateWindowUpdate) { }; SpdySerializedFrame frame( framer.SerializeWindowUpdate(SpdyWindowUpdateIR(0x7FFFFFFF, 1))); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE(framer.SerializeWindowUpdate( + SpdyWindowUpdateIR(0x7FFFFFFF, 1), &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } CompareFrame(kDescription, frame, kH2FrameData, arraysize(kH2FrameData)); } @@ -2152,40 +2259,16 @@ TEST_P(SpdyFramerTest, CreateWindowUpdate) { }; SpdySerializedFrame frame( framer.SerializeWindowUpdate(SpdyWindowUpdateIR(1, 0x7FFFFFFF))); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE(framer.SerializeWindowUpdate( + SpdyWindowUpdateIR(1, 0x7FFFFFFF), &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } CompareFrame(kDescription, frame, kH2FrameData, arraysize(kH2FrameData)); } } -TEST_P(SpdyFramerTest, SerializeBlocked) { - SpdyFramer framer(SpdyFramer::ENABLE_COMPRESSION); - - const char kDescription[] = "BLOCKED frame"; - const unsigned char kType = static_cast<unsigned char>(BLOCKED); - const unsigned char kFrameData[] = { - 0x00, 0x00, 0x00, // Length: 0 - kType, // Type: BLOCKED - 0x00, // Flags: none - 0x00, 0x00, 0x00, 0x00, // Stream: 0 - }; - SpdyBlockedIR blocked_ir(0); - SpdySerializedFrame frame(framer.SerializeFrame(blocked_ir)); - CompareFrame(kDescription, frame, kFrameData, arraysize(kFrameData)); -} - -TEST_P(SpdyFramerTest, CreateBlocked) { - SpdyFramer framer(SpdyFramer::ENABLE_COMPRESSION); - - const char kDescription[] = "BLOCKED frame"; - const SpdyStreamId kStreamId = 3; - - SpdySerializedFrame frame_serialized( - framer.SerializeBlocked(SpdyBlockedIR(kStreamId))); - SpdyBlockedIR blocked_ir(kStreamId); - SpdySerializedFrame frame_created(framer.SerializeFrame(blocked_ir)); - - CompareFrames(kDescription, frame_serialized, frame_created); -} - TEST_P(SpdyFramerTest, CreatePushPromiseUncompressed) { { // Test framing PUSH_PROMISE without padding. @@ -2218,6 +2301,10 @@ TEST_P(SpdyFramerTest, CreatePushPromiseUncompressed) { push_promise.SetHeader("bar", "foo"); push_promise.SetHeader("foo", "bar"); SpdySerializedFrame frame(framer.SerializePushPromise(push_promise)); + if (use_output_) { + ASSERT_TRUE(framer.SerializePushPromise(push_promise, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } CompareFrame(kDescription, frame, kFrameData, arraysize(kFrameData)); } @@ -2254,6 +2341,11 @@ TEST_P(SpdyFramerTest, CreatePushPromiseUncompressed) { push_promise.SetHeader("bar", "foo"); push_promise.SetHeader("foo", "bar"); SpdySerializedFrame frame(framer.SerializePushPromise(push_promise)); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE(framer.SerializePushPromise(push_promise, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } CompareFrame(kDescription, frame, kFrameData, arraysize(kFrameData)); } @@ -2310,6 +2402,11 @@ TEST_P(SpdyFramerTest, CreatePushPromiseUncompressed) { push_promise.SetHeader("bar", "foo"); push_promise.SetHeader("foo", "bar"); SpdySerializedFrame frame(framer.SerializePushPromise(push_promise)); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE(framer.SerializePushPromise(push_promise, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } CompareFrame(kDescription, frame, kFrameData, arraysize(kFrameData)); } } @@ -2355,7 +2452,7 @@ TEST_P(SpdyFramerTest, CreateContinuationUncompressed) { SpdyHeaderBlock header_block; header_block["bar"] = "foo"; header_block["foo"] = "bar"; - auto buffer = base::MakeUnique<string>(); + auto buffer = base::MakeUnique<SpdyString>(); HpackEncoder encoder(ObtainHpackHuffmanTable()); encoder.DisableCompression(); encoder.EncodeHeaderSet(header_block, buffer.get()); @@ -2365,6 +2462,10 @@ TEST_P(SpdyFramerTest, CreateContinuationUncompressed) { continuation.set_end_headers(true); SpdySerializedFrame frame(framer.SerializeContinuation(continuation)); + if (use_output_) { + ASSERT_TRUE(framer.SerializeContinuation(continuation, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } CompareFrame(kDescription, frame, kFrameData, arraysize(kFrameData)); } @@ -2466,9 +2567,13 @@ TEST_P(SpdyFramerTest, CreatePushPromiseThenContinuationUncompressed) { SpdyPushPromiseIR push_promise(42, 57); push_promise.set_padding_len(1); - string big_value(TestSpdyVisitor::sent_control_frame_max_size(), 'x'); + SpdyString big_value(TestSpdyVisitor::sent_control_frame_max_size(), 'x'); push_promise.SetHeader("xxx", big_value); SpdySerializedFrame frame(framer.SerializePushPromise(push_promise)); + if (use_output_) { + ASSERT_TRUE(framer.SerializePushPromise(push_promise, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } // The entire frame should look like below: // Name Length in Byte @@ -2510,7 +2615,7 @@ TEST_P(SpdyFramerTest, CreateAltSvc) { SpdyFramer framer(SpdyFramer::ENABLE_COMPRESSION); const char kDescription[] = "ALTSVC frame"; - const char kType = static_cast<unsigned char>(ALTSVC); + const unsigned char kType = SerializeFrameType(SpdyFrameType::ALTSVC); const unsigned char kFrameData[] = { 0x00, 0x00, 0x49, kType, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x06, 'o', 'r', 'i', 'g', 'i', 'n', 'p', 'i', 'd', '1', '=', '"', 'h', @@ -2527,6 +2632,10 @@ TEST_P(SpdyFramerTest, CreateAltSvc) { "p\"=i:d", "h_\\o\"st", 123, 42, SpdyAltSvcWireFormat::VersionVector{24})); SpdySerializedFrame frame(framer.SerializeFrame(altsvc_ir)); + if (use_output_) { + ASSERT_TRUE(framer.SerializeFrame(altsvc_ir, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } CompareFrame(kDescription, frame, kFrameData, arraysize(kFrameData)); } @@ -2544,12 +2653,22 @@ TEST_P(SpdyFramerTest, CreatePriority) { }; SpdyPriorityIR priority_ir(2, 1, 17, true); SpdySerializedFrame frame(framer.SerializeFrame(priority_ir)); + if (use_output_) { + ASSERT_TRUE(framer.SerializeFrame(priority_ir, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } CompareFrame(kDescription, frame, kFrameData, arraysize(kFrameData)); SpdyPriorityIR priority2(2); priority2.set_parent_stream_id(1); priority2.set_weight(17); priority2.set_exclusive(true); - frame = framer.SerializeFrame(priority2); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE(framer.SerializeFrame(priority2, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } else { + frame = framer.SerializeFrame(priority2); + } CompareFrame(kDescription, frame, kFrameData, arraysize(kFrameData)); } @@ -2558,8 +2677,8 @@ TEST_P(SpdyFramerTest, ReadCompressedHeadersHeaderBlock) { SpdyHeadersIR headers_ir(1); headers_ir.SetHeader("alpha", "beta"); headers_ir.SetHeader("gamma", "delta"); - SpdySerializedFrame control_frame( - SpdyFramerPeer::SerializeHeaders(&framer, headers_ir)); + SpdySerializedFrame control_frame(SpdyFramerPeer::SerializeHeaders( + &framer, headers_ir, use_output_ ? &output_ : nullptr)); TestSpdyVisitor visitor(SpdyFramer::ENABLE_COMPRESSION); visitor.SimulateInFramer( reinterpret_cast<unsigned char*>(control_frame.data()), @@ -2577,8 +2696,8 @@ TEST_P(SpdyFramerTest, ReadCompressedHeadersHeaderBlockWithHalfClose) { headers_ir.set_fin(true); headers_ir.SetHeader("alpha", "beta"); headers_ir.SetHeader("gamma", "delta"); - SpdySerializedFrame control_frame( - SpdyFramerPeer::SerializeHeaders(&framer, headers_ir)); + SpdySerializedFrame control_frame(SpdyFramerPeer::SerializeHeaders( + &framer, headers_ir, use_output_ ? &output_ : nullptr)); TestSpdyVisitor visitor(SpdyFramer::ENABLE_COMPRESSION); visitor.SimulateInFramer( reinterpret_cast<unsigned char*>(control_frame.data()), @@ -2598,10 +2717,10 @@ TEST_P(SpdyFramerTest, TooLargeHeadersFrameUsesContinuation) { // Exact payload length will change with HPACK, but this should be long // enough to cause an overflow. const size_t kBigValueSize = TestSpdyVisitor::sent_control_frame_max_size(); - string big_value(kBigValueSize, 'x'); + SpdyString big_value(kBigValueSize, 'x'); headers.SetHeader("aa", big_value); - SpdySerializedFrame control_frame( - SpdyFramerPeer::SerializeHeaders(&framer, headers)); + SpdySerializedFrame control_frame(SpdyFramerPeer::SerializeHeaders( + &framer, headers, use_output_ ? &output_ : nullptr)); EXPECT_GT(control_frame.size(), TestSpdyVisitor::sent_control_frame_max_size()); @@ -2624,9 +2743,9 @@ TEST_P(SpdyFramerTest, MultipleContinuationFramesWithIterator) { // Exact payload length will change with HPACK, but this should be long // enough to cause an overflow. const size_t kBigValueSize = TestSpdyVisitor::sent_control_frame_max_size(); - string big_valuex(kBigValueSize, 'x'); + SpdyString big_valuex(kBigValueSize, 'x'); headers->SetHeader("aa", big_valuex); - string big_valuez(kBigValueSize, 'z'); + SpdyString big_valuez(kBigValueSize, 'z'); headers->SetHeader("bb", big_valuez); SpdyFramer::SpdyHeaderFrameIterator frame_it(&framer, std::move(headers)); @@ -2685,9 +2804,13 @@ TEST_P(SpdyFramerTest, TooLargePushPromiseFrameUsesContinuation) { // Exact payload length will change with HPACK, but this should be long // enough to cause an overflow. const size_t kBigValueSize = TestSpdyVisitor::sent_control_frame_max_size(); - string big_value(kBigValueSize, 'x'); + SpdyString big_value(kBigValueSize, 'x'); push_promise.SetHeader("aa", big_value); SpdySerializedFrame control_frame(framer.SerializePushPromise(push_promise)); + if (use_output_) { + ASSERT_TRUE(framer.SerializePushPromise(push_promise, &output_)); + control_frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } EXPECT_GT(control_frame.size(), TestSpdyVisitor::sent_control_frame_max_size()); @@ -2710,13 +2833,13 @@ TEST_P(SpdyFramerTest, ControlFrameMuchTooLarge) { const size_t kHeaderBufferSize = TestSpdyVisitor::header_data_chunk_max_size() * kHeaderBufferChunks; const size_t kBigValueSize = kHeaderBufferSize * 2; - string big_value(kBigValueSize, 'x'); + SpdyString big_value(kBigValueSize, 'x'); SpdyFramer framer(SpdyFramer::ENABLE_COMPRESSION); SpdyHeadersIR headers(1); headers.set_fin(true); headers.SetHeader("aa", big_value); - SpdySerializedFrame control_frame( - SpdyFramerPeer::SerializeHeaders(&framer, headers)); + SpdySerializedFrame control_frame(SpdyFramerPeer::SerializeHeaders( + &framer, headers, use_output_ ? &output_ : nullptr)); TestSpdyVisitor visitor(SpdyFramer::ENABLE_COMPRESSION); visitor.set_header_buffer_size(kHeaderBufferSize); visitor.SimulateInFramer( @@ -2724,7 +2847,7 @@ TEST_P(SpdyFramerTest, ControlFrameMuchTooLarge) { control_frame.size()); // It's up to the visitor to ignore extraneous header data; the framer // won't throw an error. - EXPECT_GT(visitor.header_bytes_received_, visitor.header_buffer_size_); + EXPECT_GT(visitor.header_bytes_received_, visitor.header_buffer_.size()); EXPECT_EQ(1, visitor.end_of_stream_count_); } @@ -2751,7 +2874,7 @@ TEST_P(SpdyFramerTest, ControlFrameSizesAreValidated) { 0x00, 0x00, 0x00, // Truncated Status Field }; const size_t pad_length = length + kFrameHeaderSize - sizeof(kH2FrameData); - string pad(pad_length, 'A'); + SpdyString pad(pad_length, 'A'); TestSpdyVisitor visitor(SpdyFramer::DISABLE_COMPRESSION); visitor.SimulateInFramer(kH2FrameData, sizeof(kH2FrameData)); @@ -2770,6 +2893,10 @@ TEST_P(SpdyFramerTest, ReadZeroLenSettingsFrame) { SpdyFramer framer(SpdyFramer::ENABLE_COMPRESSION); SpdySettingsIR settings_ir; SpdySerializedFrame control_frame(framer.SerializeSettings(settings_ir)); + if (use_output_) { + ASSERT_TRUE(framer.SerializeSettings(settings_ir, &output_)); + control_frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } SetFrameLength(&control_frame, 0); TestSpdyVisitor visitor(SpdyFramer::DISABLE_COMPRESSION); visitor.SimulateInFramer( @@ -2791,6 +2918,10 @@ TEST_P(SpdyFramerTest, ReadBogusLenSettingsFrame) { settings_ir.AddSetting(SETTINGS_INITIAL_WINDOW_SIZE, 0x00000002); settings_ir.AddSetting(SETTINGS_MAX_CONCURRENT_STREAMS, 0x00000002); SpdySerializedFrame control_frame(framer.SerializeSettings(settings_ir)); + if (use_output_) { + ASSERT_TRUE(framer.SerializeSettings(settings_ir, &output_)); + control_frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } const size_t kNewLength = 8; SetFrameLength(&control_frame, kNewLength); TestSpdyVisitor visitor(SpdyFramer::DISABLE_COMPRESSION); @@ -2815,6 +2946,11 @@ TEST_P(SpdyFramerTest, ReadLargeSettingsFrame) { settings_ir.AddSetting(SETTINGS_MAX_CONCURRENT_STREAMS, 7); SpdySerializedFrame control_frame(framer.SerializeSettings(settings_ir)); + if (use_output_) { + ASSERT_TRUE(framer.SerializeSettings(settings_ir, &output_)); + control_frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } + EXPECT_LT(SpdyFramerPeer::ControlFrameBufferSize(), control_frame.size()); TestSpdyVisitor visitor(SpdyFramer::DISABLE_COMPRESSION); @@ -2891,11 +3027,6 @@ TEST_P(SpdyFramerTest, ReadUnknownSettingsId) { } TEST_P(SpdyFramerTest, ReadUnknownSettingsWithExtension) { - if (std::get<0>(GetParam()) != DECODER_SELF) { - // TODO(jamessynge): Implement extension support for the new decoder. - return; - } - SpdyFramer framer(SpdyFramer::ENABLE_COMPRESSION); const unsigned char kH2FrameData[] = { 0x00, 0x00, 0x0c, // Length: 12 @@ -3026,6 +3157,11 @@ TEST_P(SpdyFramerTest, ReadWindowUpdate) { SpdyFramer framer(SpdyFramer::ENABLE_COMPRESSION); SpdySerializedFrame control_frame( framer.SerializeWindowUpdate(SpdyWindowUpdateIR(1, 2))); + if (use_output_) { + ASSERT_TRUE( + framer.SerializeWindowUpdate(SpdyWindowUpdateIR(1, 2), &output_)); + control_frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } TestSpdyVisitor visitor(SpdyFramer::DISABLE_COMPRESSION); visitor.SimulateInFramer( reinterpret_cast<unsigned char*>(control_frame.data()), @@ -3040,6 +3176,12 @@ TEST_P(SpdyFramerTest, ReadCompressedPushPromise) { push_promise.SetHeader("foo", "bar"); push_promise.SetHeader("bar", "foofoo"); SpdySerializedFrame frame(framer.SerializePushPromise(push_promise)); + if (use_output_) { + // Use a new framer to clean up the hpack dynamic table. + SpdyFramer framer(SpdyFramer::ENABLE_COMPRESSION); + ASSERT_TRUE(framer.SerializePushPromise(push_promise, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } TestSpdyVisitor visitor(SpdyFramer::ENABLE_COMPRESSION); visitor.SimulateInFramer(reinterpret_cast<unsigned char*>(frame.data()), frame.size()); @@ -3254,11 +3396,6 @@ TEST_P(SpdyFramerTest, ReceiveUnknownMidContinuation) { // Receiving an unknown frame when a continuation is expected should // result in a SPDY_UNEXPECTED_FRAME error TEST_P(SpdyFramerTest, ReceiveUnknownMidContinuationWithExtension) { - if (std::get<0>(GetParam()) != DECODER_SELF) { - // TODO(jamessynge): Implement extension support for the new decoder. - return; - } - const unsigned char kInput[] = { 0x00, 0x00, 0x10, // Length: 16 0x01, // Type: HEADERS @@ -3465,6 +3602,49 @@ TEST_P(SpdyFramerTest, ReadUnknownExtensionFrame) { SpdySettingsIR settings_ir; settings_ir.AddSetting(SETTINGS_HEADER_TABLE_SIZE, 10); SpdySerializedFrame control_frame(framer.SerializeSettings(settings_ir)); + if (use_output_) { + ASSERT_TRUE(framer.SerializeSettings(settings_ir, &output_)); + control_frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } + visitor.SimulateInFramer( + reinterpret_cast<unsigned char*>(control_frame.data()), + control_frame.size()); + EXPECT_EQ(0, visitor.error_count_); + EXPECT_EQ(1u, static_cast<unsigned>(visitor.setting_count_)); + EXPECT_EQ(1u, static_cast<unsigned>(visitor.settings_ack_sent_)); +} + +TEST_P(SpdyFramerTest, ReadUnknownExtensionFrameWithExtension) { + SpdyFramer framer(SpdyFramer::ENABLE_COMPRESSION); + + // The unrecognized frame type should still have a valid length. + const unsigned char unknown_frame[] = { + 0x00, 0x00, 0x14, // Length: 20 + 0xff, // Type: UnknownFrameType(255) + 0xff, // Flags: 0xff + 0xff, 0xff, 0xff, 0xff, // Stream: 0x7fffffff (R-bit set) + 0xff, 0xff, 0xff, 0xff, // Payload + 0xff, 0xff, 0xff, 0xff, // + 0xff, 0xff, 0xff, 0xff, // + 0xff, 0xff, 0xff, 0xff, // + 0xff, 0xff, 0xff, 0xff, // + }; + TestSpdyVisitor visitor(SpdyFramer::DISABLE_COMPRESSION); + TestExtension extension; + visitor.set_extension_visitor(&extension); + visitor.SimulateInFramer(unknown_frame, arraysize(unknown_frame)); + EXPECT_EQ(0, visitor.error_count_); + EXPECT_EQ(0x7fffffffu, extension.stream_id_); + EXPECT_EQ(20u, extension.length_); + EXPECT_EQ(255, extension.type_); + EXPECT_EQ(0xff, extension.flags_); + EXPECT_EQ(SpdyString(20, '\xff'), extension.payload_); + + // Follow it up with a valid control frame to make sure we handle + // subsequent frames correctly. + SpdySettingsIR settings_ir; + settings_ir.AddSetting(SETTINGS_HEADER_TABLE_SIZE, 10); + SpdySerializedFrame control_frame(framer.SerializeSettings(settings_ir)); visitor.SimulateInFramer( reinterpret_cast<unsigned char*>(control_frame.data()), control_frame.size()); @@ -3517,7 +3697,6 @@ TEST_P(SpdyFramerTest, SizesTest) { EXPECT_EQ(17u, framer.GetGoAwayMinimumSize()); EXPECT_EQ(9u, framer.GetHeadersMinimumSize()); EXPECT_EQ(13u, framer.GetWindowUpdateSize()); - EXPECT_EQ(9u, framer.GetBlockedSize()); EXPECT_EQ(13u, framer.GetPushPromiseMinimumSize()); EXPECT_EQ(11u, framer.GetAltSvcMinimumSize()); EXPECT_EQ(9u, framer.GetFrameMinimumSize()); @@ -3674,6 +3853,11 @@ TEST_P(SpdyFramerTest, RstStreamFrameFlags) { SpdyRstStreamIR rst_stream(13, ERROR_CODE_CANCEL); SpdySerializedFrame frame(framer.SerializeRstStream(rst_stream)); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE(framer.SerializeRstStream(rst_stream, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } SetFrameFlags(&frame, flags); EXPECT_CALL(visitor, OnRstStream(13, ERROR_CODE_CANCEL)); @@ -3699,6 +3883,11 @@ TEST_P(SpdyFramerTest, SettingsFrameFlags) { SpdySettingsIR settings_ir; settings_ir.AddSetting(SETTINGS_INITIAL_WINDOW_SIZE, 16); SpdySerializedFrame frame(framer.SerializeSettings(settings_ir)); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE(framer.SerializeSettings(settings_ir, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } SetFrameFlags(&frame, flags); if (flags & SETTINGS_FLAG_ACK) { @@ -3736,6 +3925,11 @@ TEST_P(SpdyFramerTest, GoawayFrameFlags) { SpdyGoAwayIR goaway_ir(97, ERROR_CODE_NO_ERROR, "test"); SpdySerializedFrame frame(framer.SerializeGoAway(goaway_ir)); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE(framer.SerializeGoAway(goaway_ir, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } SetFrameFlags(&frame, flags); EXPECT_CALL(visitor, OnGoAway(97, ERROR_CODE_NO_ERROR)); @@ -3765,8 +3959,8 @@ TEST_P(SpdyFramerTest, HeadersFrameFlags) { headers_ir.set_exclusive(true); } headers_ir.SetHeader("foo", "bar"); - SpdySerializedFrame frame( - SpdyFramerPeer::SerializeHeaders(&framer, headers_ir)); + SpdySerializedFrame frame(SpdyFramerPeer::SerializeHeaders( + &framer, headers_ir, use_output_ ? &output_ : nullptr)); uint8_t set_flags = flags & ~HEADERS_FLAG_PADDED; SetFrameFlags(&frame, set_flags); @@ -3817,11 +4011,7 @@ TEST_P(SpdyFramerTest, PingFrameFlags) { SpdySerializedFrame frame(framer.SerializePing(SpdyPingIR(42))); SetFrameFlags(&frame, flags); - if (flags & PING_FLAG_ACK) { - EXPECT_CALL(visitor, OnPing(42, true)); - } else { - EXPECT_CALL(visitor, OnPing(42, false)); - } + EXPECT_CALL(visitor, OnPing(42, flags & PING_FLAG_ACK)); framer.ProcessInput(frame.data(), frame.size()); EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state()); @@ -3867,8 +4057,9 @@ TEST_P(SpdyFramerTest, PushPromiseFrameFlags) { framer.set_visitor(&visitor); framer.set_debug_visitor(&debug_visitor); - EXPECT_CALL(debug_visitor, - OnSendCompressedFrame(client_id, PUSH_PROMISE, _, _)); + EXPECT_CALL( + debug_visitor, + OnSendCompressedFrame(client_id, SpdyFrameType::PUSH_PROMISE, _, _)); SpdyPushPromiseIR push_promise(client_id, promised_id); push_promise.SetHeader("foo", "bar"); @@ -3878,8 +4069,8 @@ TEST_P(SpdyFramerTest, PushPromiseFrameFlags) { SetFrameFlags(&frame, flags & ~HEADERS_FLAG_PADDED); bool end = flags & PUSH_PROMISE_FLAG_END_PUSH_PROMISE; - EXPECT_CALL(debug_visitor, - OnReceiveCompressedFrame(client_id, PUSH_PROMISE, _)); + EXPECT_CALL(debug_visitor, OnReceiveCompressedFrame( + client_id, SpdyFrameType::PUSH_PROMISE, _)); EXPECT_CALL(visitor, OnPushPromise(client_id, promised_id, end)); EXPECT_CALL(visitor, OnHeaderFrameStart(client_id)).Times(1); if (end) { @@ -3905,22 +4096,30 @@ TEST_P(SpdyFramerTest, ContinuationFrameFlags) { framer.set_visitor(&visitor); framer.set_debug_visitor(&debug_visitor); - EXPECT_CALL(debug_visitor, OnSendCompressedFrame(42, HEADERS, _, _)); - EXPECT_CALL(debug_visitor, OnReceiveCompressedFrame(42, HEADERS, _)); + EXPECT_CALL(debug_visitor, + OnSendCompressedFrame(42, SpdyFrameType::HEADERS, _, _)); + EXPECT_CALL(debug_visitor, + OnReceiveCompressedFrame(42, SpdyFrameType::HEADERS, _)); EXPECT_CALL(visitor, OnHeaders(42, false, 0, 0, false, false, false)); EXPECT_CALL(visitor, OnHeaderFrameStart(42)).Times(1); SpdyHeadersIR headers_ir(42); headers_ir.SetHeader("foo", "bar"); - SpdySerializedFrame frame0( - SpdyFramerPeer::SerializeHeaders(&framer, headers_ir)); + SpdySerializedFrame frame0(SpdyFramerPeer::SerializeHeaders( + &framer, headers_ir, use_output_ ? &output_ : nullptr)); SetFrameFlags(&frame0, 0); SpdyContinuationIR continuation(42); SpdySerializedFrame frame(framer.SerializeContinuation(continuation)); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE(framer.SerializeContinuation(continuation, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } SetFrameFlags(&frame, flags); - EXPECT_CALL(debug_visitor, OnReceiveCompressedFrame(42, CONTINUATION, _)); + EXPECT_CALL(debug_visitor, + OnReceiveCompressedFrame(42, SpdyFrameType::CONTINUATION, _)); EXPECT_CALL(visitor, OnContinuation(42, flags & HEADERS_FLAG_END_HEADERS)); bool end = flags & HEADERS_FLAG_END_HEADERS; if (end) { @@ -3937,8 +4136,6 @@ TEST_P(SpdyFramerTest, ContinuationFrameFlags) { // TODO(mlavan): Add TEST_F(SpdyFramerTest, AltSvcFrameFlags) -// TODO(hkhalil): Add TEST_F(SpdyFramerTest, BlockedFrameFlags) - // Test handling of a RST_STREAM with out-of-bounds status codes. TEST_P(SpdyFramerTest, RstStreamStatusBounds) { const unsigned char kH2RstStreamInvalid[] = { @@ -4023,24 +4220,6 @@ TEST_P(SpdyFramerTest, GoAwayStreamIdBounds) { << SpdyFramer::SpdyFramerErrorToString(framer.spdy_framer_error()); } -TEST_P(SpdyFramerTest, OnBlocked) { - const SpdyStreamId kStreamId = 0; - - testing::StrictMock<test::MockSpdyFramerVisitor> visitor; - SpdyFramer framer(SpdyFramer::ENABLE_COMPRESSION); - framer.set_visitor(&visitor); - - EXPECT_CALL(visitor, OnBlocked(kStreamId)); - - SpdyBlockedIR blocked_ir(0); - SpdySerializedFrame frame(framer.SerializeFrame(blocked_ir)); - framer.ProcessInput(frame.data(), framer.GetBlockedSize()); - - EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state()); - EXPECT_EQ(SpdyFramer::SPDY_NO_ERROR, framer.spdy_framer_error()) - << SpdyFramer::SpdyFramerErrorToString(framer.spdy_framer_error()); -} - TEST_P(SpdyFramerTest, OnAltSvcWithOrigin) { const SpdyStreamId kStreamId = 0; // Stream id must be zero if origin given. @@ -4056,13 +4235,18 @@ TEST_P(SpdyFramerTest, OnAltSvcWithOrigin) { altsvc_vector.push_back(altsvc1); altsvc_vector.push_back(altsvc2); EXPECT_CALL(visitor, - OnAltSvc(kStreamId, StringPiece("o_r|g!n"), altsvc_vector)); + OnAltSvc(kStreamId, SpdyStringPiece("o_r|g!n"), altsvc_vector)); SpdyAltSvcIR altsvc_ir(kStreamId); altsvc_ir.set_origin("o_r|g!n"); altsvc_ir.add_altsvc(altsvc1); altsvc_ir.add_altsvc(altsvc2); SpdySerializedFrame frame(framer.SerializeFrame(altsvc_ir)); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE(framer.SerializeFrame(altsvc_ir, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } framer.ProcessInput(frame.data(), frame.size()); EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state()); @@ -4084,7 +4268,7 @@ TEST_P(SpdyFramerTest, OnAltSvcNoOrigin) { SpdyAltSvcWireFormat::AlternativeServiceVector altsvc_vector; altsvc_vector.push_back(altsvc1); altsvc_vector.push_back(altsvc2); - EXPECT_CALL(visitor, OnAltSvc(kStreamId, StringPiece(""), altsvc_vector)); + EXPECT_CALL(visitor, OnAltSvc(kStreamId, SpdyStringPiece(""), altsvc_vector)); SpdyAltSvcIR altsvc_ir(kStreamId); altsvc_ir.add_altsvc(altsvc1); @@ -4113,6 +4297,11 @@ TEST_P(SpdyFramerTest, OnAltSvcEmptyProtocolId) { altsvc_ir.add_altsvc(SpdyAltSvcWireFormat::AlternativeService( "", "h1", 443, 10, SpdyAltSvcWireFormat::VersionVector())); SpdySerializedFrame frame(framer.SerializeFrame(altsvc_ir)); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE(framer.SerializeFrame(altsvc_ir, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } framer.ProcessInput(frame.data(), frame.size()); EXPECT_EQ(SpdyFramer::SPDY_ERROR, framer.state()); @@ -4121,7 +4310,7 @@ TEST_P(SpdyFramerTest, OnAltSvcEmptyProtocolId) { } TEST_P(SpdyFramerTest, OnAltSvcBadLengths) { - const char kType = static_cast<unsigned char>(ALTSVC); + const unsigned char kType = SerializeFrameType(SpdyFrameType::ALTSVC); const unsigned char kFrameDataOriginLenLargerThanFrame[] = { 0x00, 0x00, 0x05, kType, 0x00, 0x00, 0x00, 0x00, 0x03, 0x42, 0x42, 'f', 'o', 'o', @@ -4175,14 +4364,14 @@ TEST_P(SpdyFramerTest, ReadChunkedAltSvcFrame) { // origin MUST be ignored, it is not implemented at the framer level: instead, // such frames are passed on to the consumer. TEST_P(SpdyFramerTest, ReadAltSvcFrame) { - struct { + constexpr struct { uint32_t stream_id; const char* origin; } test_cases[] = {{0, ""}, {1, ""}, {0, "https://www.example.com"}, {1, "https://www.example.com"}}; - for (auto test_case : test_cases) { + for (const auto& test_case : test_cases) { SpdyFramer framer(SpdyFramer::ENABLE_COMPRESSION); SpdyAltSvcIR altsvc_ir(test_case.stream_id); SpdyAltSvcWireFormat::AlternativeService altsvc( @@ -4235,6 +4424,11 @@ TEST_P(SpdyFramerTest, ReadPriority) { SpdyFramer framer(SpdyFramer::ENABLE_COMPRESSION); SpdyPriorityIR priority(3, 1, 256, false); SpdySerializedFrame frame(framer.SerializePriority(priority)); + if (use_output_) { + output_.Reset(); + ASSERT_TRUE(framer.SerializePriority(priority, &output_)); + frame = SpdySerializedFrame(output_.Begin(), output_.Size(), false); + } testing::StrictMock<test::MockSpdyFramerVisitor> visitor; framer.set_visitor(&visitor); EXPECT_CALL(visitor, OnPriority(3, 1, 256, false)); @@ -4357,8 +4551,8 @@ TEST_P(SpdyFramerTest, ReadInvalidRstStreamWithPayload) { // to ProcessInput (i.e. will not be calling set_process_single_input_frame()). TEST_P(SpdyFramerTest, ProcessAllInput) { SpdyFramer framer(SpdyFramer::ENABLE_COMPRESSION); - std::unique_ptr<TestSpdyVisitor> visitor( - new TestSpdyVisitor(SpdyFramer::DISABLE_COMPRESSION)); + auto visitor = + base::MakeUnique<TestSpdyVisitor>(SpdyFramer::DISABLE_COMPRESSION); framer.set_visitor(visitor.get()); // Create two input frames. @@ -4366,8 +4560,8 @@ TEST_P(SpdyFramerTest, ProcessAllInput) { headers.SetHeader("alpha", "beta"); headers.SetHeader("gamma", "charlie"); headers.SetHeader("cookie", "key1=value1; key2=value2"); - SpdySerializedFrame headers_frame( - SpdyFramerPeer::SerializeHeaders(&framer, headers)); + SpdySerializedFrame headers_frame(SpdyFramerPeer::SerializeHeaders( + &framer, headers, use_output_ ? &output_ : nullptr)); const char four_score[] = "Four score and seven years ago"; SpdyDataIR four_score_ir(1, four_score); @@ -4384,7 +4578,7 @@ TEST_P(SpdyFramerTest, ProcessAllInput) { VLOG(1) << "frame1_size = " << frame1_size; VLOG(1) << "frame2_size = " << frame2_size; - string input_buffer; + SpdyString input_buffer; input_buffer.append(frame1.data(), frame1_size); input_buffer.append(frame2.data(), frame2_size); @@ -4408,7 +4602,6 @@ TEST_P(SpdyFramerTest, ProcessAllInput) { TEST_P(SpdyFramerTest, ProcessAtMostOneFrame) { SpdyFramer framer(SpdyFramer::ENABLE_COMPRESSION); framer.set_process_single_input_frame(true); - std::unique_ptr<TestSpdyVisitor> visitor; // Create two input frames. const char four_score[] = "Four score and ..."; @@ -4433,7 +4626,7 @@ TEST_P(SpdyFramerTest, ProcessAtMostOneFrame) { VLOG(1) << "frame1_size = " << frame1_size; VLOG(1) << "frame2_size = " << frame2_size; - string input_buffer; + SpdyString input_buffer; input_buffer.append(frame1.data(), frame1_size); input_buffer.append(frame2.data(), frame2_size); @@ -4444,7 +4637,8 @@ TEST_P(SpdyFramerTest, ProcessAtMostOneFrame) { for (size_t first_size = 0; first_size <= buf_size; ++first_size) { VLOG(1) << "first_size = " << first_size; - visitor.reset(new TestSpdyVisitor(SpdyFramer::DISABLE_COMPRESSION)); + auto visitor = + base::MakeUnique<TestSpdyVisitor>(SpdyFramer::DISABLE_COMPRESSION); framer.set_visitor(visitor.get()); EXPECT_EQ(SpdyFramer::SPDY_READY_FOR_FRAME, framer.state()); diff --git a/chromium/net/spdy/spdy_header_block.cc b/chromium/net/spdy/spdy_header_block.cc index 2683a1ca085..1cb7b13b6e8 100644 --- a/chromium/net/spdy/spdy_header_block.cc +++ b/chromium/net/spdy/spdy_header_block.cc @@ -16,14 +16,7 @@ #include "net/http/http_log_util.h" #include "net/log/net_log_capture_mode.h" #include "net/spdy/platform/api/spdy_estimate_memory_usage.h" - -using base::StringPiece; -using std::dec; -using std::hex; -using std::make_pair; -using std::max; -using std::min; -using std::string; +#include "net/spdy/platform/api/spdy_string_utils.h" namespace net { namespace { @@ -42,20 +35,20 @@ const size_t kDefaultStorageBlockSize = 2048; const char kCookieKey[] = "cookie"; const char kNullSeparator = 0; -StringPiece SeparatorForKey(StringPiece key) { +SpdyStringPiece SeparatorForKey(SpdyStringPiece key) { if (key == kCookieKey) { - static StringPiece cookie_separator = "; "; + static SpdyStringPiece cookie_separator = "; "; return cookie_separator; } else { - return StringPiece(&kNullSeparator, 1); + return SpdyStringPiece(&kNullSeparator, 1); } } } // namespace -// This class provides a backing store for StringPieces. It previously used +// This class provides a backing store for SpdyStringPieces. It previously used // custom allocation logic, but now uses an UnsafeArena instead. It has the -// property that StringPieces that refer to data in Storage are never +// property that SpdyStringPieces that refer to data in Storage are never // invalidated until the Storage is deleted or Clear() is called. // // Write operations always append to the last block. If there is not enough @@ -66,25 +59,25 @@ class SpdyHeaderBlock::Storage { Storage() : arena_(kDefaultStorageBlockSize) {} ~Storage() { Clear(); } - StringPiece Write(const StringPiece s) { - return StringPiece(arena_.Memdup(s.data(), s.size()), s.size()); + SpdyStringPiece Write(const SpdyStringPiece s) { + return SpdyStringPiece(arena_.Memdup(s.data(), s.size()), s.size()); } // If |s| points to the most recent allocation from arena_, the arena will // reclaim the memory. Otherwise, this method is a no-op. - void Rewind(const StringPiece s) { + void Rewind(const SpdyStringPiece s) { arena_.Free(const_cast<char*>(s.data()), s.size()); } void Clear() { arena_.Reset(); } // Given a list of fragments and a separator, writes the fragments joined by - // the separator to a contiguous region of memory. Returns a StringPiece + // the separator to a contiguous region of memory. Returns a SpdyStringPiece // pointing to the region of memory. - StringPiece WriteFragments(const std::vector<StringPiece>& fragments, - StringPiece separator) { + SpdyStringPiece WriteFragments(const std::vector<SpdyStringPiece>& fragments, + SpdyStringPiece separator) { if (fragments.empty()) { - return StringPiece(); + return SpdyStringPiece(); } size_t total_size = separator.size() * (fragments.size() - 1); for (const auto fragment : fragments) { @@ -93,7 +86,7 @@ class SpdyHeaderBlock::Storage { char* dst = arena_.Alloc(total_size); size_t written = Join(dst, fragments, separator); DCHECK_EQ(written, total_size); - return StringPiece(dst, total_size); + return SpdyStringPiece(dst, total_size); } size_t bytes_allocated() const { return arena_.status().bytes_allocated(); } @@ -110,8 +103,8 @@ class SpdyHeaderBlock::Storage { }; SpdyHeaderBlock::HeaderValue::HeaderValue(Storage* storage, - StringPiece key, - StringPiece initial_value) + SpdyStringPiece key, + SpdyStringPiece initial_value) : storage_(storage), fragments_({initial_value}), pair_({key, {}}) {} SpdyHeaderBlock::HeaderValue::HeaderValue(HeaderValue&& other) @@ -129,9 +122,9 @@ SpdyHeaderBlock::HeaderValue& SpdyHeaderBlock::HeaderValue::operator=( SpdyHeaderBlock::HeaderValue::~HeaderValue() {} -StringPiece SpdyHeaderBlock::HeaderValue::ConsolidatedValue() const { +SpdyStringPiece SpdyHeaderBlock::HeaderValue::ConsolidatedValue() const { if (fragments_.empty()) { - return StringPiece(); + return SpdyStringPiece(); } if (fragments_.size() > 1) { fragments_ = { @@ -140,11 +133,11 @@ StringPiece SpdyHeaderBlock::HeaderValue::ConsolidatedValue() const { return fragments_[0]; } -void SpdyHeaderBlock::HeaderValue::Append(StringPiece fragment) { +void SpdyHeaderBlock::HeaderValue::Append(SpdyStringPiece fragment) { fragments_.push_back(fragment); } -const std::pair<StringPiece, StringPiece>& +const std::pair<SpdyStringPiece, SpdyStringPiece>& SpdyHeaderBlock::HeaderValue::as_pair() const { pair_.second = ConsolidatedValue(); return pair_; @@ -160,7 +153,7 @@ SpdyHeaderBlock::ValueProxy::ValueProxy( SpdyHeaderBlock::MapType* block, SpdyHeaderBlock::Storage* storage, SpdyHeaderBlock::MapType::iterator lookup_result, - const StringPiece key) + const SpdyStringPiece key) : block_(block), storage_(storage), lookup_result_(lookup_result), @@ -198,12 +191,12 @@ SpdyHeaderBlock::ValueProxy::~ValueProxy() { } SpdyHeaderBlock::ValueProxy& SpdyHeaderBlock::ValueProxy::operator=( - const StringPiece value) { + const SpdyStringPiece value) { if (lookup_result_ == block_->end()) { DVLOG(1) << "Inserting: (" << key_ << ", " << value << ")"; lookup_result_ = block_ - ->emplace(make_pair( + ->emplace(std::make_pair( key_, HeaderValue(storage_, key_, storage_->Write(value)))) .first; } else { @@ -214,11 +207,11 @@ SpdyHeaderBlock::ValueProxy& SpdyHeaderBlock::ValueProxy::operator=( return *this; } -string SpdyHeaderBlock::ValueProxy::as_string() const { +SpdyString SpdyHeaderBlock::ValueProxy::as_string() const { if (lookup_result_ == block_->end()) { return ""; } else { - return lookup_result_->second.value().as_string(); + return SpdyString(lookup_result_->second.value()); } } @@ -250,17 +243,16 @@ bool SpdyHeaderBlock::operator!=(const SpdyHeaderBlock& other) const { return !(operator==(other)); } -string SpdyHeaderBlock::DebugString() const { +SpdyString SpdyHeaderBlock::DebugString() const { if (empty()) { return "{}"; } - string output = "\n{\n"; + SpdyString output = "\n{\n"; for (auto it = begin(); it != end(); ++it) { - output += - " " + it->first.as_string() + " " + it->second.as_string() + "\n"; + SpdyStrAppend(&output, " ", it->first, " ", it->second, "\n"); } - output.append("}\n"); + SpdyStrAppend(&output, "}\n"); return output; } @@ -284,13 +276,14 @@ void SpdyHeaderBlock::insert(const SpdyHeaderBlock::value_type& value) { } } -SpdyHeaderBlock::ValueProxy SpdyHeaderBlock::operator[](const StringPiece key) { +SpdyHeaderBlock::ValueProxy SpdyHeaderBlock::operator[]( + const SpdyStringPiece key) { DVLOG(2) << "Operator[] saw key: " << key; - StringPiece out_key; + SpdyStringPiece out_key; auto iter = block_.find(key); if (iter == block_.end()) { // We write the key first, to assure that the ValueProxy has a - // reference to a valid StringPiece in its operator=. + // reference to a valid SpdyStringPiece in its operator=. out_key = GetStorage()->Write(key); DVLOG(2) << "Key written as: " << std::hex << static_cast<const void*>(key.data()) << ", " << std::dec @@ -301,8 +294,8 @@ SpdyHeaderBlock::ValueProxy SpdyHeaderBlock::operator[](const StringPiece key) { return ValueProxy(&block_, GetStorage(), iter, out_key); } -void SpdyHeaderBlock::AppendValueOrAddHeader(const StringPiece key, - const StringPiece value) { +void SpdyHeaderBlock::AppendValueOrAddHeader(const SpdyStringPiece key, + const SpdyStringPiece value) { auto iter = block_.find(key); if (iter == block_.end()) { DVLOG(1) << "Inserting: (" << key << ", " << value << ")"; @@ -319,11 +312,11 @@ size_t SpdyHeaderBlock::EstimateMemoryUsage() const { return SpdyEstimateMemoryUsage(storage_); } -void SpdyHeaderBlock::AppendHeader(const StringPiece key, - const StringPiece value) { +void SpdyHeaderBlock::AppendHeader(const SpdyStringPiece key, + const SpdyStringPiece value) { auto* storage = GetStorage(); auto backed_key = storage->Write(key); - block_.emplace(make_pair( + block_.emplace(std::make_pair( backed_key, HeaderValue(storage, backed_key, storage->Write(value)))); } @@ -343,7 +336,7 @@ std::unique_ptr<base::Value> SpdyHeaderBlockNetLogCallback( it != headers->end(); ++it) { headers_dict->SetWithoutPathExpansion( it->first.as_string(), - new base::StringValue(ElideHeaderValueForNetLog( + new base::Value(ElideHeaderValueForNetLog( capture_mode, it->first.as_string(), it->second.as_string()))); } dict->Set("headers", headers_dict); @@ -366,7 +359,7 @@ bool SpdyHeaderBlockFromNetLogParam( for (base::DictionaryValue::Iterator it(*header_dict); !it.IsAtEnd(); it.Advance()) { - string value; + SpdyString value; if (!it.value().GetAsString(&value)) { headers->clear(); return false; @@ -385,8 +378,8 @@ size_t SpdyHeaderBlock::bytes_allocated() const { } size_t Join(char* dst, - const std::vector<StringPiece>& fragments, - StringPiece separator) { + const std::vector<SpdyStringPiece>& fragments, + SpdyStringPiece separator) { if (fragments.empty()) { return 0; } diff --git a/chromium/net/spdy/spdy_header_block.h b/chromium/net/spdy/spdy_header_block.h index e09b33d8896..13288a8977b 100644 --- a/chromium/net/spdy/spdy_header_block.h +++ b/chromium/net/spdy/spdy_header_block.h @@ -10,14 +10,15 @@ #include <list> #include <map> #include <memory> -#include <string> +#include <utility> #include <vector> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/base/linked_hash_map.h" #include "net/base/net_export.h" #include "net/log/net_log.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" namespace base { class Value; @@ -36,10 +37,10 @@ class ValueProxyPeer; // names and values. This data structure preserves insertion order. // // Under the hood, this data structure uses large, contiguous blocks of memory -// to store names and values. Lookups may be performed with StringPiece keys, -// and values are returned as StringPieces (via ValueProxy, below). -// Value StringPieces are valid as long as the SpdyHeaderBlock exists; allocated -// memory is never freed until SpdyHeaderBlock's destruction. +// to store names and values. Lookups may be performed with SpdyStringPiece +// keys, and values are returned as SpdyStringPieces (via ValueProxy, below). +// Value SpdyStringPieces are valid as long as the SpdyHeaderBlock exists; +// allocated memory is never freed until SpdyHeaderBlock's destruction. // // This implementation does not make much of an effort to minimize wasted space. // It's expected that keys are rarely deleted from a SpdyHeaderBlock. @@ -52,8 +53,8 @@ class NET_EXPORT SpdyHeaderBlock { class NET_EXPORT HeaderValue { public: HeaderValue(Storage* storage, - base::StringPiece key, - base::StringPiece initial_value); + SpdyStringPiece key, + SpdyStringPiece initial_value); // Moves are allowed. HeaderValue(HeaderValue&& other); @@ -66,36 +67,37 @@ class NET_EXPORT SpdyHeaderBlock { ~HeaderValue(); // Consumes at most |fragment.size()| bytes of memory. - void Append(base::StringPiece fragment); + void Append(SpdyStringPiece fragment); - base::StringPiece value() const { return as_pair().second; } - const std::pair<base::StringPiece, base::StringPiece>& as_pair() const; + SpdyStringPiece value() const { return as_pair().second; } + const std::pair<SpdyStringPiece, SpdyStringPiece>& as_pair() const; private: // May allocate a large contiguous region of memory to hold the concatenated // fragments and separators. - base::StringPiece ConsolidatedValue() const; + SpdyStringPiece ConsolidatedValue() const; mutable Storage* storage_; - mutable std::vector<base::StringPiece> fragments_; + mutable std::vector<SpdyStringPiece> fragments_; // The first element is the key; the second is the consolidated value. - mutable std::pair<base::StringPiece, base::StringPiece> pair_; + mutable std::pair<SpdyStringPiece, SpdyStringPiece> pair_; }; - typedef linked_hash_map<base::StringPiece, HeaderValue, base::StringPieceHash> + typedef linked_hash_map<SpdyStringPiece, HeaderValue, base::StringPieceHash> MapType; public: - typedef std::pair<base::StringPiece, base::StringPiece> value_type; + typedef std::pair<SpdyStringPiece, SpdyStringPiece> value_type; - // Provides iteration over a sequence of std::pair<StringPiece, StringPiece>, - // even though the underlying MapType::value_type is different. Dereferencing - // the iterator will result in memory allocation for multi-value headers. + // Provides iteration over a sequence of std::pair<SpdyStringPiece, + // SpdyStringPiece>, even though the underlying MapType::value_type is + // different. Dereferencing the iterator will result in memory allocation for + // multi-value headers. class NET_EXPORT iterator { public: // The following type definitions fulfill the requirements for iterator // implementations. - typedef std::pair<base::StringPiece, base::StringPiece> value_type; + typedef std::pair<SpdyStringPiece, SpdyStringPiece> value_type; typedef value_type& reference; typedef value_type* pointer; typedef std::forward_iterator_tag iterator_category; @@ -149,7 +151,7 @@ class NET_EXPORT SpdyHeaderBlock { // Provides a human readable multi-line representation of the stored header // keys and values. - std::string DebugString() const; + SpdyString DebugString() const; iterator begin() { return iterator(block_.begin()); } iterator end() { return iterator(block_.end()); } @@ -157,11 +159,11 @@ class NET_EXPORT SpdyHeaderBlock { const_iterator end() const { return const_iterator(block_.end()); } bool empty() const { return block_.empty(); } size_t size() const { return block_.size(); } - iterator find(base::StringPiece key) { return iterator(block_.find(key)); } - const_iterator find(base::StringPiece key) const { + iterator find(SpdyStringPiece key) { return iterator(block_.find(key)); } + const_iterator find(SpdyStringPiece key) const { return const_iterator(block_.find(key)); } - void erase(base::StringPiece key) { block_.erase(key); } + void erase(SpdyStringPiece key) { block_.erase(key); } // Clears both our MapType member and the memory used to hold headers. void clear(); @@ -176,15 +178,15 @@ class NET_EXPORT SpdyHeaderBlock { // existing header value, NUL ("\0") separated unless the key is cookie, in // which case the separator is "; ". // If there is no such key, a new header with the key and value is added. - void AppendValueOrAddHeader(const base::StringPiece key, - const base::StringPiece value); + void AppendValueOrAddHeader(const SpdyStringPiece key, + const SpdyStringPiece value); // Allows either lookup or mutation of the value associated with a key. - ValueProxy operator[](const base::StringPiece key); + ValueProxy operator[](const SpdyStringPiece key); // This object provides automatic conversions that allow SpdyHeaderBlock to be - // nearly a drop-in replacement for linked_hash_map<string, string>. It reads - // data from or writes data to a SpdyHeaderBlock::Storage. + // nearly a drop-in replacement for linked_hash_map<SpdyString, SpdyString>. + // It reads data from or writes data to a SpdyHeaderBlock::Storage. class NET_EXPORT ValueProxy { public: ~ValueProxy(); @@ -198,9 +200,9 @@ class NET_EXPORT SpdyHeaderBlock { ValueProxy& operator=(const ValueProxy& other) = delete; // Assignment modifies the underlying SpdyHeaderBlock. - ValueProxy& operator=(const base::StringPiece other); + ValueProxy& operator=(const SpdyStringPiece other); - std::string as_string() const; + SpdyString as_string() const; private: friend class SpdyHeaderBlock; @@ -209,12 +211,12 @@ class NET_EXPORT SpdyHeaderBlock { ValueProxy(SpdyHeaderBlock::MapType* block, SpdyHeaderBlock::Storage* storage, SpdyHeaderBlock::MapType::iterator lookup_result, - const base::StringPiece key); + const SpdyStringPiece key); SpdyHeaderBlock::MapType* block_; SpdyHeaderBlock::Storage* storage_; SpdyHeaderBlock::MapType::iterator lookup_result_; - base::StringPiece key_; + SpdyStringPiece key_; bool valid_; }; @@ -224,11 +226,11 @@ class NET_EXPORT SpdyHeaderBlock { private: friend class test::SpdyHeaderBlockPeer; - void AppendHeader(const base::StringPiece key, const base::StringPiece value); + void AppendHeader(const SpdyStringPiece key, const SpdyStringPiece value); Storage* GetStorage(); size_t bytes_allocated() const; - // StringPieces held by |block_| point to memory owned by |*storage_|. + // SpdyStringPieces held by |block_| point to memory owned by |*storage_|. // |storage_| might be nullptr as long as |block_| is empty. MapType block_; std::unique_ptr<Storage> storage_; @@ -237,8 +239,8 @@ class NET_EXPORT SpdyHeaderBlock { // Writes |fragments| to |dst|, joined by |separator|. |dst| must be large // enough to hold the result. Returns the number of bytes written. NET_EXPORT size_t Join(char* dst, - const std::vector<base::StringPiece>& fragments, - base::StringPiece separator); + const std::vector<SpdyStringPiece>& fragments, + SpdyStringPiece separator); // Converts a SpdyHeaderBlock into NetLog event parameters. NET_EXPORT std::unique_ptr<base::Value> SpdyHeaderBlockNetLogCallback( diff --git a/chromium/net/spdy/spdy_header_block_test.cc b/chromium/net/spdy/spdy_header_block_test.cc index 1f0f6196ec3..0828847fa00 100644 --- a/chromium/net/spdy/spdy_header_block_test.cc +++ b/chromium/net/spdy/spdy_header_block_test.cc @@ -13,9 +13,6 @@ #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; -using std::make_pair; -using std::string; using ::testing::ElementsAre; namespace net { @@ -23,11 +20,12 @@ namespace test { class ValueProxyPeer { public: - static StringPiece key(SpdyHeaderBlock::ValueProxy* p) { return p->key_; } + static SpdyStringPiece key(SpdyHeaderBlock::ValueProxy* p) { return p->key_; } }; -std::pair<StringPiece, StringPiece> Pair(StringPiece k, StringPiece v) { - return make_pair(k, v); +std::pair<SpdyStringPiece, SpdyStringPiece> Pair(SpdyStringPiece k, + SpdyStringPiece v) { + return std::make_pair(k, v); } // This test verifies that SpdyHeaderBlock behaves correctly when empty. @@ -44,19 +42,19 @@ TEST(SpdyHeaderBlockTest, EmptyBlock) { TEST(SpdyHeaderBlockTest, KeyMemoryReclaimedOnLookup) { SpdyHeaderBlock block; - StringPiece copied_key1; + SpdyStringPiece copied_key1; { auto proxy1 = block["some key name"]; copied_key1 = ValueProxyPeer::key(&proxy1); } - StringPiece copied_key2; + SpdyStringPiece copied_key2; { auto proxy2 = block["some other key name"]; copied_key2 = ValueProxyPeer::key(&proxy2); } // Because proxy1 was never used to modify the block, the memory used for the // key could be reclaimed and used for the second call to operator[]. - // Therefore, we expect the pointers of the two StringPieces to be equal. + // Therefore, we expect the pointers of the two SpdyStringPieces to be equal. EXPECT_EQ(copied_key1.data(), copied_key2.data()); { @@ -74,15 +72,15 @@ TEST(SpdyHeaderBlockTest, KeyMemoryReclaimedOnLookup) { // This test verifies that headers can be set in a variety of ways. TEST(SpdyHeaderBlockTest, AddHeaders) { SpdyHeaderBlock block; - block["foo"] = string(300, 'x'); + block["foo"] = SpdyString(300, 'x'); block["bar"] = "baz"; block["qux"] = "qux1"; block["qux"] = "qux2"; block.insert(std::make_pair("key", "value")); - EXPECT_EQ(Pair("foo", string(300, 'x')), *block.find("foo")); + EXPECT_EQ(Pair("foo", SpdyString(300, 'x')), *block.find("foo")); EXPECT_EQ("baz", block["bar"]); - string qux("qux"); + SpdyString qux("qux"); EXPECT_EQ("qux2", block[qux]); ASSERT_NE(block.end(), block.find("key")); EXPECT_EQ(Pair("key", "value"), *block.find("key")); @@ -94,9 +92,9 @@ TEST(SpdyHeaderBlockTest, AddHeaders) { // This test verifies that SpdyHeaderBlock can be copied using Clone(). TEST(SpdyHeaderBlockTest, CopyBlocks) { SpdyHeaderBlock block1; - block1["foo"] = string(300, 'x'); + block1["foo"] = SpdyString(300, 'x'); block1["bar"] = "baz"; - block1.insert(make_pair("qux", "qux1")); + block1.insert(std::make_pair("qux", "qux1")); SpdyHeaderBlock block2 = block1.Clone(); SpdyHeaderBlock block3(block1.Clone()); @@ -165,7 +163,7 @@ TEST(SpdyHeaderBlockTest, AppendHeaders) { SpdyHeaderBlock block; block["foo"] = "foo"; block.AppendValueOrAddHeader("foo", "bar"); - EXPECT_EQ(Pair("foo", string("foo\0bar", 7)), *block.find("foo")); + EXPECT_EQ(Pair("foo", SpdyString("foo\0bar", 7)), *block.find("foo")); block.insert(std::make_pair("foo", "baz")); EXPECT_EQ("baz", block["foo"]); @@ -189,36 +187,36 @@ TEST(SpdyHeaderBlockTest, AppendHeaders) { EXPECT_EQ("key1=value1; key2=value2; key3=value3", block["cookie"]); EXPECT_EQ("baz", block["foo"]); - EXPECT_EQ(string("h1v1\0h1v2\0h1v3", 14), block["h1"]); - EXPECT_EQ(string("h2v1\0h2v2\0h2v3", 14), block["h2"]); - EXPECT_EQ(string("h3v2\0h3v3", 9), block["h3"]); + EXPECT_EQ(SpdyString("h1v1\0h1v2\0h1v3", 14), block["h1"]); + EXPECT_EQ(SpdyString("h2v1\0h2v2\0h2v3", 14), block["h2"]); + EXPECT_EQ(SpdyString("h3v2\0h3v3", 9), block["h3"]); EXPECT_EQ("singleton", block["h4"]); } TEST(JoinTest, JoinEmpty) { - std::vector<StringPiece> empty; - StringPiece separator = ", "; + std::vector<SpdyStringPiece> empty; + SpdyStringPiece separator = ", "; char buf[10] = ""; size_t written = Join(buf, empty, separator); EXPECT_EQ(0u, written); } TEST(JoinTest, JoinOne) { - std::vector<StringPiece> v = {"one"}; - StringPiece separator = ", "; + std::vector<SpdyStringPiece> v = {"one"}; + SpdyStringPiece separator = ", "; char buf[15]; size_t written = Join(buf, v, separator); EXPECT_EQ(3u, written); - EXPECT_EQ("one", StringPiece(buf, written)); + EXPECT_EQ("one", SpdyStringPiece(buf, written)); } TEST(JoinTest, JoinMultiple) { - std::vector<StringPiece> v = {"one", "two", "three"}; - StringPiece separator = ", "; + std::vector<SpdyStringPiece> v = {"one", "two", "three"}; + SpdyStringPiece separator = ", "; char buf[15]; size_t written = Join(buf, v, separator); EXPECT_EQ(15u, written); - EXPECT_EQ("one, two, three", StringPiece(buf, written)); + EXPECT_EQ("one, two, three", SpdyStringPiece(buf, written)); } } // namespace test diff --git a/chromium/net/spdy/spdy_header_indexing.cc b/chromium/net/spdy/spdy_header_indexing.cc index 81b20442cb6..881ba867544 100644 --- a/chromium/net/spdy/spdy_header_indexing.cc +++ b/chromium/net/spdy/spdy_header_indexing.cc @@ -6,8 +6,6 @@ #include "net/spdy/spdy_bug_tracker.h" -using base::StringPiece; - namespace net { int32_t FLAGS_gfe_spdy_indexing_set_bound = 50; @@ -23,7 +21,7 @@ HeaderIndexing::HeaderIndexing() HeaderIndexing::~HeaderIndexing() {} void HeaderIndexing::CreateInitIndexingHeaders() { - const std::string initial_fields[] = { + const SpdyString initial_fields[] = { // Estimated top 100 fields. "alt-svc", "date", @@ -134,13 +132,14 @@ void HeaderIndexing::CreateInitIndexingHeaders() { HeaderSet(initial_fields, initial_fields + arraysize(initial_fields)); } -bool HeaderIndexing::ShouldIndex(StringPiece header, StringPiece /* value */) { +bool HeaderIndexing::ShouldIndex(SpdyStringPiece header, + SpdyStringPiece /* value */) { total_header_count_++; if (header.empty()) { return false; } // header is in indexing set. - std::string header_str(header.data(), header.size()); + SpdyString header_str(header.data(), header.size()); if (indexing_set_.find(header_str) != indexing_set_.end()) { return true; } @@ -157,7 +156,7 @@ bool HeaderIndexing::ShouldIndex(StringPiece header, StringPiece /* value */) { return false; } -void HeaderIndexing::TryInsertHeader(std::string&& header, +void HeaderIndexing::TryInsertHeader(SpdyString&& header, HeaderSet* set, size_t bound) { std::pair<HeaderSet::iterator, bool> result = set->insert(std::move(header)); diff --git a/chromium/net/spdy/spdy_header_indexing.h b/chromium/net/spdy/spdy_header_indexing.h index 9dd4bc5a190..69cc08d23d2 100644 --- a/chromium/net/spdy/spdy_header_indexing.h +++ b/chromium/net/spdy/spdy_header_indexing.h @@ -7,12 +7,12 @@ #include <stdint.h> #include <memory> -#include <string> #include <unordered_set> #include <utility> -#include "base/strings/string_piece.h" #include "net/base/net_export.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" namespace net { @@ -29,7 +29,7 @@ NET_EXPORT_PRIVATE extern int32_t FLAGS_gfe_spdy_tracking_set_bound; // UpdateSets to log the headers into both sets. class NET_EXPORT HeaderIndexing { public: - using HeaderSet = std::unordered_set<std::string>; + using HeaderSet = std::unordered_set<SpdyString>; HeaderIndexing(); ~HeaderIndexing(); @@ -38,10 +38,10 @@ class NET_EXPORT HeaderIndexing { // Decide if a header should be indexed. We only use |header|. Add |value| to // be consistent with HPACK indexing policy interface. - bool ShouldIndex(base::StringPiece header, base::StringPiece value); + bool ShouldIndex(SpdyStringPiece header, SpdyStringPiece value); // Not to make the indexing decision but to update sets. - void UpdateSets(base::StringPiece header, base::StringPiece value) { + void UpdateSets(SpdyStringPiece header, SpdyStringPiece value) { update_only_header_count_++; ShouldIndex(header, value); } @@ -53,7 +53,7 @@ class NET_EXPORT HeaderIndexing { private: friend class test::HeaderIndexingPeer; - void TryInsertHeader(std::string&& header, HeaderSet* set, size_t bound); + void TryInsertHeader(SpdyString&& header, HeaderSet* set, size_t bound); // Headers to index. HeaderSet indexing_set_; // Headers seen so far. diff --git a/chromium/net/spdy/spdy_header_indexing_test.cc b/chromium/net/spdy/spdy_header_indexing_test.cc index 1efcd24b2fc..8797fef2790 100644 --- a/chromium/net/spdy/spdy_header_indexing_test.cc +++ b/chromium/net/spdy/spdy_header_indexing_test.cc @@ -5,12 +5,9 @@ #include "net/spdy/spdy_header_indexing.h" #include "base/memory/ptr_util.h" -#include "base/strings/string_piece.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/platform_test.h" -using base::StringPiece; - namespace net { namespace test { @@ -20,23 +17,25 @@ class HeaderIndexingPeer { HeaderIndexingPeer() : hi_() {} void CreateTestInit() { - std::string input[] = {"key1", "key2", "key3"}; + SpdyString input[] = {"key1", "key2", "key3"}; hi_.indexing_set_ = HeaderIndexing::HeaderSet(input, input + arraysize(input)); hi_.tracking_set_ = HeaderIndexing::HeaderSet(input, input + arraysize(input)); } - bool ShouldIndex(StringPiece header) { return hi_.ShouldIndex(header, ""); } + bool ShouldIndex(SpdyStringPiece header) { + return hi_.ShouldIndex(header, ""); + } void CreateInitIndexingHeaders() { hi_.CreateInitIndexingHeaders(); } - void TryInsert(std::string&& header) { + void TryInsert(SpdyString&& header) { hi_.TryInsertHeader(std::move(header), &(hi_.indexing_set_), hi_.indexing_set_bound_); } - bool InTrackingSet(std::string str) { + bool InTrackingSet(const SpdyString& str) { return hi_.tracking_set_.find(str) != hi_.tracking_set_.end(); } @@ -68,16 +67,16 @@ class SpdyHeaderIndexingTest : public ::testing::Test { }; TEST_F(SpdyHeaderIndexingTest, TestTryInsertHeader) { - std::string key("key4"); + SpdyString key("key4"); hi_->TryInsert(std::move(key)); EXPECT_EQ(3u, hi_->indexing_set_size()); EXPECT_TRUE(hi_->ShouldIndex("key4")); } TEST_F(SpdyHeaderIndexingTest, TestShouldIndex) { - std::string key3 = "key3"; - std::string key4 = "key4"; - std::string key5 = "key5"; + SpdyString key3 = "key3"; + SpdyString key4 = "key4"; + SpdyString key5 = "key5"; // Cache hit. EXPECT_TRUE(hi_->ShouldIndex(key3)); EXPECT_EQ(3u, hi_->indexing_set_size()); diff --git a/chromium/net/spdy/spdy_headers_handler_interface.h b/chromium/net/spdy/spdy_headers_handler_interface.h index e4652ddef8b..26896ab611a 100644 --- a/chromium/net/spdy/spdy_headers_handler_interface.h +++ b/chromium/net/spdy/spdy_headers_handler_interface.h @@ -7,8 +7,8 @@ #include <stddef.h> -#include "base/strings/string_piece.h" #include "net/base/net_export.h" +#include "net/spdy/platform/api/spdy_string_piece.h" namespace net { @@ -25,10 +25,10 @@ class NET_EXPORT_PRIVATE SpdyHeadersHandlerInterface { // A callback method which notifies on a header key value pair. Multiple // values for a given key will be emitted as multiple calls to OnHeader. - virtual void OnHeader(base::StringPiece key, base::StringPiece value) = 0; + virtual void OnHeader(SpdyStringPiece key, SpdyStringPiece value) = 0; // TODO(yasong): deprecate this method with - // --gfe2_reloadable_flag_log_compressed_size. + // --chromium_http2_flag_log_compressed_size. // A callback method which notifies when the parser finishes handling a // header block (i.e. the containing frame has the END_HEADERS flag set). // Also indicates the total number of bytes in this block. diff --git a/chromium/net/spdy/spdy_http_stream.cc b/chromium/net/spdy/spdy_http_stream.cc index 700f17fef8f..0e07de38cd4 100644 --- a/chromium/net/spdy/spdy_http_stream.cc +++ b/chromium/net/spdy/spdy_http_stream.cc @@ -7,7 +7,6 @@ #include <algorithm> #include <list> #include <memory> -#include <string> #include <utility> #include "base/bind.h" @@ -24,6 +23,7 @@ #include "net/http/http_response_info.h" #include "net/log/net_log_event_type.h" #include "net/log/net_log_with_source.h" +#include "net/spdy/platform/api/spdy_string.h" #include "net/spdy/spdy_header_block.h" #include "net/spdy/spdy_http_utils.h" #include "net/spdy/spdy_protocol.h" @@ -34,10 +34,12 @@ namespace net { const size_t SpdyHttpStream::kRequestBodyBufferSize = 1 << 14; // 16KB SpdyHttpStream::SpdyHttpStream(const base::WeakPtr<SpdySession>& spdy_session, - bool direct) + bool direct, + NetLogSource source_dependency) : MultiplexedHttpStream(MultiplexedSessionHandle(spdy_session)), spdy_session_(spdy_session), is_reused_(spdy_session_->IsReused()), + source_dependency_(source_dependency), stream_(nullptr), stream_closed_(false), closed_stream_status_(ERR_FAILED), @@ -189,6 +191,11 @@ int64_t SpdyHttpStream::GetTotalSentBytes() const { return stream_->raw_sent_bytes(); } +bool SpdyHttpStream::GetAlternativeService( + AlternativeService* alternative_service) const { + return false; +} + bool SpdyHttpStream::GetLoadTimingInfo(LoadTimingInfo* load_timing_info) const { if (stream_closed_) { if (!closed_stream_has_load_timing_info_) @@ -395,6 +402,10 @@ void SpdyHttpStream::OnClose(int status) { } } +NetLogSource SpdyHttpStream::source_dependency() const { + return source_dependency_; +} + bool SpdyHttpStream::HasUploadData() const { CHECK(request_info_); return @@ -439,7 +450,7 @@ void SpdyHttpStream::InitializeStreamHelper() { void SpdyHttpStream::ResetStreamInternal() { spdy_session_->ResetStream(stream()->stream_id(), ERROR_CODE_INTERNAL_ERROR, - std::string()); + SpdyString()); } void SpdyHttpStream::OnRequestBodyReadCompleted(int status) { diff --git a/chromium/net/spdy/spdy_http_stream.h b/chromium/net/spdy/spdy_http_stream.h index 6e1c59750a8..8b7a82d7d27 100644 --- a/chromium/net/spdy/spdy_http_stream.h +++ b/chromium/net/spdy/spdy_http_stream.h @@ -14,6 +14,7 @@ #include "base/memory/weak_ptr.h" #include "net/base/completion_callback.h" #include "net/base/net_export.h" +#include "net/log/net_log_source.h" #include "net/spdy/multiplexed_http_stream.h" #include "net/spdy/spdy_read_queue.h" #include "net/spdy/spdy_session.h" @@ -33,7 +34,9 @@ class NET_EXPORT_PRIVATE SpdyHttpStream : public SpdyStream::Delegate, public: static const size_t kRequestBodyBufferSize; // |spdy_session| must not be NULL. - SpdyHttpStream(const base::WeakPtr<SpdySession>& spdy_session, bool direct); + SpdyHttpStream(const base::WeakPtr<SpdySession>& spdy_session, + bool direct, + NetLogSource source_dependency); ~SpdyHttpStream() override; SpdyStream* stream() { return stream_; } @@ -71,6 +74,8 @@ class NET_EXPORT_PRIVATE SpdyHttpStream : public SpdyStream::Delegate, // not including proxy overhead. Note that some SPDY frames such as pings are // not associated with any stream, and are not included in this value. int64_t GetTotalSentBytes() const override; + bool GetAlternativeService( + AlternativeService* alternative_service) const override; bool GetLoadTimingInfo(LoadTimingInfo* load_timing_info) const override; bool GetRemoteEndpoint(IPEndPoint* endpoint) override; void PopulateNetErrorDetails(NetErrorDetails* details) override; @@ -83,6 +88,7 @@ class NET_EXPORT_PRIVATE SpdyHttpStream : public SpdyStream::Delegate, void OnDataSent() override; void OnTrailers(const SpdyHeaderBlock& trailers) override; void OnClose(int status) override; + NetLogSource source_dependency() const override; private: // Helper function used to initialize private members and to set delegate on @@ -128,6 +134,7 @@ class NET_EXPORT_PRIVATE SpdyHttpStream : public SpdyStream::Delegate, const base::WeakPtr<SpdySession> spdy_session_; bool is_reused_; SpdyStreamRequest stream_request_; + const NetLogSource source_dependency_; // |stream_| is owned by SpdySession. // Before InitializeStream() is called, stream_ == nullptr. diff --git a/chromium/net/spdy/spdy_http_stream_unittest.cc b/chromium/net/spdy/spdy_http_stream_unittest.cc index 592085eee75..f6b146245fc 100644 --- a/chromium/net/spdy/spdy_http_stream_unittest.cc +++ b/chromium/net/spdy/spdy_http_stream_unittest.cc @@ -7,7 +7,6 @@ #include <stdint.h> #include <memory> -#include <string> #include "base/run_loop.h" #include "base/stl_util.h" @@ -23,10 +22,10 @@ #include "net/http/http_request_info.h" #include "net/http/http_response_headers.h" #include "net/http/http_response_info.h" -#include "net/log/net_log_source.h" #include "net/log/net_log_with_source.h" #include "net/log/test_net_log.h" #include "net/socket/socket_test_util.h" +#include "net/spdy/platform/api/spdy_string.h" #include "net/spdy/spdy_http_utils.h" #include "net/spdy/spdy_session.h" #include "net/spdy/spdy_test_util_common.h" @@ -162,10 +161,9 @@ class SpdyHttpStreamTest : public testing::Test { CreateSecureSpdySession(http_session_.get(), key_, NetLogWithSource()); } - void TestSendCredentials( - ChannelIDService* channel_id_service, - const std::string& cert, - const std::string& proof); + void TestSendCredentials(ChannelIDService* channel_id_service, + const SpdyString& cert, + const SpdyString& proof); SpdyTestUtil spdy_util_; TestNetLog net_log_; @@ -203,7 +201,7 @@ TEST_F(SpdyHttpStreamTest, SendRequest) { HttpRequestHeaders headers; NetLogWithSource net_log; std::unique_ptr<SpdyHttpStream> http_stream( - new SpdyHttpStream(session_, true)); + new SpdyHttpStream(session_, true, net_log.source())); // Make sure getting load timing information the stream early does not crash. LoadTimingInfo load_timing_info; EXPECT_FALSE(http_stream->GetLoadTimingInfo(&load_timing_info)); @@ -264,8 +262,9 @@ TEST_F(SpdyHttpStreamTest, LoadTimingTwoRequests) { TestCompletionCallback callback1; HttpResponseInfo response1; HttpRequestHeaders headers1; + NetLogWithSource net_log; std::unique_ptr<SpdyHttpStream> http_stream1( - new SpdyHttpStream(session_, true)); + new SpdyHttpStream(session_, true, net_log.source())); HttpRequestInfo request2; request2.method = "GET"; @@ -274,13 +273,12 @@ TEST_F(SpdyHttpStreamTest, LoadTimingTwoRequests) { HttpResponseInfo response2; HttpRequestHeaders headers2; std::unique_ptr<SpdyHttpStream> http_stream2( - new SpdyHttpStream(session_, true)); + new SpdyHttpStream(session_, true, net_log.source())); // First write. - ASSERT_THAT( - http_stream1->InitializeStream(&request1, DEFAULT_PRIORITY, - NetLogWithSource(), CompletionCallback()), - IsOk()); + ASSERT_THAT(http_stream1->InitializeStream(&request1, DEFAULT_PRIORITY, + net_log, CompletionCallback()), + IsOk()); EXPECT_THAT( http_stream1->SendRequest(headers1, &response1, callback1.callback()), IsError(ERR_IO_PENDING)); @@ -295,10 +293,9 @@ TEST_F(SpdyHttpStreamTest, LoadTimingTwoRequests) { EXPECT_FALSE(http_stream2->GetLoadTimingInfo(&load_timing_info2)); // Second write. - ASSERT_THAT( - http_stream2->InitializeStream(&request2, DEFAULT_PRIORITY, - NetLogWithSource(), CompletionCallback()), - IsOk()); + ASSERT_THAT(http_stream2->InitializeStream(&request2, DEFAULT_PRIORITY, + net_log, CompletionCallback()), + IsOk()); EXPECT_THAT( http_stream2->SendRequest(headers2, &response2, callback2.callback()), IsError(ERR_IO_PENDING)); @@ -373,7 +370,7 @@ TEST_F(SpdyHttpStreamTest, SendChunkedPost) { HttpResponseInfo response; HttpRequestHeaders headers; NetLogWithSource net_log; - SpdyHttpStream http_stream(session_, true); + SpdyHttpStream http_stream(session_, true, net_log.source()); ASSERT_THAT(http_stream.InitializeStream(&request, DEFAULT_PRIORITY, net_log, CompletionCallback()), IsOk()); @@ -428,7 +425,7 @@ TEST_F(SpdyHttpStreamTest, SendChunkedPostLastEmpty) { HttpResponseInfo response; HttpRequestHeaders headers; NetLogWithSource net_log; - SpdyHttpStream http_stream(session_, true); + SpdyHttpStream http_stream(session_, true, net_log.source()); ASSERT_THAT(http_stream.InitializeStream(&request, DEFAULT_PRIORITY, net_log, CompletionCallback()), IsOk()); @@ -482,7 +479,7 @@ TEST_F(SpdyHttpStreamTest, ConnectionClosedDuringChunkedPost) { HttpResponseInfo response; HttpRequestHeaders headers; NetLogWithSource net_log; - SpdyHttpStream http_stream(session_, true); + SpdyHttpStream http_stream(session_, true, net_log.source()); ASSERT_THAT(http_stream.InitializeStream(&request, DEFAULT_PRIORITY, net_log, CompletionCallback()), IsOk()); @@ -551,7 +548,7 @@ TEST_F(SpdyHttpStreamTest, DelayedSendChunkedPost) { NetLogWithSource net_log; std::unique_ptr<SpdyHttpStream> http_stream( - new SpdyHttpStream(session_, true)); + new SpdyHttpStream(session_, true, net_log.source())); ASSERT_THAT(http_stream->InitializeStream(&request, DEFAULT_PRIORITY, net_log, CompletionCallback()), IsOk()); @@ -593,21 +590,21 @@ TEST_F(SpdyHttpStreamTest, DelayedSendChunkedPost) { ASSERT_EQ(kUploadDataSize, http_stream->ReadResponseBody( buf1.get(), kUploadDataSize, callback.callback())); - EXPECT_EQ(kUploadData, std::string(buf1->data(), kUploadDataSize)); + EXPECT_EQ(kUploadData, SpdyString(buf1->data(), kUploadDataSize)); // Check |chunk2| response. scoped_refptr<IOBuffer> buf2(new IOBuffer(kUploadData1Size)); ASSERT_EQ(kUploadData1Size, http_stream->ReadResponseBody( buf2.get(), kUploadData1Size, callback.callback())); - EXPECT_EQ(kUploadData1, std::string(buf2->data(), kUploadData1Size)); + EXPECT_EQ(kUploadData1, SpdyString(buf2->data(), kUploadData1Size)); // Check |chunk3| response. scoped_refptr<IOBuffer> buf3(new IOBuffer(kUploadDataSize)); ASSERT_EQ(kUploadDataSize, http_stream->ReadResponseBody( buf3.get(), kUploadDataSize, callback.callback())); - EXPECT_EQ(kUploadData, std::string(buf3->data(), kUploadDataSize)); + EXPECT_EQ(kUploadData, SpdyString(buf3->data(), kUploadDataSize)); ASSERT_TRUE(response.headers.get()); ASSERT_EQ(200, response.headers->response_code()); @@ -646,7 +643,7 @@ TEST_F(SpdyHttpStreamTest, DelayedSendChunkedPostWithEmptyFinalDataFrame) { NetLogWithSource net_log; std::unique_ptr<SpdyHttpStream> http_stream( - new SpdyHttpStream(session_, true)); + new SpdyHttpStream(session_, true, net_log.source())); ASSERT_THAT(http_stream->InitializeStream(&request, DEFAULT_PRIORITY, net_log, CompletionCallback()), IsOk()); @@ -689,7 +686,7 @@ TEST_F(SpdyHttpStreamTest, DelayedSendChunkedPostWithEmptyFinalDataFrame) { ASSERT_EQ(kUploadDataSize, http_stream->ReadResponseBody( buf1.get(), kUploadDataSize, callback.callback())); - EXPECT_EQ(kUploadData, std::string(buf1->data(), kUploadDataSize)); + EXPECT_EQ(kUploadData, SpdyString(buf1->data(), kUploadDataSize)); // Check |chunk2| response. ASSERT_EQ(0, @@ -730,7 +727,7 @@ TEST_F(SpdyHttpStreamTest, ChunkedPostWithEmptyPayload) { NetLogWithSource net_log; std::unique_ptr<SpdyHttpStream> http_stream( - new SpdyHttpStream(session_, true)); + new SpdyHttpStream(session_, true, net_log.source())); ASSERT_THAT(http_stream->InitializeStream(&request, DEFAULT_PRIORITY, net_log, CompletionCallback()), IsOk()); @@ -790,7 +787,7 @@ TEST_F(SpdyHttpStreamTest, SpdyURLTest) { HttpRequestHeaders headers; NetLogWithSource net_log; std::unique_ptr<SpdyHttpStream> http_stream( - new SpdyHttpStream(session_, true)); + new SpdyHttpStream(session_, true, net_log.source())); ASSERT_THAT(http_stream->InitializeStream(&request, DEFAULT_PRIORITY, net_log, CompletionCallback()), IsOk()); @@ -843,7 +840,7 @@ TEST_F(SpdyHttpStreamTest, DelayedSendChunkedPostWithWindowUpdate) { NetLogWithSource net_log; std::unique_ptr<SpdyHttpStream> http_stream( - new SpdyHttpStream(session_, true)); + new SpdyHttpStream(session_, true, net_log.source())); ASSERT_THAT(http_stream->InitializeStream(&request, DEFAULT_PRIORITY, net_log, CompletionCallback()), IsOk()); @@ -904,7 +901,7 @@ TEST_F(SpdyHttpStreamTest, DelayedSendChunkedPostWithWindowUpdate) { ASSERT_EQ(kUploadDataSize, http_stream->ReadResponseBody( buf1.get(), kUploadDataSize, callback.callback())); - EXPECT_EQ(kUploadData, std::string(buf1->data(), kUploadDataSize)); + EXPECT_EQ(kUploadData, SpdyString(buf1->data(), kUploadDataSize)); ASSERT_TRUE(response.headers.get()); ASSERT_EQ(200, response.headers->response_code()); @@ -947,7 +944,7 @@ TEST_F(SpdyHttpStreamTest, DataReadErrorSynchronous) { HttpResponseInfo response; HttpRequestHeaders headers; NetLogWithSource net_log; - SpdyHttpStream http_stream(session_, true); + SpdyHttpStream http_stream(session_, true, net_log.source()); ASSERT_THAT(http_stream.InitializeStream(&request, DEFAULT_PRIORITY, net_log, CompletionCallback()), IsOk()); @@ -1000,7 +997,7 @@ TEST_F(SpdyHttpStreamTest, DataReadErrorAsynchronous) { HttpResponseInfo response; HttpRequestHeaders headers; NetLogWithSource net_log; - SpdyHttpStream http_stream(session_, true); + SpdyHttpStream http_stream(session_, true, net_log.source()); ASSERT_THAT(http_stream.InitializeStream(&request, DEFAULT_PRIORITY, net_log, CompletionCallback()), IsOk()); @@ -1042,7 +1039,7 @@ TEST_F(SpdyHttpStreamTest, RequestCallbackCancelsStream) { upload_stream.AppendData("", 0, true); NetLogWithSource net_log; - SpdyHttpStream http_stream(session_, true); + SpdyHttpStream http_stream(session_, true, net_log.source()); ASSERT_THAT(http_stream.InitializeStream(&request, DEFAULT_PRIORITY, net_log, CompletionCallback()), IsOk()); diff --git a/chromium/net/spdy/spdy_http_utils.cc b/chromium/net/spdy/spdy_http_utils.cc index e1cb9ef99db..5fb469288d9 100644 --- a/chromium/net/spdy/spdy_http_utils.cc +++ b/chromium/net/spdy/spdy_http_utils.cc @@ -4,7 +4,7 @@ #include "net/spdy/spdy_http_utils.h" -#include <string> +#include <vector> #include "base/strings/string_number_conversions.h" #include "base/strings/string_split.h" @@ -18,25 +18,27 @@ #include "net/http/http_response_headers.h" #include "net/http/http_response_info.h" #include "net/http/http_util.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" namespace net { namespace { -void AddSpdyHeader(const std::string& name, - const std::string& value, +void AddSpdyHeader(const SpdyString& name, + const SpdyString& value, SpdyHeaderBlock* headers) { if (headers->find(name) == headers->end()) { (*headers)[name] = value; } else { - std::string joint_value = (*headers)[name].as_string(); + SpdyString joint_value = (*headers)[name].as_string(); joint_value.append(1, '\0'); joint_value.append(value); (*headers)[name] = joint_value; } } -} // namespace +} // namespace bool SpdyHeadersToHttpResponse(const SpdyHeaderBlock& headers, HttpResponseInfo* response) { @@ -44,8 +46,8 @@ bool SpdyHeadersToHttpResponse(const SpdyHeaderBlock& headers, SpdyHeaderBlock::const_iterator it = headers.find(":status"); if (it == headers.end()) return false; - std::string status = it->second.as_string(); - std::string raw_headers("HTTP/1.1 "); + SpdyString status = it->second.as_string(); + SpdyString raw_headers("HTTP/1.1 "); raw_headers.append(status); raw_headers.push_back('\0'); for (it = headers.begin(); it != headers.end(); ++it) { @@ -57,12 +59,12 @@ bool SpdyHeadersToHttpResponse(const SpdyHeaderBlock& headers, // becomes // Set-Cookie: foo\0 // Set-Cookie: bar\0 - std::string value = it->second.as_string(); + SpdyString value = it->second.as_string(); size_t start = 0; size_t end = 0; do { end = value.find('\0', start); - std::string tval; + SpdyString tval; if (end != value.npos) tval = value.substr(start, (end - start)); else @@ -98,7 +100,7 @@ void CreateSpdyHeadersFromHttpRequest(const HttpRequestInfo& info, HttpRequestHeaders::Iterator it(request_headers); while (it.GetNext()) { - std::string name = base::ToLowerASCII(it.name()); + SpdyString name = base::ToLowerASCII(it.name()); if (name.empty() || name[0] == ':' || name == "connection" || name == "proxy-connection" || name == "transfer-encoding" || name == "host") { @@ -133,11 +135,11 @@ NET_EXPORT_PRIVATE void ConvertHeaderBlockToHttpRequestHeaders( const SpdyHeaderBlock& spdy_headers, HttpRequestHeaders* http_headers) { for (const auto& it : spdy_headers) { - base::StringPiece key = it.first; + SpdyStringPiece key = it.first; if (key[0] == ':') { key.remove_prefix(1); } - std::vector<base::StringPiece> values = base::SplitStringPiece( + std::vector<SpdyStringPiece> values = base::SplitStringPiece( it.second, "\0", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); for (const auto& value : values) { http_headers->SetHeader(key, value); @@ -149,7 +151,7 @@ GURL GetUrlFromHeaderBlock(const SpdyHeaderBlock& headers) { SpdyHeaderBlock::const_iterator it = headers.find(":scheme"); if (it == headers.end()) return GURL(); - std::string url = it->second.as_string(); + SpdyString url = it->second.as_string(); url.append("://"); it = headers.find(":authority"); diff --git a/chromium/net/spdy/spdy_log_util.cc b/chromium/net/spdy/spdy_log_util.cc new file mode 100644 index 00000000000..ec56b4b8de5 --- /dev/null +++ b/chromium/net/spdy/spdy_log_util.cc @@ -0,0 +1,40 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/spdy/spdy_log_util.h" + +#include "base/memory/ptr_util.h" +#include "base/strings/string_number_conversions.h" +#include "base/values.h" +#include "net/http/http_log_util.h" + +namespace net { + +SpdyString ElideGoAwayDebugDataForNetLog(NetLogCaptureMode capture_mode, + base::StringPiece debug_data) { + // Note: this logic should be kept in sync with stripGoAwayDebugData in + // chrome/browser/resources/net_internals/log_view_painter.js. + if (capture_mode.include_cookies_and_credentials()) { + return debug_data.as_string(); + } + + return SpdyString("[") + base::SizeTToString(debug_data.size()) + + SpdyString(" bytes were stripped]"); +} + +std::unique_ptr<base::ListValue> ElideSpdyHeaderBlockForNetLog( + const SpdyHeaderBlock& headers, + NetLogCaptureMode capture_mode) { + auto headers_list = base::MakeUnique<base::ListValue>(); + for (SpdyHeaderBlock::const_iterator it = headers.begin(); + it != headers.end(); ++it) { + headers_list->AppendString( + it->first.as_string() + ": " + + ElideHeaderValueForNetLog(capture_mode, it->first.as_string(), + it->second.as_string())); + } + return headers_list; +} + +} // namespace net diff --git a/chromium/net/spdy/spdy_log_util.h b/chromium/net/spdy/spdy_log_util.h new file mode 100644 index 00000000000..e2f98e6c55c --- /dev/null +++ b/chromium/net/spdy/spdy_log_util.h @@ -0,0 +1,35 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_SPDY_SPDY_LOG_UTIL_H_ +#define NET_SPDY_SPDY_LOG_UTIL_H_ + +#include <memory> + +#include "base/strings/string_piece.h" +#include "net/base/net_export.h" +#include "net/log/net_log_capture_mode.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/spdy_header_block.h" + +namespace base { +class ListValue; +} // namespace base + +namespace net { + +// Given an HTTP/2 GOAWAY frame |debug_data|, returns the elided version +// according to |capture_mode|. +NET_EXPORT_PRIVATE SpdyString +ElideGoAwayDebugDataForNetLog(NetLogCaptureMode capture_mode, + base::StringPiece debug_data); + +// Given a SpdyHeaderBlock, return its base::ListValue representation. +NET_EXPORT_PRIVATE std::unique_ptr<base::ListValue> +ElideSpdyHeaderBlockForNetLog(const SpdyHeaderBlock& headers, + NetLogCaptureMode capture_mode); + +} // namespace net + +#endif // NET_SPDY_SPDY_LOG_UTIL_H_ diff --git a/chromium/net/spdy/spdy_log_util_unittest.cc b/chromium/net/spdy/spdy_log_util_unittest.cc new file mode 100644 index 00000000000..7c1f6d7d161 --- /dev/null +++ b/chromium/net/spdy/spdy_log_util_unittest.cc @@ -0,0 +1,45 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/spdy/spdy_log_util.h" + +#include "base/values.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { + +TEST(SpdyLogUtilTest, ElideGoAwayDebugDataForNetLog) { + // Only elide for appropriate log level. + EXPECT_EQ( + "[6 bytes were stripped]", + ElideGoAwayDebugDataForNetLog(NetLogCaptureMode::Default(), "foobar")); + EXPECT_EQ("foobar", + ElideGoAwayDebugDataForNetLog( + NetLogCaptureMode::IncludeCookiesAndCredentials(), "foobar")); +} + +TEST(SpdyLogUtilTest, ElideSpdyHeaderBlockForNetLog) { + SpdyHeaderBlock headers; + headers["foo"] = "bar"; + headers["cookie"] = "name=value"; + + std::unique_ptr<base::ListValue> list = + ElideSpdyHeaderBlockForNetLog(headers, NetLogCaptureMode::Default()); + EXPECT_EQ(2u, list->GetSize()); + SpdyString field; + EXPECT_TRUE(list->GetString(0, &field)); + EXPECT_EQ("foo: bar", field); + EXPECT_TRUE(list->GetString(1, &field)); + EXPECT_EQ("cookie: [10 bytes were stripped]", field); + + list = ElideSpdyHeaderBlockForNetLog( + headers, NetLogCaptureMode::IncludeCookiesAndCredentials()); + EXPECT_EQ(2u, list->GetSize()); + EXPECT_TRUE(list->GetString(0, &field)); + EXPECT_EQ("foo: bar", field); + EXPECT_TRUE(list->GetString(1, &field)); + EXPECT_EQ("cookie: name=value", field); +} + +} // namespace net diff --git a/chromium/net/spdy/spdy_network_transaction_unittest.cc b/chromium/net/spdy/spdy_network_transaction_unittest.cc index e856c55ddb1..f00777dca13 100644 --- a/chromium/net/spdy/spdy_network_transaction_unittest.cc +++ b/chromium/net/spdy/spdy_network_transaction_unittest.cc @@ -4,7 +4,6 @@ #include <cmath> #include <memory> -#include <string> #include <utility> #include <vector> @@ -14,7 +13,6 @@ #include "base/files/scoped_temp_dir.h" #include "base/memory/ptr_util.h" #include "base/run_loop.h" -#include "base/strings/string_piece.h" #include "base/test/test_file_util.h" #include "base/threading/thread_task_runner_handle.h" #include "net/base/auth.h" @@ -40,6 +38,8 @@ #include "net/socket/client_socket_pool_base.h" #include "net/socket/next_proto.h" #include "net/spdy/buffered_spdy_framer.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/spdy_http_stream.h" #include "net/spdy/spdy_http_utils.h" #include "net/spdy/spdy_protocol.h" @@ -93,8 +93,8 @@ class SpdyNetworkTransactionTest : public ::testing::Test { struct TransactionHelperResult { int rv; - std::string status_line; - std::string response_data; + SpdyString status_line; + SpdyString response_data; HttpResponseInfo response_info; }; @@ -407,8 +407,7 @@ class SpdyNetworkTransactionTest : public ::testing::Test { // multiple transactions in the read pipeline; so as we read, we may have // to skip over data destined for other transactions while we consume // the data for |trans|. - int ReadResult(HttpNetworkTransaction* trans, - std::string* result) { + int ReadResult(HttpNetworkTransaction* trans, SpdyString* result) { const int kSize = 3000; int bytes_read = 0; @@ -437,7 +436,9 @@ class SpdyNetworkTransactionTest : public ::testing::Test { NetLogWithSource log; HttpNetworkSession* session = helper.session(); base::WeakPtr<SpdySession> spdy_session = - session->spdy_session_pool()->FindAvailableSession(key, url, log); + session->spdy_session_pool()->FindAvailableSession( + key, url, + /* enable_ip_based_pooling = */ true, log); ASSERT_TRUE(spdy_session); EXPECT_EQ(0u, spdy_session->num_active_streams()); EXPECT_EQ(0u, spdy_session->num_unclaimed_pushed_streams()); @@ -446,7 +447,7 @@ class SpdyNetworkTransactionTest : public ::testing::Test { void RunServerPushTest(SequencedSocketData* data, HttpResponseInfo* response, HttpResponseInfo* push_response, - const std::string& expected) { + const SpdyString& expected) { NormalSpdyTransactionHelper helper(CreateGetRequest(), DEFAULT_PRIORITY, NetLogWithSource(), nullptr); helper.RunPreTestSetup(); @@ -475,10 +476,10 @@ class SpdyNetworkTransactionTest : public ::testing::Test { // the results into a single string. // Read the server push body. - std::string result2; + SpdyString result2; ReadResult(&trans2, &result2); // Read the response body. - std::string result; + SpdyString result; ReadResult(trans, &result); // Verify that we consumed all test data. @@ -563,8 +564,8 @@ class SpdyNetworkTransactionTest : public ::testing::Test { return upload_chunked_data_stream_.get(); } - std::string GetDefaultUrlWithPath(const char* path) { - return std::string(kDefaultUrl) + path; + SpdyString GetDefaultUrlWithPath(const char* path) { + return SpdyString(kDefaultUrl) + path; } const GURL default_url_; @@ -1670,7 +1671,7 @@ TEST_F(SpdyNetworkTransactionTest, DelayedChunkedPost) { helper.FinishDefaultTest(); helper.VerifyDataConsumed(); - std::string expected_response; + SpdyString expected_response; expected_response += kUploadData; expected_response += kUploadData; expected_response += kUploadData; @@ -1796,7 +1797,7 @@ TEST_F(SpdyNetworkTransactionTest, ResponseBeforePostCompletes) { helper.WaitForCallbackToComplete(); EXPECT_THAT(helper.output().rv, IsOk()); - std::string response_body; + SpdyString response_body; EXPECT_THAT(ReadTransaction(helper.trans(), &response_body), IsOk()); EXPECT_EQ(kUploadData, response_body); @@ -1901,7 +1902,7 @@ TEST_F(SpdyNetworkTransactionTest, ResponseWithTwoSynReplies) { ASSERT_TRUE(response); EXPECT_TRUE(response->headers); EXPECT_TRUE(response->was_fetched_via_spdy); - std::string response_data; + SpdyString response_data; rv = ReadTransaction(trans, &response_data); EXPECT_THAT(rv, IsError(ERR_SPDY_PROTOCOL_ERROR)); @@ -2235,7 +2236,7 @@ TEST_F(SpdyNetworkTransactionTest, spdy_util_.ConstructSpdyDataFrame(1, "should not include", 18, true)); SpdyHeaderBlock push_headers; - spdy_util_.AddUrlToHeaderBlock(std::string(kDefaultUrl) + "b.dat", + spdy_util_.AddUrlToHeaderBlock(SpdyString(kDefaultUrl) + "b.dat", &push_headers); SpdySerializedFrame push_init_frame( @@ -2352,7 +2353,7 @@ TEST_F(SpdyNetworkTransactionTest, DISABLED_RedirectGetRequest) { EXPECT_EQ(1, d.response_started_count()); EXPECT_FALSE(d.received_data_before_response()); EXPECT_EQ(OK, d.request_status()); - std::string contents("hello!"); + SpdyString contents("hello!"); EXPECT_EQ(contents, d.data_received()); } EXPECT_TRUE(data.AllReadDataConsumed()); @@ -2420,7 +2421,7 @@ TEST_F(SpdyNetworkTransactionTest, DISABLED_RedirectServerPush) { base::RunLoop().Run(); EXPECT_EQ(0, d.received_redirect_count()); - std::string contents("hello!"); + SpdyString contents("hello!"); EXPECT_EQ(contents, d.data_received()); std::unique_ptr<URLRequest> r2(spdy_url_request_context.CreateRequest( @@ -2438,7 +2439,7 @@ TEST_F(SpdyNetworkTransactionTest, DISABLED_RedirectServerPush) { EXPECT_EQ(1, d2.response_started_count()); EXPECT_FALSE(d2.received_data_before_response()); EXPECT_EQ(OK, d2.request_status()); - std::string contents2("hello!"); + SpdyString contents2("hello!"); EXPECT_EQ(contents2, d2.data_received()); } EXPECT_TRUE(data.AllReadDataConsumed()); @@ -2472,7 +2473,7 @@ TEST_F(SpdyNetworkTransactionTest, ServerPushSingleDataFrame) { HttpResponseInfo response; HttpResponseInfo response2; - std::string expected_push_result("pushed"); + SpdyString expected_push_result("pushed"); SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes)); RunServerPushTest(&data, &response, @@ -2515,7 +2516,7 @@ TEST_F(SpdyNetworkTransactionTest, ServerPushBeforeHeaders) { HttpResponseInfo response; HttpResponseInfo response2; - std::string expected_push_result("pushed"); + SpdyString expected_push_result("pushed"); SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes)); RunServerPushTest(&data, &response, @@ -2558,7 +2559,7 @@ TEST_F(SpdyNetworkTransactionTest, ServerPushSingleDataFrame2) { HttpResponseInfo response; HttpResponseInfo response2; - std::string expected_push_result("pushed"); + SpdyString expected_push_result("pushed"); SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes)); RunServerPushTest(&data, &response, @@ -2771,7 +2772,7 @@ TEST_F(SpdyNetworkTransactionTest, ServerPushDuplicate) { HttpResponseInfo response; HttpResponseInfo response2; - std::string expected_push_result("pushed"); + SpdyString expected_push_result("pushed"); SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes)); RunServerPushTest(&data, &response, @@ -2827,7 +2828,7 @@ TEST_F(SpdyNetworkTransactionTest, ServerPushMultipleDataFrame) { HttpResponseInfo response; HttpResponseInfo response2; - std::string expected_push_result("pushed my darling hello my baby"); + SpdyString expected_push_result("pushed my darling hello my baby"); SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes)); RunServerPushTest(&data, &response, &response2, kPushedData); @@ -3126,7 +3127,7 @@ TEST_F(SpdyNetworkTransactionTest, ServerPushOnClosedPushedStream) { response = *trans2.GetResponseInfo(); EXPECT_TRUE(response.headers); EXPECT_EQ("HTTP/1.1 200", response.headers->GetStatusLine()); - std::string result; + SpdyString result; ReadResult(&trans2, &result); EXPECT_EQ(kPushedData, result); @@ -3167,7 +3168,7 @@ TEST_F(SpdyNetworkTransactionTest, ResponseHeaders) { test_cases[1].expected_headers["hello"] = "bye"; test_cases[2].expected_headers["hello"] = "bye"; - test_cases[0].expected_headers["cookie"] = base::StringPiece("val1\0val2", 9); + test_cases[0].expected_headers["cookie"] = SpdyStringPiece("val1\0val2", 9); test_cases[2].expected_headers["cookie"] = "val1,val2"; for (size_t i = 0; i < arraysize(test_cases); ++i) { @@ -3198,14 +3199,14 @@ TEST_F(SpdyNetworkTransactionTest, ResponseHeaders) { scoped_refptr<HttpResponseHeaders> headers = out.response_info.headers; EXPECT_TRUE(headers); size_t iter = 0; - std::string name, value; + SpdyString name, value; SpdyHeaderBlock header_block; while (headers->EnumerateHeaderLines(&iter, &name, &value)) { auto value_it = header_block.find(name); if (value_it == header_block.end() || value_it->second.empty()) { header_block[name] = value; } else { - std::string joint_value = value_it->second.as_string(); + SpdyString joint_value = value_it->second.as_string(); joint_value.append(1, '\0'); joint_value.append(value); header_block[name] = joint_value; @@ -3268,7 +3269,7 @@ TEST_F(SpdyNetworkTransactionTest, ResponseHeadersVary) { test_cases[i].num_headers[1], &reply_headers); // Construct the expected header reply string before moving |reply_headers|. - std::string expected_reply = + SpdyString expected_reply = spdy_test_util.ConstructSpdyReplyString(reply_headers); SpdySerializedFrame frame_reply( @@ -3309,7 +3310,7 @@ TEST_F(SpdyNetworkTransactionTest, ResponseHeadersVary) { scoped_refptr<HttpResponseHeaders> headers = out.response_info.headers; ASSERT_TRUE(headers) << i; size_t iter = 0; - std::string name, value, lines; + SpdyString name, value, lines; while (headers->EnumerateHeaderLines(&iter, &name, &value)) { lines.append(name); lines.append(": "); @@ -3566,19 +3567,17 @@ TEST_F(SpdyNetworkTransactionTest, NetLog) { ASSERT_TRUE(entries[pos].params.get()); ASSERT_TRUE(entries[pos].params->GetList("headers", &header_list)); - std::vector<std::string> expected; - expected.push_back(std::string(spdy_util_.GetHostKey()) + - ": www.example.org"); - expected.push_back(std::string(spdy_util_.GetPathKey()) + ": /"); - expected.push_back(std::string(spdy_util_.GetSchemeKey()) + ": " + + std::vector<SpdyString> expected; + expected.push_back(SpdyString(spdy_util_.GetHostKey()) + ": www.example.org"); + expected.push_back(SpdyString(spdy_util_.GetPathKey()) + ": /"); + expected.push_back(SpdyString(spdy_util_.GetSchemeKey()) + ": " + default_url_.scheme()); - expected.push_back(std::string(spdy_util_.GetMethodKey()) + ": GET"); + expected.push_back(SpdyString(spdy_util_.GetMethodKey()) + ": GET"); expected.push_back("user-agent: Chrome"); EXPECT_EQ(expected.size(), header_list->GetSize()); - for (std::vector<std::string>::const_iterator it = expected.begin(); - it != expected.end(); - ++it) { - base::StringValue header(*it); + for (std::vector<SpdyString>::const_iterator it = expected.begin(); + it != expected.end(); ++it) { + base::Value header(*it); EXPECT_NE(header_list->end(), header_list->Find(header)) << "Header not found: " << *it; } @@ -3644,7 +3643,7 @@ TEST_F(SpdyNetworkTransactionTest, BufferFull) { // Read Data TestCompletionCallback read_callback; - std::string content; + SpdyString content; do { // Read small chunks at a time. const int kSmallReadSize = 3; @@ -3729,7 +3728,7 @@ TEST_F(SpdyNetworkTransactionTest, Buffering) { // Read Data TestCompletionCallback read_callback; - std::string content; + SpdyString content; int reads_completed = 0; do { // Read small chunks at a time. @@ -3815,7 +3814,7 @@ TEST_F(SpdyNetworkTransactionTest, BufferedAll) { // Read Data TestCompletionCallback read_callback; - std::string content; + SpdyString content; int reads_completed = 0; do { // Read small chunks at a time. @@ -3898,7 +3897,7 @@ TEST_F(SpdyNetworkTransactionTest, BufferedClosed) { // Read Data TestCompletionCallback read_callback; - std::string content; + SpdyString content; int reads_completed = 0; do { // Read small chunks at a time. @@ -4057,7 +4056,9 @@ TEST_F(SpdyNetworkTransactionTest, GracefulGoaway) { PRIVACY_MODE_DISABLED); NetLogWithSource log; base::WeakPtr<SpdySession> spdy_session = - spdy_session_pool->FindAvailableSession(key, GURL(), log); + spdy_session_pool->FindAvailableSession( + key, GURL(), + /* enable_ip_based_pooling = */ true, log); EXPECT_TRUE(spdy_session); // Start second transaction. @@ -4081,13 +4082,15 @@ TEST_F(SpdyNetworkTransactionTest, GracefulGoaway) { EXPECT_TRUE(response->was_alpn_negotiated); EXPECT_EQ("127.0.0.1", response->socket_address.host()); EXPECT_EQ(443, response->socket_address.port()); - std::string response_data; + SpdyString response_data; rv = ReadTransaction(&trans2, &response_data); EXPECT_THAT(rv, IsOk()); EXPECT_EQ("hello!", response_data); // Graceful GOAWAY was received, SpdySession should be unavailable. - spdy_session = spdy_session_pool->FindAvailableSession(key, GURL(), log); + spdy_session = spdy_session_pool->FindAvailableSession( + key, GURL(), + /* enable_ip_based_pooling = */ true, log); EXPECT_FALSE(spdy_session); helper.VerifyDataConsumed(); @@ -4195,7 +4198,7 @@ TEST_F(SpdyNetworkTransactionTest, HTTP11RequiredRetry) { EXPECT_TRUE(request.url.SchemeIs("https")); EXPECT_EQ("127.0.0.1", response->socket_address.host()); EXPECT_EQ(443, response->socket_address.port()); - std::string response_data; + SpdyString response_data; ASSERT_THAT(ReadTransaction(helper.trans(), &response_data), IsOk()); EXPECT_EQ("hello", response_data); } @@ -4290,7 +4293,7 @@ TEST_F(SpdyNetworkTransactionTest, HTTP11RequiredProxyRetry) { EXPECT_TRUE(request.url.SchemeIs("https")); EXPECT_EQ("127.0.0.1", response->socket_address.host()); EXPECT_EQ(70, response->socket_address.port()); - std::string response_data; + SpdyString response_data; ASSERT_THAT(ReadTransaction(helper.trans(), &response_data), IsOk()); EXPECT_EQ("hello", response_data); } @@ -4342,7 +4345,7 @@ TEST_F(SpdyNetworkTransactionTest, ProxyConnect) { ASSERT_TRUE(response.headers); EXPECT_EQ("HTTP/1.1 200", response.headers->GetStatusLine()); - std::string response_data; + SpdyString response_data; ASSERT_THAT(ReadTransaction(trans, &response_data), IsOk()); EXPECT_EQ("hello!", response_data); helper.VerifyDataConsumed(); @@ -4465,7 +4468,7 @@ TEST_F(SpdyNetworkTransactionTest, DirectConnectProxyReconnect) { ASSERT_TRUE(response_proxy.headers); EXPECT_EQ("HTTP/1.1 200", response_proxy.headers->GetStatusLine()); - std::string response_data; + SpdyString response_data; ASSERT_THAT(ReadTransaction(trans_proxy, &response_data), IsOk()); EXPECT_EQ("hello!", response_data); @@ -4548,7 +4551,7 @@ TEST_F(SpdyNetworkTransactionTest, VerifyRetryOnConnectionReset) { ASSERT_TRUE(response); EXPECT_TRUE(response->headers); EXPECT_TRUE(response->was_fetched_via_spdy); - std::string response_data; + SpdyString response_data; rv = ReadTransaction(&trans, &response_data); EXPECT_THAT(rv, IsOk()); EXPECT_EQ("HTTP/1.1 200", response->headers->GetStatusLine()); @@ -4689,7 +4692,7 @@ TEST_F(SpdyNetworkTransactionTest, ServerPushWithHeaders) { HttpResponseInfo response; HttpResponseInfo response2; - std::string expected_push_result("pushed"); + SpdyString expected_push_result("pushed"); SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes)); RunServerPushTest(&data, &response, @@ -4741,7 +4744,7 @@ TEST_F(SpdyNetworkTransactionTest, ServerPushClaimBeforeHeaders) { HttpResponseInfo response; HttpResponseInfo response2; - std::string expected_push_result("pushed"); + SpdyString expected_push_result("pushed"); SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes)); NormalSpdyTransactionHelper helper(CreateGetRequest(), DEFAULT_PRIORITY, @@ -4773,10 +4776,10 @@ TEST_F(SpdyNetworkTransactionTest, ServerPushClaimBeforeHeaders) { base::RunLoop().RunUntilIdle(); // Read the server push body. - std::string result2; + SpdyString result2; ReadResult(&trans2, &result2); // Read the response body. - std::string result; + SpdyString result; ReadResult(trans, &result); // Verify that the received push data is same as the expected push data. @@ -4964,7 +4967,7 @@ TEST_F(SpdyNetworkTransactionTest, ServerPushCrossOriginCorrectness) { base::RunLoop().RunUntilIdle(); // Read the response body. - std::string result; + SpdyString result; ReadResult(trans, &result); // Verify that we consumed all test data. @@ -5035,7 +5038,9 @@ TEST_F(SpdyNetworkTransactionTest, ServerPushValidCrossOrigin) { SpdySessionKey key(host_port_pair_, ProxyServer::Direct(), PRIVACY_MODE_DISABLED); base::WeakPtr<SpdySession> spdy_session = - spdy_session_pool->FindAvailableSession(key, GURL(), log); + spdy_session_pool->FindAvailableSession( + key, GURL(), + /* enable_ip_based_pooling = */ true, log); EXPECT_FALSE(spdy_session->unclaimed_pushed_streams_.empty()); EXPECT_EQ(1u, spdy_session->unclaimed_pushed_streams_.size()); @@ -5059,7 +5064,7 @@ TEST_F(SpdyNetworkTransactionTest, ServerPushValidCrossOrigin) { EXPECT_TRUE(response.headers); EXPECT_EQ("HTTP/1.1 200", response.headers->GetStatusLine()); - std::string result0; + SpdyString result0; ReadResult(trans0, &result0); EXPECT_EQ("hello!", result0); @@ -5067,7 +5072,7 @@ TEST_F(SpdyNetworkTransactionTest, ServerPushValidCrossOrigin) { EXPECT_TRUE(push_response.headers); EXPECT_EQ("HTTP/1.1 200", push_response.headers->GetStatusLine()); - std::string result1; + SpdyString result1; ReadResult(&trans1, &result1); EXPECT_EQ(kPushedData, result1); @@ -5182,7 +5187,9 @@ TEST_F(SpdyNetworkTransactionTest, ServerPushValidCrossOriginWithOpenSession) { SpdySessionKey key0(host_port_pair0, ProxyServer::Direct(), PRIVACY_MODE_DISABLED); base::WeakPtr<SpdySession> spdy_session0 = - spdy_session_pool->FindAvailableSession(key0, GURL(), log); + spdy_session_pool->FindAvailableSession( + key0, GURL(), + /* enable_ip_based_pooling = */ true, log); EXPECT_TRUE(spdy_session0->unclaimed_pushed_streams_.empty()); EXPECT_EQ(0u, spdy_session0->unclaimed_pushed_streams_.size()); @@ -5191,7 +5198,9 @@ TEST_F(SpdyNetworkTransactionTest, ServerPushValidCrossOriginWithOpenSession) { SpdySessionKey key1(host_port_pair1, ProxyServer::Direct(), PRIVACY_MODE_DISABLED); base::WeakPtr<SpdySession> spdy_session1 = - spdy_session_pool->FindAvailableSession(key1, GURL(), log); + spdy_session_pool->FindAvailableSession( + key1, GURL(), + /* enable_ip_based_pooling = */ true, log); EXPECT_FALSE(spdy_session1->unclaimed_pushed_streams_.empty()); EXPECT_EQ(1u, spdy_session1->unclaimed_pushed_streams_.size()); @@ -5219,7 +5228,7 @@ TEST_F(SpdyNetworkTransactionTest, ServerPushValidCrossOriginWithOpenSession) { EXPECT_TRUE(response0.headers); EXPECT_EQ("HTTP/1.1 200", response0.headers->GetStatusLine()); - std::string result0; + SpdyString result0; ReadResult(trans0, &result0); EXPECT_EQ(kData0, result0); @@ -5227,7 +5236,7 @@ TEST_F(SpdyNetworkTransactionTest, ServerPushValidCrossOriginWithOpenSession) { EXPECT_TRUE(response1.headers); EXPECT_EQ("HTTP/1.1 200", response1.headers->GetStatusLine()); - std::string result1; + SpdyString result1; ReadResult(&trans1, &result1); EXPECT_EQ(kData1, result1); @@ -5235,7 +5244,7 @@ TEST_F(SpdyNetworkTransactionTest, ServerPushValidCrossOriginWithOpenSession) { EXPECT_TRUE(push_response.headers); EXPECT_EQ("HTTP/1.1 200", push_response.headers->GetStatusLine()); - std::string result2; + SpdyString result2; ReadResult(&trans2, &result2); EXPECT_EQ(kPushedData, result2); @@ -5460,8 +5469,8 @@ TEST_F(SpdyNetworkTransactionTest, OutOfOrderHeaders) { // fail under specific circumstances. TEST_F(SpdyNetworkTransactionTest, WindowUpdateReceived) { static int kFrameCount = 2; - std::unique_ptr<std::string> content( - new std::string(kMaxSpdyFrameChunkSize, 'a')); + std::unique_ptr<SpdyString> content( + new SpdyString(kMaxSpdyFrameChunkSize, 'a')); SpdySerializedFrame req(spdy_util_.ConstructSpdyPost( kDefaultUrl, 1, kMaxSpdyFrameChunkSize * kFrameCount, LOWEST, nullptr, 0)); @@ -5604,7 +5613,7 @@ TEST_F(SpdyNetworkTransactionTest, WindowUpdateSent) { reads.push_back(CreateMockRead(resp, writes.size() + reads.size())); std::vector<SpdySerializedFrame> body_frames; - const std::string body_data(kChunkSize, 'x'); + const SpdyString body_data(kChunkSize, 'x'); for (size_t remaining = kTargetSize; remaining != 0;) { size_t frame_size = std::min(remaining, body_data.size()); body_frames.push_back(spdy_util_.ConstructSpdyDataFrame(1, body_data.data(), @@ -5674,7 +5683,7 @@ TEST_F(SpdyNetworkTransactionTest, WindowUpdateSent) { trans->Read(buf.get(), kTargetSize, CompletionCallback())); EXPECT_EQ(static_cast<int>(stream_max_recv_window_size), stream->stream()->recv_window_size()); - EXPECT_THAT(base::StringPiece(buf->data(), kTargetSize), Each(Eq('x'))); + EXPECT_THAT(SpdyStringPiece(buf->data(), kTargetSize), Each(Eq('x'))); // Allow scheduled WINDOW_UPDATE frames to write. base::RunLoop().RunUntilIdle(); @@ -5687,8 +5696,8 @@ TEST_F(SpdyNetworkTransactionTest, WindowUpdateOverflow) { // set content-length header correctly) static int kFrameCount = 3; - std::unique_ptr<std::string> content( - new std::string(kMaxSpdyFrameChunkSize, 'a')); + std::unique_ptr<SpdyString> content( + new SpdyString(kMaxSpdyFrameChunkSize, 'a')); SpdySerializedFrame req(spdy_util_.ConstructSpdyPost( kDefaultUrl, 1, kMaxSpdyFrameChunkSize * kFrameCount, LOWEST, nullptr, 0)); @@ -5772,7 +5781,7 @@ TEST_F(SpdyNetworkTransactionTest, FlowControlStallResume) { ceil(static_cast<double>(kBufferSize) / kMaxSpdyFrameChunkSize); // Construct content for a data frame of maximum size. - std::string content(kMaxSpdyFrameChunkSize, 'a'); + SpdyString content(kMaxSpdyFrameChunkSize, 'a'); SpdySerializedFrame req(spdy_util_.ConstructSpdyPost( kDefaultUrl, 1, @@ -5796,8 +5805,8 @@ TEST_F(SpdyNetworkTransactionTest, FlowControlStallResume) { // If kBufferSize * num_upload_buffers > initial_window_size, // we need one additional frame to send the rest of 'a'. - std::string last_body(kBufferSize * num_upload_buffers - initial_window_size, - 'a'); + SpdyString last_body(kBufferSize * num_upload_buffers - initial_window_size, + 'a'); SpdySerializedFrame body4(spdy_util_.ConstructSpdyDataFrame( 1, last_body.c_str(), last_body.size(), false)); @@ -5854,7 +5863,7 @@ TEST_F(SpdyNetworkTransactionTest, FlowControlStallResume) { writes.size()); std::vector<std::unique_ptr<UploadElementReader>> element_readers; - std::string upload_data_string(kBufferSize * num_upload_buffers, 'a'); + SpdyString upload_data_string(kBufferSize * num_upload_buffers, 'a'); upload_data_string.append(kUploadData, kUploadDataSize); element_readers.push_back(base::WrapUnique(new UploadBytesElementReader( upload_data_string.c_str(), upload_data_string.size()))); @@ -5922,7 +5931,7 @@ TEST_F(SpdyNetworkTransactionTest, FlowControlStallResumeAfterSettings) { ceil(static_cast<double>(kBufferSize) / kMaxSpdyFrameChunkSize); // Construct content for a data frame of maximum size. - std::string content(kMaxSpdyFrameChunkSize, 'a'); + SpdyString content(kMaxSpdyFrameChunkSize, 'a'); SpdySerializedFrame req(spdy_util_.ConstructSpdyPost( kDefaultUrl, 1, @@ -5946,8 +5955,8 @@ TEST_F(SpdyNetworkTransactionTest, FlowControlStallResumeAfterSettings) { // If kBufferSize * num_upload_buffers > initial_window_size, // we need one additional frame to send the rest of 'a'. - std::string last_body(kBufferSize * num_upload_buffers - initial_window_size, - 'a'); + SpdyString last_body(kBufferSize * num_upload_buffers - initial_window_size, + 'a'); SpdySerializedFrame body4(spdy_util_.ConstructSpdyDataFrame( 1, last_body.c_str(), last_body.size(), false)); @@ -6013,7 +6022,7 @@ TEST_F(SpdyNetworkTransactionTest, FlowControlStallResumeAfterSettings) { writes.size()); std::vector<std::unique_ptr<UploadElementReader>> element_readers; - std::string upload_data_string(kBufferSize * num_upload_buffers, 'a'); + SpdyString upload_data_string(kBufferSize * num_upload_buffers, 'a'); upload_data_string.append(kUploadData, kUploadDataSize); element_readers.push_back(base::WrapUnique(new UploadBytesElementReader( upload_data_string.c_str(), upload_data_string.size()))); @@ -6084,7 +6093,7 @@ TEST_F(SpdyNetworkTransactionTest, FlowControlNegativeSendWindowSize) { ceil(static_cast<double>(kBufferSize) / kMaxSpdyFrameChunkSize); // Construct content for a data frame of maximum size. - std::string content(kMaxSpdyFrameChunkSize, 'a'); + SpdyString content(kMaxSpdyFrameChunkSize, 'a'); SpdySerializedFrame req(spdy_util_.ConstructSpdyPost( kDefaultUrl, 1, @@ -6108,8 +6117,8 @@ TEST_F(SpdyNetworkTransactionTest, FlowControlNegativeSendWindowSize) { // If kBufferSize * num_upload_buffers > initial_window_size, // we need one additional frame to send the rest of 'a'. - std::string last_body(kBufferSize * num_upload_buffers - initial_window_size, - 'a'); + SpdyString last_body(kBufferSize * num_upload_buffers - initial_window_size, + 'a'); SpdySerializedFrame body4(spdy_util_.ConstructSpdyDataFrame( 1, last_body.c_str(), last_body.size(), false)); @@ -6177,7 +6186,7 @@ TEST_F(SpdyNetworkTransactionTest, FlowControlNegativeSendWindowSize) { writes.size()); std::vector<std::unique_ptr<UploadElementReader>> element_readers; - std::string upload_data_string(kBufferSize * num_upload_buffers, 'a'); + SpdyString upload_data_string(kBufferSize * num_upload_buffers, 'a'); upload_data_string.append(kUploadData, kUploadDataSize); element_readers.push_back(base::WrapUnique(new UploadBytesElementReader( upload_data_string.c_str(), upload_data_string.size()))); @@ -6285,8 +6294,8 @@ TEST_F(SpdyNetworkTransactionTest, // Regression test for https://crbug.com/493348: request header exceeds 16 kB // and thus sent in multiple frames when using HTTP/2. TEST_F(SpdyNetworkTransactionTest, LargeRequest) { - const std::string kKey("foo"); - const std::string kValue(1 << 15, 'z'); + const SpdyString kKey("foo"); + const SpdyString kValue(1 << 15, 'z'); HttpRequestInfo request; request.method = "GET"; @@ -6330,9 +6339,9 @@ TEST_F(SpdyNetworkTransactionTest, LargeResponseHeader) { // HPACK decoder implementation limits string literal length to 16 kB. const char* response_headers[2]; - const std::string kKey(16 * 1024, 'a'); + const SpdyString kKey(16 * 1024, 'a'); response_headers[0] = kKey.data(); - const std::string kValue(16 * 1024, 'b'); + const SpdyString kValue(16 * 1024, 'b'); response_headers[1] = kValue.data(); SpdySerializedFrame resp( @@ -6506,6 +6515,52 @@ TEST_F(SpdyNetworkTransactionTest, ResponseAndRstStreamBeforePostDataSent) { EXPECT_EQ("hello!", out.response_data); } +// Unsupported frames must be ignored. This is especially important for frame +// type 0xb, which used to be the BLOCKED frame in previous versions of SPDY, +// but is going to be used for the ORIGIN frame. +// TODO(bnc): Implement ORIGIN frame support. https://crbug.com/697333 +TEST_F(SpdyNetworkTransactionTest, IgnoreUnsupportedOriginFrame) { + SpdySerializedFrame req( + spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true)); + MockWrite writes[] = {CreateMockWrite(req, 0)}; + + const char origin_frame_on_stream_zero[] = { + 0x00, 0x00, 0x05, // Length + 0x0b, // Type + 0x00, // Flags + 0x00, 0x00, 0x00, 0x00, // Stream ID + 0x00, 0x03, // Origin-Len + 'f', 'o', 'o' // ASCII-Origin + }; + + const char origin_frame_on_stream_one[] = { + 0x00, 0x00, 0x05, // Length + 0x0b, // Type + 0x00, // Flags + 0x00, 0x00, 0x00, 0x01, // Stream ID + 0x00, 0x03, // Origin-Len + 'b', 'a', 'r' // ASCII-Origin + }; + + SpdySerializedFrame resp(spdy_util_.ConstructSpdyGetReply(nullptr, 0, 1)); + SpdySerializedFrame body(spdy_util_.ConstructSpdyDataFrame(1, true)); + MockRead reads[] = {MockRead(ASYNC, origin_frame_on_stream_zero, + arraysize(origin_frame_on_stream_zero), 1), + CreateMockRead(resp, 2), + MockRead(ASYNC, origin_frame_on_stream_one, + arraysize(origin_frame_on_stream_one), 3), + CreateMockRead(body, 4), MockRead(ASYNC, 0, 5)}; + + SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes)); + NormalSpdyTransactionHelper helper(CreateGetRequest(), DEFAULT_PRIORITY, + NetLogWithSource(), nullptr); + helper.RunToCompletion(&data); + TransactionHelperResult out = helper.output(); + EXPECT_THAT(out.rv, IsOk()); + EXPECT_EQ("HTTP/1.1 200", out.status_line); + EXPECT_EQ("hello!", out.response_data); +} + class SpdyNetworkTransactionTLSUsageCheckTest : public SpdyNetworkTransactionTest { protected: diff --git a/chromium/net/spdy/spdy_no_op_visitor.h b/chromium/net/spdy/spdy_no_op_visitor.h index 8502024870d..5586e8699b3 100644 --- a/chromium/net/spdy/spdy_no_op_visitor.h +++ b/chromium/net/spdy/spdy_no_op_visitor.h @@ -11,6 +11,7 @@ #include <cstdint> +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/spdy_framer.h" #include "net/spdy/spdy_protocol.h" @@ -57,7 +58,7 @@ class SpdyNoOpVisitor : public SpdyFramerVisitorInterface, bool end) override {} void OnContinuation(SpdyStreamId stream_id, bool end) override {} void OnAltSvc(SpdyStreamId stream_id, - base::StringPiece origin, + SpdyStringPiece origin, const SpdyAltSvcWireFormat::AlternativeServiceVector& altsvc_vector) override {} void OnPriority(SpdyStreamId stream_id, @@ -77,7 +78,7 @@ class SpdyNoOpVisitor : public SpdyFramerVisitorInterface, // SpdyHeadersHandlerInterface methods: void OnHeaderBlockStart() override {} - void OnHeader(base::StringPiece key, base::StringPiece value) override {} + void OnHeader(SpdyStringPiece key, SpdyStringPiece value) override {} void OnHeaderBlockEnd(size_t uncompressed_header_bytes) override {} void OnHeaderBlockEnd(size_t /* uncompressed_header_bytes */, size_t /* compressed_header_bytes */) override {} diff --git a/chromium/net/spdy/spdy_pinnable_buffer_piece.h b/chromium/net/spdy/spdy_pinnable_buffer_piece.h index 01c9d9a2a94..c0dc3f2e3b4 100644 --- a/chromium/net/spdy/spdy_pinnable_buffer_piece.h +++ b/chromium/net/spdy/spdy_pinnable_buffer_piece.h @@ -9,8 +9,8 @@ #include <memory> -#include "base/strings/string_piece.h" #include "net/base/net_export.h" +#include "net/spdy/platform/api/spdy_string_piece.h" namespace net { @@ -33,8 +33,8 @@ struct NET_EXPORT_PRIVATE SpdyPinnableBufferPiece { return length_; } - operator base::StringPiece() const { - return base::StringPiece(buffer_, length_); + explicit operator SpdyStringPiece() const { + return SpdyStringPiece(buffer_, length_); } // Allocates and copies the buffer to internal storage. diff --git a/chromium/net/spdy/spdy_pinnable_buffer_piece_test.cc b/chromium/net/spdy/spdy_pinnable_buffer_piece_test.cc index 3101f5ea239..e4687eee9d8 100644 --- a/chromium/net/spdy/spdy_pinnable_buffer_piece_test.cc +++ b/chromium/net/spdy/spdy_pinnable_buffer_piece_test.cc @@ -4,6 +4,7 @@ #include "net/spdy/spdy_pinnable_buffer_piece.h" +#include "net/spdy/platform/api/spdy_string.h" #include "net/spdy/spdy_prefixed_buffer_reader.h" #include "testing/gtest/include/gtest/gtest.h" @@ -11,18 +12,16 @@ namespace net { namespace test { -using base::StringPiece; - class SpdyPinnableBufferPieceTest : public ::testing::Test { protected: - SpdyPrefixedBufferReader Build(const std::string& prefix, - const std::string& suffix) { + SpdyPrefixedBufferReader Build(const SpdyString& prefix, + const SpdyString& suffix) { prefix_ = prefix; suffix_ = suffix; return SpdyPrefixedBufferReader(prefix_.data(), prefix_.length(), suffix_.data(), suffix_.length()); } - std::string prefix_, suffix_; + SpdyString prefix_, suffix_; }; TEST_F(SpdyPinnableBufferPieceTest, Pin) { @@ -31,14 +30,14 @@ TEST_F(SpdyPinnableBufferPieceTest, Pin) { EXPECT_TRUE(reader.ReadN(6, &piece)); // Piece points to underlying prefix storage. - EXPECT_EQ(StringPiece("foobar"), piece); + EXPECT_EQ(SpdyStringPiece("foobar"), SpdyStringPiece(piece)); EXPECT_FALSE(piece.IsPinned()); EXPECT_EQ(prefix_.data(), piece.buffer()); piece.Pin(); // Piece now points to allocated storage. - EXPECT_EQ(StringPiece("foobar"), piece); + EXPECT_EQ(SpdyStringPiece("foobar"), SpdyStringPiece(piece)); EXPECT_TRUE(piece.IsPinned()); EXPECT_NE(prefix_.data(), piece.buffer()); @@ -56,22 +55,22 @@ TEST_F(SpdyPinnableBufferPieceTest, Swap) { piece1.Pin(); - EXPECT_EQ(StringPiece("foob"), piece1); + EXPECT_EQ(SpdyStringPiece("foob"), SpdyStringPiece(piece1)); EXPECT_TRUE(piece1.IsPinned()); - EXPECT_EQ(StringPiece("ar"), piece2); + EXPECT_EQ(SpdyStringPiece("ar"), SpdyStringPiece(piece2)); EXPECT_FALSE(piece2.IsPinned()); piece1.Swap(&piece2); - EXPECT_EQ(StringPiece("ar"), piece1); + EXPECT_EQ(SpdyStringPiece("ar"), SpdyStringPiece(piece1)); EXPECT_FALSE(piece1.IsPinned()); - EXPECT_EQ(StringPiece("foob"), piece2); + EXPECT_EQ(SpdyStringPiece("foob"), SpdyStringPiece(piece2)); EXPECT_TRUE(piece2.IsPinned()); SpdyPinnableBufferPiece empty; piece2.Swap(&empty); - EXPECT_EQ(StringPiece(""), piece2); + EXPECT_EQ(SpdyStringPiece(""), SpdyStringPiece(piece2)); EXPECT_FALSE(piece2.IsPinned()); } diff --git a/chromium/net/spdy/spdy_prefixed_buffer_reader_test.cc b/chromium/net/spdy/spdy_prefixed_buffer_reader_test.cc index 406bab71618..9e08b42e59f 100644 --- a/chromium/net/spdy/spdy_prefixed_buffer_reader_test.cc +++ b/chromium/net/spdy/spdy_prefixed_buffer_reader_test.cc @@ -4,6 +4,8 @@ #include "net/spdy/spdy_prefixed_buffer_reader.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" @@ -11,19 +13,18 @@ namespace net { namespace test { -using base::StringPiece; using testing::ElementsAreArray; class SpdyPrefixedBufferReaderTest : public ::testing::Test { protected: - SpdyPrefixedBufferReader Build(const std::string& prefix, - const std::string& suffix) { + SpdyPrefixedBufferReader Build(const SpdyString& prefix, + const SpdyString& suffix) { prefix_ = prefix; suffix_ = suffix; return SpdyPrefixedBufferReader(prefix_.data(), prefix_.length(), suffix_.data(), suffix_.length()); } - std::string prefix_, suffix_; + SpdyString prefix_, suffix_; }; TEST_F(SpdyPrefixedBufferReaderTest, ReadRawFromPrefix) { @@ -45,7 +46,7 @@ TEST_F(SpdyPrefixedBufferReaderTest, ReadPieceFromPrefix) { EXPECT_FALSE(reader.ReadN(10, &piece)); // Not enough buffer. EXPECT_TRUE(reader.ReadN(6, &piece)); EXPECT_FALSE(piece.IsPinned()); - EXPECT_EQ(StringPiece("foobar"), piece); + EXPECT_EQ(SpdyStringPiece("foobar"), SpdyStringPiece(piece)); EXPECT_EQ(0u, reader.Available()); } @@ -68,7 +69,7 @@ TEST_F(SpdyPrefixedBufferReaderTest, ReadPieceFromSuffix) { EXPECT_FALSE(reader.ReadN(10, &piece)); // Not enough buffer. EXPECT_TRUE(reader.ReadN(6, &piece)); EXPECT_FALSE(piece.IsPinned()); - EXPECT_EQ(StringPiece("foobar"), piece); + EXPECT_EQ(SpdyStringPiece("foobar"), SpdyStringPiece(piece)); EXPECT_EQ(0u, reader.Available()); } @@ -91,7 +92,7 @@ TEST_F(SpdyPrefixedBufferReaderTest, ReadPieceSpanning) { EXPECT_FALSE(reader.ReadN(10, &piece)); // Not enough buffer. EXPECT_TRUE(reader.ReadN(6, &piece)); EXPECT_TRUE(piece.IsPinned()); - EXPECT_EQ(StringPiece("foobar"), piece); + EXPECT_EQ(SpdyStringPiece("foobar"), SpdyStringPiece(piece)); EXPECT_EQ(0u, reader.Available()); } @@ -111,12 +112,12 @@ TEST_F(SpdyPrefixedBufferReaderTest, ReadMixed) { EXPECT_EQ(6u, reader.Available()); EXPECT_TRUE(reader.ReadN(3, &piece)); - EXPECT_EQ(StringPiece("fhi"), piece); + EXPECT_EQ(SpdyStringPiece("fhi"), SpdyStringPiece(piece)); EXPECT_TRUE(piece.IsPinned()); EXPECT_EQ(3u, reader.Available()); EXPECT_TRUE(reader.ReadN(2, &piece)); - EXPECT_EQ(StringPiece("jk"), piece); + EXPECT_EQ(SpdyStringPiece("jk"), SpdyStringPiece(piece)); EXPECT_FALSE(piece.IsPinned()); EXPECT_EQ(1u, reader.Available()); diff --git a/chromium/net/spdy/spdy_protocol.cc b/chromium/net/spdy/spdy_protocol.cc index dc18a8ab923..7d287cafc08 100644 --- a/chromium/net/spdy/spdy_protocol.cc +++ b/chromium/net/spdy/spdy_protocol.cc @@ -18,6 +18,10 @@ std::ostream& operator<<(std::ostream& out, SpdySettingsIds id) { return out << static_cast<uint16_t>(id); } +std::ostream& operator<<(std::ostream& out, SpdyFrameType frame_type) { + return out << SerializeFrameType(frame_type); +} + SpdyPriority ClampSpdy3Priority(SpdyPriority priority) { if (priority < kV3HighestPriority) { SPDY_BUG << "Invalid priority: " << static_cast<int>(priority); @@ -55,7 +59,7 @@ SpdyPriority Http2WeightToSpdy3Priority(int weight) { } bool IsDefinedFrameType(uint8_t frame_type_field) { - return frame_type_field <= MAX_FRAME_TYPE; + return frame_type_field <= SerializeFrameType(SpdyFrameType::MAX_FRAME_TYPE); } SpdyFrameType ParseFrameType(uint8_t frame_type_field) { @@ -64,16 +68,20 @@ SpdyFrameType ParseFrameType(uint8_t frame_type_field) { return static_cast<SpdyFrameType>(frame_type_field); } +uint8_t SerializeFrameType(SpdyFrameType frame_type) { + return static_cast<uint8_t>(frame_type); +} + bool IsValidHTTP2FrameStreamId(SpdyStreamId current_frame_stream_id, SpdyFrameType frame_type_field) { if (current_frame_stream_id == 0) { switch (frame_type_field) { - case DATA: - case HEADERS: - case PRIORITY: - case RST_STREAM: - case CONTINUATION: - case PUSH_PROMISE: + case SpdyFrameType::DATA: + case SpdyFrameType::HEADERS: + case SpdyFrameType::PRIORITY: + case SpdyFrameType::RST_STREAM: + case SpdyFrameType::CONTINUATION: + case SpdyFrameType::PUSH_PROMISE: // These frame types must specify a stream return false; default: @@ -81,9 +89,9 @@ bool IsValidHTTP2FrameStreamId(SpdyStreamId current_frame_stream_id, } } else { switch (frame_type_field) { - case GOAWAY: - case SETTINGS: - case PING: + case SpdyFrameType::GOAWAY: + case SpdyFrameType::SETTINGS: + case SpdyFrameType::PING: // These frame types must not specify a stream return false; default: @@ -94,31 +102,29 @@ bool IsValidHTTP2FrameStreamId(SpdyStreamId current_frame_stream_id, const char* FrameTypeToString(SpdyFrameType frame_type) { switch (frame_type) { - case DATA: + case SpdyFrameType::DATA: return "DATA"; - case RST_STREAM: + case SpdyFrameType::RST_STREAM: return "RST_STREAM"; - case SETTINGS: + case SpdyFrameType::SETTINGS: return "SETTINGS"; - case PING: + case SpdyFrameType::PING: return "PING"; - case GOAWAY: + case SpdyFrameType::GOAWAY: return "GOAWAY"; - case HEADERS: + case SpdyFrameType::HEADERS: return "HEADERS"; - case WINDOW_UPDATE: + case SpdyFrameType::WINDOW_UPDATE: return "WINDOW_UPDATE"; - case PUSH_PROMISE: + case SpdyFrameType::PUSH_PROMISE: return "PUSH_PROMISE"; - case CONTINUATION: + case SpdyFrameType::CONTINUATION: return "CONTINUATION"; - case PRIORITY: + case SpdyFrameType::PRIORITY: return "PRIORITY"; - case ALTSVC: + case SpdyFrameType::ALTSVC: return "ALTSVC"; - case BLOCKED: - return "BLOCKED"; - case EXTENSION: + case SpdyFrameType::EXTENSION: return "EXTENSION (unspecified)"; } return "UNKNOWN_FRAME_TYPE"; @@ -210,7 +216,7 @@ SpdyFrameWithHeaderBlockIR::SpdyFrameWithHeaderBlockIR( SpdyFrameWithHeaderBlockIR::~SpdyFrameWithHeaderBlockIR() {} -SpdyDataIR::SpdyDataIR(SpdyStreamId stream_id, base::StringPiece data) +SpdyDataIR::SpdyDataIR(SpdyStreamId stream_id, SpdyStringPiece data) : SpdyFrameWithFinIR(stream_id), data_(nullptr), data_len_(0), @@ -220,11 +226,11 @@ SpdyDataIR::SpdyDataIR(SpdyStreamId stream_id, base::StringPiece data) } SpdyDataIR::SpdyDataIR(SpdyStreamId stream_id, const char* data) - : SpdyDataIR(stream_id, base::StringPiece(data)) {} + : SpdyDataIR(stream_id, SpdyStringPiece(data)) {} -SpdyDataIR::SpdyDataIR(SpdyStreamId stream_id, std::string data) +SpdyDataIR::SpdyDataIR(SpdyStreamId stream_id, SpdyString data) : SpdyFrameWithFinIR(stream_id), - data_store_(base::MakeUnique<std::string>(std::move(data))), + data_store_(base::MakeUnique<SpdyString>(std::move(data))), data_(data_store_->data()), data_len_(data_store_->size()), padded_(false), @@ -243,6 +249,10 @@ void SpdyDataIR::Visit(SpdyFrameVisitor* visitor) const { return visitor->VisitData(*this); } +SpdyFrameType SpdyDataIR::frame_type() const { + return SpdyFrameType::DATA; +} + SpdyRstStreamIR::SpdyRstStreamIR(SpdyStreamId stream_id, SpdyErrorCode error_code) : SpdyFrameWithStreamIdIR(stream_id) { @@ -255,6 +265,10 @@ void SpdyRstStreamIR::Visit(SpdyFrameVisitor* visitor) const { return visitor->VisitRstStream(*this); } +SpdyFrameType SpdyRstStreamIR::frame_type() const { + return SpdyFrameType::RST_STREAM; +} + SpdySettingsIR::SpdySettingsIR() : is_ack_(false) {} SpdySettingsIR::~SpdySettingsIR() {} @@ -263,13 +277,21 @@ void SpdySettingsIR::Visit(SpdyFrameVisitor* visitor) const { return visitor->VisitSettings(*this); } +SpdyFrameType SpdySettingsIR::frame_type() const { + return SpdyFrameType::SETTINGS; +} + void SpdyPingIR::Visit(SpdyFrameVisitor* visitor) const { return visitor->VisitPing(*this); } +SpdyFrameType SpdyPingIR::frame_type() const { + return SpdyFrameType::PING; +} + SpdyGoAwayIR::SpdyGoAwayIR(SpdyStreamId last_good_stream_id, SpdyErrorCode error_code, - base::StringPiece description) + SpdyStringPiece description) : description_(description) { set_last_good_stream_id(last_good_stream_id); set_error_code(error_code); @@ -280,11 +302,11 @@ SpdyGoAwayIR::SpdyGoAwayIR(SpdyStreamId last_good_stream_id, const char* description) : SpdyGoAwayIR(last_good_stream_id, error_code, - base::StringPiece(description)) {} + SpdyStringPiece(description)) {} SpdyGoAwayIR::SpdyGoAwayIR(SpdyStreamId last_good_stream_id, SpdyErrorCode error_code, - std::string description) + SpdyString description) : description_store_(std::move(description)), description_(description_store_) { set_last_good_stream_id(last_good_stream_id); @@ -293,35 +315,51 @@ SpdyGoAwayIR::SpdyGoAwayIR(SpdyStreamId last_good_stream_id, SpdyGoAwayIR::~SpdyGoAwayIR() {} +void SpdyGoAwayIR::Visit(SpdyFrameVisitor* visitor) const { + return visitor->VisitGoAway(*this); +} + +SpdyFrameType SpdyGoAwayIR::frame_type() const { + return SpdyFrameType::GOAWAY; +} + SpdyContinuationIR::SpdyContinuationIR(SpdyStreamId stream_id) : SpdyFrameWithStreamIdIR(stream_id), end_headers_(false) { - encoding_ = base::MakeUnique<std::string>(); + encoding_ = base::MakeUnique<SpdyString>(); } SpdyContinuationIR::~SpdyContinuationIR() {} -void SpdyGoAwayIR::Visit(SpdyFrameVisitor* visitor) const { - return visitor->VisitGoAway(*this); +void SpdyContinuationIR::Visit(SpdyFrameVisitor* visitor) const { + return visitor->VisitContinuation(*this); +} + +SpdyFrameType SpdyContinuationIR::frame_type() const { + return SpdyFrameType::CONTINUATION; } void SpdyHeadersIR::Visit(SpdyFrameVisitor* visitor) const { return visitor->VisitHeaders(*this); } +SpdyFrameType SpdyHeadersIR::frame_type() const { + return SpdyFrameType::HEADERS; +} + void SpdyWindowUpdateIR::Visit(SpdyFrameVisitor* visitor) const { return visitor->VisitWindowUpdate(*this); } -void SpdyBlockedIR::Visit(SpdyFrameVisitor* visitor) const { - return visitor->VisitBlocked(*this); +SpdyFrameType SpdyWindowUpdateIR::frame_type() const { + return SpdyFrameType::WINDOW_UPDATE; } void SpdyPushPromiseIR::Visit(SpdyFrameVisitor* visitor) const { return visitor->VisitPushPromise(*this); } -void SpdyContinuationIR::Visit(SpdyFrameVisitor* visitor) const { - return visitor->VisitContinuation(*this); +SpdyFrameType SpdyPushPromiseIR::frame_type() const { + return SpdyFrameType::PUSH_PROMISE; } SpdyAltSvcIR::SpdyAltSvcIR(SpdyStreamId stream_id) @@ -335,8 +373,16 @@ void SpdyAltSvcIR::Visit(SpdyFrameVisitor* visitor) const { return visitor->VisitAltSvc(*this); } +SpdyFrameType SpdyAltSvcIR::frame_type() const { + return SpdyFrameType::ALTSVC; +} + void SpdyPriorityIR::Visit(SpdyFrameVisitor* visitor) const { return visitor->VisitPriority(*this); } +SpdyFrameType SpdyPriorityIR::frame_type() const { + return SpdyFrameType::PRIORITY; +} + } // namespace net diff --git a/chromium/net/spdy/spdy_protocol.h b/chromium/net/spdy/spdy_protocol.h index ed514e9f83f..a81539c3ff3 100644 --- a/chromium/net/spdy/spdy_protocol.h +++ b/chromium/net/spdy/spdy_protocol.h @@ -16,15 +16,15 @@ #include <limits> #include <map> #include <memory> -#include <string> #include <utility> #include "base/compiler_specific.h" #include "base/logging.h" #include "base/macros.h" -#include "base/strings/string_piece.h" #include "base/sys_byteorder.h" #include "net/base/net_export.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/spdy_alt_svc_wire_format.h" #include "net/spdy/spdy_bitmasks.h" #include "net/spdy/spdy_bug_tracker.h" @@ -69,7 +69,7 @@ NET_EXPORT_PRIVATE extern const char* const kHttp2ConnectionHeaderPrefix; const int kHttp2ConnectionHeaderPrefixSize = 24; // Wire values for HTTP2 frame types. -enum SpdyFrameType : uint8_t { +enum class SpdyFrameType : uint8_t { DATA = 0x00, HEADERS = 0x01, PRIORITY = 0x02, @@ -82,9 +82,7 @@ enum SpdyFrameType : uint8_t { CONTINUATION = 0x09, // ALTSVC is a public extension. ALTSVC = 0x0a, - // BLOCKED was never standardized, and should be deleted. - BLOCKED = 0x0b, - MAX_FRAME_TYPE = BLOCKED, + MAX_FRAME_TYPE = ALTSVC, // The specific value of EXTENSION is meaningless; it is a placeholder used // within SpdyFramer's state machine when handling unknown frames via an // extension API. @@ -153,6 +151,11 @@ enum SpdySettingsIds : uint16_t { NET_EXPORT_PRIVATE std::ostream& operator<<(std::ostream& out, SpdySettingsIds id); +// This operator is needed, because SpdyFrameType is an enum class, +// therefore implicit conversion to underlying integer type is not allowed. +NET_EXPORT_PRIVATE std::ostream& operator<<(std::ostream& out, + SpdyFrameType frame_type); + using SettingsMap = std::map<SpdySettingsIds, uint32_t>; // HTTP/2 error codes, RFC 7540 Section 7. @@ -222,6 +225,9 @@ NET_EXPORT_PRIVATE bool IsDefinedFrameType(uint8_t frame_type_field); // use IsValidFrameType() to verify validity of frame type fields. NET_EXPORT_PRIVATE SpdyFrameType ParseFrameType(uint8_t frame_type_field); +// Serializes a frame type to the on-the-wire value. +NET_EXPORT_PRIVATE uint8_t SerializeFrameType(SpdyFrameType frame_type); + // (HTTP/2) All standard frame types except WINDOW_UPDATE are // (stream-specific xor connection-level). Returns false iff we know // the given frame type does not align with the given streamID. @@ -372,6 +378,7 @@ class NET_EXPORT_PRIVATE SpdyFrameIR { virtual ~SpdyFrameIR() {} virtual void Visit(SpdyFrameVisitor* visitor) const = 0; + virtual SpdyFrameType frame_type() const = 0; protected: SpdyFrameIR() {} @@ -433,7 +440,7 @@ class NET_EXPORT_PRIVATE SpdyFrameWithHeaderBlockIR // Deep copy. header_block_ = std::move(header_block); } - void SetHeader(base::StringPiece name, base::StringPiece value) { + void SetHeader(SpdyStringPiece name, SpdyStringPiece value) { header_block_[name] = value; } @@ -451,13 +458,13 @@ class NET_EXPORT_PRIVATE SpdyDataIR : public NON_EXPORTED_BASE(SpdyFrameWithFinIR) { public: // Performs a deep copy on data. - SpdyDataIR(SpdyStreamId stream_id, base::StringPiece data); + SpdyDataIR(SpdyStreamId stream_id, SpdyStringPiece data); // Performs a deep copy on data. SpdyDataIR(SpdyStreamId stream_id, const char* data); // Moves data into data_store_. Makes a copy if passed a non-movable string. - SpdyDataIR(SpdyStreamId stream_id, std::string data); + SpdyDataIR(SpdyStreamId stream_id, SpdyString data); // Use in conjunction with SetDataShallow() for shallow-copy on data. explicit SpdyDataIR(SpdyStreamId stream_id); @@ -480,14 +487,14 @@ class NET_EXPORT_PRIVATE SpdyDataIR } // Deep-copy of data (keep private copy). - void SetDataDeep(base::StringPiece data) { - data_store_.reset(new std::string(data.data(), data.size())); + void SetDataDeep(SpdyStringPiece data) { + data_store_.reset(new SpdyString(data.data(), data.size())); data_ = data_store_->data(); data_len_ = data.size(); } // Shallow-copy of data (do not keep private copy). - void SetDataShallow(base::StringPiece data) { + void SetDataShallow(SpdyStringPiece data) { data_store_.reset(); data_ = data.data(); data_len_ = data.size(); @@ -503,9 +510,11 @@ class NET_EXPORT_PRIVATE SpdyDataIR void Visit(SpdyFrameVisitor* visitor) const override; + SpdyFrameType frame_type() const override; + private: // Used to store data that this SpdyDataIR should own. - std::unique_ptr<std::string> data_store_; + std::unique_ptr<SpdyString> data_store_; const char* data_; size_t data_len_; @@ -527,6 +536,8 @@ class NET_EXPORT_PRIVATE SpdyRstStreamIR : public SpdyFrameWithStreamIdIR { void Visit(SpdyFrameVisitor* visitor) const override; + SpdyFrameType frame_type() const override; + private: SpdyErrorCode error_code_; @@ -549,6 +560,8 @@ class NET_EXPORT_PRIVATE SpdySettingsIR : public SpdyFrameIR { void Visit(SpdyFrameVisitor* visitor) const override; + SpdyFrameType frame_type() const override; + private: SettingsMap values_; bool is_ack_; @@ -566,6 +579,8 @@ class NET_EXPORT_PRIVATE SpdyPingIR : public SpdyFrameIR { void Visit(SpdyFrameVisitor* visitor) const override; + SpdyFrameType frame_type() const override; + private: SpdyPingId id_; bool is_ack_; @@ -579,7 +594,7 @@ class NET_EXPORT_PRIVATE SpdyGoAwayIR : public SpdyFrameIR { // this SpdyGoAwayIR. SpdyGoAwayIR(SpdyStreamId last_good_stream_id, SpdyErrorCode error_code, - base::StringPiece description); + SpdyStringPiece description); // References description, doesn't copy it, so description must outlast // this SpdyGoAwayIR. @@ -591,12 +606,11 @@ class NET_EXPORT_PRIVATE SpdyGoAwayIR : public SpdyFrameIR { // keep description live after constructing this SpdyGoAwayIR. SpdyGoAwayIR(SpdyStreamId last_good_stream_id, SpdyErrorCode error_code, - std::string description); + SpdyString description); ~SpdyGoAwayIR() override; SpdyStreamId last_good_stream_id() const { return last_good_stream_id_; } void set_last_good_stream_id(SpdyStreamId last_good_stream_id) { - DCHECK_LE(0u, last_good_stream_id); DCHECK_EQ(0u, last_good_stream_id & ~kStreamIdMask); last_good_stream_id_ = last_good_stream_id; } @@ -606,15 +620,17 @@ class NET_EXPORT_PRIVATE SpdyGoAwayIR : public SpdyFrameIR { error_code_ = error_code; } - const base::StringPiece& description() const { return description_; } + const SpdyStringPiece& description() const { return description_; } void Visit(SpdyFrameVisitor* visitor) const override; + SpdyFrameType frame_type() const override; + private: SpdyStreamId last_good_stream_id_; SpdyErrorCode error_code_; - const std::string description_store_; - const base::StringPiece description_; + const SpdyString description_store_; + const SpdyStringPiece description_; DISALLOW_COPY_AND_ASSIGN(SpdyGoAwayIR); }; @@ -628,6 +644,8 @@ class NET_EXPORT_PRIVATE SpdyHeadersIR : public SpdyFrameWithHeaderBlockIR { void Visit(SpdyFrameVisitor* visitor) const override; + SpdyFrameType frame_type() const override; + bool has_priority() const { return has_priority_; } void set_has_priority(bool has_priority) { has_priority_ = has_priority; } int weight() const { return weight_; } @@ -675,24 +693,14 @@ class NET_EXPORT_PRIVATE SpdyWindowUpdateIR : public SpdyFrameWithStreamIdIR { void Visit(SpdyFrameVisitor* visitor) const override; + SpdyFrameType frame_type() const override; + private: int32_t delta_; DISALLOW_COPY_AND_ASSIGN(SpdyWindowUpdateIR); }; -class NET_EXPORT_PRIVATE SpdyBlockedIR - : public NON_EXPORTED_BASE(SpdyFrameWithStreamIdIR) { - public: - explicit SpdyBlockedIR(SpdyStreamId stream_id) - : SpdyFrameWithStreamIdIR(stream_id) {} - - void Visit(SpdyFrameVisitor* visitor) const override; - - private: - DISALLOW_COPY_AND_ASSIGN(SpdyBlockedIR); -}; - class NET_EXPORT_PRIVATE SpdyPushPromiseIR : public SpdyFrameWithHeaderBlockIR { public: SpdyPushPromiseIR(SpdyStreamId stream_id, SpdyStreamId promised_stream_id) @@ -708,6 +716,8 @@ class NET_EXPORT_PRIVATE SpdyPushPromiseIR : public SpdyFrameWithHeaderBlockIR { void Visit(SpdyFrameVisitor* visitor) const override; + SpdyFrameType frame_type() const override; + bool padded() const { return padded_; } int padding_payload_len() const { return padding_payload_len_; } void set_padding_len(int padding_len) { @@ -734,15 +744,17 @@ class NET_EXPORT_PRIVATE SpdyContinuationIR : public SpdyFrameWithStreamIdIR { void Visit(SpdyFrameVisitor* visitor) const override; + SpdyFrameType frame_type() const override; + bool end_headers() const { return end_headers_; } void set_end_headers(bool end_headers) {end_headers_ = end_headers;} - const std::string& encoding() const { return *encoding_; } - void take_encoding(std::unique_ptr<std::string> encoding) { + const SpdyString& encoding() const { return *encoding_; } + void take_encoding(std::unique_ptr<SpdyString> encoding) { encoding_ = std::move(encoding); } private: - std::unique_ptr<std::string> encoding_; + std::unique_ptr<SpdyString> encoding_; bool end_headers_; DISALLOW_COPY_AND_ASSIGN(SpdyContinuationIR); }; @@ -752,20 +764,22 @@ class NET_EXPORT_PRIVATE SpdyAltSvcIR : public SpdyFrameWithStreamIdIR { explicit SpdyAltSvcIR(SpdyStreamId stream_id); ~SpdyAltSvcIR() override; - std::string origin() const { return origin_; } + SpdyString origin() const { return origin_; } const SpdyAltSvcWireFormat::AlternativeServiceVector& altsvc_vector() const { return altsvc_vector_; } - void set_origin(std::string origin) { origin_ = std::move(origin); } + void set_origin(SpdyString origin) { origin_ = std::move(origin); } void add_altsvc(const SpdyAltSvcWireFormat::AlternativeService& altsvc) { altsvc_vector_.push_back(altsvc); } void Visit(SpdyFrameVisitor* visitor) const override; + SpdyFrameType frame_type() const override; + private: - std::string origin_; + SpdyString origin_; SpdyAltSvcWireFormat::AlternativeServiceVector altsvc_vector_; DISALLOW_COPY_AND_ASSIGN(SpdyAltSvcIR); }; @@ -794,6 +808,8 @@ class NET_EXPORT_PRIVATE SpdyPriorityIR : public SpdyFrameWithStreamIdIR { void Visit(SpdyFrameVisitor* visitor) const override; + SpdyFrameType frame_type() const override; + private: SpdyStreamId parent_stream_id_; int weight_; @@ -891,7 +907,6 @@ class SpdyFrameVisitor { virtual void VisitGoAway(const SpdyGoAwayIR& goaway) = 0; virtual void VisitHeaders(const SpdyHeadersIR& headers) = 0; virtual void VisitWindowUpdate(const SpdyWindowUpdateIR& window_update) = 0; - virtual void VisitBlocked(const SpdyBlockedIR& blocked) = 0; virtual void VisitPushPromise(const SpdyPushPromiseIR& push_promise) = 0; virtual void VisitContinuation(const SpdyContinuationIR& continuation) = 0; virtual void VisitAltSvc(const SpdyAltSvcIR& altsvc) = 0; diff --git a/chromium/net/spdy/spdy_protocol_test.cc b/chromium/net/spdy/spdy_protocol_test.cc index 3c5d55471a8..7dffc98ed3e 100644 --- a/chromium/net/spdy/spdy_protocol_test.cc +++ b/chromium/net/spdy/spdy_protocol_test.cc @@ -14,8 +14,6 @@ #include "net/test/gtest_util.h" #include "testing/gtest/include/gtest/gtest.h" -using std::string; - namespace net { std::ostream& operator<<(std::ostream& os, @@ -79,31 +77,31 @@ TEST(SpdyProtocolTest, Http2WeightToSpdy3Priority) { TEST(SpdyProtocolTest, IsValidHTTP2FrameStreamId) { // Stream-specific frames must have non-zero stream ids - EXPECT_TRUE(IsValidHTTP2FrameStreamId(1, DATA)); - EXPECT_FALSE(IsValidHTTP2FrameStreamId(0, DATA)); - EXPECT_TRUE(IsValidHTTP2FrameStreamId(1, HEADERS)); - EXPECT_FALSE(IsValidHTTP2FrameStreamId(0, HEADERS)); - EXPECT_TRUE(IsValidHTTP2FrameStreamId(1, PRIORITY)); - EXPECT_FALSE(IsValidHTTP2FrameStreamId(0, PRIORITY)); - EXPECT_TRUE(IsValidHTTP2FrameStreamId(1, RST_STREAM)); - EXPECT_FALSE(IsValidHTTP2FrameStreamId(0, RST_STREAM)); - EXPECT_TRUE(IsValidHTTP2FrameStreamId(1, CONTINUATION)); - EXPECT_FALSE(IsValidHTTP2FrameStreamId(0, CONTINUATION)); - EXPECT_TRUE(IsValidHTTP2FrameStreamId(1, PUSH_PROMISE)); - EXPECT_FALSE(IsValidHTTP2FrameStreamId(0, PUSH_PROMISE)); + EXPECT_TRUE(IsValidHTTP2FrameStreamId(1, SpdyFrameType::DATA)); + EXPECT_FALSE(IsValidHTTP2FrameStreamId(0, SpdyFrameType::DATA)); + EXPECT_TRUE(IsValidHTTP2FrameStreamId(1, SpdyFrameType::HEADERS)); + EXPECT_FALSE(IsValidHTTP2FrameStreamId(0, SpdyFrameType::HEADERS)); + EXPECT_TRUE(IsValidHTTP2FrameStreamId(1, SpdyFrameType::PRIORITY)); + EXPECT_FALSE(IsValidHTTP2FrameStreamId(0, SpdyFrameType::PRIORITY)); + EXPECT_TRUE(IsValidHTTP2FrameStreamId(1, SpdyFrameType::RST_STREAM)); + EXPECT_FALSE(IsValidHTTP2FrameStreamId(0, SpdyFrameType::RST_STREAM)); + EXPECT_TRUE(IsValidHTTP2FrameStreamId(1, SpdyFrameType::CONTINUATION)); + EXPECT_FALSE(IsValidHTTP2FrameStreamId(0, SpdyFrameType::CONTINUATION)); + EXPECT_TRUE(IsValidHTTP2FrameStreamId(1, SpdyFrameType::PUSH_PROMISE)); + EXPECT_FALSE(IsValidHTTP2FrameStreamId(0, SpdyFrameType::PUSH_PROMISE)); // Connection-level frames must have zero stream ids - EXPECT_FALSE(IsValidHTTP2FrameStreamId(1, GOAWAY)); - EXPECT_TRUE(IsValidHTTP2FrameStreamId(0, GOAWAY)); - EXPECT_FALSE(IsValidHTTP2FrameStreamId(1, SETTINGS)); - EXPECT_TRUE(IsValidHTTP2FrameStreamId(0, SETTINGS)); - EXPECT_FALSE(IsValidHTTP2FrameStreamId(1, PING)); - EXPECT_TRUE(IsValidHTTP2FrameStreamId(0, PING)); + EXPECT_FALSE(IsValidHTTP2FrameStreamId(1, SpdyFrameType::GOAWAY)); + EXPECT_TRUE(IsValidHTTP2FrameStreamId(0, SpdyFrameType::GOAWAY)); + EXPECT_FALSE(IsValidHTTP2FrameStreamId(1, SpdyFrameType::SETTINGS)); + EXPECT_TRUE(IsValidHTTP2FrameStreamId(0, SpdyFrameType::SETTINGS)); + EXPECT_FALSE(IsValidHTTP2FrameStreamId(1, SpdyFrameType::PING)); + EXPECT_TRUE(IsValidHTTP2FrameStreamId(0, SpdyFrameType::PING)); // Frames that are neither stream-specific nor connection-level // should not have their stream id declared invalid - EXPECT_TRUE(IsValidHTTP2FrameStreamId(1, WINDOW_UPDATE)); - EXPECT_TRUE(IsValidHTTP2FrameStreamId(0, WINDOW_UPDATE)); + EXPECT_TRUE(IsValidHTTP2FrameStreamId(1, SpdyFrameType::WINDOW_UPDATE)); + EXPECT_TRUE(IsValidHTTP2FrameStreamId(0, SpdyFrameType::WINDOW_UPDATE)); } TEST(SpdyProtocolTest, ParseSettingsId) { @@ -128,7 +126,7 @@ TEST(SpdyProtocolTest, SettingsIdToString) { struct { SpdySettingsIds setting_id; bool expected_bool; - const string expected_string; + const SpdyString expected_string; } test_cases[] = { {static_cast<SpdySettingsIds>(0), false, "SETTINGS_UNKNOWN"}, {SETTINGS_HEADER_TABLE_SIZE, true, "SETTINGS_HEADER_TABLE_SIZE"}, @@ -220,8 +218,9 @@ TEST(SpdyStreamPrecedenceTest, Equals) { } TEST(SpdyDataIRTest, Construct) { - // Confirm that it makes a string of zero length from a StringPiece(nullptr). - base::StringPiece s1; + // Confirm that it makes a string of zero length from a + // SpdyStringPiece(nullptr). + SpdyStringPiece s1; SpdyDataIR d1(1, s1); EXPECT_EQ(d1.data_len(), 0ul); EXPECT_NE(d1.data(), nullptr); @@ -229,30 +228,30 @@ TEST(SpdyDataIRTest, Construct) { // Confirms makes a copy of char array. const char s2[] = "something"; SpdyDataIR d2(2, s2); - EXPECT_EQ(base::StringPiece(d2.data(), d2.data_len()), s2); - EXPECT_NE(base::StringPiece(d1.data(), d1.data_len()), s2); + EXPECT_EQ(SpdyStringPiece(d2.data(), d2.data_len()), s2); + EXPECT_NE(SpdyStringPiece(d1.data(), d1.data_len()), s2); // Confirm copies a const string. - const string foo = "foo"; + const SpdyString foo = "foo"; SpdyDataIR d3(3, foo); EXPECT_EQ(foo, d3.data()); // Confirm copies a non-const string. - string bar = "bar"; + SpdyString bar = "bar"; SpdyDataIR d4(4, bar); EXPECT_EQ("bar", bar); - EXPECT_EQ("bar", base::StringPiece(d4.data(), d4.data_len())); + EXPECT_EQ("bar", SpdyStringPiece(d4.data(), d4.data_len())); // Confirm moves an rvalue reference. Note that the test string "baz" is too // short to trigger the move optimization, and instead a copy occurs. - string baz = "the quick brown fox"; + SpdyString baz = "the quick brown fox"; SpdyDataIR d5(5, std::move(baz)); EXPECT_EQ("", baz); - EXPECT_EQ(base::StringPiece(d5.data(), d5.data_len()), "the quick brown fox"); + EXPECT_EQ(SpdyStringPiece(d5.data(), d5.data_len()), "the quick brown fox"); // Confirms makes a copy of string literal. SpdyDataIR d7(7, "something else"); - EXPECT_EQ(base::StringPiece(d7.data(), d7.data_len()), "something else"); + EXPECT_EQ(SpdyStringPiece(d7.data(), d7.data_len()), "something else"); } } // namespace test diff --git a/chromium/net/spdy/spdy_protocol_test_utils.cc b/chromium/net/spdy/spdy_protocol_test_utils.cc index a91a55f0c6b..e86d1cff2bb 100644 --- a/chromium/net/spdy/spdy_protocol_test_utils.cc +++ b/chromium/net/spdy/spdy_protocol_test_utils.cc @@ -4,6 +4,7 @@ #include <stdint.h> +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/spdy_protocol_test_utils.h" namespace net { @@ -52,8 +53,8 @@ namespace test { return ::testing::AssertionFailure(); if (expected.data() == nullptr && actual.data() != nullptr) return ::testing::AssertionFailure(); - if (base::StringPiece(expected.data(), expected.data_len()) != - base::StringPiece(actual.data(), actual.data_len())) + if (SpdyStringPiece(expected.data(), expected.data_len()) != + SpdyStringPiece(actual.data(), actual.data_len())) return ::testing::AssertionFailure(); if (!VerifySpdyFrameWithPaddingIREquals(expected, actual)) return ::testing::AssertionFailure(); diff --git a/chromium/net/spdy/spdy_protocol_test_utils.h b/chromium/net/spdy/spdy_protocol_test_utils.h index 493345015fe..f360d51e018 100644 --- a/chromium/net/spdy/spdy_protocol_test_utils.h +++ b/chromium/net/spdy/spdy_protocol_test_utils.h @@ -20,7 +20,6 @@ #include <typeinfo> #include "base/logging.h" -#include "base/strings/string_piece.h" #include "net/spdy/spdy_protocol.h" #include "net/spdy/spdy_test_utils.h" #include "testing/gmock/include/gmock/gmock.h" diff --git a/chromium/net/spdy/spdy_proxy_client_socket.cc b/chromium/net/spdy/spdy_proxy_client_socket.cc index 52dcb1d1c6b..24805e1a960 100644 --- a/chromium/net/spdy/spdy_proxy_client_socket.cc +++ b/chromium/net/spdy/spdy_proxy_client_socket.cc @@ -25,7 +25,6 @@ #include "net/http/http_response_headers.h" #include "net/http/proxy_connect_redirect_http_stream.h" #include "net/log/net_log_event_type.h" -#include "net/log/net_log_source.h" #include "net/log/net_log_source_type.h" #include "net/spdy/spdy_http_utils.h" #include "url/gurl.h" @@ -34,7 +33,7 @@ namespace net { SpdyProxyClientSocket::SpdyProxyClientSocket( const base::WeakPtr<SpdyStream>& spdy_stream, - const std::string& user_agent, + const SpdyString& user_agent, const HostPortPair& endpoint, const HostPortPair& proxy_server, const NetLogWithSource& source_net_log, @@ -50,6 +49,7 @@ SpdyProxyClientSocket::SpdyProxyClientSocket( redirect_has_load_timing_info_(false), net_log_(NetLogWithSource::Make(spdy_stream->net_log().net_log(), NetLogSourceType::PROXY_CLIENT_SOCKET)), + source_dependency_(source_net_log.source()), weak_factory_(this), write_callback_weak_factory_(this) { request_.method = "CONNECT"; @@ -351,7 +351,7 @@ int SpdyProxyClientSocket::DoSendRequest() { auth_->AddAuthorizationHeader(&authorization_headers); } - std::string request_line; + SpdyString request_line; BuildTunnelRequest(endpoint_, authorization_headers, user_agent_, &request_line, &request_.extra_headers); @@ -527,4 +527,8 @@ void SpdyProxyClientSocket::OnClose(int status) { write_callback.Run(ERR_CONNECTION_CLOSED); } +NetLogSource SpdyProxyClientSocket::source_dependency() const { + return source_dependency_; +} + } // namespace net diff --git a/chromium/net/spdy/spdy_proxy_client_socket.h b/chromium/net/spdy/spdy_proxy_client_socket.h index 1471d3f72ae..fd7eb5e595d 100644 --- a/chromium/net/spdy/spdy_proxy_client_socket.h +++ b/chromium/net/spdy/spdy_proxy_client_socket.h @@ -9,7 +9,7 @@ #include <stdint.h> #include <list> -#include <string> +#include <memory> #include "base/macros.h" #include "base/memory/ref_counted.h" @@ -23,7 +23,9 @@ #include "net/http/http_request_info.h" #include "net/http/http_response_info.h" #include "net/http/proxy_client_socket.h" +#include "net/log/net_log_source.h" #include "net/log/net_log_with_source.h" +#include "net/spdy/platform/api/spdy_string.h" #include "net/spdy/spdy_http_stream.h" #include "net/spdy/spdy_protocol.h" #include "net/spdy/spdy_read_queue.h" @@ -44,7 +46,7 @@ class NET_EXPORT_PRIVATE SpdyProxyClientSocket : public ProxyClientSocket, // data read/written to the socket will be transferred in data frames. This // object will set itself as |spdy_stream|'s delegate. SpdyProxyClientSocket(const base::WeakPtr<SpdyStream>& spdy_stream, - const std::string& user_agent, + const SpdyString& user_agent, const HostPortPair& endpoint, const HostPortPair& proxy_server, const NetLogWithSource& source_net_log, @@ -97,6 +99,7 @@ class NET_EXPORT_PRIVATE SpdyProxyClientSocket : public ProxyClientSocket, void OnDataSent() override; void OnTrailers(const SpdyHeaderBlock& trailers) override; void OnClose(int status) override; + NetLogSource source_dependency() const override; private: enum State { @@ -149,7 +152,7 @@ class NET_EXPORT_PRIVATE SpdyProxyClientSocket : public ProxyClientSocket, const HostPortPair endpoint_; scoped_refptr<HttpAuthController> auth_; - std::string user_agent_; + SpdyString user_agent_; // We buffer the response body as it arrives asynchronously from the stream. SpdyReadQueue read_buffer_queue_; @@ -169,6 +172,7 @@ class NET_EXPORT_PRIVATE SpdyProxyClientSocket : public ProxyClientSocket, LoadTimingInfo redirect_load_timing_info_; const NetLogWithSource net_log_; + const NetLogSource source_dependency_; // The default weak pointer factory. base::WeakPtrFactory<SpdyProxyClientSocket> weak_factory_; diff --git a/chromium/net/spdy/spdy_proxy_client_socket_unittest.cc b/chromium/net/spdy/spdy_proxy_client_socket_unittest.cc index 5ab6550e06f..e32e435b4c1 100644 --- a/chromium/net/spdy/spdy_proxy_client_socket_unittest.cc +++ b/chromium/net/spdy/spdy_proxy_client_socket_unittest.cc @@ -122,7 +122,7 @@ class SpdyProxyClientSocketTest : public PlatformTest { base::RunLoop().RunUntilIdle(); } - void CloseSpdySession(Error error, const std::string& description) { + void CloseSpdySession(Error error, const SpdyString& description) { spdy_session_->CloseSessionOnError(error, description); } @@ -139,7 +139,7 @@ class SpdyProxyClientSocketTest : public PlatformTest { SpdySessionDependencies session_deps_; MockConnect connect_data_; base::WeakPtr<SpdySession> spdy_session_; - std::string user_agent_; + SpdyString user_agent_; GURL url_; HostPortPair proxy_host_port_; HostPortPair endpoint_host_port_pair_; @@ -242,7 +242,7 @@ void SpdyProxyClientSocketTest::AssertSyncReadEquals(const char* data, int len) { scoped_refptr<IOBuffer> buf(new IOBuffer(len)); ASSERT_EQ(len, sock_->Read(buf.get(), len, CompletionCallback())); - ASSERT_EQ(std::string(data, len), std::string(buf->data(), len)); + ASSERT_EQ(SpdyString(data, len), SpdyString(buf->data(), len)); ASSERT_TRUE(sock_->IsConnected()); } @@ -258,7 +258,7 @@ void SpdyProxyClientSocketTest::AssertAsyncReadEquals(const char* data, EXPECT_EQ(len, read_callback_.WaitForResult()); EXPECT_TRUE(sock_->IsConnected()); - ASSERT_EQ(std::string(data, len), std::string(buf->data(), len)); + ASSERT_EQ(SpdyString(data, len), SpdyString(buf->data(), len)); } void SpdyProxyClientSocketTest::AssertReadStarts(const char* data, int len) { @@ -274,7 +274,7 @@ void SpdyProxyClientSocketTest::AssertReadReturns(const char* data, int len) { // Now the read will return EXPECT_EQ(len, read_callback_.WaitForResult()); - ASSERT_EQ(std::string(data, len), std::string(read_buf_->data(), len)); + ASSERT_EQ(SpdyString(data, len), SpdyString(read_buf_->data(), len)); } void SpdyProxyClientSocketTest::AssertAsyncWriteSucceeds(const char* data, @@ -454,7 +454,7 @@ TEST_F(SpdyProxyClientSocketTest, ConnectRedirects) { ASSERT_FALSE(headers->HasHeader("set-cookie")); ASSERT_TRUE(headers->HasHeaderValue("content-length", "0")); - std::string location; + SpdyString location; ASSERT_TRUE(headers->IsRedirect(&location)); ASSERT_EQ(location, kRedirectUrl); @@ -568,7 +568,7 @@ TEST_F(SpdyProxyClientSocketTest, WriteSendsDataInDataFrame) { } TEST_F(SpdyProxyClientSocketTest, WriteSplitsLargeDataIntoMultipleFrames) { - std::string chunk_data(kMaxSpdyFrameChunkSize, 'x'); + SpdyString chunk_data(kMaxSpdyFrameChunkSize, 'x'); SpdySerializedFrame conn(ConstructConnectRequestFrame()); SpdySerializedFrame chunk( ConstructBodyFrame(chunk_data.data(), chunk_data.length())); @@ -586,7 +586,7 @@ TEST_F(SpdyProxyClientSocketTest, WriteSplitsLargeDataIntoMultipleFrames) { AssertConnectSucceeds(); - std::string big_data(kMaxSpdyFrameChunkSize * 3, 'x'); + SpdyString big_data(kMaxSpdyFrameChunkSize * 3, 'x'); scoped_refptr<IOBufferWithSize> buf(CreateBuffer(big_data.data(), big_data.length())); @@ -796,7 +796,7 @@ TEST_F(SpdyProxyClientSocketTest, MultipleReadsFromSameLargeFrame) { // Now attempt to do a read of more data than remains buffered scoped_refptr<IOBuffer> buf(new IOBuffer(kLen33)); ASSERT_EQ(kLen3, sock_->Read(buf.get(), kLen33, read_callback_.callback())); - ASSERT_EQ(std::string(kMsg3, kLen3), std::string(buf->data(), kLen3)); + ASSERT_EQ(SpdyString(kMsg3, kLen3), SpdyString(buf->data(), kLen3)); ASSERT_TRUE(sock_->IsConnected()); } @@ -1025,7 +1025,7 @@ TEST_F(SpdyProxyClientSocketTest, ReadOnClosedSocketReturnsBufferedData) { ASSERT_FALSE(sock_->IsConnected()); scoped_refptr<IOBuffer> buf(new IOBuffer(kLen1)); ASSERT_EQ(kLen1, sock_->Read(buf.get(), kLen1, CompletionCallback())); - ASSERT_EQ(std::string(kMsg1, kLen1), std::string(buf->data(), kLen1)); + ASSERT_EQ(SpdyString(kMsg1, kLen1), SpdyString(buf->data(), kLen1)); ASSERT_EQ(0, sock_->Read(NULL, 1, CompletionCallback())); ASSERT_EQ(0, sock_->Read(NULL, 1, CompletionCallback())); @@ -1114,7 +1114,7 @@ TEST_F(SpdyProxyClientSocketTest, WritePendingOnClose) { // Make sure the write actually starts. base::RunLoop().RunUntilIdle(); - CloseSpdySession(ERR_ABORTED, std::string()); + CloseSpdySession(ERR_ABORTED, SpdyString()); EXPECT_THAT(write_callback_.WaitForResult(), IsError(ERR_CONNECTION_CLOSED)); } diff --git a/chromium/net/spdy/spdy_read_queue_unittest.cc b/chromium/net/spdy/spdy_read_queue_unittest.cc index a211af11a91..a0a431c9f80 100644 --- a/chromium/net/spdy/spdy_read_queue_unittest.cc +++ b/chromium/net/spdy/spdy_read_queue_unittest.cc @@ -7,11 +7,12 @@ #include <algorithm> #include <cstddef> #include <memory> -#include <string> +#include <utility> #include "base/bind.h" #include "base/memory/ptr_util.h" #include "base/stl_util.h" +#include "net/spdy/platform/api/spdy_string.h" #include "net/spdy/spdy_buffer.h" #include "testing/gtest/include/gtest/gtest.h" @@ -24,7 +25,7 @@ const size_t kDataSize = arraysize(kData); // Enqueues |data| onto |queue| in chunks of at most |max_buffer_size| // bytes. -void EnqueueString(const std::string& data, +void EnqueueString(const SpdyString& data, size_t max_buffer_size, SpdyReadQueue* queue) { ASSERT_GT(data.size(), 0u); @@ -42,8 +43,8 @@ void EnqueueString(const std::string& data, // Dequeues all bytes in |queue| in chunks of at most // |max_buffer_size| bytes and returns the data as a string. -std::string DrainToString(size_t max_buffer_size, SpdyReadQueue* queue) { - std::string data; +SpdyString DrainToString(size_t max_buffer_size, SpdyReadQueue* queue) { + SpdyString data; // Pad the buffer so we can detect out-of-bound writes. size_t padding = std::max(static_cast<size_t>(4096), queue->GetTotalSize()); @@ -78,10 +79,10 @@ std::string DrainToString(size_t max_buffer_size, SpdyReadQueue* queue) { // sizes. void RunEnqueueDequeueTest(size_t enqueue_max_buffer_size, size_t dequeue_max_buffer_size) { - std::string data(kData, kDataSize); + SpdyString data(kData, kDataSize); SpdyReadQueue read_queue; EnqueueString(data, enqueue_max_buffer_size, &read_queue); - const std::string& drained_data = + const SpdyString& drained_data = DrainToString(dequeue_max_buffer_size, &read_queue); EXPECT_EQ(data, drained_data); } diff --git a/chromium/net/spdy/spdy_session.cc b/chromium/net/spdy/spdy_session.cc index 07823872e3f..da91d6ce110 100644 --- a/chromium/net/spdy/spdy_session.cc +++ b/chromium/net/spdy/spdy_session.cc @@ -11,6 +11,7 @@ #include "base/bind.h" #include "base/compiler_specific.h" +#include "base/feature_list.h" #include "base/location.h" #include "base/logging.h" #include "base/memory/ptr_util.h" @@ -21,7 +22,6 @@ #include "base/stl_util.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" -#include "base/strings/stringprintf.h" #include "base/strings/utf_string_conversions.h" #include "base/threading/thread_task_runner_handle.h" #include "base/time/time.h" @@ -33,7 +33,6 @@ #include "net/cert/asn1_util.h" #include "net/cert/cert_verify_result.h" #include "net/cert/ct_policy_status.h" -#include "net/http/http_log_util.h" #include "net/http/http_network_session.h" #include "net/http/http_server_properties.h" #include "net/http/http_util.h" @@ -41,15 +40,17 @@ #include "net/log/net_log.h" #include "net/log/net_log_capture_mode.h" #include "net/log/net_log_event_type.h" -#include "net/log/net_log_source.h" #include "net/log/net_log_source_type.h" #include "net/log/net_log_with_source.h" #include "net/proxy/proxy_server.h" +#include "net/socket/socket.h" #include "net/socket/ssl_client_socket.h" #include "net/spdy/platform/api/spdy_estimate_memory_usage.h" +#include "net/spdy/platform/api/spdy_string_utils.h" #include "net/spdy/spdy_buffer_producer.h" #include "net/spdy/spdy_frame_builder.h" #include "net/spdy/spdy_http_utils.h" +#include "net/spdy/spdy_log_util.h" #include "net/spdy/spdy_protocol.h" #include "net/spdy/spdy_session_pool.h" #include "net/spdy/spdy_stream.h" @@ -105,6 +106,7 @@ std::unique_ptr<base::Value> NetLogSpdyHeadersSentCallback( int weight, SpdyStreamId parent_stream_id, bool exclusive, + NetLogSource source_dependency, NetLogCaptureMode capture_mode) { auto dict = base::MakeUnique<base::DictionaryValue>(); dict->Set("headers", ElideSpdyHeaderBlockForNetLog(*headers, capture_mode)); @@ -116,6 +118,9 @@ std::unique_ptr<base::Value> NetLogSpdyHeadersSentCallback( dict->SetInteger("weight", weight); dict->SetBoolean("exclusive", exclusive); } + if (source_dependency.IsValid()) { + source_dependency.AddToEventParameters(dict.get()); + } return std::move(dict); } @@ -133,7 +138,7 @@ std::unique_ptr<base::Value> NetLogSpdyHeadersReceivedCallback( std::unique_ptr<base::Value> NetLogSpdySessionCloseCallback( int net_error, - const std::string* description, + const SpdyString* description, NetLogCaptureMode /* capture_mode */) { auto dict = base::MakeUnique<base::DictionaryValue>(); dict->SetInteger("net_error", net_error); @@ -172,8 +177,8 @@ std::unique_ptr<base::Value> NetLogSpdySendSettingsCallback( const uint32_t value = it->second; const char* settings_string; SettingsIdToString(id, &settings_string); - settings_list->AppendString(base::StringPrintf("[id:%u (%s) value:%u]", id, - settings_string, value)); + settings_list->AppendString( + SpdyStringPrintf("[id:%u (%s) value:%u]", id, settings_string, value)); } dict->Set("settings", std::move(settings_list)); return std::move(dict); @@ -194,7 +199,7 @@ std::unique_ptr<base::Value> NetLogSpdyRecvSettingCallback( auto dict = base::MakeUnique<base::DictionaryValue>(); const char* settings_string; SettingsIdToString(id, &settings_string); - dict->SetString("id", base::StringPrintf("%u (%s)", id, settings_string)); + dict->SetString("id", SpdyStringPrintf("%u (%s)", id, settings_string)); dict->SetInteger("value", value); return std::move(dict); } @@ -239,20 +244,20 @@ std::unique_ptr<base::Value> NetLogSpdyRecvRstStreamCallback( dict->SetInteger("stream_id", static_cast<int>(stream_id)); dict->SetString( "error_code", - base::StringPrintf("%u (%s)", error_code, ErrorCodeToString(error_code))); + SpdyStringPrintf("%u (%s)", error_code, ErrorCodeToString(error_code))); return std::move(dict); } std::unique_ptr<base::Value> NetLogSpdySendRstStreamCallback( SpdyStreamId stream_id, SpdyErrorCode error_code, - const std::string* description, + const SpdyString* description, NetLogCaptureMode /* capture_mode */) { auto dict = base::MakeUnique<base::DictionaryValue>(); dict->SetInteger("stream_id", static_cast<int>(stream_id)); dict->SetString( "error_code", - base::StringPrintf("%u (%s)", error_code, ErrorCodeToString(error_code))); + SpdyStringPrintf("%u (%s)", error_code, ErrorCodeToString(error_code))); dict->SetString("description", *description); return std::move(dict); } @@ -274,7 +279,7 @@ std::unique_ptr<base::Value> NetLogSpdyRecvGoAwayCallback( int active_streams, int unclaimed_streams, SpdyErrorCode error_code, - base::StringPiece debug_data, + SpdyStringPiece debug_data, NetLogCaptureMode capture_mode) { auto dict = base::MakeUnique<base::DictionaryValue>(); dict->SetInteger("last_accepted_stream_id", static_cast<int>(last_stream_id)); @@ -282,7 +287,7 @@ std::unique_ptr<base::Value> NetLogSpdyRecvGoAwayCallback( dict->SetInteger("unclaimed_streams", unclaimed_streams); dict->SetString( "error_code", - base::StringPrintf("%u (%s)", error_code, ErrorCodeToString(error_code))); + SpdyStringPrintf("%u (%s)", error_code, ErrorCodeToString(error_code))); dict->SetString("debug_data", ElideGoAwayDebugDataForNetLog(capture_mode, debug_data)); return std::move(dict); @@ -315,7 +320,7 @@ std::unique_ptr<base::Value> NetLogSpdySessionStalledCallback( size_t num_created_streams, size_t num_pushed_streams, size_t max_concurrent_streams, - const std::string& url, + const SpdyString& url, NetLogCaptureMode capture_mode) { auto dict = base::MakeUnique<base::DictionaryValue>(); dict->SetInteger("num_active_streams", num_active_streams); @@ -673,8 +678,8 @@ size_t SpdySession::UnclaimedPushedStreamContainer::EstimateMemoryUsage() // static bool SpdySession::CanPool(TransportSecurityState* transport_security_state, const SSLInfo& ssl_info, - const std::string& old_hostname, - const std::string& new_hostname) { + const SpdyString& old_hostname, + const SpdyString& new_hostname) { // Pooling is prohibited if the server cert is not valid for the new domain, // and for connections on which client certs were sent. It is also prohibited // when channel ID was sent if the hosts are from different eTLDs+1. @@ -693,7 +698,7 @@ bool SpdySession::CanPool(TransportSecurityState* transport_security_state, if (!ssl_info.cert->VerifyNameMatch(new_hostname, false)) return false; - std::string pinning_failure_log; + SpdyString pinning_failure_log; // DISABLE_PIN_REPORTS is set here because this check can fail in // normal operation without being indicative of a misconfiguration or // attack. Port is left at 0 as it is never used. @@ -734,7 +739,6 @@ SpdySession::SpdySession(const SpdySessionKey& spdy_session_key, pool_(NULL), http_server_properties_(http_server_properties), transport_security_state_(transport_security_state), - read_buffer_(new IOBuffer(kReadBufferSize)), stream_hi_water_mark_(kFirstStreamId), last_accepted_push_stream_id_(0), unclaimed_pushed_streams_(this), @@ -743,7 +747,7 @@ SpdySession::SpdySession(const SpdySessionKey& spdy_session_key, num_active_pushed_streams_(0u), bytes_pushed_count_(0u), bytes_pushed_and_unclaimed_count_(0u), - in_flight_write_frame_type_(DATA), + in_flight_write_frame_type_(SpdyFrameType::DATA), in_flight_write_frame_size_(0), is_secure_(false), availability_state_(STATE_AVAILABLE), @@ -906,7 +910,7 @@ void SpdySession::InitializeWithSocket( READ_STATE_DO_READ, OK)); } -bool SpdySession::VerifyDomainAuthentication(const std::string& domain) { +bool SpdySession::VerifyDomainAuthentication(const SpdyString& domain) { if (availability_state_ == STATE_DRAINING) return false; @@ -922,7 +926,8 @@ void SpdySession::EnqueueStreamWrite( const base::WeakPtr<SpdyStream>& stream, SpdyFrameType frame_type, std::unique_ptr<SpdyBufferProducer> producer) { - DCHECK(frame_type == HEADERS || frame_type == DATA); + DCHECK(frame_type == SpdyFrameType::HEADERS || + frame_type == SpdyFrameType::DATA); EnqueueWrite(stream->priority(), frame_type, std::move(producer), stream); } @@ -930,7 +935,8 @@ std::unique_ptr<SpdySerializedFrame> SpdySession::CreateHeaders( SpdyStreamId stream_id, RequestPriority priority, SpdyControlFlags flags, - SpdyHeaderBlock block) { + SpdyHeaderBlock block, + NetLogSource source_dependency) { ActiveStreamMap::const_iterator it = active_streams_.find(stream_id); CHECK(it != active_streams_.end()); CHECK_EQ(it->second->stream_id(), stream_id); @@ -954,7 +960,7 @@ std::unique_ptr<SpdySerializedFrame> SpdySession::CreateHeaders( NetLogEventType::HTTP2_SESSION_SEND_HEADERS, base::Bind(&NetLogSpdyHeadersSentCallback, &block, (flags & CONTROL_FLAG_FIN) != 0, stream_id, has_priority, - weight, dependent_stream_id, exclusive)); + weight, dependent_stream_id, exclusive, source_dependency)); } SpdyHeadersIR headers(stream_id, std::move(block)); @@ -1109,7 +1115,7 @@ void SpdySession::CloseCreatedStream(const base::WeakPtr<SpdyStream>& stream, void SpdySession::ResetStream(SpdyStreamId stream_id, SpdyErrorCode error_code, - const std::string& description) { + const SpdyString& description) { DCHECK_NE(stream_id, 0u); ActiveStreamMap::iterator it = active_streams_.find(stream_id); @@ -1173,7 +1179,7 @@ void SpdySession::SendStreamWindowUpdate(SpdyStreamId stream_id, } void SpdySession::CloseSessionOnError(Error err, - const std::string& description) { + const SpdyString& description) { DCHECK_LT(err, ERR_IO_PENDING); DoDrainSession(err, description); } @@ -1321,6 +1327,10 @@ void SpdySession::AddPooledAlias(const SpdySessionKey& alias_key) { pooled_aliases_.insert(alias_key); } +void SpdySession::RemovePooledAlias(const SpdySessionKey& alias_key) { + pooled_aliases_.erase(alias_key); +} + bool SpdySession::HasAcceptableTransportSecurity() const { // If we're not even using TLS, we have no standards to meet. if (!is_secure_) { @@ -1366,8 +1376,9 @@ size_t SpdySession::DumpMemoryStats(StreamSocket::SocketMemoryStats* stats, connection_->DumpMemoryStats(stats); // |connection_| is estimated in stats->total_size. |read_buffer_| is - // estimated in kReadBufferSize. TODO(xunjieli): Make them use EMU(). - return stats->total_size + kReadBufferSize + + // estimated in |read_buffer_size|. TODO(xunjieli): Make them use EMU(). + size_t read_buffer_size = read_buffer_ ? kReadBufferSize : 0; + return stats->total_size + read_buffer_size + SpdyEstimateMemoryUsage(spdy_session_key_) + SpdyEstimateMemoryUsage(pooled_aliases_) + SpdyEstimateMemoryUsage(active_streams_) + @@ -1563,7 +1574,7 @@ void SpdySession::TryCreatePushStream(SpdyStreamId stream_id, if (associated_stream_id == 0) { // In HTTP/2 0 stream id in PUSH_PROMISE frame leads to framer error and // session going away. We should never get here. - std::string description = base::StringPrintf( + SpdyString description = SpdyStringPrintf( "Received invalid associated stream id %d for pushed stream %d", associated_stream_id, stream_id); EnqueueResetStreamFrame(stream_id, request_priority, @@ -1590,8 +1601,8 @@ void SpdySession::TryCreatePushStream(SpdyStreamId stream_id, if (associated_it == active_streams_.end()) { EnqueueResetStreamFrame( stream_id, request_priority, ERROR_CODE_STREAM_CLOSED, - base::StringPrintf("Received push for inactive associated stream %d", - associated_stream_id)); + SpdyStringPrintf("Received push for inactive associated stream %d", + associated_stream_id)); return; } @@ -1609,9 +1620,9 @@ void SpdySession::TryCreatePushStream(SpdyStreamId stream_id, if (gurl.SchemeIs("https")) { EnqueueResetStreamFrame( stream_id, request_priority, ERROR_CODE_REFUSED_STREAM, - base::StringPrintf("Rejected push of cross origin HTTPS content %d " - "from trusted proxy", - associated_stream_id)); + SpdyStringPrintf("Rejected push of cross origin HTTPS content %d " + "from trusted proxy", + associated_stream_id)); return; } } else { @@ -1624,8 +1635,8 @@ void SpdySession::TryCreatePushStream(SpdyStreamId stream_id, gurl.host())) { EnqueueResetStreamFrame( stream_id, request_priority, ERROR_CODE_REFUSED_STREAM, - base::StringPrintf("Rejected push stream %d on secure connection", - associated_stream_id)); + SpdyStringPrintf("Rejected push stream %d on secure connection", + associated_stream_id)); return; } } else { @@ -1633,7 +1644,7 @@ void SpdySession::TryCreatePushStream(SpdyStreamId stream_id, if (associated_url.GetOrigin() != gurl.GetOrigin()) { EnqueueResetStreamFrame( stream_id, request_priority, ERROR_CODE_REFUSED_STREAM, - base::StringPrintf( + SpdyStringPrintf( "Rejected cross origin push stream %d on insecure connection", associated_stream_id)); return; @@ -1743,7 +1754,7 @@ void SpdySession::CloseCreatedStreamIterator(CreatedStreamSet::iterator it, void SpdySession::ResetStreamIterator(ActiveStreamMap::iterator it, SpdyErrorCode error_code, - const std::string& description) { + const SpdyString& description) { // Send the RST_STREAM frame first as CloseActiveStreamIterator() // may close us. SpdyStreamId stream_id = it->first; @@ -1758,7 +1769,7 @@ void SpdySession::ResetStreamIterator(ActiveStreamMap::iterator it, void SpdySession::EnqueueResetStreamFrame(SpdyStreamId stream_id, RequestPriority priority, SpdyErrorCode error_code, - const std::string& description) { + const SpdyString& description) { DCHECK_NE(stream_id, 0u); net_log().AddEvent(NetLogEventType::HTTP2_SESSION_SEND_RST_STREAM, @@ -1769,7 +1780,8 @@ void SpdySession::EnqueueResetStreamFrame(SpdyStreamId stream_id, std::unique_ptr<SpdySerializedFrame> rst_frame( buffered_spdy_framer_->CreateRstStream(stream_id, error_code)); - EnqueueSessionWrite(priority, RST_STREAM, std::move(rst_frame)); + EnqueueSessionWrite(priority, SpdyFrameType::RST_STREAM, + std::move(rst_frame)); RecordProtocolErrorHistogram(MapRstStreamStatusToProtocolError(error_code)); } @@ -1789,7 +1801,7 @@ void SpdySession::EnqueuePriorityFrame(SpdyStreamId stream_id, // PRIORITY frames describe sequenced updates to the tree, so they must // be serialized. We do this by queueing all PRIORITY frames at HIGHEST // priority. - EnqueueWrite(HIGHEST, PRIORITY, + EnqueueWrite(HIGHEST, SpdyFrameType::PRIORITY, base::MakeUnique<SimpleBufferProducer>( base::MakeUnique<SpdyBuffer>(std::move(frame))), base::WeakPtr<SpdyStream>()); @@ -1857,18 +1869,37 @@ int SpdySession::DoReadLoop(ReadState expected_read_state, int result) { } int SpdySession::DoRead() { + DCHECK(!read_buffer_); CHECK(in_io_loop_); CHECK(connection_); CHECK(connection_->socket()); read_state_ = READ_STATE_DO_READ_COMPLETE; - return connection_->socket()->Read( - read_buffer_.get(), kReadBufferSize, - base::Bind(&SpdySession::PumpReadLoop, weak_factory_.GetWeakPtr(), - READ_STATE_DO_READ_COMPLETE)); + int rv = ERR_READ_IF_READY_NOT_IMPLEMENTED; + read_buffer_ = new IOBuffer(kReadBufferSize); + if (base::FeatureList::IsEnabled(Socket::kReadIfReadyExperiment)) { + rv = connection_->socket()->ReadIfReady( + read_buffer_.get(), kReadBufferSize, + base::Bind(&SpdySession::PumpReadLoop, weak_factory_.GetWeakPtr(), + READ_STATE_DO_READ)); + if (rv == ERR_IO_PENDING) { + read_buffer_ = nullptr; + read_state_ = READ_STATE_DO_READ; + return rv; + } + } + if (rv == ERR_READ_IF_READY_NOT_IMPLEMENTED) { + // Fallback to regular Read(). + return connection_->socket()->Read( + read_buffer_.get(), kReadBufferSize, + base::Bind(&SpdySession::PumpReadLoop, weak_factory_.GetWeakPtr(), + READ_STATE_DO_READ_COMPLETE)); + } + return rv; } int SpdySession::DoReadComplete(int result) { + DCHECK(read_buffer_); CHECK(in_io_loop_); // Parse a frame. For now this code requires that the frame fit into our @@ -1881,9 +1912,8 @@ int SpdySession::DoReadComplete(int result) { } if (result < 0) { - DoDrainSession( - static_cast<Error>(result), - base::StringPrintf("Error %d reading from socket.", -result)); + DoDrainSession(static_cast<Error>(result), + SpdyStringPrintf("Error %d reading from socket.", -result)); return result; } CHECK_LE(result, kReadBufferSize); @@ -1906,6 +1936,7 @@ int SpdySession::DoReadComplete(int result) { SpdyFramer::SPDY_NO_ERROR); } + read_buffer_ = nullptr; read_state_ = READ_STATE_DO_READ; return OK; } @@ -1980,7 +2011,7 @@ int SpdySession::DoWrite() { DCHECK_GT(in_flight_write_->GetRemainingSize(), 0u); } else { // Grab the next frame to send. - SpdyFrameType frame_type = DATA; + SpdyFrameType frame_type = SpdyFrameType::DATA; std::unique_ptr<SpdyBufferProducer> producer; base::WeakPtr<SpdyStream> stream; if (!write_queue_.Dequeue(&frame_type, &producer, &stream)) { @@ -1993,7 +2024,7 @@ int SpdySession::DoWrite() { // Activate the stream only when sending the HEADERS frame to // guarantee monotonically-increasing stream IDs. - if (frame_type == HEADERS) { + if (frame_type == SpdyFrameType::HEADERS) { CHECK(stream.get()); CHECK_EQ(stream->stream_id(), 0u); std::unique_ptr<SpdyStream> owned_stream = @@ -2051,7 +2082,7 @@ int SpdySession::DoWriteComplete(int result) { if (result < 0) { DCHECK_NE(result, ERR_IO_PENDING); in_flight_write_.reset(); - in_flight_write_frame_type_ = DATA; + in_flight_write_frame_type_ = SpdyFrameType::DATA; in_flight_write_frame_size_ = 0; in_flight_write_stream_.reset(); write_state_ = WRITE_STATE_DO_WRITE; @@ -2080,7 +2111,7 @@ int SpdySession::DoWriteComplete(int result) { // Cleanup the write which just completed. in_flight_write_.reset(); - in_flight_write_frame_type_ = DATA; + in_flight_write_frame_type_ = SpdyFrameType::DATA; in_flight_write_frame_size_ = 0; in_flight_write_stream_.reset(); } @@ -2098,7 +2129,7 @@ void SpdySession::SendInitialData() { kHttp2ConnectionHeaderPrefixSize, false /* take_ownership */)); // Count the prefix as part of the subsequent SETTINGS frame. - EnqueueSessionWrite(HIGHEST, SETTINGS, + EnqueueSessionWrite(HIGHEST, SpdyFrameType::SETTINGS, std::move(connection_header_prefix_frame)); // First, notify the server about the settings they should use when @@ -2133,7 +2164,8 @@ void SpdySession::SendSettings(const SettingsMap& settings) { DCHECK(buffered_spdy_framer_.get()); std::unique_ptr<SpdySerializedFrame> settings_frame( buffered_spdy_framer_->CreateSettings(settings)); - EnqueueSessionWrite(HIGHEST, SETTINGS, std::move(settings_frame)); + EnqueueSessionWrite(HIGHEST, SpdyFrameType::SETTINGS, + std::move(settings_frame)); } void SpdySession::HandleSetting(uint32_t id, uint32_t value) { @@ -2207,14 +2239,15 @@ void SpdySession::SendWindowUpdateFrame(SpdyStreamId stream_id, DCHECK(buffered_spdy_framer_.get()); std::unique_ptr<SpdySerializedFrame> window_update_frame( buffered_spdy_framer_->CreateWindowUpdate(stream_id, delta_window_size)); - EnqueueSessionWrite(priority, WINDOW_UPDATE, std::move(window_update_frame)); + EnqueueSessionWrite(priority, SpdyFrameType::WINDOW_UPDATE, + std::move(window_update_frame)); } void SpdySession::WritePingFrame(SpdyPingId unique_id, bool is_ack) { DCHECK(buffered_spdy_framer_.get()); std::unique_ptr<SpdySerializedFrame> ping_frame( buffered_spdy_framer_->CreatePingFrame(unique_id, is_ack)); - EnqueueSessionWrite(HIGHEST, PING, std::move(ping_frame)); + EnqueueSessionWrite(HIGHEST, SpdyFrameType::PING, std::move(ping_frame)); if (net_log().IsCapturing()) { net_log().AddEvent( @@ -2277,9 +2310,11 @@ void SpdySession::EnqueueSessionWrite( RequestPriority priority, SpdyFrameType frame_type, std::unique_ptr<SpdySerializedFrame> frame) { - DCHECK(frame_type == RST_STREAM || frame_type == SETTINGS || - frame_type == WINDOW_UPDATE || frame_type == PING || - frame_type == GOAWAY); + DCHECK(frame_type == SpdyFrameType::RST_STREAM || + frame_type == SpdyFrameType::SETTINGS || + frame_type == SpdyFrameType::WINDOW_UPDATE || + frame_type == SpdyFrameType::PING || + frame_type == SpdyFrameType::GOAWAY); EnqueueWrite( priority, frame_type, std::unique_ptr<SpdyBufferProducer>(new SimpleBufferProducer( @@ -2418,7 +2453,7 @@ void SpdySession::DcheckDraining() const { DCHECK(unclaimed_pushed_streams_.empty()); } -void SpdySession::DoDrainSession(Error err, const std::string& description) { +void SpdySession::DoDrainSession(Error err, const SpdyString& description) { if (availability_state_ == STATE_DRAINING) { return; } @@ -2443,7 +2478,7 @@ void SpdySession::DoDrainSession(Error err, const std::string& description) { SpdyGoAwayIR goaway_ir(last_accepted_push_stream_id_, MapNetErrorToGoAwayStatus(err), description); EnqueueSessionWrite( - HIGHEST, GOAWAY, + HIGHEST, SpdyFrameType::GOAWAY, std::unique_ptr<SpdySerializedFrame>(new SpdySerializedFrame( buffered_spdy_framer_->SerializeFrame(goaway_ir)))); } @@ -2469,8 +2504,8 @@ void SpdySession::DoDrainSession(Error err, const std::string& description) { void SpdySession::LogAbandonedStream(SpdyStream* stream, Error status) { DCHECK(stream); - std::string description = - base::StringPrintf("ABANDONED (stream_id=%d): ", stream->stream_id()) + + SpdyString description = + SpdyStringPrintf("ABANDONED (stream_id=%d): ", stream->stream_id()) + stream->url().spec(); stream->LogStreamError(status, description); // We don't increment the streams abandoned counter here. If the @@ -2552,14 +2587,14 @@ void SpdySession::OnError(SpdyFramer::SpdyFramerError spdy_framer_error) { RecordProtocolErrorHistogram( MapFramerErrorToProtocolError(spdy_framer_error)); - std::string description = base::StringPrintf( - "Framer error: %d (%s).", spdy_framer_error, - SpdyFramer::SpdyFramerErrorToString(spdy_framer_error)); + SpdyString description = + SpdyStringPrintf("Framer error: %d (%s).", spdy_framer_error, + SpdyFramer::SpdyFramerErrorToString(spdy_framer_error)); DoDrainSession(MapFramerErrorToNetError(spdy_framer_error), description); } void SpdySession::OnStreamError(SpdyStreamId stream_id, - const std::string& description) { + const SpdyString& description) { CHECK(in_io_loop_); ActiveStreamMap::iterator it = active_streams_.find(stream_id); @@ -2628,7 +2663,7 @@ void SpdySession::OnRstStream(SpdyStreamId stream_id, // TODO(bnc): Record histogram with number of open streams capped at 50. it->second->LogStreamError( ERR_HTTP_1_1_REQUIRED, - base::StringPrintf( + SpdyStringPrintf( "SPDY session closed because of stream with error_code: %u", error_code)); DoDrainSession(ERR_HTTP_1_1_REQUIRED, "HTTP_1_1_REQUIRED for stream."); @@ -2637,8 +2672,7 @@ void SpdySession::OnRstStream(SpdyStreamId stream_id, PROTOCOL_ERROR_RST_STREAM_FOR_NON_ACTIVE_STREAM); it->second->LogStreamError( ERR_SPDY_PROTOCOL_ERROR, - base::StringPrintf("SPDY stream closed with error_code: %u", - error_code)); + SpdyStringPrintf("SPDY stream closed with error_code: %u", error_code)); // TODO(mbelshe): Map from Spdy-protocol errors to something sensical. // For now, it doesn't matter much - it is a protocol error. CloseActiveStreamIterator(it, ERR_SPDY_PROTOCOL_ERROR); @@ -2647,7 +2681,7 @@ void SpdySession::OnRstStream(SpdyStreamId stream_id, void SpdySession::OnGoAway(SpdyStreamId last_accepted_stream_id, SpdyErrorCode error_code, - base::StringPiece debug_data) { + SpdyStringPiece debug_data) { CHECK(in_io_loop_); // TODO(jgraettinger): UMA histogram on |error_code|. @@ -2779,7 +2813,7 @@ void SpdySession::OnSettings() { SpdySettingsIR settings_ir; settings_ir.set_is_ack(true); EnqueueSessionWrite( - HIGHEST, SETTINGS, + HIGHEST, SpdyFrameType::SETTINGS, std::unique_ptr<SpdySerializedFrame>(new SpdySerializedFrame( buffered_spdy_framer_->SerializeFrame(settings_ir)))); } @@ -2830,9 +2864,9 @@ void SpdySession::OnWindowUpdate(SpdyStreamId stream_id, if (delta_window_size < 1) { ResetStreamIterator( it, ERROR_CODE_FLOW_CONTROL_ERROR, - base::StringPrintf("Received WINDOW_UPDATE with an invalid " - "delta_window_size %d", - delta_window_size)); + SpdyStringPrintf("Received WINDOW_UPDATE with an invalid " + "delta_window_size %d", + delta_window_size)); return; } @@ -2904,7 +2938,7 @@ void SpdySession::OnHeaders(SpdyStreamId stream_id, void SpdySession::OnAltSvc( SpdyStreamId stream_id, - base::StringPiece origin, + SpdyStringPiece origin, const SpdyAltSvcWireFormat::AlternativeServiceVector& altsvc_vector) { if (!is_secure_) return; @@ -2970,7 +3004,7 @@ void SpdySession::OnSendCompressedFrame(SpdyStreamId stream_id, SpdyFrameType type, size_t payload_len, size_t frame_len) { - if (type != HEADERS) { + if (type != SpdyFrameType::HEADERS) { return; } diff --git a/chromium/net/spdy/spdy_session.h b/chromium/net/spdy/spdy_session.h index 00564823aa1..58ea684b2b2 100644 --- a/chromium/net/spdy/spdy_session.h +++ b/chromium/net/spdy/spdy_session.h @@ -12,7 +12,6 @@ #include <map> #include <memory> #include <set> -#include <string> #include <vector> #include "base/gtest_prod_util.h" @@ -26,6 +25,7 @@ #include "net/base/net_errors.h" #include "net/base/net_export.h" #include "net/base/request_priority.h" +#include "net/log/net_log_source.h" #include "net/socket/client_socket_handle.h" #include "net/socket/client_socket_pool.h" #include "net/socket/next_proto.h" @@ -34,6 +34,8 @@ #include "net/spdy/buffered_spdy_framer.h" #include "net/spdy/http2_priority_dependencies.h" #include "net/spdy/multiplexed_session.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/server_push_delegate.h" #include "net/spdy/spdy_alt_svc_wire_format.h" #include "net/spdy/spdy_buffer.h" @@ -290,8 +292,8 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface, // |old_hostname| associated with |ssl_info|. static bool CanPool(TransportSecurityState* transport_security_state, const SSLInfo& ssl_info, - const std::string& old_hostname, - const std::string& new_hostname); + const SpdyString& old_hostname, + const SpdyString& new_hostname); // Create a new SpdySession. // |spdy_session_key| is the host/port that this session connects to, privacy @@ -366,7 +368,7 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface, // TODO(wtc): rename this function and the Net.SpdyIPPoolDomainMatch // histogram because this function does more than verifying domain // authentication now. - bool VerifyDomainAuthentication(const std::string& domain); + bool VerifyDomainAuthentication(const SpdyString& domain); // Pushes the given producer into the write queue for // |stream|. |stream| is guaranteed to be activated before the @@ -376,10 +378,12 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface, std::unique_ptr<SpdyBufferProducer> producer); // Creates and returns a HEADERS frame for |stream_id|. - std::unique_ptr<SpdySerializedFrame> CreateHeaders(SpdyStreamId stream_id, - RequestPriority priority, - SpdyControlFlags flags, - SpdyHeaderBlock headers); + std::unique_ptr<SpdySerializedFrame> CreateHeaders( + SpdyStreamId stream_id, + RequestPriority priority, + SpdyControlFlags flags, + SpdyHeaderBlock headers, + NetLogSource source_dependency); // Creates and returns a SpdyBuffer holding a data frame with the // given data. May return NULL if stalled by flow control. @@ -403,7 +407,7 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface, // that that stream may hold the last reference to the session. void ResetStream(SpdyStreamId stream_id, SpdyErrorCode error_code, - const std::string& description); + const SpdyString& description); // Check if a stream is active. bool IsStreamActive(SpdyStreamId stream_id) const; @@ -447,7 +451,7 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface, // |err| should be < ERR_IO_PENDING; this function is intended to be // called on error. // |description| indicates the reason for the error. - void CloseSessionOnError(Error err, const std::string& description); + void CloseSessionOnError(Error err, const SpdyString& description); // Mark this session as unavailable, meaning that it will not be used to // service new streams. Unlike when a GOAWAY frame is received, this function @@ -532,6 +536,9 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface, // Adds |alias| to set of aliases associated with this session. void AddPooledAlias(const SpdySessionKey& alias_key); + // Removes |alias| from set of aliases associated with this session. + void RemovePooledAlias(const SpdySessionKey& alias_key); + // Returns the set of aliases associated with this session. const std::set<SpdySessionKey>& pooled_aliases() const { return pooled_aliases_; @@ -699,7 +706,7 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface, // CloseActiveStreamIterator(). void ResetStreamIterator(ActiveStreamMap::iterator it, SpdyErrorCode error_code, - const std::string& description); + const SpdyString& description); // Send a RST_STREAM frame with the given parameters. There should // either be no active stream with the given ID, or that active @@ -707,7 +714,7 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface, void EnqueueResetStreamFrame(SpdyStreamId stream_id, RequestPriority priority, SpdyErrorCode error_code, - const std::string& description); + const SpdyString& description); // Send a PRIORITY frame with the given parameters. void EnqueuePriorityFrame(SpdyStreamId stream_id, @@ -845,7 +852,7 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface, // If the session is already draining, does nothing. Otherwise, moves // the session to the draining state. - void DoDrainSession(Error err, const std::string& description); + void DoDrainSession(Error err, const SpdyString& description); // Called right before closing a (possibly-inactive) stream for a // reason other than being requested to by the stream. @@ -867,12 +874,12 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface, // BufferedSpdyFramerVisitorInterface: void OnError(SpdyFramer::SpdyFramerError spdy_framer_error) override; void OnStreamError(SpdyStreamId stream_id, - const std::string& description) override; + const SpdyString& description) override; void OnPing(SpdyPingId unique_id, bool is_ack) override; void OnRstStream(SpdyStreamId stream_id, SpdyErrorCode error_code) override; void OnGoAway(SpdyStreamId last_accepted_stream_id, SpdyErrorCode error_code, - base::StringPiece debug_data) override; + SpdyStringPiece debug_data) override; void OnDataFrameHeader(SpdyStreamId stream_id, size_t length, bool fin) override; @@ -895,7 +902,7 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface, bool fin, SpdyHeaderBlock headers) override; void OnAltSvc(SpdyStreamId stream_id, - base::StringPiece origin, + SpdyStringPiece origin, const SpdyAltSvcWireFormat::AlternativeServiceVector& altsvc_vector) override; bool OnUnknownFrame(SpdyStreamId stream_id, uint8_t frame_type) override; @@ -1019,6 +1026,7 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface, std::unique_ptr<ClientSocketHandle> connection_; // The read buffer used to read data from the socket. + // Non-null if there is a Read() pending. scoped_refptr<IOBuffer> read_buffer_; SpdyStreamId stream_hi_water_mark_; // The next stream id to use. diff --git a/chromium/net/spdy/spdy_session_fuzzer.cc b/chromium/net/spdy/spdy_session_fuzzer.cc index 8d8d1157c47..a1d1b1fdef4 100644 --- a/chromium/net/spdy/spdy_session_fuzzer.cc +++ b/chromium/net/spdy/spdy_session_fuzzer.cc @@ -9,6 +9,7 @@ #include "base/test/fuzzed_data_provider.h" #include "net/base/net_errors.h" #include "net/base/request_priority.h" +#include "net/log/net_log_source.h" #include "net/log/test_net_log.h" #include "net/socket/fuzzed_socket_factory.h" #include "net/spdy/spdy_test_util_common.h" @@ -29,6 +30,10 @@ class FuzzerDelegate : public net::SpdyStream::Delegate { void OnClose(int status) override { done_closure_.Run(); } + net::NetLogSource source_dependency() const override { + return net::NetLogSource(); + } + private: base::Closure done_closure_; DISALLOW_COPY_AND_ASSIGN(FuzzerDelegate); diff --git a/chromium/net/spdy/spdy_session_pool.cc b/chromium/net/spdy/spdy_session_pool.cc index ec932488b11..d20b3651f96 100644 --- a/chromium/net/spdy/spdy_session_pool.cc +++ b/chromium/net/spdy/spdy_session_pool.cc @@ -11,7 +11,6 @@ #include "base/metrics/histogram_macros.h" #include "base/profiler/scoped_tracker.h" #include "base/stl_util.h" -#include "base/strings/stringprintf.h" #include "base/trace_event/memory_allocator_dump.h" #include "base/trace_event/process_memory_dump.h" #include "base/trace_event/trace_event.h" @@ -27,6 +26,7 @@ #include "net/spdy/hpack/hpack_huffman_table.h" #include "net/spdy/hpack/hpack_static_table.h" #include "net/spdy/platform/api/spdy_estimate_memory_usage.h" +#include "net/spdy/platform/api/spdy_string_utils.h" #include "net/spdy/spdy_session.h" namespace net { @@ -130,6 +130,7 @@ base::WeakPtr<SpdySession> SpdySessionPool::CreateAvailableSessionFromSocket( base::WeakPtr<SpdySession> SpdySessionPool::FindAvailableSession( const SpdySessionKey& key, const GURL& url, + bool enable_ip_based_pooling, const NetLogWithSource& net_log) { UnclaimedPushedStreamMap::iterator url_it = unclaimed_pushed_streams_.find(url); @@ -162,15 +163,38 @@ base::WeakPtr<SpdySession> SpdySessionPool::FindAvailableSession( AvailableSessionMap::iterator it = LookupAvailableSessionByKey(key); if (it != available_sessions_.end()) { - UMA_HISTOGRAM_ENUMERATION( - "Net.SpdySessionGet", FOUND_EXISTING, SPDY_SESSION_GET_MAX); - net_log.AddEvent( - NetLogEventType::HTTP2_SESSION_POOL_FOUND_EXISTING_SESSION, - it->second->net_log().source().ToEventParametersCallback()); + if (key.Equals(it->second->spdy_session_key())) { + UMA_HISTOGRAM_ENUMERATION("Net.SpdySessionGet", FOUND_EXISTING, + SPDY_SESSION_GET_MAX); + net_log.AddEvent( + NetLogEventType::HTTP2_SESSION_POOL_FOUND_EXISTING_SESSION, + it->second->net_log().source().ToEventParametersCallback()); + } else { + if (!enable_ip_based_pooling) { + // Remove session from available sessions and from aliases, and remove + // key from the session's pooled alias set, so that a new session can be + // created with this |key|. + it->second->RemovePooledAlias(key); + UnmapKey(key); + RemoveAliases(key); + return base::WeakPtr<SpdySession>(); + } + + UMA_HISTOGRAM_ENUMERATION("Net.SpdySessionGet", + FOUND_EXISTING_FROM_IP_POOL, + SPDY_SESSION_GET_MAX); + net_log.AddEvent( + NetLogEventType:: + HTTP2_SESSION_POOL_FOUND_EXISTING_SESSION_FROM_IP_POOL, + it->second->net_log().source().ToEventParametersCallback()); + } return it->second; } - // Look up the key's from the resolver's cache. + if (!enable_ip_based_pooling) + return base::WeakPtr<SpdySession>(); + + // Look up IP addresses from resolver cache. HostResolver::RequestInfo resolve_info(key.host_port_pair()); AddressList addresses; int rv = resolver_->ResolveFromCache(resolve_info, &addresses, net_log); @@ -282,7 +306,7 @@ void SpdySessionPool::RegisterUnclaimedPushedStream( GURL url, base::WeakPtr<SpdySession> spdy_session) { DCHECK(!url.is_empty()); - // This SpdySessionPool must own |spdy_session|. + // This SpdySessionPool must own |spdy_session|. DCHECK(base::ContainsKey(sessions_, spdy_session.get())); UnclaimedPushedStreamMap::iterator url_it = unclaimed_pushed_streams_.lower_bound(url); @@ -374,7 +398,7 @@ void SpdySessionPool::OnCertDBChanged() { void SpdySessionPool::DumpMemoryStats( base::trace_event::ProcessMemoryDump* pmd, - const std::string& parent_dump_absolute_name) const { + const SpdyString& parent_dump_absolute_name) const { if (sessions_.empty()) return; size_t total_size = 0; @@ -395,7 +419,7 @@ void SpdySessionPool::DumpMemoryStats( total_size += SpdyEstimateMemoryUsage(ObtainHpackHuffmanTable()) + SpdyEstimateMemoryUsage(ObtainHpackStaticTable()); base::trace_event::MemoryAllocatorDump* dump = - pmd->CreateAllocatorDump(base::StringPrintf( + pmd->CreateAllocatorDump(SpdyStringPrintf( "%s/spdy_session_pool", parent_dump_absolute_name.c_str())); dump->AddScalar(base::trace_event::MemoryAllocatorDump::kNameSize, base::trace_event::MemoryAllocatorDump::kUnitsBytes, @@ -471,10 +495,9 @@ SpdySessionPool::WeakSessionList SpdySessionPool::GetCurrentSessions() const { return current_sessions; } -void SpdySessionPool::CloseCurrentSessionsHelper( - Error error, - const std::string& description, - bool idle_only) { +void SpdySessionPool::CloseCurrentSessionsHelper(Error error, + const SpdyString& description, + bool idle_only) { WeakSessionList current_sessions = GetCurrentSessions(); for (WeakSessionList::const_iterator it = current_sessions.begin(); it != current_sessions.end(); ++it) { diff --git a/chromium/net/spdy/spdy_session_pool.h b/chromium/net/spdy/spdy_session_pool.h index fc82c40cc39..7d0b294ed75 100644 --- a/chromium/net/spdy/spdy_session_pool.h +++ b/chromium/net/spdy/spdy_session_pool.h @@ -10,7 +10,6 @@ #include <map> #include <memory> #include <set> -#include <string> #include <vector> #include "base/macros.h" @@ -24,6 +23,7 @@ #include "net/cert/cert_database.h" #include "net/proxy/proxy_config.h" #include "net/proxy/proxy_server.h" +#include "net/spdy/platform/api/spdy_string.h" #include "net/spdy/server_push_delegate.h" #include "net/spdy/spdy_protocol.h" #include "net/spdy/spdy_session_key.h" @@ -87,12 +87,19 @@ class NET_EXPORT SpdySessionPool const NetLogWithSource& net_log, bool is_secure); - // Return an available session for |key| that has an unclaimed push stream for - // |url| if such exists and |url| is not empty, or else an available session - // for |key| if such exists, or else nullptr. + // If |url| is not empty and there is a session for |key| that has an + // unclaimed push stream for |url|, return it. + // Otherwise if there is an available session for |key|, return it. + // Otherwise if there is a session to pool to based on IP address: + // * if |enable_ip_based_pooling == true|, + // then mark it as available for |key| and return it; + // * if |enable_ip_based_pooling == false|, + // then remove it from the available sessions, and return nullptr. + // Otherwise return nullptr. base::WeakPtr<SpdySession> FindAvailableSession( const SpdySessionKey& key, const GURL& url, + bool enable_ip_based_pooling, const NetLogWithSource& net_log); // Remove all mappings and aliases for the given session, which must @@ -157,7 +164,7 @@ class NET_EXPORT SpdySessionPool void OnCertDBChanged() override; void DumpMemoryStats(base::trace_event::ProcessMemoryDump* pmd, - const std::string& parent_dump_absolute_name) const; + const SpdyString& parent_dump_absolute_name) const; private: friend class SpdySessionPoolPeer; // For testing. @@ -195,10 +202,9 @@ class NET_EXPORT SpdySessionPool // Close only the currently existing SpdySessions with |error|. Let // any new ones created while this method is running continue to // live. If |idle_only| is true only idle sessions are closed. - void CloseCurrentSessionsHelper( - Error error, - const std::string& description, - bool idle_only); + void CloseCurrentSessionsHelper(Error error, + const SpdyString& description, + bool idle_only); HttpServerProperties* http_server_properties_; diff --git a/chromium/net/spdy/spdy_session_pool_unittest.cc b/chromium/net/spdy/spdy_session_pool_unittest.cc index e78409460f5..5a199065021 100644 --- a/chromium/net/spdy/spdy_session_pool_unittest.cc +++ b/chromium/net/spdy/spdy_session_pool_unittest.cc @@ -6,18 +6,20 @@ #include <cstddef> #include <memory> -#include <string> #include <utility> #include "base/memory/ptr_util.h" #include "base/memory/ref_counted.h" #include "base/run_loop.h" +#include "base/test/histogram_tester.h" #include "base/trace_event/memory_allocator_dump.h" #include "base/trace_event/process_memory_dump.h" #include "base/trace_event/trace_event_argument.h" #include "net/dns/host_cache.h" #include "net/http/http_network_session.h" #include "net/log/net_log_with_source.h" +#include "net/log/test_net_log.h" +#include "net/log/test_net_log_entry.h" #include "net/socket/client_socket_handle.h" #include "net/socket/transport_client_socket_pool.h" #include "net/spdy/spdy_session.h" @@ -90,6 +92,8 @@ class SessionOpeningDelegate : public SpdyStream::Delegate { ignore_result(CreateFakeSpdySession(spdy_session_pool_, key_)); } + NetLogSource source_dependency() const override { return NetLogSource(); } + private: SpdySessionPool* const spdy_session_pool_; const SpdySessionKey key_; @@ -165,7 +169,7 @@ TEST_F(SpdySessionPoolTest, CloseCurrentIdleSessions) { CreateNetworkSession(); // Set up session 1 - const std::string kTestHost1("http://www.example.org"); + const SpdyString kTestHost1("www.example.org"); HostPortPair test_host_port_pair1(kTestHost1, 80); SpdySessionKey key1(test_host_port_pair1, ProxyServer::Direct(), PRIVACY_MODE_DISABLED); @@ -180,7 +184,7 @@ TEST_F(SpdySessionPoolTest, CloseCurrentIdleSessions) { StaticSocketDataProvider data2(reads, arraysize(reads), nullptr, 0); data2.set_connect_data(connect_data); session_deps_.socket_factory->AddSocketDataProvider(&data2); - const std::string kTestHost2("http://mail.example.org"); + const SpdyString kTestHost2("mail.example.org"); HostPortPair test_host_port_pair2(kTestHost2, 80); SpdySessionKey key2(test_host_port_pair2, ProxyServer::Direct(), PRIVACY_MODE_DISABLED); @@ -195,7 +199,7 @@ TEST_F(SpdySessionPoolTest, CloseCurrentIdleSessions) { StaticSocketDataProvider data3(reads, arraysize(reads), nullptr, 0); data3.set_connect_data(connect_data); session_deps_.socket_factory->AddSocketDataProvider(&data3); - const std::string kTestHost3("http://mail.example.com"); + const SpdyString kTestHost3("mail.example.com"); HostPortPair test_host_port_pair3(kTestHost3, 80); SpdySessionKey key3(test_host_port_pair3, ProxyServer::Direct(), PRIVACY_MODE_DISABLED); @@ -329,9 +333,9 @@ void SpdySessionPoolTest::RunIPPoolingTest( SpdyPoolCloseSessionsType close_sessions_type) { const int kTestPort = 80; struct TestHosts { - std::string url; - std::string name; - std::string iplist; + SpdyString url; + SpdyString name; + SpdyString iplist; SpdySessionKey key; AddressList addresses; } test_hosts[] = { @@ -347,7 +351,7 @@ void SpdySessionPoolTest::RunIPPoolingTest( std::unique_ptr<HostResolver::Request> request[arraysize(test_hosts)]; for (size_t i = 0; i < arraysize(test_hosts); i++) { session_deps_.host_resolver->rules()->AddIPLiteralRule( - test_hosts[i].name, test_hosts[i].iplist, std::string()); + test_hosts[i].name, test_hosts[i].iplist, SpdyString()); // This test requires that the HostResolver cache be populated. Normal // code would have done this already, but we do it manually. @@ -388,6 +392,14 @@ void SpdySessionPoolTest::RunIPPoolingTest( // The second host overlaps with the first, and should IP pool. EXPECT_TRUE(HasSpdySession(spdy_session_pool_, test_hosts[1].key)); + // However, if IP pooling is disabled, FindAvailableSession() should not find + // |session| for the second host. + base::WeakPtr<SpdySession> session1 = + spdy_session_pool_->FindAvailableSession( + test_hosts[1].key, GURL(test_hosts[1].url), + /* enable_ip_based_pooling = */ false, NetLogWithSource()); + EXPECT_FALSE(session1); + // Verify that the second host, through a proxy, won't share the IP. SpdySessionKey proxy_key(test_hosts[1].key.host_port_pair(), ProxyServer::FromPacString("HTTP http://proxy.foo.com/"), @@ -414,9 +426,9 @@ void SpdySessionPoolTest::RunIPPoolingTest( // Grab the session to host 1 and verify that it is the same session // we got with host 0, and that is a different from host 2's session. - base::WeakPtr<SpdySession> session1 = - spdy_session_pool_->FindAvailableSession( - test_hosts[1].key, GURL(test_hosts[1].url), NetLogWithSource()); + session1 = spdy_session_pool_->FindAvailableSession( + test_hosts[1].key, GURL(test_hosts[1].url), + /* enable_ip_based_pooling = */ true, NetLogWithSource()); EXPECT_EQ(session.get(), session1.get()); EXPECT_NE(session2.get(), session1.get()); @@ -433,8 +445,8 @@ void SpdySessionPoolTest::RunIPPoolingTest( // Cleanup the sessions. switch (close_sessions_type) { case SPDY_POOL_CLOSE_SESSIONS_MANUALLY: - session->CloseSessionOnError(ERR_ABORTED, std::string()); - session2->CloseSessionOnError(ERR_ABORTED, std::string()); + session->CloseSessionOnError(ERR_ABORTED, SpdyString()); + session2->CloseSessionOnError(ERR_ABORTED, SpdyString()); base::RunLoop().RunUntilIdle(); EXPECT_FALSE(session); EXPECT_FALSE(session2); @@ -485,7 +497,7 @@ void SpdySessionPoolTest::RunIPPoolingTest( EXPECT_FALSE(spdy_stream1); EXPECT_FALSE(spdy_stream2); - session2->CloseSessionOnError(ERR_ABORTED, std::string()); + session2->CloseSessionOnError(ERR_ABORTED, SpdyString()); base::RunLoop().RunUntilIdle(); EXPECT_FALSE(session2); break; @@ -509,6 +521,159 @@ TEST_F(SpdySessionPoolTest, IPPoolingCloseIdleSessions) { RunIPPoolingTest(SPDY_POOL_CLOSE_IDLE_SESSIONS); } +// Regression test for https://crbug.com/643025. +TEST_F(SpdySessionPoolTest, IPPoolingNetLog) { + // Define two hosts with identical IP address. + const int kTestPort = 443; + struct TestHosts { + SpdyString name; + SpdyString iplist; + SpdySessionKey key; + AddressList addresses; + std::unique_ptr<HostResolver::Request> request; + } test_hosts[] = { + {"www.example.org", "192.168.0.1"}, {"mail.example.org", "192.168.0.1"}, + }; + + // Populate the HostResolver cache. + session_deps_.host_resolver->set_synchronous_mode(true); + for (size_t i = 0; i < arraysize(test_hosts); i++) { + session_deps_.host_resolver->rules()->AddIPLiteralRule( + test_hosts[i].name, test_hosts[i].iplist, SpdyString()); + + HostResolver::RequestInfo info(HostPortPair(test_hosts[i].name, kTestPort)); + session_deps_.host_resolver->Resolve( + info, DEFAULT_PRIORITY, &test_hosts[i].addresses, CompletionCallback(), + &test_hosts[i].request, NetLogWithSource()); + + test_hosts[i].key = + SpdySessionKey(HostPortPair(test_hosts[i].name, kTestPort), + ProxyServer::Direct(), PRIVACY_MODE_DISABLED); + } + + MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING)}; + StaticSocketDataProvider data(reads, arraysize(reads), nullptr, 0); + MockConnect connect_data(SYNCHRONOUS, OK); + data.set_connect_data(connect_data); + + session_deps_.socket_factory->AddSocketDataProvider(&data); + AddSSLSocketData(); + + CreateNetworkSession(); + + // Open SpdySession to the first host. + base::WeakPtr<SpdySession> session0 = CreateSecureSpdySession( + http_session_.get(), test_hosts[0].key, NetLogWithSource()); + + // A request to the second host should pool to the existing connection. + BoundTestNetLog net_log; + base::HistogramTester histogram_tester; + base::WeakPtr<SpdySession> session1 = + spdy_session_pool_->FindAvailableSession( + test_hosts[1].key, GURL(), + /* enable_ip_based_pooling = */ true, net_log.bound()); + EXPECT_EQ(session0.get(), session1.get()); + + ASSERT_EQ(1u, net_log.GetSize()); + histogram_tester.ExpectTotalCount("Net.SpdySessionGet", 1); + + // A request to the second host should still pool to the existing connection. + session1 = spdy_session_pool_->FindAvailableSession( + test_hosts[1].key, GURL(), + /* enable_ip_based_pooling = */ true, net_log.bound()); + EXPECT_EQ(session0.get(), session1.get()); + + ASSERT_EQ(2u, net_log.GetSize()); + histogram_tester.ExpectTotalCount("Net.SpdySessionGet", 2); + + // Both FindAvailableSession() calls should log netlog events + // indicating IP pooling. + TestNetLogEntry::List entry_list; + net_log.GetEntries(&entry_list); + EXPECT_EQ( + NetLogEventType::HTTP2_SESSION_POOL_FOUND_EXISTING_SESSION_FROM_IP_POOL, + entry_list[0].type); + EXPECT_EQ( + NetLogEventType::HTTP2_SESSION_POOL_FOUND_EXISTING_SESSION_FROM_IP_POOL, + entry_list[1].type); + + // Both FindAvailableSession() calls should log histogram entries + // indicating IP pooling. + histogram_tester.ExpectUniqueSample("Net.SpdySessionGet", 2, 2); +} + +TEST_F(SpdySessionPoolTest, IPPoolingDisabled) { + // Define two hosts with identical IP address. + const int kTestPort = 443; + struct TestHosts { + SpdyString name; + SpdyString iplist; + SpdySessionKey key; + AddressList addresses; + std::unique_ptr<HostResolver::Request> request; + } test_hosts[] = { + {"www.example.org", "192.168.0.1"}, {"mail.example.org", "192.168.0.1"}, + }; + + // Populate the HostResolver cache. + session_deps_.host_resolver->set_synchronous_mode(true); + for (size_t i = 0; i < arraysize(test_hosts); i++) { + session_deps_.host_resolver->rules()->AddIPLiteralRule( + test_hosts[i].name, test_hosts[i].iplist, SpdyString()); + + HostResolver::RequestInfo info(HostPortPair(test_hosts[i].name, kTestPort)); + session_deps_.host_resolver->Resolve( + info, DEFAULT_PRIORITY, &test_hosts[i].addresses, CompletionCallback(), + &test_hosts[i].request, NetLogWithSource()); + + test_hosts[i].key = + SpdySessionKey(HostPortPair(test_hosts[i].name, kTestPort), + ProxyServer::Direct(), PRIVACY_MODE_DISABLED); + } + + MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING)}; + StaticSocketDataProvider data(reads, arraysize(reads), nullptr, 0); + MockConnect connect_data(SYNCHRONOUS, OK); + data.set_connect_data(connect_data); + session_deps_.socket_factory->AddSocketDataProvider(&data); + AddSSLSocketData(); + + MockRead reads1[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING)}; + StaticSocketDataProvider data1(reads1, arraysize(reads1), nullptr, 0); + MockConnect connect_data1(SYNCHRONOUS, OK); + data1.set_connect_data(connect_data1); + session_deps_.socket_factory->AddSocketDataProvider(&data1); + AddSSLSocketData(); + + CreateNetworkSession(); + + // Open SpdySession to the first host. + base::WeakPtr<SpdySession> session0 = CreateSecureSpdySession( + http_session_.get(), test_hosts[0].key, NetLogWithSource()); + + // A request to the second host should pool to the existing connection. + base::WeakPtr<SpdySession> session1 = + spdy_session_pool_->FindAvailableSession( + test_hosts[1].key, GURL(), + /* enable_ip_based_pooling = */ true, NetLogWithSource()); + EXPECT_EQ(session0.get(), session1.get()); + + // A request to the second host should not pool to the existing connection if + // IP based pooling is disabled. + session1 = spdy_session_pool_->FindAvailableSession( + test_hosts[1].key, GURL(), + /* enable_ip_based_pooling = */ false, NetLogWithSource()); + EXPECT_FALSE(session1); + + // It should be possible to open a new SpdySession, even if a previous call to + // FindAvailableSession() linked the second key to the first connection in the + // IP pooled bucket of SpdySessionPool::available_session_map_. + session1 = CreateSecureSpdySessionWithIpBasedPoolingDisabled( + http_session_.get(), test_hosts[1].key, NetLogWithSource()); + EXPECT_TRUE(session1); + EXPECT_NE(session0.get(), session1.get()); +} + // Construct a Pool with SpdySessions in various availability states. Simulate // an IP address change. Ensure sessions gracefully shut down. Regression test // for crbug.com/379469. @@ -539,14 +704,14 @@ TEST_F(SpdySessionPoolTest, IPAddressChanged) { CreateNetworkSession(); // Set up session A: Going away, but with an active stream. - const std::string kTestHostA("http://www.example.org"); + const SpdyString kTestHostA("www.example.org"); HostPortPair test_host_port_pairA(kTestHostA, 80); SpdySessionKey keyA( test_host_port_pairA, ProxyServer::Direct(), PRIVACY_MODE_DISABLED); base::WeakPtr<SpdySession> sessionA = CreateSecureSpdySession(http_session_.get(), keyA, NetLogWithSource()); - GURL urlA(kTestHostA); + GURL urlA("http://www.example.org"); base::WeakPtr<SpdyStream> spdy_streamA = CreateStreamSynchronously( SPDY_BIDIRECTIONAL_STREAM, sessionA, urlA, MEDIUM, NetLogWithSource()); test::StreamDelegateDoNothing delegateA(spdy_streamA); @@ -570,7 +735,7 @@ TEST_F(SpdySessionPoolTest, IPAddressChanged) { AddSSLSocketData(); - const std::string kTestHostB("http://mail.example.org"); + const SpdyString kTestHostB("mail.example.org"); HostPortPair test_host_port_pairB(kTestHostB, 80); SpdySessionKey keyB( test_host_port_pairB, ProxyServer::Direct(), PRIVACY_MODE_DISABLED); @@ -578,7 +743,7 @@ TEST_F(SpdySessionPoolTest, IPAddressChanged) { CreateSecureSpdySession(http_session_.get(), keyB, NetLogWithSource()); EXPECT_TRUE(sessionB->IsAvailable()); - GURL urlB(kTestHostB); + GURL urlB("http://mail.example.org"); base::WeakPtr<SpdyStream> spdy_streamB = CreateStreamSynchronously( SPDY_BIDIRECTIONAL_STREAM, sessionB, urlB, MEDIUM, NetLogWithSource()); test::StreamDelegateDoNothing delegateB(spdy_streamB); @@ -592,7 +757,7 @@ TEST_F(SpdySessionPoolTest, IPAddressChanged) { AddSSLSocketData(); - const std::string kTestHostC("http://mail.example.com"); + const SpdyString kTestHostC("mail.example.com"); HostPortPair test_host_port_pairC(kTestHostC, 80); SpdySessionKey keyC( test_host_port_pairC, ProxyServer::Direct(), PRIVACY_MODE_DISABLED); @@ -658,14 +823,17 @@ TEST_F(SpdySessionPoolTest, FindAvailableSession) { // FindAvailableSession should return |session| if called with empty |url|. base::WeakPtr<SpdySession> session1 = - spdy_session_pool_->FindAvailableSession(key, GURL(), NetLogWithSource()); + spdy_session_pool_->FindAvailableSession( + key, GURL(), + /* enable_ip_based_pooling = */ true, NetLogWithSource()); EXPECT_EQ(session.get(), session1.get()); // FindAvailableSession should return |session| if called with |url| for which // there is no pushed stream on any sessions owned by |spdy_session_pool_|. base::WeakPtr<SpdySession> session2 = spdy_session_pool_->FindAvailableSession( - key, GURL("http://news.example.org/foo.html"), NetLogWithSource()); + key, GURL("http://news.example.org/foo.html"), + /* enable_ip_based_pooling = */ true, NetLogWithSource()); EXPECT_EQ(session.get(), session2.get()); spdy_session_pool_->CloseCurrentSessions(ERR_ABORTED); @@ -717,8 +885,8 @@ TEST_P(SpdySessionMemoryDumpTest, DumpMemoryStats) { const base::trace_event::ProcessMemoryDump::AllocatorDumpsMap& allocator_dumps = process_memory_dump->allocator_dumps(); for (const auto& pair : allocator_dumps) { - const std::string& dump_name = pair.first; - if (dump_name.find("spdy_session_pool") == std::string::npos) + const SpdyString& dump_name = pair.first; + if (dump_name.find("spdy_session_pool") == SpdyString::npos) continue; std::unique_ptr<base::Value> raw_attrs = pair.second->attributes_for_testing()->ToBaseValue(); @@ -727,7 +895,7 @@ TEST_P(SpdySessionMemoryDumpTest, DumpMemoryStats) { base::DictionaryValue* active_session_count_attr; ASSERT_TRUE(attrs->GetDictionary("active_session_count", &active_session_count_attr)); - std::string active_session_count; + SpdyString active_session_count; ASSERT_TRUE( active_session_count_attr->GetString("value", &active_session_count)); // No created stream so the session should be idle. diff --git a/chromium/net/spdy/spdy_session_test_util.cc b/chromium/net/spdy/spdy_session_test_util.cc index 36e4c57f9f1..86939c40aa9 100644 --- a/chromium/net/spdy/spdy_session_test_util.cc +++ b/chromium/net/spdy/spdy_session_test_util.cc @@ -10,11 +10,9 @@ namespace net { SpdySessionTestTaskObserver::SpdySessionTestTaskObserver( - const std::string& file_name, - const std::string& function_name) - : executed_count_(0), - file_name_(file_name), - function_name_(function_name) { + const SpdyString& file_name, + const SpdyString& function_name) + : executed_count_(0), file_name_(file_name), function_name_(function_name) { base::MessageLoop::current()->AddTaskObserver(this); } diff --git a/chromium/net/spdy/spdy_session_test_util.h b/chromium/net/spdy/spdy_session_test_util.h index 819b15c8da0..ceb385d4b02 100644 --- a/chromium/net/spdy/spdy_session_test_util.h +++ b/chromium/net/spdy/spdy_session_test_util.h @@ -7,10 +7,9 @@ #include <stdint.h> -#include <string> - #include "base/message_loop/message_loop.h" #include "base/pending_task.h" +#include "net/spdy/platform/api/spdy_string.h" namespace net { @@ -25,8 +24,8 @@ class SpdySessionTestTaskObserver : public base::MessageLoop::TaskObserver { // Example: // file_name = "foo.cc" // function = "DoFoo" - SpdySessionTestTaskObserver(const std::string& file_name, - const std::string& function_name); + SpdySessionTestTaskObserver(const SpdyString& file_name, + const SpdyString& function_name); ~SpdySessionTestTaskObserver() override; // Implements MessageLoop::TaskObserver. @@ -38,8 +37,8 @@ class SpdySessionTestTaskObserver : public base::MessageLoop::TaskObserver { private: uint16_t executed_count_; - std::string file_name_; - std::string function_name_; + SpdyString file_name_; + SpdyString function_name_; }; } // namespace net diff --git a/chromium/net/spdy/spdy_session_unittest.cc b/chromium/net/spdy/spdy_session_unittest.cc index f0ab24a79ea..ecc0ad653ba 100644 --- a/chromium/net/spdy/spdy_session_unittest.cc +++ b/chromium/net/spdy/spdy_session_unittest.cc @@ -13,6 +13,7 @@ #include "base/callback.h" #include "base/run_loop.h" #include "base/test/histogram_tester.h" +#include "base/test/scoped_feature_list.h" #include "net/base/host_port_pair.h" #include "net/base/io_buffer.h" #include "net/base/ip_endpoint.h" @@ -55,7 +56,7 @@ const char kHttpsURLFromAnotherOrigin[] = "https://www.example2.org/b.dat"; const char kBodyData[] = "Body data"; const size_t kBodyDataSize = arraysize(kBodyData); -const base::StringPiece kBodyDataStringPiece(kBodyData, kBodyDataSize); +const SpdyStringPiece kBodyDataStringPiece(kBodyData, kBodyDataSize); static base::TimeDelta g_time_delta; static base::TimeTicks g_time_now; @@ -76,8 +77,7 @@ base::TimeTicks InstantaneousReads() { class MockRequireCTDelegate : public TransportSecurityState::RequireCTDelegate { public: - MOCK_METHOD1(IsCTRequiredForHost, - CTRequirementLevel(const std::string& host)); + MOCK_METHOD1(IsCTRequiredForHost, CTRequirementLevel(const SpdyString& host)); }; } // namespace @@ -2004,10 +2004,10 @@ TEST_F(SpdySessionTest, NetLogOnSessionGoaway) { int unclaimed_streams; ASSERT_TRUE(entry.GetIntegerValue("unclaimed_streams", &unclaimed_streams)); EXPECT_EQ(0, unclaimed_streams); - std::string error_code; + SpdyString error_code; ASSERT_TRUE(entry.GetStringValue("error_code", &error_code)); EXPECT_EQ("11 (ENHANCE_YOUR_CALM)", error_code); - std::string debug_data; + SpdyString debug_data; ASSERT_TRUE(entry.GetStringValue("debug_data", &debug_data)); EXPECT_EQ("foo", debug_data); @@ -2289,7 +2289,7 @@ TEST_F(SpdySessionTest, CloseSessionWithTwoCreatedSelfClosingStreams) { EXPECT_EQ(0u, spdy_stream2->stream_id()); // Ensure we don't crash while closing the session. - session_->CloseSessionOnError(ERR_ABORTED, std::string()); + session_->CloseSessionOnError(ERR_ABORTED, SpdyString()); EXPECT_FALSE(spdy_stream1); EXPECT_FALSE(spdy_stream2); @@ -2345,7 +2345,7 @@ TEST_F(SpdySessionTest, CloseSessionWithTwoCreatedMutuallyClosingStreams) { EXPECT_EQ(0u, spdy_stream2->stream_id()); // Ensure we don't crash while closing the session. - session_->CloseSessionOnError(ERR_ABORTED, std::string()); + session_->CloseSessionOnError(ERR_ABORTED, SpdyString()); EXPECT_FALSE(spdy_stream1); EXPECT_FALSE(spdy_stream2); @@ -2416,7 +2416,7 @@ TEST_F(SpdySessionTest, CloseSessionWithTwoActivatedSelfClosingStreams) { EXPECT_EQ(3u, spdy_stream2->stream_id()); // Ensure we don't crash while closing the session. - session_->CloseSessionOnError(ERR_ABORTED, std::string()); + session_->CloseSessionOnError(ERR_ABORTED, SpdyString()); EXPECT_FALSE(spdy_stream1); EXPECT_FALSE(spdy_stream2); @@ -2491,7 +2491,7 @@ TEST_F(SpdySessionTest, CloseSessionWithTwoActivatedMutuallyClosingStreams) { EXPECT_EQ(3u, spdy_stream2->stream_id()); // Ensure we don't crash while closing the session. - session_->CloseSessionOnError(ERR_ABORTED, std::string()); + session_->CloseSessionOnError(ERR_ABORTED, SpdyString()); EXPECT_FALSE(spdy_stream1); EXPECT_FALSE(spdy_stream2); @@ -3394,12 +3394,12 @@ TEST_F(SpdySessionTest, CloseOneIdleConnectionWithAlias) { session_deps_.host_resolver->set_synchronous_mode(true); session_deps_.host_resolver->rules()->AddIPLiteralRule( - "www.example.org", "192.168.0.2", std::string()); + "www.example.org", "192.168.0.2", SpdyString()); session_deps_.host_resolver->rules()->AddIPLiteralRule( - "mail.example.org", "192.168.0.2", std::string()); + "mail.example.org", "192.168.0.2", SpdyString()); // Not strictly needed. - session_deps_.host_resolver->rules()->AddIPLiteralRule( - "3.com", "192.168.0.3", std::string()); + session_deps_.host_resolver->rules()->AddIPLiteralRule("3.com", "192.168.0.3", + SpdyString()); CreateNetworkSession(); @@ -3427,8 +3427,9 @@ TEST_F(SpdySessionTest, CloseOneIdleConnectionWithAlias) { NetLogWithSource()); // Get a session for |key2|, which should return the session created earlier. base::WeakPtr<SpdySession> session2 = - spdy_session_pool_->FindAvailableSession(key2, GURL(), - NetLogWithSource()); + spdy_session_pool_->FindAvailableSession( + key2, GURL(), + /* enable_ip_based_pooling = */ true, NetLogWithSource()); ASSERT_EQ(session1.get(), session2.get()); EXPECT_FALSE(pool->IsStalled()); @@ -3569,11 +3570,11 @@ TEST_F(SpdySessionTest, SpdySessionKeyPrivacyMode) { EXPECT_TRUE(HasSpdySession(spdy_session_pool_, key_privacy_enabled)); EXPECT_TRUE(HasSpdySession(spdy_session_pool_, key_privacy_disabled)); - session_privacy_enabled->CloseSessionOnError(ERR_ABORTED, std::string()); + session_privacy_enabled->CloseSessionOnError(ERR_ABORTED, SpdyString()); EXPECT_FALSE(HasSpdySession(spdy_session_pool_, key_privacy_enabled)); EXPECT_TRUE(HasSpdySession(spdy_session_pool_, key_privacy_disabled)); - session_privacy_disabled->CloseSessionOnError(ERR_ABORTED, std::string()); + session_privacy_disabled->CloseSessionOnError(ERR_ABORTED, SpdyString()); EXPECT_FALSE(HasSpdySession(spdy_session_pool_, key_privacy_enabled)); EXPECT_FALSE(HasSpdySession(spdy_session_pool_, key_privacy_disabled)); } @@ -3883,7 +3884,7 @@ TEST_F(SpdySessionTest, StreamFlowControlTooMuchData) { }; SpdySerializedFrame resp(spdy_util_.ConstructSpdyGetReply(nullptr, 0, 1)); - const std::string payload(data_frame_size, 'a'); + const SpdyString payload(data_frame_size, 'a'); SpdySerializedFrame data_frame(spdy_util_.ConstructSpdyDataFrame( 1, payload.data(), data_frame_size, false)); MockRead reads[] = { @@ -3957,10 +3958,10 @@ TEST_F(SpdySessionTest, SessionFlowControlTooMuchDataTwoDataFrames) { CreateMockWrite(goaway, 4), }; - const std::string first_data_frame(first_data_frame_size, 'a'); + const SpdyString first_data_frame(first_data_frame_size, 'a'); SpdySerializedFrame first(spdy_util_.ConstructSpdyDataFrame( 1, first_data_frame.data(), first_data_frame_size, false)); - const std::string second_data_frame(second_data_frame_size, 'b'); + const SpdyString second_data_frame(second_data_frame_size, 'b'); SpdySerializedFrame second(spdy_util_.ConstructSpdyDataFrame( 1, second_data_frame.data(), second_data_frame_size, false)); MockRead reads[] = { @@ -4017,10 +4018,10 @@ TEST_F(SpdySessionTest, StreamFlowControlTooMuchDataTwoDataFrames) { }; SpdySerializedFrame resp(spdy_util_.ConstructSpdyGetReply(nullptr, 0, 1)); - const std::string first_data_frame(first_data_frame_size, 'a'); + const SpdyString first_data_frame(first_data_frame_size, 'a'); SpdySerializedFrame first(spdy_util_.ConstructSpdyDataFrame( 1, first_data_frame.data(), first_data_frame_size, false)); - const std::string second_data_frame(second_data_frame_size, 'b'); + const SpdyString second_data_frame(second_data_frame_size, 'b'); SpdySerializedFrame second(spdy_util_.ConstructSpdyDataFrame( 1, second_data_frame.data(), second_data_frame_size, false)); MockRead reads[] = { @@ -4064,7 +4065,7 @@ TEST_F(SpdySessionTest, StreamFlowControlTooMuchDataTwoDataFrames) { spdy_stream->recv_window_size()); // Consume first data frame. This does not trigger a WINDOW_UPDATE. - std::string received_data = delegate.TakeReceivedData(); + SpdyString received_data = delegate.TakeReceivedData(); EXPECT_EQ(static_cast<size_t>(first_data_frame_size), received_data.size()); EXPECT_EQ(stream_max_recv_window_size, spdy_stream->recv_window_size()); @@ -4084,7 +4085,7 @@ TEST_F(SpdySessionTest, StreamFlowControlTooMuchDataTwoDataFrames) { class DropReceivedDataDelegate : public test::StreamDelegateSendImmediate { public: DropReceivedDataDelegate(const base::WeakPtr<SpdyStream>& stream, - base::StringPiece data) + SpdyStringPiece data) : StreamDelegateSendImmediate(stream, data) {} ~DropReceivedDataDelegate() override {} @@ -4098,7 +4099,7 @@ class DropReceivedDataDelegate : public test::StreamDelegateSendImmediate { // value, i.e. we shouldn't "leak" receive window bytes. TEST_F(SpdySessionTest, SessionFlowControlNoReceiveLeaks) { const int32_t kMsgDataSize = 100; - const std::string msg_data(kMsgDataSize, 'a'); + const SpdyString msg_data(kMsgDataSize, 'a'); SpdySerializedFrame req(spdy_util_.ConstructSpdyPost( kDefaultUrl, 1, kMsgDataSize, MEDIUM, nullptr, 0)); @@ -4169,7 +4170,7 @@ TEST_F(SpdySessionTest, SessionFlowControlNoReceiveLeaks) { // to its original value, i.e. we shouldn't "leak" send window bytes. TEST_F(SpdySessionTest, SessionFlowControlNoSendLeaks) { const int32_t kMsgDataSize = 100; - const std::string msg_data(kMsgDataSize, 'a'); + const SpdyString msg_data(kMsgDataSize, 'a'); SpdySerializedFrame req(spdy_util_.ConstructSpdyPost( kDefaultUrl, 1, kMsgDataSize, MEDIUM, nullptr, 0)); @@ -4241,7 +4242,7 @@ TEST_F(SpdySessionTest, SessionFlowControlNoSendLeaks) { // change appropriately. TEST_F(SpdySessionTest, SessionFlowControlEndToEnd) { const int32_t kMsgDataSize = 100; - const std::string msg_data(kMsgDataSize, 'a'); + const SpdyString msg_data(kMsgDataSize, 'a'); SpdySerializedFrame req(spdy_util_.ConstructSpdyPost( kDefaultUrl, 1, kMsgDataSize, MEDIUM, nullptr, 0)); @@ -4404,7 +4405,7 @@ void SpdySessionTest::RunResumeAfterUnstallTest( EXPECT_TRUE(delegate.send_headers_completed()); EXPECT_EQ("200", delegate.GetResponseHeaderValue(":status")); - EXPECT_EQ(std::string(), delegate.TakeReceivedData()); + EXPECT_EQ(SpdyString(), delegate.TakeReceivedData()); // Run SpdySession::PumpWriteLoop which destroys |session_|. base::RunLoop().RunUntilIdle(); @@ -4565,11 +4566,11 @@ TEST_F(SpdySessionTest, ResumeByPriorityAfterSendWindowSizeIncrease) { EXPECT_TRUE(delegate1.send_headers_completed()); EXPECT_EQ("200", delegate1.GetResponseHeaderValue(":status")); - EXPECT_EQ(std::string(), delegate1.TakeReceivedData()); + EXPECT_EQ(SpdyString(), delegate1.TakeReceivedData()); EXPECT_TRUE(delegate2.send_headers_completed()); EXPECT_EQ("200", delegate2.GetResponseHeaderValue(":status")); - EXPECT_EQ(std::string(), delegate2.TakeReceivedData()); + EXPECT_EQ(SpdyString(), delegate2.TakeReceivedData()); EXPECT_FALSE(session_); EXPECT_TRUE(data.AllWriteDataConsumed()); @@ -4580,7 +4581,7 @@ TEST_F(SpdySessionTest, ResumeByPriorityAfterSendWindowSizeIncrease) { class StreamClosingDelegate : public test::StreamDelegateWithBody { public: StreamClosingDelegate(const base::WeakPtr<SpdyStream>& stream, - base::StringPiece data) + SpdyStringPiece data) : StreamDelegateWithBody(stream, data) {} ~StreamClosingDelegate() override {} @@ -4727,14 +4728,14 @@ TEST_F(SpdySessionTest, SendWindowSizeIncreaseWithDeletedStreams) { EXPECT_THAT(delegate3.WaitForClose(), IsOk()); EXPECT_TRUE(delegate1.send_headers_completed()); - EXPECT_EQ(std::string(), delegate1.TakeReceivedData()); + EXPECT_EQ(SpdyString(), delegate1.TakeReceivedData()); EXPECT_TRUE(delegate2.send_headers_completed()); EXPECT_EQ("200", delegate2.GetResponseHeaderValue(":status")); - EXPECT_EQ(std::string(), delegate2.TakeReceivedData()); + EXPECT_EQ(SpdyString(), delegate2.TakeReceivedData()); EXPECT_TRUE(delegate3.send_headers_completed()); - EXPECT_EQ(std::string(), delegate3.TakeReceivedData()); + EXPECT_EQ(SpdyString(), delegate3.TakeReceivedData()); EXPECT_TRUE(data.AllWriteDataConsumed()); } @@ -4826,10 +4827,10 @@ TEST_F(SpdySessionTest, SendWindowSizeIncreaseWithDeletedSession) { EXPECT_THAT(delegate2.WaitForClose(), IsError(ERR_CONNECTION_CLOSED)); EXPECT_TRUE(delegate1.send_headers_completed()); - EXPECT_EQ(std::string(), delegate1.TakeReceivedData()); + EXPECT_EQ(SpdyString(), delegate1.TakeReceivedData()); EXPECT_TRUE(delegate2.send_headers_completed()); - EXPECT_EQ(std::string(), delegate2.TakeReceivedData()); + EXPECT_EQ(SpdyString(), delegate2.TakeReceivedData()); EXPECT_TRUE(data.AllWriteDataConsumed()); } @@ -5426,6 +5427,79 @@ TEST_F(SpdySessionTest, RejectInvalidUnknownFrames) { EXPECT_FALSE(session_->OnUnknownFrame(8, 0)); } +enum ReadIfReadySupport { + // ReadIfReady() field trial is enabled, and ReadIfReady() is implemented. + READ_IF_READY_ENABLED_SUPPORTED, + // ReadIfReady() field trial is enabled, but ReadIfReady() is unimplemented. + READ_IF_READY_ENABLED_NOT_SUPPORTED, + // ReadIfReady() field trial is disabled. + READ_IF_READY_DISABLED, +}; + +class SpdySessionReadIfReadyTest + : public SpdySessionTest, + public testing::WithParamInterface<ReadIfReadySupport> { + public: + void SetUp() override { + if (GetParam() != READ_IF_READY_DISABLED) + scoped_feature_list_.InitAndEnableFeature(Socket::kReadIfReadyExperiment); + if (GetParam() == READ_IF_READY_ENABLED_SUPPORTED) + session_deps_.socket_factory->set_enable_read_if_ready(true); + SpdySessionTest::SetUp(); + } + + private: + base::test::ScopedFeatureList scoped_feature_list_; +}; + +INSTANTIATE_TEST_CASE_P(/* no prefix */, + SpdySessionReadIfReadyTest, + testing::Values(READ_IF_READY_ENABLED_SUPPORTED, + READ_IF_READY_ENABLED_NOT_SUPPORTED, + READ_IF_READY_DISABLED)); + +// Tests basic functionality of ReadIfReady() when it is enabled or disabled. +TEST_P(SpdySessionReadIfReadyTest, ReadIfReady) { + SpdySerializedFrame req( + spdy_util_.ConstructSpdyGet(nullptr, 0, 1, HIGHEST, true)); + MockWrite writes[] = { + CreateMockWrite(req, 0), + }; + + SpdySerializedFrame resp(spdy_util_.ConstructSpdyGetReply(nullptr, 0, 1)); + SpdySerializedFrame body(spdy_util_.ConstructSpdyDataFrame(1, true)); + MockRead reads[] = { + CreateMockRead(resp, 1), CreateMockRead(body, 2), + MockRead(ASYNC, 0, 3) // EOF + }; + + session_deps_.host_resolver->set_synchronous_mode(true); + + SequencedSocketData data(reads, arraysize(reads), writes, arraysize(writes)); + session_deps_.socket_factory->AddSocketDataProvider(&data); + + AddSSLSocketData(); + + CreateNetworkSession(); + CreateSecureSpdySession(); + + base::WeakPtr<SpdyStream> spdy_stream = + CreateStreamSynchronously(SPDY_REQUEST_RESPONSE_STREAM, session_, + test_url_, HIGHEST, NetLogWithSource()); + ASSERT_TRUE(spdy_stream); + EXPECT_EQ(0u, spdy_stream->stream_id()); + test::StreamDelegateDoNothing delegate(spdy_stream); + spdy_stream->SetDelegate(&delegate); + + SpdyHeaderBlock headers(spdy_util_.ConstructGetHeaderBlock(kDefaultUrl)); + spdy_stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND); + + base::RunLoop().RunUntilIdle(); + + EXPECT_FALSE(spdy_stream); + EXPECT_EQ(1u, delegate.stream_id()); +} + class SendInitialSettingsOnNewSpdySessionTest : public SpdySessionTest { protected: void RunInitialSettingsTest(const SettingsMap expected_settings) { @@ -5546,7 +5620,7 @@ class AltSvcFrameTest : public SpdySessionTest { TEST_F(AltSvcFrameTest, ProcessAltSvcFrame) { const char origin[] = "https://mail.example.org"; - SpdyAltSvcIR altsvc_ir(0); + SpdyAltSvcIR altsvc_ir(/* stream_id = */ 0); altsvc_ir.add_altsvc(alternative_service_); altsvc_ir.set_origin(origin); AddSocketData(altsvc_ir); @@ -5575,7 +5649,7 @@ TEST_F(AltSvcFrameTest, ProcessAltSvcFrame) { TEST_F(AltSvcFrameTest, DoNotProcessAltSvcFrameOnInsecureSession) { const char origin[] = "https://mail.example.org"; - SpdyAltSvcIR altsvc_ir(0); + SpdyAltSvcIR altsvc_ir(/* stream_id = */ 0); altsvc_ir.add_altsvc(alternative_service_); altsvc_ir.set_origin(origin); AddSocketData(altsvc_ir); @@ -5601,7 +5675,7 @@ TEST_F(AltSvcFrameTest, DoNotProcessAltSvcFrameOnInsecureSession) { TEST_F(AltSvcFrameTest, DoNotProcessAltSvcFrameForOriginNotCoveredByCert) { const char origin[] = "https://invalid.example.org"; - SpdyAltSvcIR altsvc_ir(0); + SpdyAltSvcIR altsvc_ir(/* stream_id = */ 0); altsvc_ir.add_altsvc(alternative_service_); altsvc_ir.set_origin(origin); AddSocketData(altsvc_ir); @@ -5628,7 +5702,7 @@ TEST_F(AltSvcFrameTest, DoNotProcessAltSvcFrameForOriginNotCoveredByCert) { // An ALTSVC frame on stream 0 with empty origin MUST be ignored. // (RFC 7838 Section 4) TEST_F(AltSvcFrameTest, DoNotProcessAltSvcFrameWithEmptyOriginOnStreamZero) { - SpdyAltSvcIR altsvc_ir(0); + SpdyAltSvcIR altsvc_ir(/* stream_id = */ 0); altsvc_ir.add_altsvc(alternative_service_); AddSocketData(altsvc_ir); AddSSLSocketData(); @@ -5650,7 +5724,7 @@ TEST_F(AltSvcFrameTest, DoNotProcessAltSvcFrameWithEmptyOriginOnStreamZero) { // ignored. (RFC 7838 Section 4) TEST_F(AltSvcFrameTest, DoNotProcessAltSvcFrameWithNonEmptyOriginOnNonZeroStream) { - SpdyAltSvcIR altsvc_ir(1); + SpdyAltSvcIR altsvc_ir(/* stream_id = */ 1); altsvc_ir.add_altsvc(alternative_service_); altsvc_ir.set_origin("https://mail.example.org"); AddSocketData(altsvc_ir); @@ -5670,7 +5744,7 @@ TEST_F(AltSvcFrameTest, } TEST_F(AltSvcFrameTest, ProcessAltSvcFrameOnActiveStream) { - SpdyAltSvcIR altsvc_ir(1); + SpdyAltSvcIR altsvc_ir(/* stream_id = */ 1); altsvc_ir.add_altsvc(alternative_service_); SpdySerializedFrame altsvc_frame(spdy_util_.SerializeFrame(altsvc_ir)); @@ -5724,7 +5798,7 @@ TEST_F(AltSvcFrameTest, ProcessAltSvcFrameOnActiveStream) { } TEST_F(AltSvcFrameTest, DoNotProcessAltSvcFrameOnStreamWithInsecureOrigin) { - SpdyAltSvcIR altsvc_ir(1); + SpdyAltSvcIR altsvc_ir(/* stream_id = */ 1); altsvc_ir.add_altsvc(alternative_service_); SpdySerializedFrame altsvc_frame(spdy_util_.SerializeFrame(altsvc_ir)); @@ -5775,7 +5849,7 @@ TEST_F(AltSvcFrameTest, DoNotProcessAltSvcFrameOnStreamWithInsecureOrigin) { } TEST_F(AltSvcFrameTest, DoNotProcessAltSvcFrameOnNonExistentStream) { - SpdyAltSvcIR altsvc_ir(1); + SpdyAltSvcIR altsvc_ir(/* stream_id = */ 1); altsvc_ir.add_altsvc(alternative_service_); AddSocketData(altsvc_ir); AddSSLSocketData(); diff --git a/chromium/net/spdy/spdy_stream.cc b/chromium/net/spdy/spdy_stream.cc index 05d9f13bb08..829bb2b2fb9 100644 --- a/chromium/net/spdy/spdy_stream.cc +++ b/chromium/net/spdy/spdy_stream.cc @@ -15,15 +15,15 @@ #include "base/metrics/histogram_macros.h" #include "base/single_thread_task_runner.h" #include "base/strings/string_number_conversions.h" -#include "base/strings/string_piece.h" #include "base/strings/string_util.h" -#include "base/strings/stringprintf.h" #include "base/threading/thread_task_runner_handle.h" #include "base/values.h" #include "net/log/net_log.h" #include "net/log/net_log_capture_mode.h" #include "net/log/net_log_event_type.h" #include "net/spdy/platform/api/spdy_estimate_memory_usage.h" +#include "net/spdy/platform/api/spdy_string_piece.h" +#include "net/spdy/platform/api/spdy_string_utils.h" #include "net/spdy/spdy_buffer_producer.h" #include "net/spdy/spdy_http_utils.h" #include "net/spdy/spdy_session.h" @@ -32,42 +32,10 @@ namespace net { namespace { -enum StatusHeader { - STATUS_HEADER_NOT_INCLUDED = 0, - STATUS_HEADER_DOES_NOT_START_WITH_NUMBER = 1, - STATUS_HEADER_IS_NUMBER = 2, - STATUS_HEADER_HAS_STATUS_TEXT = 3, - STATUS_HEADER_MAX = STATUS_HEADER_HAS_STATUS_TEXT -}; - -StatusHeader ParseStatusHeaderImpl(const SpdyHeaderBlock& response_headers, - int* status) { - SpdyHeaderBlock::const_iterator it = response_headers.find(":status"); - if (it == response_headers.end()) - return STATUS_HEADER_NOT_INCLUDED; - - // Save status in |*status| even if some text follows the status code. - base::StringPiece status_string = it->second; - base::StringPiece::size_type end = status_string.find(' '); - if (!StringToInt(status_string.substr(0, end), status)) - return STATUS_HEADER_DOES_NOT_START_WITH_NUMBER; - - return end == base::StringPiece::npos ? STATUS_HEADER_IS_NUMBER - : STATUS_HEADER_HAS_STATUS_TEXT; -} - -StatusHeader ParseStatusHeader(const SpdyHeaderBlock& response_headers, - int* status) { - StatusHeader status_header = ParseStatusHeaderImpl(response_headers, status); - UMA_HISTOGRAM_ENUMERATION("Net.Http2ResponseStatusHeader", status_header, - STATUS_HEADER_MAX + 1); - return status_header; -} - std::unique_ptr<base::Value> NetLogSpdyStreamErrorCallback( SpdyStreamId stream_id, int status, - const std::string* description, + const SpdyString* description, NetLogCaptureMode /* capture_mode */) { std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue()); dict->SetInteger("stream_id", static_cast<int>(stream_id)); @@ -88,7 +56,7 @@ std::unique_ptr<base::Value> NetLogSpdyStreamWindowUpdateCallback( return std::move(dict); } -bool ContainsUppercaseAscii(base::StringPiece str) { +bool ContainsUppercaseAscii(SpdyStringPiece str) { return std::any_of(str.begin(), str.end(), base::IsAsciiUpper<char>); } @@ -230,7 +198,8 @@ std::unique_ptr<SpdySerializedFrame> SpdyStream::ProduceHeadersFrame() { (pending_send_status_ == NO_MORE_DATA_TO_SEND) ? CONTROL_FLAG_FIN : CONTROL_FLAG_NONE; std::unique_ptr<SpdySerializedFrame> frame(session_->CreateHeaders( - stream_id_, priority_, flags, std::move(request_headers_))); + stream_id_, priority_, flags, std::move(request_headers_), + delegate_->source_dependency())); request_headers_valid_ = false; send_time_ = base::TimeTicks::Now(); return frame; @@ -288,10 +257,10 @@ void SpdyStream::IncreaseSendWindowSize(int32_t delta_window_size) { int32_t max_delta_window_size = std::numeric_limits<int32_t>::max() - send_window_size_; if (delta_window_size > max_delta_window_size) { - std::string desc = base::StringPrintf( + SpdyString desc = SpdyStringPrintf( "Received WINDOW_UPDATE [delta: %d] for stream %d overflows " - "send_window_size_ [current: %d]", delta_window_size, stream_id_, - send_window_size_); + "send_window_size_ [current: %d]", + delta_window_size, stream_id_, send_window_size_); session_->ResetStream(stream_id_, ERROR_CODE_FLOW_CONTROL_ERROR, desc); return; } @@ -411,34 +380,32 @@ void SpdyStream::OnHeadersReceived(const SpdyHeaderBlock& response_headers, base::Time response_time, base::TimeTicks recv_first_byte_time) { switch (response_state_) { - case READY_FOR_HEADERS: { + case READY_FOR_HEADERS: // No header block has been received yet. DCHECK(response_headers_.empty()); - int status; - switch (ParseStatusHeader(response_headers, &status)) { - case STATUS_HEADER_NOT_INCLUDED: { - const std::string error("Response headers do not include :status."); + + { + SpdyHeaderBlock::const_iterator it = response_headers.find(":status"); + if (it == response_headers.end()) { + const SpdyString error("Response headers do not include :status."); LogStreamError(ERR_SPDY_PROTOCOL_ERROR, error); session_->ResetStream(stream_id_, ERROR_CODE_PROTOCOL_ERROR, error); return; } - case STATUS_HEADER_DOES_NOT_START_WITH_NUMBER: { - const std::string error("Cannot parse :status."); + + int status; + if (!StringToInt(it->second, &status)) { + const SpdyString error("Cannot parse :status."); LogStreamError(ERR_SPDY_PROTOCOL_ERROR, error); session_->ResetStream(stream_id_, ERROR_CODE_PROTOCOL_ERROR, error); return; } - // Intentional fallthrough for the following two cases, - // to maintain compatibility with broken servers that include - // status text in the response. - case STATUS_HEADER_IS_NUMBER: - case STATUS_HEADER_HAS_STATUS_TEXT: - // Ignore informational headers. - // TODO(bnc): Add support for 103 Early Hints, - // https://crbug.com/671310. - if (status / 100 == 1) { - return; - } + + // Ignore informational headers. + // TODO(bnc): Add support for 103 Early Hints, https://crbug.com/671310. + if (status / 100 == 1) { + return; + } } response_state_ = READY_FOR_DATA_OR_TRAILERS; @@ -449,7 +416,7 @@ void SpdyStream::OnHeadersReceived(const SpdyHeaderBlock& response_headers, // A bidirectional stream or a request/response stream is ready for // the response headers only after request headers are sent. if (io_state_ == STATE_IDLE) { - const std::string error("Response received before request sent."); + const SpdyString error("Response received before request sent."); LogStreamError(ERR_SPDY_PROTOCOL_ERROR, error); session_->ResetStream(stream_id_, ERROR_CODE_PROTOCOL_ERROR, error); return; @@ -476,11 +443,11 @@ void SpdyStream::OnHeadersReceived(const SpdyHeaderBlock& response_headers, SaveResponseHeaders(response_headers); break; - } + case READY_FOR_DATA_OR_TRAILERS: // Second header block is trailers. if (type_ == SPDY_PUSH_STREAM) { - const std::string error("Trailers not supported for push stream."); + const SpdyString error("Trailers not supported for push stream."); LogStreamError(ERR_SPDY_PROTOCOL_ERROR, error); session_->ResetStream(stream_id_, ERROR_CODE_PROTOCOL_ERROR, error); return; @@ -492,7 +459,7 @@ void SpdyStream::OnHeadersReceived(const SpdyHeaderBlock& response_headers, case TRAILERS_RECEIVED: // No further header blocks are allowed after trailers. - const std::string error("Header block received after trailers."); + const SpdyString error("Header block received after trailers."); LogStreamError(ERR_SPDY_PROTOCOL_ERROR, error); session_->ResetStream(stream_id_, ERROR_CODE_PROTOCOL_ERROR, error); break; @@ -515,14 +482,14 @@ void SpdyStream::OnDataReceived(std::unique_ptr<SpdyBuffer> buffer) { DCHECK(session_->IsStreamActive(stream_id_)); if (response_state_ == READY_FOR_HEADERS) { - const std::string error("DATA received before headers."); + const SpdyString error("DATA received before headers."); LogStreamError(ERR_SPDY_PROTOCOL_ERROR, error); session_->ResetStream(stream_id_, ERROR_CODE_PROTOCOL_ERROR, error); return; } if (response_state_ == TRAILERS_RECEIVED && buffer) { - const std::string error("DATA received after trailers."); + const SpdyString error("DATA received after trailers."); LogStreamError(ERR_SPDY_PROTOCOL_ERROR, error); session_->ResetStream(stream_id_, ERROR_CODE_PROTOCOL_ERROR, error); return; @@ -593,15 +560,17 @@ void SpdyStream::OnPaddingConsumed(size_t len) { void SpdyStream::OnFrameWriteComplete(SpdyFrameType frame_type, size_t frame_size) { // PRIORITY writes are allowed at any time and do not trigger a state update. - if (frame_type == PRIORITY) { + if (frame_type == SpdyFrameType::PRIORITY) { return; } DCHECK_NE(type_, SPDY_PUSH_STREAM); - CHECK(frame_type == HEADERS || frame_type == DATA) << frame_type; + CHECK(frame_type == SpdyFrameType::HEADERS || + frame_type == SpdyFrameType::DATA) + << frame_type; - int result = - (frame_type == HEADERS) ? OnHeadersSent() : OnDataSent(frame_size); + int result = (frame_type == SpdyFrameType::HEADERS) ? OnHeadersSent() + : OnDataSent(frame_size); if (result == ERR_IO_PENDING) { // The write operation hasn't completed yet. return; @@ -621,7 +590,7 @@ void SpdyStream::OnFrameWriteComplete(SpdyFrameType frame_type, { base::WeakPtr<SpdyStream> weak_this = GetWeakPtr(); write_handler_guard_ = true; - if (frame_type == HEADERS) { + if (frame_type == SpdyFrameType::HEADERS) { delegate_->OnHeadersSent(); } else { delegate_->OnDataSent(); @@ -667,7 +636,7 @@ int SpdyStream::OnDataSent(size_t frame_size) { } } -void SpdyStream::LogStreamError(int status, const std::string& description) { +void SpdyStream::LogStreamError(int status, const SpdyString& description) { net_log_.AddEvent(NetLogEventType::HTTP2_STREAM_ERROR, base::Bind(&NetLogSpdyStreamErrorCallback, stream_id_, status, &description)); @@ -699,7 +668,7 @@ void SpdyStream::Cancel() { return; if (stream_id_ != 0) { - session_->ResetStream(stream_id_, ERROR_CODE_CANCEL, std::string()); + session_->ResetStream(stream_id_, ERROR_CODE_CANCEL, SpdyString()); } else { session_->CloseCreatedStream(GetWeakPtr(), ERROR_CODE_CANCEL); } @@ -734,7 +703,7 @@ int SpdyStream::SendRequestHeaders(SpdyHeaderBlock request_headers, request_headers_valid_ = true; url_from_header_block_ = GetUrlFromHeaderBlock(request_headers_); pending_send_status_ = send_status; - session_->EnqueueStreamWrite(GetWeakPtr(), HEADERS, + session_->EnqueueStreamWrite(GetWeakPtr(), SpdyFrameType::HEADERS, std::unique_ptr<SpdyBufferProducer>( new HeadersBufferProducer(GetWeakPtr()))); return ERR_IO_PENDING; @@ -904,7 +873,7 @@ void SpdyStream::QueueNextDataFrame() { } session_->EnqueueStreamWrite( - GetWeakPtr(), DATA, + GetWeakPtr(), SpdyFrameType::DATA, std::unique_ptr<SpdyBufferProducer>( new SimpleBufferProducer(std::move(data_buffer)))); } @@ -936,13 +905,13 @@ void SpdyStream::SaveResponseHeaders(const SpdyHeaderBlock& response_headers) { delegate_->OnHeadersReceived(response_headers_); } -#define STATE_CASE(s) \ - case s: \ - description = base::StringPrintf("%s (0x%08X)", #s, s); \ +#define STATE_CASE(s) \ + case s: \ + description = SpdyStringPrintf("%s (0x%08X)", #s, s); \ break -std::string SpdyStream::DescribeState(State state) { - std::string description; +SpdyString SpdyStream::DescribeState(State state) { + SpdyString description; switch (state) { STATE_CASE(STATE_IDLE); STATE_CASE(STATE_OPEN); @@ -950,8 +919,7 @@ std::string SpdyStream::DescribeState(State state) { STATE_CASE(STATE_HALF_CLOSED_LOCAL); STATE_CASE(STATE_CLOSED); default: - description = base::StringPrintf("Unknown state 0x%08X (%u)", state, - state); + description = SpdyStringPrintf("Unknown state 0x%08X (%u)", state, state); break; } return description; diff --git a/chromium/net/spdy/spdy_stream.h b/chromium/net/spdy/spdy_stream.h index 816c7bc825d..a18a7fdf0b5 100644 --- a/chromium/net/spdy/spdy_stream.h +++ b/chromium/net/spdy/spdy_stream.h @@ -10,7 +10,6 @@ #include <deque> #include <memory> -#include <string> #include <vector> #include "base/macros.h" @@ -19,9 +18,11 @@ #include "net/base/io_buffer.h" #include "net/base/net_export.h" #include "net/base/request_priority.h" +#include "net/log/net_log_source.h" #include "net/log/net_log_with_source.h" #include "net/socket/next_proto.h" #include "net/socket/ssl_client_socket.h" +#include "net/spdy/platform/api/spdy_string.h" #include "net/spdy/spdy_buffer.h" #include "net/spdy/spdy_framer.h" #include "net/spdy/spdy_header_block.h" @@ -102,6 +103,8 @@ class NET_EXPORT_PRIVATE SpdyStream { // handle it gracefully. virtual void OnClose(int status) = 0; + virtual NetLogSource source_dependency() const = 0; + protected: virtual ~Delegate() {} @@ -286,7 +289,7 @@ class NET_EXPORT_PRIVATE SpdyStream { void OnClose(int status); // Called by the SpdySession to log stream related errors. - void LogStreamError(int status, const std::string& description); + void LogStreamError(int status, const SpdyString& description); // If this stream is active, reset it, and close it otherwise. In // either case the stream is deleted. @@ -432,7 +435,7 @@ class NET_EXPORT_PRIVATE SpdyStream { // OnHeadersReceived() on the delegate if attached. void SaveResponseHeaders(const SpdyHeaderBlock& response_headers); - static std::string DescribeState(State state); + static SpdyString DescribeState(State state); const SpdyStreamType type_; diff --git a/chromium/net/spdy/spdy_stream_test_util.cc b/chromium/net/spdy/spdy_stream_test_util.cc index 9bef50af813..d6e47f31c53 100644 --- a/chromium/net/spdy/spdy_stream_test_util.cc +++ b/chromium/net/spdy/spdy_stream_test_util.cc @@ -40,6 +40,10 @@ void ClosingDelegate::OnClose(int status) { // The |stream_| may still be alive (if it is our delegate). } +NetLogSource ClosingDelegate::source_dependency() const { + return NetLogSource(); +} + StreamDelegateBase::StreamDelegateBase( const base::WeakPtr<SpdyStream>& stream) : stream_(stream), @@ -79,15 +83,19 @@ void StreamDelegateBase::OnClose(int status) { callback_.callback().Run(status); } +NetLogSource StreamDelegateBase::source_dependency() const { + return NetLogSource(); +} + int StreamDelegateBase::WaitForClose() { int result = callback_.WaitForResult(); EXPECT_TRUE(!stream_.get()); return result; } -std::string StreamDelegateBase::TakeReceivedData() { +SpdyString StreamDelegateBase::TakeReceivedData() { size_t len = received_data_queue_.GetTotalSize(); - std::string received_data(len, '\0'); + SpdyString received_data(len, '\0'); if (len > 0) { EXPECT_EQ(len, received_data_queue_.Dequeue( base::string_as_array(&received_data), len)); @@ -95,10 +103,10 @@ std::string StreamDelegateBase::TakeReceivedData() { return received_data; } -std::string StreamDelegateBase::GetResponseHeaderValue( - const std::string& name) const { +SpdyString StreamDelegateBase::GetResponseHeaderValue( + const SpdyString& name) const { SpdyHeaderBlock::const_iterator it = response_headers_.find(name); - return (it == response_headers_.end()) ? std::string() + return (it == response_headers_.end()) ? SpdyString() : it->second.as_string(); } @@ -111,9 +119,8 @@ StreamDelegateDoNothing::~StreamDelegateDoNothing() { StreamDelegateSendImmediate::StreamDelegateSendImmediate( const base::WeakPtr<SpdyStream>& stream, - base::StringPiece data) - : StreamDelegateBase(stream), - data_(data) {} + SpdyStringPiece data) + : StreamDelegateBase(stream), data_(data) {} StreamDelegateSendImmediate::~StreamDelegateSendImmediate() { } @@ -129,9 +136,8 @@ void StreamDelegateSendImmediate::OnHeadersReceived( StreamDelegateWithBody::StreamDelegateWithBody( const base::WeakPtr<SpdyStream>& stream, - base::StringPiece data) - : StreamDelegateBase(stream), - buf_(new StringIOBuffer(data.as_string())) {} + SpdyStringPiece data) + : StreamDelegateBase(stream), buf_(new StringIOBuffer(data.as_string())) {} StreamDelegateWithBody::~StreamDelegateWithBody() { } @@ -154,6 +160,6 @@ void StreamDelegateCloseOnHeaders::OnHeadersReceived( stream()->Cancel(); } -} // namespace test +} // namespace test -} // namespace net +} // namespace net diff --git a/chromium/net/spdy/spdy_stream_test_util.h b/chromium/net/spdy/spdy_stream_test_util.h index 0ec2b646d9b..9436ebef20c 100644 --- a/chromium/net/spdy/spdy_stream_test_util.h +++ b/chromium/net/spdy/spdy_stream_test_util.h @@ -9,9 +9,10 @@ #include "base/compiler_specific.h" #include "base/memory/ref_counted.h" -#include "base/strings/string_piece.h" #include "net/base/io_buffer.h" #include "net/base/test_completion_callback.h" +#include "net/log/net_log_source.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/spdy_read_queue.h" #include "net/spdy/spdy_stream.h" @@ -33,6 +34,7 @@ class ClosingDelegate : public SpdyStream::Delegate { void OnDataSent() override; void OnTrailers(const SpdyHeaderBlock& trailers) override; void OnClose(int status) override; + NetLogSource source_dependency() const override; // Returns whether or not the stream is closed. bool StreamIsClosed() const { return !stream_.get(); } @@ -54,6 +56,7 @@ class StreamDelegateBase : public SpdyStream::Delegate { void OnDataSent() override; void OnTrailers(const SpdyHeaderBlock& trailers) override; void OnClose(int status) override; + NetLogSource source_dependency() const override; // Waits for the stream to be closed and returns the status passed // to OnClose(). @@ -61,7 +64,7 @@ class StreamDelegateBase : public SpdyStream::Delegate { // Drains all data from the underlying read queue and returns it as // a string. - std::string TakeReceivedData(); + SpdyString TakeReceivedData(); // Returns whether or not the stream is closed. bool StreamIsClosed() const { return !stream_.get(); } @@ -70,7 +73,7 @@ class StreamDelegateBase : public SpdyStream::Delegate { // returns the stream's ID when it was open. SpdyStreamId stream_id() const { return stream_id_; } - std::string GetResponseHeaderValue(const std::string& name) const; + SpdyString GetResponseHeaderValue(const SpdyString& name) const; bool send_headers_completed() const { return send_headers_completed_; } protected: @@ -98,20 +101,20 @@ class StreamDelegateSendImmediate : public StreamDelegateBase { public: // |data| can be NULL. StreamDelegateSendImmediate(const base::WeakPtr<SpdyStream>& stream, - base::StringPiece data); + SpdyStringPiece data); ~StreamDelegateSendImmediate() override; void OnHeadersReceived(const SpdyHeaderBlock& response_headers) override; private: - base::StringPiece data_; + SpdyStringPiece data_; }; // Test delegate that sends body data. class StreamDelegateWithBody : public StreamDelegateBase { public: StreamDelegateWithBody(const base::WeakPtr<SpdyStream>& stream, - base::StringPiece data); + SpdyStringPiece data); ~StreamDelegateWithBody() override; void OnHeadersSent() override; @@ -130,8 +133,8 @@ class StreamDelegateCloseOnHeaders : public StreamDelegateBase { void OnHeadersReceived(const SpdyHeaderBlock& response_headers) override; }; -} // namespace test +} // namespace test -} // namespace net +} // namespace net -#endif // NET_SPDY_SPDY_STREAM_TEST_UTIL_H_ +#endif // NET_SPDY_SPDY_STREAM_TEST_UTIL_H_ diff --git a/chromium/net/spdy/spdy_stream_unittest.cc b/chromium/net/spdy/spdy_stream_unittest.cc index ad568630e25..50b2a1bd65d 100644 --- a/chromium/net/spdy/spdy_stream_unittest.cc +++ b/chromium/net/spdy/spdy_stream_unittest.cc @@ -10,13 +10,11 @@ #include <cstddef> #include <limits> #include <memory> -#include <string> #include <utility> #include <vector> #include "base/memory/ref_counted.h" #include "base/run_loop.h" -#include "base/strings/string_piece.h" #include "net/base/completion_callback.h" #include "net/base/request_priority.h" #include "net/log/net_log_event_type.h" @@ -25,6 +23,7 @@ #include "net/log/test_net_log_util.h" #include "net/socket/socket_test_util.h" #include "net/spdy/buffered_spdy_framer.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/spdy_http_utils.h" #include "net/spdy/spdy_protocol.h" #include "net/spdy/spdy_session.h" @@ -47,7 +46,7 @@ namespace { const char kPushUrl[] = "https://www.example.org/push"; const char kPostBody[] = "\0hello!\xff"; const size_t kPostBodyLength = arraysize(kPostBody); -const base::StringPiece kPostBodyStringPiece(kPostBody, kPostBodyLength); +const SpdyStringPiece kPostBodyStringPiece(kPostBody, kPostBodyLength); static base::TimeTicks g_time_now; @@ -196,7 +195,7 @@ TEST_F(SpdyStreamTest, SendDataAfterOpen) { EXPECT_TRUE(delegate.send_headers_completed()); EXPECT_EQ("200", delegate.GetResponseHeaderValue(spdy_util_.GetStatusKey())); - EXPECT_EQ(std::string(kPostBody, kPostBodyLength), + EXPECT_EQ(SpdyString(kPostBody, kPostBodyLength), delegate.TakeReceivedData()); EXPECT_TRUE(data.AllWriteDataConsumed()); } @@ -205,7 +204,7 @@ TEST_F(SpdyStreamTest, SendDataAfterOpen) { class StreamDelegateWithTrailers : public test::StreamDelegateWithBody { public: StreamDelegateWithTrailers(const base::WeakPtr<SpdyStream>& stream, - base::StringPiece data) + SpdyStringPiece data) : StreamDelegateWithBody(stream, data) {} ~StreamDelegateWithTrailers() override {} @@ -277,7 +276,7 @@ TEST_F(SpdyStreamTest, Trailers) { const SpdyHeaderBlock& received_trailers = delegate.trailers(); SpdyHeaderBlock::const_iterator it = received_trailers.find("foo"); EXPECT_EQ("bar", it->second); - EXPECT_EQ(std::string(kPostBody, kPostBodyLength), + EXPECT_EQ(SpdyString(kPostBody, kPostBodyLength), delegate.TakeReceivedData()); EXPECT_TRUE(data.AllWriteDataConsumed()); } @@ -300,12 +299,12 @@ TEST_F(SpdyStreamTest, PushedStream) { AddReadPause(); - base::StringPiece pushed_msg("foo"); + SpdyStringPiece pushed_msg("foo"); SpdySerializedFrame pushed_body(spdy_util_.ConstructSpdyDataFrame( 2, pushed_msg.data(), pushed_msg.size(), true)); AddRead(pushed_body); - base::StringPiece msg("bar"); + SpdyStringPiece msg("bar"); SpdySerializedFrame body( spdy_util_.ConstructSpdyDataFrame(1, msg.data(), msg.size(), true)); AddRead(body); @@ -424,7 +423,7 @@ TEST_F(SpdyStreamTest, StreamError) { EXPECT_TRUE(delegate.send_headers_completed()); EXPECT_EQ("200", delegate.GetResponseHeaderValue(spdy_util_.GetStatusKey())); - EXPECT_EQ(std::string(kPostBody, kPostBodyLength), + EXPECT_EQ(SpdyString(kPostBody, kPostBodyLength), delegate.TakeReceivedData()); EXPECT_TRUE(data.AllWriteDataConsumed()); @@ -449,7 +448,7 @@ TEST_F(SpdyStreamTest, SendLargeDataAfterOpenRequestResponse) { kDefaultUrl, 1, kPostBodyLength, LOWEST, nullptr, 0)); AddWrite(req); - std::string chunk_data(kMaxSpdyFrameChunkSize, 'x'); + SpdyString chunk_data(kMaxSpdyFrameChunkSize, 'x'); SpdySerializedFrame chunk(spdy_util_.ConstructSpdyDataFrame( 1, chunk_data.data(), chunk_data.length(), false)); AddWrite(chunk); @@ -478,7 +477,7 @@ TEST_F(SpdyStreamTest, SendLargeDataAfterOpenRequestResponse) { SPDY_REQUEST_RESPONSE_STREAM, session, url_, LOWEST, NetLogWithSource()); ASSERT_TRUE(stream); - std::string body_data(3 * kMaxSpdyFrameChunkSize, 'x'); + SpdyString body_data(3 * kMaxSpdyFrameChunkSize, 'x'); StreamDelegateWithBody delegate(stream, body_data); stream->SetDelegate(&delegate); @@ -494,7 +493,7 @@ TEST_F(SpdyStreamTest, SendLargeDataAfterOpenRequestResponse) { EXPECT_TRUE(delegate.send_headers_completed()); EXPECT_EQ("200", delegate.GetResponseHeaderValue(spdy_util_.GetStatusKey())); - EXPECT_EQ(std::string(), delegate.TakeReceivedData()); + EXPECT_EQ(SpdyString(), delegate.TakeReceivedData()); EXPECT_TRUE(data.AllWriteDataConsumed()); } @@ -508,7 +507,7 @@ TEST_F(SpdyStreamTest, SendLargeDataAfterOpenBidirectional) { SpdySerializedFrame resp(spdy_util_.ConstructSpdyPostReply(nullptr, 0)); AddRead(resp); - std::string chunk_data(kMaxSpdyFrameChunkSize, 'x'); + SpdyString chunk_data(kMaxSpdyFrameChunkSize, 'x'); SpdySerializedFrame chunk(spdy_util_.ConstructSpdyDataFrame( 1, chunk_data.data(), chunk_data.length(), false)); AddWrite(chunk); @@ -531,7 +530,7 @@ TEST_F(SpdyStreamTest, SendLargeDataAfterOpenBidirectional) { SPDY_BIDIRECTIONAL_STREAM, session, url_, LOWEST, NetLogWithSource()); ASSERT_TRUE(stream); - std::string body_data(3 * kMaxSpdyFrameChunkSize, 'x'); + SpdyString body_data(3 * kMaxSpdyFrameChunkSize, 'x'); StreamDelegateSendImmediate delegate(stream, body_data); stream->SetDelegate(&delegate); @@ -547,7 +546,7 @@ TEST_F(SpdyStreamTest, SendLargeDataAfterOpenBidirectional) { EXPECT_TRUE(delegate.send_headers_completed()); EXPECT_EQ("200", delegate.GetResponseHeaderValue(spdy_util_.GetStatusKey())); - EXPECT_EQ(std::string(), delegate.TakeReceivedData()); + EXPECT_EQ(SpdyString(), delegate.TakeReceivedData()); EXPECT_TRUE(data.AllWriteDataConsumed()); } @@ -787,7 +786,7 @@ TEST_F(SpdyStreamTest, HeadersMustHaveStatusOnPushedStream) { EXPECT_THAT(delegate.WaitForClose(), IsOk()); EXPECT_EQ("200", delegate.GetResponseHeaderValue(spdy_util_.GetStatusKey())); - EXPECT_EQ(std::string(kPostBody, kPostBodyLength), + EXPECT_EQ(SpdyString(kPostBody, kPostBodyLength), delegate.TakeReceivedData()); // Finish async network reads and writes. @@ -897,7 +896,7 @@ TEST_F(SpdyStreamTest, HeadersMustPreceedDataOnPushedStream) { EXPECT_THAT(delegate.WaitForClose(), IsOk()); EXPECT_EQ("200", delegate.GetResponseHeaderValue(spdy_util_.GetStatusKey())); - EXPECT_EQ(std::string(kPostBody, kPostBodyLength), + EXPECT_EQ(SpdyString(kPostBody, kPostBodyLength), delegate.TakeReceivedData()); // Finish async network reads and writes. @@ -1076,7 +1075,7 @@ TEST_F(SpdyStreamTest, InformationalHeaders) { EXPECT_THAT(delegate.WaitForClose(), IsOk()); EXPECT_EQ("200", delegate.GetResponseHeaderValue(spdy_util_.GetStatusKey())); - EXPECT_EQ(std::string(kPostBody, kPostBodyLength), + EXPECT_EQ(SpdyString(kPostBody, kPostBodyLength), delegate.TakeReceivedData()); // Finish async network reads and writes. @@ -1086,7 +1085,7 @@ TEST_F(SpdyStreamTest, InformationalHeaders) { EXPECT_TRUE(data.AllReadDataConsumed()); } -TEST_F(SpdyStreamTest, StatusMustStartWithNumber) { +TEST_F(SpdyStreamTest, StatusMustBeNumber) { SpdySerializedFrame req( spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true)); AddWrite(req); @@ -1136,7 +1135,7 @@ TEST_F(SpdyStreamTest, StatusMustStartWithNumber) { EXPECT_TRUE(data.AllReadDataConsumed()); } -TEST_F(SpdyStreamTest, StatusCanHaveExtraText) { +TEST_F(SpdyStreamTest, StatusCannotHaveExtraText) { SpdySerializedFrame req( spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true)); AddWrite(req); @@ -1152,6 +1151,10 @@ TEST_F(SpdyStreamTest, StatusCanHaveExtraText) { spdy_util_.ConstructSpdyDataFrame(1, kPostBody, kPostBodyLength, true)); AddRead(body); + SpdySerializedFrame rst( + spdy_util_.ConstructSpdyRstStream(1, ERROR_CODE_PROTOCOL_ERROR)); + AddWrite(rst); + AddReadEOF(); SequencedSocketData data(GetReads(), GetNumReads(), GetWrites(), @@ -1178,11 +1181,60 @@ TEST_F(SpdyStreamTest, StatusCanHaveExtraText) { NO_MORE_DATA_TO_SEND)); EXPECT_EQ(kDefaultUrl, stream->GetUrlFromHeaders().spec()); - EXPECT_THAT(delegate.WaitForClose(), IsOk()); - EXPECT_EQ("200 Some random extra text describing status", - delegate.GetResponseHeaderValue(spdy_util_.GetStatusKey())); - EXPECT_EQ(std::string(kPostBody, kPostBodyLength), - delegate.TakeReceivedData()); + EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_SPDY_PROTOCOL_ERROR)); + + // Finish async network reads and writes. + base::RunLoop().RunUntilIdle(); + + EXPECT_TRUE(data.AllWriteDataConsumed()); + EXPECT_TRUE(data.AllReadDataConsumed()); +} + +TEST_F(SpdyStreamTest, StatusMustBePresent) { + SpdySerializedFrame req( + spdy_util_.ConstructSpdyGet(nullptr, 0, 1, LOWEST, true)); + AddWrite(req); + + SpdyHeaderBlock headers_without_status; + SpdySerializedFrame reply(spdy_util_.ConstructSpdyResponseHeaders( + 1, std::move(headers_without_status), false)); + AddRead(reply); + + SpdySerializedFrame body( + spdy_util_.ConstructSpdyDataFrame(1, kPostBody, kPostBodyLength, true)); + AddRead(body); + + SpdySerializedFrame rst( + spdy_util_.ConstructSpdyRstStream(1, ERROR_CODE_PROTOCOL_ERROR)); + AddWrite(rst); + + AddReadEOF(); + + SequencedSocketData data(GetReads(), GetNumReads(), GetWrites(), + GetNumWrites()); + MockConnect connect_data(SYNCHRONOUS, OK); + data.set_connect_data(connect_data); + session_deps_.socket_factory->AddSocketDataProvider(&data); + + AddSSLSocketData(); + + base::WeakPtr<SpdySession> session(CreateDefaultSpdySession()); + + base::WeakPtr<SpdyStream> stream = CreateStreamSynchronously( + SPDY_REQUEST_RESPONSE_STREAM, session, url_, LOWEST, NetLogWithSource()); + ASSERT_TRUE(stream); + + StreamDelegateDoNothing delegate(stream); + stream->SetDelegate(&delegate); + + EXPECT_TRUE(stream->GetUrlFromHeaders().is_empty()); + + SpdyHeaderBlock headers(spdy_util_.ConstructGetHeaderBlock(kDefaultUrl)); + EXPECT_EQ(ERR_IO_PENDING, stream->SendRequestHeaders(std::move(headers), + NO_MORE_DATA_TO_SEND)); + EXPECT_EQ(kDefaultUrl, stream->GetUrlFromHeaders().spec()); + + EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_SPDY_PROTOCOL_ERROR)); // Finish async network reads and writes. base::RunLoop().RunUntilIdle(); @@ -1335,7 +1387,7 @@ void SpdyStreamTest::RunResumeAfterUnstallRequestResponseTest( EXPECT_TRUE(delegate.send_headers_completed()); EXPECT_EQ("200", delegate.GetResponseHeaderValue(":status")); - EXPECT_EQ(std::string(), delegate.TakeReceivedData()); + EXPECT_EQ(SpdyString(), delegate.TakeReceivedData()); EXPECT_TRUE(data.AllWriteDataConsumed()); } @@ -1416,7 +1468,7 @@ void SpdyStreamTest::RunResumeAfterUnstallBidirectionalTest( EXPECT_TRUE(delegate.send_headers_completed()); EXPECT_EQ("200", delegate.GetResponseHeaderValue(":status")); - EXPECT_EQ(std::string(kPostBody, kPostBodyLength), + EXPECT_EQ(SpdyString(kPostBody, kPostBodyLength), delegate.TakeReceivedData()); EXPECT_TRUE(data.AllWriteDataConsumed()); } diff --git a/chromium/net/spdy/spdy_test_util_common.cc b/chromium/net/spdy/spdy_test_util_common.cc index 1b2ef247432..a7df8406b60 100644 --- a/chromium/net/spdy/spdy_test_util_common.cc +++ b/chromium/net/spdy/spdy_test_util_common.cc @@ -25,6 +25,7 @@ #include "net/http/http_network_transaction.h" #include "net/http/http_server_properties_impl.h" #include "net/log/net_log_with_source.h" +#include "net/socket/client_socket_handle.h" #include "net/socket/next_proto.h" #include "net/socket/socket_test_util.h" #include "net/socket/ssl_client_socket.h" @@ -48,8 +49,10 @@ namespace { // Parses a URL into the scheme, host, and path components required for a // SPDY request. -void ParseUrl(base::StringPiece url, std::string* scheme, std::string* host, - std::string* path) { +void ParseUrl(SpdyStringPiece url, + SpdyString* scheme, + SpdyString* host, + SpdyString* path) { GURL gurl(url); path->assign(gurl.PathForRequest()); scheme->assign(gurl.scheme()); @@ -86,8 +89,8 @@ MockWrite* ChopWriteFrame(const SpdySerializedFrame& frame, int num_chunks) { void AppendToHeaderBlock(const char* const extra_headers[], int extra_header_count, SpdyHeaderBlock* headers) { - std::string this_header; - std::string this_value; + SpdyString this_header; + SpdyString this_value; if (!extra_header_count) return; @@ -101,11 +104,11 @@ void AppendToHeaderBlock(const char* const extra_headers[], // Sanity check: Non-empty header. DCHECK_NE('\0', *extra_headers[i * 2]) << "Empty header value pair"; this_header = extra_headers[i * 2]; - std::string::size_type header_len = this_header.length(); + SpdyString::size_type header_len = this_header.length(); if (!header_len) continue; this_value = extra_headers[1 + (i * 2)]; - std::string new_value; + SpdyString new_value; if (headers->find(this_header) != headers->end()) { // More than one entry in the header. // Don't add the header again, just the append to the value, @@ -190,7 +193,7 @@ class PriorityGetter : public BufferedSpdyFramerVisitorInterface { void OnError(SpdyFramer::SpdyFramerError spdy_framer_error) override {} void OnStreamError(SpdyStreamId stream_id, - const std::string& description) override {} + const SpdyString& description) override {} void OnHeaders(SpdyStreamId stream_id, bool has_priority, int weight, @@ -216,13 +219,13 @@ class PriorityGetter : public BufferedSpdyFramerVisitorInterface { void OnRstStream(SpdyStreamId stream_id, SpdyErrorCode error_code) override {} void OnGoAway(SpdyStreamId last_accepted_stream_id, SpdyErrorCode error_code, - base::StringPiece debug_data) override {} + SpdyStringPiece debug_data) override {} void OnWindowUpdate(SpdyStreamId stream_id, int delta_window_size) override {} void OnPushPromise(SpdyStreamId stream_id, SpdyStreamId promised_stream_id, SpdyHeaderBlock headers) override {} void OnAltSvc(SpdyStreamId stream_id, - base::StringPiece origin, + SpdyStringPiece origin, const SpdyAltSvcWireFormat::AlternativeServiceVector& altsvc_vector) override {} bool OnUnknownFrame(SpdyStreamId stream_id, uint8_t frame_type) override { @@ -288,8 +291,8 @@ bool MockECSignatureCreator::Sign(const uint8_t* data, std::vector<uint8_t> private_key; if (!key_->ExportPrivateKey(&private_key)) return false; - std::string head = "fakesignature"; - std::string tail = "/fakesignature"; + SpdyString head = "fakesignature"; + SpdyString tail = "/fakesignature"; signature->clear(); signature->insert(signature->end(), head.begin(), head.end()); @@ -484,8 +487,9 @@ SpdyURLRequestContext::~SpdyURLRequestContext() { } bool HasSpdySession(SpdySessionPool* pool, const SpdySessionKey& key) { - return static_cast<bool>( - pool->FindAvailableSession(key, GURL(), NetLogWithSource())); + return static_cast<bool>(pool->FindAvailableSession( + key, GURL(), + /* enable_ip_based_pooling = */ true, NetLogWithSource())); } namespace { @@ -495,8 +499,10 @@ base::WeakPtr<SpdySession> CreateSpdySessionHelper( const SpdySessionKey& key, const NetLogWithSource& net_log, Error expected_status, - bool is_secure) { - EXPECT_FALSE(HasSpdySession(http_session->spdy_session_pool(), key)); + bool is_secure, + bool enable_ip_based_pooling) { + EXPECT_FALSE(http_session->spdy_session_pool()->FindAvailableSession( + key, GURL(), enable_ip_based_pooling, NetLogWithSource())); scoped_refptr<TransportSocketParams> transport_params( new TransportSocketParams( @@ -552,8 +558,9 @@ base::WeakPtr<SpdySession> CreateInsecureSpdySession( HttpNetworkSession* http_session, const SpdySessionKey& key, const NetLogWithSource& net_log) { - return CreateSpdySessionHelper(http_session, key, net_log, - OK, false /* is_secure */); + return CreateSpdySessionHelper(http_session, key, net_log, OK, + /* is_secure = */ false, + /* enable_ip_based_pooling = */ true); } base::WeakPtr<SpdySession> TryCreateSpdySessionExpectingFailure( @@ -563,15 +570,26 @@ base::WeakPtr<SpdySession> TryCreateSpdySessionExpectingFailure( const NetLogWithSource& net_log) { DCHECK_LT(expected_error, ERR_IO_PENDING); return CreateSpdySessionHelper(http_session, key, net_log, expected_error, - true /* is_secure */); + /* is_secure = */ true, + /* enable_ip_based_pooling = */ true); } base::WeakPtr<SpdySession> CreateSecureSpdySession( HttpNetworkSession* http_session, const SpdySessionKey& key, const NetLogWithSource& net_log) { - return CreateSpdySessionHelper(http_session, key, net_log, - OK, true /* is_secure */); + return CreateSpdySessionHelper(http_session, key, net_log, OK, + /* is_secure = */ true, + /* enable_ip_based_pooling = */ true); +} + +base::WeakPtr<SpdySession> CreateSecureSpdySessionWithIpBasedPoolingDisabled( + HttpNetworkSession* http_session, + const SpdySessionKey& key, + const NetLogWithSource& net_log) { + return CreateSpdySessionHelper(http_session, key, net_log, OK, + /* is_secure = */ true, + /* enable_ip_based_pooling = */ false); } namespace { @@ -683,9 +701,9 @@ SpdyTestUtil::SpdyTestUtil() SpdyTestUtil::~SpdyTestUtil() {} -void SpdyTestUtil::AddUrlToHeaderBlock(base::StringPiece url, +void SpdyTestUtil::AddUrlToHeaderBlock(SpdyStringPiece url, SpdyHeaderBlock* headers) const { - std::string scheme, host, path; + SpdyString scheme, host, path; ParseUrl(url, &scheme, &host, &path); (*headers)[GetHostKey()] = host; (*headers)[GetSchemeKey()] = scheme; @@ -693,45 +711,45 @@ void SpdyTestUtil::AddUrlToHeaderBlock(base::StringPiece url, } // static -SpdyHeaderBlock SpdyTestUtil::ConstructGetHeaderBlock(base::StringPiece url) { +SpdyHeaderBlock SpdyTestUtil::ConstructGetHeaderBlock(SpdyStringPiece url) { return ConstructHeaderBlock("GET", url, NULL); } // static SpdyHeaderBlock SpdyTestUtil::ConstructGetHeaderBlockForProxy( - base::StringPiece url) { + SpdyStringPiece url) { return ConstructGetHeaderBlock(url); } // static -SpdyHeaderBlock SpdyTestUtil::ConstructHeadHeaderBlock(base::StringPiece url, +SpdyHeaderBlock SpdyTestUtil::ConstructHeadHeaderBlock(SpdyStringPiece url, int64_t content_length) { return ConstructHeaderBlock("HEAD", url, nullptr); } // static -SpdyHeaderBlock SpdyTestUtil::ConstructPostHeaderBlock(base::StringPiece url, +SpdyHeaderBlock SpdyTestUtil::ConstructPostHeaderBlock(SpdyStringPiece url, int64_t content_length) { return ConstructHeaderBlock("POST", url, &content_length); } // static -SpdyHeaderBlock SpdyTestUtil::ConstructPutHeaderBlock(base::StringPiece url, +SpdyHeaderBlock SpdyTestUtil::ConstructPutHeaderBlock(SpdyStringPiece url, int64_t content_length) { return ConstructHeaderBlock("PUT", url, &content_length); } -std::string SpdyTestUtil::ConstructSpdyReplyString( +SpdyString SpdyTestUtil::ConstructSpdyReplyString( const SpdyHeaderBlock& headers) const { - std::string reply_string; + SpdyString reply_string; for (SpdyHeaderBlock::const_iterator it = headers.begin(); it != headers.end(); ++it) { - std::string key = it->first.as_string(); + SpdyString key = it->first.as_string(); // Remove leading colon from pseudo headers. if (key[0] == ':') key = key.substr(1); - for (const std::string& value : - base::SplitString(it->second, base::StringPiece("\0", 1), + for (const SpdyString& value : + base::SplitString(it->second, SpdyStringPiece("\0", 1), base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL)) { reply_string += key + ": " + value + "\n"; } @@ -779,7 +797,7 @@ SpdySerializedFrame SpdyTestUtil::ConstructSpdyGoAway( SpdySerializedFrame SpdyTestUtil::ConstructSpdyGoAway( SpdyStreamId last_good_stream_id, SpdyErrorCode error_code, - const std::string& desc) { + const SpdyString& desc) { SpdyGoAwayIR go_ir(last_good_stream_id, error_code, desc); return SpdySerializedFrame(headerless_spdy_framer_.SerializeFrame(go_ir)); } @@ -1054,8 +1072,7 @@ SpdySerializedFrame SpdyTestUtil::ConstructSpdyPostReply( SpdySerializedFrame SpdyTestUtil::ConstructSpdyDataFrame(int stream_id, bool fin) { - SpdyDataIR data_ir(stream_id, - base::StringPiece(kUploadData, kUploadDataSize)); + SpdyDataIR data_ir(stream_id, SpdyStringPiece(kUploadData, kUploadDataSize)); data_ir.set_fin(fin); return SpdySerializedFrame(headerless_spdy_framer_.SerializeData(data_ir)); } @@ -1064,7 +1081,7 @@ SpdySerializedFrame SpdyTestUtil::ConstructSpdyDataFrame(int stream_id, const char* data, uint32_t len, bool fin) { - SpdyDataIR data_ir(stream_id, base::StringPiece(data, len)); + SpdyDataIR data_ir(stream_id, SpdyStringPiece(data, len)); data_ir.set_fin(fin); return SpdySerializedFrame(headerless_spdy_framer_.SerializeData(data_ir)); } @@ -1074,7 +1091,7 @@ SpdySerializedFrame SpdyTestUtil::ConstructSpdyDataFrame(int stream_id, uint32_t len, bool fin, int padding_length) { - SpdyDataIR data_ir(stream_id, base::StringPiece(data, len)); + SpdyDataIR data_ir(stream_id, SpdyStringPiece(data, len)); data_ir.set_fin(fin); data_ir.set_padding_len(padding_length); return SpdySerializedFrame(headerless_spdy_framer_.SerializeData(data_ir)); @@ -1130,10 +1147,10 @@ const char* SpdyTestUtil::GetPathKey() { } // static -SpdyHeaderBlock SpdyTestUtil::ConstructHeaderBlock(base::StringPiece method, - base::StringPiece url, +SpdyHeaderBlock SpdyTestUtil::ConstructHeaderBlock(SpdyStringPiece method, + SpdyStringPiece url, int64_t* content_length) { - std::string scheme, host, path; + SpdyString scheme, host, path; ParseUrl(url, &scheme, &host, &path); SpdyHeaderBlock headers; headers[GetMethodKey()] = method.as_string(); @@ -1141,7 +1158,7 @@ SpdyHeaderBlock SpdyTestUtil::ConstructHeaderBlock(base::StringPiece method, headers[GetSchemeKey()] = scheme.c_str(); headers[GetPathKey()] = path.c_str(); if (content_length) { - std::string length_str = base::Int64ToString(*content_length); + SpdyString length_str = base::Int64ToString(*content_length); headers["content-length"] = length_str; } return headers; diff --git a/chromium/net/spdy/spdy_test_util_common.h b/chromium/net/spdy/spdy_test_util_common.h index 62a0564d6eb..d2712f8ebb9 100644 --- a/chromium/net/spdy/spdy_test_util_common.h +++ b/chromium/net/spdy/spdy_test_util_common.h @@ -10,7 +10,6 @@ #include <map> #include <memory> -#include <string> #include <vector> #include "base/macros.h" @@ -31,6 +30,8 @@ #include "net/proxy/proxy_server.h" #include "net/proxy/proxy_service.h" #include "net/socket/socket_test_util.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/spdy_protocol.h" #include "net/ssl/ssl_config_service_defaults.h" #include "net/url_request/url_request_context.h" @@ -258,6 +259,13 @@ base::WeakPtr<SpdySession> CreateSecureSpdySession( const SpdySessionKey& key, const NetLogWithSource& net_log); +// Like CreateSecureSpdySession(), but does not fail if there is already an IP +// pooled session for |key|. +base::WeakPtr<SpdySession> CreateSecureSpdySessionWithIpBasedPoolingDisabled( + HttpNetworkSession* http_session, + const SpdySessionKey& key, + const NetLogWithSource& net_log); + // Creates an insecure SPDY session for the given key and puts it in // |pool|. The returned session will neither receive nor send any // data. A SPDY session for |key| must not already exist. @@ -293,20 +301,19 @@ class SpdyTestUtil { ~SpdyTestUtil(); // Add the appropriate headers to put |url| into |block|. - void AddUrlToHeaderBlock(base::StringPiece url, - SpdyHeaderBlock* headers) const; + void AddUrlToHeaderBlock(SpdyStringPiece url, SpdyHeaderBlock* headers) const; - static SpdyHeaderBlock ConstructGetHeaderBlock(base::StringPiece url); - static SpdyHeaderBlock ConstructGetHeaderBlockForProxy(base::StringPiece url); - static SpdyHeaderBlock ConstructHeadHeaderBlock(base::StringPiece url, + static SpdyHeaderBlock ConstructGetHeaderBlock(SpdyStringPiece url); + static SpdyHeaderBlock ConstructGetHeaderBlockForProxy(SpdyStringPiece url); + static SpdyHeaderBlock ConstructHeadHeaderBlock(SpdyStringPiece url, int64_t content_length); - static SpdyHeaderBlock ConstructPostHeaderBlock(base::StringPiece url, + static SpdyHeaderBlock ConstructPostHeaderBlock(SpdyStringPiece url, int64_t content_length); - static SpdyHeaderBlock ConstructPutHeaderBlock(base::StringPiece url, + static SpdyHeaderBlock ConstructPutHeaderBlock(SpdyStringPiece url, int64_t content_length); // Construct an expected SPDY reply string from the given headers. - std::string ConstructSpdyReplyString(const SpdyHeaderBlock& headers) const; + SpdyString ConstructSpdyReplyString(const SpdyHeaderBlock& headers) const; // Construct an expected SPDY SETTINGS frame. // |settings| are the settings to set. @@ -333,7 +340,7 @@ class SpdyTestUtil { // ownership of the frame. SpdySerializedFrame ConstructSpdyGoAway(SpdyStreamId last_good_stream_id, SpdyErrorCode error_code, - const std::string& desc); + const SpdyString& desc); // Construct a SPDY WINDOW_UPDATE frame. // Returns the constructed frame. The caller takes ownership of the frame. @@ -515,8 +522,8 @@ class SpdyTestUtil { private: // |content_length| may be NULL, in which case the content-length // header will be omitted. - static SpdyHeaderBlock ConstructHeaderBlock(base::StringPiece method, - base::StringPiece url, + static SpdyHeaderBlock ConstructHeaderBlock(SpdyStringPiece method, + SpdyStringPiece url, int64_t* content_length); // Multiple SpdyFramers are required to keep track of header compression diff --git a/chromium/net/spdy/spdy_test_utils.cc b/chromium/net/spdy/spdy_test_utils.cc index 6814025fafa..100d84f0146 100644 --- a/chromium/net/spdy/spdy_test_utils.cc +++ b/chromium/net/spdy/spdy_test_utils.cc @@ -22,12 +22,10 @@ namespace net { namespace test { -using std::string; - -string HexDumpWithMarks(const unsigned char* data, - int length, - const bool* marks, - int mark_length) { +SpdyString HexDumpWithMarks(const unsigned char* data, + int length, + const bool* marks, + int mark_length) { static const char kHexChars[] = "0123456789abcdef"; static const int kColumns = 4; @@ -38,7 +36,7 @@ string HexDumpWithMarks(const unsigned char* data, mark_length = std::min(mark_length, kSizeLimit); } - string hex; + SpdyString hex; for (const unsigned char* row = data; length > 0; row += kColumns, length -= kColumns) { for (const unsigned char *p = row; p < row + 4; ++p) { @@ -64,7 +62,7 @@ string HexDumpWithMarks(const unsigned char* data, return hex; } -void CompareCharArraysWithHexError(const string& description, +void CompareCharArraysWithHexError(const SpdyString& description, const unsigned char* actual, const int actual_len, const unsigned char* expected, @@ -106,9 +104,9 @@ void SetFrameLength(SpdySerializedFrame* frame, size_t length) { } } -string a2b_hex(const char* hex_data) { +SpdyString a2b_hex(const char* hex_data) { std::vector<uint8_t> output; - string result; + SpdyString result; if (base::HexStringToBytes(hex_data, &output)) result.assign(reinterpret_cast<const char*>(&output[0]), output.size()); return result; @@ -120,22 +118,23 @@ HashValue GetTestHashValue(uint8_t label) { return hash_value; } -string GetTestPin(uint8_t label) { +SpdyString GetTestPin(uint8_t label) { HashValue hash_value = GetTestHashValue(label); - string base64; - base::Base64Encode(base::StringPiece( - reinterpret_cast<char*>(hash_value.data()), hash_value.size()), &base64); + SpdyString base64; + base::Base64Encode(SpdyStringPiece(reinterpret_cast<char*>(hash_value.data()), + hash_value.size()), + &base64); - return string("pin-sha256=\"") + base64 + "\""; + return SpdyString("pin-sha256=\"") + base64 + "\""; } void AddPin(TransportSecurityState* state, - const string& host, + const SpdyString& host, uint8_t primary_label, uint8_t backup_label) { - string primary_pin = GetTestPin(primary_label); - string backup_pin = GetTestPin(backup_label); - string header = "max-age = 10000; " + primary_pin + "; " + backup_pin; + SpdyString primary_pin = GetTestPin(primary_label); + SpdyString backup_pin = GetTestPin(backup_label); + SpdyString header = "max-age = 10000; " + primary_pin + "; " + backup_pin; // Construct a fake SSLInfo that will pass AddHPKPHeader's checks. SSLInfo ssl_info; @@ -148,8 +147,7 @@ void TestHeadersHandler::OnHeaderBlockStart() { block_.clear(); } -void TestHeadersHandler::OnHeader(base::StringPiece name, - base::StringPiece value) { +void TestHeadersHandler::OnHeader(SpdyStringPiece name, SpdyStringPiece value) { block_.AppendValueOrAddHeader(name, value); } diff --git a/chromium/net/spdy/spdy_test_utils.h b/chromium/net/spdy/spdy_test_utils.h index 6737381c7c6..86d07b7adc1 100644 --- a/chromium/net/spdy/spdy_test_utils.h +++ b/chromium/net/spdy/spdy_test_utils.h @@ -8,9 +8,11 @@ #include <stddef.h> #include <stdint.h> -#include <string> +#include <map> +#include <memory> -#include "base/strings/string_piece.h" +#include "net/spdy/platform/api/spdy_string.h" +#include "net/spdy/platform/api/spdy_string_piece.h" #include "net/spdy/server_push_delegate.h" #include "net/spdy/spdy_bug_tracker.h" #include "net/spdy/spdy_header_block.h" @@ -25,39 +27,40 @@ namespace net { class HashValue; class TransportSecurityState; -inline bool operator==(base::StringPiece x, +inline bool operator==(SpdyStringPiece x, const SpdyHeaderBlock::ValueProxy& y) { return x == y.as_string(); } namespace test { -std::string HexDumpWithMarks(const unsigned char* data, int length, - const bool* marks, int mark_length); +SpdyString HexDumpWithMarks(const unsigned char* data, + int length, + const bool* marks, + int mark_length); -void CompareCharArraysWithHexError( - const std::string& description, - const unsigned char* actual, - const int actual_len, - const unsigned char* expected, - const int expected_len); +void CompareCharArraysWithHexError(const SpdyString& description, + const unsigned char* actual, + const int actual_len, + const unsigned char* expected, + const int expected_len); void SetFrameFlags(SpdySerializedFrame* frame, uint8_t flags); void SetFrameLength(SpdySerializedFrame* frame, size_t length); -std::string a2b_hex(const char* hex_data); +SpdyString a2b_hex(const char* hex_data); // Returns a SHA1 HashValue in which each byte has the value |label|. HashValue GetTestHashValue(uint8_t label); // Returns SHA1 pinning header for the of the base64 encoding of // GetTestHashValue(|label|). -std::string GetTestPin(uint8_t label); +SpdyString GetTestPin(uint8_t label); // Adds a pin for |host| to |state|. void AddPin(TransportSecurityState* state, - const std::string& host, + const SpdyString& host, uint8_t primary_label, uint8_t backup_label); @@ -69,7 +72,7 @@ class TestHeadersHandler : public SpdyHeadersHandlerInterface { void OnHeaderBlockStart() override; - void OnHeader(base::StringPiece name, base::StringPiece value) override; + void OnHeader(SpdyStringPiece name, SpdyStringPiece value) override; void OnHeaderBlockEnd(size_t header_bytes_parsed) override; @@ -90,7 +93,7 @@ class TestHeadersHandler : public SpdyHeadersHandlerInterface { // request and provides a interface to cancel the push given url. class TestServerPushDelegate : public ServerPushDelegate { public: - explicit TestServerPushDelegate(); + TestServerPushDelegate(); ~TestServerPushDelegate() override; void OnPush(std::unique_ptr<ServerPushHelper> push_helper, diff --git a/chromium/net/spdy/spdy_write_queue_unittest.cc b/chromium/net/spdy/spdy_write_queue_unittest.cc index 7318be2971b..53f52f113f5 100644 --- a/chromium/net/spdy/spdy_write_queue_unittest.cc +++ b/chromium/net/spdy/spdy_write_queue_unittest.cc @@ -7,7 +7,6 @@ #include <cstddef> #include <cstring> #include <memory> -#include <string> #include <utility> #include "base/logging.h" @@ -15,6 +14,7 @@ #include "base/strings/string_number_conversions.h" #include "net/base/request_priority.h" #include "net/log/net_log_with_source.h" +#include "net/spdy/platform/api/spdy_string.h" #include "net/spdy/spdy_buffer_producer.h" #include "net/spdy/spdy_stream.h" #include "testing/gtest/include/gtest/gtest.h" @@ -24,8 +24,6 @@ namespace net { namespace { -using std::string; - const char kOriginal[] = "original"; const char kRequeued[] = "requeued"; @@ -33,7 +31,7 @@ class SpdyWriteQueueTest : public ::testing::Test {}; // Makes a SpdyFrameProducer producing a frame with the data in the // given string. -std::unique_ptr<SpdyBufferProducer> StringToProducer(const std::string& s) { +std::unique_ptr<SpdyBufferProducer> StringToProducer(const SpdyString& s) { std::unique_ptr<char[]> data(new char[s.size()]); std::memcpy(data.get(), s.data(), s.size()); return std::unique_ptr<SpdyBufferProducer>( @@ -52,7 +50,7 @@ std::unique_ptr<SpdyBufferProducer> IntToProducer(int i) { // SpdyWriteQueue upon destruction. class RequeingBufferProducer : public SpdyBufferProducer { public: - RequeingBufferProducer(SpdyWriteQueue* queue) { + explicit RequeingBufferProducer(SpdyWriteQueue* queue) { buffer_.reset(new SpdyBuffer(kOriginal, arraysize(kOriginal))); buffer_->AddConsumeCallback( base::Bind(RequeingBufferProducer::ConsumeCallback, queue)); @@ -74,7 +72,7 @@ class RequeingBufferProducer : public SpdyBufferProducer { new SimpleBufferProducer(std::unique_ptr<SpdyBuffer>( new SpdyBuffer(kRequeued, arraysize(kRequeued))))); - queue->Enqueue(MEDIUM, RST_STREAM, std::move(producer), + queue->Enqueue(MEDIUM, SpdyFrameType::RST_STREAM, std::move(producer), base::WeakPtr<SpdyStream>()); } @@ -84,9 +82,9 @@ class RequeingBufferProducer : public SpdyBufferProducer { // Produces a frame with the given producer and returns a copy of its // data as a string. -std::string ProducerToString(std::unique_ptr<SpdyBufferProducer> producer) { +SpdyString ProducerToString(std::unique_ptr<SpdyBufferProducer> producer) { std::unique_ptr<SpdyBuffer> buffer = producer->ProduceBuffer(); - return std::string(buffer->GetRemainingData(), buffer->GetRemainingSize()); + return SpdyString(buffer->GetRemainingData(), buffer->GetRemainingSize()); } // Produces a frame with the given producer and returns a copy of its @@ -120,28 +118,29 @@ TEST_F(SpdyWriteQueueTest, DequeuesByPriority) { std::unique_ptr<SpdyStream> stream_highest(MakeTestStream(HIGHEST)); // A NULL stream should still work. - write_queue.Enqueue(LOW, HEADERS, std::move(producer_low), + write_queue.Enqueue(LOW, SpdyFrameType::HEADERS, std::move(producer_low), base::WeakPtr<SpdyStream>()); - write_queue.Enqueue(MEDIUM, HEADERS, std::move(producer_medium), - stream_medium->GetWeakPtr()); - write_queue.Enqueue(HIGHEST, RST_STREAM, std::move(producer_highest), + write_queue.Enqueue(MEDIUM, SpdyFrameType::HEADERS, + std::move(producer_medium), stream_medium->GetWeakPtr()); + write_queue.Enqueue(HIGHEST, SpdyFrameType::RST_STREAM, + std::move(producer_highest), stream_highest->GetWeakPtr()); - SpdyFrameType frame_type = DATA; + SpdyFrameType frame_type = SpdyFrameType::DATA; std::unique_ptr<SpdyBufferProducer> frame_producer; base::WeakPtr<SpdyStream> stream; ASSERT_TRUE(write_queue.Dequeue(&frame_type, &frame_producer, &stream)); - EXPECT_EQ(RST_STREAM, frame_type); + EXPECT_EQ(SpdyFrameType::RST_STREAM, frame_type); EXPECT_EQ("HIGHEST", ProducerToString(std::move(frame_producer))); EXPECT_EQ(stream_highest.get(), stream.get()); ASSERT_TRUE(write_queue.Dequeue(&frame_type, &frame_producer, &stream)); - EXPECT_EQ(HEADERS, frame_type); + EXPECT_EQ(SpdyFrameType::HEADERS, frame_type); EXPECT_EQ("MEDIUM", ProducerToString(std::move(frame_producer))); EXPECT_EQ(stream_medium.get(), stream.get()); ASSERT_TRUE(write_queue.Dequeue(&frame_type, &frame_producer, &stream)); - EXPECT_EQ(HEADERS, frame_type); + EXPECT_EQ(SpdyFrameType::HEADERS, frame_type); EXPECT_EQ("LOW", ProducerToString(std::move(frame_producer))); EXPECT_EQ(nullptr, stream.get()); @@ -161,28 +160,28 @@ TEST_F(SpdyWriteQueueTest, DequeuesFIFO) { std::unique_ptr<SpdyStream> stream2(MakeTestStream(DEFAULT_PRIORITY)); std::unique_ptr<SpdyStream> stream3(MakeTestStream(DEFAULT_PRIORITY)); - write_queue.Enqueue(DEFAULT_PRIORITY, HEADERS, std::move(producer1), - stream1->GetWeakPtr()); - write_queue.Enqueue(DEFAULT_PRIORITY, HEADERS, std::move(producer2), - stream2->GetWeakPtr()); - write_queue.Enqueue(DEFAULT_PRIORITY, RST_STREAM, std::move(producer3), - stream3->GetWeakPtr()); + write_queue.Enqueue(DEFAULT_PRIORITY, SpdyFrameType::HEADERS, + std::move(producer1), stream1->GetWeakPtr()); + write_queue.Enqueue(DEFAULT_PRIORITY, SpdyFrameType::HEADERS, + std::move(producer2), stream2->GetWeakPtr()); + write_queue.Enqueue(DEFAULT_PRIORITY, SpdyFrameType::RST_STREAM, + std::move(producer3), stream3->GetWeakPtr()); - SpdyFrameType frame_type = DATA; + SpdyFrameType frame_type = SpdyFrameType::DATA; std::unique_ptr<SpdyBufferProducer> frame_producer; base::WeakPtr<SpdyStream> stream; ASSERT_TRUE(write_queue.Dequeue(&frame_type, &frame_producer, &stream)); - EXPECT_EQ(HEADERS, frame_type); + EXPECT_EQ(SpdyFrameType::HEADERS, frame_type); EXPECT_EQ(1, ProducerToInt(std::move(frame_producer))); EXPECT_EQ(stream1.get(), stream.get()); ASSERT_TRUE(write_queue.Dequeue(&frame_type, &frame_producer, &stream)); - EXPECT_EQ(HEADERS, frame_type); + EXPECT_EQ(SpdyFrameType::HEADERS, frame_type); EXPECT_EQ(2, ProducerToInt(std::move(frame_producer))); EXPECT_EQ(stream2.get(), stream.get()); ASSERT_TRUE(write_queue.Dequeue(&frame_type, &frame_producer, &stream)); - EXPECT_EQ(RST_STREAM, frame_type); + EXPECT_EQ(SpdyFrameType::RST_STREAM, frame_type); EXPECT_EQ(3, ProducerToInt(std::move(frame_producer))); EXPECT_EQ(stream3.get(), stream.get()); @@ -201,22 +200,23 @@ TEST_F(SpdyWriteQueueTest, RemovePendingWritesForStream) { for (int i = 0; i < 100; ++i) { base::WeakPtr<SpdyStream> stream = (((i % 3) == 0) ? stream1 : stream2)->GetWeakPtr(); - write_queue.Enqueue(DEFAULT_PRIORITY, HEADERS, IntToProducer(i), stream); + write_queue.Enqueue(DEFAULT_PRIORITY, SpdyFrameType::HEADERS, + IntToProducer(i), stream); } write_queue.RemovePendingWritesForStream(stream2->GetWeakPtr()); for (int i = 0; i < 100; i += 3) { - SpdyFrameType frame_type = DATA; + SpdyFrameType frame_type = SpdyFrameType::DATA; std::unique_ptr<SpdyBufferProducer> frame_producer; base::WeakPtr<SpdyStream> stream; ASSERT_TRUE(write_queue.Dequeue(&frame_type, &frame_producer, &stream)); - EXPECT_EQ(HEADERS, frame_type); + EXPECT_EQ(SpdyFrameType::HEADERS, frame_type); EXPECT_EQ(i, ProducerToInt(std::move(frame_producer))); EXPECT_EQ(stream1.get(), stream.get()); } - SpdyFrameType frame_type = DATA; + SpdyFrameType frame_type = SpdyFrameType::DATA; std::unique_ptr<SpdyBufferProducer> frame_producer; base::WeakPtr<SpdyStream> stream; EXPECT_FALSE(write_queue.Dequeue(&frame_type, &frame_producer, &stream)); @@ -243,24 +243,24 @@ TEST_F(SpdyWriteQueueTest, RemovePendingWritesForStreamsAfter) { }; for (int i = 0; i < 100; ++i) { - write_queue.Enqueue(DEFAULT_PRIORITY, HEADERS, IntToProducer(i), - streams[i % arraysize(streams)]); + write_queue.Enqueue(DEFAULT_PRIORITY, SpdyFrameType::HEADERS, + IntToProducer(i), streams[i % arraysize(streams)]); } write_queue.RemovePendingWritesForStreamsAfter(stream1->stream_id()); for (int i = 0; i < 100; i += arraysize(streams)) { - SpdyFrameType frame_type = DATA; + SpdyFrameType frame_type = SpdyFrameType::DATA; std::unique_ptr<SpdyBufferProducer> frame_producer; base::WeakPtr<SpdyStream> stream; ASSERT_TRUE(write_queue.Dequeue(&frame_type, &frame_producer, &stream)) << "Unable to Dequeue i: " << i; - EXPECT_EQ(HEADERS, frame_type); + EXPECT_EQ(SpdyFrameType::HEADERS, frame_type); EXPECT_EQ(i, ProducerToInt(std::move(frame_producer))); EXPECT_EQ(stream1.get(), stream.get()); } - SpdyFrameType frame_type = DATA; + SpdyFrameType frame_type = SpdyFrameType::DATA; std::unique_ptr<SpdyBufferProducer> frame_producer; base::WeakPtr<SpdyStream> stream; EXPECT_FALSE(write_queue.Dequeue(&frame_type, &frame_producer, &stream)); @@ -273,13 +273,13 @@ TEST_F(SpdyWriteQueueTest, Clear) { SpdyWriteQueue write_queue; for (int i = 0; i < 100; ++i) { - write_queue.Enqueue(DEFAULT_PRIORITY, HEADERS, IntToProducer(i), - base::WeakPtr<SpdyStream>()); + write_queue.Enqueue(DEFAULT_PRIORITY, SpdyFrameType::HEADERS, + IntToProducer(i), base::WeakPtr<SpdyStream>()); } write_queue.Clear(); - SpdyFrameType frame_type = DATA; + SpdyFrameType frame_type = SpdyFrameType::DATA; std::unique_ptr<SpdyBufferProducer> frame_producer; base::WeakPtr<SpdyStream> stream; EXPECT_FALSE(write_queue.Dequeue(&frame_type, &frame_producer, &stream)); @@ -288,7 +288,7 @@ TEST_F(SpdyWriteQueueTest, Clear) { TEST_F(SpdyWriteQueueTest, RequeingProducerWithoutReentrance) { SpdyWriteQueue queue; queue.Enqueue( - DEFAULT_PRIORITY, HEADERS, + DEFAULT_PRIORITY, SpdyFrameType::HEADERS, std::unique_ptr<SpdyBufferProducer>(new RequeingBufferProducer(&queue)), base::WeakPtr<SpdyStream>()); { @@ -298,7 +298,8 @@ TEST_F(SpdyWriteQueueTest, RequeingProducerWithoutReentrance) { EXPECT_TRUE(queue.Dequeue(&frame_type, &producer, &stream)); EXPECT_TRUE(queue.IsEmpty()); - EXPECT_EQ(string(kOriginal), producer->ProduceBuffer()->GetRemainingData()); + EXPECT_EQ(SpdyString(kOriginal), + producer->ProduceBuffer()->GetRemainingData()); } // |producer| was destroyed, and a buffer is re-queued. EXPECT_FALSE(queue.IsEmpty()); @@ -308,13 +309,14 @@ TEST_F(SpdyWriteQueueTest, RequeingProducerWithoutReentrance) { base::WeakPtr<SpdyStream> stream; EXPECT_TRUE(queue.Dequeue(&frame_type, &producer, &stream)); - EXPECT_EQ(string(kRequeued), producer->ProduceBuffer()->GetRemainingData()); + EXPECT_EQ(SpdyString(kRequeued), + producer->ProduceBuffer()->GetRemainingData()); } TEST_F(SpdyWriteQueueTest, ReentranceOnClear) { SpdyWriteQueue queue; queue.Enqueue( - DEFAULT_PRIORITY, HEADERS, + DEFAULT_PRIORITY, SpdyFrameType::HEADERS, std::unique_ptr<SpdyBufferProducer>(new RequeingBufferProducer(&queue)), base::WeakPtr<SpdyStream>()); @@ -326,7 +328,8 @@ TEST_F(SpdyWriteQueueTest, ReentranceOnClear) { base::WeakPtr<SpdyStream> stream; EXPECT_TRUE(queue.Dequeue(&frame_type, &producer, &stream)); - EXPECT_EQ(string(kRequeued), producer->ProduceBuffer()->GetRemainingData()); + EXPECT_EQ(SpdyString(kRequeued), + producer->ProduceBuffer()->GetRemainingData()); } TEST_F(SpdyWriteQueueTest, ReentranceOnRemovePendingWritesAfter) { @@ -335,7 +338,7 @@ TEST_F(SpdyWriteQueueTest, ReentranceOnRemovePendingWritesAfter) { SpdyWriteQueue queue; queue.Enqueue( - DEFAULT_PRIORITY, HEADERS, + DEFAULT_PRIORITY, SpdyFrameType::HEADERS, std::unique_ptr<SpdyBufferProducer>(new RequeingBufferProducer(&queue)), stream->GetWeakPtr()); @@ -347,7 +350,8 @@ TEST_F(SpdyWriteQueueTest, ReentranceOnRemovePendingWritesAfter) { base::WeakPtr<SpdyStream> weak_stream; EXPECT_TRUE(queue.Dequeue(&frame_type, &producer, &weak_stream)); - EXPECT_EQ(string(kRequeued), producer->ProduceBuffer()->GetRemainingData()); + EXPECT_EQ(SpdyString(kRequeued), + producer->ProduceBuffer()->GetRemainingData()); } TEST_F(SpdyWriteQueueTest, ReentranceOnRemovePendingWritesForStream) { @@ -356,7 +360,7 @@ TEST_F(SpdyWriteQueueTest, ReentranceOnRemovePendingWritesForStream) { SpdyWriteQueue queue; queue.Enqueue( - DEFAULT_PRIORITY, HEADERS, + DEFAULT_PRIORITY, SpdyFrameType::HEADERS, std::unique_ptr<SpdyBufferProducer>(new RequeingBufferProducer(&queue)), stream->GetWeakPtr()); @@ -368,7 +372,8 @@ TEST_F(SpdyWriteQueueTest, ReentranceOnRemovePendingWritesForStream) { base::WeakPtr<SpdyStream> weak_stream; EXPECT_TRUE(queue.Dequeue(&frame_type, &producer, &weak_stream)); - EXPECT_EQ(string(kRequeued), producer->ProduceBuffer()->GetRemainingData()); + EXPECT_EQ(SpdyString(kRequeued), + producer->ProduceBuffer()->GetRemainingData()); } } // namespace diff --git a/chromium/net/ssl/channel_id_service.cc b/chromium/net/ssl/channel_id_service.cc index d48734630e6..0c1b71f8cdc 100644 --- a/chromium/net/ssl/channel_id_service.cc +++ b/chromium/net/ssl/channel_id_service.cc @@ -70,14 +70,6 @@ void RecordGetChannelIDResult(GetChannelIDResult result) { GET_CHANNEL_ID_RESULT_MAX); } -void RecordGetChannelIDTime(base::TimeDelta request_time) { - UMA_HISTOGRAM_CUSTOM_TIMES("DomainBoundCerts.GetCertTime", - request_time, - base::TimeDelta::FromMilliseconds(1), - base::TimeDelta::FromMinutes(5), - 50); -} - // On success, returns a ChannelID object and sets |*error| to OK. // Otherwise, returns NULL, and |*error| will be set to a net error code. // |serial_number| is passed in because base::RandInt cannot be called from an @@ -87,7 +79,6 @@ std::unique_ptr<ChannelIDStore::ChannelID> GenerateChannelID( int* error) { std::unique_ptr<ChannelIDStore::ChannelID> result; - base::TimeTicks start = base::TimeTicks::Now(); base::Time creation_time = base::Time::Now(); std::unique_ptr<crypto::ECPrivateKey> key(crypto::ECPrivateKey::Create()); @@ -99,11 +90,6 @@ std::unique_ptr<ChannelIDStore::ChannelID> GenerateChannelID( result.reset(new ChannelIDStore::ChannelID(server_identifier, creation_time, std::move(key))); - UMA_HISTOGRAM_CUSTOM_TIMES("DomainBoundCerts.GenerateCertTime", - base::TimeTicks::Now() - start, - base::TimeDelta::FromMilliseconds(1), - base::TimeDelta::FromMinutes(5), - 50); *error = OK; return result; } @@ -226,13 +212,11 @@ void ChannelIDService::Request::Cancel() { void ChannelIDService::Request::RequestStarted( ChannelIDService* service, - base::TimeTicks request_start, const CompletionCallback& callback, std::unique_ptr<crypto::ECPrivateKey>* key, ChannelIDServiceJob* job) { DCHECK(service_ == NULL); service_ = service; - request_start_ = request_start; callback_ = callback; key_ = key; job_ = job; @@ -243,12 +227,6 @@ void ChannelIDService::Request::Post( std::unique_ptr<crypto::ECPrivateKey> key) { switch (error) { case OK: { - base::TimeDelta request_time = base::TimeTicks::Now() - request_start_; - UMA_HISTOGRAM_CUSTOM_TIMES("DomainBoundCerts.GetCertTimeAsync", - request_time, - base::TimeDelta::FromMilliseconds(1), - base::TimeDelta::FromMinutes(5), 50); - RecordGetChannelIDTime(request_time); RecordGetChannelIDResult(ASYNC_SUCCESS); break; } @@ -304,7 +282,6 @@ int ChannelIDService::GetOrCreateChannelID( Request* out_req) { DVLOG(1) << __func__ << " " << host; DCHECK(CalledOnValidThread()); - base::TimeTicks request_start = base::TimeTicks::Now(); if (callback.is_null() || !key || host.empty()) { RecordGetChannelIDResult(INVALID_ARGUMENT); @@ -321,13 +298,12 @@ int ChannelIDService::GetOrCreateChannelID( // See if a request for the same domain is currently in flight. bool create_if_missing = true; - if (JoinToInFlightRequest(request_start, domain, key, create_if_missing, - callback, out_req)) { + if (JoinToInFlightRequest(domain, key, create_if_missing, callback, + out_req)) { return ERR_IO_PENDING; } - int err = LookupChannelID(request_start, domain, key, create_if_missing, - callback, out_req); + int err = LookupChannelID(domain, key, create_if_missing, callback, out_req); if (err == ERR_FILE_NOT_FOUND) { // Sync lookup did not find a valid channel ID. Start generating a new one. workers_created_++; @@ -342,7 +318,7 @@ int ChannelIDService::GetOrCreateChannelID( inflight_[domain] = base::WrapUnique(job); job->AddRequest(out_req); - out_req->RequestStarted(this, request_start, callback, key, job); + out_req->RequestStarted(this, callback, key, job); return ERR_IO_PENDING; } @@ -355,7 +331,6 @@ int ChannelIDService::GetChannelID(const std::string& host, Request* out_req) { DVLOG(1) << __func__ << " " << host; DCHECK(CalledOnValidThread()); - base::TimeTicks request_start = base::TimeTicks::Now(); if (callback.is_null() || !key || host.empty()) { RecordGetChannelIDResult(INVALID_ARGUMENT); @@ -372,13 +347,12 @@ int ChannelIDService::GetChannelID(const std::string& host, // See if a request for the same domain currently in flight. bool create_if_missing = false; - if (JoinToInFlightRequest(request_start, domain, key, create_if_missing, - callback, out_req)) { + if (JoinToInFlightRequest(domain, key, create_if_missing, callback, + out_req)) { return ERR_IO_PENDING; } - int err = LookupChannelID(request_start, domain, key, create_if_missing, - callback, out_req); + int err = LookupChannelID(domain, key, create_if_missing, callback, out_req); return err; } @@ -452,7 +426,6 @@ void ChannelIDService::HandleResult(int error, } bool ChannelIDService::JoinToInFlightRequest( - const base::TimeTicks& request_start, const std::string& domain, std::unique_ptr<crypto::ECPrivateKey>* key, bool create_if_missing, @@ -468,14 +441,13 @@ bool ChannelIDService::JoinToInFlightRequest( inflight_joins_++; job->AddRequest(out_req, create_if_missing); - out_req->RequestStarted(this, request_start, callback, key, job); + out_req->RequestStarted(this, callback, key, job); return true; } return false; } int ChannelIDService::LookupChannelID( - const base::TimeTicks& request_start, const std::string& domain, std::unique_ptr<crypto::ECPrivateKey>* key, bool create_if_missing, @@ -491,9 +463,6 @@ int ChannelIDService::LookupChannelID( DVLOG(1) << "Channel ID store had valid key for " << domain; key_store_hits_++; RecordGetChannelIDResult(SYNC_SUCCESS); - base::TimeDelta request_time = base::TimeTicks::Now() - request_start; - UMA_HISTOGRAM_TIMES("DomainBoundCerts.GetCertTimeSync", request_time); - RecordGetChannelIDTime(request_time); return OK; } @@ -503,7 +472,7 @@ int ChannelIDService::LookupChannelID( inflight_[domain] = base::WrapUnique(job); job->AddRequest(out_req); - out_req->RequestStarted(this, request_start, callback, key, job); + out_req->RequestStarted(this, callback, key, job); return ERR_IO_PENDING; } diff --git a/chromium/net/ssl/channel_id_service.h b/chromium/net/ssl/channel_id_service.h index 5ef37d2c562..a3eb1592700 100644 --- a/chromium/net/ssl/channel_id_service.h +++ b/chromium/net/ssl/channel_id_service.h @@ -18,7 +18,6 @@ #include "base/memory/weak_ptr.h" #include "base/task_runner.h" #include "base/threading/non_thread_safe.h" -#include "base/time/time.h" #include "net/base/completion_callback.h" #include "net/base/net_export.h" #include "net/ssl/channel_id_store.h" @@ -54,7 +53,6 @@ class NET_EXPORT ChannelIDService friend class ChannelIDServiceJob; void RequestStarted(ChannelIDService* service, - base::TimeTicks request_start, const CompletionCallback& callback, std::unique_ptr<crypto::ECPrivateKey>* key, ChannelIDServiceJob* job); @@ -62,7 +60,6 @@ class NET_EXPORT ChannelIDService void Post(int error, std::unique_ptr<crypto::ECPrivateKey> key); ChannelIDService* service_; - base::TimeTicks request_start_; CompletionCallback callback_; std::unique_ptr<crypto::ECPrivateKey>* key_; ChannelIDServiceJob* job_; @@ -150,8 +147,7 @@ class NET_EXPORT ChannelIDService // Searches for an in-flight request for the same domain. If found, // attaches to the request and returns true. Returns false if no in-flight // request is found. - bool JoinToInFlightRequest(const base::TimeTicks& request_start, - const std::string& domain, + bool JoinToInFlightRequest(const std::string& domain, std::unique_ptr<crypto::ECPrivateKey>* key, bool create_if_missing, const CompletionCallback& callback, @@ -161,8 +157,7 @@ class NET_EXPORT ChannelIDService // Returns OK if it can be found synchronously, ERR_IO_PENDING if the // result cannot be obtained synchronously, or a network error code on // failure (including failure to find a channel ID of |domain|). - int LookupChannelID(const base::TimeTicks& request_start, - const std::string& domain, + int LookupChannelID(const std::string& domain, std::unique_ptr<crypto::ECPrivateKey>* key, bool create_if_missing, const CompletionCallback& callback, diff --git a/chromium/net/ssl/client_cert_store_mac.cc b/chromium/net/ssl/client_cert_store_mac.cc index 4b44ab37d12..a3ef5899155 100644 --- a/chromium/net/ssl/client_cert_store_mac.cc +++ b/chromium/net/ssl/client_cert_store_mac.cc @@ -91,9 +91,12 @@ bool IsIssuedByInKeychain(const std::vector<std::string>& valid_issuers, DCHECK(cert); DCHECK(cert->get()); - X509Certificate::OSCertHandle cert_handle = (*cert)->os_cert_handle(); + base::ScopedCFTypeRef<SecCertificateRef> os_cert( + x509_util::CreateSecCertificateFromX509Certificate(cert->get())); + if (!os_cert) + return false; CFArrayRef cert_chain = NULL; - OSStatus result = CopyCertChain(cert_handle, &cert_chain); + OSStatus result = CopyCertChain(os_cert.get(), &cert_chain); if (result) { OSSTATUS_LOG(ERROR, result) << "CopyCertChain error"; return false; @@ -102,7 +105,7 @@ bool IsIssuedByInKeychain(const std::vector<std::string>& valid_issuers, if (!cert_chain) return false; - X509Certificate::OSCertHandles intermediates; + std::vector<SecCertificateRef> intermediates; for (CFIndex i = 1, chain_count = CFArrayGetCount(cert_chain); i < chain_count; ++i) { SecCertificateRef cert = reinterpret_cast<SecCertificateRef>( @@ -110,17 +113,69 @@ bool IsIssuedByInKeychain(const std::vector<std::string>& valid_issuers, intermediates.push_back(cert); } - scoped_refptr<X509Certificate> new_cert(X509Certificate::CreateFromHandle( - cert_handle, intermediates)); + scoped_refptr<X509Certificate> new_cert( + x509_util::CreateX509CertificateFromSecCertificate(os_cert.get(), + intermediates)); CFRelease(cert_chain); // Also frees |intermediates|. - if (!new_cert->IsIssuedByEncoded(valid_issuers)) + if (!new_cert || !new_cert->IsIssuedByEncoded(valid_issuers)) return false; cert->swap(new_cert); return true; } +// Returns true if |purpose| is listed as allowed in |usage|. This +// function also considers the "Any" purpose. If the attribute is +// present and empty, we return false. +bool ExtendedKeyUsageAllows(const CE_ExtendedKeyUsage* usage, + const CSSM_OID* purpose) { + for (unsigned p = 0; p < usage->numPurposes; ++p) { + if (CSSMOIDEqual(&usage->purposes[p], purpose)) + return true; + if (CSSMOIDEqual(&usage->purposes[p], &CSSMOID_ExtendedKeyUsageAny)) + return true; + } + return false; +} + +// Does |cert|'s usage allow SSL client authentication? +bool SupportsSSLClientAuth(SecCertificateRef cert) { + x509_util::CSSMCachedCertificate cached_cert; + OSStatus status = cached_cert.Init(cert); + if (status) + return false; + + // RFC5280 says to take the intersection of the two extensions. + // + // Our underlying crypto libraries don't expose + // ClientCertificateType, so for now we will not support fixed + // Diffie-Hellman mechanisms. For rsa_sign, we need the + // digitalSignature bit. + // + // In particular, if a key has the nonRepudiation bit and not the + // digitalSignature one, we will not offer it to the user. + x509_util::CSSMFieldValue key_usage; + status = cached_cert.GetField(&CSSMOID_KeyUsage, &key_usage); + if (status == CSSM_OK && key_usage.field()) { + const CSSM_X509_EXTENSION* ext = key_usage.GetAs<CSSM_X509_EXTENSION>(); + const CE_KeyUsage* key_usage_value = + reinterpret_cast<const CE_KeyUsage*>(ext->value.parsedValue); + if (!((*key_usage_value) & CE_KU_DigitalSignature)) + return false; + } + + status = cached_cert.GetField(&CSSMOID_ExtendedKeyUsage, &key_usage); + if (status == CSSM_OK && key_usage.field()) { + const CSSM_X509_EXTENSION* ext = key_usage.GetAs<CSSM_X509_EXTENSION>(); + const CE_ExtendedKeyUsage* ext_key_usage = + reinterpret_cast<const CE_ExtendedKeyUsage*>(ext->value.parsedValue); + if (!ExtendedKeyUsageAllows(ext_key_usage, &CSSMOID_ClientAuth)) + return false; + } + return true; +} + // Examines the certificates in |preferred_cert| and |regular_certs| to find // all certificates that match the client certificate request in |request|, // storing the matching certificates in |selected_certs|. @@ -142,7 +197,7 @@ void GetClientCertsImpl(const scoped_refptr<X509Certificate>& preferred_cert, selected_certs->clear(); for (size_t i = 0; i < preliminary_list.size(); ++i) { scoped_refptr<X509Certificate>& cert = preliminary_list[i]; - if (cert->HasExpired() || !cert->SupportsSSLClientAuth()) + if (cert->HasExpired()) continue; // Skip duplicates (a cert may be in multiple keychains). @@ -236,9 +291,14 @@ void ClientCertStoreMac::GetClientCerts(const SSLCertRequestInfo& request, continue; ScopedCFTypeRef<SecCertificateRef> scoped_cert_handle(cert_handle); + if (!SupportsSSLClientAuth(cert_handle)) + continue; + scoped_refptr<X509Certificate> cert( - X509Certificate::CreateFromHandle(cert_handle, - X509Certificate::OSCertHandles())); + x509_util::CreateX509CertificateFromSecCertificate( + cert_handle, std::vector<SecCertificateRef>())); + if (!cert) + continue; if (preferred_identity && CFEqual(preferred_identity, identity)) { // Only one certificate should match. diff --git a/chromium/net/ssl/client_cert_store_nss.cc b/chromium/net/ssl/client_cert_store_nss.cc index dab47284180..b5d77af6130 100644 --- a/chromium/net/ssl/client_cert_store_nss.cc +++ b/chromium/net/ssl/client_cert_store_nss.cc @@ -99,6 +99,8 @@ void ClientCertStoreNSS::FilterCertsOnWorkerThread( // https://crbug.com/548631. filtered_certs->push_back( X509Certificate::CreateFromHandle(handle, intermediates_raw)); + // |handle| was successfully parsed by |cert|, so this should never fail. + DCHECK(filtered_certs->back()); } DVLOG(2) << "num_raw:" << num_raw << " num_filtered:" << filtered_certs->size(); @@ -131,8 +133,13 @@ void ClientCertStoreNSS::GetPlatformCertsOnWorkerThread( } for (CERTCertListNode* node = CERT_LIST_HEAD(found_certs); !CERT_LIST_END(node, found_certs); node = CERT_LIST_NEXT(node)) { - certs->push_back(X509Certificate::CreateFromHandle( - node->cert, X509Certificate::OSCertHandles())); + scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( + node->cert, X509Certificate::OSCertHandles()); + if (!cert) { + DVLOG(2) << "X509Certificate::CreateFromHandle failed"; + continue; + } + certs->push_back(std::move(cert)); } CERT_DestroyCertList(found_certs); } diff --git a/chromium/net/ssl/client_cert_store_win.cc b/chromium/net/ssl/client_cert_store_win.cc index 499d1c4b55e..cdeee46c12c 100644 --- a/chromium/net/ssl/client_cert_store_win.cc +++ b/chromium/net/ssl/client_cert_store_win.cc @@ -149,7 +149,8 @@ void GetClientCertsImpl(HCERTSTORE cert_store, // pair<X509Certificate, SSLPrivateKeyCallback>. scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( cert_context2, intermediates); - selected_certs->push_back(cert); + if (cert) + selected_certs->push_back(std::move(cert)); CertFreeCertificateContext(cert_context2); for (size_t i = 0; i < intermediates.size(); ++i) CertFreeCertificateContext(intermediates[i]); diff --git a/chromium/net/ssl/client_key_store.h b/chromium/net/ssl/client_key_store.h index b9f182b3c9b..e1afa1d9e01 100644 --- a/chromium/net/ssl/client_key_store.h +++ b/chromium/net/ssl/client_key_store.h @@ -58,7 +58,7 @@ class NET_EXPORT ClientKeyStore { const X509Certificate& certificate); private: - friend struct base::DefaultLazyInstanceTraits<ClientKeyStore>; + friend struct base::LazyInstanceTraitsBase<ClientKeyStore>; ClientKeyStore(); ~ClientKeyStore(); diff --git a/chromium/net/ssl/default_channel_id_store.cc b/chromium/net/ssl/default_channel_id_store.cc index 901e9f34bba..72c283a30a9 100644 --- a/chromium/net/ssl/default_channel_id_store.cc +++ b/chromium/net/ssl/default_channel_id_store.cc @@ -332,18 +332,6 @@ void DefaultChannelIDStore::OnLoaded( loaded_ = true; - base::TimeDelta wait_time; - if (!waiting_tasks_.empty()) - wait_time = base::TimeTicks::Now() - waiting_tasks_start_time_; - DVLOG(1) << "Task delay " << wait_time.InMilliseconds(); - UMA_HISTOGRAM_CUSTOM_TIMES("DomainBoundCerts.TaskMaxWaitTime", - wait_time, - base::TimeDelta::FromMilliseconds(1), - base::TimeDelta::FromMinutes(1), - 50); - UMA_HISTOGRAM_COUNTS_100("DomainBoundCerts.TaskWaitCount", - waiting_tasks_.size()); - for (std::unique_ptr<Task>& i : waiting_tasks_) i->Run(this); waiting_tasks_.clear(); @@ -401,8 +389,6 @@ void DefaultChannelIDStore::SyncGetAllChannelIDs( void DefaultChannelIDStore::EnqueueTask(std::unique_ptr<Task> task) { DCHECK(CalledOnValidThread()); DCHECK(!loaded_); - if (waiting_tasks_.empty()) - waiting_tasks_start_time_ = base::TimeTicks::Now(); waiting_tasks_.push_back(std::move(task)); } diff --git a/chromium/net/ssl/default_channel_id_store.h b/chromium/net/ssl/default_channel_id_store.h index 7d439b07659..7dd5dcd4c02 100644 --- a/chromium/net/ssl/default_channel_id_store.h +++ b/chromium/net/ssl/default_channel_id_store.h @@ -134,7 +134,6 @@ class NET_EXPORT DefaultChannelIDStore : public ChannelIDStore { // Tasks that are waiting to be run once we finish loading. std::vector<std::unique_ptr<Task>> waiting_tasks_; - base::TimeTicks waiting_tasks_start_time_; scoped_refptr<PersistentStore> store_; diff --git a/chromium/net/ssl/openssl_client_key_store.cc b/chromium/net/ssl/openssl_client_key_store.cc index 295810f29cc..48895e9ed3a 100644 --- a/chromium/net/ssl/openssl_client_key_store.cc +++ b/chromium/net/ssl/openssl_client_key_store.cc @@ -7,6 +7,7 @@ #include <utility> #include "base/memory/singleton.h" +#include "net/cert/asn1_util.h" #include "net/cert/x509_certificate.h" #include "net/ssl/ssl_private_key.h" #include "third_party/boringssl/src/include/openssl/evp.h" @@ -19,6 +20,16 @@ namespace { // Serializes the SubjectPublicKeyInfo for |cert|. bool GetCertificateSPKI(const X509Certificate* cert, std::string* spki) { +#if BUILDFLAG(USE_BYTE_CERTS) + base::StringPiece cert_der( + reinterpret_cast<const char*>(CRYPTO_BUFFER_data(cert->os_cert_handle())), + CRYPTO_BUFFER_len(cert->os_cert_handle())); + base::StringPiece spki_tmp; + if (!asn1::ExtractSPKIFromDERCert(cert_der, &spki_tmp)) + return false; + spki_tmp.CopyToString(spki); + return true; +#else bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert->os_cert_handle())); if (!pkey) { LOG(ERROR) << "Can't extract private key from certificate!"; @@ -38,6 +49,7 @@ bool GetCertificateSPKI(const X509Certificate* cert, std::string* spki) { reinterpret_cast<char*>(der) + der_len); OPENSSL_free(der); return true; +#endif } } // namespace diff --git a/chromium/net/ssl/openssl_ssl_util.cc b/chromium/net/ssl/openssl_ssl_util.cc index f1266d5dfa2..8071da64f5a 100644 --- a/chromium/net/ssl/openssl_ssl_util.cc +++ b/chromium/net/ssl/openssl_ssl_util.cc @@ -61,8 +61,13 @@ int OpenSSLNetErrorLib() { int MapOpenSSLErrorSSL(uint32_t error_code) { DCHECK_EQ(ERR_LIB_SSL, ERR_GET_LIB(error_code)); +#if DCHECK_IS_ON() + char buf[ERR_ERROR_STRING_BUF_LEN]; + ERR_error_string_n(error_code, buf, sizeof(buf)); DVLOG(1) << "OpenSSL SSL error, reason: " << ERR_GET_REASON(error_code) - << ", name: " << ERR_error_string(error_code, NULL); + << ", name: " << buf; +#endif + switch (ERR_GET_REASON(error_code)) { case SSL_R_READ_TIMEOUT_EXPIRED: return ERR_TIMED_OUT; @@ -96,9 +101,7 @@ int MapOpenSSLErrorSSL(uint32_t error_code) { return ERR_SSL_UNRECOGNIZED_NAME_ALERT; case SSL_R_BAD_DH_P_LENGTH: return ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY; - case SSL_R_CERTIFICATE_VERIFY_FAILED: - // The only way that the certificate verify callback can fail is if - // the leaf certificate changed during a renegotiation. + case SSL_R_SERVER_CERT_CHANGED: return ERR_SSL_SERVER_CERT_CHANGED; // SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE may be returned from the server after // receiving ClientHello if there's no common supported cipher. Map that @@ -224,15 +227,17 @@ int GetNetSSLVersion(SSL* ssl) { bssl::UniquePtr<X509> OSCertHandleToOpenSSL( X509Certificate::OSCertHandle os_handle) { -#if defined(USE_OPENSSL_CERTS) +#if BUILDFLAG(USE_BYTE_CERTS) + return bssl::UniquePtr<X509>(X509_parse_from_buffer(os_handle)); +#elif defined(USE_OPENSSL_CERTS) return bssl::UniquePtr<X509>(X509Certificate::DupOSCertHandle(os_handle)); -#else // !defined(USE_OPENSSL_CERTS) +#else // !defined(USE_OPENSSL_CERTS) && !BUILDFLAG(USE_BYTE_CERTS) std::string der_encoded; if (!X509Certificate::GetDEREncoded(os_handle, &der_encoded)) return bssl::UniquePtr<X509>(); const uint8_t* bytes = reinterpret_cast<const uint8_t*>(der_encoded.data()); return bssl::UniquePtr<X509>(d2i_X509(NULL, &bytes, der_encoded.size())); -#endif // defined(USE_OPENSSL_CERTS) +#endif // defined(USE_OPENSSL_CERTS) && BUILDFLAG(USE_BYTE_CERTS) } bssl::UniquePtr<STACK_OF(X509)> OSCertHandlesToOpenSSL( diff --git a/chromium/net/ssl/ssl_client_session_cache.cc b/chromium/net/ssl/ssl_client_session_cache.cc index d92bdea78ca..e2c32c5b9d3 100644 --- a/chromium/net/ssl/ssl_client_session_cache.cc +++ b/chromium/net/ssl/ssl_client_session_cache.cc @@ -106,8 +106,11 @@ void SSLClientSessionCache::SetClockForTesting( } bool SSLClientSessionCache::IsExpired(SSL_SESSION* session, time_t now) { - return now < SSL_SESSION_get_time(session) || - now >= + if (now < 0) + return true; + uint64_t now_u64 = static_cast<uint64_t>(now); + return now_u64 < SSL_SESSION_get_time(session) || + now_u64 >= SSL_SESSION_get_time(session) + SSL_SESSION_get_timeout(session); } @@ -139,15 +142,11 @@ void SSLClientSessionCache::DumpMemoryStats( size_t pair_cert_count = sk_CRYPTO_BUFFER_num(session->certs); for (size_t i = 0; i < pair_cert_count; ++i) { const CRYPTO_BUFFER* cert = sk_CRYPTO_BUFFER_value(session->certs, i); - // TODO(xunjieli): The multipler is added to account for the difference - // between the serialized form and real cert allocation. Remove after - // crbug.com/671420 is done. - size_t individual_cert_size = 4 * CRYPTO_BUFFER_len(cert); - undeduped_cert_size += individual_cert_size; + undeduped_cert_size += CRYPTO_BUFFER_len(cert); auto result = crypto_buffer_set.insert(cert); if (!result.second) continue; - cert_size += individual_cert_size; + cert_size += CRYPTO_BUFFER_len(cert); cert_count++; } } diff --git a/chromium/net/ssl/ssl_config.cc b/chromium/net/ssl/ssl_config.cc index 726ce48f1e9..528ff2add80 100644 --- a/chromium/net/ssl/ssl_config.cc +++ b/chromium/net/ssl/ssl_config.cc @@ -28,6 +28,7 @@ SSLConfig::SSLConfig() version_min(kDefaultSSLVersionMin), version_max(kDefaultSSLVersionMax), deprecated_cipher_suites_enabled(false), + version_interference_probe(false), channel_id_enabled(true), false_start_enabled(true), signed_cert_timestamps_enabled(true), diff --git a/chromium/net/ssl/ssl_config.h b/chromium/net/ssl/ssl_config.h index 7e6283dd6ad..eee5622744c 100644 --- a/chromium/net/ssl/ssl_config.h +++ b/chromium/net/ssl/ssl_config.h @@ -114,6 +114,12 @@ struct NET_EXPORT SSLConfig { // it. https://crbug.com/684730. bool deprecated_cipher_suites_enabled; + // Enables the version interference probing mode. While TLS 1.3 has avoided + // most endpoint intolerance, middlebox interference with TLS 1.3 is + // rampant. This causes the connection to be discarded on success with + // ERR_SSL_VERSION_INTERFERENCE. + bool version_interference_probe; + bool channel_id_enabled; // True if TLS channel ID extension is enabled. // List of Token Binding key parameters supported by the client. If empty, diff --git a/chromium/net/ssl/ssl_platform_key_mac.cc b/chromium/net/ssl/ssl_platform_key_mac.cc index 373f4323e07..1f7e3efd5b3 100644 --- a/chromium/net/ssl/ssl_platform_key_mac.cc +++ b/chromium/net/ssl/ssl_platform_key_mac.cc @@ -30,6 +30,7 @@ #include "crypto/openssl_util.h" #include "net/base/net_errors.h" #include "net/cert/x509_certificate.h" +#include "net/cert/x509_util_mac.h" #include "net/ssl/ssl_platform_key.h" #include "net/ssl/ssl_platform_key_util.h" #include "net/ssl/ssl_private_key.h" @@ -84,9 +85,13 @@ SecKeyRef FetchSecKeyRefForCertificate(const X509Certificate* certificate, OSStatus status; base::ScopedCFTypeRef<SecIdentityRef> identity; { + base::ScopedCFTypeRef<SecCertificateRef> os_cert( + x509_util::CreateSecCertificateFromX509Certificate(certificate)); + if (!os_cert) + return nullptr; base::AutoLock lock(crypto::GetMacSecurityServicesLock()); - status = SecIdentityCreateWithCertificate( - keychain, certificate->os_cert_handle(), identity.InitializeInto()); + status = SecIdentityCreateWithCertificate(keychain, os_cert.get(), + identity.InitializeInto()); } if (status != noErr) { OSSTATUS_LOG(WARNING, status); diff --git a/chromium/net/ssl/ssl_platform_key_mac_unittest.cc b/chromium/net/ssl/ssl_platform_key_mac_unittest.cc index 9207dedb086..e35af63b99c 100644 --- a/chromium/net/ssl/ssl_platform_key_mac_unittest.cc +++ b/chromium/net/ssl/ssl_platform_key_mac_unittest.cc @@ -16,6 +16,7 @@ #include "base/files/scoped_temp_dir.h" #include "base/mac/scoped_cftyperef.h" #include "base/memory/ref_counted.h" +#include "net/cert/x509_util_mac.h" #include "net/ssl/ssl_private_key.h" #include "net/ssl/ssl_private_key_test_util.h" #include "net/test/cert_test_util.h" @@ -76,8 +77,10 @@ TEST_P(SSLPlatformKeyMacTest, KeyMatches) { nullptr, keychain.InitializeInto())); // Insert the certificate into the keychain. - ASSERT_EQ(noErr, - SecCertificateAddToKeychain(cert->os_cert_handle(), keychain)); + base::ScopedCFTypeRef<SecCertificateRef> sec_cert( + x509_util::CreateSecCertificateFromX509Certificate(cert.get())); + ASSERT_TRUE(sec_cert); + ASSERT_EQ(noErr, SecCertificateAddToKeychain(sec_cert, keychain)); // Import the key into the keychain. Apple doesn't accept unencrypted PKCS#8, // but it accepts the low-level RSAPrivateKey and ECPrivateKey types as diff --git a/chromium/net/test/android/javatests/AndroidManifest.xml b/chromium/net/test/android/javatests/AndroidManifest.xml index c2a2652743c..341949bc160 100644 --- a/chromium/net/test/android/javatests/AndroidManifest.xml +++ b/chromium/net/test/android/javatests/AndroidManifest.xml @@ -19,7 +19,9 @@ <service android:name="org.chromium.net.test.EmbeddedTestServerService" android:exported="true" tools:ignore="ExportedService"> - <intent-filter android:action="org.chromium.net.test.EMBEDDED_TEST_SERVER_SERVICE" /> + <intent-filter> + <action android:name="org.chromium.net.test.EMBEDDED_TEST_SERVER_SERVICE" /> + </intent-filter> </service> </application> diff --git a/chromium/net/test/embedded_test_server/embedded_test_server_unittest.cc b/chromium/net/test/embedded_test_server/embedded_test_server_unittest.cc index dae43e9709c..0794a78352c 100644 --- a/chromium/net/test/embedded_test_server/embedded_test_server_unittest.cc +++ b/chromium/net/test/embedded_test_server/embedded_test_server_unittest.cc @@ -28,6 +28,7 @@ #include "net/test/embedded_test_server/http_response.h" #include "net/test/embedded_test_server/request_handler_util.h" #include "net/test/gtest_util.h" +#include "net/traffic_annotation/network_traffic_annotation_test_helper.h" #include "net/url_request/url_fetcher.h" #include "net/url_request/url_fetcher_delegate.h" #include "net/url_request/url_request.h" @@ -252,7 +253,8 @@ TEST_P(EmbeddedTestServerTest, RegisterRequestHandler) { ASSERT_TRUE(server_->Start()); std::unique_ptr<URLFetcher> fetcher = - URLFetcher::Create(server_->GetURL("/test?q=foo"), URLFetcher::GET, this); + URLFetcher::Create(server_->GetURL("/test?q=foo"), URLFetcher::GET, this, + TRAFFIC_ANNOTATION_FOR_TESTS); fetcher->SetRequestContext(request_context_getter_.get()); fetcher->Start(); WaitForResponses(1); @@ -274,7 +276,8 @@ TEST_P(EmbeddedTestServerTest, ServeFilesFromDirectory) { ASSERT_TRUE(server_->Start()); std::unique_ptr<URLFetcher> fetcher = - URLFetcher::Create(server_->GetURL("/test.html"), URLFetcher::GET, this); + URLFetcher::Create(server_->GetURL("/test.html"), URLFetcher::GET, this, + TRAFFIC_ANNOTATION_FOR_TESTS); fetcher->SetRequestContext(request_context_getter_.get()); fetcher->Start(); WaitForResponses(1); @@ -288,8 +291,9 @@ TEST_P(EmbeddedTestServerTest, ServeFilesFromDirectory) { TEST_P(EmbeddedTestServerTest, DefaultNotFoundResponse) { ASSERT_TRUE(server_->Start()); - std::unique_ptr<URLFetcher> fetcher = URLFetcher::Create( - server_->GetURL("/non-existent"), URLFetcher::GET, this); + std::unique_ptr<URLFetcher> fetcher = + URLFetcher::Create(server_->GetURL("/non-existent"), URLFetcher::GET, + this, TRAFFIC_ANNOTATION_FOR_TESTS); fetcher->SetRequestContext(request_context_getter_.get()); fetcher->Start(); @@ -320,8 +324,9 @@ TEST_P(EmbeddedTestServerTest, ConnectionListenerAccept) { TEST_P(EmbeddedTestServerTest, ConnectionListenerRead) { ASSERT_TRUE(server_->Start()); - std::unique_ptr<URLFetcher> fetcher = URLFetcher::Create( - server_->GetURL("/non-existent"), URLFetcher::GET, this); + std::unique_ptr<URLFetcher> fetcher = + URLFetcher::Create(server_->GetURL("/non-existent"), URLFetcher::GET, + this, TRAFFIC_ANNOTATION_FOR_TESTS); fetcher->SetRequestContext(request_context_getter_.get()); fetcher->Start(); @@ -355,13 +360,16 @@ TEST_P(EmbeddedTestServerTest, ConcurrentFetches) { ASSERT_TRUE(server_->Start()); std::unique_ptr<URLFetcher> fetcher1 = - URLFetcher::Create(server_->GetURL("/test1"), URLFetcher::GET, this); + URLFetcher::Create(server_->GetURL("/test1"), URLFetcher::GET, this, + TRAFFIC_ANNOTATION_FOR_TESTS); fetcher1->SetRequestContext(request_context_getter_.get()); std::unique_ptr<URLFetcher> fetcher2 = - URLFetcher::Create(server_->GetURL("/test2"), URLFetcher::GET, this); + URLFetcher::Create(server_->GetURL("/test2"), URLFetcher::GET, this, + TRAFFIC_ANNOTATION_FOR_TESTS); fetcher2->SetRequestContext(request_context_getter_.get()); std::unique_ptr<URLFetcher> fetcher3 = - URLFetcher::Create(server_->GetURL("/test3"), URLFetcher::GET, this); + URLFetcher::Create(server_->GetURL("/test3"), URLFetcher::GET, this, + TRAFFIC_ANNOTATION_FOR_TESTS); fetcher3->SetRequestContext(request_context_getter_.get()); // Fetch the three URLs concurrently. @@ -471,7 +479,7 @@ const CertificateValuesEntry kCertificateValuesEntry[] = { "Test Root CA"}, {EmbeddedTestServer::CERT_EXPIRED, true, "127.0.0.1", "Test Root CA"}, {EmbeddedTestServer::CERT_CHAIN_WRONG_ROOT, false, "127.0.0.1", "B CA"}, -#if !defined(OS_WIN) +#if !defined(OS_WIN) && !defined(OS_ANDROID) {EmbeddedTestServer::CERT_BAD_VALIDITY, true, "Leaf Certificate", "Test Root CA"}, #endif @@ -482,9 +490,10 @@ TEST_P(EmbeddedTestServerTest, GetCertificate) { return; for (const auto& certEntry : kCertificateValuesEntry) { + SCOPED_TRACE(certEntry.server_cert); server_->SetSSLConfig(certEntry.server_cert); scoped_refptr<X509Certificate> cert = server_->GetCertificate(); - DCHECK(cert.get()); + ASSERT_TRUE(cert); EXPECT_EQ(cert->HasExpired(), certEntry.is_expired); EXPECT_EQ(cert->subject().common_name, certEntry.common_name); EXPECT_EQ(cert->issuer().common_name, certEntry.root); @@ -559,7 +568,8 @@ class EmbeddedTestServerThreadingTestDelegate loop.reset(new base::MessageLoopForIO); std::unique_ptr<URLFetcher> fetcher = - URLFetcher::Create(server.GetURL("/test?q=foo"), URLFetcher::GET, this); + URLFetcher::Create(server.GetURL("/test?q=foo"), URLFetcher::GET, this, + TRAFFIC_ANNOTATION_FOR_TESTS); fetcher->SetRequestContext( new TestURLRequestContextGetter(loop->task_runner())); fetcher->Start(); diff --git a/chromium/net/test/spawned_test_server/base_test_server.cc b/chromium/net/test/spawned_test_server/base_test_server.cc index c3ffc07bc58..2f02922556f 100644 --- a/chromium/net/test/spawned_test_server/base_test_server.cc +++ b/chromium/net/test/spawned_test_server/base_test_server.cc @@ -14,6 +14,7 @@ #include "base/files/file_util.h" #include "base/json/json_reader.h" #include "base/logging.h" +#include "base/memory/ptr_util.h" #include "base/path_service.h" #include "base/values.h" #include "net/base/address_list.h" @@ -84,18 +85,18 @@ void GetCiphersList(int cipher, base::ListValue* values) { values->AppendString("aes128gcm"); } -base::StringValue* GetTLSIntoleranceType( +base::Value* GetTLSIntoleranceType( BaseTestServer::SSLOptions::TLSIntoleranceType type) { switch (type) { case BaseTestServer::SSLOptions::TLS_INTOLERANCE_ALERT: - return new base::StringValue("alert"); + return new base::Value("alert"); case BaseTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE: - return new base::StringValue("close"); + return new base::Value("close"); case BaseTestServer::SSLOptions::TLS_INTOLERANCE_RESET: - return new base::StringValue("reset"); + return new base::Value("reset"); default: NOTREACHED(); - return new base::StringValue(""); + return new base::Value(""); } } @@ -535,16 +536,16 @@ bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const { arguments->SetString("data-dir", document_root_.value()); if (VLOG_IS_ON(1) || log_to_console_) - arguments->Set("log-to-console", base::Value::CreateNullValue()); + arguments->Set("log-to-console", base::MakeUnique<base::Value>()); if (ws_basic_auth_) { DCHECK(type_ == TYPE_WS || type_ == TYPE_WSS); - arguments->Set("ws-basic-auth", base::Value::CreateNullValue()); + arguments->Set("ws-basic-auth", base::MakeUnique<base::Value>()); } if (no_anonymous_ftp_user_) { DCHECK_EQ(TYPE_FTP, type_); - arguments->Set("no-anonymous-ftp-user", base::Value::CreateNullValue()); + arguments->Set("no-anonymous-ftp-user", base::MakeUnique<base::Value>()); } if (UsingSSL(type_)) { @@ -564,7 +565,7 @@ bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const { // Check the client certificate related arguments. if (ssl_options_.request_client_certificate) - arguments->Set("ssl-client-auth", base::Value::CreateNullValue()); + arguments->Set("ssl-client-auth", base::MakeUnique<base::Value>()); std::unique_ptr<base::ListValue> ssl_client_certs(new base::ListValue()); std::vector<base::FilePath>::const_iterator it; @@ -591,11 +592,11 @@ bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const { } if (type_ == TYPE_HTTPS) { - arguments->Set("https", base::Value::CreateNullValue()); + arguments->Set("https", base::MakeUnique<base::Value>()); if (ssl_options_.server_certificate == SSLOptions::CERT_AUTO_AIA_INTERMEDIATE) - arguments->Set("aia-intermediate", base::Value::CreateNullValue()); + arguments->Set("aia-intermediate", base::MakeUnique<base::Value>()); std::string ocsp_arg = ssl_options_.GetOCSPArgument(); if (!ocsp_arg.empty()) @@ -624,14 +625,14 @@ bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const { if (bulk_cipher_values->GetSize()) arguments->Set("ssl-bulk-cipher", bulk_cipher_values.release()); if (ssl_options_.record_resume) - arguments->Set("https-record-resume", base::Value::CreateNullValue()); + arguments->Set("https-record-resume", base::MakeUnique<base::Value>()); if (ssl_options_.tls_intolerant != SSLOptions::TLS_INTOLERANT_NONE) { arguments->SetInteger("tls-intolerant", ssl_options_.tls_intolerant); arguments->Set("tls-intolerance-type", GetTLSIntoleranceType( ssl_options_.tls_intolerance_type)); } if (ssl_options_.fallback_scsv_enabled) - arguments->Set("fallback-scsv", base::Value::CreateNullValue()); + arguments->Set("fallback-scsv", base::MakeUnique<base::Value>()); if (!ssl_options_.signed_cert_timestamps_tls_ext.empty()) { std::string b64_scts_tls_ext; base::Base64Encode(ssl_options_.signed_cert_timestamps_tls_ext, @@ -639,10 +640,10 @@ bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const { arguments->SetString("signed-cert-timestamps-tls-ext", b64_scts_tls_ext); } if (ssl_options_.staple_ocsp_response) - arguments->Set("staple-ocsp-response", base::Value::CreateNullValue()); + arguments->Set("staple-ocsp-response", base::MakeUnique<base::Value>()); if (ssl_options_.ocsp_server_unavailable) { arguments->Set("ocsp-server-unavailable", - base::Value::CreateNullValue()); + base::MakeUnique<base::Value>()); } if (!ssl_options_.alpn_protocols.empty()) { std::unique_ptr<base::ListValue> alpn_protocols(new base::ListValue()); @@ -659,13 +660,13 @@ bool BaseTestServer::GenerateArguments(base::DictionaryValue* arguments) const { arguments->Set("npn-protocols", std::move(npn_protocols)); } if (ssl_options_.alert_after_handshake) - arguments->Set("alert-after-handshake", base::Value::CreateNullValue()); + arguments->Set("alert-after-handshake", base::MakeUnique<base::Value>()); if (ssl_options_.disable_channel_id) - arguments->Set("disable-channel-id", base::Value::CreateNullValue()); + arguments->Set("disable-channel-id", base::MakeUnique<base::Value>()); if (ssl_options_.disable_extended_master_secret) { arguments->Set("disable-extended-master-secret", - base::Value::CreateNullValue()); + base::MakeUnique<base::Value>()); } if (!ssl_options_.supported_token_binding_params.empty()) { std::unique_ptr<base::ListValue> token_binding_params( diff --git a/chromium/net/test/spawned_test_server/base_test_server.h b/chromium/net/test/spawned_test_server/base_test_server.h index 60a9c3b63e2..438bf1779c1 100644 --- a/chromium/net/test/spawned_test_server/base_test_server.h +++ b/chromium/net/test/spawned_test_server/base_test_server.h @@ -154,9 +154,10 @@ class BaseTestServer { // server. Do not change them. enum TLSIntolerantLevel { TLS_INTOLERANT_NONE = 0, - TLS_INTOLERANT_ALL = 1, // Intolerant of all TLS versions. + TLS_INTOLERANT_ALL = 1, // Intolerant of all TLS versions. TLS_INTOLERANT_TLS1_1 = 2, // Intolerant of TLS 1.1 or higher. TLS_INTOLERANT_TLS1_2 = 3, // Intolerant of TLS 1.2 or higher. + TLS_INTOLERANT_TLS1_3 = 4, // Intolerant of TLS 1.3 or higher. }; // Values which control how the server reacts in response to a ClientHello diff --git a/chromium/net/test/spawned_test_server/local_test_server.cc b/chromium/net/test/spawned_test_server/local_test_server.cc index 70ea7a9450c..b941b62285b 100644 --- a/chromium/net/test/spawned_test_server/local_test_server.cc +++ b/chromium/net/test/spawned_test_server/local_test_server.cc @@ -213,7 +213,7 @@ bool LocalTestServer::AddCommandLineArguments( return false; for (base::ListValue::const_iterator list_it = list->begin(); list_it != list->end(); ++list_it) { - if (!AppendArgumentFromJSONValue(key, *(*list_it), command_line)) + if (!AppendArgumentFromJSONValue(key, *list_it, command_line)) return false; } } else if (!AppendArgumentFromJSONValue(key, value, command_line)) { diff --git a/chromium/net/test/spawned_test_server/remote_test_server.cc b/chromium/net/test/spawned_test_server/remote_test_server.cc index 17dc21eba2b..90ec54e574d 100644 --- a/chromium/net/test/spawned_test_server/remote_test_server.cc +++ b/chromium/net/test/spawned_test_server/remote_test_server.cc @@ -15,6 +15,7 @@ #include "base/json/json_writer.h" #include "base/lazy_instance.h" #include "base/logging.h" +#include "base/memory/ptr_util.h" #include "base/path_service.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_split.h" @@ -127,7 +128,7 @@ bool RemoteTestServer::Start() { if (!GenerateArguments(&arguments_dict)) return false; - arguments_dict.Set("on-remote-server", base::Value::CreateNullValue()); + arguments_dict.Set("on-remote-server", base::MakeUnique<base::Value>()); // Append the 'server-type' argument which is used by spawner server to // pass right server type to Python test server. diff --git a/chromium/net/test/test_data_directory.cc b/chromium/net/test/test_data_directory.cc index b35392407bb..f751751c5db 100644 --- a/chromium/net/test/test_data_directory.cc +++ b/chromium/net/test/test_data_directory.cc @@ -11,23 +11,34 @@ namespace net { namespace { -const base::FilePath::CharType kCertificateRelativePath[] = - FILE_PATH_LITERAL("net/data/ssl/certificates"); + +// Net data directory, relative to source root. +const base::FilePath::CharType kNetDataRelativePath[] = + FILE_PATH_LITERAL("net/data"); + +// Test certificates directory, relative to kNetDataRelativePath. +const base::FilePath::CharType kCertificateDataSubPath[] = + FILE_PATH_LITERAL("ssl/certificates"); + } // namespace -base::FilePath GetTestCertsDirectory() { +base::FilePath GetTestNetDataDirectory() { base::FilePath src_root; { base::ThreadRestrictions::ScopedAllowIO allow_io_for_path_service; PathService::Get(base::DIR_SOURCE_ROOT, &src_root); } - return src_root.Append(kCertificateRelativePath); + return src_root.Append(kNetDataRelativePath); +} + +base::FilePath GetTestCertsDirectory() { + return GetTestNetDataDirectory().Append(kCertificateDataSubPath); } base::FilePath GetTestClientCertsDirectory() { #if defined(OS_ANDROID) - return base::FilePath(kCertificateRelativePath); + return base::FilePath(kNetDataRelativePath).Append(kCertificateDataSubPath); #else return GetTestCertsDirectory(); #endif diff --git a/chromium/net/test/test_data_directory.h b/chromium/net/test/test_data_directory.h index 4ca6af9c106..790c5c4ad38 100644 --- a/chromium/net/test/test_data_directory.h +++ b/chromium/net/test/test_data_directory.h @@ -10,6 +10,10 @@ namespace net { // Returns the FilePath object representing the absolute path in the source +// tree that contains net data files. +base::FilePath GetTestNetDataDirectory(); + +// Returns the FilePath object representing the absolute path in the source // tree that contains certificates for testing. base::FilePath GetTestCertsDirectory(); diff --git a/chromium/net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp b/chromium/net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp index a2466559da4..3b607e13b5e 100644 --- a/chromium/net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp +++ b/chromium/net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp @@ -225,8 +225,10 @@ nsPKCS12Blob_ImportHelper(const char* pkcs12_data, if (imported_certs) { // Empty list of intermediates. net::X509Certificate::OSCertHandles intermediates; - imported_certs->push_back( - net::X509Certificate::CreateFromHandle(cert, intermediates)); + scoped_refptr<net::X509Certificate> x509_cert = + net::X509Certificate::CreateFromHandle(cert, intermediates); + if (x509_cert) + imported_certs->push_back(std::move(x509_cert)); } // Once we have determined that the imported certificate has an diff --git a/chromium/net/third_party/nss/OWNERS b/chromium/net/third_party/nss/OWNERS index e6478b3b4fd..d3322186508 100644 --- a/chromium/net/third_party/nss/OWNERS +++ b/chromium/net/third_party/nss/OWNERS @@ -2,3 +2,5 @@ agl@chromium.org davidben@chromium.org rsleevi@chromium.org wtc@chromium.org + +# COMPONENT: Internals>Network>SSL diff --git a/chromium/net/tools/cert_verify_tool/cert_verify_tool.cc b/chromium/net/tools/cert_verify_tool/cert_verify_tool.cc index 78e10bfa862..55753364624 100644 --- a/chromium/net/tools/cert_verify_tool/cert_verify_tool.cc +++ b/chromium/net/tools/cert_verify_tool/cert_verify_tool.cc @@ -126,6 +126,8 @@ int main(int argc, char** argv) { return 1; } + // TODO(eroman): Also use CertVerifyProcBuiltin. + std::cout << "CertVerifyProc:\n"; bool cert_verify_proc_ok = true; if (!time_flag.empty()) { diff --git a/chromium/net/tools/cert_verify_tool/verify_using_cert_verify_proc.cc b/chromium/net/tools/cert_verify_tool/verify_using_cert_verify_proc.cc index 99cffc25914..ba449fd326c 100644 --- a/chromium/net/tools/cert_verify_tool/verify_using_cert_verify_proc.cc +++ b/chromium/net/tools/cert_verify_tool/verify_using_cert_verify_proc.cc @@ -62,6 +62,8 @@ std::string SubjectFromOSCertHandle( scoped_refptr<net::X509Certificate> cert = net::X509Certificate::CreateFromHandle( cert_handle, net::X509Certificate::OSCertHandles()); + if (!cert) + return std::string(); return SubjectFromX509Certificate(cert.get()); } diff --git a/chromium/net/tools/cert_verify_tool/verify_using_path_builder.cc b/chromium/net/tools/cert_verify_tool/verify_using_path_builder.cc index 96795310fab..6e2293a810f 100644 --- a/chromium/net/tools/cert_verify_tool/verify_using_path_builder.cc +++ b/chromium/net/tools/cert_verify_tool/verify_using_path_builder.cc @@ -134,7 +134,7 @@ void PrintResultPath(const net::CertPathBuilder::ResultPath* result_path, size_t index, bool is_best) { std::cout << "path " << index << " " - << (result_path->valid ? "valid" : "invalid") + << (result_path->IsValid() ? "valid" : "invalid") << (is_best ? " (best)" : "") << "\n"; // Print the certificate chain. @@ -155,10 +155,12 @@ void PrintResultPath(const net::CertPathBuilder::ResultPath* result_path, << SubjectFromTrustAnchor(trust_anchor.get()) << "\n"; } - // Print the errors. - if (!result_path->errors.empty()) { + // Print the errors/warnings if there were any. + std::string errors_str = + result_path->errors.ToDebugString(result_path->path.certs); + if (!errors_str.empty()) { std::cout << "Errors:\n"; - std::cout << result_path->errors.ToDebugString() << "\n"; + std::cout << errors_str << "\n"; } } @@ -260,7 +262,8 @@ bool VerifyUsingPathBuilder( net::SimpleSignaturePolicy signature_policy(2048); net::CertPathBuilder::Result result; net::CertPathBuilder path_builder(target_cert, &trust_store, - &signature_policy, time, &result); + &signature_policy, time, + net::KeyPurpose::SERVER_AUTH, &result); path_builder.AddCertIssuerSource(&intermediate_cert_issuer_source); #if defined(USE_NSS_CERTS) net::CertIssuerSourceNSS cert_issuer_source_nss; diff --git a/chromium/net/tools/quic/chlo_extractor.cc b/chromium/net/tools/quic/chlo_extractor.cc index 14ac9e30067..28e08162b25 100644 --- a/chromium/net/tools/quic/chlo_extractor.cc +++ b/chromium/net/tools/quic/chlo_extractor.cc @@ -10,10 +10,9 @@ #include "net/quic/core/crypto/quic_decrypter.h" #include "net/quic/core/crypto/quic_encrypter.h" #include "net/quic/core/quic_framer.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/api/quic_text_utils.h" -using base::StringPiece; - namespace net { namespace { @@ -46,7 +45,6 @@ class ChloFramerVisitor : public QuicFramerVisitorInterface, bool OnGoAwayFrame(const QuicGoAwayFrame& frame) override; bool OnWindowUpdateFrame(const QuicWindowUpdateFrame& frame) override; bool OnBlockedFrame(const QuicBlockedFrame& frame) override; - bool OnPathCloseFrame(const QuicPathCloseFrame& frame) override; bool OnPaddingFrame(const QuicPaddingFrame& frame) override; void OnPacketComplete() override {} @@ -91,12 +89,12 @@ bool ChloFramerVisitor::OnPacketHeader(const QuicPacketHeader& header) { return true; } bool ChloFramerVisitor::OnStreamFrame(const QuicStreamFrame& frame) { - StringPiece data(frame.data_buffer, frame.data_length); + QuicStringPiece data(frame.data_buffer, frame.data_length); if (frame.stream_id == kCryptoStreamId && frame.offset == 0 && QuicTextUtils::StartsWith(data, "CHLO")) { CryptoFramer crypto_framer; crypto_framer.set_visitor(this); - if (!crypto_framer.ProcessInput(data)) { + if (!crypto_framer.ProcessInput(data, Perspective::IS_SERVER)) { return false; } } @@ -137,10 +135,6 @@ bool ChloFramerVisitor::OnBlockedFrame(const QuicBlockedFrame& frame) { return true; } -bool ChloFramerVisitor::OnPathCloseFrame(const QuicPathCloseFrame& frame) { - return true; -} - bool ChloFramerVisitor::OnPaddingFrame(const QuicPaddingFrame& frame) { return true; } diff --git a/chromium/net/tools/quic/chlo_extractor_test.cc b/chromium/net/tools/quic/chlo_extractor_test.cc index 299e05d9b0c..f314df677d8 100644 --- a/chromium/net/tools/quic/chlo_extractor_test.cc +++ b/chromium/net/tools/quic/chlo_extractor_test.cc @@ -8,7 +8,6 @@ #include "net/quic/test_tools/crypto_test_utils.h" #include "net/quic/test_tools/quic_test_utils.h" -using base::StringPiece; using std::string; using testing::Return; using testing::_; @@ -28,7 +27,7 @@ class TestDelegate : public ChloExtractor::Delegate { const CryptoHandshakeMessage& chlo) override { version_ = version; connection_id_ = connection_id; - chlo_ = chlo.DebugString(); + chlo_ = chlo.DebugString(Perspective::IS_SERVER); } QuicConnectionId connection_id() const { return connection_id_; } @@ -83,8 +82,9 @@ TEST_F(ChloExtractorTest, FindsValidChlo) { CryptoHandshakeMessage client_hello; client_hello.set_tag(kCHLO); - string client_hello_str( - client_hello.GetSerialized().AsStringPiece().as_string()); + string client_hello_str(client_hello.GetSerialized(Perspective::IS_CLIENT) + .AsStringPiece() + .as_string()); // Construct a CHLO with each supported version for (QuicVersion version : AllSupportedVersions()) { QuicVersionVector versions(SupportedVersions(version)); @@ -95,7 +95,8 @@ TEST_F(ChloExtractorTest, FindsValidChlo) { << QuicVersionToString(version); EXPECT_EQ(version, delegate_.version()); EXPECT_EQ(header_.public_header.connection_id, delegate_.connection_id()); - EXPECT_EQ(client_hello.DebugString(), delegate_.chlo()) + EXPECT_EQ(client_hello.DebugString(Perspective::IS_SERVER), + delegate_.chlo()) << QuicVersionToString(version); } } @@ -104,8 +105,9 @@ TEST_F(ChloExtractorTest, DoesNotFindValidChloOnWrongStream) { CryptoHandshakeMessage client_hello; client_hello.set_tag(kCHLO); - string client_hello_str( - client_hello.GetSerialized().AsStringPiece().as_string()); + string client_hello_str(client_hello.GetSerialized(Perspective::IS_CLIENT) + .AsStringPiece() + .as_string()); MakePacket( new QuicStreamFrame(kCryptoStreamId + 1, false, 0, client_hello_str)); EXPECT_FALSE( @@ -116,8 +118,9 @@ TEST_F(ChloExtractorTest, DoesNotFindValidChloOnWrongOffset) { CryptoHandshakeMessage client_hello; client_hello.set_tag(kCHLO); - string client_hello_str( - client_hello.GetSerialized().AsStringPiece().as_string()); + string client_hello_str(client_hello.GetSerialized(Perspective::IS_CLIENT) + .AsStringPiece() + .as_string()); MakePacket(new QuicStreamFrame(kCryptoStreamId, false, 1, client_hello_str)); EXPECT_FALSE( ChloExtractor::Extract(*packet_, AllSupportedVersions(), &delegate_)); diff --git a/chromium/net/tools/quic/crypto_message_printer_bin.cc b/chromium/net/tools/quic/crypto_message_printer_bin.cc index d0b46c60e9c..b466a008ab3 100644 --- a/chromium/net/tools/quic/crypto_message_printer_bin.cc +++ b/chromium/net/tools/quic/crypto_message_printer_bin.cc @@ -13,22 +13,30 @@ #include "net/quic/core/crypto/crypto_framer.h" #include "net/quic/platform/api/quic_text_utils.h" +using net::Perspective; using std::cerr; using std::cout; using std::endl; +std::string FLAGS_perspective = ""; + namespace net { class CryptoMessagePrinter : public net::CryptoFramerVisitorInterface { public: + explicit CryptoMessagePrinter(Perspective perspective) + : perspective_(perspective) {} + void OnHandshakeMessage(const CryptoHandshakeMessage& message) override { - cout << message.DebugString() << endl; + cout << message.DebugString(perspective_) << endl; } void OnError(CryptoFramer* framer) override { cerr << "Error code: " << framer->error() << endl; cerr << "Error details: " << framer->error_detail() << endl; } + + Perspective perspective_; }; } // namespace net @@ -37,15 +45,31 @@ int main(int argc, char* argv[]) { base::CommandLine::Init(argc, argv); if (argc != 2) { - cerr << "Usage: " << argv[0] << " <hex of message>\n"; + cerr << "Usage: " << argv[0] + << " --perspective=server/client <hex of message>\n"; + return 1; + } + + base::CommandLine* line = base::CommandLine::ForCurrentProcess(); + + if (line->HasSwitch("perspective")) { + FLAGS_perspective = line->GetSwitchValueASCII("perspective"); + } + + if (FLAGS_perspective != "server" && FLAGS_perspective != "client") { + cerr << "perspective must be either server or client\n"; return 1; } - net::CryptoMessagePrinter printer; + Perspective perspective = FLAGS_perspective == "server" + ? Perspective::IS_SERVER + : Perspective::IS_CLIENT; + + net::CryptoMessagePrinter printer(perspective); net::CryptoFramer framer; framer.set_visitor(&printer); std::string input = net::QuicTextUtils::HexDecode(argv[1]); - if (!framer.ProcessInput(input)) { + if (!framer.ProcessInput(input, perspective)) { return 1; } if (framer.InputBytesRemaining() != 0) { diff --git a/chromium/net/tools/quic/end_to_end_test.cc b/chromium/net/tools/quic/end_to_end_test.cc index 93ed6953dbf..e41e8bb7cda 100644 --- a/chromium/net/tools/quic/end_to_end_test.cc +++ b/chromium/net/tools/quic/end_to_end_test.cc @@ -33,6 +33,7 @@ #include "net/quic/platform/api/quic_ptr_util.h" #include "net/quic/platform/api/quic_socket_address.h" #include "net/quic/platform/api/quic_str_cat.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/api/quic_text_utils.h" #include "net/quic/test_tools/crypto_test_utils.h" #include "net/quic/test_tools/quic_config_peer.h" @@ -64,7 +65,6 @@ #include "testing/gtest/include/gtest/gtest.h" using base::IntToString; -using base::StringPiece; using base::WaitableEvent; using std::string; @@ -390,6 +390,11 @@ class EndToEndTest : public ::testing::TestWithParam<TestParams> { FLAGS_quic_reloadable_flag_quic_fix_cubic_bytes_quantization) { copt.push_back(kCBQT); } + if (GetParam().congestion_control_tag == kQBIC && + FLAGS_quic_reloadable_flag_quic_enable_cubic_per_ack_updates) { + copt.push_back(kCPAU); + } + if (support_server_push_) { copt.push_back(kSPSH); } @@ -477,7 +482,9 @@ class EndToEndTest : public ::testing::TestWithParam<TestParams> { } } - void AddToCache(StringPiece path, int response_code, StringPiece body) { + void AddToCache(QuicStringPiece path, + int response_code, + QuicStringPiece body) { response_cache_.AddSimpleResponse(server_hostname_, path, response_code, body); } @@ -598,20 +605,16 @@ TEST_P(EndToEndTest, HandshakeSuccessful) { QuicCryptoStream* crypto_stream = QuicSessionPeer::GetCryptoStream(client_->client()->session()); QuicStreamSequencer* sequencer = QuicStreamPeer::sequencer(crypto_stream); - EXPECT_NE( - FLAGS_quic_reloadable_flag_quic_release_crypto_stream_buffer && - FLAGS_quic_reloadable_flag_quic_reduce_sequencer_buffer_memory_life_time, // NOLINT - QuicStreamSequencerPeer::IsUnderlyingBufferAllocated(sequencer)); + EXPECT_NE(FLAGS_quic_reloadable_flag_quic_release_crypto_stream_buffer, + QuicStreamSequencerPeer::IsUnderlyingBufferAllocated(sequencer)); server_thread_->Pause(); QuicDispatcher* dispatcher = QuicServerPeer::GetDispatcher(server_thread_->server()); QuicSession* server_session = dispatcher->session_map().begin()->second.get(); crypto_stream = QuicSessionPeer::GetCryptoStream(server_session); sequencer = QuicStreamPeer::sequencer(crypto_stream); - EXPECT_NE( - FLAGS_quic_reloadable_flag_quic_release_crypto_stream_buffer && - FLAGS_quic_reloadable_flag_quic_reduce_sequencer_buffer_memory_life_time, // NOLINT - QuicStreamSequencerPeer::IsUnderlyingBufferAllocated(sequencer)); + EXPECT_NE(FLAGS_quic_reloadable_flag_quic_release_crypto_stream_buffer, + QuicStreamSequencerPeer::IsUnderlyingBufferAllocated(sequencer)); } TEST_P(EndToEndTest, SimpleRequestResponsev6) { @@ -675,6 +678,31 @@ TEST_P(EndToEndTest, MultipleRequestResponse) { EXPECT_EQ("200", client_->response_headers()->find(":status")->second); } +TEST_P(EndToEndTest, MultipleStreams) { + // Verifies quic_test_client can track responses of all active streams. + ASSERT_TRUE(Initialize()); + + const int kNumRequests = 10; + + SpdyHeaderBlock headers; + headers[":method"] = "POST"; + headers[":path"] = "/foo"; + headers[":scheme"] = "https"; + headers[":authority"] = server_hostname_; + headers["content-length"] = "3"; + + for (int i = 0; i < kNumRequests; ++i) { + client_->SendMessage(headers, "bar", /*fin=*/true); + } + + while (kNumRequests > client_->num_responses()) { + client_->ClearPerRequestState(); + client_->WaitForResponse(); + EXPECT_EQ(kFooResponseBody, client_->response_body()); + EXPECT_EQ("200", client_->response_headers()->find(":status")->second); + } +} + TEST_P(EndToEndTest, MultipleClients) { ASSERT_TRUE(Initialize()); std::unique_ptr<QuicTestClient> client2(CreateQuicClient(nullptr)); @@ -1163,13 +1191,7 @@ TEST_P(EndToEndTest, LargeHeaders) { headers["key3"] = string(15 * 1024, 'a'); client_->SendCustomSynchronousRequest(headers, body); - if (FLAGS_quic_reloadable_flag_quic_limit_uncompressed_headers) { - EXPECT_EQ(QUIC_HEADERS_TOO_LARGE, client_->stream_error()); - } else { - EXPECT_EQ(QUIC_STREAM_NO_ERROR, client_->stream_error()); - EXPECT_EQ(kFooResponseBody, client_->response_body()); - EXPECT_EQ("200", client_->response_headers()->find(":status")->second); - } + EXPECT_EQ(QUIC_HEADERS_TOO_LARGE, client_->stream_error()); EXPECT_EQ(QUIC_NO_ERROR, client_->connection_error()); } @@ -1330,9 +1352,6 @@ TEST_P(EndToEndTest, SetIndependentMaxIncomingDynamicStreamsLimits) { TEST_P(EndToEndTest, NegotiateCongestionControl) { FLAGS_quic_reloadable_flag_quic_allow_new_bbr = true; - // Disable this flag because if connection uses multipath sent packet manager, - // static_cast here does not work. - FLAGS_quic_reloadable_flag_quic_enable_multipath = false; ASSERT_TRUE(Initialize()); EXPECT_TRUE(client_->client()->WaitForCryptoHandshakeConfirmed()); @@ -2213,8 +2232,8 @@ TEST_P(EndToEndTest, BadEncryptedData) { std::unique_ptr<QuicEncryptedPacket> packet(ConstructEncryptedPacket( client_->client()->session()->connection()->connection_id(), false, false, - false, kDefaultPathId, 1, "At least 20 characters.", - PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER)); + 1, "At least 20 characters.", PACKET_8BYTE_CONNECTION_ID, + PACKET_6BYTE_PACKET_NUMBER)); // Damage the encrypted data. string damaged_packet(packet->data(), packet->length()); damaged_packet[30] ^= 0x01; @@ -2709,10 +2728,7 @@ TEST_P(EndToEndTestServerPush, ServerPush) { QUIC_DVLOG(1) << "response body " << response_body; EXPECT_EQ(expected_body, response_body); } - EXPECT_NE( - FLAGS_quic_reloadable_flag_quic_headers_stream_release_sequencer_buffer && - FLAGS_quic_reloadable_flag_quic_reduce_sequencer_buffer_memory_life_time, // NOLINT - QuicStreamSequencerPeer::IsUnderlyingBufferAllocated(sequencer)); + EXPECT_FALSE(QuicStreamSequencerPeer::IsUnderlyingBufferAllocated(sequencer)); } TEST_P(EndToEndTestServerPush, ServerPushUnderLimit) { @@ -3017,10 +3033,22 @@ TEST_P(EndToEndTest, ReleaseHeadersStreamBufferWhenIdle) { QuicHeadersStream* headers_stream = QuicSpdySessionPeer::GetHeadersStream(client_->client()->session()); QuicStreamSequencer* sequencer = QuicStreamPeer::sequencer(headers_stream); - EXPECT_NE( - FLAGS_quic_reloadable_flag_quic_headers_stream_release_sequencer_buffer && - FLAGS_quic_reloadable_flag_quic_reduce_sequencer_buffer_memory_life_time, // NOLINT - QuicStreamSequencerPeer::IsUnderlyingBufferAllocated(sequencer)); + EXPECT_FALSE(QuicStreamSequencerPeer::IsUnderlyingBufferAllocated(sequencer)); +} + +TEST_P(EndToEndTest, WayTooLongRequestHeaders) { + ASSERT_TRUE(Initialize()); + SpdyHeaderBlock headers; + headers[":method"] = "GET"; + headers[":path"] = "/foo"; + headers[":scheme"] = "https"; + headers[":authority"] = server_hostname_; + headers["key"] = string(64 * 1024, 'a'); + + client_->SendMessage(headers, ""); + client_->WaitForResponse(); + EXPECT_EQ(QUIC_HEADERS_STREAM_DATA_DECOMPRESS_FAILURE, + client_->connection_error()); } class EndToEndBufferedPacketsTest : public EndToEndTest { diff --git a/chromium/net/tools/quic/quic_client.cc b/chromium/net/tools/quic/quic_client.cc index 5151c8931e6..aefdc515120 100644 --- a/chromium/net/tools/quic/quic_client.cc +++ b/chromium/net/tools/quic/quic_client.cc @@ -30,7 +30,6 @@ // TODO(rtenneti): Add support for MMSG_MORE. #define MMSG_MORE 0 -using base::StringPiece; using std::string; namespace net { diff --git a/chromium/net/tools/quic/quic_client_base.cc b/chromium/net/tools/quic/quic_client_base.cc index a8d43977f76..77e945c65a6 100644 --- a/chromium/net/tools/quic/quic_client_base.cc +++ b/chromium/net/tools/quic/quic_client_base.cc @@ -11,7 +11,6 @@ #include "net/quic/platform/api/quic_logging.h" #include "net/quic/platform/api/quic_text_utils.h" -using base::StringPiece; using base::StringToInt; using std::string; @@ -24,7 +23,7 @@ void QuicClientBase::ClientQuicDataToResend::Resend() { QuicClientBase::QuicDataToResend::QuicDataToResend( std::unique_ptr<SpdyHeaderBlock> headers, - StringPiece body, + QuicStringPiece body, bool fin) : headers_(std::move(headers)), body_(body), fin_(fin) {} @@ -207,7 +206,7 @@ bool QuicClientBase::EncryptionBeingEstablished() { } void QuicClientBase::SendRequest(const SpdyHeaderBlock& headers, - StringPiece body, + QuicStringPiece body, bool fin) { QuicClientPushPromiseIndex::TryHandle* handle; QuicAsyncStatus rv = push_promise_index()->Try(headers, this, &handle); @@ -232,7 +231,7 @@ void QuicClientBase::SendRequest(const SpdyHeaderBlock& headers, void QuicClientBase::SendRequestAndWaitForResponse( const SpdyHeaderBlock& headers, - StringPiece body, + QuicStringPiece body, bool fin) { SendRequest(headers, body, fin); while (WaitForEvents()) { @@ -395,7 +394,7 @@ QuicConnectionId QuicClientBase::GenerateNewConnectionId() { } void QuicClientBase::MaybeAddDataToResend(const SpdyHeaderBlock& headers, - StringPiece body, + QuicStringPiece body, bool fin) { if (!FLAGS_quic_reloadable_flag_enable_quic_stateless_reject_support) { return; @@ -437,7 +436,7 @@ void QuicClientBase::ResendSavedData() { } void QuicClientBase::AddPromiseDataToResend(const SpdyHeaderBlock& headers, - StringPiece body, + QuicStringPiece body, bool fin) { std::unique_ptr<SpdyHeaderBlock> new_headers( new SpdyHeaderBlock(headers.Clone())); diff --git a/chromium/net/tools/quic/quic_client_base.h b/chromium/net/tools/quic/quic_client_base.h index e65b5cd267b..c95a203c40f 100644 --- a/chromium/net/tools/quic/quic_client_base.h +++ b/chromium/net/tools/quic/quic_client_base.h @@ -15,6 +15,7 @@ #include "net/quic/core/quic_client_push_promise_index.h" #include "net/quic/core/quic_config.h" #include "net/quic/platform/api/quic_socket_address.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/tools/quic/quic_client_session.h" #include "net/tools/quic/quic_spdy_client_stream.h" @@ -47,7 +48,7 @@ class QuicClientBase : public QuicClientPushPromiseIndex::Delegate, public: // |headers| may be null, since it's possible to send data without headers. QuicDataToResend(std::unique_ptr<SpdyHeaderBlock> headers, - base::StringPiece body, + QuicStringPiece body, bool fin); virtual ~QuicDataToResend(); @@ -58,7 +59,7 @@ class QuicClientBase : public QuicClientPushPromiseIndex::Delegate, protected: std::unique_ptr<SpdyHeaderBlock> headers_; - base::StringPiece body_; + QuicStringPiece body_; bool fin_; private: @@ -101,12 +102,12 @@ class QuicClientBase : public QuicClientPushPromiseIndex::Delegate, // Sends an HTTP request and does not wait for response before returning. void SendRequest(const SpdyHeaderBlock& headers, - base::StringPiece body, + QuicStringPiece body, bool fin); // Sends an HTTP request and waits for response before returning. void SendRequestAndWaitForResponse(const SpdyHeaderBlock& headers, - base::StringPiece body, + QuicStringPiece body, bool fin); // Sends a request simple GET for each URL in |url_list|, and then waits for @@ -321,7 +322,7 @@ class QuicClientBase : public QuicClientPushPromiseIndex::Delegate, // queue of data to resend if the client receives a stateless reject. // Otherwise, deletes the data. void MaybeAddDataToResend(const SpdyHeaderBlock& headers, - base::StringPiece body, + QuicStringPiece body, bool fin); void ClearDataToResend(); @@ -329,7 +330,7 @@ class QuicClientBase : public QuicClientPushPromiseIndex::Delegate, void ResendSavedData(); void AddPromiseDataToResend(const SpdyHeaderBlock& headers, - base::StringPiece body, + QuicStringPiece body, bool fin); QuicConnectionHelperInterface* helper() { return helper_.get(); } @@ -349,7 +350,7 @@ class QuicClientBase : public QuicClientPushPromiseIndex::Delegate, class ClientQuicDataToResend : public QuicDataToResend { public: ClientQuicDataToResend(std::unique_ptr<SpdyHeaderBlock> headers, - base::StringPiece body, + QuicStringPiece body, bool fin, QuicClientBase* client) : QuicDataToResend(std::move(headers), body, fin), client_(client) { diff --git a/chromium/net/tools/quic/quic_client_bin.cc b/chromium/net/tools/quic/quic_client_bin.cc index 07d13e1952a..286f51d7ef7 100644 --- a/chromium/net/tools/quic/quic_client_bin.cc +++ b/chromium/net/tools/quic/quic_client_bin.cc @@ -56,6 +56,7 @@ #include "net/quic/core/quic_server_id.h" #include "net/quic/platform/api/quic_socket_address.h" #include "net/quic/platform/api/quic_str_cat.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/api/quic_text_utils.h" #include "net/quic/platform/api/quic_url.h" #include "net/spdy/spdy_header_block.h" @@ -63,13 +64,13 @@ #include "net/tools/quic/quic_client.h" #include "net/tools/quic/synchronous_host_resolver.h" -using base::StringPiece; using net::CertVerifier; using net::CTPolicyEnforcer; using net::CTVerifier; using net::MultiLogCTVerifier; using net::ProofVerifier; using net::ProofVerifierChromium; +using net::QuicStringPiece; using net::QuicTextUtils; using net::QuicUrl; using net::SpdyHeaderBlock; @@ -111,7 +112,7 @@ class FakeProofVerifier : public ProofVerifier { const uint16_t /*port*/, const string& /*server_config*/, net::QuicVersion /*quic_version*/, - StringPiece /*chlo_hash*/, + QuicStringPiece /*chlo_hash*/, const std::vector<string>& /*certs*/, const string& /*cert_sct*/, const string& /*signature*/, @@ -309,12 +310,12 @@ int main(int argc, char* argv[]) { header_block[":path"] = url.PathParamsQuery(); // Append any additional headers supplied on the command line. - for (StringPiece sp : QuicTextUtils::Split(FLAGS_headers, ';')) { + for (QuicStringPiece sp : QuicTextUtils::Split(FLAGS_headers, ';')) { QuicTextUtils::RemoveLeadingAndTrailingWhitespace(&sp); if (sp.empty()) { continue; } - std::vector<StringPiece> kv = QuicTextUtils::Split(sp, ':'); + std::vector<QuicStringPiece> kv = QuicTextUtils::Split(sp, ':'); QuicTextUtils::RemoveLeadingAndTrailingWhitespace(&kv[0]); QuicTextUtils::RemoveLeadingAndTrailingWhitespace(&kv[1]); header_block[kv[0]] = kv[1]; diff --git a/chromium/net/tools/quic/quic_client_session_test.cc b/chromium/net/tools/quic/quic_client_session_test.cc index b0cbb521b99..1909450cd44 100644 --- a/chromium/net/tools/quic/quic_client_session_test.cc +++ b/chromium/net/tools/quic/quic_client_session_test.cc @@ -267,9 +267,8 @@ TEST_P(QuicClientSessionTest, InvalidPacketReceived) { // Verify that a non-decryptable packet doesn't close the connection. QuicConnectionId connection_id = session_->connection()->connection_id(); std::unique_ptr<QuicEncryptedPacket> packet(ConstructEncryptedPacket( - connection_id, false, false, false, kDefaultPathId, 100, "data", - PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, nullptr, - Perspective::IS_SERVER)); + connection_id, false, false, 100, "data", PACKET_8BYTE_CONNECTION_ID, + PACKET_6BYTE_PACKET_NUMBER, nullptr, Perspective::IS_SERVER)); std::unique_ptr<QuicReceivedPacket> received( ConstructReceivedPacket(*packet, QuicTime::Zero())); // Change the last byte of the encrypted data. @@ -293,9 +292,8 @@ TEST_P(QuicClientSessionTest, InvalidFramedPacketReceived) { QuicConnectionId connection_id = session_->connection()->connection_id(); QuicVersionVector versions = {GetParam()}; std::unique_ptr<QuicEncryptedPacket> packet(ConstructMisFramedEncryptedPacket( - connection_id, false, false, kDefaultPathId, 100, "data", - PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, &versions, - Perspective::IS_SERVER)); + connection_id, false, false, 100, "data", PACKET_8BYTE_CONNECTION_ID, + PACKET_6BYTE_PACKET_NUMBER, &versions, Perspective::IS_SERVER)); std::unique_ptr<QuicReceivedPacket> received( ConstructReceivedPacket(*packet, QuicTime::Zero())); EXPECT_CALL(*connection_, CloseConnection(_, _, _)).Times(1); diff --git a/chromium/net/tools/quic/quic_dispatcher.cc b/chromium/net/tools/quic/quic_dispatcher.cc index c99ea930dc8..bd691ce2dad 100644 --- a/chromium/net/tools/quic/quic_dispatcher.cc +++ b/chromium/net/tools/quic/quic_dispatcher.cc @@ -11,16 +11,17 @@ #include "net/quic/core/quic_flags.h" #include "net/quic/core/quic_utils.h" #include "net/quic/platform/api/quic_bug_tracker.h" +#include "net/quic/platform/api/quic_flag_utils.h" #include "net/quic/platform/api/quic_logging.h" #include "net/quic/platform/api/quic_ptr_util.h" #include "net/quic/platform/api/quic_stack_trace.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/tools/quic/chlo_extractor.h" #include "net/tools/quic/quic_per_connection_packet_writer.h" #include "net/tools/quic/quic_simple_server_session.h" #include "net/tools/quic/quic_time_wait_list_manager.h" #include "net/tools/quic/stateless_rejector.h" -using base::StringPiece; using std::string; namespace net { @@ -113,7 +114,7 @@ class StatelessConnectionTerminator { // Generates a series of termination packets containing the crypto handshake // message |reject|. Adds the connection to time wait list with the // generated packets. - void RejectConnection(StringPiece reject) { + void RejectConnection(QuicStringPiece reject) { struct iovec iovec; iovec.iov_base = const_cast<char*>(reject.data()); iovec.iov_len = reject.length(); @@ -269,8 +270,7 @@ bool QuicDispatcher::OnUnauthenticatedPublicHeader( return false; } - if (FLAGS_quic_reloadable_flag_quic_buffer_packets_after_chlo && - buffered_packets_.HasChloForConnection(connection_id)) { + if (buffered_packets_.HasChloForConnection(connection_id)) { BufferEarlyPacket(connection_id); return false; } @@ -626,11 +626,6 @@ bool QuicDispatcher::OnBlockedFrame(const QuicBlockedFrame& frame) { return false; } -bool QuicDispatcher::OnPathCloseFrame(const QuicPathCloseFrame& frame) { - DCHECK(false); - return false; -} - void QuicDispatcher::OnPacketComplete() { DCHECK(false); } @@ -700,6 +695,8 @@ void QuicDispatcher::BufferEarlyPacket(QuicConnectionId connection_id) { if (FLAGS_quic_reloadable_flag_quic_create_session_after_insertion && is_new_connection && !ShouldCreateOrBufferPacketForConnection(connection_id)) { + QUIC_FLAG_COUNT_N(quic_reloadable_flag_quic_create_session_after_insertion, + 1, 5); return; } EnqueuePacketResult rs = buffered_packets_.EnqueuePacket( @@ -717,29 +714,26 @@ void QuicDispatcher::ProcessChlo() { if (FLAGS_quic_reloadable_flag_quic_create_session_after_insertion && !buffered_packets_.HasBufferedPackets(current_connection_id_) && !ShouldCreateOrBufferPacketForConnection(current_connection_id_)) { + QUIC_FLAG_COUNT_N(quic_reloadable_flag_quic_create_session_after_insertion, + 2, 5); return; } if (FLAGS_quic_allow_chlo_buffering && FLAGS_quic_reloadable_flag_quic_limit_num_new_sessions_per_epoll_loop && new_sessions_allowed_per_event_loop_ <= 0) { // Can't create new session any more. Wait till next event loop. - if (!buffered_packets_.HasChloForConnection(current_connection_id_)) { - // Only buffer one CHLO per connection. Remove this condition check when - // --gfe2_reloadable_flag_quic_buffer_packets_after_chlo - // is deprecated because after that retransmitted CHLO should be buffered - // earlier in OnUnauthenticatedPublicHeader(). - bool is_new_connection = - !buffered_packets_.HasBufferedPackets(current_connection_id_); - EnqueuePacketResult rs = buffered_packets_.EnqueuePacket( - current_connection_id_, *current_packet_, current_server_address_, - current_client_address_, /*is_chlo=*/true); - if (rs != EnqueuePacketResult::SUCCESS) { - OnBufferPacketFailure(rs, current_connection_id_); - } else if ( - !FLAGS_quic_reloadable_flag_quic_create_session_after_insertion && - is_new_connection) { - ShouldCreateOrBufferPacketForConnection(current_connection_id_); - } + QUIC_BUG_IF(buffered_packets_.HasChloForConnection(current_connection_id_)); + bool is_new_connection = + !buffered_packets_.HasBufferedPackets(current_connection_id_); + EnqueuePacketResult rs = buffered_packets_.EnqueuePacket( + current_connection_id_, *current_packet_, current_server_address_, + current_client_address_, /*is_chlo=*/true); + if (rs != EnqueuePacketResult::SUCCESS) { + OnBufferPacketFailure(rs, current_connection_id_); + } else if ( + !FLAGS_quic_reloadable_flag_quic_create_session_after_insertion && + is_new_connection) { + ShouldCreateOrBufferPacketForConnection(current_connection_id_); } return; } @@ -962,8 +956,9 @@ void QuicDispatcher::ProcessStatelessRejectorState( StatelessConnectionTerminator terminator(rejector->connection_id(), &framer_, helper(), time_wait_list_manager_.get()); - terminator.RejectConnection( - rejector->reply().GetSerialized().AsStringPiece()); + terminator.RejectConnection(rejector->reply() + .GetSerialized(Perspective::IS_SERVER) + .AsStringPiece()); OnConnectionRejectedStatelessly(); fate = kFateTimeWait; break; diff --git a/chromium/net/tools/quic/quic_dispatcher.h b/chromium/net/tools/quic/quic_dispatcher.h index 266e3e458b7..50d754fcb68 100644 --- a/chromium/net/tools/quic/quic_dispatcher.h +++ b/chromium/net/tools/quic/quic_dispatcher.h @@ -141,7 +141,6 @@ class QuicDispatcher : public QuicTimeWaitListManager::Visitor, bool OnGoAwayFrame(const QuicGoAwayFrame& frame) override; bool OnWindowUpdateFrame(const QuicWindowUpdateFrame& frame) override; bool OnBlockedFrame(const QuicBlockedFrame& frame) override; - bool OnPathCloseFrame(const QuicPathCloseFrame& frame) override; void OnPacketComplete() override; // QuicBufferedPacketStore::VisitorInterface implementation. diff --git a/chromium/net/tools/quic/quic_dispatcher_test.cc b/chromium/net/tools/quic/quic_dispatcher_test.cc index 84705754ec1..384236ac880 100644 --- a/chromium/net/tools/quic/quic_dispatcher_test.cc +++ b/chromium/net/tools/quic/quic_dispatcher_test.cc @@ -38,7 +38,6 @@ #include "testing/gmock_mutant.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; using testing::CreateFunctor; using testing::DoAll; @@ -209,11 +208,9 @@ class QuicDispatcherTest : public ::testing::Test { void ProcessPacket(QuicSocketAddress client_address, QuicConnectionId connection_id, bool has_version_flag, - bool has_multipath_flag, const string& data) { - ProcessPacket(client_address, connection_id, has_version_flag, - has_multipath_flag, data, PACKET_8BYTE_CONNECTION_ID, - PACKET_6BYTE_PACKET_NUMBER); + ProcessPacket(client_address, connection_id, has_version_flag, data, + PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER); } // Process a packet with a default path id, and packet number 1, @@ -221,24 +218,20 @@ class QuicDispatcherTest : public ::testing::Test { void ProcessPacket(QuicSocketAddress client_address, QuicConnectionId connection_id, bool has_version_flag, - bool has_multipath_flag, const string& data, QuicConnectionIdLength connection_id_length, QuicPacketNumberLength packet_number_length) { - ProcessPacket(client_address, connection_id, has_version_flag, - has_multipath_flag, data, connection_id_length, - packet_number_length, kDefaultPathId, 1); + ProcessPacket(client_address, connection_id, has_version_flag, data, + connection_id_length, packet_number_length, 1); } // Process a packet using the first supported version. void ProcessPacket(QuicSocketAddress client_address, QuicConnectionId connection_id, bool has_version_flag, - bool has_multipath_flag, const string& data, QuicConnectionIdLength connection_id_length, QuicPacketNumberLength packet_number_length, - QuicPathId path_id, QuicPacketNumber packet_number) { ProcessPacket(client_address, connection_id, has_version_flag, CurrentSupportedVersions().front(), data, @@ -256,7 +249,7 @@ class QuicDispatcherTest : public ::testing::Test { QuicPacketNumber packet_number) { QuicVersionVector versions(SupportedVersions(version)); std::unique_ptr<QuicEncryptedPacket> packet(ConstructEncryptedPacket( - connection_id, has_version_flag, false, false, 0, packet_number, data, + connection_id, has_version_flag, false, packet_number, data, connection_id_length, packet_number_length, &versions)); std::unique_ptr<QuicReceivedPacket> received_packet( ConstructReceivedPacket(*packet, helper_.GetClock()->Now())); @@ -279,7 +272,8 @@ class QuicDispatcherTest : public ::testing::Test { const QuicEncryptedPacket& packet) { EXPECT_EQ(data_connection_map_[conn_id].front().length(), packet.AsStringPiece().length()); - EXPECT_EQ(data_connection_map_[conn_id].front(), packet.AsStringPiece()); + EXPECT_EQ(data_connection_map_[conn_id].front(), + packet.AsStringPiece().as_string()); data_connection_map_[conn_id].pop_front(); } @@ -316,7 +310,9 @@ class QuicDispatcherTest : public ::testing::Test { string SerializeCHLO() { CryptoHandshakeMessage client_hello; client_hello.set_tag(kCHLO); - return client_hello.GetSerialized().AsStringPiece().as_string(); + return client_hello.GetSerialized(Perspective::IS_CLIENT) + .AsStringPiece() + .as_string(); } QuicFlagSaver flags_; // Save/restore all QUIC flag values. @@ -350,7 +346,7 @@ TEST_F(QuicDispatcherTest, ProcessPackets) { ProcessUdpPacket(_, _, _)) .WillOnce(testing::WithArgs<2>(Invoke(CreateFunctor( &QuicDispatcherTest::ValidatePacket, base::Unretained(this), 1)))); - ProcessPacket(client_address, 1, true, false, SerializeCHLO()); + ProcessPacket(client_address, 1, true, SerializeCHLO()); EXPECT_EQ(client_address, dispatcher_->current_client_address()); EXPECT_EQ(server_address_, dispatcher_->current_server_address()); @@ -363,14 +359,14 @@ TEST_F(QuicDispatcherTest, ProcessPackets) { ProcessUdpPacket(_, _, _)) .WillOnce(testing::WithArgs<2>(Invoke(CreateFunctor( &QuicDispatcherTest::ValidatePacket, base::Unretained(this), 2)))); - ProcessPacket(client_address, 2, true, false, SerializeCHLO()); + ProcessPacket(client_address, 2, true, SerializeCHLO()); EXPECT_CALL(*reinterpret_cast<MockQuicConnection*>(session1_->connection()), ProcessUdpPacket(_, _, _)) .Times(1) .WillOnce(testing::WithArgs<2>(Invoke(CreateFunctor( &QuicDispatcherTest::ValidatePacket, base::Unretained(this), 1)))); - ProcessPacket(client_address, 1, false, false, "data"); + ProcessPacket(client_address, 1, false, "data"); } TEST_F(QuicDispatcherTest, StatelessVersionNegotiation) { @@ -396,7 +392,7 @@ TEST_F(QuicDispatcherTest, Shutdown) { .WillOnce(testing::WithArgs<2>(Invoke(CreateFunctor( &QuicDispatcherTest::ValidatePacket, base::Unretained(this), 1)))); - ProcessPacket(client_address, 1, true, false, SerializeCHLO()); + ProcessPacket(client_address, 1, true, SerializeCHLO()); EXPECT_CALL(*reinterpret_cast<MockQuicConnection*>(session1_->connection()), CloseConnection(QUIC_PEER_GOING_AWAY, _, _)); @@ -420,7 +416,7 @@ TEST_F(QuicDispatcherTest, TimeWaitListManager) { .WillOnce(testing::WithArgs<2>(Invoke(CreateFunctor( &QuicDispatcherTest::ValidatePacket, base::Unretained(this), 1)))); - ProcessPacket(client_address, connection_id, true, false, SerializeCHLO()); + ProcessPacket(client_address, connection_id, true, SerializeCHLO()); // Close the connection by sending public reset packet. QuicPublicResetPacket packet; @@ -454,7 +450,7 @@ TEST_F(QuicDispatcherTest, TimeWaitListManager) { .Times(1); EXPECT_CALL(*time_wait_list_manager_, AddConnectionIdToTimeWait(_, _, _, _)) .Times(0); - ProcessPacket(client_address, connection_id, true, false, "data"); + ProcessPacket(client_address, connection_id, true, "data"); } TEST_F(QuicDispatcherTest, NoVersionPacketToTimeWaitListManager) { @@ -470,7 +466,7 @@ TEST_F(QuicDispatcherTest, NoVersionPacketToTimeWaitListManager) { .Times(1); EXPECT_CALL(*time_wait_list_manager_, AddConnectionIdToTimeWait(_, _, _, _)) .Times(1); - ProcessPacket(client_address, connection_id, false, false, SerializeCHLO()); + ProcessPacket(client_address, connection_id, false, SerializeCHLO()); } TEST_F(QuicDispatcherTest, ProcessPacketWithZeroPort) { @@ -484,7 +480,7 @@ TEST_F(QuicDispatcherTest, ProcessPacketWithZeroPort) { EXPECT_CALL(*time_wait_list_manager_, ProcessPacket(_, _, _, _, _)).Times(0); EXPECT_CALL(*time_wait_list_manager_, AddConnectionIdToTimeWait(_, _, _, _)) .Times(0); - ProcessPacket(client_address, 1, true, false, SerializeCHLO()); + ProcessPacket(client_address, 1, true, SerializeCHLO()); } TEST_F(QuicDispatcherTest, OKSeqNoPacketProcessed) { @@ -503,9 +499,8 @@ TEST_F(QuicDispatcherTest, OKSeqNoPacketProcessed) { &QuicDispatcherTest::ValidatePacket, base::Unretained(this), 1)))); // A packet whose packet number is the largest that is allowed to start a // connection. - ProcessPacket(client_address, connection_id, true, false, SerializeCHLO(), + ProcessPacket(client_address, connection_id, true, SerializeCHLO(), PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, - kDefaultPathId, QuicDispatcher::kMaxReasonableInitialPacketNumber); EXPECT_EQ(client_address, dispatcher_->current_client_address()); EXPECT_EQ(server_address_, dispatcher_->current_server_address()); @@ -526,9 +521,8 @@ TEST_F(QuicDispatcherTest, TooBigSeqNoPacketToTimeWaitListManager) { .Times(1); // A packet whose packet number is one to large to be allowed to start a // connection. - ProcessPacket(client_address, connection_id, true, false, SerializeCHLO(), + ProcessPacket(client_address, connection_id, true, SerializeCHLO(), PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, - kDefaultPathId, QuicDispatcher::kMaxReasonableInitialPacketNumber + 1); } @@ -766,7 +760,7 @@ TEST_P(QuicDispatcherStatelessRejectTest, ParameterizedBasicTest) { Invoke(CreateFunctor(&QuicDispatcherTest::ValidatePacket, base::Unretained(this), connection_id)))); // Process the first packet for the connection. - ProcessPacket(client_address, connection_id, true, false, SerializeCHLO()); + ProcessPacket(client_address, connection_id, true, SerializeCHLO()); if (ExpectStatelessReject()) { // If this is a stateless reject, the crypto stream will close the // connection. @@ -793,7 +787,7 @@ TEST_P(QuicDispatcherStatelessRejectTest, ParameterizedBasicTest) { Invoke(CreateFunctor(&QuicDispatcherTest::ValidatePacket, base::Unretained(this), connection_id)))); } - ProcessPacket(client_address, connection_id, true, false, "data"); + ProcessPacket(client_address, connection_id, true, "data"); } TEST_P(QuicDispatcherStatelessRejectTest, CheapRejects) { @@ -826,8 +820,10 @@ TEST_P(QuicDispatcherStatelessRejectTest, CheapRejects) { {"VER\0", "Q025"}}, kClientHelloMinimumSize); - ProcessPacket(client_address, connection_id, true, false, - client_hello.GetSerialized().AsStringPiece().as_string()); + ProcessPacket(client_address, connection_id, true, + client_hello.GetSerialized(Perspective::IS_CLIENT) + .AsStringPiece() + .as_string()); if (GetParam().enable_stateless_rejects_via_flag) { EXPECT_EQ(true, @@ -842,8 +838,7 @@ TEST_P(QuicDispatcherStatelessRejectTest, BufferNonChlo) { const QuicSocketAddress client_address(QuicIpAddress::Loopback4(), 1); const QuicConnectionId connection_id = 1; - ProcessPacket(client_address, connection_id, true, false, - "NOT DATA FOR A CHLO"); + ProcessPacket(client_address, connection_id, true, "NOT DATA FOR A CHLO"); // Process the first packet for the connection. CryptoHandshakeMessage client_hello = @@ -871,8 +866,10 @@ TEST_P(QuicDispatcherStatelessRejectTest, BufferNonChlo) { Invoke(CreateFunctor(&QuicDispatcherTest::ValidatePacket, base::Unretained(this), connection_id)))) .RetiresOnSaturation(); - ProcessPacket(client_address, connection_id, true, false, - client_hello.GetSerialized().AsStringPiece().as_string()); + ProcessPacket(client_address, connection_id, true, + client_hello.GetSerialized(Perspective::IS_CLIENT) + .AsStringPiece() + .as_string()); EXPECT_FALSE( time_wait_list_manager_->IsConnectionIdInTimeWait(connection_id)); } @@ -895,7 +892,7 @@ TEST_F(QuicDispatcherTestStrayPacketConnectionId, .Times(0); EXPECT_CALL(*time_wait_list_manager_, AddConnectionIdToTimeWait(_, _, _, _)) .Times(0); - ProcessPacket(client_address, connection_id, true, false, "data", + ProcessPacket(client_address, connection_id, true, "data", PACKET_0BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER); } @@ -939,7 +936,7 @@ class QuicDispatcherWriteBlockedListTest : public QuicDispatcherTest { ProcessUdpPacket(_, _, _)) .WillOnce(testing::WithArgs<2>(Invoke(CreateFunctor( &QuicDispatcherTest::ValidatePacket, base::Unretained(this), 1)))); - ProcessPacket(client_address, 1, true, false, SerializeCHLO()); + ProcessPacket(client_address, 1, true, SerializeCHLO()); EXPECT_CALL(*dispatcher_, CreateQuicSession(_, client_address)) .WillOnce(testing::Return(CreateSession( @@ -950,7 +947,7 @@ class QuicDispatcherWriteBlockedListTest : public QuicDispatcherTest { ProcessUdpPacket(_, _, _)) .WillOnce(testing::WithArgs<2>(Invoke(CreateFunctor( &QuicDispatcherTest::ValidatePacket, base::Unretained(this), 2)))); - ProcessPacket(client_address, 2, true, false, SerializeCHLO()); + ProcessPacket(client_address, 2, true, SerializeCHLO()); blocked_list_ = QuicDispatcherPeer::GetWriteBlockedList(dispatcher_.get()); } @@ -1173,7 +1170,9 @@ class BufferedPacketStoreTest } string SerializeFullCHLO() { - return full_chlo_.GetSerialized().AsStringPiece().as_string(); + return full_chlo_.GetSerialized(Perspective::IS_CLIENT) + .AsStringPiece() + .as_string(); } protected: @@ -1199,10 +1198,9 @@ TEST_P(BufferedPacketStoreTest, ProcessNonChloPacketsUptoLimitAndProcessChlo) { EXPECT_CALL(*dispatcher_, ShouldCreateOrBufferPacketForConnection(conn_id)) .Times(1); for (size_t i = 1; i <= kDefaultMaxUndecryptablePackets + 1; ++i) { - ProcessPacket(client_address, conn_id, true, false, + ProcessPacket(client_address, conn_id, true, QuicStrCat("data packet ", i + 1), PACKET_8BYTE_CONNECTION_ID, - PACKET_6BYTE_PACKET_NUMBER, kDefaultPathId, - /*packet_number=*/i + 1); + PACKET_6BYTE_PACKET_NUMBER, /*packet_number=*/i + 1); } EXPECT_EQ(0u, dispatcher_->session_map().size()) << "No session should be created before CHLO arrives."; @@ -1225,7 +1223,7 @@ TEST_P(BufferedPacketStoreTest, ProcessNonChloPacketsUptoLimitAndProcessChlo) { .WillRepeatedly(testing::WithArg<2>( Invoke(CreateFunctor(&QuicDispatcherTest::ValidatePacket, base::Unretained(this), conn_id)))); - ProcessPacket(client_address, conn_id, true, false, SerializeFullCHLO()); + ProcessPacket(client_address, conn_id, true, SerializeFullCHLO()); } TEST_P(BufferedPacketStoreTest, @@ -1253,10 +1251,9 @@ TEST_P(BufferedPacketStoreTest, ShouldCreateOrBufferPacketForConnection(conn_id)); } } - ProcessPacket(client_address, conn_id, true, false, + ProcessPacket(client_address, conn_id, true, QuicStrCat("data packet on connection ", i), PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, - kDefaultPathId, /*packet_number=*/2); } @@ -1305,7 +1302,7 @@ TEST_P(BufferedPacketStoreTest, .WillRepeatedly(testing::WithArg<2>( Invoke(CreateFunctor(&QuicDispatcherTest::ValidatePacket, base::Unretained(this), conn_id)))); - ProcessPacket(client_address, conn_id, true, false, SerializeFullCHLO()); + ProcessPacket(client_address, conn_id, true, SerializeFullCHLO()); } } @@ -1319,7 +1316,7 @@ TEST_P(BufferedPacketStoreTest, DeliverEmptyPackets) { dispatcher_.get(), config_, conn_id, client_address, &mock_helper_, &mock_alarm_factory_, &crypto_config_, QuicDispatcherPeer::GetCache(dispatcher_.get()), &session1_))); - ProcessPacket(client_address, conn_id, true, false, SerializeFullCHLO()); + ProcessPacket(client_address, conn_id, true, SerializeFullCHLO()); } // Tests that a retransmitted CHLO arrives after a connection for the @@ -1329,9 +1326,8 @@ TEST_P(BufferedPacketStoreTest, ReceiveRetransmittedCHLO) { QuicSocketAddress client_address(QuicIpAddress::Loopback4(), 1); server_address_ = QuicSocketAddress(QuicIpAddress::Any4(), 5); QuicConnectionId conn_id = 1; - ProcessPacket(client_address, conn_id, true, false, - QuicStrCat("data packet ", 2), PACKET_8BYTE_CONNECTION_ID, - PACKET_6BYTE_PACKET_NUMBER, kDefaultPathId, + ProcessPacket(client_address, conn_id, true, QuicStrCat("data packet ", 2), + PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, /*packet_number=*/2); // When CHLO arrives, a new session should be created, and all packets @@ -1348,9 +1344,9 @@ TEST_P(BufferedPacketStoreTest, ReceiveRetransmittedCHLO) { .WillRepeatedly(testing::WithArg<2>( Invoke(CreateFunctor(&QuicDispatcherTest::ValidatePacket, base::Unretained(this), conn_id)))); - ProcessPacket(client_address, conn_id, true, false, SerializeFullCHLO()); + ProcessPacket(client_address, conn_id, true, SerializeFullCHLO()); - ProcessPacket(client_address, conn_id, true, false, SerializeFullCHLO()); + ProcessPacket(client_address, conn_id, true, SerializeFullCHLO()); } // Tests that expiration of a connection add connection id to time wait list. @@ -1364,9 +1360,8 @@ TEST_P(BufferedPacketStoreTest, ReceiveCHLOAfterExpiration) { QuicSocketAddress client_address(QuicIpAddress::Loopback4(), 1); server_address_ = QuicSocketAddress(QuicIpAddress::Any4(), 5); QuicConnectionId conn_id = 1; - ProcessPacket(client_address, conn_id, true, false, - QuicStrCat("data packet ", 2), PACKET_8BYTE_CONNECTION_ID, - PACKET_6BYTE_PACKET_NUMBER, kDefaultPathId, + ProcessPacket(client_address, conn_id, true, QuicStrCat("data packet ", 2), + PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, /*packet_number=*/2); mock_helper_.AdvanceTime( @@ -1379,7 +1374,7 @@ TEST_P(BufferedPacketStoreTest, ReceiveCHLOAfterExpiration) { // list. ASSERT_TRUE(time_wait_list_manager_->IsConnectionIdInTimeWait(conn_id)); EXPECT_CALL(*time_wait_list_manager_, ProcessPacket(_, _, conn_id, _, _)); - ProcessPacket(client_address, conn_id, true, false, SerializeFullCHLO()); + ProcessPacket(client_address, conn_id, true, SerializeFullCHLO()); } TEST_P(BufferedPacketStoreTest, ProcessCHLOsUptoLimitAndBufferTheRest) { @@ -1418,7 +1413,7 @@ TEST_P(BufferedPacketStoreTest, ProcessCHLOsUptoLimitAndBufferTheRest) { Invoke(CreateFunctor(&QuicDispatcherTest::ValidatePacket, base::Unretained(this), conn_id)))); } - ProcessPacket(client_addr_, conn_id, true, false, SerializeFullCHLO()); + ProcessPacket(client_addr_, conn_id, true, SerializeFullCHLO()); if (conn_id <= kMaxNumSessionsToCreate + kDefaultMaxConnectionsInStore && conn_id > kMaxNumSessionsToCreate) { EXPECT_TRUE(store->HasChloForConnection(conn_id)); @@ -1477,18 +1472,13 @@ TEST_P(BufferedPacketStoreTest, BufferDuplicatedCHLO) { Invoke(CreateFunctor(&QuicDispatcherTest::ValidatePacket, base::Unretained(this), conn_id)))); } - ProcessPacket(client_addr_, conn_id, true, false, SerializeFullCHLO()); + ProcessPacket(client_addr_, conn_id, true, SerializeFullCHLO()); } // Retransmit CHLO on last connection should be dropped. QuicConnectionId last_connection = kMaxNumSessionsToCreate + 1; - ProcessPacket(client_addr_, last_connection, true, false, - SerializeFullCHLO()); + ProcessPacket(client_addr_, last_connection, true, SerializeFullCHLO()); size_t packets_buffered = 2; - if (!FLAGS_quic_reloadable_flag_quic_buffer_packets_after_chlo) { - // The packet sent above is dropped when flag is off. - packets_buffered = 1; - } // Reset counter and process buffered CHLO. EXPECT_CALL(*dispatcher_, CreateQuicSession(last_connection, client_addr_)) @@ -1524,14 +1514,14 @@ TEST_P(BufferedPacketStoreTest, BufferNonChloPacketsUptoLimitWithChloBuffered) { Invoke(CreateFunctor(&QuicDispatcherTest::ValidatePacket, base::Unretained(this), conn_id)))); } - ProcessPacket(client_addr_, conn_id, true, false, SerializeFullCHLO()); + ProcessPacket(client_addr_, conn_id, true, SerializeFullCHLO()); } // Process another |kDefaultMaxUndecryptablePackets| + 1 data packets. The // last one should be dropped. for (QuicPacketNumber packet_number = 2; packet_number <= kDefaultMaxUndecryptablePackets + 2; ++packet_number) { - ProcessPacket(client_addr_, last_connection_id, true, false, "data packet"); + ProcessPacket(client_addr_, last_connection_id, true, "data packet"); } // Reset counter and process buffered CHLO. @@ -1559,9 +1549,8 @@ TEST_P(BufferedPacketStoreTest, ReceiveCHLOForBufferedConnection) { QuicDispatcherPeer::GetBufferedPackets(dispatcher_.get()); QuicConnectionId conn_id = 1; - ProcessPacket(client_addr_, conn_id, true, false, "data packet", + ProcessPacket(client_addr_, conn_id, true, "data packet", PACKET_8BYTE_CONNECTION_ID, PACKET_6BYTE_PACKET_NUMBER, - kDefaultPathId, /*packet_number=*/1); // Fill packet buffer to full with CHLOs on other connections. Need to feed // extra CHLOs because the first |kMaxNumSessionsToCreate| are going to create @@ -1582,13 +1571,12 @@ TEST_P(BufferedPacketStoreTest, ReceiveCHLOForBufferedConnection) { Invoke(CreateFunctor(&QuicDispatcherTest::ValidatePacket, base::Unretained(this), conn_id)))); } - ProcessPacket(client_addr_, conn_id, true, false, SerializeFullCHLO()); + ProcessPacket(client_addr_, conn_id, true, SerializeFullCHLO()); } EXPECT_FALSE(store->HasChloForConnection(/*connection_id=*/1)); // CHLO on connection 1 should still be buffered. - ProcessPacket(client_addr_, /*connection_id=*/1, true, false, - SerializeFullCHLO()); + ProcessPacket(client_addr_, /*connection_id=*/1, true, SerializeFullCHLO()); EXPECT_TRUE(store->HasChloForConnection(/*connection_id=*/1)); } @@ -1629,11 +1617,15 @@ class AsyncGetProofTest : public QuicDispatcherTest { } string SerializeFullCHLO() { - return full_chlo_.GetSerialized().AsStringPiece().as_string(); + return full_chlo_.GetSerialized(Perspective::IS_CLIENT) + .AsStringPiece() + .as_string(); } string SerializeCHLO() { - return chlo_.GetSerialized().AsStringPiece().as_string(); + return chlo_.GetSerialized(Perspective::IS_CLIENT) + .AsStringPiece() + .as_string(); } // Sets up a session, and crypto stream based on the test parameters. @@ -1711,7 +1703,7 @@ TEST_F(AsyncGetProofTest, BasicAccept) { } // Send a CHLO that the StatelessRejector will accept. - ProcessPacket(client_addr_, conn_id, true, false, SerializeFullCHLO()); + ProcessPacket(client_addr_, conn_id, true, SerializeFullCHLO()); ASSERT_EQ(GetFakeProofSource()->NumPendingCallbacks(), 1); check.Call(1); @@ -1722,7 +1714,7 @@ TEST_F(AsyncGetProofTest, BasicAccept) { check.Call(2); // Verify that a data packet gets processed immediately. - ProcessPacket(client_addr_, conn_id, true, false, "My name is Data"); + ProcessPacket(client_addr_, conn_id, true, "My name is Data"); } // Test a simple situation of connections which the StatelessRejector will @@ -1749,7 +1741,7 @@ TEST_F(AsyncGetProofTest, BasicReject) { } // Send a CHLO that the StatelessRejector will reject. - ProcessPacket(client_addr_, conn_id, true, false, SerializeCHLO()); + ProcessPacket(client_addr_, conn_id, true, SerializeCHLO()); ASSERT_EQ(GetFakeProofSource()->NumPendingCallbacks(), 1); // Complete the ProofSource::GetProof call and verify that the connection and @@ -1760,7 +1752,7 @@ TEST_F(AsyncGetProofTest, BasicReject) { // Verify that a data packet is passed to the time wait list manager. check.Call(2); - ProcessPacket(client_addr_, conn_id, true, false, "My name is Data"); + ProcessPacket(client_addr_, conn_id, true, "My name is Data"); } // Test a situation with multiple interleaved connections which the @@ -1810,11 +1802,11 @@ TEST_F(AsyncGetProofTest, MultipleAccept) { } // Send a CHLO that the StatelessRejector will accept. - ProcessPacket(client_addr_, conn_id_1, true, false, SerializeFullCHLO()); + ProcessPacket(client_addr_, conn_id_1, true, SerializeFullCHLO()); ASSERT_EQ(GetFakeProofSource()->NumPendingCallbacks(), 1); // Send another CHLO that the StatelessRejector will accept. - ProcessPacket(client_addr_, conn_id_2, true, false, SerializeFullCHLO()); + ProcessPacket(client_addr_, conn_id_2, true, SerializeFullCHLO()); ASSERT_EQ(GetFakeProofSource()->NumPendingCallbacks(), 2); // Complete the second ProofSource::GetProof call and verify that a session is @@ -1825,12 +1817,12 @@ TEST_F(AsyncGetProofTest, MultipleAccept) { // Verify that a data packet on that connection gets processed immediately. check.Call(2); - ProcessPacket(client_addr_, conn_id_2, true, false, "My name is Data"); + ProcessPacket(client_addr_, conn_id_2, true, "My name is Data"); // Verify that a data packet on the other connection does not get processed // yet. check.Call(3); - ProcessPacket(client_addr_, conn_id_1, true, false, "My name is Data"); + ProcessPacket(client_addr_, conn_id_1, true, "My name is Data"); EXPECT_TRUE(store->HasBufferedPackets(conn_id_1)); EXPECT_FALSE(store->HasBufferedPackets(conn_id_2)); @@ -1879,11 +1871,11 @@ TEST_F(AsyncGetProofTest, MultipleReject) { } // Send a CHLO that the StatelessRejector will reject. - ProcessPacket(client_addr_, conn_id_1, true, false, SerializeCHLO()); + ProcessPacket(client_addr_, conn_id_1, true, SerializeCHLO()); ASSERT_EQ(GetFakeProofSource()->NumPendingCallbacks(), 1); // Send another CHLO that the StatelessRejector will reject. - ProcessPacket(client_addr_, conn_id_2, true, false, SerializeCHLO()); + ProcessPacket(client_addr_, conn_id_2, true, SerializeCHLO()); ASSERT_EQ(GetFakeProofSource()->NumPendingCallbacks(), 2); // Complete the second ProofSource::GetProof call and verify that the @@ -1895,11 +1887,11 @@ TEST_F(AsyncGetProofTest, MultipleReject) { // Verify that a data packet on that connection gets processed immediately by // the time wait manager. check.Call(2); - ProcessPacket(client_addr_, conn_id_2, true, false, "My name is Data"); + ProcessPacket(client_addr_, conn_id_2, true, "My name is Data"); // Verify that a data packet on the first connection gets buffered. check.Call(3); - ProcessPacket(client_addr_, conn_id_1, true, false, "My name is Data"); + ProcessPacket(client_addr_, conn_id_1, true, "My name is Data"); EXPECT_TRUE(store->HasBufferedPackets(conn_id_1)); EXPECT_FALSE(store->HasBufferedPackets(conn_id_2)); @@ -1938,13 +1930,13 @@ TEST_F(AsyncGetProofTest, MultipleIdenticalReject) { } // Send a CHLO that the StatelessRejector will reject. - ProcessPacket(client_addr_, conn_id_1, true, false, SerializeCHLO()); + ProcessPacket(client_addr_, conn_id_1, true, SerializeCHLO()); ASSERT_EQ(GetFakeProofSource()->NumPendingCallbacks(), 1); EXPECT_FALSE(store->HasBufferedPackets(conn_id_1)); // Send an identical CHLO which should get buffered. check.Call(1); - ProcessPacket(client_addr_, conn_id_1, true, false, SerializeCHLO()); + ProcessPacket(client_addr_, conn_id_1, true, SerializeCHLO()); ASSERT_EQ(GetFakeProofSource()->NumPendingCallbacks(), 1); EXPECT_TRUE(store->HasBufferedPackets(conn_id_1)); @@ -1980,13 +1972,13 @@ TEST_F(AsyncGetProofTest, BufferTimeout) { } // Send a CHLO that the StatelessRejector will accept. - ProcessPacket(client_addr_, conn_id, true, false, SerializeFullCHLO()); + ProcessPacket(client_addr_, conn_id, true, SerializeFullCHLO()); ASSERT_EQ(GetFakeProofSource()->NumPendingCallbacks(), 1); EXPECT_FALSE(store->HasBufferedPackets(conn_id)); // Send a data packet that will get buffered check.Call(1); - ProcessPacket(client_addr_, conn_id, true, false, "My name is Data"); + ProcessPacket(client_addr_, conn_id, true, "My name is Data"); EXPECT_TRUE(store->HasBufferedPackets(conn_id)); // Pretend that enough time has gone by for the packets to get expired out of @@ -2038,13 +2030,13 @@ TEST_F(AsyncGetProofTest, TimeWaitTimeout) { } // Send a CHLO that the StatelessRejector will accept. - ProcessPacket(client_addr_, conn_id, true, false, SerializeFullCHLO()); + ProcessPacket(client_addr_, conn_id, true, SerializeFullCHLO()); ASSERT_EQ(GetFakeProofSource()->NumPendingCallbacks(), 1); EXPECT_FALSE(store->HasBufferedPackets(conn_id)); // Send a data packet that will get buffered check.Call(1); - ProcessPacket(client_addr_, conn_id, true, false, "My name is Data"); + ProcessPacket(client_addr_, conn_id, true, "My name is Data"); EXPECT_TRUE(store->HasBufferedPackets(conn_id)); // Pretend that enough time has gone by for the packets to get expired out of diff --git a/chromium/net/tools/quic/quic_http_response_cache.cc b/chromium/net/tools/quic/quic_http_response_cache.cc index 68c57defa65..7f42f765dec 100644 --- a/chromium/net/tools/quic/quic_http_response_cache.cc +++ b/chromium/net/tools/quic/quic_http_response_cache.cc @@ -18,7 +18,6 @@ using base::FilePath; using base::IntToString; -using base::StringPiece; using std::string; namespace net { @@ -67,7 +66,7 @@ void QuicHttpResponseCache::ResourceFile::Read() { if (file_contents_[pos - 1] == '\r') { len -= 1; } - StringPiece line(file_contents_.data() + start, len); + QuicStringPiece line(file_contents_.data() + start, len); start = pos + 1; // Headers end with an empty line. if (line.empty()) { @@ -110,26 +109,26 @@ void QuicHttpResponseCache::ResourceFile::Read() { // stuff as described in https://w3c.github.io/preload/. it = spdy_headers_.find("x-push-url"); if (it != spdy_headers_.end()) { - StringPiece push_urls = it->second; + QuicStringPiece push_urls = it->second; size_t start = 0; while (start < push_urls.length()) { size_t pos = push_urls.find('\0', start); if (pos == string::npos) { - push_urls_.push_back( - StringPiece(push_urls.data() + start, push_urls.length() - start)); + push_urls_.push_back(QuicStringPiece(push_urls.data() + start, + push_urls.length() - start)); break; } - push_urls_.push_back(StringPiece(push_urls.data() + start, pos)); + push_urls_.push_back(QuicStringPiece(push_urls.data() + start, pos)); start += pos + 1; } } - body_ = - StringPiece(file_contents_.data() + start, file_contents_.size() - start); + body_ = QuicStringPiece(file_contents_.data() + start, + file_contents_.size() - start); } void QuicHttpResponseCache::ResourceFile::SetHostPathFromBase( - StringPiece base) { + QuicStringPiece base) { size_t path_start = base.find_first_of('/'); DCHECK_LT(0UL, path_start); host_ = base.substr(0, path_start); @@ -141,7 +140,8 @@ void QuicHttpResponseCache::ResourceFile::SetHostPathFromBase( } } -StringPiece QuicHttpResponseCache::ResourceFile::RemoveScheme(StringPiece url) { +QuicStringPiece QuicHttpResponseCache::ResourceFile::RemoveScheme( + QuicStringPiece url) { if (QuicTextUtils::StartsWith(url, "https://")) { url.remove_prefix(8); } else if (QuicTextUtils::StartsWith(url, "http://")) { @@ -151,15 +151,15 @@ StringPiece QuicHttpResponseCache::ResourceFile::RemoveScheme(StringPiece url) { } void QuicHttpResponseCache::ResourceFile::HandleXOriginalUrl() { - StringPiece url(x_original_url_); + QuicStringPiece url(x_original_url_); // Remove the protocol so we can add it below. url = RemoveScheme(url); SetHostPathFromBase(url); } const QuicHttpResponseCache::Response* QuicHttpResponseCache::GetResponse( - StringPiece host, - StringPiece path) const { + QuicStringPiece host, + QuicStringPiece path) const { QuicWriterMutexLock lock(&response_mutex_); auto it = responses_.find(GetKey(host, path)); @@ -176,10 +176,10 @@ const QuicHttpResponseCache::Response* QuicHttpResponseCache::GetResponse( typedef QuicHttpResponseCache::ServerPushInfo ServerPushInfo; -void QuicHttpResponseCache::AddSimpleResponse(StringPiece host, - StringPiece path, +void QuicHttpResponseCache::AddSimpleResponse(QuicStringPiece host, + QuicStringPiece path, int response_code, - StringPiece body) { + QuicStringPiece body) { SpdyHeaderBlock response_headers; response_headers[":status"] = QuicTextUtils::Uint64ToString(response_code); response_headers["content-length"] = @@ -188,10 +188,10 @@ void QuicHttpResponseCache::AddSimpleResponse(StringPiece host, } void QuicHttpResponseCache::AddSimpleResponseWithServerPushResources( - StringPiece host, - StringPiece path, + QuicStringPiece host, + QuicStringPiece path, int response_code, - StringPiece body, + QuicStringPiece body, std::list<ServerPushInfo> push_resources) { AddSimpleResponse(host, path, response_code, body); MaybeAddServerPushResources(host, path, push_resources); @@ -202,26 +202,26 @@ void QuicHttpResponseCache::AddDefaultResponse(Response* response) { default_response_.reset(response); } -void QuicHttpResponseCache::AddResponse(StringPiece host, - StringPiece path, +void QuicHttpResponseCache::AddResponse(QuicStringPiece host, + QuicStringPiece path, SpdyHeaderBlock response_headers, - StringPiece response_body) { + QuicStringPiece response_body) { AddResponseImpl(host, path, REGULAR_RESPONSE, std::move(response_headers), response_body, SpdyHeaderBlock()); } -void QuicHttpResponseCache::AddResponse(StringPiece host, - StringPiece path, +void QuicHttpResponseCache::AddResponse(QuicStringPiece host, + QuicStringPiece path, SpdyHeaderBlock response_headers, - StringPiece response_body, + QuicStringPiece response_body, SpdyHeaderBlock response_trailers) { AddResponseImpl(host, path, REGULAR_RESPONSE, std::move(response_headers), response_body, std::move(response_trailers)); } void QuicHttpResponseCache::AddSpecialResponse( - StringPiece host, - StringPiece path, + QuicStringPiece host, + QuicStringPiece path, SpecialResponseType response_type) { AddResponseImpl(host, path, response_type, SpdyHeaderBlock(), "", SpdyHeaderBlock()); @@ -251,7 +251,7 @@ void QuicHttpResponseCache::InitializeFromDirectory( std::unique_ptr<ResourceFile> resource_file(new ResourceFile(file_iter)); // Tease apart filename into host and path. - StringPiece base(resource_file->file_name()); + QuicStringPiece base(resource_file->file_name()); base.remove_prefix(cache_directory.length()); if (base[0] == '/') { base.remove_prefix(1); @@ -305,11 +305,11 @@ QuicHttpResponseCache::~QuicHttpResponseCache() { } } -void QuicHttpResponseCache::AddResponseImpl(StringPiece host, - StringPiece path, +void QuicHttpResponseCache::AddResponseImpl(QuicStringPiece host, + QuicStringPiece path, SpecialResponseType response_type, SpdyHeaderBlock response_headers, - StringPiece response_body, + QuicStringPiece response_body, SpdyHeaderBlock response_trailers) { QuicWriterMutexLock lock(&response_mutex_); @@ -328,13 +328,14 @@ void QuicHttpResponseCache::AddResponseImpl(StringPiece host, responses_[key] = std::move(new_response); } -string QuicHttpResponseCache::GetKey(StringPiece host, StringPiece path) const { +string QuicHttpResponseCache::GetKey(QuicStringPiece host, + QuicStringPiece path) const { return host.as_string() + path.as_string(); } void QuicHttpResponseCache::MaybeAddServerPushResources( - StringPiece request_host, - StringPiece request_path, + QuicStringPiece request_host, + QuicStringPiece request_path, std::list<ServerPushInfo> push_resources) { string request_url = GetKey(request_host, request_path); @@ -364,7 +365,7 @@ void QuicHttpResponseCache::MaybeAddServerPushResources( } if (!found_existing_response) { // Add a server push response to responses map, if it is not in the map. - StringPiece body = push_resource.body; + QuicStringPiece body = push_resource.body; QUIC_DVLOG(1) << "Add response for push resource: host " << host << " path " << path; AddResponse(host, path, push_resource.headers.Clone(), body); diff --git a/chromium/net/tools/quic/quic_http_response_cache.h b/chromium/net/tools/quic/quic_http_response_cache.h index 695987ce0bc..917acc02c63 100644 --- a/chromium/net/tools/quic/quic_http_response_cache.h +++ b/chromium/net/tools/quic/quic_http_response_cache.h @@ -14,9 +14,9 @@ #include "base/files/file_path.h" #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/spdy_utils.h" #include "net/quic/platform/api/quic_mutex.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/api/quic_url.h" #include "net/spdy/spdy_framer.h" @@ -56,7 +56,7 @@ class QuicHttpResponseCache { SpecialResponseType response_type() const { return response_type_; } const SpdyHeaderBlock& headers() const { return headers_; } const SpdyHeaderBlock& trailers() const { return trailers_; } - const base::StringPiece body() const { return base::StringPiece(body_); } + const QuicStringPiece body() const { return QuicStringPiece(body_); } void set_response_type(SpecialResponseType response_type) { response_type_ = response_type; @@ -65,7 +65,7 @@ class QuicHttpResponseCache { void set_trailers(SpdyHeaderBlock trailers) { trailers_ = std::move(trailers); } - void set_body(base::StringPiece body) { body.CopyToString(&body_); } + void set_body(QuicStringPiece body) { body.CopyToString(&body_); } private: SpecialResponseType response_type_; @@ -88,39 +88,39 @@ class QuicHttpResponseCache { void Read(); // |base| is |file_name_| with |cache_directory| prefix stripped. - void SetHostPathFromBase(base::StringPiece base); + void SetHostPathFromBase(QuicStringPiece base); const std::string& file_name() { return file_name_string_; } - base::StringPiece host() { return host_; } - void set_host(base::StringPiece host) { host_ = host; } + QuicStringPiece host() { return host_; } + void set_host(QuicStringPiece host) { host_ = host; } - base::StringPiece path() { return path_; } - void set_path(base::StringPiece path) { path_ = path; } + QuicStringPiece path() { return path_; } + void set_path(QuicStringPiece path) { path_ = path; } const SpdyHeaderBlock& spdy_headers() { return spdy_headers_; } - base::StringPiece body() { return body_; } + QuicStringPiece body() { return body_; } - const std::vector<base::StringPiece>& push_urls() { return push_urls_; } + const std::vector<QuicStringPiece>& push_urls() { return push_urls_; } protected: void HandleXOriginalUrl(); - void HandlePushUrls(const std::vector<base::StringPiece>& push_urls); - base::StringPiece RemoveScheme(base::StringPiece url); + void HandlePushUrls(const std::vector<QuicStringPiece>& push_urls); + QuicStringPiece RemoveScheme(QuicStringPiece url); const std::string cache_directory_; const base::FilePath file_name_; const std::string file_name_string_; std::string file_contents_; - base::StringPiece body_; + QuicStringPiece body_; SpdyHeaderBlock spdy_headers_; - base::StringPiece x_original_url_; - std::vector<base::StringPiece> push_urls_; + QuicStringPiece x_original_url_; + std::vector<QuicStringPiece> push_urls_; private: - base::StringPiece host_; - base::StringPiece path_; + QuicStringPiece host_; + QuicStringPiece path_; QuicHttpResponseCache* cache_; DISALLOW_COPY_AND_ASSIGN(ResourceFile); @@ -131,43 +131,42 @@ class QuicHttpResponseCache { // Retrieve a response from this cache for a given host and path.. // If no appropriate response exists, nullptr is returned. - const Response* GetResponse(base::StringPiece host, - base::StringPiece path) const; + const Response* GetResponse(QuicStringPiece host, QuicStringPiece path) const; // Adds a simple response to the cache. The response headers will // only contain the "content-length" header with the length of |body|. - void AddSimpleResponse(base::StringPiece host, - base::StringPiece path, + void AddSimpleResponse(QuicStringPiece host, + QuicStringPiece path, int response_code, - base::StringPiece body); + QuicStringPiece body); // Add a simple response to the cache as AddSimpleResponse() does, and add // some server push resources(resource path, corresponding response status and // path) associated with it. // Push resource implicitly come from the same host. void AddSimpleResponseWithServerPushResources( - base::StringPiece host, - base::StringPiece path, + QuicStringPiece host, + QuicStringPiece path, int response_code, - base::StringPiece body, + QuicStringPiece body, std::list<ServerPushInfo> push_resources); // Add a response to the cache. - void AddResponse(base::StringPiece host, - base::StringPiece path, + void AddResponse(QuicStringPiece host, + QuicStringPiece path, SpdyHeaderBlock response_headers, - base::StringPiece response_body); + QuicStringPiece response_body); // Add a response, with trailers, to the cache. - void AddResponse(base::StringPiece host, - base::StringPiece path, + void AddResponse(QuicStringPiece host, + QuicStringPiece path, SpdyHeaderBlock response_headers, - base::StringPiece response_body, + QuicStringPiece response_body, SpdyHeaderBlock response_trailers); // Simulate a special behavior at a particular path. - void AddSpecialResponse(base::StringPiece host, - base::StringPiece path, + void AddSpecialResponse(QuicStringPiece host, + QuicStringPiece path, SpecialResponseType response_type); // Sets a default response in case of cache misses. Takes ownership of @@ -181,19 +180,19 @@ class QuicHttpResponseCache { std::list<ServerPushInfo> GetServerPushResources(std::string request_url); private: - void AddResponseImpl(base::StringPiece host, - base::StringPiece path, + void AddResponseImpl(QuicStringPiece host, + QuicStringPiece path, SpecialResponseType response_type, SpdyHeaderBlock response_headers, - base::StringPiece response_body, + QuicStringPiece response_body, SpdyHeaderBlock response_trailers); - std::string GetKey(base::StringPiece host, base::StringPiece path) const; + std::string GetKey(QuicStringPiece host, QuicStringPiece path) const; // Add some server push urls with given responses for specified // request if these push resources are not associated with this request yet. - void MaybeAddServerPushResources(base::StringPiece request_host, - base::StringPiece request_path, + void MaybeAddServerPushResources(QuicStringPiece request_host, + QuicStringPiece request_path, std::list<ServerPushInfo> push_resources); // Check if push resource(push_host/push_path) associated with given request diff --git a/chromium/net/tools/quic/quic_http_response_cache_test.cc b/chromium/net/tools/quic/quic_http_response_cache_test.cc index fbd8175f2c0..5e19cb2bfad 100644 --- a/chromium/net/tools/quic/quic_http_response_cache_test.cc +++ b/chromium/net/tools/quic/quic_http_response_cache_test.cc @@ -11,7 +11,6 @@ #include "net/quic/platform/api/quic_text_utils.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; namespace net { diff --git a/chromium/net/tools/quic/quic_packet_printer_bin.cc b/chromium/net/tools/quic/quic_packet_printer_bin.cc index ccac643744e..aa26b479369 100644 --- a/chromium/net/tools/quic/quic_packet_printer_bin.cc +++ b/chromium/net/tools/quic/quic_packet_printer_bin.cc @@ -142,10 +142,6 @@ class QuicPacketPrinter : public QuicFramerVisitorInterface { std::cerr << "OnBlockedFrame: " << frame; return true; } - bool OnPathCloseFrame(const QuicPathCloseFrame& frame) override { - std::cerr << "OnPathCloseFrame:" << frame; - return true; - } void OnPacketComplete() override { std::cerr << "OnPacketComplete\n"; } private: diff --git a/chromium/net/tools/quic/quic_packet_writer_wrapper.h b/chromium/net/tools/quic/quic_packet_writer_wrapper.h index 4fc75c6b8ef..72273181fcb 100644 --- a/chromium/net/tools/quic/quic_packet_writer_wrapper.h +++ b/chromium/net/tools/quic/quic_packet_writer_wrapper.h @@ -38,6 +38,10 @@ class QuicPacketWriterWrapper : public QuicPacketWriter { // Takes ownership of |writer|. void set_writer(QuicPacketWriter* writer); + virtual void set_peer_address(const QuicSocketAddress& peer_address) {} + + QuicPacketWriter* writer() { return writer_.get(); } + private: std::unique_ptr<QuicPacketWriter> writer_; diff --git a/chromium/net/tools/quic/quic_simple_client.cc b/chromium/net/tools/quic/quic_simple_client.cc index 9d9528e4817..ee277bd240e 100644 --- a/chromium/net/tools/quic/quic_simple_client.cc +++ b/chromium/net/tools/quic/quic_simple_client.cc @@ -29,7 +29,6 @@ #include "net/spdy/spdy_http_utils.h" using std::string; -using base::StringPiece; namespace net { diff --git a/chromium/net/tools/quic/quic_simple_client.h b/chromium/net/tools/quic/quic_simple_client.h index f0bc052bc6d..7fd1bd46d7d 100644 --- a/chromium/net/tools/quic/quic_simple_client.h +++ b/chromium/net/tools/quic/quic_simple_client.h @@ -15,7 +15,6 @@ #include "base/command_line.h" #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/base/ip_address.h" #include "net/base/ip_endpoint.h" #include "net/http/http_response_headers.h" diff --git a/chromium/net/tools/quic/quic_simple_client_bin.cc b/chromium/net/tools/quic/quic_simple_client_bin.cc index bfe5fe84c1b..76feff3ba79 100644 --- a/chromium/net/tools/quic/quic_simple_client_bin.cc +++ b/chromium/net/tools/quic/quic_simple_client_bin.cc @@ -57,6 +57,7 @@ #include "net/quic/core/quic_server_id.h" #include "net/quic/platform/api/quic_socket_address.h" #include "net/quic/platform/api/quic_str_cat.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/api/quic_text_utils.h" #include "net/spdy/spdy_header_block.h" #include "net/spdy/spdy_http_utils.h" @@ -64,13 +65,13 @@ #include "net/tools/quic/synchronous_host_resolver.h" #include "url/gurl.h" -using base::StringPiece; using net::CertVerifier; using net::CTPolicyEnforcer; using net::CTVerifier; using net::MultiLogCTVerifier; using net::ProofVerifier; using net::ProofVerifierChromium; +using net::QuicStringPiece; using net::QuicTextUtils; using net::SpdyHeaderBlock; using net::TransportSecurityState; @@ -111,7 +112,7 @@ class FakeProofVerifier : public ProofVerifier { const uint16_t port, const string& server_config, net::QuicVersion quic_version, - StringPiece chlo_hash, + QuicStringPiece chlo_hash, const std::vector<string>& certs, const string& cert_sct, const string& signature, @@ -308,12 +309,12 @@ int main(int argc, char* argv[]) { header_block[":path"] = url.path(); // Append any additional headers supplied on the command line. - for (StringPiece sp : QuicTextUtils::Split(FLAGS_headers, ';')) { + for (QuicStringPiece sp : QuicTextUtils::Split(FLAGS_headers, ';')) { QuicTextUtils::RemoveLeadingAndTrailingWhitespace(&sp); if (sp.empty()) { continue; } - std::vector<StringPiece> kv = QuicTextUtils::Split(sp, ':'); + std::vector<QuicStringPiece> kv = QuicTextUtils::Split(sp, ':'); QuicTextUtils::RemoveLeadingAndTrailingWhitespace(&kv[0]); QuicTextUtils::RemoveLeadingAndTrailingWhitespace(&kv[1]); header_block[kv[0]] = kv[1]; diff --git a/chromium/net/tools/quic/quic_simple_server_session_test.cc b/chromium/net/tools/quic/quic_simple_server_session_test.cc index 5d1cac27f33..2d90c26b7a1 100644 --- a/chromium/net/tools/quic/quic_simple_server_session_test.cc +++ b/chromium/net/tools/quic/quic_simple_server_session_test.cc @@ -15,6 +15,7 @@ #include "net/quic/core/quic_crypto_server_stream.h" #include "net/quic/core/quic_utils.h" #include "net/quic/platform/api/quic_socket_address.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/api/quic_text_utils.h" #include "net/quic/test_tools/crypto_test_utils.h" #include "net/quic/test_tools/quic_config_peer.h" @@ -228,7 +229,7 @@ INSTANTIATE_TEST_CASE_P(Tests, TEST_P(QuicSimpleServerSessionTest, CloseStreamDueToReset) { // Open a stream, then reset it. // Send two bytes of payload to open it. - QuicStreamFrame data1(kClientDataStreamId1, false, 0, StringPiece("HT")); + QuicStreamFrame data1(kClientDataStreamId1, false, 0, QuicStringPiece("HT")); session_->OnStreamFrame(data1); EXPECT_EQ(1u, session_->GetNumOpenIncomingStreams()); @@ -258,7 +259,7 @@ TEST_P(QuicSimpleServerSessionTest, NeverOpenStreamDueToReset) { EXPECT_EQ(0u, session_->GetNumOpenIncomingStreams()); // Send two bytes of payload. - QuicStreamFrame data1(kClientDataStreamId1, false, 0, StringPiece("HT")); + QuicStreamFrame data1(kClientDataStreamId1, false, 0, QuicStringPiece("HT")); visitor_->OnStreamFrame(data1); // The stream should never be opened, now that the reset is received. @@ -269,9 +270,9 @@ TEST_P(QuicSimpleServerSessionTest, NeverOpenStreamDueToReset) { TEST_P(QuicSimpleServerSessionTest, AcceptClosedStream) { // Send (empty) compressed headers followed by two bytes of data. QuicStreamFrame frame1(kClientDataStreamId1, false, 0, - StringPiece("\1\0\0\0\0\0\0\0HT")); + QuicStringPiece("\1\0\0\0\0\0\0\0HT")); QuicStreamFrame frame2(kClientDataStreamId2, false, 0, - StringPiece("\2\0\0\0\0\0\0\0HT")); + QuicStringPiece("\2\0\0\0\0\0\0\0HT")); visitor_->OnStreamFrame(frame1); visitor_->OnStreamFrame(frame2); EXPECT_EQ(2u, session_->GetNumOpenIncomingStreams()); @@ -285,8 +286,8 @@ TEST_P(QuicSimpleServerSessionTest, AcceptClosedStream) { // If we were tracking, we'd probably want to reject this because it's data // past the reset point of stream 3. As it's a closed stream we just drop the // data on the floor, but accept the packet because it has data for stream 5. - QuicStreamFrame frame3(kClientDataStreamId1, false, 2, StringPiece("TP")); - QuicStreamFrame frame4(kClientDataStreamId2, false, 2, StringPiece("TP")); + QuicStreamFrame frame3(kClientDataStreamId1, false, 2, QuicStringPiece("TP")); + QuicStreamFrame frame4(kClientDataStreamId2, false, 2, QuicStringPiece("TP")); visitor_->OnStreamFrame(frame3); visitor_->OnStreamFrame(frame4); // The stream should never be opened, now that the reset is received. @@ -350,7 +351,7 @@ TEST_P(QuicSimpleServerSessionTest, CreateOutgoingDynamicStreamUptoLimit) { // Receive some data to initiate a incoming stream which should not effect // creating outgoing streams. - QuicStreamFrame data1(kClientDataStreamId1, false, 0, StringPiece("HT")); + QuicStreamFrame data1(kClientDataStreamId1, false, 0, QuicStringPiece("HT")); session_->OnStreamFrame(data1); EXPECT_EQ(1u, session_->GetNumOpenIncomingStreams()); EXPECT_EQ(0u, session_->GetNumOpenOutgoingStreams()); @@ -377,13 +378,13 @@ TEST_P(QuicSimpleServerSessionTest, CreateOutgoingDynamicStreamUptoLimit) { EXPECT_EQ(kMaxStreamsForTest, session_->GetNumOpenOutgoingStreams()); // Create peer initiated stream should have no problem. - QuicStreamFrame data2(kClientDataStreamId2, false, 0, StringPiece("HT")); + QuicStreamFrame data2(kClientDataStreamId2, false, 0, QuicStringPiece("HT")); session_->OnStreamFrame(data2); EXPECT_EQ(2u, session_->GetNumOpenIncomingStreams()); } TEST_P(QuicSimpleServerSessionTest, OnStreamFrameWithEvenStreamId) { - QuicStreamFrame frame(2, false, 0, StringPiece()); + QuicStreamFrame frame(2, false, 0, QuicStringPiece()); EXPECT_CALL(*connection_, CloseConnection(QUIC_INVALID_STREAM_ID, "Client sent data on server push stream", _)); diff --git a/chromium/net/tools/quic/quic_simple_server_stream.cc b/chromium/net/tools/quic/quic_simple_server_stream.cc index 8289655278e..14f24077faa 100644 --- a/chromium/net/tools/quic/quic_simple_server_stream.cc +++ b/chromium/net/tools/quic/quic_simple_server_stream.cc @@ -18,7 +18,6 @@ #include "net/tools/quic/quic_http_response_cache.h" #include "net/tools/quic/quic_simple_server_session.h" -using base::StringPiece; using std::string; namespace net { @@ -223,14 +222,14 @@ void QuicSimpleServerStream::SendErrorResponse() { void QuicSimpleServerStream::SendHeadersAndBody( SpdyHeaderBlock response_headers, - StringPiece body) { + QuicStringPiece body) { SendHeadersAndBodyAndTrailers(std::move(response_headers), body, SpdyHeaderBlock()); } void QuicSimpleServerStream::SendHeadersAndBodyAndTrailers( SpdyHeaderBlock response_headers, - StringPiece body, + QuicStringPiece body, SpdyHeaderBlock response_trailers) { if (!allow_bidirectional_data() && !reading_stopped()) { StopReading(); diff --git a/chromium/net/tools/quic/quic_simple_server_stream.h b/chromium/net/tools/quic/quic_simple_server_stream.h index 1471aada756..5cc8e5e903d 100644 --- a/chromium/net/tools/quic/quic_simple_server_stream.h +++ b/chromium/net/tools/quic/quic_simple_server_stream.h @@ -10,6 +10,7 @@ #include "base/macros.h" #include "net/quic/core/quic_packets.h" #include "net/quic/core/quic_spdy_stream.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/spdy/spdy_framer.h" #include "net/tools/quic/quic_http_response_cache.h" #include "net/tools/quic/quic_spdy_server_stream_base.h" @@ -64,9 +65,9 @@ class QuicSimpleServerStream : public QuicSpdyServerStreamBase { void SendNotFoundResponse(); void SendHeadersAndBody(SpdyHeaderBlock response_headers, - base::StringPiece body); + QuicStringPiece body); void SendHeadersAndBodyAndTrailers(SpdyHeaderBlock response_headers, - base::StringPiece body, + QuicStringPiece body, SpdyHeaderBlock response_trailers); SpdyHeaderBlock* request_headers() { return &request_headers_; } diff --git a/chromium/net/tools/quic/quic_simple_server_stream_test.cc b/chromium/net/tools/quic/quic_simple_server_stream_test.cc index 4a444e3c916..86b27d13a26 100644 --- a/chromium/net/tools/quic/quic_simple_server_stream_test.cc +++ b/chromium/net/tools/quic/quic_simple_server_stream_test.cc @@ -8,7 +8,6 @@ #include <memory> #include <utility> -#include "base/strings/string_piece.h" #include "net/quic/core/quic_utils.h" #include "net/quic/core/spdy_utils.h" #include "net/quic/platform/api/quic_ptr_util.h" @@ -22,7 +21,6 @@ #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" -using base::StringPiece; using std::string; using testing::_; using testing::AnyNumber; @@ -534,7 +532,7 @@ TEST_P(QuicSimpleServerStreamTest, InvalidMultipleContentLength) { SpdyHeaderBlock request_headers; // \000 is a way to write the null byte when followed by a literal digit. - header_list_.OnHeader("content-length", StringPiece("11\00012", 5)); + header_list_.OnHeader("content-length", QuicStringPiece("11\00012", 5)); headers_string_ = SpdyUtils::SerializeUncompressedHeaders(request_headers); @@ -554,7 +552,7 @@ TEST_P(QuicSimpleServerStreamTest, InvalidLeadingNullContentLength) { SpdyHeaderBlock request_headers; // \000 is a way to write the null byte when followed by a literal digit. - header_list_.OnHeader("content-length", StringPiece("\00012", 3)); + header_list_.OnHeader("content-length", QuicStringPiece("\00012", 3)); headers_string_ = SpdyUtils::SerializeUncompressedHeaders(request_headers); @@ -572,7 +570,7 @@ TEST_P(QuicSimpleServerStreamTest, InvalidLeadingNullContentLength) { TEST_P(QuicSimpleServerStreamTest, ValidMultipleContentLength) { SpdyHeaderBlock request_headers; // \000 is a way to write the null byte when followed by a literal digit. - header_list_.OnHeader("content-length", StringPiece("11\00011", 5)); + header_list_.OnHeader("content-length", QuicStringPiece("11\00011", 5)); headers_string_ = SpdyUtils::SerializeUncompressedHeaders(request_headers); @@ -638,7 +636,7 @@ TEST_P(QuicSimpleServerStreamTest, InvalidHeadersWithFin) { 0x54, 0x54, 0x50, 0x2f, // TTP/ 0x31, 0x2e, 0x31, // 1.1 }; - StringPiece data(arr, arraysize(arr)); + QuicStringPiece data(arr, arraysize(arr)); QuicStreamFrame frame(stream_->id(), true, 0, data); // Verify that we don't crash when we get a invalid headers in stream frame. stream_->OnStreamFrame(frame); diff --git a/chromium/net/tools/quic/quic_spdy_client_stream.cc b/chromium/net/tools/quic/quic_spdy_client_stream.cc index 47097a6c5ba..6f8552bea99 100644 --- a/chromium/net/tools/quic/quic_spdy_client_stream.cc +++ b/chromium/net/tools/quic/quic_spdy_client_stream.cc @@ -13,7 +13,6 @@ #include "net/spdy/spdy_protocol.h" #include "net/tools/quic/quic_client_session.h" -using base::StringPiece; using std::string; namespace net { @@ -62,8 +61,7 @@ void QuicSpdyClientStream::OnInitialHeadersComplete( return; } - if (FLAGS_quic_restart_flag_quic_supports_100_continue && - response_code_ == 100 && !has_preliminary_headers_) { + if (response_code_ == 100 && !has_preliminary_headers_) { // These are preliminary 100 Continue headers, not the actual response // headers. set_headers_decompressed(false); @@ -139,7 +137,7 @@ void QuicSpdyClientStream::OnDataAvailable() { } size_t QuicSpdyClientStream::SendRequest(SpdyHeaderBlock headers, - StringPiece body, + QuicStringPiece body, bool fin) { QuicConnection::ScopedPacketBundler bundler( session_->connection(), QuicConnection::SEND_ACK_IF_QUEUED); diff --git a/chromium/net/tools/quic/quic_spdy_client_stream.h b/chromium/net/tools/quic/quic_spdy_client_stream.h index cd3d6346734..c01f07bc459 100644 --- a/chromium/net/tools/quic/quic_spdy_client_stream.h +++ b/chromium/net/tools/quic/quic_spdy_client_stream.h @@ -10,9 +10,9 @@ #include <string> #include "base/macros.h" -#include "base/strings/string_piece.h" #include "net/quic/core/quic_packets.h" #include "net/quic/core/quic_spdy_stream.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/spdy/spdy_framer.h" namespace net { @@ -50,7 +50,7 @@ class QuicSpdyClientStream : public QuicSpdyStream { // Serializes the headers and body, sends it to the server, and // returns the number of bytes sent. - size_t SendRequest(SpdyHeaderBlock headers, base::StringPiece body, bool fin); + size_t SendRequest(SpdyHeaderBlock headers, QuicStringPiece body, bool fin); // Returns the response data. const std::string& data() { return data_; } diff --git a/chromium/net/tools/quic/quic_spdy_client_stream_test.cc b/chromium/net/tools/quic/quic_spdy_client_stream_test.cc index 915d53913a8..dcebc1a8f06 100644 --- a/chromium/net/tools/quic/quic_spdy_client_stream_test.cc +++ b/chromium/net/tools/quic/quic_spdy_client_stream_test.cc @@ -111,7 +111,6 @@ TEST_F(QuicSpdyClientStreamTest, TestFraming) { TEST_F(QuicSpdyClientStreamTest, TestFraming100Continue) { headers_[":status"] = "100"; - FLAGS_quic_restart_flag_quic_supports_100_continue = true; auto headers = AsHeaderList(headers_); stream_->OnStreamHeaderList(false, headers.uncompressed_header_bytes(), headers); @@ -123,20 +122,6 @@ TEST_F(QuicSpdyClientStreamTest, TestFraming100Continue) { EXPECT_EQ("", stream_->data()); } -TEST_F(QuicSpdyClientStreamTest, TestFraming100ContinueNoFlag) { - headers_[":status"] = "100"; - FLAGS_quic_restart_flag_quic_supports_100_continue = false; - auto headers = AsHeaderList(headers_); - stream_->OnStreamHeaderList(false, headers.uncompressed_header_bytes(), - headers); - stream_->OnStreamFrame( - QuicStreamFrame(stream_->id(), /*fin=*/false, /*offset=*/0, body_)); - EXPECT_EQ(0u, stream_->preliminary_headers().size()); - EXPECT_EQ("100", stream_->response_headers().find(":status")->second); - EXPECT_EQ(100, stream_->response_code()); - EXPECT_EQ(body_, stream_->data()); -} - TEST_F(QuicSpdyClientStreamTest, TestFramingOnePacket) { auto headers = AsHeaderList(headers_); stream_->OnStreamHeaderList(false, headers.uncompressed_header_bytes(), @@ -171,7 +156,7 @@ TEST_F(QuicSpdyClientStreamTest, TestNoBidirectionalStreaming) { if (FLAGS_quic_reloadable_flag_quic_always_enable_bidi_streaming) { return; } - QuicStreamFrame frame(kClientDataStreamId1, false, 3, StringPiece("asd")); + QuicStreamFrame frame(kClientDataStreamId1, false, 3, QuicStringPiece("asd")); EXPECT_FALSE(stream_->write_side_closed()); stream_->OnStreamFrame(frame); diff --git a/chromium/net/tools/quic/quic_spdy_server_stream_base.cc b/chromium/net/tools/quic/quic_spdy_server_stream_base.cc index e84516899b5..f7af8734b51 100644 --- a/chromium/net/tools/quic/quic_spdy_server_stream_base.cc +++ b/chromium/net/tools/quic/quic_spdy_server_stream_base.cc @@ -20,11 +20,22 @@ void QuicSpdyServerStreamBase::CloseWriteSide() { // or RST. DCHECK(fin_sent()); // Tell the peer to stop sending further data. - QUIC_DVLOG(0) << " Server: Send QUIC_STREAM_NO_ERROR on stream " << id(); + QUIC_DVLOG(1) << " Server: Send QUIC_STREAM_NO_ERROR on stream " << id(); Reset(QUIC_STREAM_NO_ERROR); } QuicSpdyStream::CloseWriteSide(); } +void QuicSpdyServerStreamBase::StopReading() { + if (!fin_received() && !rst_received() && write_side_closed() && + !rst_sent()) { + DCHECK(fin_sent()); + // Tell the peer to stop sending further data. + QUIC_DVLOG(1) << " Server: Send QUIC_STREAM_NO_ERROR on stream " << id(); + Reset(QUIC_STREAM_NO_ERROR); + } + QuicSpdyStream::StopReading(); +} + } // namespace net diff --git a/chromium/net/tools/quic/quic_spdy_server_stream_base.h b/chromium/net/tools/quic/quic_spdy_server_stream_base.h index 880642a7fea..46462a16b83 100644 --- a/chromium/net/tools/quic/quic_spdy_server_stream_base.h +++ b/chromium/net/tools/quic/quic_spdy_server_stream_base.h @@ -16,6 +16,7 @@ class QuicSpdyServerStreamBase : public QuicSpdyStream { // Override the base class to send QUIC_STREAM_NO_ERROR to the peer // when the stream has not received all the data. void CloseWriteSide() override; + void StopReading() override; private: DISALLOW_COPY_AND_ASSIGN(QuicSpdyServerStreamBase); diff --git a/chromium/net/tools/quic/quic_time_wait_list_manager.cc b/chromium/net/tools/quic/quic_time_wait_list_manager.cc index da49cfc31e2..35c1e39721e 100644 --- a/chromium/net/tools/quic/quic_time_wait_list_manager.cc +++ b/chromium/net/tools/quic/quic_time_wait_list_manager.cc @@ -15,7 +15,6 @@ #include "net/quic/core/quic_flags.h" #include "net/quic/core/quic_framer.h" #include "net/quic/core/quic_packets.h" -#include "net/quic/core/quic_server_session_base.h" #include "net/quic/core/quic_utils.h" #include "net/quic/platform/api/quic_clock.h" #include "net/quic/platform/api/quic_logging.h" @@ -23,8 +22,6 @@ #include "net/quic/platform/api/quic_ptr_util.h" #include "net/quic/platform/api/quic_socket_address.h" -using base::StringPiece; - namespace net { // A very simple alarm that just informs the QuicTimeWaitListManager to clean diff --git a/chromium/net/tools/quic/quic_time_wait_list_manager_test.cc b/chromium/net/tools/quic/quic_time_wait_list_manager_test.cc index a870e3028f1..0ff4f8dce79 100644 --- a/chromium/net/tools/quic/quic_time_wait_list_manager_test.cc +++ b/chromium/net/tools/quic/quic_time_wait_list_manager_test.cc @@ -125,7 +125,6 @@ class QuicTimeWaitListManagerTest : public ::testing::Test { QuicConnectionId connection_id, QuicPacketNumber packet_number) { return net::test::ConstructEncryptedPacket(connection_id, false, false, - false, kDefaultPathId, packet_number, "data"); } diff --git a/chromium/net/tools/quic/stateless_rejector.h b/chromium/net/tools/quic/stateless_rejector.h index f1771629d04..adaf7ceff6d 100644 --- a/chromium/net/tools/quic/stateless_rejector.h +++ b/chromium/net/tools/quic/stateless_rejector.h @@ -5,7 +5,6 @@ #ifndef NET_TOOLS_QUIC_STATELESS_REJECTOR_H_ #define NET_TOOLS_QUIC_STATELESS_REJECTOR_H_ -#include "base/strings/string_piece.h" #include "net/quic/core/crypto/crypto_framer.h" #include "net/quic/core/crypto/quic_crypto_server_config.h" #include "net/quic/core/quic_packets.h" diff --git a/chromium/net/tools/quic/stateless_rejector_test.cc b/chromium/net/tools/quic/stateless_rejector_test.cc index 0076c13d7aa..ea1ec24a8b5 100644 --- a/chromium/net/tools/quic/stateless_rejector_test.cc +++ b/chromium/net/tools/quic/stateless_rejector_test.cc @@ -13,6 +13,7 @@ #include "net/quic/platform/api/quic_logging.h" #include "net/quic/platform/api/quic_ptr_util.h" #include "net/quic/platform/api/quic_str_cat.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/quic/platform/api/quic_text_utils.h" #include "net/quic/test_tools/crypto_test_utils.h" #include "net/quic/test_tools/quic_crypto_server_config_peer.h" @@ -117,7 +118,7 @@ class StatelessRejectorTest : public ::testing::TestWithParam<TestParams> { string nonce; CryptoUtils::GenerateNonce( clock_.WallNow(), QuicRandom::GetInstance(), - StringPiece( + QuicStringPiece( reinterpret_cast<char*>(config_peer_.GetPrimaryConfig()->orbit), kOrbitSize), &nonce); diff --git a/chromium/net/tools/quic/test_tools/quic_test_client.cc b/chromium/net/tools/quic/test_tools/quic_test_client.cc index 56fe71247a3..f6bda76d66a 100644 --- a/chromium/net/tools/quic/test_tools/quic_test_client.cc +++ b/chromium/net/tools/quic/test_tools/quic_test_client.cc @@ -29,7 +29,6 @@ #include "net/tools/quic/test_tools/quic_client_peer.h" #include "third_party/boringssl/src/include/openssl/x509.h" -using base::StringPiece; using std::string; using testing::_; using testing::Invoke; @@ -53,7 +52,7 @@ class RecordingProofVerifier : public ProofVerifier { const uint16_t port, const string& server_config, QuicVersion quic_version, - StringPiece chlo_hash, + QuicStringPiece chlo_hash, const std::vector<string>& certs, const string& cert_sct, const string& signature, @@ -67,9 +66,9 @@ class RecordingProofVerifier : public ProofVerifier { } // Convert certs to X509Certificate. - std::vector<StringPiece> cert_pieces(certs.size()); + std::vector<QuicStringPiece> cert_pieces(certs.size()); for (unsigned i = 0; i < certs.size(); i++) { - cert_pieces[i] = StringPiece(certs[i]); + cert_pieces[i] = QuicStringPiece(certs[i]); } // TODO(rtenneti): Fix after adding support for real certs. Currently, // cert_pieces are "leaf" and "intermediate" and CreateFromDERCertChain @@ -194,6 +193,11 @@ void MockableQuicClient::UseConnectionId(QuicConnectionId connection_id) { override_connection_id_ = connection_id; } +void MockableQuicClient::set_peer_address(const QuicSocketAddress& address) { + CHECK(test_writer_ != nullptr); + test_writer_->set_peer_address(address); +} + QuicTestClient::QuicTestClient(QuicSocketAddress server_address, const string& server_hostname, const QuicVersionVector& supported_versions) @@ -213,7 +217,6 @@ QuicTestClient::QuicTestClient(QuicSocketAddress server_address, config, supported_versions, &epoll_server_)), - response_complete_(false), allow_bidirectional_data_(false) { Initialize(); } @@ -231,17 +234,15 @@ QuicTestClient::QuicTestClient(QuicSocketAddress server_address, supported_versions, &epoll_server_, std::move(proof_verifier))), - response_complete_(false), allow_bidirectional_data_(false) { Initialize(); } -QuicTestClient::QuicTestClient() - : response_complete_(false), allow_bidirectional_data_(false) {} +QuicTestClient::QuicTestClient() : allow_bidirectional_data_(false) {} QuicTestClient::~QuicTestClient() { - if (stream_) { - stream_->set_visitor(nullptr); + for (std::pair<QuicStreamId, QuicSpdyClientStream*> stream : open_streams_) { + stream.second->set_visitor(nullptr); } client_->Disconnect(); } @@ -253,7 +254,7 @@ void QuicTestClient::Initialize() { buffer_body_ = true; num_requests_ = 0; num_responses_ = 0; - ClearPerRequestState(); + ClearPerConnectionState(); // As chrome will generally do this, we want it to be the default when it's // not overridden. if (!client_->config()->HasSetBytesForConnectionIdToSend()) { @@ -285,7 +286,7 @@ void QuicTestClient::SendRequestsAndWaitForResponses( ssize_t QuicTestClient::GetOrCreateStreamAndSendRequest( const SpdyHeaderBlock* headers, - StringPiece body, + QuicStringPiece body, bool fin, QuicReferenceCountedPointer<QuicAckListenerInterface> ack_listener) { if (headers) { @@ -338,19 +339,15 @@ ssize_t QuicTestClient::GetOrCreateStreamAndSendRequest( } ssize_t QuicTestClient::SendMessage(const SpdyHeaderBlock& headers, - StringPiece body) { + QuicStringPiece body) { return SendMessage(headers, body, /*fin=*/true); } ssize_t QuicTestClient::SendMessage(const SpdyHeaderBlock& headers, - StringPiece body, + QuicStringPiece body, bool fin) { - stream_ = nullptr; // Always force creation of a stream for SendMessage. - // Any response we might have received for a previous request would no longer - // be valid. TODO(jeffpiazza): There's probably additional client state that - // should be reset here, too, if we were being more careful. - response_complete_ = false; - + // Always force creation of a stream for SendMessage. + latest_created_stream_ = nullptr; // If we're not connected, try to find an sni hostname. if (!connected()) { QuicUrl url(SpdyUtils::GetUrlFromHeaderBlock(headers)); @@ -373,8 +370,8 @@ ssize_t QuicTestClient::SendData( const string& data, bool last_data, QuicReferenceCountedPointer<QuicAckListenerInterface> ack_listener) { - return GetOrCreateStreamAndSendRequest(nullptr, StringPiece(data), last_data, - std::move(ack_listener)); + return GetOrCreateStreamAndSendRequest(nullptr, QuicStringPiece(data), + last_data, std::move(ack_listener)); } bool QuicTestClient::response_complete() const { @@ -393,13 +390,15 @@ void QuicTestClient::set_buffer_body(bool buffer_body) { buffer_body_ = buffer_body; } -const string& QuicTestClient::response_body() { +const string& QuicTestClient::response_body() const { return response_; } string QuicTestClient::SendCustomSynchronousRequest( const SpdyHeaderBlock& headers, const string& body) { + // Clear connection state here and only track this synchronous request. + ClearPerConnectionState(); if (SendMessage(headers, body) == 0) { QUIC_DLOG(ERROR) << "Failed the request for: " << headers.DebugString(); // Set the response_ explicitly. Otherwise response_ will contain the @@ -419,11 +418,11 @@ string QuicTestClient::SendSynchronousRequest(const string& uri) { return SendCustomSynchronousRequest(headers, ""); } -void QuicTestClient::SetStream(QuicSpdyClientStream* stream) { - stream_ = stream; - if (stream_ != nullptr) { - response_complete_ = false; - stream_->set_visitor(this); +void QuicTestClient::SetLatestCreatedStream(QuicSpdyClientStream* stream) { + latest_created_stream_ = stream; + if (latest_created_stream_ != nullptr) { + open_streams_[stream->id()] = stream; + stream->set_visitor(this); } } @@ -436,15 +435,19 @@ QuicSpdyClientStream* QuicTestClient::GetOrCreateStream() { return nullptr; } } - if (!stream_) { - SetStream(client_->CreateClientStream()); - if (stream_) { - stream_->SetPriority(priority_); - stream_->set_allow_bidirectional_data(allow_bidirectional_data_); + if (open_streams_.empty()) { + ClearPerConnectionState(); + } + if (!latest_created_stream_) { + SetLatestCreatedStream(client_->CreateClientStream()); + if (latest_created_stream_) { + latest_created_stream_->SetPriority(priority_); + latest_created_stream_->set_allow_bidirectional_data( + allow_bidirectional_data_); } } - return stream_; + return latest_created_stream_; } QuicErrorCode QuicTestClient::connection_error() { @@ -496,6 +499,7 @@ void QuicTestClient::ResetConnection() { } void QuicTestClient::Disconnect() { + ClearPerConnectionState(); client_->Disconnect(); connect_attempted_ = false; } @@ -506,20 +510,19 @@ QuicSocketAddress QuicTestClient::local_address() const { void QuicTestClient::ClearPerRequestState() { stream_error_ = QUIC_STREAM_NO_ERROR; - stream_ = nullptr; response_ = ""; response_complete_ = false; response_headers_complete_ = false; + preliminary_headers_.clear(); response_headers_.clear(); + response_trailers_.clear(); bytes_read_ = 0; bytes_written_ = 0; response_body_size_ = 0; } bool QuicTestClient::HaveActiveStream() { - return push_promise_data_to_resend_.get() || - (stream_ != nullptr && - !client_->session()->IsClosedStream(stream_->id())); + return push_promise_data_to_resend_.get() || !open_streams_.empty(); } bool QuicTestClient::WaitUntil(int timeout_ms, std::function<bool()> trigger) { @@ -537,6 +540,7 @@ bool QuicTestClient::WaitUntil(int timeout_ms, std::function<bool()> trigger) { (timeout_us < 0 || clock->Now() < end_waiting_time)) { client_->WaitForEvents(); } + ReadNextResponse(); if (timeout_us > 0) { epoll_server()->set_timeout_in_us(old_timeout_us); } @@ -553,22 +557,34 @@ ssize_t QuicTestClient::Send(const void* buffer, size_t size) { } bool QuicTestClient::response_headers_complete() const { - if (stream_ != nullptr) { - return stream_->headers_decompressed(); + for (std::pair<QuicStreamId, QuicSpdyClientStream*> stream : open_streams_) { + if (stream.second->headers_decompressed()) { + return true; + } } return response_headers_complete_; } const SpdyHeaderBlock* QuicTestClient::response_headers() const { - if (stream_ != nullptr) { - response_headers_ = stream_->response_headers().Clone(); + for (std::pair<QuicStreamId, QuicSpdyClientStream*> stream : open_streams_) { + size_t bytes_read = + stream.second->stream_bytes_read() + stream.second->header_bytes_read(); + if (bytes_read > 0) { + response_headers_ = stream.second->response_headers().Clone(); + break; + } } return &response_headers_; } const SpdyHeaderBlock* QuicTestClient::preliminary_headers() const { - if (stream_ != nullptr) { - preliminary_headers_ = stream_->preliminary_headers().Clone(); + for (std::pair<QuicStreamId, QuicSpdyClientStream*> stream : open_streams_) { + size_t bytes_read = + stream.second->stream_bytes_read() + stream.second->header_bytes_read(); + if (bytes_read > 0) { + preliminary_headers_ = stream.second->preliminary_headers().Clone(); + break; + } } return &preliminary_headers_; } @@ -582,50 +598,60 @@ int64_t QuicTestClient::response_size() const { } size_t QuicTestClient::bytes_read() const { - // While stream_ is available, its member functions provide more accurate - // information. bytes_read_ is updated only when stream_ becomes null. - if (stream_) { - return stream_->stream_bytes_read() + stream_->header_bytes_read(); - } else { - return bytes_read_; + for (std::pair<QuicStreamId, QuicSpdyClientStream*> stream : open_streams_) { + size_t bytes_read = + stream.second->stream_bytes_read() + stream.second->header_bytes_read(); + if (bytes_read > 0) { + return bytes_read; + } } + return bytes_read_; } size_t QuicTestClient::bytes_written() const { - // While stream_ is available, its member functions provide more accurate - // information. bytes_written_ is updated only when stream_ becomes null. - if (stream_) { - return stream_->stream_bytes_written() + stream_->header_bytes_written(); - } else { - return bytes_written_; + for (std::pair<QuicStreamId, QuicSpdyClientStream*> stream : open_streams_) { + size_t bytes_written = stream.second->stream_bytes_written() + + stream.second->header_bytes_written(); + if (bytes_written > 0) { + return bytes_written; + } } + return bytes_written_; } void QuicTestClient::OnClose(QuicSpdyStream* stream) { - if (stream != nullptr) { - // Always close the stream, regardless of whether it was the last stream - // written. - client()->OnClose(stream); - ++num_responses_; - } - if (stream_ != stream) { + if (stream == nullptr) { return; } - if (buffer_body()) { - // TODO(fnk): The stream still buffers the whole thing. Fix that. - response_ = stream_->data(); + // Always close the stream, regardless of whether it was the last stream + // written. + client()->OnClose(stream); + ++num_responses_; + if (!QuicContainsKey(open_streams_, stream->id())) { + return; } - response_complete_ = true; - response_headers_complete_ = stream_->headers_decompressed(); - response_headers_ = stream_->response_headers().Clone(); - response_trailers_ = stream_->received_trailers().Clone(); - preliminary_headers_ = stream_->preliminary_headers().Clone(); - stream_error_ = stream_->stream_error(); - bytes_read_ = stream_->stream_bytes_read() + stream_->header_bytes_read(); - bytes_written_ = - stream_->stream_bytes_written() + stream_->header_bytes_written(); - response_body_size_ = stream_->data().size(); - stream_ = nullptr; + if (latest_created_stream_ == stream) { + latest_created_stream_ = nullptr; + } + QuicSpdyClientStream* client_stream = + static_cast<QuicSpdyClientStream*>(stream); + QuicStreamId id = client_stream->id(); + closed_stream_states_.insert(std::make_pair( + id, + PerStreamState( + client_stream->stream_error(), true, + client_stream->headers_decompressed(), + client_stream->response_headers(), + client_stream->preliminary_headers(), + (buffer_body() ? client_stream->data() : ""), + client_stream->received_trailers(), + // Use NumBytesConsumed to avoid counting retransmitted stream frames. + QuicStreamPeer::sequencer(client_stream)->NumBytesConsumed() + + client_stream->header_bytes_read(), + client_stream->stream_bytes_written() + + client_stream->header_bytes_written(), + client_stream->data().size()))); + open_streams_.erase(id); } bool QuicTestClient::CheckVary(const SpdyHeaderBlock& client_request, @@ -637,7 +663,7 @@ bool QuicTestClient::CheckVary(const SpdyHeaderBlock& client_request, void QuicTestClient::OnRendezvousResult(QuicSpdyStream* stream) { std::unique_ptr<TestClientDataToResend> data_to_resend = std::move(push_promise_data_to_resend_); - SetStream(static_cast<QuicSpdyClientStream*>(stream)); + SetLatestCreatedStream(static_cast<QuicSpdyClientStream*>(stream)); if (stream) { stream->OnDataAvailable(); } else if (data_to_resend.get()) { @@ -678,7 +704,7 @@ void QuicTestClient::WaitForWriteToFlush() { QuicTestClient::TestClientDataToResend::TestClientDataToResend( std::unique_ptr<SpdyHeaderBlock> headers, - base::StringPiece body, + QuicStringPiece body, bool fin, QuicTestClient* test_client, QuicReferenceCountedPointer<QuicAckListenerInterface> ack_listener) @@ -694,6 +720,42 @@ void QuicTestClient::TestClientDataToResend::Resend() { headers_.reset(); } +QuicTestClient::PerStreamState::PerStreamState(const PerStreamState& other) + : stream_error(other.stream_error), + response_complete(other.response_complete), + response_headers_complete(other.response_headers_complete), + response_headers(other.response_headers.Clone()), + preliminary_headers(other.preliminary_headers.Clone()), + response(other.response), + response_trailers(other.response_trailers.Clone()), + bytes_read(other.bytes_read), + bytes_written(other.bytes_written), + response_body_size(other.response_body_size) {} + +QuicTestClient::PerStreamState::PerStreamState( + QuicRstStreamErrorCode stream_error, + bool response_complete, + bool response_headers_complete, + const SpdyHeaderBlock& response_headers, + const SpdyHeaderBlock& preliminary_headers, + const string& response, + const SpdyHeaderBlock& response_trailers, + uint64_t bytes_read, + uint64_t bytes_written, + int64_t response_body_size) + : stream_error(stream_error), + response_complete(response_complete), + response_headers_complete(response_headers_complete), + response_headers(response_headers.Clone()), + preliminary_headers(preliminary_headers.Clone()), + response(response), + response_trailers(response_trailers.Clone()), + bytes_read(bytes_read), + bytes_written(bytes_written), + response_body_size(response_body_size) {} + +QuicTestClient::PerStreamState::~PerStreamState() {} + bool QuicTestClient::PopulateHeaderBlockFromUrl(const string& uri, SpdyHeaderBlock* headers) { string url; @@ -708,5 +770,33 @@ bool QuicTestClient::PopulateHeaderBlockFromUrl(const string& uri, return SpdyUtils::PopulateHeaderBlockFromUrl(url, headers); } +void QuicTestClient::ReadNextResponse() { + if (closed_stream_states_.empty()) { + return; + } + + PerStreamState state(closed_stream_states_.front().second); + + stream_error_ = state.stream_error; + response_ = state.response; + response_complete_ = state.response_complete; + response_headers_complete_ = state.response_headers_complete; + preliminary_headers_ = state.preliminary_headers.Clone(); + response_headers_ = state.response_headers.Clone(); + response_trailers_ = state.response_trailers.Clone(); + bytes_read_ = state.bytes_read; + bytes_written_ = state.bytes_written; + response_body_size_ = state.response_body_size; + + closed_stream_states_.pop_front(); +} + +void QuicTestClient::ClearPerConnectionState() { + ClearPerRequestState(); + open_streams_.clear(); + closed_stream_states_.clear(); + latest_created_stream_ = nullptr; +} + } // namespace test } // namespace net diff --git a/chromium/net/tools/quic/test_tools/quic_test_client.h b/chromium/net/tools/quic/test_tools/quic_test_client.h index 9066b59f857..1db57a22c20 100644 --- a/chromium/net/tools/quic/test_tools/quic_test_client.h +++ b/chromium/net/tools/quic/test_tools/quic_test_client.h @@ -14,11 +14,12 @@ #include "net/quic/core/quic_framer.h" #include "net/quic/core/quic_packet_creator.h" #include "net/quic/core/quic_packets.h" +#include "net/quic/platform/api/quic_containers.h" +#include "net/quic/platform/api/quic_map_util.h" +#include "net/quic/platform/api/quic_string_piece.h" #include "net/tools/quic/quic_client.h" #include "testing/gmock/include/gmock/gmock.h" -using base::StringPiece; - namespace net { class ProofVerifier; @@ -63,6 +64,7 @@ class MockableQuicClient : public QuicClient { void set_track_last_incoming_packet(bool track) { track_last_incoming_packet_ = track; } + void set_peer_address(const QuicSocketAddress& address); private: QuicConnectionId override_connection_id_; // ConnectionId to use, if nonzero @@ -116,12 +118,12 @@ class QuicTestClient : public QuicSpdyStream::Visitor, const std::vector<std::string>& url_list); // Sends a request containing |headers| and |body| and returns the number of // bytes sent (the size of the serialized request headers and body). - ssize_t SendMessage(const SpdyHeaderBlock& headers, base::StringPiece body); + ssize_t SendMessage(const SpdyHeaderBlock& headers, QuicStringPiece body); // Sends a request containing |headers| and |body| with the fin bit set to // |fin| and returns the number of bytes sent (the size of the serialized // request headers and body). ssize_t SendMessage(const SpdyHeaderBlock& headers, - base::StringPiece body, + QuicStringPiece body, bool fin); // Sends a request containing |headers| and |body|, waits for the response, // and returns the response body. @@ -137,38 +139,51 @@ class QuicTestClient : public QuicSpdyStream::Visitor, void ClearPerRequestState(); bool WaitUntil(int timeout_ms, std::function<bool()> trigger); ssize_t Send(const void* buffer, size_t size); + bool connected() const; + bool buffer_body() const; + void set_buffer_body(bool buffer_body); + + // Getters for stream state. Please note, these getters are divided into two + // groups. 1) returns state which only get updated once a complete response + // is received. 2) returns state of the oldest active stream which have + // received partial response (if any). + // Group 1. + const SpdyHeaderBlock& response_trailers() const; bool response_complete() const; + int64_t response_body_size() const; + const std::string& response_body() const; + // Group 2. bool response_headers_complete() const; const SpdyHeaderBlock* response_headers() const; const SpdyHeaderBlock* preliminary_headers() const; int64_t response_size() const; - int64_t response_body_size() const; size_t bytes_read() const; size_t bytes_written() const; - bool buffer_body() const; - void set_buffer_body(bool buffer_body); - const std::string& response_body(); - bool connected() const; - // Returns once a complete response or a connection close has been received - // from the server. + // Returns once at least one complete response or a connection close has been + // received from the server. If responses are received for multiple (say 2) + // streams, next WaitForResponse will return immediately. void WaitForResponse() { WaitForResponseForMs(-1); } - // Waits for some data or response from the server. + // Returns once some data is received on any open streams or at least one + // complete response is received from the server. void WaitForInitialResponse() { WaitForInitialResponseForMs(-1); } - // Returns once a complete response or a connection close has been received - // from the server, or once the timeout expires. -1 for no timeout. + // Returns once at least one complete response or a connection close has been + // received from the server, or once the timeout expires. -1 means no timeout. + // If responses are received for multiple (say 2) streams, next + // WaitForResponseForMs will return immediately. void WaitForResponseForMs(int timeout_ms) { - WaitUntil(timeout_ms, [this]() { return response_complete(); }); + WaitUntil(timeout_ms, [this]() { return !closed_stream_states_.empty(); }); if (response_complete()) { VLOG(1) << "Client received response:" << response_headers()->DebugString() << response_body(); } } - // Waits for some data or response from the server, or once the timeout - // expires. -1 for no timeout. + // Returns once some data is received on any open streams or at least one + // complete response is received from the server, or once the timeout + // expires. -1 means no timeout. void WaitForInitialResponseForMs(int timeout_ms) { WaitUntil(timeout_ms, [this]() { return response_size() != 0; }); } @@ -178,9 +193,6 @@ class QuicTestClient : public QuicSpdyStream::Visitor, void set_bind_to_address(QuicIpAddress address); const QuicSocketAddress& address() const; - // Returns the response trailers as received by the |stream_|. - const SpdyHeaderBlock& response_trailers() const; - // From QuicSpdyStream::Visitor void OnClose(QuicSpdyStream* stream) override; @@ -197,8 +209,6 @@ class QuicTestClient : public QuicSpdyStream::Visitor, // ConnectionId instead of a random one. void UseConnectionId(QuicConnectionId connection_id); - // Update internal stream_ pointer and perform accompanying housekeeping. - void SetStream(QuicSpdyClientStream* stream); // Returns nullptr if the maximum number of streams have already been created. QuicSpdyClientStream* GetOrCreateStream(); @@ -207,7 +217,7 @@ class QuicTestClient : public QuicSpdyStream::Visitor, // null, only the body will be sent on the stream. ssize_t GetOrCreateStreamAndSendRequest( const SpdyHeaderBlock* headers, - base::StringPiece body, + QuicStringPiece body, bool fin, QuicReferenceCountedPointer<QuicAckListenerInterface> ack_listener); @@ -247,6 +257,10 @@ class QuicTestClient : public QuicSpdyStream::Visitor, client_->set_server_address(server_address); } + void set_peer_address(const QuicSocketAddress& address) { + client_->set_peer_address(address); + } + // Explicitly set the SNI value for this client, overriding the default // behavior which extracts the SNI value from the request URL. void OverrideSni(const std::string& sni) { @@ -258,6 +272,39 @@ class QuicTestClient : public QuicSpdyStream::Visitor, void set_client(MockableQuicClient* client) { client_.reset(client); } + // PerStreamState of a stream is updated when it is closed. + struct PerStreamState { + PerStreamState(const PerStreamState& other); + PerStreamState(QuicRstStreamErrorCode stream_error, + bool response_complete, + bool response_headers_complete, + const SpdyHeaderBlock& response_headers, + const SpdyHeaderBlock& preliminary_headers, + const std::string& response, + const SpdyHeaderBlock& response_trailers, + uint64_t bytes_read, + uint64_t bytes_written, + int64_t response_body_size); + ~PerStreamState(); + + QuicRstStreamErrorCode stream_error; + bool response_complete; + bool response_headers_complete; + SpdyHeaderBlock response_headers; + SpdyHeaderBlock preliminary_headers; + std::string response; + SpdyHeaderBlock response_trailers; + uint64_t bytes_read; + uint64_t bytes_written; + int64_t response_body_size; + }; + + // Given |uri|, populates the fields in |headers| for a simple GET + // request. If |uri| is a relative URL, the QuicServerId will be + // use to specify the authority. + bool PopulateHeaderBlockFromUrl(const std::string& uri, + SpdyHeaderBlock* headers); + protected: QuicTestClient(); @@ -266,7 +313,7 @@ class QuicTestClient : public QuicSpdyStream::Visitor, public: TestClientDataToResend( std::unique_ptr<SpdyHeaderBlock> headers, - base::StringPiece body, + QuicStringPiece body, bool fin, QuicTestClient* test_client, QuicReferenceCountedPointer<QuicAckListenerInterface> ack_listener); @@ -280,24 +327,32 @@ class QuicTestClient : public QuicSpdyStream::Visitor, QuicReferenceCountedPointer<QuicAckListenerInterface> ack_listener_; }; - // Given |uri|, populates the fields in |headers| for a simple GET - // request. If |uri| is a relative URL, the QuicServerId will be - // use to specify the authority. - bool PopulateHeaderBlockFromUrl(const std::string& uri, - SpdyHeaderBlock* headers); - bool HaveActiveStream(); + // Read oldest received response and remove it from closed_stream_states_. + void ReadNextResponse(); + + // Clear open_streams_, closed_stream_states_ and reset + // latest_created_stream_. + void ClearPerConnectionState(); + + // Update latest_created_stream_, add |stream| to open_streams_ and starts + // tracking its state. + void SetLatestCreatedStream(QuicSpdyClientStream* stream); + EpollServer epoll_server_; std::unique_ptr<MockableQuicClient> client_; // The actual client - QuicSpdyClientStream* stream_; + QuicSpdyClientStream* latest_created_stream_; + std::map<QuicStreamId, QuicSpdyClientStream*> open_streams_; + // Received responses of closed streams. + QuicLinkedHashMap<QuicStreamId, PerStreamState> closed_stream_states_; QuicRstStreamErrorCode stream_error_; bool response_complete_; bool response_headers_complete_; - mutable SpdyHeaderBlock response_headers_; mutable SpdyHeaderBlock preliminary_headers_; + mutable SpdyHeaderBlock response_headers_; // Parsed response trailers (if present), copied from the stream in OnClose. SpdyHeaderBlock response_trailers_; diff --git a/chromium/net/tools/testserver/testserver.isolate b/chromium/net/tools/testserver/testserver.isolate deleted file mode 100644 index edece5e2d0f..00000000000 --- a/chromium/net/tools/testserver/testserver.isolate +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright 2015 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. -{ - 'variables': { - 'files': [ - './', - '../../../testing/test_env.py', - '../../../third_party/pyftpdlib/', - '../../../third_party/pywebsocket/', - '../../../third_party/tlslite/', - '<(PRODUCT_DIR)/pyproto/google/', - ] - } -} diff --git a/chromium/net/tools/testserver/testserver.py b/chromium/net/tools/testserver/testserver.py index 8fd723629c4..c22625ea9fc 100755 --- a/chromium/net/tools/testserver/testserver.py +++ b/chromium/net/tools/testserver/testserver.py @@ -2193,6 +2193,7 @@ class ServerRunner(testserver_base.TestServerRunner): 'fallback. 1 means all TLS versions will be ' 'aborted. 2 means TLS 1.1 or higher will be ' 'aborted. 3 means TLS 1.2 or higher will be ' + 'aborted. 4 means TLS 1.3 or higher will be ' 'aborted.') self.option_parser.add_option('--tls-intolerance-type', dest='tls_intolerance_type', diff --git a/chromium/net/tools/transport_security_state_generator/BUILD.gn b/chromium/net/tools/transport_security_state_generator/BUILD.gn new file mode 100644 index 00000000000..06bfd8b4be9 --- /dev/null +++ b/chromium/net/tools/transport_security_state_generator/BUILD.gn @@ -0,0 +1,68 @@ +# Copyright 2017 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +assert(current_toolchain == host_toolchain) + +source_set("transport_security_state_generator_sources") { + sources = [ + "bit_writer.cc", + "bit_writer.h", + "cert_util.cc", + "cert_util.h", + "huffman/huffman_builder.cc", + "huffman/huffman_builder.h", + "input_file_parsers.cc", + "input_file_parsers.h", + "pinset.cc", + "pinset.h", + "pinsets.cc", + "pinsets.h", + "preloaded_state_generator.cc", + "preloaded_state_generator.h", + "spki_hash.cc", + "spki_hash.h", + "transport_security_state_entry.cc", + "transport_security_state_entry.h", + "trie/trie_bit_buffer.cc", + "trie/trie_bit_buffer.h", + "trie/trie_writer.cc", + "trie/trie_writer.h", + ] + deps = [ + "//base", + "//third_party/boringssl", + ] +} + +source_set("transport_security_state_generator_test_sources") { + testonly = true + sources = [ + "bit_writer_unittest.cc", + "cert_util_unittest.cc", + "huffman/huffman_builder_unittest.cc", + "input_file_parsers_unittest.cc", + "spki_hash_unittest.cc", + "trie/trie_bit_buffer_unittest.cc", + ] + deps = [ + ":transport_security_state_generator_sources", + "//base", + "//base/test:test_support", + "//testing/gmock", + "//testing/gtest", + "//third_party/boringssl", + ] +} + +executable("transport_security_state_generator") { + sources = [ + "transport_security_state_generator.cc", + ] + deps = [ + ":transport_security_state_generator_sources", + "//base", + "//crypto", + "//third_party/boringssl", + ] +} diff --git a/chromium/net/tools/transport_security_state_generator/bit_writer_unittest.cc b/chromium/net/tools/transport_security_state_generator/bit_writer_unittest.cc new file mode 100644 index 00000000000..8d8a03246a2 --- /dev/null +++ b/chromium/net/tools/transport_security_state_generator/bit_writer_unittest.cc @@ -0,0 +1,117 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/tools/transport_security_state_generator/bit_writer.h" +#include "testing/gmock/include/gmock/gmock.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { + +namespace transport_security_state { + +namespace { + +// Test that single bits are written to the buffer correctly. +TEST(BitWriterTest, WriteBit) { + BitWriter writer; + + EXPECT_EQ(0U, writer.position()); + EXPECT_EQ(0U, writer.bytes().size()); + + writer.WriteBit(0); + + EXPECT_EQ(1U, writer.position()); + + writer.WriteBit(1); + writer.WriteBit(0); + writer.WriteBit(1); + writer.WriteBit(0); + writer.WriteBit(1); + writer.WriteBit(0); + writer.WriteBit(1); + + EXPECT_EQ(8U, writer.position()); + + writer.WriteBit(0); + + EXPECT_EQ(9U, writer.position()); + + writer.WriteBit(1); + writer.WriteBit(0); + + EXPECT_EQ(11U, writer.position()); + + // Flush should pad the current byte with zero's until it's full. + writer.Flush(); + + // The writer should have 2 bytes now even though we only wrote 11 bits. + EXPECT_EQ(16U, writer.position()); + + // 0 + 1 + 0 + 1 + 0 + 1 + 0 + 1 + 0 + 1 + 0 + 00000 (padding) = 0x5540. + EXPECT_THAT(writer.bytes(), testing::ElementsAre(0x55, 0x40)); +} + +// Test that when multiple bits are written to the buffer, they are appended +// correctly. +TEST(BitWriterTest, WriteBits) { + BitWriter writer; + + // 0xAA is 10101010 in binary. WritBits will write the n least significant + // bits where n is given as the second parameter. + writer.WriteBits(0xAA, 1); + EXPECT_EQ(1U, writer.position()); + writer.WriteBits(0xAA, 2); + EXPECT_EQ(3U, writer.position()); + writer.WriteBits(0xAA, 3); + EXPECT_EQ(6U, writer.position()); + writer.WriteBits(0xAA, 2); + EXPECT_EQ(8U, writer.position()); + writer.WriteBits(0xAA, 2); + EXPECT_EQ(10U, writer.position()); + + // Flush should pad the current byte with zero's until it's full. + writer.Flush(); + + // The writer should have 2 bytes now even though we only wrote 10 bits. + EXPECT_EQ(16U, writer.position()); + + // 0 + 10 + 010 + 10 + 10 + 000000 (padding) = 0x4A80 + EXPECT_THAT(writer.bytes(), testing::ElementsAre(0x4A, 0x80)); +} + +// Test that buffering works correct when the methods are mixed. +TEST(BitWriterTest, WriteBoth) { + BitWriter writer; + + // 0xAA is 10101010 in binary. WritBits will write the n least significant + // bits where n is given as the second parameter. + writer.WriteBits(0xAA, 1); + EXPECT_EQ(1U, writer.position()); + writer.WriteBit(1); + writer.WriteBits(0xAA, 2); + EXPECT_EQ(4U, writer.position()); + writer.WriteBits(0xAA, 3); + EXPECT_EQ(7U, writer.position()); + writer.WriteBit(1); + EXPECT_EQ(8U, writer.position()); + + writer.WriteBits(0xAA, 2); + writer.WriteBit(0); + EXPECT_EQ(11U, writer.position()); + + // Flush should pad the current byte with zero's until it's full. + writer.Flush(); + + // The writer should have 2 bytes now even though we only wrote 10 bits. + EXPECT_EQ(16U, writer.position()); + + // 0 + 1 + 10 + 010 + 1 + 10 + 0 + 00000 (padding) = 0x6580 + EXPECT_THAT(writer.bytes(), testing::ElementsAre(0x65, 0x80)); +} + +} // namespace + +} // namespace transport_security_state + +} // namespace net diff --git a/chromium/net/tools/transport_security_state_generator/cert_util.cc b/chromium/net/tools/transport_security_state_generator/cert_util.cc index 45954a45e70..28940b75744 100644 --- a/chromium/net/tools/transport_security_state_generator/cert_util.cc +++ b/chromium/net/tools/transport_security_state_generator/cert_util.cc @@ -89,7 +89,7 @@ bssl::UniquePtr<X509> GetX509CertificateFromPEM(base::StringPiece pem_data) { const uint8_t* der_data = reinterpret_cast<const uint8_t*>(der.c_str()); return bssl::UniquePtr<X509>( - d2i_X509(NULL, &der_data, base::checked_cast<long>(der.size()))); + d2i_X509(nullptr, &der_data, base::checked_cast<long>(der.size()))); } bool ExtractSubjectNameFromCertificate(X509* certificate, std::string* name) { diff --git a/chromium/net/tools/transport_security_state_generator/cert_util_unittest.cc b/chromium/net/tools/transport_security_state_generator/cert_util_unittest.cc new file mode 100644 index 00000000000..5bc294fa5bb --- /dev/null +++ b/chromium/net/tools/transport_security_state_generator/cert_util_unittest.cc @@ -0,0 +1,217 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <string> +#include <vector> + +#include "net/tools/transport_security_state_generator/cert_util.h" +#include "net/tools/transport_security_state_generator/spki_hash.h" +#include "testing/gmock/include/gmock/gmock.h" +#include "testing/gtest/include/gtest/gtest.h" +#include "third_party/boringssl/src/include/openssl/x509v3.h" + +namespace net { + +namespace transport_security_state { + +namespace { + +// Certficate with the subject CN set to "Chromium", the subject organisation +// set to "The Chromium Projects", and the subject organizational unit set to +// "Security." +static const char kSelfSignedWithCommonNamePEM[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIDeTCCAmGgAwIBAgIJAKZbsC4gPYAUMA0GCSqGSIb3DQEBCwUAMFMxETAPBgNV\n" + "BAMMCENocm9taXVtMR4wHAYDVQQKDBVUaGUgQ2hyb21pdW0gUHJvamVjdHMxETAP\n" + "BgNVBAsMCFNlY3VyaXR5MQswCQYDVQQGEwJVUzAeFw0xNzAxMjkyMDU1NDFaFw0x\n" + "ODAxMjkyMDU1NDFaMFMxETAPBgNVBAMMCENocm9taXVtMR4wHAYDVQQKDBVUaGUg\n" + "Q2hyb21pdW0gUHJvamVjdHMxETAPBgNVBAsMCFNlY3VyaXR5MQswCQYDVQQGEwJV\n" + "UzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMlir9M85QOvQ5ok+uvH\n" + "XF7kmW21B22Ffdw+B2mXTV6NLGvINCdwocIlebQlAdWS2QY/WM08uAYJ3m0IGD+t\n" + "6OG4zG3vOmWMdFQy4XkxMsDkbV11F9n4dsF5TXEvILlupOtOWu6Up8vfFkii/x+/\n" + "bz4aGBDdFu6U8TdQ8ELSmHxJYi4LM0lUKTdLLte3T5Grv3UUXQW33Qs6RXZlH/ul\n" + "jf7/v0HQefM3XdT9djG1XRv8Ga32c8tz+wtSw7PPIWjt0ZDJxZ2/fX7YLwAt2D6N\n" + "zQgrNJtL0/I/j9sO6A0YQeHzmnlyoAd14VhBfEllZc51pFaut31wpbPPxtH0K0Ro\n" + "2XUCAwEAAaNQME4wHQYDVR0OBBYEFD7eitJ8KlIaVS4J9w2Nz+5OE8H0MB8GA1Ud\n" + "IwQYMBaAFD7eitJ8KlIaVS4J9w2Nz+5OE8H0MAwGA1UdEwQFMAMBAf8wDQYJKoZI\n" + "hvcNAQELBQADggEBAFjuy0Jhj2E/ALOkOst53/nHIpT5suru4H6YEmmPye+KCQnC\n" + "ws1msPyLQ8V10/kyQzJTSLbeehNyOaK99KJk+hZBVEKBa9uH3WXPpiwz1xr3STJO\n" + "hhV2wXGTMqe5gryR7r+n88+2TpRiZ/mAVyJm4NQgev4HZbFsl3sT50AQrrEbHHiY\n" + "Sh38NCR8JCVuzLBjcEEIWxjhDPkdNPJtx3cBkIDP+Cz1AUSPretGk7CQAGivq7Kq\n" + "9y6A59guc1RFVPeEQAxUIUDZGDQlB3PtmrXrp1/LAaDYvQCstDBgiZoamy+xSROP\n" + "BU2KIzRj2EUOWqtIURU4Q2QC1fbVqxVjfPowX/A=\n" + "-----END CERTIFICATE-----\n"; + +// Certificate without a subject CN. The subject organisation is set to +// "The Chromium Projects" and the subject origanisational unit is set to +// "Security". +static const char kSelfSignedWithoutCommonNamePEM[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIDUzCCAjugAwIBAgIJAI18Ifktf3YOMA0GCSqGSIb3DQEBCwUAMEAxHjAcBgNV\n" + "BAoMFVRoZSBDaHJvbWl1bSBQcm9qZWN0czERMA8GA1UECwwIU2VjdXJpdHkxCzAJ\n" + "BgNVBAYTAlVTMB4XDTE3MDEyOTIxMTMwMloXDTE4MDEyOTIxMTMwMlowQDEeMBwG\n" + "A1UECgwVVGhlIENocm9taXVtIFByb2plY3RzMREwDwYDVQQLDAhTZWN1cml0eTEL\n" + "MAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxfBIg\n" + "4hVljlFbyZ88mhLEKCfy/8X127H16ywcy+q+jlj7YtlWqGKlfIjKQkXKeI/xUB1F\n" + "ZC1S0kmVycAoahb4m+NqkfBkuxbpc5gYsv9TdgiNIhEezx6Z9OTPjGnTZVDjJNsQ\n" + "MVKfG+DD3qAf22PhpU2zGXCF2ECL7J/Lh6Wu/W3InuIcJGm3D7F182UK86stvC/+\n" + "mS9K7AJyX320vHWYsVB/jA9w6cSdlZf454E+wtsS0b+UIMF6fewg2Xb/FYxRsOjp\n" + "ppVpF8/2v6JzDjBhdZkYufR5M43tCEUBBK6TwfXAPfK3v2IDcoW+iOuztW5/cdTs\n" + "rVaGK9YqRDIeFWKNAgMBAAGjUDBOMB0GA1UdDgQWBBRh2Ef5+mRtj2sJHpXWlWai\n" + "D3zNXTAfBgNVHSMEGDAWgBRh2Ef5+mRtj2sJHpXWlWaiD3zNXTAMBgNVHRMEBTAD\n" + "AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAmxdLSlb76yre3VmugMQqybSkJr4+OZm6c\n" + "ES6TQeBzNrbPQhYPAfTUa2i4Cx5r4tMTp1IfUKgtng4qnKyLRgC+BV4zAfSRxbuw\n" + "aqicO1Whtl/Vs2Cdou10EU68kKOxLqNdzfXVVSQ/HxGFJFFJdSLfjpRTcfbORfeh\n" + "BfFQkjdlK8DdX8pPLjHImFKXT/8IpPPq41k2KuIhG3cd2vBNV7n7U793LSE+dPQk\n" + "0jKehPOfiPBl1nWr7ZTF8bYtgxboVsv73E6IoQhPGPnnDF3ISQ5/ulDQNXJr2PI3\n" + "ZYZ4PtSKcBi97BucW7lkt3bWY44TZGVHY1s4EGQFqU4aDyP+aR7Z\n" + "-----END CERTIFICATE-----\n"; + +// Certificate without a subject CN, organisation or organizational unit. +static const char kSelfSignedWithoutSubject[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIC7TCCAdWgAwIBAgIJAOPMcoAKhzZPMA0GCSqGSIb3DQEBCwUAMA0xCzAJBgNV\n" + "BAYTAlVTMB4XDTE3MDEyOTIxNDA1MloXDTE4MDEyOTIxNDA1MlowDTELMAkGA1UE\n" + "BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLn0oths5iUbDN\n" + "h5IssWAf4jBRVh0c7AfVpnsriSdpgMEfApjE4Fcb3ma/8g+f2SB0x7bSLKMfpKZl\n" + "v7tQBuNXsbMcv1l4Ip595ZznSr74Fpuc6K0pqaVUSrgt2EVDp6lx12fFcXMI08Ar\n" + "76v06loe7HnO+cOCAXn3Yd89UznB7w8a+RiJlUzb4vksksSQyxCOYwahx6kuN9vh\n" + "MkjmzoVSbO6vtHktECsq5M2k98GZMmbXimW+lkyqsG3qJnmAYsIapDE1droPp5Cx\n" + "l/tQ95CKEZQDuF4Zv+fgg0eHnnCAhuCPnM8GblOTsAsSjNd8GM+4eJPPtAHdB1nn\n" + "HCYB/QadAgMBAAGjUDBOMB0GA1UdDgQWBBTxlQlna2f2VttJkEoeayPsCF7SxzAf\n" + "BgNVHSMEGDAWgBTxlQlna2f2VttJkEoeayPsCF7SxzAMBgNVHRMEBTADAQH/MA0G\n" + "CSqGSIb3DQEBCwUAA4IBAQBUOmDhs3K1v+tPeO+TWFw8NDfOkcWy6EX+c6K7mSwF\n" + "mJjqWsEUBp+WbTK6RoVjuLucH5mRF3FmRrW/hOnxIWxpHg5/9vodReLDPnUw0Anb\n" + "QoxKgJ41VfD8aGK8GDPOrETwbIR6+d9P6bDKukiuW41Yh5TjXLufaQ1g9C1AIEoG\n" + "88Akr6g9Q0vJJXGl9YcPFz6M1wm3l/lH08v2Ual52elFXYcDcoxhLCOdImmWGlnn\n" + "MYXxdl1ivj3hHgFXxkIbrlYKVSBhwPPgjVYKkimFcZF5Xw7wfmIl/WUtVaRpmkGp\n" + "3TgH7jdRQ1WXlROBct/4Z8jzs7i+Ttk8oxct2r+PdqeZ\n" + "-----END CERTIFICATE-----\n"; + +// Valid PEM certificate headers but invalid BASE64 content. +static const char kInvalidCertificatePEM[] = + "-----BEGIN CERTIFICATE-----\n" + "This is invalid base64.\n" + "It contains some (#$*) invalid characters.\n" + "-----END CERTIFICATE-----\n"; + +// Valid PEM public key headers but invalid BASE64 content. +static const char kInvalidPublicKeyPEM[] = + "-----BEGIN PUBLIC KEY-----\n" + "This is invalid base64.\n" + "It contains some (#$*) invalid characters.\n" + "-----END PUBLIC KEY-----\n"; + +// Valid 2048 bit RSA public key. +static const char kPublicKeyPEM[] = + "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujzwcb5bJuC/A/Y9izGl\n" + "LlA3fnKGbeyn53BdVznJN4fQwU82WKVYdqt8d/1ZDRdYyhGrTgXJeCURe9VSJyX1\n" + "X2a5EApSFsopP8Yjy0Rl6dNOLO84KCW9dPmfHC3uP0ac4hnHT5dUr05YvhJmHCkf\n" + "as6v/aEgpPLDhRF6UruSUh+gIpUg/F3+vlD99HLfbloukoDtQyxW+86s9sO7RQ00\n" + "pd79VOoa/v09FvoS7MFgnBBOtvBQLOXjEH7/qBsnrXFtHBeOtxSLar/FL3OhVXuh\n" + "dUTRyc1Mg0ECtz8zHZugW+LleIm5Bf5Yr0bN1O/HfDPCkDaCldcm6xohEHn9pBaW\n" + "+wIDAQAB\n" + "-----END PUBLIC KEY-----\n"; + +// Valid 2048 bit RSA public key with incorrect PEM headers. +static const char kUnknownPEMHeaders[] = + "-----BEGIN OF SOMETHING-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujzwcb5bJuC/A/Y9izGl\n" + "LlA3fnKGbeyn53BdVznJN4fQwU82WKVYdqt8d/1ZDRdYyhGrTgXJeCURe9VSJyX1\n" + "X2a5EApSFsopP8Yjy0Rl6dNOLO84KCW9dPmfHC3uP0ac4hnHT5dUr05YvhJmHCkf\n" + "as6v/aEgpPLDhRF6UruSUh+gIpUg/F3+vlD99HLfbloukoDtQyxW+86s9sO7RQ00\n" + "pd79VOoa/v09FvoS7MFgnBBOtvBQLOXjEH7/qBsnrXFtHBeOtxSLar/FL3OhVXuh\n" + "dUTRyc1Mg0ECtz8zHZugW+LleIm5Bf5Yr0bN1O/HfDPCkDaCldcm6xohEHn9pBaW\n" + "+wIDAQAB\n" + "-----END OF SOMETHING-----\n"; + +TEST(CertUtilTest, GetX509CertificateFromPEM) { + EXPECT_NE(nullptr, GetX509CertificateFromPEM(kSelfSignedWithCommonNamePEM)); + EXPECT_NE(nullptr, GetX509CertificateFromPEM(kSelfSignedWithoutSubject)); + EXPECT_EQ(nullptr, GetX509CertificateFromPEM(kInvalidCertificatePEM)); + EXPECT_EQ(nullptr, GetX509CertificateFromPEM(kInvalidPublicKeyPEM)); +} + +// Test that the SPKI digest is correctly calculated for valid certificates. +TEST(CertUtilTest, CalculateSPKIHashFromCertificate) { + SPKIHash hash1; + bssl::UniquePtr<X509> cert1 = + GetX509CertificateFromPEM(kSelfSignedWithCommonNamePEM); + EXPECT_TRUE(CalculateSPKIHashFromCertificate(cert1.get(), &hash1)); + std::vector<uint8_t> hash_vector(hash1.data(), hash1.data() + hash1.size()); + EXPECT_THAT( + hash_vector, + testing::ElementsAreArray( + {0xAC, 0xFB, 0x2B, 0xF3, 0x6A, 0x90, 0x47, 0xF1, 0x74, 0xAE, 0xF1, + 0xCE, 0x63, 0x3D, 0xA9, 0x45, 0xCB, 0xA, 0xA7, 0x3F, 0x16, 0x2A, + 0xF3, 0x88, 0x9A, 0xE2, 0x72, 0xC, 0x07, 0x63, 0x45, 0xB0})); + + SPKIHash hash2; + bssl::UniquePtr<X509> cert2 = + GetX509CertificateFromPEM(kSelfSignedWithoutCommonNamePEM); + EXPECT_TRUE(CalculateSPKIHashFromCertificate(cert2.get(), &hash2)); + std::vector<uint8_t> hash_vector2(hash2.data(), hash2.data() + hash2.size()); + EXPECT_THAT( + hash_vector2, + testing::ElementsAreArray( + {0x40, 0xBC, 0xD6, 0xE4, 0x10, 0x70, 0x37, 0x3C, 0xF7, 0x21, 0x51, + 0xD7, 0x27, 0x64, 0xFD, 0xF1, 0xA, 0x89, 0x0, 0xAD, 0x75, 0xDF, + 0xB3, 0xEA, 0x21, 0xFC, 0x6E, 0x67, 0xD5, 0xAE, 0xA4, 0x94})); +} + +// Test that the SPKI digest for public key's are calculated correctly. +TEST(CertUtilTest, CalculateSPKIHashFromKey) { + SPKIHash hash1; + EXPECT_TRUE(CalculateSPKIHashFromKey(kPublicKeyPEM, &hash1)); + std::vector<uint8_t> hash_vector(hash1.data(), hash1.data() + hash1.size()); + EXPECT_THAT( + hash_vector, + testing::ElementsAreArray( + {0x63, 0xB0, 0x21, 0x4, 0x3, 0x13, 0x9E, 0x36, 0xEE, 0xCB, 0x6F, + 0xA5, 0x7A, 0x94, 0x56, 0x18, 0xBA, 0x41, 0x13, 0x8C, 0x4A, 0x48, + 0x99, 0x80, 0x51, 0x66, 0xF8, 0x85, 0x2, 0xFC, 0x48, 0x9E})); + SPKIHash hash2; + EXPECT_FALSE(CalculateSPKIHashFromKey(kInvalidPublicKeyPEM, &hash2)); + + SPKIHash hash3; + EXPECT_FALSE( + CalculateSPKIHashFromKey(kSelfSignedWithoutCommonNamePEM, &hash3)); + + SPKIHash hash4; + EXPECT_FALSE(CalculateSPKIHashFromKey(kUnknownPEMHeaders, &hash4)); +} + +// Test that the subject name is extracted correctly. This should default to the +// subject common name and fall back to the organisation + organizational unit. +TEST(CertUtilTest, ExtractSubjectNameFromCertificate) { + std::string name1; + bssl::UniquePtr<X509> cert1 = + GetX509CertificateFromPEM(kSelfSignedWithCommonNamePEM); + EXPECT_TRUE(ExtractSubjectNameFromCertificate(cert1.get(), &name1)); + + // For certficates with the subject common name field set, we should get the + // value of the subject common name. + EXPECT_EQ("Chromium", name1); + + std::string name2; + bssl::UniquePtr<X509> cert2 = + GetX509CertificateFromPEM(kSelfSignedWithoutCommonNamePEM); + EXPECT_TRUE(ExtractSubjectNameFromCertificate(cert2.get(), &name2)); + + // For certificates without a subject common name field, we should get + // the subject organization + " " + organizational unit instead. + EXPECT_EQ("The Chromium Projects Security", name2); + + std::string name3; + bssl::UniquePtr<X509> cert3 = + GetX509CertificateFromPEM(kSelfSignedWithoutSubject); + EXPECT_FALSE(ExtractSubjectNameFromCertificate(cert3.get(), &name3)); +} + +} // namespace + +} // namespace transport_security_state + +} // namespace net diff --git a/chromium/net/tools/transport_security_state_generator/huffman/huffman_builder_unittest.cc b/chromium/net/tools/transport_security_state_generator/huffman/huffman_builder_unittest.cc new file mode 100644 index 00000000000..04c4a160c1e --- /dev/null +++ b/chromium/net/tools/transport_security_state_generator/huffman/huffman_builder_unittest.cc @@ -0,0 +1,158 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/tools/transport_security_state_generator/huffman/huffman_builder.h" +#include "testing/gmock/include/gmock/gmock.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { + +namespace transport_security_state { + +namespace { + +// Test that there are no Huffman representations that are a prefix for another. +TEST(HuffmanBuilderTest, NoPrefixCollision) { + HuffmanBuilder builder; + HuffmanRepresentationTable encoding; + for (uint8_t i = 0; i <= 127; i++) { + // Make sure all values have an identical count to at least some other + // values. + for (uint8_t j = 0; j <= i % 32; j++) { + builder.RecordUsage(i); + } + } + + encoding = builder.ToTable(); + for (uint8_t i = 0; i <= 127; i++) { + // There should never exist a representation that is a prefix for, or + // identical to, another. + uint32_t mask = 0; + for (uint32_t k = 0; k <= encoding[i].number_of_bits; k++) { + mask = (mask << 1) | 1; + } + mask = mask << (32 - encoding[i].number_of_bits); + + for (uint8_t j = 0; j <= 127; j++) { + if (i == j) { + continue; + } + + uint32_t aligned_i = encoding[i].bits + << (32 - encoding[i].number_of_bits); + uint32_t aligned_j = encoding[j].bits + << (32 - encoding[j].number_of_bits); + EXPECT_NE(aligned_i, aligned_j & mask); + } + } +} + +// Test that all recorded characters get a representation and that no other +// representations are created. +// Note: There is an exception for encodings with less than 2 unique inputs. +TEST(HuffmanBuilderTest, NoMissingInputs) { + HuffmanBuilder builder; + HuffmanRepresentationTable encoding; + for (uint8_t i = 0; i <= 127; i++) { + if (i % 2) { + for (uint8_t j = 0; j <= i % 5; j++) { + builder.RecordUsage(i); + } + } + } + + encoding = builder.ToTable(); + for (uint8_t i = 0; i <= 127; i++) { + if (i % 2) { + EXPECT_NE(encoding.find(i), encoding.cend()); + } else { + EXPECT_EQ(encoding.find(i), encoding.cend()); + } + } +} + +// Test that the representations have optimal order by checking that characters +// with higher counts get shorter (or equal length) representations than those +// with lower counts. +TEST(HuffmanBuilderTest, OptimalCodeOrder) { + HuffmanBuilder builder; + HuffmanRepresentationTable encoding; + for (uint8_t i = 0; i <= 127; i++) { + for (uint8_t j = 0; j <= (i + 1); j++) { + builder.RecordUsage(i); + } + } + + encoding = builder.ToTable(); + for (uint8_t i = 0; i <= 127; i++) { + // The representation for |i| should be longer or have the same length as + // all following representations because they have a higher frequency and + // therefor should never get a longer representation. + for (uint8_t j = i; j <= 127; j++) { + // A representation for the values should exist in the table. + ASSERT_NE(encoding.find(i), encoding.cend()); + ASSERT_NE(encoding.find(j), encoding.cend()); + + EXPECT_GE(encoding[i].number_of_bits, encoding[j].number_of_bits); + } + } +} + +// Test that the ToVector() creates a byte vector that represents the expected +// Huffman Tree. +TEST(HuffmanBuilderTest, ToVector) { + // Build a small tree. + HuffmanBuilder builder; + builder.RecordUsage('a'); + builder.RecordUsage('b'); + builder.RecordUsage('b'); + builder.RecordUsage('c'); + builder.RecordUsage('c'); + builder.RecordUsage('d'); + builder.RecordUsage('d'); + builder.RecordUsage('d'); + builder.RecordUsage('e'); + builder.RecordUsage('e'); + builder.RecordUsage('e'); + + std::vector<uint8_t> output = builder.ToVector(); + + // This represents 4 nodes (4 groups of 2 uint8_t's) which, when decoded, + // yields the expected Huffman Tree: + // root (node 3) + // / \ + // node 1 node 2 + // / \ / \ + // 0xE3 (c) node 0 0xE4 (d) 0xE5 (e) + // / \ + // 0xE1 (a) 0xE2 (b) + EXPECT_THAT(output, testing::ElementsAre(0xE1, 0xE2, 0xE3, 0x0, 0xE4, 0xE5, + 0x1, 0x2)); +} + +// The ToVector() logic requires at least 2 unique inputs to construct the +// vector. Test that nodes are appended when there are less than 2 unique +// inputs. +TEST(HuffmanBuilderTest, ToVectorSingle) { + // Build a single element tree. Another element should be added automatically. + HuffmanBuilder builder; + builder.RecordUsage('a'); + + std::vector<uint8_t> output = builder.ToVector(); + + // This represents 1 node (1 group of 2 uint8_t's) which, when decoded, + // yields the expected Huffman Tree: + // root (node 0) + // / \ + // 0x80 (\0) 0xE1 (a) + // + // Note: the node \0 node was appended to the tree. + EXPECT_THAT(output, testing::ElementsAre(0x80, 0xE1)); +} + +} // namespace + +} // namespace transport_security_state + +} // namespace net diff --git a/chromium/net/tools/transport_security_state_generator/input_file_parsers.cc b/chromium/net/tools/transport_security_state_generator/input_file_parsers.cc new file mode 100644 index 00000000000..0d2ef47fe0b --- /dev/null +++ b/chromium/net/tools/transport_security_state_generator/input_file_parsers.cc @@ -0,0 +1,392 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/tools/transport_security_state_generator/input_file_parsers.h" + +#include <sstream> +#include <vector> + +#include "base/json/json_reader.h" +#include "base/strings/string_number_conversions.h" +#include "base/strings/string_piece.h" +#include "base/strings/string_split.h" +#include "base/strings/string_util.h" +#include "base/values.h" +#include "net/tools/transport_security_state_generator/cert_util.h" +#include "net/tools/transport_security_state_generator/pinset.h" +#include "net/tools/transport_security_state_generator/pinsets.h" +#include "net/tools/transport_security_state_generator/spki_hash.h" +#include "third_party/boringssl/src/include/openssl/x509v3.h" + +namespace net { + +namespace transport_security_state { + +namespace { + +bool IsImportantWordInCertificateName(base::StringPiece name) { + const char* const important_words[] = {"Universal", "Global", "EV", "G1", + "G2", "G3", "G4", "G5"}; + for (auto* important_word : important_words) { + if (name == important_word) { + return true; + } + } + return false; +} + +// Strips all characters not matched by the RegEx [A-Za-z0-9_] from |name| and +// returns the result. +std::string FilterName(base::StringPiece name) { + std::string filtered; + for (const char& character : name) { + if ((character >= '0' && character <= '9') || + (character >= 'a' && character <= 'z') || + (character >= 'A' && character <= 'Z') || character == '_') { + filtered += character; + } + } + return base::ToLowerASCII(filtered); +} + +// Returns true if |pin_name| is a reasonable match for the certificate name +// |name|. +bool MatchCertificateName(base::StringPiece name, base::StringPiece pin_name) { + std::vector<base::StringPiece> words = base::SplitStringPiece( + name, " ", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); + if (words.empty()) { + LOG(ERROR) << "No words in certificate name for pin " + << pin_name.as_string(); + return false; + } + base::StringPiece first_word = words[0]; + + if (first_word.ends_with(",")) { + first_word = first_word.substr(0, first_word.size() - 1); + } + + if (first_word.starts_with("*.")) { + first_word = first_word.substr(2, first_word.size() - 2); + } + + size_t pos = first_word.find('.'); + if (pos != std::string::npos) { + first_word = first_word.substr(0, first_word.size() - pos); + } + + pos = first_word.find('-'); + if (pos != std::string::npos) { + first_word = first_word.substr(0, first_word.size() - pos); + } + + if (first_word.empty()) { + LOG(ERROR) << "First word of certificate name (" << name.as_string() + << ") is empty"; + return false; + } + + std::string filtered_word = FilterName(first_word); + first_word = filtered_word; + if (!base::EqualsCaseInsensitiveASCII(pin_name.substr(0, first_word.size()), + first_word)) { + LOG(ERROR) << "The first word of the certificate name (" + << first_word.as_string() + << ") isn't a prefix of the variable name (" + << pin_name.as_string() << ")"; + return false; + } + + for (size_t i = 0; i < words.size(); ++i) { + const base::StringPiece& word = words[i]; + if (word == "Class" && (i + 1) < words.size()) { + std::string class_name = word.as_string(); + words[i + 1].AppendToString(&class_name); + + size_t pos = pin_name.find(class_name); + if (pos == std::string::npos) { + LOG(ERROR) + << "Certficate class specification doesn't appear in the variable " + "name (" + << pin_name.as_string() << ")"; + return false; + } + } else if (word.size() == 1 && word[0] >= '0' && word[0] <= '9') { + size_t pos = pin_name.find(word); + if (pos == std::string::npos) { + LOG(ERROR) << "Number doesn't appear in the certificate variable name (" + << pin_name.as_string() << ")"; + return false; + } + } else if (IsImportantWordInCertificateName(word)) { + size_t pos = pin_name.find(word); + if (pos == std::string::npos) { + LOG(ERROR) << word.as_string() + + " doesn't appear in the certificate variable name (" + << pin_name.as_string() << ")"; + return false; + } + } + } + + return true; +} + +// Returns true iff |candidate| is not empty, the first character is in the +// range A-Z, and the remaining characters are in the ranges a-Z, 0-9, or '_'. +bool IsValidName(base::StringPiece candidate) { + if (candidate.empty() || candidate[0] < 'A' || candidate[0] > 'Z') { + return false; + } + + bool isValid = true; + for (const char& character : candidate) { + isValid = (character >= '0' && character <= '9') || + (character >= 'a' && character <= 'z') || + (character >= 'A' && character <= 'Z') || character == '_'; + if (!isValid) { + return false; + } + } + return true; +} + +static const char kStartOfCert[] = "-----BEGIN CERTIFICATE"; +static const char kStartOfPublicKey[] = "-----BEGIN PUBLIC KEY"; +static const char kEndOfCert[] = "-----END CERTIFICATE"; +static const char kEndOfPublicKey[] = "-----END PUBLIC KEY"; +static const char kStartOfSHA256[] = "sha256/"; + +enum class CertificateParserState { + PRE_NAME, + POST_NAME, + IN_CERTIFICATE, + IN_PUBLIC_KEY +}; + +} // namespace + +bool ParseCertificatesFile(base::StringPiece certs_input, Pinsets* pinsets) { + std::string line; + CertificateParserState current_state = CertificateParserState::PRE_NAME; + + const base::CompareCase& compare_mode = base::CompareCase::INSENSITIVE_ASCII; + std::string name; + std::string buffer; + std::string subject_name; + bssl::UniquePtr<X509> certificate; + SPKIHash hash; + + for (const base::StringPiece& line : SplitStringPiece( + certs_input, "\n", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL)) { + if (line[0] == '#') { + continue; + } + + if (line.empty() && current_state == CertificateParserState::PRE_NAME) { + continue; + } + + switch (current_state) { + case CertificateParserState::PRE_NAME: + if (!IsValidName(line)) { + LOG(ERROR) << "Invalid name in pins file: " << line; + return false; + } + name = line.as_string(); + current_state = CertificateParserState::POST_NAME; + break; + case CertificateParserState::POST_NAME: + if (base::StartsWith(line, kStartOfSHA256, compare_mode)) { + if (!hash.FromString(line)) { + LOG(ERROR) << "Invalid hash value in pins file for " << name; + return false; + } + + pinsets->RegisterSPKIHash(name, hash); + current_state = CertificateParserState::PRE_NAME; + } else if (base::StartsWith(line, kStartOfCert, compare_mode)) { + buffer = line.as_string() + '\n'; + current_state = CertificateParserState::IN_CERTIFICATE; + } else if (base::StartsWith(line, kStartOfPublicKey, compare_mode)) { + buffer = line.as_string() + '\n'; + current_state = CertificateParserState::IN_PUBLIC_KEY; + } else { + LOG(ERROR) << "Invalid value in pins file for " << name; + return false; + } + break; + case CertificateParserState::IN_CERTIFICATE: + buffer += line.as_string() + '\n'; + if (!base::StartsWith(line, kEndOfCert, compare_mode)) { + continue; + } + + certificate = GetX509CertificateFromPEM(buffer); + if (!certificate) { + LOG(ERROR) << "Could not parse certificate " << name; + return false; + } + + if (!CalculateSPKIHashFromCertificate(certificate.get(), &hash)) { + LOG(ERROR) << "Could not extract SPKI from certificate " << name; + return false; + } + + if (!ExtractSubjectNameFromCertificate(certificate.get(), + &subject_name)) { + LOG(ERROR) << "Could not extract name from certificate " << name; + return false; + } + + if (!MatchCertificateName(subject_name, name)) { + LOG(ERROR) << name << " is not a reasonable name for " + << subject_name; + return false; + } + + pinsets->RegisterSPKIHash(name, hash); + current_state = CertificateParserState::PRE_NAME; + break; + case CertificateParserState::IN_PUBLIC_KEY: + buffer += line.as_string() + '\n'; + if (!base::StartsWith(line, kEndOfPublicKey, compare_mode)) { + continue; + } + + if (!CalculateSPKIHashFromKey(buffer, &hash)) { + LOG(ERROR) << "Could not parse the public key for " << name; + return false; + } + + pinsets->RegisterSPKIHash(name, hash); + current_state = CertificateParserState::PRE_NAME; + break; + default: + DCHECK(false) << "Unknown parser state"; + } + } + + return true; +} + +bool ParseJSON(base::StringPiece json, + TransportSecurityStateEntries* entries, + Pinsets* pinsets, + DomainIDList* domain_ids) { + std::unique_ptr<base::Value> value = base::JSONReader::Read(json); + base::DictionaryValue* dict_value = nullptr; + if (!value.get() || !value->GetAsDictionary(&dict_value)) { + LOG(ERROR) << "Could not parse the input JSON file"; + return false; + } + + const base::ListValue* preload_entries = nullptr; + if (!dict_value->GetList("entries", &preload_entries)) { + LOG(ERROR) << "Could not parse the entries in the input JSON"; + return false; + } + + for (size_t i = 0; i < preload_entries->GetSize(); ++i) { + const base::DictionaryValue* parsed = nullptr; + if (!preload_entries->GetDictionary(i, &parsed)) { + LOG(ERROR) << "Could not parse entry " << base::SizeTToString(i) + << " in the input JSON"; + return false; + } + + std::unique_ptr<TransportSecurityStateEntry> entry( + new TransportSecurityStateEntry()); + + if (!parsed->GetString("name", &entry->hostname)) { + LOG(ERROR) << "Could not extract the hostname for entry " + << base::SizeTToString(i) << " from the input JSON"; + return false; + } + + parsed->GetBoolean("include_subdomains", &entry->include_subdomains); + std::string mode; + parsed->GetString("mode", &mode); + entry->force_https = (mode == "force-https"); + parsed->GetBoolean("include_subdomains_for_pinning", + &entry->hpkp_include_subdomains); + parsed->GetString("pins", &entry->pinset); + parsed->GetBoolean("expect_ct", &entry->expect_ct); + parsed->GetString("expect_ct_report_uri", &entry->expect_ct_report_uri); + parsed->GetBoolean("expect_staple", &entry->expect_staple); + parsed->GetBoolean("include_subdomains_for_expect_staple", + &entry->expect_staple_include_subdomains); + parsed->GetString("expect_staple_report_uri", + &entry->expect_staple_report_uri); + + entries->push_back(std::move(entry)); + } + + const base::ListValue* pinsets_list = nullptr; + if (!dict_value->GetList("pinsets", &pinsets_list)) { + LOG(ERROR) << "Could not parse the pinsets in the input JSON"; + return false; + } + + for (size_t i = 0; i < pinsets_list->GetSize(); ++i) { + const base::DictionaryValue* parsed = nullptr; + if (!pinsets_list->GetDictionary(i, &parsed)) { + LOG(ERROR) << "Could not parse pinset " << base::SizeTToString(i) + << " in the input JSON"; + return false; + } + + std::string name; + if (!parsed->GetString("name", &name)) { + LOG(ERROR) << "Could not extract the name for pinset " + << base::SizeTToString(i) << " from the input JSON"; + return false; + } + + std::string report_uri; + parsed->GetString("report_uri", &report_uri); + + std::unique_ptr<Pinset> pinset(new Pinset(name, report_uri)); + + const base::ListValue* pinset_static_hashes_list = nullptr; + if (parsed->GetList("static_spki_hashes", &pinset_static_hashes_list)) { + for (size_t i = 0; i < pinset_static_hashes_list->GetSize(); ++i) { + std::string hash; + pinset_static_hashes_list->GetString(i, &hash); + pinset->AddStaticSPKIHash(hash); + } + } + + const base::ListValue* pinset_bad_static_hashes_list = nullptr; + if (parsed->GetList("bad_static_spki_hashes", + &pinset_bad_static_hashes_list)) { + for (size_t i = 0; i < pinset_bad_static_hashes_list->GetSize(); ++i) { + std::string hash; + pinset_bad_static_hashes_list->GetString(i, &hash); + pinset->AddBadStaticSPKIHash(hash); + } + } + + pinsets->RegisterPinset(std::move(pinset)); + } + + // TODO(Martijnc): Remove the domain IDs from the preload format. + // https://crbug.com/661206. + const base::ListValue* domain_ids_list = nullptr; + if (!dict_value->GetList("domain_ids", &domain_ids_list)) { + LOG(ERROR) << "Could not parse the domain IDs in the input JSON"; + return false; + } + + for (size_t i = 0; i < domain_ids_list->GetSize(); ++i) { + std::string domain; + domain_ids_list->GetString(i, &domain); + domain_ids->push_back(domain); + } + + return true; +} + +} // namespace transport_security_state + +} // namespace net diff --git a/chromium/net/tools/transport_security_state_generator/input_file_parsers.h b/chromium/net/tools/transport_security_state_generator/input_file_parsers.h new file mode 100644 index 00000000000..4cacf38cacb --- /dev/null +++ b/chromium/net/tools/transport_security_state_generator/input_file_parsers.h @@ -0,0 +1,41 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_TOOLS_TRANSPORT_SECURITY_STATE_INPUT_FILE_PARSERS_H_ +#define NET_TOOLS_TRANSPORT_SECURITY_STATE_INPUT_FILE_PARSERS_H_ + +#include <string> + +#include "base/strings/string_piece.h" +#include "net/tools/transport_security_state_generator/transport_security_state_entry.h" + +namespace net { + +namespace transport_security_state { + +class Pinsets; + +// Extracts SPKI information from the preloaded pins file. The SPKI's can be +// in the form of a PEM certificate, a PEM public key, or a BASE64 string. +// +// More info on the format can be found in +// net/http/transport_security_state_static.pins +bool ParseCertificatesFile(base::StringPiece certs_input, Pinsets* pinsets); + +// Parses the |json| string and copies the items under the "entries" key to +// |entries|, the pinsets under the "pinsets" key to |pinsets|, and the domain +// IDs under the "domain_ids" key to |domain_ids|. +// +// More info on the format can be found in +// net/http/transport_security_state_static.json +bool ParseJSON(base::StringPiece json, + TransportSecurityStateEntries* entries, + Pinsets* pinsets, + DomainIDList* domain_ids); + +} // namespace transport_security_state + +} // namespace net + +#endif // NET_TOOLS_TRANSPORT_SECURITY_STATE_INPUT_FILE_PARSERS_H_ diff --git a/chromium/net/tools/transport_security_state_generator/input_file_parsers_unittest.cc b/chromium/net/tools/transport_security_state_generator/input_file_parsers_unittest.cc new file mode 100644 index 00000000000..f53f0763547 --- /dev/null +++ b/chromium/net/tools/transport_security_state_generator/input_file_parsers_unittest.cc @@ -0,0 +1,369 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <string> + +#include "net/tools/transport_security_state_generator/input_file_parsers.h" +#include "net/tools/transport_security_state_generator/pinsets.h" +#include "net/tools/transport_security_state_generator/transport_security_state_entry.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { + +namespace transport_security_state { + +namespace { + +// Test that all values are correctly parsed from a valid JSON input. +TEST(InputFileParsersTest, ParseJSON) { + std::string valid = + "{" + " \"pinsets\": [{" + " \"name\": \"test\"," + " \"static_spki_hashes\": [\"TestSPKI\"]," + " \"bad_static_spki_hashes\": [\"BadTestSPKI\"]," + " \"report_uri\": \"https://hpkp-log.example.com\"" + " }]," + " \"entries\": [" + " {" + " \"name\": \"hsts.example.com\"," + " \"mode\": \"force-https\", " + " \"include_subdomains\": true" + " }, {" + " \"name\": \"hsts-no-subdomains.example.com\"," + " \"mode\": \"force-https\", " + " \"include_subdomains\": false" + " }, {" + " \"name\": \"hpkp.example.com\"," + " \"pins\": \"thepinset\"," + " \"include_subdomains_for_pinning\": true" + " }, {" + " \"name\": \"hpkp-no-subdomains.example.com\"," + " \"pins\": \"thepinset2\", " + " \"include_subdomains_for_pinning\": false" + " }, {" + " \"name\": \"expect-ct.example.com\"," + " \"expect_ct\": true," + " \"expect_ct_report_uri\": \"https://expect-ct-log.example.com\"" + " }, {" + " \"name\": \"expect-staple.example.com\"," + " \"expect_staple\": true," + " \"expect_staple_report_uri\": " + "\"https://expect-staple-log.example.com\"," + " \"include_subdomains_for_expect_staple\": true" + " }, {" + " \"name\": \"expect-staple-no-subdomains.example.com\"," + " \"expect_staple\": true," + " \"include_subdomains_for_expect_staple\": false" + " }" + " ]," + " \"domain_ids\": [" + " \"NOT_PINNED\"," + " \"EXAMPLE_COM\"" + " ]" + "}"; + + TransportSecurityStateEntries entries; + Pinsets pinsets; + DomainIDList domain_ids; + + EXPECT_TRUE(ParseJSON(valid, &entries, &pinsets, &domain_ids)); + + ASSERT_EQ(1U, pinsets.size()); + PinsetMap::const_iterator pinset = pinsets.pinsets().find("test"); + ASSERT_NE(pinset, pinsets.pinsets().cend()); + EXPECT_EQ("test", pinset->second->name()); + EXPECT_EQ("https://hpkp-log.example.com", pinset->second->report_uri()); + + ASSERT_EQ(1U, pinset->second->static_spki_hashes().size()); + EXPECT_EQ("TestSPKI", pinset->second->static_spki_hashes()[0]); + + ASSERT_EQ(1U, pinset->second->bad_static_spki_hashes().size()); + EXPECT_EQ("BadTestSPKI", pinset->second->bad_static_spki_hashes()[0]); + + ASSERT_EQ(7U, entries.size()); + TransportSecurityStateEntry* entry = entries[0].get(); + EXPECT_EQ("hsts.example.com", entry->hostname); + EXPECT_TRUE(entry->force_https); + EXPECT_TRUE(entry->include_subdomains); + EXPECT_FALSE(entry->hpkp_include_subdomains); + EXPECT_EQ("", entry->pinset); + EXPECT_FALSE(entry->expect_ct); + EXPECT_EQ("", entry->expect_ct_report_uri); + EXPECT_FALSE(entry->expect_staple); + EXPECT_FALSE(entry->expect_staple_include_subdomains); + EXPECT_EQ("", entry->expect_staple_report_uri); + + entry = entries[1].get(); + EXPECT_EQ("hsts-no-subdomains.example.com", entry->hostname); + EXPECT_TRUE(entry->force_https); + EXPECT_FALSE(entry->include_subdomains); + EXPECT_FALSE(entry->hpkp_include_subdomains); + EXPECT_EQ("", entry->pinset); + EXPECT_FALSE(entry->expect_ct); + EXPECT_EQ("", entry->expect_ct_report_uri); + EXPECT_FALSE(entry->expect_staple); + EXPECT_FALSE(entry->expect_staple_include_subdomains); + EXPECT_EQ("", entry->expect_staple_report_uri); + + entry = entries[2].get(); + EXPECT_EQ("hpkp.example.com", entry->hostname); + EXPECT_FALSE(entry->force_https); + EXPECT_FALSE(entry->include_subdomains); + EXPECT_TRUE(entry->hpkp_include_subdomains); + EXPECT_EQ("thepinset", entry->pinset); + EXPECT_FALSE(entry->expect_ct); + EXPECT_EQ("", entry->expect_ct_report_uri); + EXPECT_FALSE(entry->expect_staple); + EXPECT_FALSE(entry->expect_staple_include_subdomains); + EXPECT_EQ("", entry->expect_staple_report_uri); + + entry = entries[3].get(); + EXPECT_EQ("hpkp-no-subdomains.example.com", entry->hostname); + EXPECT_FALSE(entry->force_https); + EXPECT_FALSE(entry->include_subdomains); + EXPECT_FALSE(entry->hpkp_include_subdomains); + EXPECT_EQ("thepinset2", entry->pinset); + EXPECT_FALSE(entry->expect_ct); + EXPECT_EQ("", entry->expect_ct_report_uri); + EXPECT_FALSE(entry->expect_staple); + EXPECT_FALSE(entry->expect_staple_include_subdomains); + EXPECT_EQ("", entry->expect_staple_report_uri); + + entry = entries[4].get(); + EXPECT_EQ("expect-ct.example.com", entry->hostname); + EXPECT_FALSE(entry->force_https); + EXPECT_FALSE(entry->include_subdomains); + EXPECT_FALSE(entry->hpkp_include_subdomains); + EXPECT_EQ("", entry->pinset); + EXPECT_TRUE(entry->expect_ct); + EXPECT_EQ("https://expect-ct-log.example.com", entry->expect_ct_report_uri); + EXPECT_FALSE(entry->expect_staple); + EXPECT_FALSE(entry->expect_staple_include_subdomains); + EXPECT_EQ("", entry->expect_staple_report_uri); + + entry = entries[5].get(); + EXPECT_EQ("expect-staple.example.com", entry->hostname); + EXPECT_FALSE(entry->force_https); + EXPECT_FALSE(entry->include_subdomains); + EXPECT_FALSE(entry->hpkp_include_subdomains); + EXPECT_EQ("", entry->pinset); + EXPECT_FALSE(entry->expect_ct); + EXPECT_EQ("", entry->expect_ct_report_uri); + EXPECT_TRUE(entry->expect_staple); + EXPECT_TRUE(entry->expect_staple_include_subdomains); + EXPECT_EQ("https://expect-staple-log.example.com", + entry->expect_staple_report_uri); + + entry = entries[6].get(); + EXPECT_EQ("expect-staple-no-subdomains.example.com", entry->hostname); + EXPECT_FALSE(entry->force_https); + EXPECT_FALSE(entry->include_subdomains); + EXPECT_FALSE(entry->hpkp_include_subdomains); + EXPECT_EQ("", entry->pinset); + EXPECT_FALSE(entry->expect_ct); + EXPECT_EQ("", entry->expect_ct_report_uri); + EXPECT_TRUE(entry->expect_staple); + EXPECT_FALSE(entry->expect_staple_include_subdomains); + EXPECT_EQ("", entry->expect_staple_report_uri); + + ASSERT_EQ(2U, domain_ids.size()); + EXPECT_EQ("NOT_PINNED", domain_ids[0]); + EXPECT_EQ("EXAMPLE_COM", domain_ids[1]); +} + +// Test that parsing valid JSON with missing keys fails. +TEST(InputFileParsersTest, ParseJSONInvalid) { + TransportSecurityStateEntries entries; + Pinsets pinsets; + DomainIDList domain_ids; + + std::string no_pinsets = + "{" + " \"entries\": []," + " \"domain_ids\": []" + "}"; + + EXPECT_FALSE(ParseJSON(no_pinsets, &entries, &pinsets, &domain_ids)); + + std::string no_entries = + "{" + " \"pinsets\": []," + " \"domain_ids\": []" + "}"; + + EXPECT_FALSE(ParseJSON(no_entries, &entries, &pinsets, &domain_ids)); + + std::string no_domain_ids = + "{" + " \"pinsets\": []," + " \"entries\": []" + "}\n"; + + EXPECT_FALSE(ParseJSON(no_domain_ids, &entries, &pinsets, &domain_ids)); + + std::string missing_hostname = + "{" + " \"pinsets\": []," + " \"entries\": [" + " {" + " \"mode\": \"force-https\"" + " }" + " ]," + " \"domain_ids\": []" + "}"; + + EXPECT_FALSE(ParseJSON(missing_hostname, &entries, &pinsets, &domain_ids)); +} + +// Test that parsing valid JSON with an invalid (HPKP) pinset fails. +TEST(InputFileParsersTest, ParseJSONInvalidPinset) { + TransportSecurityStateEntries entries; + Pinsets pinsets; + DomainIDList domain_ids; + + std::string missing_pinset_name = + "{" + " \"pinsets\": [{" + " \"static_spki_hashes\": [\"TestSPKI\"]," + " \"bad_static_spki_hashes\": [\"BadTestSPKI\"]," + " \"report_uri\": \"https://hpkp-log.example.com\"" + " }]," + " \"entries\": []," + " \"domain_ids\": []" + "}"; + + EXPECT_FALSE(ParseJSON(missing_pinset_name, &entries, &pinsets, &domain_ids)); +} + +// Test parsing of all 3 SPKI formats. +TEST(InputFileParsersTest, ParseCertificatesFile) { + std::string valid = + "# This line should ignored. The rest should result in 3 pins.\n" + "TestPublicKey1\n" + "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\n" + "\n" + "TestPublicKey2\n" + "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujzwcb5bJuC/A/Y9izGl\n" + "LlA3fnKGbeyn53BdVznJN4fQwU82WKVYdqt8d/1ZDRdYyhGrTgXJeCURe9VSJyX1\n" + "X2a5EApSFsopP8Yjy0Rl6dNOLO84KCW9dPmfHC3uP0ac4hnHT5dUr05YvhJmHCkf\n" + "as6v/aEgpPLDhRF6UruSUh+gIpUg/F3+vlD99HLfbloukoDtQyxW+86s9sO7RQ00\n" + "pd79VOoa/v09FvoS7MFgnBBOtvBQLOXjEH7/qBsnrXFtHBeOtxSLar/FL3OhVXuh\n" + "dUTRyc1Mg0ECtz8zHZugW+LleIm5Bf5Yr0bN1O/HfDPCkDaCldcm6xohEHn9pBaW\n" + "+wIDAQAB\n" + "-----END PUBLIC KEY-----\n" + "\n" + "# The 'Chromium' prefix is required here.\n" + "ChromiumTestCertificate3\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIDeTCCAmGgAwIBAgIJAMRHXuiAgufAMA0GCSqGSIb3DQEBCwUAMFMxETAPBgNV\n" + "BAMMCENocm9taXVtMR4wHAYDVQQKDBVUaGUgQ2hyb21pdW0gUHJvamVjdHMxETAP\n" + "BgNVBAsMCFNlY3VyaXR5MQswCQYDVQQGEwJVUzAeFw0xNzAyMDExOTAyMzFaFw0x\n" + "ODAyMDExOTAyMzFaMFMxETAPBgNVBAMMCENocm9taXVtMR4wHAYDVQQKDBVUaGUg\n" + "Q2hyb21pdW0gUHJvamVjdHMxETAPBgNVBAsMCFNlY3VyaXR5MQswCQYDVQQGEwJV\n" + "UzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALtggpf5vNVsmQrJKTQe\n" + "ynTeOzVOyROGDugGtR+Cri8WlNg1UAlIyYIS8txZ4oCknsT8gs3TFfu0wxmWNxx5\n" + "4oLGy2BQOHH00dgBAsKgqX//mY4mH5AZ85UFYni1hj9aszIJMIBWtgbNGVkppW65\n" + "8maF1KVdHmxXMvtKxn/9UsusH/A0ng5UJDYBPISQMv0XqIlv0wdVTIVWIcQhOjWz\n" + "MGwFDSjxS1WgEnPgd4Qi7MYaDbUTsXGtWba83vZJ8CQzjLumSJJCnz2aquGmraX0\n" + "J0joUjB4fuYL8xrbDqnFmADvozMMVkZ4843w8ikvJkM8nWoIXexVvirfXDoqtdUo\n" + "YOcCAwEAAaNQME4wHQYDVR0OBBYEFGJ6O/oLtzpb4OWvrEFxieYb1JbsMB8GA1Ud\n" + "IwQYMBaAFGJ6O/oLtzpb4OWvrEFxieYb1JbsMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n" + "hvcNAQELBQADggEBAFpt9jlBT6OsfKFAJZnmExbW8JlsqXOJAaR+nD1XOnp6o+DM\n" + "NIguj9+wJOW34OM+2Om0n+KMYbDER0p4g3gxoaDblu7otgnC0OTOnx3DPUYab0jr\n" + "uT6O4C3/nfWW5sl3Ni3Y99dmdcqKcmYkHsr7uADLPWsjb+sfUrQQfHHnPwzyUz/A\n" + "w4rSJ0wxnLOmjk5F5YHMLkNpPrzFA1mFyGIau7THsRIr3B632MLNcOlNR21nOc7i\n" + "eB4u+OzpcZXuiQg3bqrNp6Xb70OIW1rfNEiCpps4UZyRnZ/nrzByxeHH5zPWWZk9\n" + "nZtxI+65PFOekOjBpbnRC8v1CfOmUSVKIqWaPys=\n" + "-----END CERTIFICATE-----"; + + Pinsets pinsets; + EXPECT_TRUE(ParseCertificatesFile(valid, &pinsets)); + EXPECT_EQ(3U, pinsets.spki_size()); + + const SPKIHashMap& hashes = pinsets.spki_hashes(); + EXPECT_NE(hashes.cend(), hashes.find("TestPublicKey1")); + EXPECT_NE(hashes.cend(), hashes.find("TestPublicKey2")); + EXPECT_NE(hashes.cend(), hashes.find("ChromiumTestCertificate3")); +} + +TEST(InputFileParsersTest, ParseCertificatesFileInvalid) { + Pinsets pinsets; + + std::string invalid = + "TestName\n" + "unexpected"; + EXPECT_FALSE(ParseCertificatesFile(invalid, &pinsets)); +} + +// Test that parsing invalid certificate names fails. +TEST(InputFileParsersTest, ParseCertificatesFileInvalidName) { + Pinsets pinsets; + + std::string invalid_name_small_character = + "startsWithSmallLetter\n" + "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\n"; + EXPECT_FALSE(ParseCertificatesFile(invalid_name_small_character, &pinsets)); + + std::string invalid_name_invalid_characters = + "Invalid-Characters-In-Name\n" + "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\n"; + EXPECT_FALSE( + ParseCertificatesFile(invalid_name_invalid_characters, &pinsets)); + + std::string invalid_name_number = + "1InvalidName\n" + "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\n"; + EXPECT_FALSE(ParseCertificatesFile(invalid_name_number, &pinsets)); + + std::string invalid_name_space = + "Invalid Name\n" + "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\n"; + EXPECT_FALSE(ParseCertificatesFile(invalid_name_space, &pinsets)); +} + +// Test that parsing of a certificate with an incomplete or incorrect name +// fails. +TEST(InputFileParsersTest, ParseCertificatesFileInvalidCertificateName) { + Pinsets pinsets; + std::string certificate = + "-----BEGIN CERTIFICATE-----\n" + "MIIDIzCCAgugAwIBAgIJALs84KlxWh4GMA0GCSqGSIb3DQEBCwUAMCgxGTAXBgNV\n" + "BAoMEENocm9taXVtIENsYXNzIDMxCzAJBgNVBAsMAkcxMB4XDTE3MDIwMTE5NTUw\n" + "NVoXDTE4MDIwMTE5NTUwNVowKDEZMBcGA1UECgwQQ2hyb21pdW0gQ2xhc3MgMzEL\n" + "MAkGA1UECwwCRzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkolrR\n" + "7gCPm22Cc9psS2Jh1mksVneee5ntEezZ2gEU20y9Z9URBReo8SFvaZcgKkAkca1v\n" + "552YIG+FBO/u8njxzlHXvuVJ5x2geciqqR4TRhA4jO1ndrNW6nlJfOoYueWbdym3\n" + "8zwugoULoCtyLyzdiMI5g8iVBQHDh8+K3TZIHar3HS49TjX5u5nv4igO4RfDcFUa\n" + "h8g+6x5nWoFF8oa3FG0YTN+q6iI1i2JHmj/q03fVPv3WLPGJ3JADau9gO1Lw1/qf\n" + "R/N3l4MVtjDFFGYzclfqW2UmL6zRirEV0GF2gwSBAGVX3WWhpOcM8rFIWYkZCsI5\n" + "iUdtwFNBfcKS9sNpAgMBAAGjUDBOMB0GA1UdDgQWBBTm4VJfibducqwb9h4XELn3\n" + "p6zLVzAfBgNVHSMEGDAWgBTm4VJfibducqwb9h4XELn3p6zLVzAMBgNVHRMEBTAD\n" + "AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQApTm40RfsZG20IIgWJ62pZ2end/lvaneTh\n" + "MZSgFnoTRjKkd/5dh22YyKPw9PnpIuiyi85L36COreqZUvbxqRQnpL1oSCRlLBJQ\n" + "2LcGlF0j0Opa+SY2VWup4XjnYF8CvwMl4obNpSuywTFmkXCRxzN23tn8whNHvWHM\n" + "BQ7abw8X1KY02uPbHucrpou6KXkKkhyhfML8OD8IRkSM56K6YyedqV97cmEdW0Ie\n" + "LlpFJQVX13bmojtSNI1zaiCiEenn5xLa/dAlyFT18Mq6y8plioBinVWFYd0qcRoA\n" + "E2j3m+jTVIv3CZ+ivGxggZQ8ZYN8FJ/iTW3pXGojogHh0NRJJ8dM\n" + "-----END CERTIFICATE-----"; + + std::string missing_prefix = "Class3_G1_Test\n" + certificate; + EXPECT_FALSE(ParseCertificatesFile(missing_prefix, &pinsets)); + + std::string missing_class = "Chromium_G1_Test\n" + certificate; + EXPECT_FALSE(ParseCertificatesFile(missing_class, &pinsets)); + + std::string missing_number = "Chromium_Class3_Test\n" + certificate; + EXPECT_FALSE(ParseCertificatesFile(missing_number, &pinsets)); + + std::string valid = "Chromium_Class3_G1_Test\n" + certificate; + EXPECT_TRUE(ParseCertificatesFile(valid, &pinsets)); +} + +} // namespace + +} // namespace transport_security_state + +} // namespace net diff --git a/chromium/net/tools/transport_security_state_generator/preloaded_state_generator.cc b/chromium/net/tools/transport_security_state_generator/preloaded_state_generator.cc index b1bcabbe05f..79b19569621 100644 --- a/chromium/net/tools/transport_security_state_generator/preloaded_state_generator.cc +++ b/chromium/net/tools/transport_security_state_generator/preloaded_state_generator.cc @@ -100,7 +100,7 @@ std::string WritePinsetList(const std::string& name, output.append(kIndent); output.append(kIndent); - output.append("NULL,"); + output.append("nullptr,"); output.append(kNewLine); output.append("};"); @@ -271,7 +271,7 @@ void PreloadedStateGenerator::ProcessExpectCTURIs( output.append(kIndent); output.append(kIndent); - output.append("NULL,"); + output.append("nullptr,"); output.append(kNewLine); output.append("}"); @@ -303,7 +303,7 @@ void PreloadedStateGenerator::ProcessExpectStapleURIs( output.append(kIndent); output.append(kIndent); - output.append("NULL,"); + output.append("nullptr,"); output.append(kNewLine); output.append("}"); diff --git a/chromium/net/tools/transport_security_state_generator/resources/transport_security_state_static.template b/chromium/net/tools/transport_security_state_generator/resources/transport_security_state_static.template index be15c425218..1d33a46a59a 100644 --- a/chromium/net/tools/transport_security_state_generator/resources/transport_security_state_static.template +++ b/chromium/net/tools/transport_security_state_generator/resources/transport_security_state_static.template @@ -9,6 +9,8 @@ #include <stdint.h> +#include "net/http/transport_security_state_source.h" + enum SecondLevelDomainName [[DOMAIN_IDS]]; // These are SubjectPublicKeyInfo hashes for public key pinning. The @@ -21,7 +23,7 @@ static const char* const kExpectStapleReportURIs[] = [[EXPECT_STAPLE_REPORT_URIS // kNoRejectedPublicKeys is a placeholder for when no public keys are rejected. static const char* const kNoRejectedPublicKeys[] = { - NULL, + nullptr, }; // kNoReportURI is a placeholder for when a pinset does not have a report URI. @@ -29,13 +31,7 @@ static const char kNoReportURI[] = ""; [[ACCEPTABLE_CERTS]] -struct Pinset { - const char* const* const accepted_pins; - const char* const* const rejected_pins; - const char* const report_uri; -}; - -static const struct Pinset kPinsets[] = [[PINSETS]]; +static const net::TransportSecurityStateSource::Pinset kPinsets[] = [[PINSETS]]; // kHSTSHuffmanTree describes a Huffman tree. The nodes of the tree are pairs // of uint8s. The last node in the array is the root of the tree. Each pair is @@ -49,4 +45,16 @@ static const uint8_t kPreloadedHSTSData[] = [[HSTS_TRIE]]; static const unsigned kPreloadedHSTSBits = [[HSTS_TRIE_BITS]]; static const unsigned kHSTSRootPosition = [[HSTS_TRIE_ROOT]]; +static const net::TransportSecurityStateSource kHSTSSource = { + kHSTSHuffmanTree, + sizeof(kHSTSHuffmanTree), + kPreloadedHSTSData, + kPreloadedHSTSBits, + kHSTSRootPosition, + kExpectCTReportURIs, + kExpectStapleReportURIs, + kPinsets, + arraysize(kPinsets) +}; + #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_STATIC_H_ diff --git a/chromium/net/tools/transport_security_state_generator/spki_hash.cc b/chromium/net/tools/transport_security_state_generator/spki_hash.cc index a6986fc975b..e7914c3227d 100644 --- a/chromium/net/tools/transport_security_state_generator/spki_hash.cc +++ b/chromium/net/tools/transport_security_state_generator/spki_hash.cc @@ -19,8 +19,8 @@ SPKIHash::SPKIHash() {} SPKIHash::~SPKIHash() {} -bool SPKIHash::FromString(const std::string& hash_string) { - std::string base64_string; +bool SPKIHash::FromString(base::StringPiece hash_string) { + base::StringPiece base64_string; if (!base::StartsWith(hash_string, "sha256/", base::CompareCase::INSENSITIVE_ASCII)) { diff --git a/chromium/net/tools/transport_security_state_generator/spki_hash.h b/chromium/net/tools/transport_security_state_generator/spki_hash.h index c65313cece1..20de8fecc8a 100644 --- a/chromium/net/tools/transport_security_state_generator/spki_hash.h +++ b/chromium/net/tools/transport_security_state_generator/spki_hash.h @@ -9,6 +9,8 @@ #include <string> #include <vector> +#include "base/strings/string_piece.h" + namespace net { namespace transport_security_state { @@ -24,7 +26,7 @@ class SPKIHash { // SPKI hashes are SHA256. Other algorithms are not supported. Returns true // on success and copies the decoded bytes to |data_|. Returns false on // failure. - bool FromString(const std::string& hash_string); + bool FromString(base::StringPiece hash_string); // Calculates the SHA256 digest over |*input| and copies the result to // |data_|. diff --git a/chromium/net/tools/transport_security_state_generator/spki_hash_unittest.cc b/chromium/net/tools/transport_security_state_generator/spki_hash_unittest.cc new file mode 100644 index 00000000000..5758d2a01a8 --- /dev/null +++ b/chromium/net/tools/transport_security_state_generator/spki_hash_unittest.cc @@ -0,0 +1,64 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/tools/transport_security_state_generator/spki_hash.h" +#include "base/strings/string_number_conversions.h" +#include "testing/gmock/include/gmock/gmock.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { + +namespace transport_security_state { + +namespace { + +TEST(SPKIHashTest, FromString) { + SPKIHash hash; + + // Valid SHA256. + EXPECT_TRUE( + hash.FromString("sha256/1111111111111111111111111111111111111111111=")); + std::vector<uint8_t> hash_vector(hash.data(), hash.data() + hash.size()); + EXPECT_THAT( + hash_vector, + testing::ElementsAreArray( + {0xD7, 0x5D, 0x75, 0xD7, 0x5D, 0x75, 0xD7, 0x5D, 0x75, 0xD7, 0x5D, + 0x75, 0xD7, 0x5D, 0x75, 0xD7, 0x5D, 0x75, 0xD7, 0x5D, 0x75, 0xD7, + 0x5D, 0x75, 0xD7, 0x5D, 0x75, 0xD7, 0x5D, 0x75, 0xD7, 0x5D})); + + SPKIHash hash2; + EXPECT_TRUE( + hash2.FromString("sha256/4osU79hfY3P2+WJGlT2mxmSL+5FIwLEVxTQcavyBNgQ=")); + std::vector<uint8_t> hash_vector2(hash2.data(), hash2.data() + hash2.size()); + EXPECT_THAT( + hash_vector2, + testing::ElementsAreArray( + {0xE2, 0x8B, 0x14, 0xEF, 0xD8, 0x5F, 0x63, 0x73, 0xF6, 0xF9, 0x62, + 0x46, 0x95, 0x3D, 0XA6, 0xC6, 0x64, 0x8B, 0xFB, 0x91, 0x48, 0xC0, + 0xB1, 0x15, 0xC5, 0x34, 0x1C, 0x6A, 0xFC, 0x81, 0x36, 0x04})); + + SPKIHash hash3; + + // Valid SHA1 should rejected. + EXPECT_FALSE(hash3.FromString("sha1/111111111111111111111111111=")); + EXPECT_FALSE(hash3.FromString("sha1/gzF+YoVCU9bXeDGQ7JGQVumRueM=")); + + // SHA1 disguised as SHA256. + EXPECT_FALSE(hash3.FromString("sha256/111111111111111111111111111=")); + + // SHA512 disguised as SHA256. + EXPECT_FALSE( + hash3.FromString("sha256/ns3smS51SK/4P7uSVhSlCIMNAxkD+r6C/ZZA/" + "07vac0uyMdRS4jKfqlvk3XxLFP1v5aMIxM5cdTM7FHNwxagQg==")); + + // Invalid BASE64. + EXPECT_FALSE(hash3.FromString("sha256/hsts-preload")); + EXPECT_FALSE(hash3.FromString("sha256/1. 2. 3. security!=")); +} + +} // namespace + +} // namespace transport_security_state + +} // namespace net diff --git a/chromium/net/tools/transport_security_state_generator/transport_security_state_generator.cc b/chromium/net/tools/transport_security_state_generator/transport_security_state_generator.cc index 4e93a49398e..4aec52d0449 100644 --- a/chromium/net/tools/transport_security_state_generator/transport_security_state_generator.cc +++ b/chromium/net/tools/transport_security_state_generator/transport_security_state_generator.cc @@ -11,31 +11,19 @@ #include "base/command_line.h" #include "base/files/file_util.h" -#include "base/json/json_reader.h" #include "base/logging.h" #include "base/path_service.h" -#include "base/strings/string_number_conversions.h" -#include "base/strings/string_piece.h" -#include "base/strings/string_split.h" -#include "base/strings/string_util.h" #include "base/strings/utf_string_conversions.h" -#include "base/values.h" #include "crypto/openssl_util.h" -#include "net/tools/transport_security_state_generator/cert_util.h" -#include "net/tools/transport_security_state_generator/pinset.h" +#include "net/tools/transport_security_state_generator/input_file_parsers.h" #include "net/tools/transport_security_state_generator/pinsets.h" #include "net/tools/transport_security_state_generator/preloaded_state_generator.h" -#include "net/tools/transport_security_state_generator/spki_hash.h" #include "net/tools/transport_security_state_generator/transport_security_state_entry.h" -#include "third_party/boringssl/src/include/openssl/x509v3.h" -using net::transport_security_state::TransportSecurityStateEntry; using net::transport_security_state::TransportSecurityStateEntries; -using net::transport_security_state::Pinset; using net::transport_security_state::Pinsets; using net::transport_security_state::PreloadedStateGenerator; using net::transport_security_state::DomainIDList; -using net::transport_security_state::SPKIHash; namespace { @@ -45,377 +33,6 @@ void PrintHelp() { << " <template-file> <output-file> [--v=1]" << std::endl; } -// Parses the |json| string and copies the items under the "entries" key to -// |entries|, the pinsets under the "pinsets" key to |pinsets|, and the domain -// IDs under the "domain_ids" key to |domain_ids|. -// -// More info on the format can be found in -// net/http/transport_security_state_static.json -bool ParseJSON(const std::string& json, - TransportSecurityStateEntries* entries, - Pinsets* pinsets, - DomainIDList* domain_ids) { - std::unique_ptr<base::Value> value = base::JSONReader::Read(json); - base::DictionaryValue* dict_value = nullptr; - if (!value.get() || !value->GetAsDictionary(&dict_value)) { - LOG(ERROR) << "Could not parse the input JSON file"; - return false; - } - - const base::ListValue* preload_entries = nullptr; - if (!dict_value->GetList("entries", &preload_entries)) { - LOG(ERROR) << "Could not parse the entries in the input JSON"; - return false; - } - - for (size_t i = 0; i < preload_entries->GetSize(); ++i) { - const base::DictionaryValue* parsed = nullptr; - if (!preload_entries->GetDictionary(i, &parsed)) { - LOG(ERROR) << "Could not parse entry " << base::SizeTToString(i) - << " in the input JSON"; - return false; - } - - std::unique_ptr<TransportSecurityStateEntry> entry( - new TransportSecurityStateEntry()); - - if (!parsed->GetString("name", &entry->hostname)) { - LOG(ERROR) << "Could not extract the hostname for entry " - << base::SizeTToString(i) << " from the input JSON"; - return false; - } - - parsed->GetBoolean("include_subdomains", &entry->include_subdomains); - std::string mode; - parsed->GetString("mode", &mode); - entry->force_https = (mode == "force-https"); - parsed->GetBoolean("include_subdomains_for_pinning", - &entry->hpkp_include_subdomains); - parsed->GetString("pins", &entry->pinset); - parsed->GetBoolean("expect_ct", &entry->expect_ct); - parsed->GetString("expect_ct_report_uri", &entry->expect_ct_report_uri); - parsed->GetBoolean("expect_staple", &entry->expect_staple); - parsed->GetBoolean("include_subdomains_for_expect_staple", - &entry->expect_staple_include_subdomains); - parsed->GetString("expect_staple_report_uri", - &entry->expect_staple_report_uri); - - entries->push_back(std::move(entry)); - } - - const base::ListValue* pinsets_list = nullptr; - if (!dict_value->GetList("pinsets", &pinsets_list)) { - LOG(ERROR) << "Could not parse the pinsets in the input JSON"; - return false; - } - - for (size_t i = 0; i < pinsets_list->GetSize(); ++i) { - const base::DictionaryValue* parsed = nullptr; - if (!pinsets_list->GetDictionary(i, &parsed)) { - LOG(ERROR) << "Could not parse pinset " << base::SizeTToString(i) - << " in the input JSON"; - return false; - } - - std::string name; - if (!parsed->GetString("name", &name)) { - LOG(ERROR) << "Could not extract the name for pinset " - << base::SizeTToString(i) << " from the input JSON"; - return false; - } - - std::string report_uri; - parsed->GetString("report_uri", &report_uri); - - std::unique_ptr<Pinset> pinset(new Pinset(name, report_uri)); - - const base::ListValue* pinset_static_hashes_list = nullptr; - if (parsed->GetList("static_spki_hashes", &pinset_static_hashes_list)) { - for (size_t i = 0; i < pinset_static_hashes_list->GetSize(); ++i) { - std::string hash; - pinset_static_hashes_list->GetString(i, &hash); - pinset->AddStaticSPKIHash(hash); - } - } - - const base::ListValue* pinset_bad_static_hashes_list = nullptr; - if (parsed->GetList("bad_static_spki_hashes", - &pinset_bad_static_hashes_list)) { - for (size_t i = 0; i < pinset_bad_static_hashes_list->GetSize(); ++i) { - std::string hash; - pinset_bad_static_hashes_list->GetString(i, &hash); - pinset->AddBadStaticSPKIHash(hash); - } - } - - pinsets->RegisterPinset(std::move(pinset)); - } - - // TODO(Martijnc): Remove the domain IDs from the preload format. - // https://crbug.com/661206. - const base::ListValue* domain_ids_list = nullptr; - if (!dict_value->GetList("domain_ids", &domain_ids_list)) { - LOG(ERROR) << "Could not parse the domain IDs in the input JSON"; - return false; - } - - for (size_t i = 0; i < domain_ids_list->GetSize(); ++i) { - std::string domain; - domain_ids_list->GetString(i, &domain); - domain_ids->push_back(domain); - } - - return true; -} - -bool IsImportantWordInCertificateName(base::StringPiece name) { - const char* const important_words[] = {"Universal", "Global", "EV", "G1", - "G2", "G3", "G4", "G5"}; - for (auto* important_word : important_words) { - if (name == important_word) { - return true; - } - } - return false; -} - -// Strips all characters not matched by the RegEx [A-Za-z0-9_] from |name| and -// returns the result. -std::string FilterName(base::StringPiece name) { - std::string filtered; - for (const char& character : name) { - if ((character >= '0' && character <= '9') || - (character >= 'a' && character <= 'z') || - (character >= 'A' && character <= 'Z') || character == '_') { - filtered += character; - } - } - return base::ToLowerASCII(filtered); -} - -// Returns true if |pin_name| is a reasonable match for the certificate name -// |name|. -bool MatchCertificateName(base::StringPiece name, base::StringPiece pin_name) { - std::vector<base::StringPiece> words = base::SplitStringPiece( - name, " ", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); - if (words.empty()) { - LOG(ERROR) << "No words in certificate name for pin " - << pin_name.as_string(); - return false; - } - base::StringPiece first_word = words[0]; - - if (first_word.ends_with(",")) { - first_word = first_word.substr(0, first_word.size() - 1); - } - - if (first_word.starts_with("*.")) { - first_word = first_word.substr(2, first_word.size() - 2); - } - - size_t pos = first_word.find('.'); - if (pos != std::string::npos) { - first_word = first_word.substr(0, first_word.size() - pos); - } - - pos = first_word.find('-'); - if (pos != std::string::npos) { - first_word = first_word.substr(0, first_word.size() - pos); - } - - if (first_word.empty()) { - LOG(ERROR) << "First word of certificate name (" << name.as_string() - << ") is empty"; - return false; - } - - std::string filtered_word = FilterName(first_word); - first_word = filtered_word; - if (!base::EqualsCaseInsensitiveASCII(pin_name.substr(0, first_word.size()), - first_word)) { - LOG(ERROR) << "The first word of the certificate name (" - << first_word.as_string() - << ") isn't a prefix of the variable name (" - << pin_name.as_string() << ")"; - return false; - } - - for (size_t i = 0; i < words.size(); ++i) { - const base::StringPiece& word = words[i]; - if (word == "Class" && (i + 1) < words.size()) { - std::string class_name = word.as_string(); - words[i + 1].AppendToString(&class_name); - - size_t pos = pin_name.find(class_name); - if (pos == std::string::npos) { - LOG(ERROR) - << "Certficate class specification doesn't appear in the variable " - "name (" - << pin_name.as_string() << ")"; - return false; - } - } else if (word.size() == 1 && word[0] >= '0' && word[0] <= '9') { - size_t pos = pin_name.find(word); - if (pos == std::string::npos) { - LOG(ERROR) << "Number doesn't appear in the certificate variable name (" - << pin_name.as_string() << ")"; - return false; - } - } else if (IsImportantWordInCertificateName(word)) { - size_t pos = pin_name.find(word); - if (pos == std::string::npos) { - LOG(ERROR) << word.as_string() + - " doesn't appear in the certificate variable name (" - << pin_name.as_string() << ")"; - return false; - } - } - } - - return true; -} - -// Returns true iff |candidate| is not empty, the first character is in the -// range A-Z, and the remaining characters are in the ranges a-Z, 0-9, or '_'. -bool IsValidName(const std::string& candidate) { - if (candidate.empty() || candidate[0] < 'A' || candidate[0] > 'Z') { - return false; - } - - bool isValid = true; - for (const char& character : candidate) { - isValid = (character >= '0' && character <= '9') || - (character >= 'a' && character <= 'z') || - (character >= 'A' && character <= 'Z') || character == '_'; - if (!isValid) { - return false; - } - } - return true; -} - -static const char kStartOfCert[] = "-----BEGIN CERTIFICATE"; -static const char kStartOfPublicKey[] = "-----BEGIN PUBLIC KEY"; -static const char kEndOfCert[] = "-----END CERTIFICATE"; -static const char kEndOfPublicKey[] = "-----END PUBLIC KEY"; -static const char kStartOfSHA256[] = "sha256/"; - -enum class CertificateParserState { - PRE_NAME, - POST_NAME, - IN_CERTIFICATE, - IN_PUBLIC_KEY -}; - -// Extracts SPKI information from the preloaded pins file. The SPKI's can be -// in the form of a PEM certificate, a PEM public key, or a BASE64 string. -// -// More info on the format can be found in -// net/http/transport_security_state_static.pins -bool ParseCertificatesFile(const std::string& certs_input, Pinsets* pinsets) { - std::istringstream input_stream(certs_input); - std::string line; - CertificateParserState current_state = CertificateParserState::PRE_NAME; - - const base::CompareCase& compare_mode = base::CompareCase::INSENSITIVE_ASCII; - std::string name; - std::string buffer; - std::string subject_name; - bssl::UniquePtr<X509> certificate; - SPKIHash hash; - - for (std::string line; std::getline(input_stream, line);) { - if (line[0] == '#') { - continue; - } - - if (line.empty() && current_state == CertificateParserState::PRE_NAME) { - continue; - } - - switch (current_state) { - case CertificateParserState::PRE_NAME: - if (!IsValidName(line)) { - LOG(ERROR) << "Invalid name in pins file: " << line; - return false; - } - name = line; - current_state = CertificateParserState::POST_NAME; - break; - case CertificateParserState::POST_NAME: - if (base::StartsWith(line, kStartOfSHA256, compare_mode)) { - if (!hash.FromString(line)) { - LOG(ERROR) << "Invalid hash value in pins file for " << name; - return false; - } - - pinsets->RegisterSPKIHash(name, hash); - current_state = CertificateParserState::PRE_NAME; - } else if (base::StartsWith(line, kStartOfCert, compare_mode)) { - buffer = line + '\n'; - current_state = CertificateParserState::IN_CERTIFICATE; - } else if (base::StartsWith(line, kStartOfPublicKey, compare_mode)) { - buffer = line + '\n'; - current_state = CertificateParserState::IN_PUBLIC_KEY; - } else { - LOG(ERROR) << "Invalid value in pins file for " << name; - return false; - } - break; - case CertificateParserState::IN_CERTIFICATE: - buffer += line + '\n'; - if (!base::StartsWith(line, kEndOfCert, compare_mode)) { - continue; - } - - certificate = GetX509CertificateFromPEM(buffer); - if (!certificate) { - LOG(ERROR) << "Could not parse certificate " << name; - return false; - } - - if (!CalculateSPKIHashFromCertificate(certificate.get(), &hash)) { - LOG(ERROR) << "Could not extract SPKI from certificate " << name; - return false; - } - - if (!ExtractSubjectNameFromCertificate(certificate.get(), - &subject_name)) { - LOG(ERROR) << "Could not extract name from certificate " << name; - return false; - } - - if (!MatchCertificateName(subject_name, name)) { - LOG(ERROR) << name << " is not a reasonable name for " - << subject_name; - return false; - } - - pinsets->RegisterSPKIHash(name, hash); - current_state = CertificateParserState::PRE_NAME; - break; - case CertificateParserState::IN_PUBLIC_KEY: - buffer += line + '\n'; - if (!base::StartsWith(line, kEndOfPublicKey, compare_mode)) { - continue; - } - - if (!CalculateSPKIHashFromKey(buffer, &hash)) { - LOG(ERROR) << "Could not parse the public key for " << name; - return false; - } - - pinsets->RegisterSPKIHash(name, hash); - current_state = CertificateParserState::PRE_NAME; - break; - default: - DCHECK(false) << "Unknown parser state"; - } - } - - return true; -} - // Checks if there are pins with the same name or the same hash. bool CheckForDuplicatePins(const Pinsets& pinsets) { std::set<std::string> seen_names; diff --git a/chromium/net/tools/transport_security_state_generator/trie/trie_bit_buffer_unittest.cc b/chromium/net/tools/transport_security_state_generator/trie/trie_bit_buffer_unittest.cc new file mode 100644 index 00000000000..21f373cd948 --- /dev/null +++ b/chromium/net/tools/transport_security_state_generator/trie/trie_bit_buffer_unittest.cc @@ -0,0 +1,226 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/tools/transport_security_state_generator/trie/trie_bit_buffer.h" +#include "net/tools/transport_security_state_generator/bit_writer.h" +#include "net/tools/transport_security_state_generator/huffman/huffman_builder.h" +#include "testing/gmock/include/gmock/gmock.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { + +namespace transport_security_state { + +namespace { + +// Test writing single bits to the buffer. +TEST(TrieBitBufferTest, WriteBit) { + TrieBitBuffer buffer; + + buffer.WriteBit(0); + buffer.WriteBit(1); + buffer.WriteBit(0); + buffer.WriteBit(1); + buffer.WriteBit(0); + buffer.WriteBit(1); + buffer.WriteBit(0); + buffer.WriteBit(1); + + BitWriter writer; + buffer.WriteToBitWriter(&writer); + + writer.Flush(); + + // 0 + 1 + 0 + 1 + 0 + 1 + 0 + 1 = 0x55 + EXPECT_THAT(writer.bytes(), testing::ElementsAre(0x55, 0x0)); + EXPECT_EQ(16U, writer.position()); + + buffer.WriteBit(0); + buffer.WriteBit(1); + buffer.WriteBit(0); + + BitWriter writer2; + buffer.WriteToBitWriter(&writer2); + EXPECT_EQ(11U, writer2.position()); + + writer2.Flush(); + + // 0 + 1 + 0 + 1 + 0 + 1 + 0 + 1 + 0 + 1 + 0 + 00000 (padding) = 0x5540. + EXPECT_THAT(writer2.bytes(), testing::ElementsAre(0x55, 0x40)); +} + +// Test writing multiple bits at once. Specifically, that the correct bits are +// written and byte boundaries are respected. +TEST(TrieBitBufferTest, WriteBits) { + TrieBitBuffer buffer; + + // 0xAA is 10101010 in binary. WritBits will write the n least significant + // bits where n is given as the second parameter. + buffer.WriteBits(0xAA, 1); + buffer.WriteBits(0xAA, 2); + buffer.WriteBits(0xAA, 3); + + BitWriter writer; + buffer.WriteToBitWriter(&writer); + EXPECT_EQ(6U, writer.position()); + + writer.Flush(); + + // 0 + 10 + 010 + 00 (padding) = 0x48 + EXPECT_THAT(writer.bytes(), testing::ElementsAre(0x48)); + + buffer.WriteBits(0xAA, 2); + buffer.WriteBits(0xAA, 2); + + BitWriter writer2; + buffer.WriteToBitWriter(&writer2); + EXPECT_EQ(10U, writer2.position()); + + writer2.Flush(); + + // 0 + 10 + 010 + 10 + 10 + 000000 (padding) = 0x4A80. + EXPECT_THAT(writer2.bytes(), testing::ElementsAre(0x4A, 0x80)); + + buffer.WriteBits(0xAA, 2); + + BitWriter writer3; + buffer.WriteToBitWriter(&writer3); + EXPECT_EQ(12U, writer3.position()); + + writer3.Flush(); + + // 0 + 10 + 010 + 10 + 10 + 10 + 0000 (padding) = 0x4AA0. + EXPECT_THAT(writer3.bytes(), testing::ElementsAre(0x4A, 0xA0)); +} + +// Test writing position (delta's). +TEST(TrieBitBufferTest, WritePosition) { + TrieBitBuffer buffer; + BitWriter writer; + + buffer.WriteBit(1); + // 0xAA is 10101010 in binary. WritBits will write the n least significant + // bits where n is given as the second parameter. + buffer.WriteBits(0xAA, 6); + + buffer.WriteToBitWriter(&writer); + + TrieBitBuffer buffer2; + int32_t last_position = -1; + buffer2.WritePosition(4, &last_position); + EXPECT_EQ(4, last_position); + + buffer2.WriteBits(0xAA, 8); + buffer2.WritePosition(8, &last_position); + EXPECT_EQ(8, last_position); + + buffer2.WriteToBitWriter(&writer); + writer.Flush(); + + EXPECT_EQ(4U, writer.bytes().size()); + + // The buffer should contain, in order: + // - the bit 1 + // - the last 6 bits of '0xAA' + // - five bits representing '2'; the bit length of the following field + // - 2 bits representing '3' (the delta 7 - 4) + // - 8 bits representing 0xAA + // - A zero indicating the following 7 bits represent a delta + // - 7 bits representing 4 (the delta 8 - 4) + // - padding + // + // 1 + 101010 + 00010 + 11 + 10101010 + 0 + 0000100 + 00 (padding) + EXPECT_THAT(writer.bytes(), testing::ElementsAre(0xD4, 0x2E, 0xA8, 0x10)); +} + +// Test writing characters to the buffer using Huffman. +TEST(TrieBitBufferTest, WriteChar) { + TrieBitBuffer buffer; + HuffmanBuilder huffman_builder; + HuffmanRepresentationTable table; + + table['a'] = HuffmanRepresentation(); + table['a'].bits = 0x0A; + table['a'].number_of_bits = 4; + + table['b'] = HuffmanRepresentation(); + table['b'].bits = 0x0F; + table['b'].number_of_bits = 4; + + buffer.WriteChar('a', table, &huffman_builder); + + HuffmanRepresentationTable encoding = huffman_builder.ToTable(); + + // 'a' should have a Huffman encoding. + EXPECT_NE(encoding.cend(), encoding.find('a')); + + buffer.WriteChar('a', table, &huffman_builder); + buffer.WriteChar('b', table, &huffman_builder); + + encoding = huffman_builder.ToTable(); + + // Both 'a' and 'b' should have a Huffman encoding. + EXPECT_NE(encoding.cend(), encoding.find('a')); + EXPECT_NE(encoding.cend(), encoding.find('b')); + + BitWriter writer; + buffer.WriteToBitWriter(&writer); + writer.Flush(); + + // There should be 3 characters in the writer. 'a' twice followed by 'b' once. + // The characters are written as the representation in |table|. + EXPECT_EQ(2U, writer.bytes().size()); + + // Twice 'a', once 'b' and padding + EXPECT_THAT(writer.bytes(), testing::ElementsAre(0xAA, 0xF0)); +} + +// Test writing a mix of items. Specifically, that the correct values are +// written in the correct order and byte boundaries are respected. +TEST(TrieBitBufferTest, WriteMix) { + TrieBitBuffer buffer; + + HuffmanRepresentationTable table; + table['a'] = HuffmanRepresentation(); + table['a'].bits = 0x0A; + table['a'].number_of_bits = 4; + + // 0xAA is 10101010 in binary. WritBits will write the n least significant + // bits where n is given as the second parameter. + buffer.WriteBits(0xAA, 1); + buffer.WriteBit(1); + + buffer.WriteChar('a', table, nullptr); + + buffer.WriteBits(0xAA, 2); + buffer.WriteBits(0xAA, 3); + + BitWriter writer; + buffer.WriteToBitWriter(&writer); + + // 1 + 1 + 4 + 2 + 3 = 11. + EXPECT_EQ(writer.position(), 11U); + + TrieBitBuffer buffer2; + buffer2.WriteBit(1); + buffer2.WriteBits(0xAA, 2); + buffer2.WriteBit(0); + + buffer2.WriteToBitWriter(&writer); + EXPECT_EQ(writer.position(), 15U); + EXPECT_EQ(writer.bytes().size(), 1U); + + writer.Flush(); + + EXPECT_EQ(writer.bytes().size(), 2U); + + // 0 + 1 + 1010 + 10 + 010 + 1 + 10 + 0 + 0 (padding) = 0x6A58. + EXPECT_THAT(writer.bytes(), testing::ElementsAre(0x6A, 0x58)); +} + +} // namespace + +} // namespace transport_security_state + +} // namespace net diff --git a/chromium/net/traffic_annotation/network_traffic_annotation.h b/chromium/net/traffic_annotation/network_traffic_annotation.h index e56e41eda56..989f4f34830 100644 --- a/chromium/net/traffic_annotation/network_traffic_annotation.h +++ b/chromium/net/traffic_annotation/network_traffic_annotation.h @@ -8,7 +8,7 @@ namespace net { // Defined type for network traffic annotation tags. -using NetworkTrafficAnnotationTag = const char*; +using NetworkTrafficAnnotationTag = const char* const; // Function to convert a network traffic annotation's unique id and protobuf // text into a NetworkTrafficAnnotationTag. @@ -20,7 +20,7 @@ using NetworkTrafficAnnotationTag = const char*; // |unique_id| should be a string that uniquely identifies this annotation // across all of Chromium source code. // |proto| is a text-encoded NetworkTrafficAnnotation protobuf (see -// tools/traffic_annotaiton/traffic_annotation.proto) +// tools/traffic_annotation/traffic_annotation.proto) // // An empty and a sample template for the text-encoded protobuf can be found in // //tools/traffic_annotation/sample_traffic_annotation.cc. diff --git a/chromium/net/url_request/sdch_dictionary_fetcher.cc b/chromium/net/url_request/sdch_dictionary_fetcher.cc index 9d557f185ba..e51d9581a05 100644 --- a/chromium/net/url_request/sdch_dictionary_fetcher.cc +++ b/chromium/net/url_request/sdch_dictionary_fetcher.cc @@ -167,12 +167,10 @@ void SdchDictionaryFetcher::OnResponseStarted(URLRequest* request, // HTTP, it is presumed to be fresh. HttpResponseHeaders* response_headers = request->response_headers(); if (net_error == OK && response_headers) { - ValidationType validation_type = response_headers->RequiresValidation( + bool requires_validation = response_headers->RequiresValidation( request->response_info().request_time, request->response_info().response_time, base::Time::Now()); - // TODO(rdsmith): Maybe handle VALIDATION_ASYNCHRONOUS by queueing - // a non-reload request for the dictionary. - if (validation_type != VALIDATION_NONE) + if (requires_validation) net_error = ERR_FAILED; } diff --git a/chromium/net/url_request/test_url_fetcher_factory.cc b/chromium/net/url_request/test_url_fetcher_factory.cc index 424ff93e013..e714a200d76 100644 --- a/chromium/net/url_request/test_url_fetcher_factory.cc +++ b/chromium/net/url_request/test_url_fetcher_factory.cc @@ -13,9 +13,9 @@ #include "base/location.h" #include "base/logging.h" #include "base/memory/weak_ptr.h" -#include "base/single_thread_task_runner.h" +#include "base/sequenced_task_runner.h" +#include "base/threading/sequenced_task_runner_handle.h" #include "base/threading/thread_restrictions.h" -#include "base/threading/thread_task_runner_handle.h" #include "net/base/host_port_pair.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" @@ -389,7 +389,7 @@ FakeURLFetcher::~FakeURLFetcher() {} void FakeURLFetcher::Start() { TestURLFetcher::Start(); - base::ThreadTaskRunnerHandle::Get()->PostTask( + base::SequencedTaskRunnerHandle::Get()->PostTask( FROM_HERE, base::Bind(&FakeURLFetcher::RunDelegate, weak_factory_.GetWeakPtr())); } diff --git a/chromium/net/url_request/url_fetcher_core.cc b/chromium/net/url_request/url_fetcher_core.cc index 146edf7299e..98edef63c8e 100644 --- a/chromium/net/url_request/url_fetcher_core.cc +++ b/chromium/net/url_request/url_fetcher_core.cc @@ -68,7 +68,7 @@ void URLFetcherCore::Registry::CancelAll() { // URLFetcherCore ------------------------------------------------------------- // static -base::LazyInstance<URLFetcherCore::Registry> +base::LazyInstance<URLFetcherCore::Registry>::DestructorAtExit URLFetcherCore::g_registry = LAZY_INSTANCE_INITIALIZER; URLFetcherCore::URLFetcherCore(URLFetcher* fetcher, diff --git a/chromium/net/url_request/url_fetcher_core.h b/chromium/net/url_request/url_fetcher_core.h index 570c0f8e414..db0e8a11ff1 100644 --- a/chromium/net/url_request/url_fetcher_core.h +++ b/chromium/net/url_request/url_fetcher_core.h @@ -346,7 +346,7 @@ class URLFetcherCore : public base::RefCountedThreadSafe<URLFetcherCore>, // Total expected bytes to receive (-1 if it cannot be determined). int64_t total_response_bytes_; - static base::LazyInstance<Registry> g_registry; + static base::LazyInstance<Registry>::DestructorAtExit g_registry; DISALLOW_COPY_AND_ASSIGN(URLFetcherCore); }; diff --git a/chromium/net/url_request/url_request_context.cc b/chromium/net/url_request/url_request_context.cc index a7b02337c3d..0ec1db63efc 100644 --- a/chromium/net/url_request/url_request_context.cc +++ b/chromium/net/url_request/url_request_context.cc @@ -47,9 +47,11 @@ URLRequestContext::URLRequestContext() backoff_manager_(nullptr), sdch_manager_(nullptr), network_quality_estimator_(nullptr), + reporting_service_(nullptr), url_requests_(new std::set<const URLRequest*>), enable_brotli_(false), - check_cleartext_permitted_(false) { + check_cleartext_permitted_(false), + name_(nullptr) { base::trace_event::MemoryDumpManager::GetInstance()->RegisterDumpProvider( this, "URLRequestContext", base::ThreadTaskRunnerHandle::Get()); } @@ -82,6 +84,7 @@ void URLRequestContext::CopyFrom(const URLRequestContext* other) { set_sdch_manager(other->sdch_manager_); set_http_user_agent_settings(other->http_user_agent_settings_); set_network_quality_estimator(other->network_quality_estimator_); + set_reporting_service(other->reporting_service_); set_enable_brotli(other->enable_brotli_); set_check_cleartext_permitted(other->check_cleartext_permitted_); } @@ -139,23 +142,19 @@ void URLRequestContext::AssertNoURLRequests() const { bool URLRequestContext::OnMemoryDump( const base::trace_event::MemoryDumpArgs& args, base::trace_event::ProcessMemoryDump* pmd) { - if (name_.empty()) + if (!name_) name_ = "unknown"; SSLClientSocketImpl::DumpSSLClientSessionMemoryStats(pmd); - std::string dump_name = base::StringPrintf( - "net/url_request_context_0x%" PRIxPTR, reinterpret_cast<uintptr_t>(this)); + std::string dump_name = + base::StringPrintf("net/url_request_context/%s/0x%" PRIxPTR, name_, + reinterpret_cast<uintptr_t>(this)); base::trace_event::MemoryAllocatorDump* dump = pmd->CreateAllocatorDump(dump_name); dump->AddScalar(base::trace_event::MemoryAllocatorDump::kNameObjectCount, base::trace_event::MemoryAllocatorDump::kUnitsObjects, url_requests_->size()); - if (args.level_of_detail != - base::trace_event::MemoryDumpLevelOfDetail::BACKGROUND) { - dump->AddString("origin", - base::trace_event::MemoryAllocatorDump::kTypeString, name_); - } HttpTransactionFactory* transaction_factory = http_transaction_factory(); if (transaction_factory) { HttpNetworkSession* network_session = transaction_factory->GetSession(); diff --git a/chromium/net/url_request/url_request_context.h b/chromium/net/url_request/url_request_context.h index 9551e4268ca..d34c2fdb3bb 100644 --- a/chromium/net/url_request/url_request_context.h +++ b/chromium/net/url_request/url_request_context.h @@ -45,6 +45,7 @@ class HttpUserAgentSettings; class NetLog; class NetworkDelegate; class NetworkQualityEstimator; +class ReportingService; class SdchManager; class ProxyService; class URLRequest; @@ -249,6 +250,11 @@ class NET_EXPORT URLRequestContext network_quality_estimator_ = network_quality_estimator; } + ReportingService* reporting_service() const { return reporting_service_; } + void set_reporting_service(ReportingService* reporting_service) { + reporting_service_ = reporting_service; + } + void set_enable_brotli(bool enable_brotli) { enable_brotli_ = enable_brotli; } bool enable_brotli() const { return enable_brotli_; } @@ -265,7 +271,7 @@ class NET_EXPORT URLRequestContext // Sets a name for this URLRequestContext. Currently the name is used in // MemoryDumpProvier to annotate memory usage. The name does not need to be // unique. - void set_name(const std::string& name) { name_ = name; } + void set_name(const char* name) { name_ = name; } // MemoryDumpProvider implementation: bool OnMemoryDump(const base::trace_event::MemoryDumpArgs& args, @@ -299,6 +305,7 @@ class NET_EXPORT URLRequestContext URLRequestBackoffManager* backoff_manager_; SdchManager* sdch_manager_; NetworkQualityEstimator* network_quality_estimator_; + ReportingService* reporting_service_; // --------------------------------------------------------------------------- // Important: When adding any new members below, consider whether they need to @@ -316,7 +323,7 @@ class NET_EXPORT URLRequestContext // An optional name which can be set to describe this URLRequestContext. // Used in MemoryDumpProvier to annotate memory usage. The name does not need // to be unique. - std::string name_; + const char* name_; DISALLOW_COPY_AND_ASSIGN(URLRequestContext); }; diff --git a/chromium/net/url_request/url_request_context_storage.cc b/chromium/net/url_request/url_request_context_storage.cc index e010643abc7..19ebbf62fe8 100644 --- a/chromium/net/url_request/url_request_context_storage.cc +++ b/chromium/net/url_request/url_request_context_storage.cc @@ -20,6 +20,7 @@ #include "net/http/http_transaction_factory.h" #include "net/log/net_log.h" #include "net/proxy/proxy_service.h" +#include "net/reporting/reporting_service.h" #include "net/ssl/channel_id_service.h" #include "net/url_request/http_user_agent_settings.h" #include "net/url_request/url_request_context.h" @@ -152,4 +153,10 @@ void URLRequestContextStorage::set_sdch_manager( sdch_manager_ = std::move(sdch_manager); } +void URLRequestContextStorage::set_reporting_service( + std::unique_ptr<ReportingService> reporting_service) { + context_->set_reporting_service(reporting_service.get()); + reporting_service_ = std::move(reporting_service); +} + } // namespace net diff --git a/chromium/net/url_request/url_request_context_storage.h b/chromium/net/url_request/url_request_context_storage.h index 0e4a8a51ea1..c47f855838c 100644 --- a/chromium/net/url_request/url_request_context_storage.h +++ b/chromium/net/url_request/url_request_context_storage.h @@ -28,6 +28,7 @@ class NetLog; class NetworkDelegate; class ProxyDelegate; class ProxyService; +class ReportingService; class SdchManager; class SSLConfigService; class TransportSecurityState; @@ -78,6 +79,8 @@ class NET_EXPORT URLRequestContextStorage { void set_http_user_agent_settings( std::unique_ptr<HttpUserAgentSettings> http_user_agent_settings); void set_sdch_manager(std::unique_ptr<SdchManager> sdch_manager); + void set_reporting_service( + std::unique_ptr<ReportingService> reporting_service); // Everything else can be access through the URLRequestContext, but this // cannot. Having an accessor for it makes usage a little cleaner. @@ -116,6 +119,7 @@ class NET_EXPORT URLRequestContextStorage { std::unique_ptr<URLRequestJobFactory> job_factory_; std::unique_ptr<URLRequestThrottlerManager> throttler_manager_; std::unique_ptr<SdchManager> sdch_manager_; + std::unique_ptr<ReportingService> reporting_service_; DISALLOW_COPY_AND_ASSIGN(URLRequestContextStorage); }; diff --git a/chromium/net/url_request/url_request_data_job.cc b/chromium/net/url_request/url_request_data_job.cc index b4c7a67d62f..56d243f1355 100644 --- a/chromium/net/url_request/url_request_data_job.cc +++ b/chromium/net/url_request/url_request_data_job.cc @@ -23,10 +23,9 @@ int URLRequestDataJob::BuildResponse(const GURL& url, // |mime_type| set by DataURL::Parse() is guaranteed to be in // token "/" token - // form. |charset| is also guaranteed to be a token. + // form. |charset| can be an empty string. DCHECK(!mime_type->empty()); - DCHECK(!charset->empty()); if (headers) { headers->ReplaceStatusLine("HTTP/1.1 200 OK"); @@ -34,8 +33,9 @@ int URLRequestDataJob::BuildResponse(const GURL& url, // the "token" ABNF in the HTTP spec. When DataURL::Parse() call is // successful, it's guaranteed that the string in |charset| follows the // "token" ABNF. - std::string content_type_header = - "Content-Type: " + *mime_type + ";charset=" + *charset; + std::string content_type_header = "Content-Type: " + *mime_type; + if (!charset->empty()) + content_type_header.append(";charset=" + *charset); headers->AddHeader(content_type_header); headers->AddHeader("Access-Control-Allow-Origin: *"); } diff --git a/chromium/net/url_request/url_request_file_dir_job_unittest.cc b/chromium/net/url_request/url_request_file_dir_job_unittest.cc index 3aa4eb550b2..e4f154ae7bc 100644 --- a/chromium/net/url_request/url_request_file_dir_job_unittest.cc +++ b/chromium/net/url_request/url_request_file_dir_job_unittest.cc @@ -64,10 +64,6 @@ class TestJobFactory : public URLRequestJobFactory { return scheme == "file"; } - bool IsHandledURL(const GURL& url) const override { - return IsHandledProtocol(url.scheme()); - } - bool IsSafeRedirectTarget(const GURL& location) const override { return false; } diff --git a/chromium/net/url_request/url_request_file_job_unittest.cc b/chromium/net/url_request/url_request_file_job_unittest.cc index 2e5aafffbc2..5aa8464203d 100644 --- a/chromium/net/url_request/url_request_file_job_unittest.cc +++ b/chromium/net/url_request/url_request_file_job_unittest.cc @@ -37,6 +37,7 @@ class TestURLRequestFileJob : public URLRequestFileJob { const scoped_refptr<base::TaskRunner>& file_task_runner, int* open_result, int64_t* seek_position, + bool* done_reading, std::string* observed_content) : URLRequestFileJob(request, network_delegate, @@ -44,9 +45,11 @@ class TestURLRequestFileJob : public URLRequestFileJob { file_task_runner), open_result_(open_result), seek_position_(seek_position), + done_reading_(done_reading), observed_content_(observed_content) { *open_result_ = ERR_IO_PENDING; *seek_position_ = ERR_IO_PENDING; + *done_reading_ = false; observed_content_->clear(); } @@ -73,8 +76,11 @@ class TestURLRequestFileJob : public URLRequestFileJob { observed_content_->append(std::string(buf->data(), result)); } + void DoneReading() override { *done_reading_ = true; } + int* const open_result_; int64_t* const seek_position_; + bool* done_reading_; std::string* const observed_content_; }; @@ -85,13 +91,16 @@ class TestJobFactory : public URLRequestJobFactory { TestJobFactory(const base::FilePath& path, int* open_result, int64_t* seek_position, + bool* done_reading, std::string* observed_content) : path_(path), open_result_(open_result), seek_position_(seek_position), + done_reading_(done_reading), observed_content_(observed_content) { CHECK(open_result_); CHECK(seek_position_); + CHECK(done_reading_); CHECK(observed_content_); } @@ -103,12 +112,14 @@ class TestJobFactory : public URLRequestJobFactory { NetworkDelegate* network_delegate) const override { CHECK(open_result_); CHECK(seek_position_); + CHECK(done_reading_); CHECK(observed_content_); URLRequestJob* job = new TestURLRequestFileJob( request, network_delegate, path_, base::ThreadTaskRunnerHandle::Get(), - open_result_, seek_position_, observed_content_); + open_result_, seek_position_, done_reading_, observed_content_); open_result_ = nullptr; seek_position_ = nullptr; + done_reading_ = nullptr; observed_content_ = nullptr; return job; } @@ -129,10 +140,6 @@ class TestJobFactory : public URLRequestJobFactory { return scheme == "file"; } - bool IsHandledURL(const GURL& url) const override { - return IsHandledProtocol(url.scheme()); - } - bool IsSafeRedirectTarget(const GURL& location) const override { return false; } @@ -143,6 +150,7 @@ class TestJobFactory : public URLRequestJobFactory { // These are mutable because MaybeCreateJobWithProtocolHandler is const. mutable int* open_result_; mutable int64_t* seek_position_; + mutable bool* done_reading_; mutable std::string* observed_content_; }; @@ -150,7 +158,7 @@ class TestJobFactory : public URLRequestJobFactory { // Returns true on success. bool CreateFileWithContent(const std::string& content, const base::FilePath& path) { - return base::WriteFile(path, content.c_str(), content.length()); + return base::WriteFile(path, content.c_str(), content.length()) != -1; } // A simple holder for start/end used in http range requests. @@ -203,6 +211,7 @@ class URLRequestFileJobEventsTest : public testing::Test { const std::string& range, int* open_result, int64_t* seek_position, + bool* done_reading, std::string* observed_content); TestURLRequestContext context_; @@ -247,9 +256,10 @@ void URLRequestFileJobEventsTest::RunSuccessfulRequestWithString( { int open_result; int64_t seek_position; + bool done_reading; std::string observed_content; RunRequestWithPath(path, range_value, &open_result, &seek_position, - &observed_content); + &done_reading, &observed_content); EXPECT_EQ(OK, open_result); EXPECT_FALSE(delegate_.request_failed()); @@ -269,6 +279,7 @@ void URLRequestFileJobEventsTest::RunSuccessfulRequestWithString( EXPECT_EQ(expected_data_received, delegate_.data_received()); EXPECT_EQ(seek_position, range ? range->start : 0); + EXPECT_TRUE(done_reading); } } @@ -277,8 +288,10 @@ void URLRequestFileJobEventsTest::RunRequestWithPath( const std::string& range, int* open_result, int64_t* seek_position, + bool* done_reading, std::string* observed_content) { - TestJobFactory factory(path, open_result, seek_position, observed_content); + TestJobFactory factory(path, open_result, seek_position, done_reading, + observed_content); context_.set_job_factory(&factory); std::unique_ptr<URLRequest> request(context_.CreateRequest( @@ -304,6 +317,10 @@ std::string MakeContentOfSize(int size) { return result; } +TEST_F(URLRequestFileJobEventsTest, ZeroByteFile) { + RunSuccessfulRequestWithString(std::string(""), nullptr); +} + TEST_F(URLRequestFileJobEventsTest, TinyFile) { RunSuccessfulRequestWithString(std::string("hello world"), NULL); } @@ -345,11 +362,13 @@ TEST_F(URLRequestFileJobEventsTest, OpenNonExistentFile) { int open_result; int64_t seek_position; + bool done_reading; std::string observed_content; RunRequestWithPath(path, std::string(), &open_result, &seek_position, - &observed_content); + &done_reading, &observed_content); EXPECT_EQ(ERR_FILE_NOT_FOUND, open_result); + EXPECT_FALSE(done_reading); EXPECT_TRUE(delegate_.request_failed()); } @@ -361,12 +380,14 @@ TEST_F(URLRequestFileJobEventsTest, MultiRangeRequestNotSupported) { int open_result; int64_t seek_position; + bool done_reading; std::string observed_content; RunRequestWithPath(path, "bytes=1-5,20-30", &open_result, &seek_position, - &observed_content); + &done_reading, &observed_content); EXPECT_EQ(OK, open_result); EXPECT_EQ(ERR_REQUEST_RANGE_NOT_SATISFIABLE, seek_position); + EXPECT_FALSE(done_reading); EXPECT_TRUE(delegate_.request_failed()); } @@ -378,12 +399,14 @@ TEST_F(URLRequestFileJobEventsTest, RangeExceedingFileSize) { int open_result; int64_t seek_position; + bool done_reading; std::string observed_content; RunRequestWithPath(path, "bytes=50000-", &open_result, &seek_position, - &observed_content); + &done_reading, &observed_content); EXPECT_EQ(OK, open_result); EXPECT_EQ(ERR_REQUEST_RANGE_NOT_SATISFIABLE, seek_position); + EXPECT_FALSE(done_reading); EXPECT_TRUE(delegate_.request_failed()); } @@ -395,13 +418,15 @@ TEST_F(URLRequestFileJobEventsTest, IgnoreRangeParsingError) { int open_result; int64_t seek_position; + bool done_reading; std::string observed_content; RunRequestWithPath(path, "bytes=3-z", &open_result, &seek_position, - &observed_content); + &done_reading, &observed_content); EXPECT_EQ(OK, open_result); EXPECT_EQ(0, seek_position); EXPECT_EQ("hello\n", observed_content); + EXPECT_TRUE(done_reading); EXPECT_FALSE(delegate_.request_failed()); } diff --git a/chromium/net/url_request/url_request_http_job.cc b/chromium/net/url_request/url_request_http_job.cc index b3053b24325..a54e0efa8cc 100644 --- a/chromium/net/url_request/url_request_http_job.cc +++ b/chromium/net/url_request/url_request_http_job.cc @@ -55,6 +55,7 @@ #include "net/proxy/proxy_info.h" #include "net/proxy/proxy_retry_info.h" #include "net/proxy/proxy_service.h" +#include "net/reporting/reporting_service.h" #include "net/ssl/channel_id_service.h" #include "net/ssl/ssl_cert_request_info.h" #include "net/ssl/ssl_config_service.h" @@ -76,12 +77,6 @@ static const char kAvailDictionaryHeader[] = "Avail-Dictionary"; namespace { -const char kDeflate[] = "deflate"; -const char kGZip[] = "gzip"; -const char kSdch[] = "sdch"; -const char kXGZip[] = "x-gzip"; -const char kBrotli[] = "br"; - // True if the request method is "safe" (per section 4.2.1 of RFC 7231). bool IsMethodSafe(const std::string& method) { return method == "GET" || method == "HEAD" || method == "OPTIONS" || @@ -368,6 +363,7 @@ void URLRequestHttpJob::NotifyHeadersComplete() { ProcessStrictTransportSecurityHeader(); ProcessPublicKeyPinsHeader(); ProcessExpectCTHeader(); + ProcessReportToHeader(); // Handle the server notification of a new SDCH dictionary. SdchManager* sdch_manager(request()->context()->sdch_manager()); @@ -857,6 +853,28 @@ void URLRequestHttpJob::ProcessExpectCTHeader() { } } +void URLRequestHttpJob::ProcessReportToHeader() { + DCHECK(response_info_); + + ReportingService* service = request_->context()->reporting_service(); + if (!service) + return; + + // Only accept Report-To headers on HTTPS connections that have no + // certificate errors. + // TODO(juliatuttle): Do we need to check cert status? + const SSLInfo& ssl_info = response_info_->ssl_info; + if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status)) + return; + + HttpResponseHeaders* headers = GetResponseHeaders(); + std::string value; + if (!headers->GetNormalizedHeader("Report-To", &value)) + return; + + service->ProcessHeader(request_info_.url.GetOrigin(), value); +} + void URLRequestHttpJob::OnStartCompleted(int result) { TRACE_EVENT0(kNetTracingCategory, "URLRequestHttpJob::OnStartCompleted"); RecordTimer(); @@ -1064,22 +1082,31 @@ std::unique_ptr<SourceStream> URLRequestHttpJob::SetUpSourceStream() { std::vector<SourceStream::SourceType> types; size_t iter = 0; while (headers->EnumerateHeader(&iter, "Content-Encoding", &type)) { - if (base::LowerCaseEqualsASCII(type, kBrotli)) { - types.push_back(SourceStream::TYPE_BROTLI); - } else if (base::LowerCaseEqualsASCII(type, kDeflate)) { - types.push_back(SourceStream::TYPE_DEFLATE); - } else if (base::LowerCaseEqualsASCII(type, kGZip) || - base::LowerCaseEqualsASCII(type, kXGZip)) { - types.push_back(SourceStream::TYPE_GZIP); - } else if (base::LowerCaseEqualsASCII(type, kSdch)) { + SourceStream::SourceType source_type = + FilterSourceStream::ParseEncodingType(type); + if (source_type == SourceStream::TYPE_SDCH && + !request()->context()->sdch_manager()) { // If SDCH support is not configured, pass through raw response. - if (!request()->context()->sdch_manager()) - return upstream; - types.push_back(SourceStream::TYPE_SDCH); - } else { - // Unknown encoding type. Pass through raw response body. return upstream; } + switch (source_type) { + case SourceStream::TYPE_BROTLI: + case SourceStream::TYPE_DEFLATE: + case SourceStream::TYPE_GZIP: + case SourceStream::TYPE_SDCH: + types.push_back(source_type); + break; + case SourceStream::TYPE_NONE: + // Identity encoding type. Pass through raw response body. + return upstream; + default: + // Unknown encoding type. Pass through raw response body. + // Despite of reporting to UMA, request will not be canceled; though + // it is expected that user will see malformed / garbage response. + FilterSourceStream::ReportContentDecodingFailed( + FilterSourceStream::TYPE_UNKNOWN); + return upstream; + } } // Sdch specific hacks: @@ -1119,6 +1146,8 @@ std::unique_ptr<SourceStream> URLRequestHttpJob::SetUpSourceStream() { break; case SourceStream::TYPE_NONE: case SourceStream::TYPE_INVALID: + case SourceStream::TYPE_REJECTED: + case SourceStream::TYPE_UNKNOWN: case SourceStream::TYPE_MAX: NOTREACHED(); return nullptr; diff --git a/chromium/net/url_request/url_request_http_job.h b/chromium/net/url_request/url_request_http_job.h index 26ad8d27975..bb6fc0c74cc 100644 --- a/chromium/net/url_request/url_request_http_job.h +++ b/chromium/net/url_request/url_request_http_job.h @@ -98,6 +98,10 @@ class NET_EXPORT_PRIVATE URLRequestHttpJob : public URLRequestJob { // when a connection violates the Expect CT policy. void ProcessExpectCTHeader(); + // Processes the Report-To header, if one exists. This header configures where + // the Reporting API (in //net/reporting) will send reports for the origin. + void ProcessReportToHeader(); + // |result| should be OK, or the request is canceled. void OnHeadersReceivedCallback(int result); void OnStartCompleted(int result); diff --git a/chromium/net/url_request/url_request_http_job_unittest.cc b/chromium/net/url_request/url_request_http_job_unittest.cc index 0519f2e5392..c0665d86df9 100644 --- a/chromium/net/url_request/url_request_http_job_unittest.cc +++ b/chromium/net/url_request/url_request_http_job_unittest.cc @@ -190,9 +190,7 @@ TEST_F(URLRequestHttpJobSetUpSourceTest, SdchNotAdvertisedGotSdchResponse) { request->Start(); base::RunLoop().Run(); - // Pass through the raw response the same way as if received unknown encoding. - EXPECT_EQ(OK, delegate_.request_status()); - EXPECT_EQ("Test Content", delegate_.data_received()); + EXPECT_EQ(ERR_CONTENT_DECODING_FAILED, delegate_.request_status()); } class URLRequestHttpJobTest : public ::testing::Test { @@ -1138,6 +1136,11 @@ class FakeWebSocketHandshakeStream : public WebSocketHandshakeStreamBase { return false; } + bool GetAlternativeService( + AlternativeService* alternative_service) const override { + return false; + } + void GetSSLInfo(SSLInfo* ssl_info) override {} void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info) override {} diff --git a/chromium/net/url_request/url_request_intercepting_job_factory.cc b/chromium/net/url_request/url_request_intercepting_job_factory.cc index 45a13fca3fc..f6aaca3ee32 100644 --- a/chromium/net/url_request/url_request_intercepting_job_factory.cc +++ b/chromium/net/url_request/url_request_intercepting_job_factory.cc @@ -76,10 +76,6 @@ bool URLRequestInterceptingJobFactory::IsHandledProtocol( return job_factory_->IsHandledProtocol(scheme); } -bool URLRequestInterceptingJobFactory::IsHandledURL(const GURL& url) const { - return job_factory_->IsHandledURL(url); -} - bool URLRequestInterceptingJobFactory::IsSafeRedirectTarget( const GURL& location) const { return job_factory_->IsSafeRedirectTarget(location); diff --git a/chromium/net/url_request/url_request_intercepting_job_factory.h b/chromium/net/url_request/url_request_intercepting_job_factory.h index f6bd70ec23b..652e8862a51 100644 --- a/chromium/net/url_request/url_request_intercepting_job_factory.h +++ b/chromium/net/url_request/url_request_intercepting_job_factory.h @@ -58,7 +58,6 @@ class NET_EXPORT URLRequestInterceptingJobFactory NetworkDelegate* network_delegate) const override; bool IsHandledProtocol(const std::string& scheme) const override; - bool IsHandledURL(const GURL& url) const override; bool IsSafeRedirectTarget(const GURL& location) const override; private: diff --git a/chromium/net/url_request/url_request_job_factory.h b/chromium/net/url_request/url_request_job_factory.h index 4df4cd717f7..bf7d7525dc4 100644 --- a/chromium/net/url_request/url_request_job_factory.h +++ b/chromium/net/url_request/url_request_job_factory.h @@ -58,8 +58,6 @@ class NET_EXPORT URLRequestJobFactory virtual bool IsHandledProtocol(const std::string& scheme) const = 0; - virtual bool IsHandledURL(const GURL& url) const = 0; - virtual bool IsSafeRedirectTarget(const GURL& location) const = 0; private: diff --git a/chromium/net/url_request/url_request_job_factory_impl.cc b/chromium/net/url_request/url_request_job_factory_impl.cc index 8fe47034255..367d885cf31 100644 --- a/chromium/net/url_request/url_request_job_factory_impl.cc +++ b/chromium/net/url_request/url_request_job_factory_impl.cc @@ -80,14 +80,6 @@ bool URLRequestJobFactoryImpl::IsHandledProtocol( URLRequestJobManager::GetInstance()->SupportsScheme(scheme); } -bool URLRequestJobFactoryImpl::IsHandledURL(const GURL& url) const { - if (!url.is_valid()) { - // We handle error cases. - return true; - } - return IsHandledProtocol(url.scheme()); -} - bool URLRequestJobFactoryImpl::IsSafeRedirectTarget( const GURL& location) const { DCHECK(CalledOnValidThread()); diff --git a/chromium/net/url_request/url_request_job_factory_impl.h b/chromium/net/url_request/url_request_job_factory_impl.h index a0d0c490acb..3ff3c9219f7 100644 --- a/chromium/net/url_request/url_request_job_factory_impl.h +++ b/chromium/net/url_request/url_request_job_factory_impl.h @@ -44,7 +44,6 @@ class NET_EXPORT URLRequestJobFactoryImpl : public URLRequestJobFactory { NetworkDelegate* network_delegate) const override; bool IsHandledProtocol(const std::string& scheme) const override; - bool IsHandledURL(const GURL& url) const override; bool IsSafeRedirectTarget(const GURL& location) const override; private: diff --git a/chromium/net/url_request/url_request_unittest.cc b/chromium/net/url_request/url_request_unittest.cc index 2e51d6ac73a..1eb97117963 100644 --- a/chromium/net/url_request/url_request_unittest.cc +++ b/chromium/net/url_request/url_request_unittest.cc @@ -92,6 +92,7 @@ #include "net/proxy/proxy_service.h" #include "net/quic/chromium/mock_crypto_client_stream_factory.h" #include "net/quic/chromium/quic_server_info.h" +#include "net/reporting/reporting_service.h" #include "net/socket/socket_test_util.h" #include "net/socket/ssl_client_socket.h" #include "net/ssl/channel_id_service.h" @@ -968,7 +969,8 @@ TEST_F(URLRequestTest, FileTestFullSpecifiedRange) { base::FilePath temp_path; EXPECT_TRUE(base::CreateTemporaryFile(&temp_path)); GURL temp_url = FilePathToFileURL(temp_path); - EXPECT_TRUE(base::WriteFile(temp_path, buffer.get(), buffer_size)); + EXPECT_EQ(static_cast<int>(buffer_size), + base::WriteFile(temp_path, buffer.get(), buffer_size)); int64_t file_size; EXPECT_TRUE(base::GetFileSize(temp_path, &file_size)); @@ -3421,8 +3423,10 @@ class TestSSLConfigService : public SSLConfigService { rev_checking_required_local_anchors_( rev_checking_required_local_anchors), token_binding_enabled_(token_binding_enabled), - min_version_(kDefaultSSLVersionMin) {} + min_version_(kDefaultSSLVersionMin), + max_version_(kDefaultSSLVersionMax) {} + void set_max_version(uint16_t version) { max_version_ = version; } void set_min_version(uint16_t version) { min_version_ = version; } // SSLConfigService: @@ -3432,9 +3436,8 @@ class TestSSLConfigService : public SSLConfigService { config->verify_ev_cert = ev_enabled_; config->rev_checking_required_local_anchors = rev_checking_required_local_anchors_; - if (min_version_) { - config->version_min = min_version_; - } + config->version_min = min_version_; + config->version_max = max_version_; if (token_binding_enabled_) { config->token_binding_params.push_back(TB_PARAM_ECDSAP256); } @@ -3449,6 +3452,7 @@ class TestSSLConfigService : public SSLConfigService { const bool rev_checking_required_local_anchors_; const bool token_binding_enabled_; uint16_t min_version_; + uint16_t max_version_; }; // TODO(svaldez): Update tests to use EmbeddedTestServer. @@ -6539,6 +6543,135 @@ TEST_F(URLRequestTestHTTP, ExpectCTHeader) { EXPECT_EQ(1u, reporter.num_failures()); } +namespace { + +class TestReportingService : public ReportingService { + public: + struct Header { + GURL url; + std::string header_value; + }; + + ~TestReportingService() override {} + + const std::vector<Header>& headers() { return headers_; } + + void QueueReport(const GURL& url, + const std::string& group, + const std::string& type, + std::unique_ptr<const base::Value> body) override { + NOTIMPLEMENTED(); + } + + void ProcessHeader(const GURL& url, + const std::string& header_value) override { + headers_.push_back({url, header_value}); + } + + private: + std::vector<Header> headers_; +}; + +std::unique_ptr<test_server::HttpResponse> SendReportToHeader( + const test_server::HttpRequest& request) { + std::unique_ptr<test_server::BasicHttpResponse> http_response( + new test_server::BasicHttpResponse); + http_response->set_code(HTTP_OK); + http_response->AddCustomHeader("Report-To", "foo"); + http_response->AddCustomHeader("Report-To", "bar"); + return std::move(http_response); +} + +} // namespace + +TEST_F(URLRequestTestHTTP, DontProcessReportToHeaderNoService) { + http_test_server()->RegisterRequestHandler(base::Bind(&SendReportToHeader)); + ASSERT_TRUE(http_test_server()->Start()); + GURL request_url = http_test_server()->GetURL("/"); + + TestNetworkDelegate network_delegate; + TestURLRequestContext context(true); + context.set_network_delegate(&network_delegate); + context.Init(); + + TestDelegate d; + std::unique_ptr<URLRequest> request( + context.CreateRequest(request_url, DEFAULT_PRIORITY, &d)); + request->Start(); + base::RunLoop().Run(); +} + +TEST_F(URLRequestTestHTTP, DontProcessReportToHeaderHTTP) { + http_test_server()->RegisterRequestHandler(base::Bind(&SendReportToHeader)); + ASSERT_TRUE(http_test_server()->Start()); + GURL request_url = http_test_server()->GetURL("/"); + + TestNetworkDelegate network_delegate; + TestReportingService reporting_service; + TestURLRequestContext context(true); + context.set_network_delegate(&network_delegate); + context.set_reporting_service(&reporting_service); + context.Init(); + + TestDelegate d; + std::unique_ptr<URLRequest> request( + context.CreateRequest(request_url, DEFAULT_PRIORITY, &d)); + request->Start(); + base::RunLoop().Run(); + + EXPECT_TRUE(reporting_service.headers().empty()); +} + +TEST_F(URLRequestTestHTTP, ProcessReportToHeaderHTTPS) { + EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS); + https_test_server.RegisterRequestHandler(base::Bind(&SendReportToHeader)); + ASSERT_TRUE(https_test_server.Start()); + GURL request_url = https_test_server.GetURL("/"); + + TestNetworkDelegate network_delegate; + TestReportingService reporting_service; + TestURLRequestContext context(true); + context.set_network_delegate(&network_delegate); + context.set_reporting_service(&reporting_service); + context.Init(); + + TestDelegate d; + std::unique_ptr<URLRequest> request( + context.CreateRequest(request_url, DEFAULT_PRIORITY, &d)); + request->Start(); + base::RunLoop().Run(); + + ASSERT_EQ(1u, reporting_service.headers().size()); + EXPECT_EQ(request_url, reporting_service.headers()[0].url); + EXPECT_EQ("foo, bar", reporting_service.headers()[0].header_value); +} + +TEST_F(URLRequestTestHTTP, DontProcessReportToHeaderInvalidHTTPS) { + EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS); + https_test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_MISMATCHED_NAME); + https_test_server.RegisterRequestHandler(base::Bind(&SendReportToHeader)); + ASSERT_TRUE(https_test_server.Start()); + GURL request_url = https_test_server.GetURL("/"); + + TestNetworkDelegate network_delegate; + TestReportingService reporting_service; + TestURLRequestContext context(true); + context.set_network_delegate(&network_delegate); + context.set_reporting_service(&reporting_service); + context.Init(); + + TestDelegate d; + d.set_allow_certificate_errors(true); + std::unique_ptr<URLRequest> request( + context.CreateRequest(request_url, DEFAULT_PRIORITY, &d)); + request->Start(); + base::RunLoop().Run(); + + EXPECT_TRUE(d.have_certificate_errors()); + EXPECT_TRUE(IsCertStatusError(request->ssl_info().cert_status)); + EXPECT_TRUE(reporting_service.headers().empty()); +} + #endif // !defined(OS_IOS) TEST_F(URLRequestTestHTTP, ContentTypeNormalizationTest) { @@ -9238,10 +9371,21 @@ TEST_F(HTTPSRequestTest, SSLSessionCacheShardTest) { class HTTPSFallbackTest : public testing::Test { public: - HTTPSFallbackTest() : context_(true) {} + HTTPSFallbackTest() + : scoped_task_scheduler_(base::MessageLoop::current()), context_(true) { + ssl_config_service_ = new TestSSLConfigService( + true /* check for EV */, false /* online revocation checking */, + false /* require rev. checking for local anchors */, + false /* token binding enabled */); + context_.set_ssl_config_service(ssl_config_service_.get()); + } ~HTTPSFallbackTest() override {} protected: + TestSSLConfigService* ssl_config_service() { + return ssl_config_service_.get(); + } + void DoFallbackTest(const SpawnedTestServer::SSLOptions& ssl_options) { DCHECK(!request_); context_.Init(); @@ -9260,15 +9404,25 @@ class HTTPSFallbackTest : public testing::Test { base::RunLoop().Run(); } + void ExpectConnection(int version) { + EXPECT_EQ(1, delegate_.response_started_count()); + EXPECT_NE(0, delegate_.bytes_received()); + EXPECT_EQ(version, SSLConnectionStatusToVersion( + request_->ssl_info().connection_status)); + } + void ExpectFailure(int error) { EXPECT_EQ(1, delegate_.response_started_count()); EXPECT_EQ(error, delegate_.request_status()); } private: + // Required by ChannelIDService. + base::test::ScopedTaskScheduler scoped_task_scheduler_; TestDelegate delegate_; TestURLRequestContext context_; std::unique_ptr<URLRequest> request_; + scoped_refptr<TestSSLConfigService> ssl_config_service_; }; // Tests the TLS 1.0 fallback doesn't happen. @@ -9293,6 +9447,30 @@ TEST_F(HTTPSFallbackTest, TLSv1_1NoFallback) { ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH); } +// Tests that TLS 1.3 interference results in a dedicated error code. +TEST_F(HTTPSFallbackTest, TLSv1_3Interference) { + SpawnedTestServer::SSLOptions ssl_options( + SpawnedTestServer::SSLOptions::CERT_OK); + ssl_options.tls_intolerant = + SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_3; + ssl_config_service()->set_max_version(SSL_PROTOCOL_VERSION_TLS1_3); + + ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); + ExpectFailure(ERR_SSL_VERSION_INTERFERENCE); +} + +// Tests that disabling TLS 1.3 leaves TLS 1.3 interference unnoticed. +TEST_F(HTTPSFallbackTest, TLSv1_3InterferenceDisableVersion) { + SpawnedTestServer::SSLOptions ssl_options( + SpawnedTestServer::SSLOptions::CERT_OK); + ssl_options.tls_intolerant = + SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_3; + ssl_config_service()->set_max_version(SSL_PROTOCOL_VERSION_TLS1_2); + + ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options)); + ExpectConnection(SSL_CONNECTION_VERSION_TLS1_2); +} + class HTTPSSessionTest : public testing::Test { public: HTTPSSessionTest() diff --git a/chromium/net/websockets/OWNERS b/chromium/net/websockets/OWNERS index 290a9177b5a..74c62dcea9d 100644 --- a/chromium/net/websockets/OWNERS +++ b/chromium/net/websockets/OWNERS @@ -2,4 +2,5 @@ tyoshino@chromium.org ricea@chromium.org yhirano@chromium.org +# TEAM: blink-network-dev@chromium.org # COMPONENT: Blink>Network>WebSockets diff --git a/chromium/net/websockets/websocket_basic_handshake_stream.cc b/chromium/net/websockets/websocket_basic_handshake_stream.cc index efe263ade36..c67eb4a838c 100644 --- a/chromium/net/websockets/websocket_basic_handshake_stream.cc +++ b/chromium/net/websockets/websocket_basic_handshake_stream.cc @@ -420,6 +420,11 @@ int64_t WebSocketBasicHandshakeStream::GetTotalSentBytes() const { return 0; } +bool WebSocketBasicHandshakeStream::GetAlternativeService( + AlternativeService* alternative_service) const { + return false; +} + bool WebSocketBasicHandshakeStream::GetLoadTimingInfo( LoadTimingInfo* load_timing_info) const { return state_.connection()->GetLoadTimingInfo(IsConnectionReused(), diff --git a/chromium/net/websockets/websocket_basic_handshake_stream.h b/chromium/net/websockets/websocket_basic_handshake_stream.h index dffe472ea0e..06bc3338090 100644 --- a/chromium/net/websockets/websocket_basic_handshake_stream.h +++ b/chromium/net/websockets/websocket_basic_handshake_stream.h @@ -61,6 +61,8 @@ class NET_EXPORT_PRIVATE WebSocketBasicHandshakeStream bool CanReuseConnection() const override; int64_t GetTotalReceivedBytes() const override; int64_t GetTotalSentBytes() const override; + bool GetAlternativeService( + AlternativeService* alternative_service) const override; bool GetLoadTimingInfo(LoadTimingInfo* load_timing_info) const override; void GetSSLInfo(SSLInfo* ssl_info) override; void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info) override; diff --git a/chromium/net/websockets/websocket_basic_stream.cc b/chromium/net/websockets/websocket_basic_stream.cc index e13e1eb7a97..3e8c7618ce6 100644 --- a/chromium/net/websockets/websocket_basic_stream.cc +++ b/chromium/net/websockets/websocket_basic_stream.cc @@ -14,6 +14,7 @@ #include "base/bind.h" #include "base/logging.h" +#include "base/metrics/histogram_macros.h" #include "base/numerics/safe_conversions.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" @@ -211,6 +212,7 @@ int WebSocketBasicStream::WriteEverything( buffer, callback)); if (result > 0) { + UMA_HISTOGRAM_COUNTS_100000("Net.WebSocket.DataUse.Upstream", result); buffer->DidConsume(result); } else { return result; @@ -230,6 +232,8 @@ void WebSocketBasicStream::OnWriteComplete( } DCHECK_NE(0, result); + UMA_HISTOGRAM_COUNTS_100000("Net.WebSocket.DataUse.Upstream", result); + buffer->DidConsume(result); result = WriteEverything(buffer, callback); if (result != ERR_IO_PENDING) @@ -245,6 +249,9 @@ int WebSocketBasicStream::HandleReadResult( return result; if (result == 0) return ERR_CONNECTION_CLOSED; + + UMA_HISTOGRAM_COUNTS_100000("Net.WebSocket.DataUse.Downstream", result); + std::vector<std::unique_ptr<WebSocketFrameChunk>> frame_chunks; if (!parser_.Decode(read_buffer_->data(), result, &frame_chunks)) return WebSocketErrorToNetError(parser_.websocket_error()); |